Commit 15dcb2ec authored by Ad Schellevis's avatar Ad Schellevis

use php session_status to check for active session ( >= php 5.4 )

parent f8e25189
......@@ -1333,8 +1333,9 @@ function session_auth() {
true
);
if (!session_id())
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
// Detect protocol change
if (!isset($_POST['login']) && !empty($_SESSION['Logged_In']) && $_SESSION['protocol'] != $config['system']['webgui']['protocol'])
......
......@@ -466,8 +466,8 @@ function write_config($desc = 'Unknown', $backup = true)
$config_xml = '/conf/config.xml';
if (!empty($_SERVER['REMOTE_ADDR'])) {
if (!session_id()) {
@session_start();
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
if (!empty($_SESSION['Username']) && ($_SESSION['Username'] != 'root')) {
$user = getUserEntry($_SESSION['Username']);
......
......@@ -347,7 +347,7 @@ function csrf_conf($key, $val) {
* Starts a session if we're allowed to.
*/
function csrf_start() {
if ($GLOBALS['csrf']['auto-session'] && !session_id()) {
if ($GLOBALS['csrf']['auto-session'] && session_status() == PHP_SESSION_NONE) {
session_start();
}
}
......
......@@ -146,8 +146,9 @@ if ($_GET['act'] == "del") {
}
if (!$input_errors) {
if (!session_id())
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$user = getUserEntry($_SESSION['Username']);
if (is_array($user) && userHasPrivilege($user, "user-config-readonly")) {
header("Location: firewall_virtual_ip.php");
......
......@@ -35,8 +35,9 @@ function getHeadJS() {
var input_errors = '';
jQuery(document).ready(init);
";
if (!session_id())
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$_SESSION['NO_AJAX'] == "True" ? $noajax = "var noAjaxOnSubmit = true;" : $noajax = "var noAjaxOnSubmit = false;";
session_write_close();
......
......@@ -44,8 +44,9 @@ if (isset($_POST['save'])) {
$input_errors[] = gettext("The passwords do not match.");
if (!$input_errors) {
if (!session_id())
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
// all values are okay --> saving changes
$config['system']['user'][$userindex[$_SESSION['Username']]]['password'] = crypt($_POST['passwordfld1'], '$6$');
local_user_set($config['system']['user'][$userindex[$_SESSION['Username']]]);
......@@ -57,8 +58,9 @@ if (isset($_POST['save'])) {
}
}
if (!session_id())
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
/* determine if user is not local to system */
$islocal = false;
......@@ -103,8 +105,9 @@ include("head.inc");
<div class="table-responsive">
<table class="table table-striped table-sort">
<tr>
<?php if (!session_id())
<?php if (session_status() == PHP_SESSION_NONE) {
session_start();
}
?>
<td colspan="2" valign="top" class="listtopic"><?=$_SESSION['Username']?>'s <?=gettext("Password"); ?></td>
<?php session_write_close(); ?>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment