githubFork/roundcubemail.git

			@@ -1,6 +1,6 @@
			<?php

			/*
			/**
			+-----------------------------------------------------------------------+
			\| This file is part of the Roundcube Webmail client \|
			\| Copyright (C) 2005-2014, The Roundcube Dev Team \|
			@@ -15,7 +15,7 @@
			+-----------------------------------------------------------------------+
			\| Author: Thomas Bruederli <roundcube@gmail.com> \|
			\| Author: Aleksander Machniak <alec@alec.pl> \|
			\| Author: Cor Bosman <cor@roundcu.be> \|
			\| Author: Cor Bosman <cor@roundcu.be> \|
			+-----------------------------------------------------------------------+
			*/

			@@ -29,22 +29,23 @@
			*/
			abstract class rcube_session
			{
			protected $config;
			protected $key;
			protected $ip;
			protected $changed;
			protected $start;
			protected $time_diff = 0;
			protected $reloaded = false;
			protected $appends = array();
			protected $unsets = array();
			protected $gc_handlers = array();
			protected $cookiename = 'roundcube_sessauth';
			protected $vars;
			protected $now;
			protected $secret = '';
			protected $ip_check = false;
			protected $logging = false;
			protected $config;
			protected $time_diff = 0;
			protected $reloaded = false;
			protected $appends = array();
			protected $unsets = array();
			protected $gc_enabled = 0;
			protected $gc_handlers = array();
			protected $cookiename = 'roundcube_sessauth';
			protected $ip_check = false;
			protected $logging = false;


			/**
			* Blocks session data from being written to database.
			@@ -86,12 +87,6 @@
			{
			$this->config = $config;

			// register default gc handler
			$this->register_gc_handler(array($this, 'gc'));

			// set secret
			$this->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME']));

			// set ip check
			$this->set_ip_check($this->config->get('ip_check'));

			@@ -119,7 +114,6 @@
			);
			}


			/**
			* Wrapper for session_start()
			*/
			@@ -145,12 +139,12 @@
			abstract function write($key, $vars);
			abstract function update($key, $newvars, $oldvars);


			/**
			* session write handler. This calls the implementation methods for write/update after some initial checks.
			*
			* @param $key
			* @param $vars
			*
			* @return bool
			*/
			public function sess_write($key, $vars)
			@@ -171,7 +165,6 @@
			return $this->write($key, $vars);
			}
			}


			/**
			* Wrapper for session_write_close()
			@@ -245,7 +238,6 @@
			$this->gc_handlers[] = $func;
			}


			/**
			* Garbage collector handler to run on script shutdown
			*/
			@@ -257,7 +249,6 @@
			}
			}
			}


			/**
			* Generate and set new session id
			@@ -297,7 +288,6 @@
			return $cache;
			}


			/**
			* Append the given value to the certain node in the session data array
			*
			@@ -331,7 +321,6 @@
			unset($this->unsets[$path]);
			}


			/**
			* Unset a session variable
			*
			@@ -359,18 +348,16 @@
			return true;
			}


			/**
			* Kill this session
			*/
			public function kill()
			{
			$this->vars = null;
			$this->ip = rcube_utils::remote_addr(); // update IP (might have changed)
			$this->ip = rcube_utils::remote_addr(); // update IP (might have changed)
			$this->destroy(session_id());
			rcube_utils::setcookie($this->cookiename, '-del-', time() - 60);
			}


			/**
			* Re-read session data from storage backend
			@@ -446,7 +433,6 @@

			return $data;
			}


			/**
			* Unserialize session data
			@@ -546,7 +532,6 @@
			return unserialize( 'a:' . $items . ':{' . $serialized . '}' );
			}


			/**
			* Setter for session lifetime
			*/
			@@ -559,7 +544,6 @@
			$this->now = $now - ($now % ($this->lifetime / 2));
			}


			/**
			* Getter for remote IP saved with this session
			*/
			@@ -568,15 +552,23 @@
			return $this->ip;
			}


			/**
			* Setter for cookie encryption secret
			*/
			function set_secret($secret)
			function set_secret($secret = null)
			{
			$this->secret = $secret;
			}
			// generate random hash and store in session
			if (!$secret) {
			if (!empty($_SESSION['auth_secret'])) {
			$secret = $_SESSION['auth_secret'];
			}
			else {
			$secret = rcube_utils::random_bytes(strlen($this->key));
			}
			}

			$_SESSION['auth_secret'] = $secret;
			}

			/**
			* Enable/disable IP check
			@@ -585,7 +577,6 @@
			{
			$this->ip_check = $check;
			}


			/**
			* Setter for the cookie name used for session cookie
			@@ -596,7 +587,6 @@
			$this->cookiename = $cookiename;
			}
			}


			/**
			* Check session authentication cookie
			@@ -635,28 +625,30 @@
			return $result;
			}


			/**
			* Set session authentication cookie
			*/
			function set_auth_cookie()
			public function set_auth_cookie()
			{
			$this->cookie = $this->_mkcookie($this->now);
			rcube_utils::setcookie($this->cookiename, $this->cookie, 0);
			$_COOKIE[$this->cookiename] = $this->cookie;
			}


			/**
			* Create session cookie from session data
			* Create session cookie for specified time slot.
			*
			* @param int Time slot to use
			*
			* @return string
			*/
			function _mkcookie($timeslot)
			protected function _mkcookie($timeslot)
			{
			$auth_string = "$this->key,$this->secret,$timeslot";
			return "S" . (function_exists('sha1') ? sha1($auth_string) : md5($auth_string));
			// make sure the secret key exists
			$this->set_secret();

			// no need to hash this, it's just a random string
			return $_SESSION['auth_secret'] . '-' . $timeslot;
			}

			/**