From 0909717c37cdf2ddadcddaf92d610f5243ec3c17 Mon Sep 17 00:00:00 2001 From: Nicolas Date: Wed, 10 Feb 2016 12:37:12 +0100 Subject: if php version is less than 7.0.3 and session_id exists do nothing --- include/functions_user.inc.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index ac85d1b47..f0d30ea49 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -945,10 +945,13 @@ function log_user($user_id, $remember_me) { // make sure we clean any remember me ... setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain')); } - if ( session_id()!="" and (version_compare(PHP_VERSION, '7') <= 0 or version_compare(PHP_VERSION, '7.0.3') >= 0)) + if ( session_id()!="" ) { // we regenerate the session for security reasons // see http://www.acros.si/papers/session_fixation.pdf - session_regenerate_id(true); + if ((version_compare(PHP_VERSION, '7') <= 0 or version_compare(PHP_VERSION, '7.0.3') >= 0)) + { + session_regenerate_id(true); + } } else { -- cgit v1.2.3 From 08fe998dd10fbf3fe79e8722df891b9496228b4a Mon Sep 17 00:00:00 2001 From: plg Date: Wed, 10 Feb 2016 15:19:40 +0100 Subject: session_regenerate_id() still fails with PHP 7.0.3 fix indentation --- include/functions_user.inc.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index f0d30ea49..2591929b4 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -948,10 +948,10 @@ function log_user($user_id, $remember_me) if ( session_id()!="" ) { // we regenerate the session for security reasons // see http://www.acros.si/papers/session_fixation.pdf - if ((version_compare(PHP_VERSION, '7') <= 0 or version_compare(PHP_VERSION, '7.0.3') >= 0)) - { - session_regenerate_id(true); - } + if (version_compare(PHP_VERSION, '7') <= 0) + { + session_regenerate_id(true); + } } else { -- cgit v1.2.3