From a7f748b7be14019c305b3379711b0c4803058965 Mon Sep 17 00:00:00 2001
From: Vanessa Gil <vanessa.gil@artica.es>
Date: Mon, 13 Apr 2015 11:27:23 +0200
Subject: [PATCH] Ticket #1354.

---
 pandora_console/ajax.php                      |  5 +-
 .../pandoradb_migrate_5.1_to_6.0.mysql.sql    | 10 +++
 .../pandoradb_migrate_5.1_to_6.0.oracle.sql   |  9 ++
 ...andoradb_migrate_5.1_to_6.0.postgreSQL.sql |  9 ++
 pandora_console/godmode/setup/setup_auth.php  |  7 ++
 pandora_console/include/config_process.php    |  5 ++
 pandora_console/include/functions_config.php  | 23 +++++
 pandora_console/include/load_session.php      | 89 +++++++++++++++++++
 pandora_console/pandoradb.oracle.sql          |  9 ++
 pandora_console/pandoradb.postgreSQL.sql      |  9 ++
 pandora_console/pandoradb.sql                 | 10 +++
 11 files changed, 184 insertions(+), 1 deletion(-)
 create mode 100644 pandora_console/include/load_session.php

diff --git a/pandora_console/ajax.php b/pandora_console/ajax.php
index 979248003a..d7d51a453c 100644
--- a/pandora_console/ajax.php
+++ b/pandora_console/ajax.php
@@ -24,7 +24,10 @@ require_once ('include/functions_db.php');
 require_once ('include/auth/mysql.php');
 
 // Real start
-session_start ();
+
+if (session_id() == '') {
+	session_start();
+}
 
 // Hash login process
 if (isset ($_GET["loginhash"])) {
diff --git a/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.mysql.sql b/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.mysql.sql
index f51651480a..459e04b1df 100755
--- a/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.mysql.sql
+++ b/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.mysql.sql
@@ -84,3 +84,13 @@ ALTER TABLE `tperfil` ADD COLUMN `vconsole_management` tinyint(1) NOT NULL DEFAU
 UPDATE `tperfil` SET `map_view` = 1, `vconsole_view` = 1 WHERE `report_view` = 1;
 UPDATE `tperfil` SET `map_edit` = 1, `vconsole_edit` = 1 WHERE `report_edit` = 1;
 UPDATE `tperfil` SET `map_management` = 1, `vconsole_management` = 1 WHERE `report_management` = 1;
+
+-- ---------------------------------------------------------------------
+-- Table `tsessions_php`
+-- ---------------------------------------------------------------------
+CREATE TABLE tsessions_php (
+	`id_session` CHAR(52) NOT NULL,
+	`last_active` INTEGER NOT NULL,
+	`data` TEXT,
+	PRIMARY KEY (`id_session`)
+)ENGINE=InnoDB DEFAULT CHARSET=utf8;
diff --git a/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.oracle.sql b/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.oracle.sql
index 36ff8004e0..1edf86c129 100755
--- a/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.oracle.sql
+++ b/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.oracle.sql
@@ -84,3 +84,12 @@ ALTER TABLE tperfil ADD COLUMN vconsole_management NUMBER(1, 0) DEFAULT 0 NOT NU
 UPDATE tperfil SET map_view = 1, vconsole_view = 1 WHERE report_view = 1;
 UPDATE tperfil SET map_edit = 1, vconsole_edit = 1 WHERE report_edit = 1;
 UPDATE tperfil SET map_management = 1, vconsole_management = 1 WHERE report_management = 1;
+
+-- ---------------------------------------------------------------------
+-- Table tsessions_php
+-- ---------------------------------------------------------------------
+CREATE TABLE tsessions_php (
+	id_session VARCHAR2(52) NOT NULL PRIMARY KEY,
+	last_active NUMBER(20, 0) NOT NULL,
+	data CLOB default ''
+);
diff --git a/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.postgreSQL.sql b/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.postgreSQL.sql
index 3ca472b93c..154d65b308 100755
--- a/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.postgreSQL.sql
+++ b/pandora_console/extras/pandoradb_migrate_5.1_to_6.0.postgreSQL.sql
@@ -82,3 +82,12 @@ ALTER TABLE "tperfil" ADD COLUMN "vconsole_management" SMALLINT NOT NULL DEFAULT
 UPDATE "tperfil" SET "map_view" = 1, "vconsole_view" = 1 WHERE "report_view" = 1;
 UPDATE "tperfil" SET "map_edit" = 1, "vconsole_edit" = 1 WHERE "report_edit" = 1;
 UPDATE "tperfil" SET "map_management" = 1, "vconsole_management" = 1 WHERE "report_management" = 1;
+
+-- ---------------------------------------------------------------------
+-- Table tsessions_php
+-- ---------------------------------------------------------------------
+CREATE TABLE "tsessions_php" (
+	"id_session" SERIAL NOT NULL PRIMARY KEY,
+	"last_active" INTEGER NOT NULL,
+	"data" TEXT default ''
+);
diff --git a/pandora_console/godmode/setup/setup_auth.php b/pandora_console/godmode/setup/setup_auth.php
index 3a0998034b..1e7b0e34e1 100644
--- a/pandora_console/godmode/setup/setup_auth.php
+++ b/pandora_console/godmode/setup/setup_auth.php
@@ -117,6 +117,13 @@ $row[] = __('Yes') . '&nbsp;' .
 		$config_double_auth_enabled, true);
 $table->data[] = $row;
 
