New session authentication, should fix bugs #1483951 and #1484299; testing required

git-svn-id: https://svn.roundcube.net/trunk@521 208e9e7b-5314-0410-a742-e7e81cd9613c
author: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2007-03-27 09:34:30 +0000
committer: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2007-03-27 09:34:30 +0000
commit: 2bb5905d9d29823c3cf184034423149609ba345c (patch)
tree: 67e62a5516e2700381c83eaf6a38b2efda5e3946 /roundcubemail/program/include/session.inc
parent: aa87da0d37b0cde40301afdc83ef7c4ef9069779 (diff)
1 files changed, 36 insertions, 1 deletions
diff --git a/roundcubemail/program/include/session.inc b/roundcubemail/program/include/session.inc
index 6c4687e68..59631afe1 100644
--- a/roundcubemail/program/include/session.inc
+++ b/roundcubemail/program/include/session.inc
@@ -36,7 +36,10 @@ function sess_close()
 // read session data
 function sess_read($key)
   {
-  global $DB, $SESS_CHANGED;
+  global $DB, $SESS_CHANGED, $SESS_CLIENT_IP;
+  
+  if ($DB->is_error())
+    return FALSE;
   
   $sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed
                             FROM ".get_table_name('session')."
@@ -46,6 +49,7 @@ function sess_read($key)
   if ($sql_arr = $DB->fetch_assoc($sql_result))
     {
     $SESS_CHANGED = $sql_arr['changed'];
+    $SESS_CLIENT_IP = $sql_arr['ip'];
 
     if (strlen($sql_arr['vars']))
       return $sql_arr['vars'];
@@ -59,6 +63,9 @@ function sess_read($key)
 function sess_write($key, $vars)
   {
   global $DB;
+  
+  if ($DB->is_error())
+    return FALSE;
 
   $sql_result = $DB->query("SELECT 1
                             FROM ".get_table_name('session')."
@@ -96,6 +103,9 @@ function sess_destroy($key)
   {
   global $DB;
   
+  if ($DB->is_error())
+    return FALSE;
+  
   // delete session entries in cache table
   $DB->query("DELETE FROM ".get_table_name('cache')."
               WHERE  session_id=?",
@@ -114,6 +124,9 @@ function sess_gc($maxlifetime)
   {
   global $DB;
 
+  if ($DB->is_error())
+    return FALSE;
+
   // get all expired sessions  
   $sql_result = $DB->query("SELECT sess_id
                             FROM ".get_table_name('session')."
@@ -144,6 +157,28 @@ function sess_gc($maxlifetime)
   }
 
 
+function sess_regenerate_id()
+  {
+  $randlen = 32;
+  $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+  $random = "";
+  for ($i=1; $i <= $randlen; $i++)
+    $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
+
+  // use md5 value for id or remove capitals from string $randval
+  $random = md5($random);
+
+  // delete old session record
+  sess_destroy(session_id());
+
+  session_id($random);
+  $cookie = session_get_cookie_params();
+  setcookie(session_name(), $random, $cookie['lifetime'], $cookie['path']);
+
+  return true;
+  }
+
+
 // set custom functions for PHP session management
 session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy', 'sess_gc');
author	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2007-03-27 09:34:30 +0000
committer	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2007-03-27 09:34:30 +0000
commit	2bb5905d9d29823c3cf184034423149609ba345c (patch)
tree	67e62a5516e2700381c83eaf6a38b2efda5e3946 /roundcubemail/program/include/session.inc
parent	aa87da0d37b0cde40301afdc83ef7c4ef9069779 (diff)