fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 10:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix all functions relying on domain from Session::_getParams()

Browse source
This commit is contained in:
Kijin Sung 2020-04-05 14:33:39 +09:00
parent 99bab256b3
commit dc9c137243
1 changed files with 19 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

36
common/framework/session.php
View file

@ -75,6 +75,7 @@ class Session
// Set session parameters. // Set session parameters.
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams(); list($lifetime, $refresh_interval, $domain, $path) = self::_getParams();
$alt_domain = $domain ?: preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
$ssl_only = (\RX_SSL && config('session.use_ssl')) ? true : false; $ssl_only = (\RX_SSL && config('session.use_ssl')) ? true : false;
ini_set('session.gc_maxlifetime', $lifetime + 28800); ini_set('session.gc_maxlifetime', $lifetime + 28800);
ini_set('session.use_cookies', 1); ini_set('session.use_cookies', 1);
@ -126,15 +127,15 @@ class Session
// Validate the HTTP key. // Validate the HTTP key.
if (isset($_SESSION['RHYMIX']) && $_SESSION['RHYMIX']) if (isset($_SESSION['RHYMIX']) && $_SESSION['RHYMIX'])
{ {
if (!isset($_SESSION['RHYMIX']['keys'][$domain]) && config('use_sso')) if (!isset($_SESSION['RHYMIX']['keys'][$alt_domain]) && config('use_sso'))
{ {
$must_refresh = true; $must_refresh = true;
} }
elseif ($_SESSION['RHYMIX']['keys'][$domain]['key1'] === $key1 && $key1 !== null) elseif ($_SESSION['RHYMIX']['keys'][$alt_domain]['key1'] === $key1 && $key1 !== null)
{ {
// OK // OK
} }
elseif ($_SESSION['RHYMIX']['keys'][$domain]['key1_prev'] === $key1 && $key1 !== null) elseif ($_SESSION['RHYMIX']['keys'][$alt_domain]['key1_prev'] === $key1 && $key1 !== null)
{ {
$must_resend_keys = true; $must_resend_keys = true;
} }
@ -155,15 +156,15 @@ class Session
// Validate the SSL key. // Validate the SSL key.
if (!$must_create && \RX_SSL) if (!$must_create && \RX_SSL)
{ {
if (!isset($_SESSION['RHYMIX']['keys'][$domain]['key2'])) if (!isset($_SESSION['RHYMIX']['keys'][$alt_domain]['key2']))
{ {
$must_refresh = true; $must_refresh = true;
} }
elseif ($_SESSION['RHYMIX']['keys'][$domain]['key2'] === $key2 && $key2 !== null) elseif ($_SESSION['RHYMIX']['keys'][$alt_domain]['key2'] === $key2 && $key2 !== null)
{ {
// OK // OK
} }
elseif ($_SESSION['RHYMIX']['keys'][$domain]['key2_prev'] === $key2 && $key2 !== null) elseif ($_SESSION['RHYMIX']['keys'][$alt_domain]['key2_prev'] === $key2 && $key2 !== null)
{ {
$must_resend_keys = true; $must_resend_keys = true;
} }
@ -178,11 +179,11 @@ class Session
} }
// Check the refresh interval. // Check the refresh interval.
if (!$must_create && $_SESSION['RHYMIX']['keys'][$domain]['key1_time'] < time() - $refresh_interval && !$relax_key_checks) if (!$must_create && $_SESSION['RHYMIX']['keys'][$alt_domain]['key1_time'] < time() - $refresh_interval && !$relax_key_checks)
{ {
$must_refresh = true; $must_refresh = true;
} }
elseif (!$must_create && \RX_SSL && $_SESSION['RHYMIX']['keys'][$domain]['key2_time'] < time() - $refresh_interval && !$relax_key_checks) elseif (!$must_create && \RX_SSL && $_SESSION['RHYMIX']['keys'][$alt_domain]['key2_time'] < time() - $refresh_interval && !$relax_key_checks)
{ {
$must_refresh = true; $must_refresh = true;
} }
@ -436,7 +437,7 @@ class Session
public static function refresh() public static function refresh()
