use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324)

This commit is contained in:
Andrew Dolgov 2011-03-28 08:30:00 +04:00
parent f98252f27c
commit 3d72afa19a
10 changed files with 149 additions and 82 deletions

View File

@ -128,13 +128,9 @@
// Limits the amount of feeds daemon (or a cronjob) updates on one run // Limits the amount of feeds daemon (or a cronjob) updates on one run
define('ALLOW_REMOTE_USER_AUTH', false); define('ALLOW_REMOTE_USER_AUTH', false);
// Set to 'true' if you trust your web server's REMOTE_USER or // Set to 'true' if you trust your web server's REMOTE_USER
// REDIRECT_SSL_CLIENT_S_DN_CN environment variables to validate // environment variable that the user is logged in. This option can be
// that the user is logged in. This option can be used to integrate // used to integrate tt-rss with Apache's external authentication modules.
// tt-rss with Apache's external authentication modules or SSL
// client certificate authentication.
// Please note that REMOTE_USER takes precedence over SSL certificate
// information.
define('AUTO_LOGIN', false); define('AUTO_LOGIN', false);
// Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want // Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want

View File

@ -1757,11 +1757,29 @@
return true; return true;
} }
function get_remote_user() { function get_login_by_ssl_certificate($link) {
$remote_user = $_SERVER["REMOTE_USER"];
if (!$remote_user) $cert_serial = db_escape_string($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]);
$remote_user = $_SERVER["REDIRECT_SSL_CLIENT_S_DN_CN"];
if ($cert_serial) {
$result = db_query($link, "SELECT login FROM ttrss_user_prefs, ttrss_users
WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND
owner_uid = ttrss_users.id");
if (db_num_rows($result) != 0) {
return db_escape_string(db_fetch_result($result, 0, "login"));
}
}
return "";
}
function get_remote_user() {
$remote_user = "";
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH) {
$remote_user = $_SERVER["REMOTE_USER"];
}
return db_escape_string($remote_user); return db_escape_string($remote_user);
} }
@ -1781,10 +1799,14 @@
$pwd_hash2 = encrypt_password($password, $login); $pwd_hash2 = encrypt_password($password, $login);
$login = db_escape_string($login); $login = db_escape_string($login);
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH $remote_user = get_remote_user();
&& get_remote_user() && $login != "admin") {
$login = db_escape_string(get_remote_user()); if (!$remote_user)
$remote_user = get_login_by_ssl_certificate($link);
if ($remote_user && $login != "admin") {
$login = $remote_user;
$query = "SELECT id,login,access_level,pwd_hash $query = "SELECT id,login,access_level,pwd_hash
FROM ttrss_users WHERE FROM ttrss_users WHERE
@ -1974,8 +1996,12 @@
} }
if (!$_SESSION["uid"] || !validate_session($link)) { if (!$_SESSION["uid"] || !validate_session($link)) {
if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH $cert_login = get_login_by_ssl_certificate($link);
&& get_remote_user() && defined('AUTO_LOGIN') && AUTO_LOGIN) {
if ($cert_login) {
authenticate_user($link, $cert_login, null);
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
} else if (get_remote_user() && AUTO_LOGIN) {
authenticate_user($link, get_remote_user(), null); authenticate_user($link, get_remote_user(), null);
$_SESSION["ref_schema_version"] = get_schema_version($link, true); $_SESSION["ref_schema_version"] = get_schema_version($link, true);
} else { } else {

