Try to improve session handling.

This commit is contained in:
Retro_Guy 2024-07-20 08:01:24 -07:00
parent c867de95dc
commit 53d646b519
9 changed files with 81 additions and 84 deletions

View File

@ -1,9 +1,4 @@
<?php <?php
session_start();
if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
$_SESSION['last_access'] = time();
}
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (100)) . " GMT"); header("Expires: " . gmdate("D, d M Y H:i:s", time() + (100)) . " GMT");
header("Cache-Control: max-age=100"); header("Cache-Control: max-age=100");
header("Pragma: cache"); header("Pragma: cache");
@ -11,6 +6,10 @@ header("Pragma: cache");
include "config.inc.php"; include "config.inc.php";
include "$file_newsportal"; include "$file_newsportal";
if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
$_SESSION['last_access'] = time();
}
$logfile = $logdir . '/newsportal.log'; $logfile = $logdir . '/newsportal.log';
if (isset($_COOKIE['mail_name'])) { if (isset($_COOKIE['mail_name'])) {
if ($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) { if ($userdata = get_user_mail_auth_data($_COOKIE['mail_name'])) {

View File

@ -1,5 +1,4 @@
<?php <?php
session_start();
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600 * 24)) . " GMT"); header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600 * 24)) . " GMT");
include "config.inc.php"; include "config.inc.php";

View File

@ -1,9 +1,12 @@
<?php <?php
session_start();
include "../common/config.inc.php";
ini_set('memory_limit', '1536M'); ini_set('memory_limit', '1536M');
if (!isset($_SESSION)) {
ini_set('session.gc_maxlifetime', 14400); ini_set('session.gc_maxlifetime', 14400);
session_set_cookie_params(14400);
session_start();
}
include "../common/config.inc.php";
/* /*
* Config file name should be the basename * Config file name should be the basename

View File

@ -1,17 +1,16 @@
<?php <?php
session_start();
if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
$_SESSION['last_access'] = time();
}
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (30)) . " GMT"); header("Expires: " . gmdate("D, d M Y H:i:s", time() + (30)) . " GMT");
header("Cache-Control: max-age=30"); header("Cache-Control: max-age=30");
header("Pragma: cache"); header("Pragma: cache");
$_SESSION['isframed'] = 1;
include "config.inc.php"; include "config.inc.php";
include ("$file_newsportal"); include ("$file_newsportal");
if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
$_SESSION['last_access'] = time();
}
$_SESSION['isframed'] = 1;
if (isset($frames_on) && $frames_on === true) { if (isset($frames_on) && $frames_on === true) {
?> ?>
<script> <script>

View File

@ -1286,7 +1286,6 @@ function set_user_logged_in_cookies($name, $keys) {
$key = openssl_random_pseudo_bytes(44); $key = openssl_random_pseudo_bytes(44);
set_user_config($name, 'encryptionkey', base64_encode($key)); set_user_config($name, 'encryptionkey', base64_encode($key));
file_put_contents($debug_log, "\n" . logging_prefix() . " Created encryptionkey for: " . $name, FILE_APPEND); file_put_contents($debug_log, "\n" . logging_prefix() . " Created encryptionkey for: " . $name, FILE_APPEND);
} }
$name = trim($name); $name = trim($name);
@ -1362,8 +1361,12 @@ function check_bbs_auth($username, $password)
if (password_verify($password, $userFileInfo)) { if (password_verify($password, $userFileInfo)) {
touch($userFilename); touch($userFilename);
$ok = TRUE; $ok = TRUE;
} else {
if(trim($password) == '') {
file_put_contents($logfile, "\n" . logging_prefix() . " AUTH Failed for: " . $username . ' (no password)', FILE_APPEND);
} else { } else {
file_put_contents($logfile, "\n" . logging_prefix() . " AUTH Failed for: " . $username . ' (password incorrect)', FILE_APPEND); file_put_contents($logfile, "\n" . logging_prefix() . " AUTH Failed for: " . $username . ' (password incorrect)', FILE_APPEND);
}
return FALSE; return FALSE;
} }
} else { } else {

