From a6327a16ad6f3493e07c5e421ed10700458754bf Mon Sep 17 00:00:00 2001
From: fbsanchez <fborja.sanchez@artica.es>
Date: Mon, 1 Jul 2019 12:46:09 +0200
Subject: [PATCH] Session expiration ignoring notifications checks

---
 pandora_console/ajax.php                     |  55 +++++---
 pandora_console/include/functions_config.php |  12 +-
 pandora_console/include/load_session.php     | 130 ++++++++++++++++---
 3 files changed, 159 insertions(+), 38 deletions(-)

diff --git a/pandora_console/ajax.php b/pandora_console/ajax.php
index 92f6c146bc..beb07e7752 100644
--- a/pandora_console/ajax.php
+++ b/pandora_console/ajax.php
@@ -1,17 +1,34 @@
 <?php
+/**
+ * Ajax handler.
+ *
+ * @category   Ajax handler.
+ * @package    Pandora FMS.
+ * @subpackage OpenSource.
+ * @version    1.0.0
+ * @license    See below
+ *
+ *    ______                 ___                    _______ _______ ________
+ *   |   __ \.-----.--.--.--|  |.-----.----.-----. |    ___|   |   |     __|
+ *  |    __/|  _  |     |  _  ||  _  |   _|  _  | |    ___|       |__     |
+ * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
+ *
+ * ============================================================================
+ * Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
+ * Please see http://pandorafms.org for full contribution list
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation for version 2.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * ============================================================================
+ */
+
+// Begin.
+define('AJAX', true);
 
-// Pandora FMS - http://pandorafms.com
-// ==================================================
-// Copyright (c) 2005-2011 Artica Soluciones Tecnologicas
-// Please see http://pandorafms.org for full contribution list
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public License
-// as published by the Free Software Foundation; version 2
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-// Enable profiler for testing
 if (!defined('__PAN_XHPROF__')) {
     define('__PAN_XHPROF__', 0);
 }
@@ -56,7 +73,7 @@ if (isset($_GET['loginhash'])) {
 
 $public_hash = get_parameter('hash', false);
 
-// Check user
+// Check user.
 if ($public_hash == false) {
     check_login();
 } else {
@@ -68,9 +85,9 @@ if ($public_hash == false) {
     }
 }
 
-define('AJAX', true);
 
-// Enterprise support
+
+// Enterprise support.
 if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php')) {
     include_once ENTERPRISE_DIR.'/load_enterprise.php';
 }
@@ -86,11 +103,9 @@ if ($isFunctionSkins !== ENTERPRISE_NOT_HOOK) {
     $config['relative_path'] = enterprise_hook('skins_set_image_skin_path', [$config['id_user']]);
 }
 
-if (isset($config['metaconsole'])) {
-    // Not cool way of know if we are executing from metaconsole or normal console
-    if ($config['metaconsole']) {
-        define('METACONSOLE', true);
-    }
+if (is_metaconsole()) {
+    // Backward compatibility.
+    define('METACONSOLE', true);
 }
 
 if (file_exists($page)) {
diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php
index 1d346f3b6d..9196168901 100644
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@@ -2879,7 +2879,17 @@ function config_prepare_session()
 
     // Reset the expiration time upon page load //session_name() is default name of session PHPSESSID.
     if (isset($_COOKIE[session_name()])) {
-        setcookie(session_name(), $_COOKIE[session_name()], (time() + $sessionCookieExpireTime), '/');
+        $update_cookie = true;
+        if (is_ajax()) {
+            // Avoid session upadte while processing ajax responses - notifications.
+            if (get_parameter('check_new_notifications', false)) {
+                $update_cookie = false;
+            }
+        }
+
+        if ($update_cookie === true) {
+            setcookie(session_name(), $_COOKIE[session_name()], (time() + $sessionCookieExpireTime), '/');
+        }
     }
 
     ini_set('post_max_size', $config['max_file_size']);
diff --git a/pandora_console/include/load_session.php b/pandora_console/include/load_session.php
index 22a7226a8f..99bae81244 100644
--- a/pandora_console/include/load_session.php
+++ b/pandora_console/include/load_session.php
@@ -1,32 +1,75 @@
 <?php
+/**
+ * Session manager.
+ *
+ * @category   Session handler.
+ * @package    Pandora FMS.
+ * @subpackage OpenSource.
+ * @version    1.0.0
+ * @license    See below
+ *
+ *    ______                 ___                    _______ _______ ________
+ *   |   __ \.-----.--.--.--|  |.-----.----.-----. |    ___|   |   |     __|
+ *  |    __/|  _  |     |  _  ||  _  |   _|  _  | |    ___|       |__     |
+ * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
+ *
+ * ============================================================================
+ * Copyright (c) 2005-2019 Artica Soluciones Tecnologicas
+ * Please see http://pandorafms.org for full contribution list
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation for version 2.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * ============================================================================
+ */
 