{ {
// Get session parameters. // Get session parameters.
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams(); $domain = self::getDomain() ?: preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
// Set the domain initialization timestamp. // Set the domain initialization timestamp.
if (!isset($_SESSION['RHYMIX']['keys'][$domain]['started'])) if (!isset($_SESSION['RHYMIX']['keys'][$domain]['started']))
@ -643,7 +644,7 @@ class Session
public static function isTrusted() public static function isTrusted()
{ {
// Get session parameters. // Get session parameters.
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams(); $domain = self::getDomain() ?: preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
// Check the 'trusted' parameter. // Check the 'trusted' parameter.
if ($_SESSION['RHYMIX']['keys'][$domain]['trusted'] > time()) if ($_SESSION['RHYMIX']['keys'][$domain]['trusted'] > time())
@ -845,7 +846,7 @@ class Session
public static function setTrusted($duration = 300) public static function setTrusted($duration = 300)
{ {
// Get session parameters. // Get session parameters.
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams(); $domain = self::getDomain() ?: preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
// Update the 'trusted' parameter if the current user is logged in. // Update the 'trusted' parameter if the current user is logged in.
if (isset($_SESSION['RHYMIX']['keys'][$domain]) && $_SESSION['RHYMIX']['login']) if (isset($_SESSION['RHYMIX']['keys'][$domain]) && $_SESSION['RHYMIX']['login'])
@ -1089,14 +1090,15 @@ class Session
{ {
// Get session parameters. // Get session parameters.
list($lifetime, $refresh_interval, $domain, $path) = self::_getParams(); list($lifetime, $refresh_interval, $domain, $path) = self::_getParams();
$alt_domain = $domain ?: preg_replace('/:\\d+$/', '', strtolower($_SERVER['HTTP_HOST']));
$lifetime = $lifetime ? ($lifetime + time()) : 0; $lifetime = $lifetime ? ($lifetime + time()) : 0;
$ssl_only = (\RX_SSL && config('session.use_ssl')) ? true : false; $ssl_only = (\RX_SSL && config('session.use_ssl')) ? true : false;
// Set or destroy the HTTP-only key. // Set or destroy the HTTP-only key.
if (isset($_SESSION['RHYMIX']['keys'][$domain]['key1'])) if (isset($_SESSION['RHYMIX']['keys'][$alt_domain]['key1']))
{ {
setcookie('rx_sesskey1', $_SESSION['RHYMIX']['keys'][$domain]['key1'], $lifetime, $path, $domain, $ssl_only, true); setcookie('rx_sesskey1', $_SESSION['RHYMIX']['keys'][$alt_domain]['key1'], $lifetime, $path, $domain, $ssl_only, true);
$_COOKIE['rx_sesskey1'] = $_SESSION['RHYMIX']['keys'][$domain]['key1']; $_COOKIE['rx_sesskey1'] = $_SESSION['RHYMIX']['keys'][$alt_domain]['key1'];
} }
else else
{ {
@ -1105,10 +1107,10 @@ class Session
} }
// Set the HTTPS-only key. // Set the HTTPS-only key.
if (\RX_SSL && isset($_SESSION['RHYMIX']['keys'][$domain]['key2'])) if (\RX_SSL && isset($_SESSION['RHYMIX']['keys'][$alt_domain]['key2']))
{ {
setcookie('rx_sesskey2', $_SESSION['RHYMIX']['keys'][$domain]['key2'], $lifetime, $path, $domain, true, true); setcookie('rx_sesskey2', $_SESSION['RHYMIX']['keys'][$alt_domain]['key2'], $lifetime, $path, $domain, true, true);
$_COOKIE['rx_sesskey2'] = $_SESSION['RHYMIX']['keys'][$domain]['key2']; $_COOKIE['rx_sesskey2'] = $_SESSION['RHYMIX']['keys'][$alt_domain]['key2'];
} }
// Delete conflicting domain cookies. // Delete conflicting domain cookies.