Andrew Dolgov
9e8d69739f
add two helper account access levels:
...
- read only - can't subscribe to more feeds, feed updates are skipped
- disabled - can't login
define used access levels as UserHelper constants and refactor code to
use them instead of hardcoded numbers
2021-11-10 20:44:51 +03:00
Andrew Dolgov
44c5d0feba
prolong PHP session cookie automatically to stop hard logouts after SESSION_COOKIE_LIFETIME expires
2021-06-25 12:12:05 +03:00
Andrew Dolgov
e3c4724dc1
use database-backed sessions in single user mode
2021-05-11 19:21:53 +03:00
Andrew Dolgov
fe06416f17
sessions: stop validating against hash of user agent because chromium is sending
...
different agent headers for whatever reason, example:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/88.0.4324.192 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/88.0.4324.104 Safari/537.36
seems to be related, at least, to App.postOpenWindow() hack.
2021-03-05 12:27:23 +03:00
Andrew Dolgov
5eb0f3d640
bring back web dbupdate using new migrations system
2021-03-04 09:22:24 +03:00
Andrew Dolgov
e19570f422
sessions: don't check schema version
2021-03-04 08:32:19 +03:00
Andrew Dolgov
8b1a2406e6
userhelper: use orm for a few more user-related things
2021-03-01 19:32:27 +03:00
Andrew Dolgov
7ef72fe0dc
move startup checks to Config, set a bunch of @deprecated annotations
2021-03-01 10:20:21 +03:00
Andrew Dolgov
a1ca62af50
cache schema version better
2021-02-25 21:42:05 +03:00
Andrew Dolgov
efd196839a
stop caching schema version entirely, fix some session_start() related warnings
2021-02-25 15:28:27 +03:00
Andrew Dolgov
85095f8a53
rename TTRSS_SESSION_NAME to SESSION_NAME
2021-02-23 17:01:25 +03:00
Andrew Dolgov
2ae0b7059f
cleanup some defined-stuff
2021-02-23 09:01:27 +03:00
Andrew Dolgov
12bcf826e4
don't include config.php everywhere
2021-02-22 22:39:20 +03:00
Andrew Dolgov
e4107ac952
wip: initial for config object
2021-02-22 21:47:48 +03:00
Andrew Dolgov
be4e7b1340
fix several issues reported by phpstan
2021-02-22 14:41:09 +03:00
Andrew Dolgov
9d7ba773ec
move session-related functions to their own namespace
2021-02-16 17:13:16 +03:00
Andrew Dolgov
9f55454f63
remove the rest of db.php; rename some leftover methods in feeds
2021-02-15 16:51:35 +03:00
Andrew Dolgov
f2d3cba231
add HTTP_ACCEPT_LANGUAGE handling for php8
2021-02-12 21:20:04 +03:00
Andrew Dolgov
7874f6ac58
remove PHPMD.UnusedFormalParameter
2021-02-08 19:42:10 +03:00
Andrew Dolgov
6e774a58fe
more php8 fixes mostly related to login
2021-02-06 00:12:15 +03:00
Andrew Dolgov
da5deaaca1
set session.cookie_lifetime to 0 initially instead of a rather useless min()
2020-09-30 14:43:53 +03:00
Andrew Dolgov
57fac84516
rename gettext.inc to gettext.inc.php (cosmetic)
2020-09-17 18:56:29 +03:00
Andrew Dolgov
72d0fac80c
remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way
2019-12-18 14:27:40 +03:00
Andrew Dolgov
6fbf349155
add hidden _SKIP_SESSION_UA_CHECKS tunable
2019-04-11 16:15:55 +03:00
Andrew Dolgov
5f66f872b6
fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks
2018-10-16 14:07:42 +03:00
Andrew Dolgov
d246fb9fe1
remove session REMOTE_ADDR checks
2018-10-16 12:12:07 +03:00
Andrew Dolgov
5feed36a3c
do not use separate _ssl cookie for secure sessions
2018-10-15 15:48:37 +03:00
Andrew Dolgov
65e98f4086
force regenerate session id on successful login, remove previous blank SID check
2018-10-15 15:47:50 +03:00
Andrew Dolgov
74736fce0f
if empty session is autostarted because of a cookie, immediately destroy it
2018-10-15 14:53:35 +03:00
Andrew Dolgov
7d53c2b501
validate_session: bring back IP session binding (enabled by default) and UA checking
2018-10-15 08:26:07 +03:00
Andrew Dolgov
4d13514dd4
sessions: PDO
2017-12-01 14:48:23 +03:00
Andrew Dolgov
1b5b1e5fec
sessions: use is_server_https() for secure cookie setting
2017-07-17 07:33:43 +03:00
Natan Frei
e234ac8dcb
$_SERVER['HTTPS'] can be exists and 'off' for non-https connectios
2017-07-17 00:44:48 +03:00
Andrew Dolgov
09628e1b1a
rework previous 32 bit session stuff
2017-07-13 14:40:30 +03:00
Andrew Dolgov
b465c28ee0
sessions: clip max expiry value to a 32bit integer
2017-07-13 08:57:07 +03:00
Andrew Dolgov
ea79a0e033
remove some redundant php closing tags
2017-04-26 20:24:18 +03:00
Andrew Dolgov
7b55001eee
fix various issues reported by static analysis
...
update gitlab-ci config
2017-04-26 15:29:22 +03:00
Andrew Dolgov
33d131d699
ttrss_gc: return true
2015-12-07 15:25:31 +03:00
Andrew Dolgov
f5e66c439e
remove SESSION_CHECK_ADDRESS
2015-08-21 09:02:16 +03:00
Andrew Dolgov
ffc3a1e579
session: don't try to validate session schema version on empty sessions
2015-01-31 18:48:11 +03:00
Andrew Dolgov
3192fb43bc
do not invalidate session when version_static and user agent changes
2015-01-30 13:14:19 +03:00
Andrew Dolgov
04a8c2065f
better error reporting in session validation
2013-07-06 12:05:52 +04:00
Andrew Dolgov
3472c4c569
use static version for session checking, show latest changeset for git version instead of head date
2013-04-24 16:57:24 +04:00
Andrew Dolgov
6322ac79a0
remove $link
2013-04-17 16:48:41 +04:00
Andrew Dolgov
404e2e3603
more work on singleton-based DB
2013-04-17 15:36:48 +04:00
Andrew Dolgov
889a5f9f19
experimental SQL-based error logger
2013-04-16 19:41:31 +04:00
Andrew Dolgov
9ce7a5546c
implement some tweaks to session handling; properly remove session cookie if invalid/login failed
2013-04-04 15:33:14 +04:00
Andrew Dolgov
810205625b
session validation: check for tt-rss version
2013-04-04 12:55:15 +04:00
Andrew Dolgov
6f431804a9
remove session check/destroy stuff, looks problematic
2013-04-03 19:13:23 +04:00
Andrew Dolgov
c35b6d8e14
initialize session connection in ttrss_open but define session_connection in global context
2013-04-02 14:04:47 +04:00