From 82cd6022de7483d9e05b8a8f02100e5adb4e9f6e Mon Sep 17 00:00:00 2001 From: PiBa-NL Date: Mon, 27 Feb 2017 22:33:25 +0100 Subject: phpsessionmanager, this helps starting and committing the php session preventing other requests from being blocked longer than required. --- src/usr/local/www/csrf/csrf-magic.php | 4 +++- src/usr/local/www/firewall_virtual_ip.php | 7 +++---- src/usr/local/www/guiconfig.inc | 10 ++++++++-- src/usr/local/www/system_usermanager_passwordmg.php | 12 ++++-------- 4 files changed, 18 insertions(+), 15 deletions(-) (limited to 'src/usr/local/www') diff --git a/src/usr/local/www/csrf/csrf-magic.php b/src/usr/local/www/csrf/csrf-magic.php index 58f4eba..77a55fb 100644 --- a/src/usr/local/www/csrf/csrf-magic.php +++ b/src/usr/local/www/csrf/csrf-magic.php @@ -13,6 +13,8 @@ * This library is PHP4 and PHP5 compatible. */ +include_once('phpsessionmanager.inc'); + // CONFIGURATION: /** @@ -348,7 +350,7 @@ function csrf_conf($key, $val) { */ function csrf_start() { if ($GLOBALS['csrf']['auto-session'] && !session_id()) { - session_start(); + phpsession_begin(); } } diff --git a/src/usr/local/www/firewall_virtual_ip.php b/src/usr/local/www/firewall_virtual_ip.php index d4ea401..6660e38 100644 --- a/src/usr/local/www/firewall_virtual_ip.php +++ b/src/usr/local/www/firewall_virtual_ip.php @@ -191,17 +191,16 @@ if ($_POST['act'] == "del") { } if (!$input_errors) { - if (!session_id()) { - session_start(); - } + phpsession_begin(); $user = getUserEntry($_SESSION['Username']); if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) { header("Location: firewall_virtual_ip.php"); + phpsession_end(); exit; } + phpsession_end(); - session_commit(); // Special case since every proxyarp vip is handled by the same daemon. if ($a_vip[$_POST['id']]['mode'] == "proxyarp") { diff --git a/src/usr/local/www/guiconfig.inc b/src/usr/local/www/guiconfig.inc index 2fa69fe..e477be3 100644 --- a/src/usr/local/www/guiconfig.inc +++ b/src/usr/local/www/guiconfig.inc @@ -25,6 +25,7 @@ /* Include authentication routines */ /* THIS MUST BE ABOVE ALL OTHER CODE */ +include_once('phpsessionmanager.inc'); if (!$nocsrf) { function csrf_startup() { global $config; @@ -33,6 +34,9 @@ if (!$nocsrf) { csrf_conf('expires', $timeout_minutes * 60); } require_once("csrf/csrf-magic.php"); + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + phpsession_end(true); + } } /* make sure nothing is cached */ @@ -1212,18 +1216,20 @@ var_dump($content);die; } function set_flash_message($class, $msg) { - @session_start(); + @phpsession_begin(); $_SESSION['flash_messages'][$class][] = $msg; + @phpsession_end(true); } function get_flash_message() { - @session_start(); + @phpsession_begin(); if (isset($_SESSION['flash_messages']) && !empty($_SESSION['flash_messages'])) { foreach ($_SESSION['flash_messages'] as $class => $flash_message) { print_info_box(implode("
", $flash_message), $class); } unset($_SESSION['flash_messages']); } + @phpsession_end(true); } /* Retrieve GET or POST Value/State diff --git a/src/usr/local/www/system_usermanager_passwordmg.php b/src/usr/local/www/system_usermanager_passwordmg.php index 87cc791..9c81b02 100644 --- a/src/usr/local/www/system_usermanager_passwordmg.php +++ b/src/usr/local/www/system_usermanager_passwordmg.php @@ -45,16 +45,14 @@ if (isset($_POST['save'])) { } if (!$input_errors) { - if (!session_id()) { - session_start(); - } + phpsession_begin(); // all values are okay --> saving changes $userent =& $config['system']['user'][$userindex[$_SESSION['Username']]]; local_user_set_password($userent, $_POST['passwordfld1']); local_user_set($userent); unset($userent); - session_commit(); + phpsession_end(true); write_config(); @@ -62,9 +60,7 @@ if (isset($_POST['save'])) { } } -if (!session_id()) { - session_start(); -} +phpsession_begin(); /* determine if user is not local to system */ $islocal = false; @@ -74,7 +70,7 @@ foreach ($config['system']['user'] as $user) { } } -session_commit(); +phpsession_end(true); include("head.inc"); -- cgit v1.1