Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-21 15:56:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

* [ADD] New classes to improve performance and code readability.

Browse Source 
* [ADD] Security enhancement for master password in session.
* [MOD] Minor UI tweaks.
* [MOD] Improved config handling.
* [MOD] Code cleaning.
* [FIX] Accounts' main group were not set when the user hadn't enough privileges.
* [FIX] Accounts restoration didn't restore the account's main group.
This commit is contained in:
nuxsmin
2015-10-06 19:27:49 +02:00
parent e6d2d6a34d
commit 8538ba3dfc
86 changed files with 2526 additions and 2005 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
inc/Init.class.php
View File

@@ -482,7 +482,7 @@ class Init
$update = false;
$configVersion = (int)str_replace('.', '', Config::getValue('version'));
$databaseVersion = (int)str_replace('.', '', Config::getConfigDbValue('version'));
$databaseVersion = (int)str_replace('.', '', ConfigDB::getValue('version'));
$appVersion = (int)implode(Util::getVersion(true));
if ($databaseVersion < $appVersion
@@ -503,9 +503,9 @@ class Init
if ($action === 'upgrade' && $hash === Config::getValue('upgrade_key', 0)) {
if (Upgrade::doUpgrade($databaseVersion)) {
Config::setConfigDbValue('version', $appVersion);
ConfigDB::setValue('version', $appVersion);
Config::setValue('maintenance', false);
Config::deleteKey('upgrade_key');
Config::deleteParam('upgrade_key');
$update = true;
}
} else {
@@ -544,17 +544,6 @@ class Init
{
$sessionLifeTime = self::getSessionLifeTime();
// Regenerar el Id de sesión periódicamente para evitar fijación
if (Session::getSidStartTime() === 0) {
Session::setSidStartTime(time());
Session::setStartActivity(time());
} else if (Session::getUserId() && time() - Session::getSidStartTime() > $sessionLifeTime / 2) {
session_regenerate_id(true);
Session::setSidStartTime(time());
// Recargar los permisos del perfil de usuario
Session::setUserProfile(Profile::getProfile(Session::getUserProfileId()));
}
// Timeout de sesión
if (Session::getLastActivity() && (time() - Session::getLastActivity() > $sessionLifeTime)) {
if (isset($_COOKIE[session_name()])) {
@@ -566,6 +555,21 @@ class Init
session_unset();
session_destroy();
session_start();
return;
}
// Regenerar el Id de sesión periódicamente para evitar fijación
if (Session::getSidStartTime() === 0) {
Session::setSidStartTime(time());
Session::setStartActivity(time());
} else if (Session::getUserId() && time() - Session::getSidStartTime() > $sessionLifeTime / 2) {
$sessionMPass = SessionUtil::getSessionMPass();
session_regenerate_id(true);
Session::setSidStartTime(time());
// Recargar los permisos del perfil de usuario
Session::setUserProfile(Profile::getProfile(Session::getUserProfileId()));
// Regenerar la clave maestra
SessionUtil::saveSessionMPass($sessionMPass);
}
Session::setLastActivity(time());