-// Pandora FMS - http://pandorafms.com
-// ==================================================
-// Copyright (c) 2005-2009 Artica Soluciones Tecnologicas
-// Please see http://pandorafms.org for full contribution list
-// This program is free software; you can redistribute it and/or
-// modify it under the terms of the  GNU Lesser General Public License
-// as published by the Free Software Foundation; version 2
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
+// Begin.
+
+
+/**
+ * Open session.
+ *
+ * @param string $save_path    Save path.
+ * @param string $session_name Session name.
+ *
+ * @return boolean
+ */
 function pandora_session_open($save_path, $session_name)
 {
     return true;
 }
 
 
+/**
+ * Close session.
+ *
+ * @return boolean
+ */
 function pandora_session_close()
 {
     return true;
 }
 
 
+/**
+ * Read a session.
+ *
+ * @param string $session_id Session ID.
+ *
+ * @return string Session data.
+ */
 function pandora_session_read($session_id)
 {
     $session_id = addslashes($session_id);
-    $session_data = db_get_value('data', 'tsessions_php', 'id_session', $session_id);
+    $session_data = db_get_value(
+        'data',
+        'tsessions_php',
+        'id_session',
+        $session_id
+    );
 
     if (!empty($session_data)) {
         return $session_data;
@@ -36,10 +79,25 @@ function pandora_session_read($session_id)
 }
 
 
+/**
+ * Write session data.
+ *
+ * @param string $session_id Session id.
+ * @param string $data       Data.
+ *
+ * @return boolean
+ */
 function pandora_session_write($session_id, $data)
 {
     $session_id = addslashes($session_id);
 
+    if (is_ajax()) {
+        // Avoid session upadte while processing ajax responses - notifications.
+        if (get_parameter('check_new_notifications', false)) {
+            return false;
+        }
+    }
+
     $values = [];
     $values['last_active'] = time();
 
@@ -47,29 +105,55 @@ function pandora_session_write($session_id, $data)
         $values['data'] = addslashes($data);
     }
 
-    $session_exists = (bool) db_get_value('COUNT(id_session)', 'tsessions_php', 'id_session', $session_id);
+    $session_exists = (bool) db_get_value(
+        'COUNT(id_session)',
+        'tsessions_php',
+        'id_session',
+        $session_id
+    );
 
     if (!$session_exists) {
         $values['id_session'] = $session_id;
         $retval_write = db_process_sql_insert('tsessions_php', $values);
     } else {
-        $retval_write = db_process_sql_update('tsessions_php', $values, ['id_session' => $session_id]);
+        $retval_write = db_process_sql_update(
+            'tsessions_php',
+            $values,
+            ['id_session' => $session_id]
+        );
     }
 
     return $retval_write !== false;
 }
 
 
+/**
+ * Destroy a session.
+ *
+ * @param string $session_id Session Id.
+ *
+ * @return boolean
+ */
 function pandora_session_destroy($session_id)
 {
     $session_id = addslashes($session_id);
 
-    $retval = (bool) db_process_sql_delete('tsessions_php', ['id_session' => $session_id]);
+    $retval = (bool) db_process_sql_delete(
+        'tsessions_php',
+        ['id_session' => $session_id]
+    );
 
     return $retval;
 }
 
 
+/**
+ * Session garbage collector.
+ *
+ * @param integer $max_lifetime Max lifetime.
+ *
+ * @return boolean.
+ */
 function pandora_session_gc($max_lifetime=300)
 {
     global $config;
@@ -80,7 +164,12 @@ function pandora_session_gc($max_lifetime=300)
 
     $time_limit = (time() - $max_lifetime);
 
-    $retval = (bool) db_process_sql_delete('tsessions_php', ['last_active' => '<'.$time_limit]);
+    $retval = (bool) db_process_sql_delete(
+        'tsessions_php',
+        [
+            'last_active' => '<'.$time_limit,
+        ]
+    );
 
     return $retval;
 }
@@ -88,5 +177,12 @@ function pandora_session_gc($max_lifetime=300)
 
 // FIXME: SAML should work with pandora session handlers
 if (db_get_value('value', 'tconfig', 'token', 'auth') != 'saml') {
-    $result_handler = session_set_save_handler('pandora_session_open', 'pandora_session_close', 'pandora_session_read', 'pandora_session_write', 'pandora_session_destroy', 'pandora_session_gc');
+    $result_handler = session_set_save_handler(
+        'pandora_session_open',
+        'pandora_session_close',
+        'pandora_session_read',
+        'pandora_session_write',
+        'pandora_session_destroy',
+        'pandora_session_gc'
+    );
 }