Rev 4 | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
2 | daniel-mar | 1 | <?php |
2 | /* $Id: session.inc.php 10422 2007-06-05 16:32:49Z lem9 $ */ |
||
3 | // vim: expandtab sw=4 ts=4 sts=4: |
||
4 | /** |
||
5 | * session handling |
||
6 | * |
||
7 | * @todo add failover or warn if sessions are not configured properly |
||
8 | * @todo add an option to use mm-module for session handler |
||
9 | * @see http://www.php.net/session |
||
10 | * @uses session_name() |
||
11 | * @uses session_start() |
||
12 | * @uses ini_set() |
||
13 | * @uses version_compare() |
||
14 | * @uses PHP_VERSION |
||
15 | */ |
||
16 | |||
17 | |||
18 | |||
19 | |||
20 | |||
21 | |||
22 | |||
23 | |||
24 | |||
25 | // http://de3.php.net/md5: Alexander Valyalkin |
||
26 | |||
27 | function get_rnd_iv($iv_len) |
||
28 | { |
||
29 | $iv = ''; |
||
30 | while ($iv_len-- > 0) { |
||
31 | $iv .= chr(mt_rand() & 0xff); |
||
32 | } |
||
33 | return $iv; |
||
34 | } |
||
35 | |||
36 | function ib_encrypt($plain_text, $password, $iv_len = 16) |
||
37 | { |
||
38 | $plain_text .= "\x13"; |
||
39 | $n = strlen($plain_text); |
||
40 | if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16)); |
||
41 | $i = 0; |
||
42 | $enc_text = get_rnd_iv($iv_len); |
||
43 | $iv = substr($password ^ $enc_text, 0, 512); |
||
44 | while ($i < $n) { |
||
45 | $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv)); |
||
46 | $enc_text .= $block; |
||
47 | $iv = substr($block . $iv, 0, 512) ^ $password; |
||
48 | $i += 16; |
||
49 | } |
||
50 | return base64_encode($enc_text); |
||
51 | } |
||
52 | |||
53 | function ib_decrypt($enc_text, $password, $iv_len = 16) |
||
54 | { |
||
55 | $enc_text = base64_decode($enc_text); |
||
56 | $n = strlen($enc_text); |
||
57 | $i = $iv_len; |
||
58 | $plain_text = ''; |
||
59 | $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512); |
||
60 | while ($i < $n) { |
||
61 | $block = substr($enc_text, $i, 16); |
||
62 | $plain_text .= $block ^ pack('H*', md5($iv)); |
||
63 | $iv = substr($block . $iv, 0, 512) ^ $password; |
||
64 | $i += 16; |
||
65 | } |
||
66 | return preg_replace('/\\x13\\x00*$/', '', $plain_text); |
||
67 | } |
||
68 | |||
14 | daniel-mar | 69 | define('WBLEGAL', '1'); |
2 | daniel-mar | 70 | global $mysql_zugangsdaten; |
71 | include '../../../includes/config.inc.php'; |
||
72 | |||
73 | if ((isset($lock)) && ($lock)) |
||
74 | { |
||
3 | daniel-mar | 75 | die('<h1>Personal WebBase ist gesperrt</h1>Die Variable "$lock" in "includes/config.inc.php" steht auf 1 bzw. true. Setzen Sie diese Variable erst auf 0, wenn das Hochladen der Dateien beim Installations- bzw. Updateprozess beendet ist. Wenn Sie Personal WebBase freigeben, bevor der Upload abgeschlossen ist, kann es zu einer Beschädigung der Kundendatenbank kommen!'); |
2 | daniel-mar | 76 | } |
77 | |||
78 | //@ini_set('session.auto_start', 0); |
||
79 | @ini_set('session.cache_expire', 180); |
||
80 | @ini_set('session.use_trans_sid', 0); |
||
81 | @ini_set('session.use_cookies', 1); |
||
82 | @ini_set('session.use_only_cookies', 1); |
||
83 | if ($force_ssl) @ini_set('session.cookie_secure', 1); |
||
84 | @ini_set('session.cookie_lifetime', 0); |
||
85 | @ini_set('session.gc_maxlifetime', 1440); |
||
86 | @ini_set('session.bug_compat_42', 0); |
||
87 | @ini_set('session.bug_compat_warn', 1); |
||
88 | if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN') |
||
89 | { |
||
90 | @ini_set('session.hash_function', 1); |
||
91 | @ini_set('session.hash_bits_per_character', 6); |
||
92 | } |
||
93 | @ini_set('session.save_handler', 'user'); |
||
94 | // @ini_set('session.save_path', '../../../includes/session/'); |
||
95 | //@ini_set('arg_separator.output', '&'); |
||
96 | //@ini_set('url_rewriter.tags', 'a=href,area=href,frame=src,input=src,fieldset='); |
||
97 | |||
98 | $ib_session_name = 'ironbase'; |
||
99 | |||
100 | @session_unset(); |
||
101 | @session_destroy(); |
||
102 | |||
103 | /* ib_newdatabasetable('sessions', $m2, 'SessionID', "varchar(255) NOT NULL", |
||
104 | 'LastUpdated', "datetime NOT NULL", |
