public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 05:15:55 +00:00
Code Issues Releases Wiki Activity

fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks

Browse Source
This commit is contained in:
Andrew Dolgov
2018-10-16 14:07:42 +03:00
parent d246fb9fe1
commit 5f66f872b6
3 changed files with 27 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
include/sessions.php
View File

@@ -45,7 +45,7 @@
__("Session failed to validate (schema version changed)");
return false;
}
$pdo = Db::pdo();
$pdo = Db::pdo();
if ($_SESSION["uid"]) {
@@ -59,21 +59,21 @@
// user not found
if ($row = $sth->fetch()) {
$pwd_hash = $row["pwd_hash"];
$pwd_hash = $row["pwd_hash"];
if ($pwd_hash != $_SESSION["pwd_hash"]) {
if ($pwd_hash != $_SESSION["pwd_hash"]) {
$_SESSION["login_error_msg"] =
__("Session failed to validate (password changed)");
$_SESSION["login_error_msg"] =
__("Session failed to validate (password changed)");
return false;
}
return false;
}
} else {
$_SESSION["login_error_msg"] =
__("Session failed to validate (user not found)");
$_SESSION["login_error_msg"] =
__("Session failed to validate (user not found)");
return false;
return false;
}
}
@@ -95,16 +95,16 @@
$sth->execute([$id]);
if ($row = $sth->fetch()) {
return base64_decode($row["data"]);
return base64_decode($row["data"]);
} else {
$expire = time() + $session_expire;
$expire = time() + $session_expire;
$sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
$sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
VALUES (?, '', ?)");
$sth->execute([$id, $expire]);
$sth->execute([$id, $expire]);
return "";
return "";
}
@@ -116,8 +116,17 @@
$data = base64_encode($data);
$expire = time() + $session_expire;
$sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
$sth->execute([$data, $expire, $id]);
$sth = Db::pdo()->prepare("SELECT id FROM ttrss_sessions WHERE id=?");
$sth->execute([$id]);
if ($row = $sth->fetch()) {
$sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
$sth->execute([$data, $expire, $id]);
} else {
$sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
VALUES (?, ?, ?)");
$sth->execute([$id, $data, $expire]);
}
return true;
}