From 53d646b5194d78425e43510a7d5e44008601b006 Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Sat, 20 Jul 2024 08:01:24 -0700
Subject: [PATCH] Try to improve session handling.

---
 Rocksolid_Light/rocksolid/article-flat.php |  9 +--
 Rocksolid_Light/rocksolid/article.php      |  1 -
 Rocksolid_Light/rocksolid/config.inc.php   | 11 ++-
 Rocksolid_Light/rocksolid/index.php        | 13 ++-
 Rocksolid_Light/rocksolid/newsportal.php   |  7 +-
 Rocksolid_Light/rocksolid/overboard.php    |  9 +--
 Rocksolid_Light/rocksolid/post.php         | 93 +++++++++++-----------
 Rocksolid_Light/rocksolid/search.php       | 13 +--
 Rocksolid_Light/rocksolid/thread.php       |  9 +--
 9 files changed, 81 insertions(+), 84 deletions(-)

diff --git a/Rocksolid_Light/rocksolid/article-flat.php b/Rocksolid_Light/rocksolid/article-flat.php
index d75fa93..337fee8 100644
--- a/Rocksolid_Light/rocksolid/article-flat.php
+++ b/Rocksolid_Light/rocksolid/article-flat.php
@@ -1,9 +1,4 @@
 <?php
-session_start();
-if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
-    $_SESSION['last_access'] = time();
-}
-
 header("Expires: " . gmdate("D, d M Y H:i:s", time() + (100)) . " GMT");
 header("Cache-Control: max-age=100");
 header("Pragma: cache");
@@ -11,6 +6,10 @@ header("Pragma: cache");
 include "config.inc.php";
 include "$file_newsportal";
 
+if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
+    $_SESSION['last_access'] = time();
+}
+
 $logfile = $logdir . '/newsportal.log';
 if (isset($_COOKIE['mail_name'])) {
     if ($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) {
diff --git a/Rocksolid_Light/rocksolid/article.php b/Rocksolid_Light/rocksolid/article.php
index bc659b6..b5101a6 100644
--- a/Rocksolid_Light/rocksolid/article.php
+++ b/Rocksolid_Light/rocksolid/article.php
@@ -1,5 +1,4 @@
 <?php
-session_start();
 header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600 * 24)) . " GMT");
 
 include "config.inc.php";
diff --git a/Rocksolid_Light/rocksolid/config.inc.php b/Rocksolid_Light/rocksolid/config.inc.php
index 38635ee..a7127ce 100644
--- a/Rocksolid_Light/rocksolid/config.inc.php
+++ b/Rocksolid_Light/rocksolid/config.inc.php
@@ -1,9 +1,12 @@
 <?php
-session_start();
-include "../common/config.inc.php";
-
 ini_set('memory_limit', '1536M');
-ini_set('session.gc_maxlifetime', 14400);
+if (!isset($_SESSION)) {
+    ini_set('session.gc_maxlifetime', 14400);
+    session_set_cookie_params(14400);
+    session_start();
+ }
+
+include "../common/config.inc.php";
 
 /*
  * Config file name should be the basename
diff --git a/Rocksolid_Light/rocksolid/index.php b/Rocksolid_Light/rocksolid/index.php
index d6a7863..dd0fca3 100644
--- a/Rocksolid_Light/rocksolid/index.php
+++ b/Rocksolid_Light/rocksolid/index.php
@@ -1,17 +1,16 @@
 <?php
-session_start();
-if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
-    $_SESSION['last_access'] = time();
-}
-
 header("Expires: " . gmdate("D, d M Y H:i:s", time() + (30)) . " GMT");
 header("Cache-Control: max-age=30");
 header("Pragma: cache");
 
-$_SESSION['isframed'] = 1;
-
 include "config.inc.php";
 include ("$file_newsportal");
+
+if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
+    $_SESSION['last_access'] = time();
+}
+$_SESSION['isframed'] = 1;
+
 if (isset($frames_on) && $frames_on === true) {
     ?>
 <script>
diff --git a/Rocksolid_Light/rocksolid/newsportal.php b/Rocksolid_Light/rocksolid/newsportal.php
index d44fc89..0607aae 100644
--- a/Rocksolid_Light/rocksolid/newsportal.php
+++ b/Rocksolid_Light/rocksolid/newsportal.php
@@ -1286,7 +1286,6 @@ function set_user_logged_in_cookies($name, $keys) {
         $key = openssl_random_pseudo_bytes(44);
         set_user_config($name, 'encryptionkey', base64_encode($key));
         file_put_contents($debug_log, "\n" . logging_prefix() . " Created encryptionkey for: " . $name, FILE_APPEND);
-
     }
 
