mirror of
https://github.com/DanielnetoDotCom/YouPHPTube
synced 2025-10-04 10:19:24 +02:00
Updates
This commit is contained in:
Daniel Neto
parent
3c5ebfcba5
commit
bc81ceb9ec
7 changed files with 63 additions and 74 deletions
|
|
@ -285,7 +285,7 @@ function session_start_preload(){
|
|||
}
|
||||
|
||||
$config = new AVideoConf();
|
||||
|
||||
|
||||
// server should keep session data for AT LEAST 1 hour
|
||||
ini_set('session.gc_maxlifetime', $config->getSession_timeout());
|
||||
|
||||
|
|
@ -328,7 +328,8 @@ function _session_start(array $options = [])
|
|||
}
|
||||
if (!blackListRegenerateSession()) {
|
||||
_error_log("captcha: session_id regenerated new session_id=" . session_id());
|
||||
_session_regenerate_id(User::getId(), true);
|
||||
_session_regenerate_id(isset($_SESSION['user']) && isset($_SESSION['user']['id']) ? $_SESSION['user']['id'] : 0, true);
|
||||
|
||||
}
|
||||
return $session;
|
||||
} else {
|
||||
|
|
@ -339,6 +340,8 @@ function _session_start(array $options = [])
|
|||
$start = microtime(true);
|
||||
//_error_log('session_start 1');
|
||||
$session = @session_start($options);
|
||||
_session_regenerate_id(isset($_SESSION['user']) && isset($_SESSION['user']['id']) ? $_SESSION['user']['id'] : 0);
|
||||
|
||||
//_error_log('session_id '. session_id().' line='.__LINE__.' IP:'.getRealIpAddr().json_encode($options));
|
||||
//_error_log('session_start 2');
|
||||
$takes = microtime(true) - $start;
|
||||
|
|
@ -355,38 +358,44 @@ function _session_start(array $options = [])
|
|||
}
|
||||
}
|
||||
|
||||
function _session_regenerate_id($users_id=0, $force = false)
|
||||
function _session_regenerate_id($users_id = 0, $force = false)
|
||||
{
|
||||
$session = $_SESSION;
|
||||
|
||||
$users_id = intval($users_id);
|
||||
|
||||
$prefix = "UID_{$users_id}_";
|
||||
|
||||
// If force is true or the session ID does not start with the correct prefix, regenerate it
|
||||
// If force is true or the session ID does not start with the correct prefix, rename it
|
||||
if ($force || strpos(session_id(), $prefix) !== 0) {
|
||||
// Create a new session ID with the prefix and timestamp
|
||||
$newSessionId = $prefix . time() . '_' . bin2hex(random_bytes(8)); // Add random bytes for security
|
||||
// Call the renaming function to generate a new session ID with the given prefix and user ID
|
||||
rename_session_id($users_id);
|
||||
|
||||
$_SESSION = array();
|
||||
|
||||
// Regenerate the session ID and preserve the current session data
|
||||
session_regenerate_id(true);
|
||||
|
||||
// Set the new session ID manually
|
||||
session_id($newSessionId);
|
||||
|
||||
// Reset the cookies with the new session ID
|
||||
_resetcookie('PHPSESSID', session_id());
|
||||
_resetcookie(session_name(), session_id());
|
||||
|
||||
// Restore session data
|
||||
$_SESSION = $session;
|
||||
|
||||
_error_log("Session ID regenerated with prefix: " . session_id());
|
||||
}
|
||||
}
|
||||
|
||||
// New function to rename session ID
|
||||
function rename_session_id($users_id = 0)
|
||||
{
|
||||
$session = $_SESSION; // Store the current session data
|
||||
|
||||
// Generate the new session ID with the prefix and user ID
|
||||
$newSessionId = 'UID_' . $users_id . '_' . time() . '_' . bin2hex(random_bytes(8));
|
||||
|
||||
session_write_close(); // Write the session data and close it to allow session ID change
|
||||
|
||||
// Change the session ID
|
||||
session_id($newSessionId);
|
||||
|
||||
session_start(); // Restart the session with the new session ID
|
||||
|
||||
$_SESSION = $session; // Restore the session data
|
||||
|
||||
// Reset the session cookie to use the new session ID
|
||||
_resetcookie('PHPSESSID', session_id());
|
||||
_resetcookie(session_name(), session_id());
|
||||
|
||||
_error_log("Session ID renamed to: " . session_id());
|
||||
}
|
||||
|
||||
function uniqidV4()
|
||||
{
|
||||
$randomString = openssl_random_pseudo_bytes(16);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue