fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-03 16:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix all functions relying on domain from Session::_getParams()

Browse source
This commit is contained in:
Kijin Sung 2020-04-05 14:33:39 +09:00
parent 99bab256b3
commit dc9c137243
1 changed files with 19 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

36
common/framework/session.php
View file

@ -75,6 +75,7 @@ class Session
// Set session parameters.
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams();
$alt_domain = $domain ?: preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
$ssl_only = (\RX_SSL && config('session.use_ssl')) ? true : false;
ini_set('session.gc_maxlifetime', $lifetime + 28800);
ini_set('session.use_cookies', 1);
@ -126,15 +127,15 @@ class Session
// Validate the HTTP key.
if (isset($_SESSION['RHYMIX']) && $_SESSION['RHYMIX'])
{
if (!isset($_SESSION['RHYMIX']['keys'][$domain]) && config('use_sso'))
if (!isset($_SESSION['RHYMIX']['keys'][$alt_domain]) && config('use_sso'))
{
$must_refresh = true;
}
elseif ($_SESSION['RHYMIX']['keys'][$domain]['key1'] === $key1 && $key1 !== null)
elseif ($_SESSION['RHYMIX']['keys'][$alt_domain]['key1'] === $key1 && $key1 !== null)
{
// OK
}
elseif ($_SESSION['RHYMIX']['keys'][$domain]['key1_prev'] === $key1 && $key1 !== null)
elseif ($_SESSION['RHYMIX']['keys'][$alt_domain]['key1_prev'] === $key1 && $key1 !== null)
{
$must_resend_keys = true;
}
@ -155,15 +156,15 @@ class Session
// Validate the SSL key.
if (!$must_create && \RX_SSL)
{
if (!isset($_SESSION['RHYMIX']['keys'][$domain]['key2']))
if (!isset($_SESSION['RHYMIX']['keys'][$alt_domain]['key2']))
{
$must_refresh = true;
}
elseif ($_SESSION['RHYMIX']['keys'][$domain]['key2'] === $key2 && $key2 !== null)
elseif ($_SESSION['RHYMIX']['keys'][$alt_domain]['key2'] === $key2 && $key2 !== null)
{
// OK
}
elseif ($_SESSION['RHYMIX']['keys'][$domain]['key2_prev'] === $key2 && $key2 !== null)
elseif ($_SESSION['RHYMIX']['keys'][$alt_domain]['key2_prev'] === $key2 && $key2 !== null)
{
$must_resend_keys = true;
}
@ -178,11 +179,11 @@ class Session
}
// Check the refresh interval.
if (!$must_create && $_SESSION['RHYMIX']['keys'][$domain]['key1_time'] < time() - $refresh_interval && !$relax_key_checks)
if (!$must_create && $_SESSION['RHYMIX']['keys'][$alt_domain]['key1_time'] < time() - $refresh_interval && !$relax_key_checks)
{
$must_refresh = true;
}
elseif (!$must_create && \RX_SSL && $_SESSION['RHYMIX']['keys'][$domain]['key2_time'] < time() - $refresh_interval && !$relax_key_checks)
elseif (!$must_create && \RX_SSL && $_SESSION['RHYMIX']['keys'][$alt_domain]['key2_time'] < time() - $refresh_interval && !$relax_key_checks)
{
$must_refresh = true;
}
@ -436,7 +437,7 @@ class Session
public static function refresh()
{
// Get session parameters.
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams();
$domain = self::getDomain() ?: preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
// Set the domain initialization timestamp.
if (!isset($_SESSION['RHYMIX']['keys'][$domain]['started']))
@ -643,7 +644,7 @@ class Session
public static function isTrusted()
{
// Get session parameters.
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams();
$domain = self::getDomain() ?: preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
// Check the 'trusted' parameter.
if ($_SESSION['RHYMIX']['keys'][$domain]['trusted'] > time())
@ -845,7 +846,7 @@ class Session
public static function setTrusted($duration = 300)
{
// Get session parameters.
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams();
$domain = self::getDomain() ?: preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
// Update the 'trusted' parameter if the current user is logged in.
if (isset($_SESSION['RHYMIX']['keys'][$domain]) && $_SESSION['RHYMIX']['login'])
@ -1089,14 +1090,15 @@ class Session
{
// Get session parameters.
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams();
$alt_domain = $domain ?: preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
$lifetime = $lifetime ? ($lifetime + time()) : 0;
$ssl_only = (\RX_SSL && config('session.use_ssl')) ? true : false;
// Set or destroy the HTTP-only key.
if (isset($_SESSION['RHYMIX']['keys'][$domain]['key1']))
if (isset($_SESSION['RHYMIX']['keys'][$alt_domain]['key1']))
{
setcookie('rx_sesskey1', $_SESSION['RHYMIX']['keys'][$domain]['key1'], $lifetime, $path, $domain, $ssl_only, true);
$_COOKIE['rx_sesskey1'] = $_SESSION['RHYMIX']['keys'][$domain]['key1'];
setcookie('rx_sesskey1', $_SESSION['RHYMIX']['keys'][$alt_domain]['key1'], $lifetime, $path, $domain, $ssl_only, true);
$_COOKIE['rx_sesskey1'] = $_SESSION['RHYMIX']['keys'][$alt_domain]['key1'];
}
else
{
@ -1105,10 +1107,10 @@ class Session
}
// Set the HTTPS-only key.
if (\RX_SSL && isset($_SESSION['RHYMIX']['keys'][$domain]['key2']))
if (\RX_SSL && isset($_SESSION['RHYMIX']['keys'][$alt_domain]['key2']))
{
setcookie('rx_sesskey2', $_SESSION['RHYMIX']['keys'][$domain]['key2'], $lifetime, $path, $domain, true, true);
$_COOKIE['rx_sesskey2'] = $_SESSION['RHYMIX']['keys'][$domain]['key2'];
setcookie('rx_sesskey2', $_SESSION['RHYMIX']['keys'][$alt_domain]['key2'], $lifetime, $path, $domain, true, true);
$_COOKIE['rx_sesskey2'] = $_SESSION['RHYMIX']['keys'][$alt_domain]['key2'];
}
// Delete conflicting domain cookies.