||
105 | 'DataValue', "text"); */ |
||
106 | |||
107 | function sessao_open($aSavaPath, $aSessionName) |
||
108 | { |
||
109 | sessao_gc( ini_get('session.gc_maxlifetime') ); |
||
110 | return True; |
||
111 | } |
||
112 | |||
113 | function sessao_close() |
||
114 | { |
||
115 | return True; |
||
116 | } |
||
117 | |||
118 | function sessao_read( $aKey ) |
||
119 | { |
||
120 | global $mysql_zugangsdaten; |
||
121 | |||
122 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
||
123 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
||
124 | |||
125 | $busca = mysql_query("SELECT `DataValue` FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
||
126 | if (mysql_num_rows($busca) == 0) |
||
127 | { |
||
128 | mysql_query("INSERT INTO `".$mysql_zugangsdaten['praefix']."sessions` (`SessionID`, `LastUpdated`, `DataValue`) VALUES ('".mysql_real_escape_string($aKey)."', NOW(), '')"); |
||
129 | |||
130 | @mysql_close($ib_conn); |
||
131 | |||
132 | return ''; |
||
133 | } |
||
134 | else |
||
135 | { |
||
136 | $r = mysql_fetch_array($busca); |
||
137 | |||
138 | @mysql_close($ib_conn); |
||
139 | |||
140 | return ib_decrypt($r['DataValue'], $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort']); |
||
141 | } |
||
142 | } |
||
143 | |||
144 | function sessao_write( $aKey, $aVal ) |
||
145 | { |
||
146 | global $mysql_zugangsdaten; |
||
147 | |||
148 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
||
149 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
||
150 | |||
151 | mysql_query("UPDATE `".$mysql_zugangsdaten['praefix']."sessions` SET `DataValue` = '".ib_encrypt($aVal, $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort'])."', `LastUpdated` = NOW() WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
||
152 | |||
153 | @mysql_close($ib_conn); |
||
154 | |||
155 | return True; |
||
156 | } |
||
157 | |||
158 | function sessao_destroy( $aKey ) |
||
159 | { |
||
160 | global $mysql_zugangsdaten; |
||
161 | |||
162 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
||
163 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
||
164 | |||
165 | mysql_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
||
166 | if (mysql_affected_rows() > 0) |
||
167 | mysql_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
||
168 | |||
169 | @mysql_close($ib_conn); |
||
170 | |||
171 | return True; |
||
172 | } |
||
173 | |||
174 | function sessao_gc( $aMaxLifeTime ) |
||
175 | { |
||
176 | global $mysql_zugangsdaten; |
||
177 | |||
178 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
||
179 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
||
180 | |||
181 | mysql_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`LastUpdated`) > ".mysql_real_escape_string($aMaxLifeTime)); |
||
182 | if (mysql_affected_rows() > 0) |
||
183 | mysql_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
||
184 | |||
185 | @mysql_close($ib_conn); |
||
186 | |||
187 | return True; |
||
188 | } |
||
189 | |||
190 | @session_set_save_handler("sessao_open", "sessao_close", "sessao_read", "sessao_write", "sessao_destroy", "sessao_gc"); |
||
191 | |||
192 | @session_name($ib_session_name); |
||
193 | @session_start(); |
||
194 | |||
14 | daniel-mar | 195 | if ((isset($_SESSION['wb_user_type'])) && ($_SESSION['wb_user_type'] == '')) |
2 | daniel-mar | 196 | { |
197 | die('<script language="JavaScript"> |
||
198 | <!-- |
||
3 | daniel-mar | 199 | alert("Sie sind nicht mehr in Personal WebBase eingeloggt!"); |
2 | daniel-mar | 200 | parent.window.close(); |
201 | // --> |
||
202 | </script>'); |
||
203 | |||
204 | } |
||
205 | |||
206 | if (version_compare(PHP_VERSION, '5.1.2', 'lt') && isset($_COOKIE[$session_name]) && eregi("\r|\n", $_COOKIE[$session_name])) |
||
207 | { |
||
208 | die('Angriff'); |
||
209 | } |
||
210 | |||
211 | // http://lists.phpbar.de/pipermail/php/Week-of-Mon-20040322/007749.html |
||
212 | // Entnommen von functions.inc.php |
||
213 | |||
214 | function fetchip() |
||
215 | { |
||
216 | $client_ip = (isset($_SERVER['HTTP_CLIENT_IP'])) ? $_SERVER['HTTP_CLIENT_IP'] : ''; |