     $name = trim($name);
@@ -1363,7 +1362,11 @@ function check_bbs_auth($username, $password)
             touch($userFilename);
             $ok = TRUE;
         } else {
-            file_put_contents($logfile, "\n" . logging_prefix() . " AUTH Failed for: " . $username . ' (password incorrect)', FILE_APPEND);
+            if(trim($password) == '') {
+                file_put_contents($logfile, "\n" . logging_prefix() . " AUTH Failed for: " . $username . ' (no password)', FILE_APPEND);
+            } else {
+                file_put_contents($logfile, "\n" . logging_prefix() . " AUTH Failed for: " . $username . ' (password incorrect)', FILE_APPEND);
+            }
             return FALSE;
         }
     } else {
diff --git a/Rocksolid_Light/rocksolid/overboard.php b/Rocksolid_Light/rocksolid/overboard.php
index 5aa506c..f070154 100644
--- a/Rocksolid_Light/rocksolid/overboard.php
+++ b/Rocksolid_Light/rocksolid/overboard.php
@@ -1,9 +1,4 @@
 <?php
-session_start();
-if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
-    $_SESSION['last_access'] = time();
-}
-
 header("Expires: " . gmdate("D, d M Y H:i:s", time() + (120)) . " GMT");
 header("Cache-Control: max-age=120");
 header("Pragma: cache");
@@ -32,6 +27,10 @@ header("Pragma: cache");
 include "config.inc.php";
 include "$file_newsportal";
 
+if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
+    $_SESSION['last_access'] = time();
+}
+
 if (isset($frames_on) && $frames_on === true) {
     ?>
 <script>
diff --git a/Rocksolid_Light/rocksolid/post.php b/Rocksolid_Light/rocksolid/post.php
index eeead27..72a3f40 100644
--- a/Rocksolid_Light/rocksolid/post.php
+++ b/Rocksolid_Light/rocksolid/post.php
@@ -22,39 +22,23 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  */
-session_start();
+include "config.inc.php";
+$CONFIG = include ($config_file);
+include $file_newsportal;
+
+include "head.inc";
+
+if (disable_page_by_user_agent($client_device, "bot", "Post")) {
+    echo "<center>Page Disabled</center>";
+    include "tail.inc";
+    exit();
+}
+
 if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
     $_SESSION['last_access'] = time();
 }
-include "config.inc.php";
-$CONFIG = include ($config_file);
-$logfile = $logdir . '/post.log';
 
-$ip_pass = false;
-if (! isset($_SESSION['remote_address'])) {
-    $_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR'];
-    $_SESSION['start_address'] = $_SESSION['remote_address'];
-    $ip_pass = true;
-} else {
-    if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
-        $ip_pass = false;
-    } else {
-        $ip_pass = true;
-    }
-}
-if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
-    $logged_in = true;
-} else {
-    $logged_in = false;
-}
-if ($CONFIG['anonuser'] == '1') {
-    $logged_in = false;
-}
-// This will log user post info (group and username)
-$enable_post_log = false;
-if ($OVERRIDES['enable_post_log'] > 0) {
-    $enable_post_log = $OVERRIDES['enable_post_log'];
-}
+$logfile = $logdir . '/post.log';
 
 @$fieldnamedecrypt = $_REQUEST['fielddecrypt'];
 @$newsgroups = $_REQUEST["newsgroups"];
@@ -68,6 +52,40 @@ if ($OVERRIDES['enable_post_log'] > 0) {
 @$references = $_REQUEST["references"];
 @$id = $_REQUEST["id"];
 
+// Load name from cookies
+if ($setcookies) {
+    if ((isset($_COOKIE["mail_name"])) && (! isset($name)))
+        $name = $_COOKIE["mail_name"];
+}
+
+$ip_pass = false;
+if (! isset($_SESSION['remote_address'])) {
+    $_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR'];
+    $_SESSION['start_address'] = $_SESSION['remote_address'];
+    $ip_pass = true;
+} else {
+    if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
+        $ip_pass = false;
+        file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
+    } else {
+        $ip_pass = true;
+    }
+}
+if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
+    $logged_in = true;
+} else {
+    $logged_in = false;
+    file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION auth expired or not exist for: " . $name, FILE_APPEND);
+}
+if ($CONFIG['anonuser'] == '1') {
+    $logged_in = false;
+}
+// This will log user post info (group and username)
+$enable_post_log = false;
+if ($OVERRIDES['enable_post_log'] > 0) {
+    $enable_post_log = $OVERRIDES['enable_post_log'];
+}
+
 $allow_ng_header_edit_post = true;
 $allow_ng_header_edit_reply = false;
 
