PageRenderTime 40ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/modules/security/admin/security_session.php

https://gitlab.com/alexprowars/bitrix
PHP | 208 lines | 186 code | 18 blank | 4 comment | 26 complexity | 7d08fe33cb384d220b51d5ab880e2008 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. use Bitrix\Main\Config\Configuration;
    4. 

  4. use Bitrix\Main\Localization\Loc;
    5. 

  5. use Bitrix\Main\Session\Handlers\StrictSessionHandler;
    6. 

  6. use Bitrix\Main\Session\SessionConfigurationResolver;
    7. 

  7. 

  8. define("ADMIN_MODULE_NAME", "security");
    9. 

  9. 

  10. require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_before.php");
    11. 

  11. 

  12. CModule::IncludeModule('security');
    13. 

  13. IncludeModuleLangFile(__FILE__);
    14. 

  14. 

  15. /**
    16. 

  16.  * @global CMain $APPLICATION
    17. 

  17.  * @global CUser $USER
    18. 

  18.  */
    19. 

  19. $canRead = $USER->CanDoOperation('security_session_settings_read');
    20. 

  20. $canWrite = $USER->CanDoOperation('security_session_settings_write');
    21. 

  21. if(!$canRead && !$canWrite)
    22. 

  22. 	$APPLICATION->AuthForm(GetMessage("ACCESS_DENIED"));
    23. 

  23. 

  24. $aTabs = array(
    25. 

  25. 	array(
    26. 

  26. 		"DIV" => "savedb",
    27. 

  27. 		"TAB" => GetMessage("SEC_SESSION_ADMIN_SAVEDB_TAB_V2"),
    28. 

  28. 		"ICON"=>"main_user_edit",
    29. 

  29. 		"TITLE"=>GetMessage("SEC_SESSION_ADMIN_SAVEDB_TAB_TITLE_V2"),
    30. 

  30. 	),
    31. 

  31. 	array(
    32. 

  32. 		"DIV" => "sessid",
    33. 

  33. 		"TAB" => GetMessage("SEC_SESSION_ADMIN_SESSID_TAB"),
    34. 

  34. 		"ICON"=>"main_user_edit",
    35. 

  35. 		"TITLE"=>GetMessage("SEC_SESSION_ADMIN_SESSID_TAB_TITLE"),
    36. 

  36. 	),
    37. 

  37. );
    38. 

  38. $tabControl = new CAdminTabControl("tabControl", $aTabs, true, true);
    39. 

  39. 

  40. $returnUrl = $_GET["return_url"]? "&return_url=".urlencode($_GET["return_url"]): "";
    41. 

  41. 

  42. if(
    43. 

  43. 	$_SERVER['REQUEST_METHOD'] == "POST"
    44. 

  44. 	&& (
    45. 

  45. 		$_REQUEST['save'].$_REQUEST['apply'] != ""
    46. 

  46. 		|| $_REQUEST['sessid_ttl_off'].$_REQUEST['sessid_ttl_on'] != ""
    47. 

  47. 	)
    48. 

  48. 	&& $canWrite
    49. 

  49. 	&& check_bitrix_sessid()
    50. 

  50. )
    51. 

  51. {
    52. 

  52. 	$ttl = intval($_POST["sessid_ttl"]);
    53. 

  53. 	if($ttl <= 0)
    54. 

  54. 		$ttl = 60;
    55. 

  55. 	COption::SetOptionInt("main", "session_id_ttl", $ttl);
    56. 

  56. 

  57. 	if(array_key_exists("sessid_ttl_on", $_POST))
    58. 

  58. 	{
    59. 

  59. 		COption::SetOptionString("main", "use_session_id_ttl", "Y");
    60. 

  60. 	}
    61. 

  61. 	elseif(array_key_exists("sessid_ttl_off", $_POST))
    62. 

  62. 	{
    63. 

  63. 		COption::SetOptionString("main", "use_session_id_ttl", "N");
    64. 

  64. 	}
    65. 

  65. 

  66. 	if($_REQUEST["save"] != "" && $_GET["return_url"] != "")
    67. 

  67. 		LocalRedirect($_GET["return_url"]);
    68. 

  68. 	else
    69. 