+$row_timeout = array();
+$row_timeout[] = __('Session timeout (mins)')
+	. ui_print_help_tip(__("This is defined in minutes"), true);
+if (empty($config["session_timeout"])) $config["session_timeout"] = 90;
+$row_timeout[] = html_print_input_text ('session_timeout', $config["session_timeout"], '', 10, 10, true);
+$table->data[] = $row_timeout;
+	
 echo '<form id="form_setup" method="post">';
 html_print_input_hidden ('update_config', 1);
 html_print_table ($table);
diff --git a/pandora_console/include/config_process.php b/pandora_console/include/config_process.php
index 1ceaff3c3a..495ae3a033 100644
--- a/pandora_console/include/config_process.php
+++ b/pandora_console/include/config_process.php
@@ -118,6 +118,11 @@ date_default_timezone_set("Europe/Madrid");
 
 config_process_config();
 
+config_prepare_session();
+require_once ($config["homedir"].'/include/load_session.php');
+$resultado = session_start();
+
+
 if (!isset($config["homeurl_static"])) {
 	$config["homeurl_static"] = $config["homeurl"];
 }
diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php
index ff4e4b1401..01de2fe9c1 100644
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@@ -325,6 +325,8 @@ function config_update_config () {
 						$error_update[] = __('Password');
 					if (!config_update_value ('double_auth_enabled', get_parameter ('double_auth_enabled')))
 						$error_update[] = __('Double authentication');
+					if (!config_update_value ('session_timeout', get_parameter ('session_timeout')))
+						$error_update[] = __('Session timeout');
 					/////////////
 					break;
 				case 'perf':
@@ -1312,6 +1314,10 @@ function config_process_config () {
 			"");
 	}
 	