View File

@ -6,12 +6,12 @@
$subop = $_REQUEST["subop"]; $subop = $_REQUEST["subop"];
$prefs_blacklist = array("HIDE_FEEDLIST", "SYNC_COUNTERS", "ENABLE_LABELS", $prefs_blacklist = array("HIDE_FEEDLIST", "SYNC_COUNTERS", "ENABLE_LABELS",
"ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS", "ENABLE_FEED_ICONS", "ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS", "ENABLE_FEED_ICONS",
"ENABLE_OFFLINE_READING", "EXTENDED_FEEDLIST", "FEEDS_SORT_BY_UNREAD", "ENABLE_OFFLINE_READING", "EXTENDED_FEEDLIST", "FEEDS_SORT_BY_UNREAD",
"OPEN_LINKS_IN_NEW_WINDOW", "USER_STYLESHEET_URL", "ENABLE_FLASH_PLAYER"); "OPEN_LINKS_IN_NEW_WINDOW", "USER_STYLESHEET_URL", "ENABLE_FLASH_PLAYER");
$profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS",
"PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP",
"BLACKLISTED_TAGS", "ENABLE_FEED_ICONS", "ENABLE_API_ACCESS", "BLACKLISTED_TAGS", "ENABLE_FEED_ICONS", "ENABLE_API_ACCESS",
"UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL",
"MARK_UNREAD_ON_UPDATE", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE"); "MARK_UNREAD_ON_UPDATE", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE");
@ -47,18 +47,18 @@
$new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]); $new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]);
$active_uid = $_SESSION["uid"]; $active_uid = $_SESSION["uid"];
if ($old_pw && $new_pw) { if ($old_pw && $new_pw) {
$login = db_escape_string($_SERVER['PHP_AUTH_USER']); $login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$result = db_query($link, "SELECT id FROM ttrss_users WHERE $result = db_query($link, "SELECT id FROM ttrss_users WHERE
id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
pwd_hash = '$old_pw_hash2')"); pwd_hash = '$old_pw_hash2')");
if (db_num_rows($result) == 1) { if (db_num_rows($result) == 1) {
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
WHERE id = '$active_uid'"); WHERE id = '$active_uid'");
$_SESSION["pwd_hash"] = $new_pw_hash; $_SESSION["pwd_hash"] = $new_pw_hash;
@ -81,7 +81,7 @@
$orig_theme = get_pref($link, "_THEME_ID"); $orig_theme = get_pref($link, "_THEME_ID");
foreach (array_keys($_POST) as $pref_name) { foreach (array_keys($_POST) as $pref_name) {
$pref_name = db_escape_string($pref_name); $pref_name = db_escape_string($pref_name);
$value = db_escape_string($_POST[$pref_name]); $value = db_escape_string($_POST[$pref_name]);
@ -119,10 +119,10 @@
$active_uid = $_SESSION["uid"]; $active_uid = $_SESSION["uid"];
db_query($link, "UPDATE ttrss_users SET email = '$email', db_query($link, "UPDATE ttrss_users SET email = '$email',
full_name = '$full_name' WHERE id = '$active_uid'"); full_name = '$full_name' WHERE id = '$active_uid'");
print __("Your personal data has been saved."); print __("Your personal data has been saved.");
return; return;
} else if ($subop == "reset-config") { } else if ($subop == "reset-config") {
@ -135,7 +135,7 @@
$profile_qpart = "profile IS NULL"; $profile_qpart = "profile IS NULL";
} }
db_query($link, "DELETE FROM ttrss_user_prefs db_query($link, "DELETE FROM ttrss_user_prefs
WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]); WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]);
initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]); initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
@ -164,8 +164,8 @@
new Ajax.Request('backend.php', { new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()), parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) { onComplete: function(transport) {
notify_callback2(transport); notify_callback2(transport);
} }); } });
} }
@ -176,7 +176,7 @@
$result = db_query($link, "SELECT email,full_name, $result = db_query($link, "SELECT email,full_name,
access_level FROM ttrss_users access_level FROM ttrss_users
WHERE id = ".$_SESSION["uid"]); WHERE id = ".$_SESSION["uid"]);
$email = htmlspecialchars(db_fetch_result($result, 0, "email")); $email = htmlspecialchars(db_fetch_result($result, 0, "email"));
$full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name")); $full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
@ -192,9 +192,9 @@
print "<tr><td width=\"40%\">".__('Access level')."</td>"; print "<tr><td width=\"40%\">".__('Access level')."</td>";
print "<td>" . $access_level_names[$access_level] . "</td></tr>"; print "<td>" . $access_level_names[$access_level] . "</td></tr>";
} }
print "</table>"; print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-email\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-email\">";
@ -207,7 +207,7 @@
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Authentication')."\">"; print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Authentication')."\">";
$result = db_query($link, "SELECT id FROM ttrss_users $result = db_query($link, "SELECT id FROM ttrss_users
WHERE id = ".$_SESSION["uid"]." AND pwd_hash WHERE id = ".$_SESSION["uid"]." AND pwd_hash
= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
if (db_num_rows($result) != 0) { if (db_num_rows($result) != 0) {
@ -223,7 +223,7 @@
new Ajax.Request('backend.php', { new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()), parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) { onComplete: function(transport) {
notify(''); notify('');
if (transport.responseText.indexOf('ERROR: ') == 0) { if (transport.responseText.indexOf('ERROR: ') == 0) {
