bug fix 261: improve security of sessions (next to svn:1004):

- improve presentation code style
- add upgrade database file

git-svn-id: http://piwigo.org/svn/trunk@1007 68402e56-0260-453c-a942-63ccdbb3a9ee

admin.php

@@ -86,7 +86,7 @@ $template->assign_vars(
     'U_THUMBNAILS'=> $link_start.'thumbnail',
     'U_USERS'=> $link_start.'user_list',
     'U_GROUPS'=> $link_start.'group_list',
-    'U_RETURN'=> PHPWG_ROOT_PATH.'category.php'
+    'U_RETURN'=> PHPWG_ROOT_PATH.'category.php',
     'U_ADMIN'=> PHPWG_ROOT_PATH.'admin.php',
     'L_ADMIN' => $lang['admin'],
     'L_ADMIN_HINT' => $lang['hint_admin']

include/config_default.inc.php

@@ -264,19 +264,22 @@ $conf['use_exif_mapping'] = array(
 // |                               sessions                                |
 // +-----------------------------------------------------------------------+
 
-// specifies to use cookie to store the session id on client side
+// session_use_cookies: specifies to use cookie to store 
-$conf['session_use_cookies'] = 1;
+// the session id on client side
+$conf['session_use_cookies'] = true;
 
-// specifies to only use cookie to store the session id on client side
+// session_use_only_cookies: specifies to only use cookie to store 
-$conf['session_use_only_cookies'] = 1;
+// the session id on client side
+$conf['session_use_only_cookies'] = true;
 
-// do not use transparent session id support
+// session_use_trans_sid: do not use transparent session id support
-$conf['session_use_trans_sid'] = 0;
+$conf['session_use_trans_sid'] = false;
 
-// specifies the name of the session which is used as cookie name
+// session_name: specifies the name of the session which is used as cookie name
 $conf['session_name'] = 'pwg_id';
 
-// comment the line below to use file handler for sessions.
+// session_save_handler: comment the line below 
+// to use file handler for sessions.
 $conf['session_save_handler'] = 'db';
 
 // authorize_remembering : permits user to stay logged for a long time. It

include/functions_session.inc.php

@@ -25,20 +25,33 @@
 // | USA.                                                                  |
 // +-----------------------------------------------------------------------+
 
-if (isset($conf['session_save_handler']) and ($conf['session_save_handler'] == 'db')) {
+if (isset($conf['session_save_handler']) 
+  and ($conf['session_save_handler'] == 'db')) 
+{
   session_set_save_handler('pwg_session_open', 
-			   'pwg_session_close',
+    'pwg_session_close',
-			   'pwg_session_read',
+    'pwg_session_read',
-			   'pwg_session_write',
+    'pwg_session_write',
-			   'pwg_session_destroy',
+    'pwg_session_destroy',
-			   'pwg_session_gc'
+    'pwg_session_gc'
-			   );
+  );
+}
+if (isset($conf['session_use_cookies'])) 
+{ 
+  ini_set('session.use_cookies', $conf['session_use_cookies']);
+}
+if (isset($conf['session_use_only_cookies']))
+{
+  ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
+}
+if (isset($conf['session_use_trans_sid']))
+{
+  ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
+}
+if (isset($conf['session_name']))
+{
+  ini_set('session.name', $conf['session_name']);
 }
-
-ini_set('session.use_cookies', $conf['session_use_cookies']);
-ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
-ini_set('session.use_trans_sid', $conf['session_use_trans_sid']);
-ini_set('session.name', $conf['session_name']);
 
 function pwg_session_open($path, $name) 
 {
@@ -53,29 +66,39 @@ function pwg_session_close()
 
 function pwg_session_read($session_id) 
 {
-  $query = "SELECT data FROM " . SESSIONS_TABLE;
+  $query = '
-  $query .= " WHERE id = '$session_id'";
+SELECT data FROM '.SESSIONS_TABLE.'
+  WHERE id = \''.$session_id.'\'';
   $result = pwg_query($query);
-  if ($result) {
+  if ($result) 
+  {
     $row = mysql_fetch_assoc($result);
     return $row['data'];
-  } else {
+  } 
+  else 
+  {
     return '';
   }
 }
 
