mirror of
https://github.com/DanielnetoDotCom/YouPHPTube
synced 2025-10-06 03:50:04 +02:00
This commit is contained in:
Daniel Neto
parent
7dbebd22c5
commit
3c5ebfcba5
5 changed files with 123 additions and 42 deletions
|
|
@ -328,7 +328,7 @@ function _session_start(array $options = [])
|
|||
}
|
||||
if (!blackListRegenerateSession()) {
|
||||
_error_log("captcha: session_id regenerated new session_id=" . session_id());
|
||||
_session_regenerate_id();
|
||||
_session_regenerate_id(User::getId(), true);
|
||||
}
|
||||
return $session;
|
||||
} else {
|
||||
|
|
@ -355,13 +355,36 @@ function _session_start(array $options = [])
|
|||
}
|
||||
}
|
||||
|
||||
function _session_regenerate_id()
|
||||
function _session_regenerate_id($users_id=0, $force = false)
|
||||
{
|
||||
$session = $_SESSION;
|
||||
|
||||
$users_id = intval($users_id);
|
||||
|
||||
$prefix = "UID_{$users_id}_";
|
||||
|
||||
// If force is true or the session ID does not start with the correct prefix, regenerate it
|
||||
if ($force || strpos(session_id(), $prefix) !== 0) {
|
||||
// Create a new session ID with the prefix and timestamp
|
||||
$newSessionId = $prefix . time() . '_' . bin2hex(random_bytes(8)); // Add random bytes for security
|
||||
|
||||
$_SESSION = array();
|
||||
|
||||
// Regenerate the session ID and preserve the current session data
|
||||
session_regenerate_id(true);
|
||||
|
||||
// Set the new session ID manually
|
||||
session_id($newSessionId);
|
||||
|
||||
// Reset the cookies with the new session ID
|
||||
_resetcookie('PHPSESSID', session_id());
|
||||
_resetcookie(session_name(), session_id());
|
||||
|
||||
// Restore session data
|
||||
$_SESSION = $session;
|
||||
|
||||
_error_log("Session ID regenerated with prefix: " . session_id());
|
||||
}
|
||||
}
|
||||
|
||||
function uniqidV4()
|
||||
|
|
|
|||
10
objects/phpsessionid.json.php
Normal file
10
objects/phpsessionid.json.php
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
<?php
|
||||
global $global, $config;
|
||||
|
||||
require_once __DIR__.'/../videos/configuration.php';
|
||||
header('Content-Type: application/json');
|
||||
|
||||
$obj = new stdClass();
|
||||
$obj->phpsessid = session_id();
|
||||
|
||||
echo _json_encode($obj);
|
||||
|
|
@ -1152,14 +1152,16 @@ if (typeof gtag !== \"function\") {
|
|||
{
|
||||
global $global, $advancedCustom, $advancedCustomUser, $config;
|
||||
require_once $global['systemRootPath'] . 'plugin/AVideoPlugin.php';
|
||||
|
||||
if (!class_exists('AVideoPlugin')) {
|
||||
_error_log("ERROR login($noPass, $encodedPass, $ignoreEmailVerification) " . json_encode(debug_backtrace()));
|
||||
return self::SYSTEM_ERROR;
|
||||
}
|
||||
|
||||
if (User::isLogged()) {
|
||||
//_error_log('User:login is already logged '.json_encode($_SESSION['user']['id']));
|
||||
return self::USER_LOGGED;
|
||||
}
|
||||
|
||||
if (class_exists('AVideoPlugin')) {
|
||||
if (empty($advancedCustomUser)) {
|
||||
$advancedCustomUser = AVideoPlugin::getObjectData("CustomizeUser");
|
||||
|
|
@ -1172,7 +1174,7 @@ if (typeof gtag !== \"function\") {
|
|||
if (strtolower($encodedPass) === 'false') {
|
||||
$encodedPass = false;
|
||||
}
|
||||
//_error_log("user::login: noPass = $noPass, encodedPass = $encodedPass, this->user, $this->user " . getRealIpAddr());
|
||||
|
||||
if ($noPass) {
|
||||
$user = $this->find($this->user, false, true);
|
||||
} else {
|
||||
|
|
@ -1183,10 +1185,10 @@ if (typeof gtag !== \"function\") {
|
|||
_error_log('login Captcha error ' . $_SERVER['HTTP_USER_AGENT']);
|
||||
return self::CAPTCHA_ERROR;
|
||||
}
|
||||
|
||||
ObjectYPT::clearSessionCache();
