From c6ded845d08bd76992709c30948383426824d797 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 11 Jul 2018 10:34:45 -0400 Subject: [PATCH] Return the user db row ifrom userLogin instead of assuming it will be accessed as a global. Add is_session_started function and use it to detect when we need to start/stop the session in generateAuthHash --- web/includes/auth.php | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/web/includes/auth.php b/web/includes/auth.php index b14323103..0224bb95b 100644 --- a/web/includes/auth.php +++ b/web/includes/auth.php @@ -55,6 +55,7 @@ function userLogin($username, $password='', $passwordHashed=false) { unset($user); } session_write_close(); + return $user; } # end function userLogin function userLogout() { @@ -121,7 +122,11 @@ function generateAuthHash($useRemoteAddr, $force=false) { #Logger::Debug("Generated using hour:".$local_time[2] . ' mday:' . $local_time[3] . ' month:'.$local_time[4] . ' year: ' . $local_time[5] ); $auth = md5($authKey); if ( !$force ) { - session_start(); + $close_session = 0; + if ( !is_session_started() ) { + session_start(); + $close_session = 1; + } $_SESSION['AuthHash'] = $auth; $_SESSION['AuthHashGeneratedAt'] = $time; session_write_close(); @@ -155,4 +160,15 @@ function canEdit($area, $mid=false) { return ( $user[$area] == 'Edit' && ( !$mid || visibleMonitor($mid) )); } +function is_session_started() { + if ( php_sapi_name() !== 'cli' ) { + if ( version_compare(phpversion(), '5.4.0', '>=') ) { + return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE; + } else { + return session_id() === '' ? FALSE : TRUE; + } + } + return FALSE; +} + ?>