||
217 | $x_forwarded_for = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; |
||
218 | $remote_addr = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : ''; |
||
219 | |||
220 | if (!empty($client_ip)) |
||
221 | { |
||
222 | $ip_expl = explode('.',$client_ip); |
||
223 | $referer = explode('.',$remote_addr); |
||
224 | if($referer[0] != $ip_expl[0]) |
||
225 | { |
||
226 | $ip=array_reverse($ip_expl); |
||
227 | $return=implode('.',$ip); |
||
228 | } |
||
229 | else |
||
230 | { |
||
231 | $return = $client_ip; |
||
232 | } |
||
233 | } |
||
234 | else if (!empty($x_forwarded_for)) |
||
235 | { |
||
236 | if(strstr($x_forwarded_for,',')) |
||
237 | { |
||
238 | $ip_expl = explode(',',$x_forwarded_for); |
||
239 | $return = end($ip_expl); |
||
240 | } |
||
241 | else |
||
242 | { |
||
243 | $return = $x_forwarded_for; |
||
244 | } |
||
245 | } |
||
246 | else |
||
247 | { |
||
248 | $return = $remote_addr; |
||
249 | } |
||
250 | unset ($client_ip, $x_forwarded_for, $remote_addr, $ip_expl); |
||
251 | return $return; |
||
252 | } |
||
253 | |||
254 | $usedns = TRUE; |
||
255 | |||
256 | $useragent = $_SERVER['HTTP_USER_AGENT']; |
||
257 | $host = fetchip(); |
||
258 | |||
259 | if ($usedns) // <- war im Originalen $global['dns']... was soll das sein?! |
||
260 | $dns = @gethostbyaddr($host); |
||
261 | else |
||
262 | $dns = $host; |
||
263 | |||
264 | if ((isset($_SESSION['session_secured'])) && ($_SESSION['session_secured'])) |
||
265 | { |
||
266 | if ( |
||
267 | (($_SESSION['host'] != $host) && !$usedns) |
||
268 | || ($_SESSION['dns'] != $dns) |
||
269 | || ($_SESSION['useragent'] != $useragent) |
||
270 | ) { |
||
271 | session_regenerate_id(); |
||
272 | session_unset(); |
||
273 | } |
||
274 | } else { |
||
275 | $_SESSION['host'] = $host; |
||
276 | $_SESSION['dns'] = $dns; |
||
277 | $_SESSION['useragent'] = $useragent; |
||
278 | $_SESSION['session_secured'] = 1; |
||
279 | } |
||
280 | |||
281 | |||
282 | |||
283 | |||
284 | |||
285 | |||
286 | |||
287 | /* |
||
288 | |||
289 | |||
290 | |||
291 | |||
292 | |||
293 | |||
294 | |||
295 | |||
296 | |||
297 | |||
298 | // verify if PHP supports session, die if it does not |
||
299 | |||
300 | if (!@function_exists('session_name')) { |
||
301 | $cfg = array('DefaultLang' => 'en-iso-8859-1', |
||
302 | 'AllowAnywhereRecoding' => false); |
||
303 | // Loads the language file |
||
304 | require_once('./libraries/select_lang.lib.php'); |
||
305 | // Displays the error message |
||
306 | // (do not use & for parameters sent by header) |
||
307 | header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php' |
||
308 | . '?lang=' . urlencode($available_languages[$lang][2]) |
||
309 | . '&dir=' . urlencode($text_dir) |
||
310 | . '&type=' . urlencode($strError) |
||
311 | . '&error=' . urlencode(sprintf($strCantLoad, 'session'))); |
||
312 | exit(); |
||
313 | } elseif (ini_get('session.auto_start') == true && session_name() != 'phpMyAdmin') { |
||
314 | $_SESSION = array(); |
||
315 | if (isset($_COOKIE[session_name()])) { |
||
316 | PMA_removeCookie(session_name()); |
||
317 | } |
||
318 | session_unset(); |
||
319 | @session_destroy(); |
||
320 | } |
||
321 | |||
322 | // disable starting of sessions before all settings are done |
||
323 | // does not work, besides how it is written in php manual |
||
324 | //ini_set('session.auto_start', 0); |
||
325 | |||
326 | // session cookie settings |
||
327 | session_set_cookie_params(0, PMA_Config::getCookiePath() . '; HttpOnly', |
||
328 | '', PMA_Config::isHttps()); |
||
329 | |||
330 | // cookies are safer |
||
331 | ini_set('session.use_cookies', true); |
||
332 | |||
333 | // but not all user allow cookies |
||
334 | ini_set('session.use_only_cookies', false); |
||
335 | ini_set('session.use_trans_sid', true); |
||
336 | ini_set('url_rewriter.tags', |
||
337 | 'a=href,frame=src,input=src,form=fakeentry,fieldset='); |
||
338 | //ini_set('arg_separator.output', '&'); |
||
339 | |||
340 | // delete session/cookies when browser is closed |