|
||||
_session_start();
|
||||
// check for multiple logins attempts to prevent hacking end
|
||||
// if user is not verified
|
||||
|
||||
if (empty($ignoreEmailVerification) && !empty($user) && empty($user['isAdmin']) && empty($user['emailVerified']) && !empty($advancedCustomUser->unverifiedEmailsCanNOTLogin)) {
|
||||
unset($_SESSION['user']);
|
||||
self::sendVerificationLink($user['id']);
|
||||
|
|
@ -1211,8 +1213,10 @@ if (typeof gtag !== \"function\") {
|
|||
|
||||
AVideoPlugin::onUserSignIn($_SESSION['user']['id']);
|
||||
$_SESSION['loginAttempts'] = 0;
|
||||
// this was regenerating the session all the time, making harder to save info in the session
|
||||
//_session_regenerate_id();
|
||||
|
||||
// Call custom session regenerate logic
|
||||
_session_regenerate_id($_SESSION['user']['id']);
|
||||
|
||||
_session_write_close();
|
||||
|
||||
_error_log("User:login finish with success users_id= {$_SESSION['user']['id']} {$_SERVER['HTTP_USER_AGENT']} IP=" . getRealIpAddr() . json_encode(debug_backtrace()));
|
||||
|
|
|
|||
|
|
@ -200,7 +200,29 @@ if (!empty($_REQUEST['isClosed'])) {
|
|||
?>
|
||||
var webSiteRootURL = '<?php echo $global['webSiteRootURL']; ?>';
|
||||
var player;
|
||||
var PHPSESSID = "<?php echo session_id(); ?>";
|
||||
// Create a variable to hold the session ID
|
||||
var PHPSESSID = null;
|
||||
|
||||
// Function to load the session ID via AJAX
|
||||
function loadPHPSessionID() {
|
||||
fetch('objects/phpsessionid.json.php', {
|
||||
method: 'GET',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Cache-Control': 'no-cache'
|
||||
}
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
PHPSESSID = data.phpsessid; // Assign the session ID to the variable
|
||||
console.log('PHPSESSID loaded:', PHPSESSID); // You can remove this in production
|
||||
})
|
||||
.catch(error => {
|
||||
console.error('Error loading PHPSESSID:', error);
|
||||
});
|
||||
}
|
||||
// Load the session ID as fast as possible
|
||||
window.addEventListener('DOMContentLoaded', loadPHPSessionID);
|
||||
</script>
|
||||
<?php
|
||||
echo AVideoPlugin::getHeadCode();
|
||||
|
|
|
|||
|
|
@ -188,7 +188,29 @@ if (isRTL()) {
|
|||
var _serverSystemTimezone = "<?php echo (getSystemTimezone()); ?>";
|
||||
var avideoModalIframeFullScreenCloseButton = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 2, 'class="btn btn-default pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>;
|
||||
var avideoModalIframeFullScreenCloseButtonSmall = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 4, 'class="btn btn-default btn-sm pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>;
|
||||
var PHPSESSID = "<?php echo session_id(); ?>";
|
||||
// Create a variable to hold the session ID
|
||||
var PHPSESSID = null;
|
||||
|
||||
// Function to load the session ID via AJAX
|
||||
function loadPHPSessionID() {
|
||||
fetch('objects/phpsessionid.json.php', {
|
||||
method: 'GET',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Cache-Control': 'no-cache'
|
||||
}
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
PHPSESSID = data.phpsessid; // Assign the session ID to the variable
|
||||
console.log('PHPSESSID loaded:', PHPSESSID); // You can remove this in production
|
||||
})
|
||||
.catch(error => {
|
||||
console.error('Error loading PHPSESSID:', error);
|
||||
});
|
||||
}
|
||||
// Load the session ID as fast as possible
|
||||
window.addEventListener('DOMContentLoaded', loadPHPSessionID);
|
||||
</script>
|
||||
<?php
|
||||
if (!isOffline() && !$config->getDisable_analytics()) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue