Andrew Dolgov
|
12bcf826e4
|
don't include config.php everywhere
|
2021-02-22 22:39:20 +03:00 |
Andrew Dolgov
|
e4107ac952
|
wip: initial for config object
|
2021-02-22 21:47:48 +03:00 |
Andrew Dolgov
|
be4e7b1340
|
fix several issues reported by phpstan
|
2021-02-22 14:41:09 +03:00 |
Andrew Dolgov
|
9d7ba773ec
|
move session-related functions to their own namespace
|
2021-02-16 17:13:16 +03:00 |
Andrew Dolgov
|
9f55454f63
|
remove the rest of db.php; rename some leftover methods in feeds
|
2021-02-15 16:51:35 +03:00 |
Andrew Dolgov
|
f2d3cba231
|
add HTTP_ACCEPT_LANGUAGE handling for php8
|
2021-02-12 21:20:04 +03:00 |
Andrew Dolgov
|
7874f6ac58
|
remove PHPMD.UnusedFormalParameter
|
2021-02-08 19:42:10 +03:00 |
Andrew Dolgov
|
6e774a58fe
|
more php8 fixes mostly related to login
|
2021-02-06 00:12:15 +03:00 |
Andrew Dolgov
|
da5deaaca1
|
set session.cookie_lifetime to 0 initially instead of a rather useless min()
|
2020-09-30 14:43:53 +03:00 |
Andrew Dolgov
|
57fac84516
|
rename gettext.inc to gettext.inc.php (cosmetic)
|
2020-09-17 18:56:29 +03:00 |
Andrew Dolgov
|
72d0fac80c
|
remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way
|
2019-12-18 14:27:40 +03:00 |
Andrew Dolgov
|
6fbf349155
|
add hidden _SKIP_SESSION_UA_CHECKS tunable
|
2019-04-11 16:15:55 +03:00 |
Andrew Dolgov
|
5f66f872b6
|
fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks
|
2018-10-16 14:07:42 +03:00 |
Andrew Dolgov
|
d246fb9fe1
|
remove session REMOTE_ADDR checks
|
2018-10-16 12:12:07 +03:00 |
Andrew Dolgov
|
5feed36a3c
|
do not use separate _ssl cookie for secure sessions
|
2018-10-15 15:48:37 +03:00 |
Andrew Dolgov
|
65e98f4086
|
force regenerate session id on successful login, remove previous blank SID check
|
2018-10-15 15:47:50 +03:00 |
Andrew Dolgov
|
74736fce0f
|
if empty session is autostarted because of a cookie, immediately destroy it
|
2018-10-15 14:53:35 +03:00 |
Andrew Dolgov
|
7d53c2b501
|
validate_session: bring back IP session binding (enabled by default) and UA checking
|
2018-10-15 08:26:07 +03:00 |
Andrew Dolgov
|
4d13514dd4
|
sessions: PDO
|
2017-12-01 14:48:23 +03:00 |
Andrew Dolgov
|
1b5b1e5fec
|
sessions: use is_server_https() for secure cookie setting
|
2017-07-17 07:33:43 +03:00 |
Natan Frei
|
e234ac8dcb
|
$_SERVER['HTTPS'] can be exists and 'off' for non-https connectios
|
2017-07-17 00:44:48 +03:00 |
Andrew Dolgov
|
09628e1b1a
|
rework previous 32 bit session stuff
|
2017-07-13 14:40:30 +03:00 |
Andrew Dolgov
|
b465c28ee0
|
sessions: clip max expiry value to a 32bit integer
|
2017-07-13 08:57:07 +03:00 |
Andrew Dolgov
|
ea79a0e033
|
remove some redundant php closing tags
|
2017-04-26 20:24:18 +03:00 |
Andrew Dolgov
|
7b55001eee
|
fix various issues reported by static analysis
update gitlab-ci config
|
2017-04-26 15:29:22 +03:00 |
Andrew Dolgov
|
33d131d699
|
ttrss_gc: return true
|
2015-12-07 15:25:31 +03:00 |
Andrew Dolgov
|
f5e66c439e
|
remove SESSION_CHECK_ADDRESS
|
2015-08-21 09:02:16 +03:00 |
Andrew Dolgov
|
ffc3a1e579
|
session: don't try to validate session schema version on empty sessions
|
2015-01-31 18:48:11 +03:00 |
Andrew Dolgov
|
3192fb43bc
|
do not invalidate session when version_static and user agent changes
|
2015-01-30 13:14:19 +03:00 |
Andrew Dolgov
|
04a8c2065f
|
better error reporting in session validation
|
2013-07-06 12:05:52 +04:00 |
Andrew Dolgov
|
3472c4c569
|
use static version for session checking, show latest changeset for git version instead of head date
|
2013-04-24 16:57:24 +04:00 |
Andrew Dolgov
|
6322ac79a0
|
remove $link
|
2013-04-17 16:48:41 +04:00 |
Andrew Dolgov
|
404e2e3603
|
more work on singleton-based DB
|
2013-04-17 15:36:48 +04:00 |
Andrew Dolgov
|
889a5f9f19
|
experimental SQL-based error logger
|
2013-04-16 19:41:31 +04:00 |
Andrew Dolgov
|
9ce7a5546c
|
implement some tweaks to session handling; properly remove session cookie if invalid/login failed
|
2013-04-04 15:33:14 +04:00 |
Andrew Dolgov
|
810205625b
|
session validation: check for tt-rss version
|
2013-04-04 12:55:15 +04:00 |
Andrew Dolgov
|
6f431804a9
|
remove session check/destroy stuff, looks problematic
|
2013-04-03 19:13:23 +04:00 |
Andrew Dolgov
|
c35b6d8e14
|
initialize session connection in ttrss_open but define session_connection in global context
|
2013-04-02 14:04:47 +04:00 |
Andrew Dolgov
|
168680976f
|
sessions: initialize connection on include, not in ttrss_open
|
2013-04-02 13:58:08 +04:00 |
Ryan Parrish
|
f4bae03a6e
|
Merge branch 'master' of https://github.com/stickystyle/Tiny-Tiny-RSS
|
2013-04-01 10:41:20 -04:00 |
Ryan Parrish
|
7081aaa09b
|
add missing gettext libs
|
2013-04-01 10:40:28 -04:00 |
Andrew Dolgov
|
837ec70e3e
|
validate_session: check for user agent
|
2013-04-01 18:22:07 +04:00 |
Andrew Dolgov
|
e9b7469233
|
validate session on startup
|
2013-03-31 13:10:46 +04:00 |
Andrew Dolgov
|
8f49a2257b
|
fix stuff broken by previous pull
|
2013-03-29 19:20:46 +04:00 |
all
|
48ec0b8526
|
Check that $_SESSION["uid"] is defined before checking value
|
2013-03-29 15:17:38 +01:00 |
Andrew Dolgov
|
2137d67496
|
sessions: properly check for cookie being set
|
2013-03-28 12:40:56 +04:00 |
Andrew Dolgov
|
6cfd3c149c
|
remove SESSION_EXPIRE_TIME
|
2013-03-28 10:06:16 +04:00 |
Andrew Dolgov
|
f231f438ba
|
reimplement remember_me
|
2013-03-28 09:48:58 +04:00 |
Andrew Dolgov
|
60ed4c9ad5
|
add yet another workaround for stuck login due to session cookies
|
2013-03-28 09:09:41 +04:00 |
Andrew Dolgov
|
5160620c8a
|
only autostart session if login cookie exists
|
2013-03-28 08:06:21 +04:00 |