+	if (!isset ($config["session_timeout"])) {
+		config_update_value ('session_timeout', 90);
+	}
+	
 	/* Finally, check if any value was overwritten in a form */
 	config_update_config();
 }
@@ -1525,4 +1531,21 @@ function config_user_set_custom_config() {
 		$config['metaconsole_access'] = $userinfo["metaconsole_access"];
 	}
 }
+
+function config_prepare_session() {
+	global $config;
+	
+	// Change the session timeout value to session_timeout minutes  // 8*60*60 = 8 hours
+	$sessionCookieExpireTime = $config["session_timeout"] * 60;
+	ini_set('session.gc_maxlifetime', $sessionCookieExpireTime);
+	session_set_cookie_params ($sessionCookieExpireTime);
+	
+	// Reset the expiration time upon page load //session_name() is default name of session PHPSESSID
+	
+	if (isset($_COOKIE[session_name()]))
+		setcookie(session_name(), $_COOKIE[session_name()], time() + $sessionCookieExpireTime, "/");
+	
+	ini_set("post_max_size",$config["max_file_size"]);
+	ini_set("upload_max_filesize",$config["max_file_size"]);
+}
 ?>
diff --git a/pandora_console/include/load_session.php b/pandora_console/include/load_session.php
new file mode 100644
index 0000000000..da9846fcab
--- /dev/null
+++ b/pandora_console/include/load_session.php
@@ -0,0 +1,89 @@
+<?php   
+
+// Pandora FMS - http://pandorafms.com
+// ==================================================
+// Copyright (c) 2005-2009 Artica Soluciones Tecnologicas
+// Please see http://pandorafms.org for full contribution list
+
+// This program is free software; you can redistribute it and/or
+// modify it under the terms of the  GNU Lesser General Public License
+// as published by the Free Software Foundation; version 2
+
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+
+function mysql_session_open ($save_path, $session_name) {
+	return true;
+} 
+
+function mysql_session_close() {
+	return true;
+} 
+
+function mysql_session_read ($SessionID) {        
+
+	$SessionID = addslashes($SessionID); 
+ 
+    $sql = "SELECT data FROM tsessions_php                   
+		WHERE id_session = '$SessionID'";
+	
+	$session_data = db_process_sql($sql);
+
+	if (count($session_data) == 1) {        
+		return $session_data[0]['data'];
+	} else {             
+		return false;         
+	}     
+} 
+
+function mysql_session_write ($SessionID, $val) {
+
+	$SessionID = addslashes($SessionID);         
+    $val = addslashes($val); 
+
+	$sql = "SELECT COUNT(*) FROM tsessions_php
+		WHERE id_session = '$SessionID'";
+		
+	$SessionExists = db_process_sql ($sql); 
+
+	$session_exists = $SessionExists[0]['COUNT(*)'];
+
+	if ($session_exists == 0) {
+		$now = time();
+		$retval_write = db_process_sql_insert ('tsessions_php', array('id_session'=>$SessionID, 'last_active'=>$now, 'data'=>$val));
+	} else {
+		$now = time();
+		$retval_write = db_process_sql_update ('tsessions_php', array('last_active'=>$now, 'data'=>$val), array('id_session'=>$SessionID));
+	} 
+
+	return $retval_write;     
+} 
+
+function mysql_session_destroy ($SessionID) {   
+    $SessionID = addslashes($SessionID); 
+
+    $retval = db_process_sql ("DELETE FROM tsessions_php 
+				WHERE id_session = '$SessionID'");
+	return $retval;
+} 
+
+function mysql_session_gc ($maxlifetime = 300) {
+	global $config;
+	
+	if (isset($config['session_timeout'])) {
+		$maxlifetime = $config['session_timeout'];
+	}
+ 
+	$CutoffTime = time() - $maxlifetime;
+	        
+	$retval = db_process_sql("DELETE FROM tsessions_php 
+			WHERE last_active < $CutoffTime");         
+	return $retval;
+}
+
+$resultado_handler = session_set_save_handler ('mysql_session_open', 'mysql_session_close', 'mysql_session_read', 'mysql_session_write', 'mysql_session_destroy', 'mysql_session_gc'); 
+
+?>
diff --git a/pandora_console/pandoradb.oracle.sql b/pandora_console/pandoradb.oracle.sql
index 57a9a8f871..85ea3bcbeb 100755
--- a/pandora_console/pandoradb.oracle.sql
+++ b/pandora_console/pandoradb.oracle.sql
@@ -1935,3 +1935,12 @@ CREATE TABLE  talert_snmp_action (
 	al_field9 CLOB default '' NOT NULL,
 	al_field10 CLOB default '' NOT NULL
 );
+
+-- ---------------------------------------------------------------------
+-- Table tsessions_php
+-- ---------------------------------------------------------------------
+CREATE TABLE tsessions_php (
+	id_session VARCHAR2(52) NOT NULL PRIMARY KEY,
+	last_active NUMBER(20, 0) NOT NULL,
+	data CLOB default ''
+);
diff --git a/pandora_console/pandoradb.postgreSQL.sql b/pandora_console/pandoradb.postgreSQL.sql
index 7d3ed285a8..3fcefb1bf1 100755
--- a/pandora_console/pandoradb.postgreSQL.sql
+++ b/pandora_console/pandoradb.postgreSQL.sql
@@ -1698,3 +1698,12 @@ CREATE TABLE  "talert_snmp_action" (
 	"al_field9" TEXT default '',
 	"al_field10" TEXT default ''
 );
+
+-- ---------------------------------------------------------------------
+-- Table tsessions_php
+-- ---------------------------------------------------------------------
+CREATE TABLE "tsessions_php" (
+	"id_session" SERIAL NOT NULL PRIMARY KEY,
+	"last_active" INTEGER NOT NULL,
+	"data" TEXT default ''
+);
diff --git a/pandora_console/pandoradb.sql b/pandora_console/pandoradb.sql
index 32fd2a49b0..9bbf46866d 100755
--- a/pandora_console/pandoradb.sql
+++ b/pandora_console/pandoradb.sql
@@ -1796,3 +1796,13 @@ CREATE TABLE  IF NOT EXISTS  `talert_snmp_action` (
 	`al_field10` text NOT NULL,
 	PRIMARY KEY  (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+-- ---------------------------------------------------------------------
+-- Table `tsessions_php`
+-- ---------------------------------------------------------------------
+CREATE TABLE tsessions_php (
+	`id_session` CHAR(52) NOT NULL,
+	`last_active` INTEGER NOT NULL,
+	`data` TEXT,
+	PRIMARY KEY (`id_session`)
+)ENGINE=InnoDB DEFAULT CHARSET=utf8;