  69. 		LocalRedirect("/bitrix/admin/security_session.php?lang=".LANGUAGE_ID.$returnUrl."&".$tabControl->ActiveTabParam());
    70. 

  70. }
    71. 

  71. 

  72. $APPLICATION->SetTitle(GetMessage("SEC_SESSION_ADMIN_TITLE"));
    73. 

  73. require($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_admin_after.php");
    74. 

  74. 

  75. $session = \Bitrix\Main\Application::getInstance()->getSession();
    76. 

  76. if (method_exists($session, 'getSessionHandler'))
    77. 

  77. {
    78. 

  78. 	$sessionHandler = $session->getSessionHandler();
    79. 

  79. }
    80. 

  80. else
    81. 

  81. {
    82. 

  82. 	$reflectionClass = new \ReflectionClass($session);
    83. 

  83. 	$reflectionProperty = $reflectionClass->getProperty('sessionHandler');
    84. 

  84. 	$reflectionProperty->setAccessible(true);
    85. 

  85. 	$sessionHandler = $reflectionProperty->getValue($session);
    86. 

  86. }
    87. 

  87. 

  88. $resolver = new SessionConfigurationResolver(Configuration::getInstance());
    89. 

  89. $sessionConfig = $resolver->getSessionConfig();
    90. 

  90. $generalHandlerType = $sessionConfig['handlers']['general']['type'] ?? null;
    91. 

  91. $sessionInFiles = $sessionHandler instanceof StrictSessionHandler;
    92. 

  92. 

  93. $showSecondMessage = true;
    94. 

  94. $messages = array();
    95. 

  95. if (!$sessionInFiles)
    96. 

  96. {
    97. 

  97. 	$messageType = "OK";
    98. 

  98. 	$nameOfStorage = Loc::getMessage("SEC_SESSION_ADMIN_STORAGE_NAME_TYPE_" . strtoupper($generalHandlerType));
    99. 

  99. 	$messageText = GetMessage("SEC_SESSION_ADMIN_STORAGE_WITH_SESSION_DATA", ['#NAME#' => $nameOfStorage]);
    100. 

  100. 

  101. 	if(COption::GetOptionString("main", "use_session_id_ttl") == "Y")
    102. 

  102. 	{
    103. 

  103. 		$messageText .= "<br>";
    104. 

  104. 		$messageText .= GetMessage("SEC_SESSION_ADMIN_SESSID_ON");
    105. 

  105. 		$showSecondMessage = false;
    106. 

  106. 	}
    107. 

  107. 	$messages[] = array("type" => $messageType, "text" => $messageText);
    108. 

  108. }
    109. 

  109. else
    110. 

  110. {
    111. 

  111. 	$messageType = "ERROR";
    112. 

  112. 	$messageText = GetMessage("SEC_SESSION_ADMIN_STORAGE_IN_FILES");
    113. 

  113. 	if(COption::GetOptionString("main", "use_session_id_ttl") != "Y")
    114. 

  114. 	{
    115. 

  115. 		$messageText .= "<br>";
    116. 

  116. 		$messageText .= GetMessage("SEC_SESSION_ADMIN_SESSID_OFF");
    117. 

  117. 		$showSecondMessage = false;
    118. 

  118. 	}
    119. 

  119. 	$messages[] = array("type" => $messageType, "text" => $messageText);
    120. 

  120. }
    121. 

  121. 

  122. if($showSecondMessage)
    123. 

  123. {
    124. 

  124. 	if(COption::GetOptionString("main", "use_session_id_ttl") == "Y")
    125. 

  125. 	{
    126. 

  126. 		$messages[] = array(
    127. 

  127. 			"type" => "OK",
    128. 

  128. 			"text" => GetMessage("SEC_SESSION_ADMIN_SESSID_ON")
    129. 

  129. 		);
    130. 

  130. 	}
    131. 

  131. 	else
    132. 

  132. 	{
    133. 

  133. 		$messages[] = array(
    134. 

  134. 			"type" => "ERROR",
    135. 

  135. 			"text" => GetMessage("SEC_SESSION_ADMIN_SESSID_OFF")
    136. 