notify_error(transport.responseText.replace('ERROR: ', '')); notify_error(transport.responseText.replace('ERROR: ', ''));
@ -238,12 +238,12 @@
</script>"; </script>";
print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td width=\"40%\">".__("Old password")."</td>"; print "<tr><td width=\"40%\">".__("Old password")."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
print "<tr><td width=\"40%\">".__("New password")."</td>"; print "<tr><td width=\"40%\">".__("New password")."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"
name=\"new_password\"></td></tr>"; name=\"new_password\"></td></tr>";
@ -252,7 +252,7 @@
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
print "</table>"; print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-password\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-password\">";
@ -278,11 +278,11 @@
$profile_qpart = "profile IS NULL"; $profile_qpart = "profile IS NULL";
} }
$result = db_query($link, "SELECT $result = db_query($link, "SELECT
ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name, ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
section_name,def_value,section_id section_name,def_value,section_id
FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
WHERE type_id = ttrss_prefs_types.id AND WHERE type_id = ttrss_prefs_types.id AND
$profile_qpart AND $profile_qpart AND
section_id = ttrss_prefs_sections.id AND section_id = ttrss_prefs_sections.id AND
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
@ -299,7 +299,7 @@
new Ajax.Request('backend.php', { new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()), parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) { onComplete: function(transport) {
var msg = transport.responseText; var msg = transport.responseText;
if (msg.match('PREFS_THEME_CHANGED')) { if (msg.match('PREFS_THEME_CHANGED')) {
window.location.reload(); window.location.reload();
@ -313,14 +313,14 @@
$lnum = 0; $lnum = 0;
$active_section = ""; $active_section = "";
while ($line = db_fetch_assoc($result)) { while ($line = db_fetch_assoc($result)) {
if (in_array($line["pref_name"], $prefs_blacklist)) { if (in_array($line["pref_name"], $prefs_blacklist)) {
continue; continue;
} }
if ($_SESSION["profile"] && in_array($line["pref_name"], if ($_SESSION["profile"] && in_array($line["pref_name"],
$profile_blacklist)) { $profile_blacklist)) {
continue; continue;
} }
@ -333,8 +333,8 @@
print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<table width=\"100%\" class=\"prefPrefsList\">";
$active_section = $line["section_name"]; $active_section = $line["section_name"];
print "<tr><td colspan=\"3\"><h3>".__($active_section)."</h3></td></tr>"; print "<tr><td colspan=\"3\"><h3>".__($active_section)."</h3></td></tr>";
if ($line["section_id"] == 2) { if ($line["section_id"] == 2) {
@ -345,7 +345,7 @@
print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">"; print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">";
print "<option value='Default'>".__('Default')."</option>"; print "<option value='Default'>".__('Default')."</option>";
print "<option value='----------------' disabled=\"1\">--------</option>"; print "<option value='----------------' disabled=\"1\">--------</option>";
foreach ($themes as $t) { foreach ($themes as $t) {
$base = $t['base']; $base = $t['base'];
@ -360,7 +360,7 @@
print "<option $selected value='$base'>$name</option>"; print "<option $selected value='$base'>$name</option>";
} }
print "</select></td></tr>"; print "</select></td></tr>";
} }
@ -383,7 +383,7 @@
print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]); print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]);
if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>"; if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>";
print "</td>"; print "</td>";
print "<td class=\"prefValue\">"; print "<td class=\"prefValue\">";
@ -402,14 +402,14 @@
$limits = array(15, 30, 45, 60); $limits = array(15, 30, 45, 60);
print_select($pref_name, $value, $limits, print_select($pref_name, $value, $limits,
'dojoType="dijit.form.Select"'); 'dojoType="dijit.form.Select"');
} else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") { } else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
global $update_intervals_nodefault; global $update_intervals_nodefault;
print_select_hash($pref_name, $value, $update_intervals_nodefault, print_select_hash($pref_name, $value, $update_intervals_nodefault,
'dojoType="dijit.form.Select"'); 'dojoType="dijit.form.Select"');
} else if ($type_name == "bool") { } else if ($type_name == "bool") {
@ -432,6 +432,20 @@
required=\"1\" $regexp required=\"1\" $regexp
name=\"$pref_name\" value=\"$value\">"; name=\"$pref_name\" value=\"$value\">";
} else if ($pref_name == "SSL_CERT_SERIAL") {
print "<input dojoType=\"dijit.form.ValidationTextBox\"
id=\"SSL_CERT_SERIAL\"
name=\"$pref_name\" value=\"$value\">";
$cert_serial = htmlspecialchars($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]);
if ($cert_serial) {
print " <button dojoType=\"dijit.form.Button\"
onclick=\"insertSSLserial('$cert_serial')\">" .
__('Fill automatically') . "</button>";
}
} else { } else {
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : ''; $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';

