Commit Graph

70 Commits

Author SHA1 Message Date
Andrew Dolgov 9e8d69739f add two helper account access levels:
- read only - can't subscribe to more feeds, feed updates are skipped
 - disabled - can't login
define used access levels as UserHelper constants and refactor code to
use them instead of hardcoded numbers
2021-11-10 20:44:51 +03:00
Andrew Dolgov 44c5d0feba prolong PHP session cookie automatically to stop hard logouts after SESSION_COOKIE_LIFETIME expires 2021-06-25 12:12:05 +03:00
Andrew Dolgov e3c4724dc1 use database-backed sessions in single user mode 2021-05-11 19:21:53 +03:00
Andrew Dolgov fe06416f17 sessions: stop validating against hash of user agent because chromium is sending
different agent headers for whatever reason, example:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/88.0.4324.192 Safari/537.36

Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/88.0.4324.104 Safari/537.36

seems to be related, at least, to App.postOpenWindow() hack.
2021-03-05 12:27:23 +03:00
Andrew Dolgov 5eb0f3d640 bring back web dbupdate using new migrations system 2021-03-04 09:22:24 +03:00
Andrew Dolgov e19570f422 sessions: don't check schema version 2021-03-04 08:32:19 +03:00
Andrew Dolgov 8b1a2406e6 userhelper: use orm for a few more user-related things 2021-03-01 19:32:27 +03:00
Andrew Dolgov 7ef72fe0dc move startup checks to Config, set a bunch of @deprecated annotations 2021-03-01 10:20:21 +03:00
Andrew Dolgov a1ca62af50 cache schema version better 2021-02-25 21:42:05 +03:00
Andrew Dolgov efd196839a stop caching schema version entirely, fix some session_start() related warnings 2021-02-25 15:28:27 +03:00
Andrew Dolgov 85095f8a53 rename TTRSS_SESSION_NAME to SESSION_NAME 2021-02-23 17:01:25 +03:00
Andrew Dolgov 2ae0b7059f cleanup some defined-stuff 2021-02-23 09:01:27 +03:00
Andrew Dolgov 12bcf826e4 don't include config.php everywhere 2021-02-22 22:39:20 +03:00
Andrew Dolgov e4107ac952 wip: initial for config object 2021-02-22 21:47:48 +03:00
Andrew Dolgov be4e7b1340 fix several issues reported by phpstan 2021-02-22 14:41:09 +03:00
Andrew Dolgov 9d7ba773ec move session-related functions to their own namespace 2021-02-16 17:13:16 +03:00
Andrew Dolgov 9f55454f63 remove the rest of db.php; rename some leftover methods in feeds 2021-02-15 16:51:35 +03:00
Andrew Dolgov f2d3cba231 add HTTP_ACCEPT_LANGUAGE handling for php8 2021-02-12 21:20:04 +03:00
Andrew Dolgov 7874f6ac58 remove PHPMD.UnusedFormalParameter 2021-02-08 19:42:10 +03:00
Andrew Dolgov 6e774a58fe more php8 fixes mostly related to login 2021-02-06 00:12:15 +03:00
Andrew Dolgov da5deaaca1 set session.cookie_lifetime to 0 initially instead of a rather useless min() 2020-09-30 14:43:53 +03:00
Andrew Dolgov 57fac84516 rename gettext.inc to gettext.inc.php (cosmetic) 2020-09-17 18:56:29 +03:00
Andrew Dolgov 72d0fac80c remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way 2019-12-18 14:27:40 +03:00
Andrew Dolgov 6fbf349155 add hidden _SKIP_SESSION_UA_CHECKS tunable 2019-04-11 16:15:55 +03:00
Andrew Dolgov 5f66f872b6 fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks 2018-10-16 14:07:42 +03:00
Andrew Dolgov d246fb9fe1 remove session REMOTE_ADDR checks 2018-10-16 12:12:07 +03:00
Andrew Dolgov 5feed36a3c do not use separate _ssl cookie for secure sessions 2018-10-15 15:48:37 +03:00
Andrew Dolgov 65e98f4086 force regenerate session id on successful login, remove previous blank SID check 2018-10-15 15:47:50 +03:00
Andrew Dolgov 74736fce0f if empty session is autostarted because of a cookie, immediately destroy it 2018-10-15 14:53:35 +03:00
Andrew Dolgov 7d53c2b501 validate_session: bring back IP session binding (enabled by default) and UA checking 2018-10-15 08:26:07 +03:00
Andrew Dolgov 4d13514dd4 sessions: PDO 2017-12-01 14:48:23 +03:00
Andrew Dolgov 1b5b1e5fec sessions: use is_server_https() for secure cookie setting 2017-07-17 07:33:43 +03:00
Natan Frei e234ac8dcb $_SERVER['HTTPS'] can be exists and 'off' for non-https connectios 2017-07-17 00:44:48 +03:00
Andrew Dolgov 09628e1b1a rework previous 32 bit session stuff 2017-07-13 14:40:30 +03:00
Andrew Dolgov b465c28ee0 sessions: clip max expiry value to a 32bit integer 2017-07-13 08:57:07 +03:00
Andrew Dolgov ea79a0e033 remove some redundant php closing tags 2017-04-26 20:24:18 +03:00
Andrew Dolgov 7b55001eee fix various issues reported by static analysis
update gitlab-ci config
2017-04-26 15:29:22 +03:00
Andrew Dolgov 33d131d699 ttrss_gc: return true 2015-12-07 15:25:31 +03:00
Andrew Dolgov f5e66c439e remove SESSION_CHECK_ADDRESS 2015-08-21 09:02:16 +03:00
Andrew Dolgov ffc3a1e579 session: don't try to validate session schema version on empty sessions 2015-01-31 18:48:11 +03:00
Andrew Dolgov 3192fb43bc do not invalidate session when version_static and user agent changes 2015-01-30 13:14:19 +03:00
Andrew Dolgov 04a8c2065f better error reporting in session validation 2013-07-06 12:05:52 +04:00
Andrew Dolgov 3472c4c569 use static version for session checking, show latest changeset for git version instead of head date 2013-04-24 16:57:24 +04:00
Andrew Dolgov 6322ac79a0 remove $link 2013-04-17 16:48:41 +04:00
Andrew Dolgov 404e2e3603 more work on singleton-based DB 2013-04-17 15:36:48 +04:00
Andrew Dolgov 889a5f9f19 experimental SQL-based error logger 2013-04-16 19:41:31 +04:00
Andrew Dolgov 9ce7a5546c implement some tweaks to session handling; properly remove session cookie if invalid/login failed 2013-04-04 15:33:14 +04:00
Andrew Dolgov 810205625b session validation: check for tt-rss version 2013-04-04 12:55:15 +04:00
Andrew Dolgov 6f431804a9 remove session check/destroy stuff, looks problematic 2013-04-03 19:13:23 +04:00
Andrew Dolgov c35b6d8e14 initialize session connection in ttrss_open but define session_connection in global context 2013-04-02 14:04:47 +04:00