View File

@ -1,9 +1,4 @@
<?php <?php
session_start();
if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
$_SESSION['last_access'] = time();
}
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (120)) . " GMT"); header("Expires: " . gmdate("D, d M Y H:i:s", time() + (120)) . " GMT");
header("Cache-Control: max-age=120"); header("Cache-Control: max-age=120");
header("Pragma: cache"); header("Pragma: cache");
@ -32,6 +27,10 @@ header("Pragma: cache");
include "config.inc.php"; include "config.inc.php";
include "$file_newsportal"; include "$file_newsportal";
if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
$_SESSION['last_access'] = time();
}
if (isset($frames_on) && $frames_on === true) { if (isset($frames_on) && $frames_on === true) {
?> ?>
<script> <script>

View File

@ -22,39 +22,23 @@
* along with this program; if not, write to the Free Software * along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/ */
session_start(); include "config.inc.php";
$CONFIG = include ($config_file);
include $file_newsportal;
include "head.inc";
if (disable_page_by_user_agent($client_device, "bot", "Post")) {
echo "<center>Page Disabled</center>";
include "tail.inc";
exit();
}
if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) { if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
$_SESSION['last_access'] = time(); $_SESSION['last_access'] = time();
} }
include "config.inc.php";
$CONFIG = include ($config_file);
$logfile = $logdir . '/post.log';
$ip_pass = false; $logfile = $logdir . '/post.log';
if (! isset($_SESSION['remote_address'])) {
$_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['start_address'] = $_SESSION['remote_address'];
$ip_pass = true;
} else {
if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
$ip_pass = false;
} else {
$ip_pass = true;
}
}
if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
$logged_in = true;
} else {
$logged_in = false;
}
if ($CONFIG['anonuser'] == '1') {
$logged_in = false;
}
// This will log user post info (group and username)
$enable_post_log = false;
if ($OVERRIDES['enable_post_log'] > 0) {
$enable_post_log = $OVERRIDES['enable_post_log'];
}
@$fieldnamedecrypt = $_REQUEST['fielddecrypt']; @$fieldnamedecrypt = $_REQUEST['fielddecrypt'];
@$newsgroups = $_REQUEST["newsgroups"]; @$newsgroups = $_REQUEST["newsgroups"];
@ -68,6 +52,40 @@ if ($OVERRIDES['enable_post_log'] > 0) {
@$references = $_REQUEST["references"]; @$references = $_REQUEST["references"];
@$id = $_REQUEST["id"]; @$id = $_REQUEST["id"];
// Load name from cookies
if ($setcookies) {
if ((isset($_COOKIE["mail_name"])) && (! isset($name)))
$name = $_COOKIE["mail_name"];
}
$ip_pass = false;
if (! isset($_SESSION['remote_address'])) {
$_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['start_address'] = $_SESSION['remote_address'];
$ip_pass = true;
} else {
if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
$ip_pass = false;
file_put_contents($auth_log, "\n" . logging_prefix() . " IP addresses changed for: " . $name, FILE_APPEND);
} else {
$ip_pass = true;
}
}
if ($ip_pass && (isset($_SESSION['pass']) && $_SESSION['pass'] === true)) {
$logged_in = true;
} else {
$logged_in = false;
file_put_contents($auth_log, "\n" . logging_prefix() . " SESSION auth expired or not exist for: " . $name, FILE_APPEND);
}
if ($CONFIG['anonuser'] == '1') {
$logged_in = false;
}
// This will log user post info (group and username)
$enable_post_log = false;
if ($OVERRIDES['enable_post_log'] > 0) {
$enable_post_log = $OVERRIDES['enable_post_log'];
}
$allow_ng_header_edit_post = true; $allow_ng_header_edit_post = true;
$allow_ng_header_edit_reply = false; $allow_ng_header_edit_reply = false;
@ -119,15 +137,6 @@ if ((isset($post_server)) && ($post_server != ""))
if ((isset($post_port)) && ($post_port != "")) if ((isset($post_port)) && ($post_port != ""))
$port = $post_port; $port = $post_port;
include $file_newsportal;
include "head.inc";
if (disable_page_by_user_agent($client_device, "bot", "Post")) {
echo "<center>Page Disabled</center>";
include "tail.inc";
exit();
}
global $synchro_user, $synchro_pass; global $synchro_user, $synchro_pass;
// check to which groups the user is allowed to post to // check to which groups the user is allowed to post to
$thisgroup = _rawurldecode($_REQUEST['group']); $thisgroup = _rawurldecode($_REQUEST['group']);
@ -167,14 +176,6 @@ if ((function_exists("npreg_group_has_read_access") && ! npreg_group_has_read_ac
die("access denied"); die("access denied");
} }
// Load name from cookies
if ($setcookies) {
if ((isset($_COOKIE["mail_name"])) && (! isset($name)))
$name = $_COOKIE["mail_name"];
// if ((isset($_COOKIE["cookie_email"])) && (!isset($email)))
// $email=$_COOKIE["cookie_email"];
}
// Load name and email from the registration system, if available // Load name and email from the registration system, if available
if (function_exists("npreg_get_name")) { if (function_exists("npreg_get_name")) {
$name = npreg_get_name(); $name = npreg_get_name();