||
341 | ini_set('session.cookie_lifetime', 0); |
||
342 | |||
343 | // warn but dont work with bug |
||
344 | ini_set('session.bug_compat_42', false); |
||
345 | ini_set('session.bug_compat_warn', true); |
||
346 | |||
347 | // use more secure session ids (with PHP 5) |
||
348 | if (version_compare(PHP_VERSION, '5.0.0', 'ge') |
||
349 | && substr(PHP_OS, 0, 3) != 'WIN') { |
||
350 | ini_set('session.hash_function', 1); |
||
351 | ini_set('session.hash_bits_per_character', 6); |
||
352 | } |
||
353 | |||
354 | // some pages (e.g. stylesheet) may be cached on clients, but not in shared |
||
355 | // proxy servers |
||
356 | session_cache_limiter('private'); |
||
357 | |||
358 | // start the session |
||
359 | // on some servers (for example, sourceforge.net), we get a permission error |
||
360 | // on the session data directory, so I add some "@" |
||
361 | |||
362 | // See bug #1538132. This would block normal behavior on a cluster |
||
363 | //ini_set('session.save_handler', 'files'); |
||
364 | |||
365 | $session_name = 'phpMyAdmin'; |
||
366 | @session_name($session_name); |
||
367 | // strictly, PHP 4 since 4.4.2 would not need a verification |
||
368 | if (version_compare(PHP_VERSION, '5.1.2', 'lt') |
||
369 | && isset($_COOKIE[$session_name]) |
||
370 | && eregi("\r|\n", $_COOKIE[$session_name])) { |
||
371 | die('attacked'); |
||
372 | } |
||
373 | |||
374 | if (! isset($_COOKIE[$session_name])) { |
||
375 | // on first start of session we will check for errors |
||
376 | // f.e. session dir cannot be accessed - session file not created |
||
377 | ob_start(); |
||
378 | $old_display_errors = ini_get('display_errors'); |
||
379 | $old_error_reporting = error_reporting(E_ALL); |
||
380 | ini_set('display_errors', 1); |
||
381 | $r = session_start(); |
||
382 | ini_set('display_errors', $old_display_errors); |
||
383 | error_reporting($old_error_reporting); |
||
384 | unset($old_display_errors, $old_error_reporting); |
||
385 | $session_error = ob_get_contents(); |
||
386 | ob_end_clean(); |
||
387 | if ($r !== true || ! empty($session_error)) { |
||
388 | setcookie($session_name, '', 1); |
||
389 | $cfg = array('DefaultLang' => 'en-iso-8859-1', |
||
390 | 'AllowAnywhereRecoding' => false); |
||
391 | // Loads the language file |
||
392 | require_once './libraries/select_lang.lib.php'; |
||
393 | // Displays the error message |
||
394 | // (do not use & for parameters sent by header) |
||
395 | header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php' |
||
396 | . '?lang=' . urlencode($available_languages[$lang][2]) |
||
397 | . '&dir=' . urlencode($text_dir) |
||
398 | . '&type=' . urlencode($strError) |
||
399 | . '&error=' . urlencode($strSessionStartupErrorGeneral)); |
||
400 | exit(); |
||
401 | } |
||
402 | } else { |
||
403 | @session_start(); |
||
404 | } |
||
405 | |||
406 | |||
407 | |||
408 | |||
409 | */ |
||
410 | |||
411 | |||
412 | |||
413 | |||
414 | /** |
||
415 | * Token which is used for authenticating access queries. |
||
416 | * (we use "space PMA_token space" to prevent overwriting) |
||
417 | */ |
||
418 | if (!isset($_SESSION[' PMA_token '])) { |
||
419 | $_SESSION[' PMA_token '] = md5(uniqid(rand(), true)); |
||
420 | } |
||
421 | |||
422 | /** |
||
423 | * tries to secure session from hijacking and fixation |
||
424 | * should be called before login and after successfull login |
||
425 | * (only required if sensitive information stored in session) |
||
426 | * |
||
427 | * @uses session_regenerate_id() to secure session from fixation |
||
428 | * @uses session_id() to set new session id |
||
429 | * @uses strip_tags() to prevent XSS attacks in SID |
||
430 | * @uses function_exists() for session_regenerate_id() |
||
431 | */ |
||
432 | function PMA_secureSession() |
||
433 | { |
||
434 | // prevent session fixation and XSS |
||
435 | /* if (function_exists('session_regenerate_id')) { |
||
436 | session_regenerate_id(true); |
||
437 | } else { |
||
438 | session_id(strip_tags(session_id())); |
||
439 | } */ |
||
440 | } |
||
441 | ?> |