View File

@ -1693,3 +1693,11 @@ function customizeCSS() {
exception_error("customizeCSS", e); exception_error("customizeCSS", e);
} }
} }
function insertSSLserial(value) {
try {
dijit.byId("SSL_CERT_SERIAL").attr('value', value);
} catch (e) {
exception_error("insertSSLcerial", e);
}
}

View File

@ -2,7 +2,7 @@
require_once "functions.php"; require_once "functions.php";
define('EXPECTED_CONFIG_VERSION', 21); define('EXPECTED_CONFIG_VERSION', 21);
define('SCHEMA_VERSION', 81); define('SCHEMA_VERSION', 82);
if (!file_exists("config.php")) { if (!file_exists("config.php")) {
print "<b>Fatal Error</b>: You forgot to copy print "<b>Fatal Error</b>: You forgot to copy

View File

@ -258,7 +258,7 @@ create table ttrss_tags (id integer primary key auto_increment,
create table ttrss_version (schema_version int not null) TYPE=InnoDB DEFAULT CHARSET=UTF8; create table ttrss_version (schema_version int not null) TYPE=InnoDB DEFAULT CHARSET=UTF8;
insert into ttrss_version values (81); insert into ttrss_version values (82);
create table ttrss_enclosures (id integer primary key auto_increment, create table ttrss_enclosures (id integer primary key auto_increment,
content_url text not null, content_url text not null,
@ -391,6 +391,8 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1); insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1);
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.');
create table ttrss_user_prefs ( create table ttrss_user_prefs (
owner_uid integer not null, owner_uid integer not null,
pref_name varchar(250), pref_name varchar(250),

View File

@ -229,7 +229,7 @@ create index ttrss_tags_post_int_id_idx on ttrss_tags(post_int_id);
create table ttrss_version (schema_version int not null); create table ttrss_version (schema_version int not null);
insert into ttrss_version values (81); insert into ttrss_version values (82);
create table ttrss_enclosures (id serial not null primary key, create table ttrss_enclosures (id serial not null primary key,
content_url text not null, content_url text not null,
@ -355,6 +355,8 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1); insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1);
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.');
create table ttrss_user_prefs ( create table ttrss_user_prefs (
owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE, owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE,
pref_name varchar(250) not null references ttrss_prefs(pref_name) ON DELETE CASCADE, pref_name varchar(250) not null references ttrss_prefs(pref_name) ON DELETE CASCADE,