View File

@ -1,6 +1,5 @@
<?php <?php
session_cache_limiter('public'); session_cache_limiter('public');
session_start();
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (120)) . " GMT"); header("Expires: " . gmdate("D, d M Y H:i:s", time() + (120)) . " GMT");
header("Cache-Control: max-age=120"); header("Cache-Control: max-age=120");
@ -89,7 +88,6 @@ if ((! isset($_POST['key']) || ! password_verify($CONFIG['thissitekey'], $_POST[
echo '</tr><tr>'; echo '</tr><tr>';
echo '<td><input type="submit" name="Submit" value="Search"></td>'; echo '<td><input type="submit" name="Submit" value="Search"></td>';
echo '</tr></table></td></form></tr></table>'; echo '</tr></table></td></form></tr></table>';
// Block poster // Block poster
if (isset($_COOKIE['mail_name'])) { if (isset($_COOKIE['mail_name'])) {
if (isset($_REQUEST['data'])) { if (isset($_REQUEST['data'])) {
@ -229,7 +227,7 @@ if (isset($search_group)) {
echo '</tr></table>'; echo '</tr></table>';
} }
echo '<table cellpadding="0" cellspacing="0" class="np_buttonbar"><tr>'; echo '<table cellpadding="0" cellspacing="0" class="np_buttonbar"><tr>';
echo '<td class="np_ob_style_toggle">'; echo '<td class="np_search_sort_toggle">';
echo '<div style="float:right;">'; echo '<div style="float:right;">';
if ($_REQUEST['searchpoint'] == 'body') { if ($_REQUEST['searchpoint'] == 'body') {
@ -398,15 +396,12 @@ function get_body_search($group, $terms)
$dbh = null; $dbh = null;
} }
// do not perform a usort of an empty search result // do not perform a usort of an empty search result
if ($_SESSION['searchsort'] != 'date') {
if ($overview != null) { if ($overview != null) {
if ($_SESSION['searchsort'] != 'date') {
usort($overview, function ($a, $b) { usort($overview, function ($a, $b) {
return $a['rank'] <=> $b['rank']; return $a['rank'] <=> $b['rank'];
}); });
}
} else { } else {
if ($overview != null) {
usort($overview, function ($a, $b) { usort($overview, function ($a, $b) {
return $b['date'] <=> $a['date']; return $b['date'] <=> $a['date'];
}); });

View File

@ -1,9 +1,4 @@
<?php <?php
session_start();
if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
$_SESSION['last_access'] = time();
}
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (100)) . " GMT"); header("Expires: " . gmdate("D, d M Y H:i:s", time() + (100)) . " GMT");
header("Cache-Control: max-age=100"); header("Cache-Control: max-age=100");
header("Pragma: cache"); header("Pragma: cache");
@ -13,6 +8,10 @@ $_SESSION['group'] = $_SERVER['REQUEST_URI'];
include "config.inc.php"; include "config.inc.php";
include ("$file_newsportal"); include ("$file_newsportal");
if (! isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60) {
$_SESSION['last_access'] = time();
}
// register parameters // register parameters
$group = _rawurldecode($_REQUEST["group"]); $group = _rawurldecode($_REQUEST["group"]);
if (isset($_REQUEST["first"])) if (isset($_REQUEST["first"]))