 function pwg_session_write($session_id, $data) 
 {
-  $query = "SELECT id FROM " . SESSIONS_TABLE;
+  $query = '
-  $query .= " WHERE id = '$session_id'";
+SELECT id FROM '.SESSIONS_TABLE.'
+  WHERE id = \''.$session_id.'\'';
   $result = pwg_query($query);
-  if (mysql_num_rows($result)) {
+  if (mysql_num_rows($result)) 
-    $query = "UPDATE " . SESSIONS_TABLE . " SET expiration = now()";
+  {
-    $query .= " WHERE id = '$session_id'";    
+    $query = '
+UPDATE '.SESSIONS_TABLE.' SET expiration = now()
+  WHERE id = \''.$session_id.'\'';    
     pwg_query($query);
-  } else {
+  } 
-    $query = "INSERT INTO " . SESSIONS_TABLE . " (id,data,expiration)";
+  else 
-    $query .= " VALUES('$session_id','$data',now())";
+  {
+    $query = '
+INSERT INTO '.SESSIONS_TABLE.'(id,data,expiration)
+  VALUES(\''.$session_id.'\',\''.$data.'\',now())';
     pwg_query($query);    
   }
   return true;
@@ -83,8 +106,9 @@ function pwg_session_write($session_id, $data)
 
 function pwg_session_destroy($session_id) 
 {
-  $query = "DELETE FROM " . SESSIONS_TABLE;
+  $query = '
-  $query .= " WHERE id = '$session_id'";
+DELETE FROM '.SESSIONS_TABLE.'
+  WHERE id = '.$session_id;
   pwg_query($query);
   return true;
 }
@@ -93,8 +117,10 @@ function pwg_session_gc()
 {
   global $conf;
 
-  $query = "DELETE FROM " . SESSIONS_TABLE;
+  $query = '
-  $query .= " WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > " . $conf['session_length'];
+DELETE FROM '.SESSIONS_TABLE.'
+  WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > '
+  .$conf['session_length'];
   pwg_query($query);
   return true;
 }

install/db/3-database.php

@@ -0,0 +1,57 @@
+<?php
+// +-----------------------------------------------------------------------+
+// | PhpWebGallery - a PHP based picture gallery                           |
+// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
+// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
+// +-----------------------------------------------------------------------+
+// | branch        : BSF (Best So Far)
+// | file          : $RCSfile$
+// | last update   : $Date: 2005-09-21 00:04:57 +0200 (mer, 21 sep 2005) $
+// | last modifier : $Author: plg $
+// | revision      : $Revision: 870 $
+// +-----------------------------------------------------------------------+
+// | This program is free software; you can redistribute it and/or modify  |
+// | it under the terms of the GNU General Public License as published by  |
+// | the Free Software Foundation                                          |
+// |                                                                       |
+// | This program is distributed in the hope that it will be useful, but   |
+// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
+// | General Public License for more details.                              |
+// |                                                                       |
+// | You should have received a copy of the GNU General Public License     |
+// | along with this program; if not, write to the Free Software           |
+// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
+// | USA.                                                                  |
+// +-----------------------------------------------------------------------+
+
+if (!defined('PHPWG_ROOT_PATH'))
+{
+  die('Hacking attempt!');
+}
+
+$upgrade_description = 'Update session table for new session system';
+
+// +-----------------------------------------------------------------------+
+// |                            Upgrade content                            |
+// +-----------------------------------------------------------------------+
+
+// delete content of old session table
+$query = '
+DELETE FROM '.PREFIX_TABLE.'sessions
+;';
+pwg_query($query);
+
+// column user_id becomes data of type text
+$query = '
+ALTER TABLE '.PREFIX_TABLE.'sessions
+  CHANGE COLUMN user_id data text NOT NULL
+;';
+pwg_query($query);
+
+echo
+"\n"
+.'Column modified in sessions table'
+."\n"
+;
+?>