mirror of
https://github.com/DanielnetoDotCom/YouPHPTube
synced 2025-10-05 10:49:36 +02:00
Updates
This commit is contained in:
Daniel Neto
parent
3c5ebfcba5
commit
bc81ceb9ec
7 changed files with 63 additions and 74 deletions
|
|
@ -90,8 +90,8 @@ function _error_log($message, $type = 0, $doNotRepeat = false)
|
|||
$message = json_encode($message);
|
||||
}
|
||||
if (isSchedulerRun() || !empty($global['printLogs'])) {
|
||||
echo $message . PHP_EOL;
|
||||
return false;
|
||||
//echo $message . PHP_EOL;
|
||||
//return false;
|
||||
}
|
||||
if (empty($doNotRepeat)) {
|
||||
// do not log it too many times when you are using HLS format, other wise it will fill the log file with the same error
|
||||
|
|
|
|||
|
|
@ -328,7 +328,8 @@ function _session_start(array $options = [])
|
|||
}
|
||||
if (!blackListRegenerateSession()) {
|
||||
_error_log("captcha: session_id regenerated new session_id=" . session_id());
|
||||
_session_regenerate_id(User::getId(), true);
|
||||
_session_regenerate_id(isset($_SESSION['user']) && isset($_SESSION['user']['id']) ? $_SESSION['user']['id'] : 0, true);
|
||||
|
||||
}
|
||||
return $session;
|
||||
} else {
|
||||
|
|
@ -339,6 +340,8 @@ function _session_start(array $options = [])
|
|||
$start = microtime(true);
|
||||
//_error_log('session_start 1');
|
||||
$session = @session_start($options);
|
||||
_session_regenerate_id(isset($_SESSION['user']) && isset($_SESSION['user']['id']) ? $_SESSION['user']['id'] : 0);
|
||||
|
||||
//_error_log('session_id '. session_id().' line='.__LINE__.' IP:'.getRealIpAddr().json_encode($options));
|
||||
//_error_log('session_start 2');
|
||||
$takes = microtime(true) - $start;
|
||||
|
|
@ -355,38 +358,44 @@ function _session_start(array $options = [])
|
|||
}
|
||||
}
|
||||
|
||||
function _session_regenerate_id($users_id=0, $force = false)
|
||||
function _session_regenerate_id($users_id = 0, $force = false)
|
||||
{
|
||||
$session = $_SESSION;
|
||||
|
||||
$users_id = intval($users_id);
|
||||
|
||||
$prefix = "UID_{$users_id}_";
|
||||
|
||||
// If force is true or the session ID does not start with the correct prefix, regenerate it
|
||||
// If force is true or the session ID does not start with the correct prefix, rename it
|
||||
if ($force || strpos(session_id(), $prefix) !== 0) {
|
||||
// Create a new session ID with the prefix and timestamp
|
||||
$newSessionId = $prefix . time() . '_' . bin2hex(random_bytes(8)); // Add random bytes for security
|
||||
|
||||
$_SESSION = array();
|
||||
|
||||
// Regenerate the session ID and preserve the current session data
|
||||
session_regenerate_id(true);
|
||||
|
||||
// Set the new session ID manually
|
||||
session_id($newSessionId);
|
||||
|
||||
// Reset the cookies with the new session ID
|
||||
_resetcookie('PHPSESSID', session_id());
|
||||
_resetcookie(session_name(), session_id());
|
||||
|
||||
// Restore session data
|
||||
$_SESSION = $session;
|
||||
// Call the renaming function to generate a new session ID with the given prefix and user ID
|
||||
rename_session_id($users_id);
|
||||
|
||||
_error_log("Session ID regenerated with prefix: " . session_id());
|
||||
}
|
||||
}
|
||||
|
||||
// New function to rename session ID
|
||||
function rename_session_id($users_id = 0)
|
||||
{
|
||||
$session = $_SESSION; // Store the current session data
|
||||
|
||||
// Generate the new session ID with the prefix and user ID
|
||||
$newSessionId = 'UID_' . $users_id . '_' . time() . '_' . bin2hex(random_bytes(8));
|
||||
|
||||
session_write_close(); // Write the session data and close it to allow session ID change
|
||||
|
||||
// Change the session ID
|
||||
session_id($newSessionId);
|
||||
|
||||
session_start(); // Restart the session with the new session ID
|
||||
|
||||
$_SESSION = $session; // Restore the session data
|
||||
|
||||
// Reset the session cookie to use the new session ID
|
||||
_resetcookie('PHPSESSID', session_id());
|
||||
_resetcookie(session_name(), session_id());
|
||||
|
||||
_error_log("Session ID renamed to: " . session_id());
|
||||
}
|
||||
|
||||
function uniqidV4()
|
||||
{
|
||||
$randomString = openssl_random_pseudo_bytes(16);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
global $global, $config;
|
||||
|
||||
$doNotConnectDatabaseIncludeConfig = 1;
|
||||
require_once __DIR__.'/../videos/configuration.php';
|
||||
header('Content-Type: application/json');
|
||||
|
||||
|
|
|
|||
|
|
@ -1215,7 +1215,8 @@ if (typeof gtag !== \"function\") {
|
|||
$_SESSION['loginAttempts'] = 0;
|
||||
|
||||
// Call custom session regenerate logic
|
||||
_session_regenerate_id($_SESSION['user']['id']);
|
||||
// this was regenerating the session all the time, making harder to save info in the session
|
||||
