fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-27 22:33:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Show warning when a session is discarded due to invalid keys

Browse source
This commit is contained in:
Kijin Sung 2017-02-12 23:12:53 +09:00
parent 1a0e49dcfb
commit 4a4612938a
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
common/framework/session.php
View file

@ -68,6 +68,7 @@ class Session
// Do not start the session if it is already started.
if (self::$_started)
{
trigger_error('Session has already started', \E_USER_WARNING);
return false;
}
@ -96,6 +97,7 @@ class Session
// Start the PHP native session.
if (!session_start())
{
trigger_error('Session cannot be started', \E_USER_WARNING);
return false;
}
@ -124,6 +126,7 @@ class Session
elseif (!$relax_key_checks)
{
// Hacked session! Destroy everything.
trigger_error('Session is invalid (missing key 1)', \E_USER_WARNING);
$_SESSION = array();
$must_create = true;
self::destroyAutologinKeys();
@ -152,6 +155,7 @@ class Session
elseif (!$relax_key_checks)
{
// Hacked session! Destroy everything.
trigger_error('Session is invalid (missing key 2)', \E_USER_WARNING);
$_SESSION = array();
$must_create = true;
self::destroyAutologinKeys();
@ -171,6 +175,7 @@ class Session
// If a member is logged in, check if the current session is valid for the member_srl.
if (isset($_SESSION['RHYMIX']['login']) && $_SESSION['RHYMIX']['login'] && !self::isValid($_SESSION['RHYMIX']['login']))
{
trigger_error('Session failed validation checks for member_srl=' . intval($_SESSION['RHYMIX']['login']), \E_USER_WARNING);
$_SESSION['RHYMIX']['login'] = $_SESSION['member_srl'] = false;
$must_create = true;
}
@ -210,6 +215,10 @@ class Session
{
return true;
}
if (!Config::get('session.delay'))
{
return false;
}
// Start the session if it contains data.
if ($force || (count($_SESSION) && !headers_sent()))
@ -629,6 +638,7 @@ class Session
$validity_info = self::getValidityInfo($member_srl);
if ($validity_info->invalid_before && self::isStarted() && $_SESSION['RHYMIX']['last_login'] && $_SESSION['RHYMIX']['last_login'] < $validity_info->invalid_before)
{
trigger_error('Session is invalid for member_srl=' . intval($_SESSION['RHYMIX']['login']) . ' (expired timestamp)', \E_USER_WARNING);
return false;
}
@ -636,10 +646,12 @@ class Session
$member_info = getModel('member')->getMemberInfoByMemberSrl($member_srl);
if ($member_info->denied === 'Y')
{
trigger_error('Session is invalid for member_srl=' . intval($_SESSION['RHYMIX']['login']) . ' (denied)', \E_USER_WARNING);
return false;
}
if ($member_info->limit_date && substr($member_info->limit_date, 0, 8) >= date('Ymd'))
{
trigger_error('Session is invalid for member_srl=' . intval($_SESSION['RHYMIX']['login']) . ' (limited)', \E_USER_WARNING);
return false;
}