View File

@ -0,0 +1,7 @@
begin;
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.');
update ttrss_version set schema_version = 82;
commit;

View File

@ -0,0 +1,7 @@
begin;
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.');
update ttrss_version set schema_version = 82;
commit;

View File

@ -7,28 +7,33 @@
$session_expire = SESSION_EXPIRE_TIME; //seconds $session_expire = SESSION_EXPIRE_TIME; //seconds
$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME; $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
if ($_SERVER['HTTPS'] == "on") {
$session_name .= "_ssl";
ini_set("session.cookie_secure", true);
}
ini_set("session.gc_probability", 50); ini_set("session.gc_probability", 50);
ini_set("session.name", $session_name); ini_set("session.name", $session_name);
ini_set("session.use_only_cookies", true); ini_set("session.use_only_cookies", true);
ini_set("session.gc_maxlifetime", SESSION_EXPIRE_TIME); ini_set("session.gc_maxlifetime", SESSION_EXPIRE_TIME);
function ttrss_open ($s, $n) { function ttrss_open ($s, $n) {
global $session_connection; global $session_connection;
$session_connection = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); $session_connection = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
return true; return true;
} }
function ttrss_read ($id){ function ttrss_read ($id){
global $session_connection,$session_read; global $session_connection,$session_read;
$query = "SELECT data FROM ttrss_sessions WHERE id='$id'"; $query = "SELECT data FROM ttrss_sessions WHERE id='$id'";
$res = db_query($session_connection, $query); $res = db_query($session_connection, $query);
if (db_num_rows($res) != 1) { if (db_num_rows($res) != 1) {
return ""; return "";
} else { } else {
@ -39,61 +44,61 @@
} }
function ttrss_write ($id, $data) { function ttrss_write ($id, $data) {
if (! $data) { if (! $data) {
return false; return false;
} }
global $session_connection, $session_read, $session_expire; global $session_connection, $session_read, $session_expire;
$expire = time() + $session_expire; $expire = time() + $session_expire;
$data = db_escape_string(base64_encode($data), $session_connection); $data = db_escape_string(base64_encode($data), $session_connection);
if ($session_read) { if ($session_read) {
$query = "UPDATE ttrss_sessions SET data='$data', $query = "UPDATE ttrss_sessions SET data='$data',
expire='$expire' WHERE id='$id'"; expire='$expire' WHERE id='$id'";
} else { } else {
$query = "INSERT INTO ttrss_sessions (id, data, expire) $query = "INSERT INTO ttrss_sessions (id, data, expire)
VALUES ('$id', '$data', '$expire')"; VALUES ('$id', '$data', '$expire')";
} }
db_query($session_connection, $query); db_query($session_connection, $query);
return true; return true;
} }
function ttrss_close () { function ttrss_close () {
global $session_connection; global $session_connection;
db_close($session_connection); db_close($session_connection);
return true; return true;
} }
function ttrss_destroy ($id) { function ttrss_destroy ($id) {
global $session_connection; global $session_connection;
$query = "DELETE FROM ttrss_sessions WHERE id = '$id'"; $query = "DELETE FROM ttrss_sessions WHERE id = '$id'";
db_query($session_connection, $query); db_query($session_connection, $query);
return true; return true;
} }
function ttrss_gc ($expire) { function ttrss_gc ($expire) {
global $session_connection; global $session_connection;
$query = "DELETE FROM ttrss_sessions WHERE expire < " . time(); $query = "DELETE FROM ttrss_sessions WHERE expire < " . time();
db_query($session_connection, $query); db_query($session_connection, $query);
} }
if (DATABASE_BACKED_SESSIONS) { if (DATABASE_BACKED_SESSIONS) {
session_set_save_handler("ttrss_open", session_set_save_handler("ttrss_open",
"ttrss_close", "ttrss_read", "ttrss_write", "ttrss_close", "ttrss_read", "ttrss_write",
"ttrss_destroy", "ttrss_gc"); "ttrss_destroy", "ttrss_gc");
} }