From e86a21bd83a0ae6cadfe9c919582951f306d3b64 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Fri, 06 Jan 2012 05:55:07 -0500
Subject: [PATCH] - Fix typo in timezone handling, more exception catching

---
 program/include/rcube_session.php |   80 ++++++++++++++++++++++++++-------------
 1 files changed, 53 insertions(+), 27 deletions(-)

diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php
index a635010..7b2b2dc 100644
--- a/program/include/rcube_session.php
+++ b/program/include/rcube_session.php
@@ -6,6 +6,7 @@
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
  | Copyright (C) 2005-2011, The Roundcube Dev Team                       |
+ | Copyright (C) 2011, Kolab Systems AG                                  |
  | Licensed under the GNU GPL                                            |
  |                                                                       |
  | PURPOSE:                                                              |
@@ -42,6 +43,7 @@
   private $prev;
   private $secret = '';
   private $ip_check = false;
+  private $logging = false;
   private $keep_alive = 0;
   private $memcache;
 
@@ -50,9 +52,10 @@
    */
   public function __construct($db, $config)
   {
-    $this->db = $db;
-    $this->start = microtime(true);
-    $this->ip = $_SERVER['REMOTE_ADDR'];
+    $this->db      = $db;
+    $this->start   = microtime(true);
+    $this->ip      = $_SERVER['REMOTE_ADDR'];
+    $this->logging = $config->get('log_session', false);
 
     $lifetime = $config->get('session_lifetime', 1) * 60;
     $this->set_lifetime($lifetime);
@@ -123,10 +126,10 @@
   public function db_read($key)
   {
     $sql_result = $this->db->query(
-      "SELECT vars, ip, changed FROM ".get_table_name('session')." WHERE sess_id = ?",
-      $key);
+      "SELECT vars, ip, changed FROM ".get_table_name('session')
+      ." WHERE sess_id = ?", $key);
 
-    if ($sql_arr = $this->db->fetch_assoc($sql_result)) {
+    if ($sql_result && ($sql_arr = $this->db->fetch_assoc($sql_result))) {
       $this->changed = strtotime($sql_arr['changed']);
       $this->ip      = $sql_arr['ip'];
       $this->vars    = base64_decode($sql_arr['vars']);
@@ -153,10 +156,15 @@
     $ts = microtime(true);
     $now = $this->db->fromunixtime((int)$ts);
 
+    // no session row in DB (db_read() returns false)
+    if (!$this->key) {
+      $oldvars = false;
+    }
     // use internal data from read() for fast requests (up to 0.5 sec.)
-    if ($key == $this->key && (!$this->vars || $ts - $this->start < 0.5)) {
+    else if ($key == $this->key && (!$this->vars || $ts - $this->start < 0.5)) {
       $oldvars = $this->vars;
-    } else { // else read data again from DB
+    }
+    else { // else read data again from DB
       $oldvars = $this->db_read($key);
     }
 
@@ -190,8 +198,6 @@
    */
   private function _fixvars($vars, $oldvars)
   {
-    $ts = microtime(true);
-
     if ($oldvars !== false) {
       $a_oldvars = $this->unserialize($oldvars);
       if (is_array($a_oldvars)) {
@@ -279,8 +285,11 @@
   {
     $ts = microtime(true);
 
+    // no session data in cache (mc_read() returns false)
+    if (!$this->key)
+      $oldvars = false;
     // use internal data for fast requests (up to 0.5 sec.)
-    if ($key == $this->key && (!$this->vars || $ts - $this->start < 0.5))
+    else if ($key == $this->key && (!$this->vars || $ts - $this->start < 0.5))
       $oldvars = $this->vars;
     else // else read data again
       $oldvars = $this->mc_read($key);
@@ -311,20 +320,7 @@
   public function gc()
   {
     foreach ($this->gc_handlers as $fct)
-      $fct();
-  }
-
-
-  /**
-   * Cleanup session data before saving
-   */
-  public function cleanup()
-  {
-    // current compose information is stored in $_SESSION['compose'], move it to $_SESSION['compose_data']
-    if ($_SESSION['compose']) {
-      $_SESSION['compose_data'][$_SESSION['compose']['id']] = $_SESSION['compose'];
-      $this->remove('compose');
-    }
+      call_user_func($fct);
   }
 
 
@@ -381,6 +377,21 @@
     $this->vars = false;
     $this->destroy(session_id());
     rcmail::setcookie($this->cookiename, '-del-', time() - 60);
+  }
+
+
+  /**
+   * Re-read session data from storage backend
+   */
+  public function reload()
+  {
+    if ($this->key && $this->memcache)
+      $data = $this->mc_read($this->key);
+    else if ($this->key)
+      $data = $this->db_read($this->key);
+
+    if ($data)
+     session_decode($data);
   }
 
 
@@ -565,12 +576,18 @@
     $this->cookie = $_COOKIE[$this->cookiename];
     $result = $this->ip_check ? $_SERVER['REMOTE_ADDR'] == $this->ip : true;
 
+    if (!$result)
+      $this->log("IP check failed for " . $this->key . "; expected " . $this->ip . "; got " . $_SERVER['REMOTE_ADDR']);
+
     if ($result && $this->_mkcookie($this->now) != $this->cookie) {
       // Check if using id from previous time slot
-      if ($this->_mkcookie($this->prev) == $this->cookie)
+      if ($this->_mkcookie($this->prev) == $this->cookie) {
         $this->set_auth_cookie();
-      else
+      }
+      else {
         $result = false;
+        $this->log("Session authentication failed for " . $this->key . "; invalid auth cookie sent");
+      }
     }
 
     return $result;
@@ -598,5 +615,14 @@
     $auth_string = "$this->key,$this->secret,$timeslot";
     return "S" . (function_exists('sha1') ? sha1($auth_string) : md5($auth_string));
   }
+  
+  /**
+   * 
+   */
+  function log($line)
+  {
+    if ($this->logging)
+      write_log('session', $line);
+  }
 
 }

--
Gitblit v1.9.1