_session_regenerate_id();
|
||||
|
||||
_session_write_close();
|
||||
|
||||
|
|
|
|||
|
|
@ -168,6 +168,7 @@ if (!empty($_REQUEST['isClosed'])) {
|
|||
<title><?php echo $objectToReturnToParentIframe->title; ?></title>
|
||||
<link href="<?php echo getURL('view/bootstrap/css/bootstrap.min.css'); ?>" rel="stylesheet" type="text/css" />
|
||||
<link href="<?php echo getURL('node_modules/@fortawesome/fontawesome-free/css/all.min.css'); ?>" rel="stylesheet" type="text/css" />
|
||||
<script src="<?php echo getURL('view/js/session.js'); ?>" type="text/javascript"></script>
|
||||
<script src="<?php echo getURL('node_modules/jquery/dist/jquery.min.js'); ?>" type="text/javascript"></script>
|
||||
<style>
|
||||
body {
|
||||
|
|
@ -200,29 +201,6 @@ if (!empty($_REQUEST['isClosed'])) {
|
|||
?>
|
||||
var webSiteRootURL = '<?php echo $global['webSiteRootURL']; ?>';
|
||||
var player;
|
||||
// Create a variable to hold the session ID
|
||||
var PHPSESSID = null;
|
||||
|
||||
// Function to load the session ID via AJAX
|
||||
function loadPHPSessionID() {
|
||||
fetch('objects/phpsessionid.json.php', {
|
||||
method: 'GET',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Cache-Control': 'no-cache'
|
||||
}
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
PHPSESSID = data.phpsessid; // Assign the session ID to the variable
|
||||
console.log('PHPSESSID loaded:', PHPSESSID); // You can remove this in production
|
||||
})
|
||||
.catch(error => {
|
||||
console.error('Error loading PHPSESSID:', error);
|
||||
});
|
||||
}
|
||||
// Load the session ID as fast as possible
|
||||
window.addEventListener('DOMContentLoaded', loadPHPSessionID);
|
||||
</script>
|
||||
<?php
|
||||
echo AVideoPlugin::getHeadCode();
|
||||
|
|
|
|||
|
|
@ -88,6 +88,7 @@ if (!isCommandLineInterface()) {
|
|||
<link rel="shortcut icon" href="<?php echo $config->getFavicon(); ?>" sizes="16x16,24x24,32x32,48x48,144x144">
|
||||
<meta name="msapplication-TileImage" content="<?php echo $config->getFavicon(true); ?>">
|
||||
<meta name="robots" content="index, follow" />
|
||||
<script src="<?php echo getURL('view/js/session.js'); ?>" type="text/javascript"></script>
|
||||
|
||||
<link href="<?php echo getURL('node_modules/@fortawesome/fontawesome-free/css/all.min.css'); ?>" rel="stylesheet" type="text/css" />
|
||||
<?php
|
||||
|
|
@ -188,29 +189,6 @@ if (isRTL()) {
|
|||
var _serverSystemTimezone = "<?php echo (getSystemTimezone()); ?>";
|
||||
var avideoModalIframeFullScreenCloseButton = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 2, 'class="btn btn-default pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>;
|
||||
var avideoModalIframeFullScreenCloseButtonSmall = <?php echo json_encode(getHamburgerButton('avideoModalIframeFullScreenCloseButton', 4, 'class="btn btn-default btn-sm pull-left hamburger " onclick="avideoModalIframeFullScreenClose();"', true)); ?>;
|
||||
// Create a variable to hold the session ID
|
||||
var PHPSESSID = null;
|
||||
|
||||
// Function to load the session ID via AJAX
|
||||
function loadPHPSessionID() {
|
||||
fetch('objects/phpsessionid.json.php', {
|
||||
method: 'GET',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Cache-Control': 'no-cache'
|
||||
}
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
PHPSESSID = data.phpsessid; // Assign the session ID to the variable
|
||||
console.log('PHPSESSID loaded:', PHPSESSID); // You can remove this in production
|
||||
})
|
||||
.catch(error => {
|
||||
console.error('Error loading PHPSESSID:', error);
|
||||
});
|
||||
}
|
||||
// Load the session ID as fast as possible
|
||||
window.addEventListener('DOMContentLoaded', loadPHPSessionID);
|
||||
</script>
|
||||
<?php
|
||||
if (!isOffline() && !$config->getDisable_analytics()) {
|
||||
|
|
|
|||
23
view/js/session.js
Normal file
23
view/js/session.js
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
// Create a variable to hold the session ID
|
||||
var PHPSESSID = null;
|
||||
|
||||
// Function to load the session ID via AJAX
|
||||
function loadPHPSessionID() {
|
||||
fetch(webSiteRootURL + 'objects/phpsessionid.json.php', {
|
||||
method: 'GET',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'Cache-Control': 'no-cache'
|
||||
}
|
||||
})
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
PHPSESSID = data.phpsessid; // Assign the session ID to the variable
|
||||
console.log('PHPSESSID loaded:', PHPSESSID); // You can remove this in production
|
||||
})
|
||||
.catch(error => {
|
||||
console.error('Error loading PHPSESSID:', error);
|
||||
});
|
||||
}
|
||||
// Load the session ID as fast as possible
|
||||
window.addEventListener('DOMContentLoaded', loadPHPSessionID);
|
||||
Loading…
Add table
Add a link
Reference in a new issue