@@ -119,15 +137,6 @@ if ((isset($post_server)) && ($post_server != ""))
 if ((isset($post_port)) && ($post_port != ""))
     $port = $post_port;
 
-include $file_newsportal;
-include "head.inc";
-
-if (disable_page_by_user_agent($client_device, "bot", "Post")) {
-    echo "<center>Page Disabled</center>";
-    include "tail.inc";
-    exit();
-}
-
 global $synchro_user, $synchro_pass;
 // check to which groups the user is allowed to post to
 $thisgroup = _rawurldecode($_REQUEST['group']);
@@ -167,14 +176,6 @@ if ((function_exists("npreg_group_has_read_access") && ! npreg_group_has_read_ac
     die("access denied");
 }
 
-// Load name from cookies
-if ($setcookies) {
-    if ((isset($_COOKIE["mail_name"])) && (! isset($name)))
-        $name = $_COOKIE["mail_name"];
-    // if ((isset($_COOKIE["cookie_email"])) && (!isset($email)))
-    // $email=$_COOKIE["cookie_email"];
-}
-
 // Load name and email from the registration system, if available
 if (function_exists("npreg_get_name")) {
     $name = npreg_get_name();
diff --git a/Rocksolid_Light/rocksolid/search.php b/Rocksolid_Light/rocksolid/search.php
index ea47e77..42b4ac2 100644
--- a/Rocksolid_Light/rocksolid/search.php
+++ b/Rocksolid_Light/rocksolid/search.php
@@ -1,6 +1,5 @@
 <?php
 session_cache_limiter('public');
-session_start();
 
 header("Expires: " . gmdate("D, d M Y H:i:s", time() + (120)) . " GMT");
 header("Cache-Control: max-age=120");
@@ -89,7 +88,6 @@ if ((! isset($_POST['key']) || ! password_verify($CONFIG['thissitekey'], $_POST[
     echo '</tr><tr>';
     echo '<td><input type="submit" name="Submit" value="Search"></td>';
     echo '</tr></table></td></form></tr></table>';
-
     // Block poster
     if (isset($_COOKIE['mail_name'])) {
         if (isset($_REQUEST['data'])) {
@@ -229,7 +227,7 @@ if (isset($search_group)) {
     echo '</tr></table>';
 }
 echo '<table cellpadding="0" cellspacing="0" class="np_buttonbar"><tr>';
-echo '<td class="np_ob_style_toggle">';
+echo '<td class="np_search_sort_toggle">';
 
 echo '<div style="float:right;">';
 if ($_REQUEST['searchpoint'] == 'body') {
@@ -398,15 +396,12 @@ function get_body_search($group, $terms)
         $dbh = null;
     }
     // do not perform a usort of an empty search result
-
-    if ($_SESSION['searchsort'] != 'date') {
-        if ($overview != null) {
+    if ($overview != null) {
+        if ($_SESSION['searchsort'] != 'date') {
             usort($overview, function ($a, $b) {
                 return $a['rank'] <=> $b['rank'];
             });
-        }
-    } else {
-        if ($overview != null) {
+        } else {
             usort($overview, function ($a, $b) {
                 return $b['date'] <=> $a['date'];
             });
diff --git a/Rocksolid_Light/rocksolid/thread.php b/Rocksolid_Light/rocksolid/thread.php
index d6909de..7afcb46 100644
--- a/Rocksolid_Light/rocksolid/thread.php
+++ b/Rocksolid_Light/rocksolid/thread.php
@@ -1,9 +1,4 @@
 <?php
-session_start();
-if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
-    $_SESSION['last_access'] = time();
-}
-
 header("Expires: " . gmdate("D, d M Y H:i:s", time() + (100)) . " GMT");
 header("Cache-Control: max-age=100");
 header("Pragma: cache");
@@ -13,6 +8,10 @@ $_SESSION['group'] = $_SERVER['REQUEST_URI'];
 include "config.inc.php";
 include ("$file_newsportal");
 
+if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
+    $_SESSION['last_access'] = time();
+}
+
 // register parameters
 $group = _rawurldecode($_REQUEST["group"]);
 if (isset($_REQUEST["first"]))