  136. 		);
    137. 

  137. 	}
    138. 

  138. }
    139. 

  139. 

  140. foreach($messages as $message)
    141. 

  141. {
    142. 

  142. 	CAdminMessage::ShowMessage(array(
    143. 

  143. 				"MESSAGE" => $message["text"],
    144. 

  144. 				"TYPE" => $message["type"],
    145. 

  145. 				"HTML" => true
    146. 

  146. 			));
    147. 

  147. }
    148. 

  148. ?>
    149. 

  149. 

  150. <form method="POST" action="security_session.php?lang=<?=LANGUAGE_ID?><?=$returnUrl?>"  enctype="multipart/form-data" name="editform">
    151. 

  151. <?
    152. 

  152. $tabControl->Begin();
    153. 

  153. $tabControl->BeginNextTab();
    154. 

  154. ?>
    155. 

  155. <tr>
    156. 

  156. 	<td colspan="2">
    157. 

  157. 		<?echo BeginNote();?><?echo GetMessage("SEC_SESSION_ADMIN_DB_NOTE_V2")?>
    158. 

  158. 		<?echo EndNote(); ?>
    159. 

  159. 	</td>
    160. 

  160. </tr>
    161. 

  161. <tr>
    162. 

  162. 	<td colspan="2">
    163. 

  163. 		<?echo BeginNote();?><span style="color:red">*</span><?echo GetMessage("SEC_SESSION_ADMIN_DB_WARNING")?>
    164. 

  164. 		<?echo EndNote(); ?>
    165. 

  165. 	</td>
    166. 

  166. </tr>
    167. 

  167. <?
    168. 

  168. $tabControl->BeginNextTab();
    169. 

  169. ?>
    170. 

  170. <?if(COption::GetOptionString("main", "use_session_id_ttl") == "Y"):?>
    171. 

  171. 		<td colspan="2" align="left">
    172. 

  172. 			<input type="submit" name="sessid_ttl_off" value="<?echo GetMessage("SEC_SESSION_ADMIN_SESSID_BUTTON_OFF")?>"<?if(!$canWrite) echo " disabled"?>>
    173. 

  173. 		</td>
    174. 

  174. 	</tr>
    175. 

  175. <?else:?>
    176. 

  176. 	<tr>
    177. 

  177. 		<td colspan="2" align="left">
    178. 

  178. 			<input type="submit" name="sessid_ttl_on" value="<?echo GetMessage("SEC_SESSION_ADMIN_SESSID_BUTTON_ON")?>"<?if(!$canWrite) echo " disabled"?> class="adm-btn-save">
    179. 

  179. 		</td>
    180. 

  180. 	</tr>
    181. 

  181. <?endif;?>
    182. 

  182. <tr>
    183. 

  183. 	<td width="40%"><?echo GetMessage("SEC_SESSION_ADMIN_SESSID_TTL")?>:</td>
    184. 

  184. 	<td width="60%"><input type="text" name="sessid_ttl" size="6" value="<?echo COption::GetOptionInt("main", "session_id_ttl", 60)?>"></td>
    185. 

  185. </tr>
    186. 

  186. <tr>
    187. 

  187. 	<td colspan="2">
    188. 

  188. 		<?echo BeginNote();?><?echo GetMessage("SEC_SESSION_ADMIN_SESSID_NOTE")?>
    189. 

  189. 		<?echo EndNote(); ?>
    190. 

  190. 	</td>
    191. 

  191. </tr>
    192. 

  192. <?
    193. 

  193. $tabControl->Buttons(
    194. 

  194. 	array(
    195. 

  195. 		"disabled"=>(!$canWrite),
    196. 

  196. 		"back_url"=>$_GET["return_url"]? $_GET["return_url"]: "security_session.php?lang=".LANG,
    197. 

  197. 	)
    198. 

  198. );
    199. 

  199. ?>
    200. 

  200. <?echo bitrix_sessid_post();?>
    201. 

  201. <input type="hidden" name="lang" value="<?echo LANG?>">
    202. 

  202. <?
    203. 

  203. $tabControl->End();
    204. 

  204. ?>
    205. 

  205. </form>
    206. 

  206. <?
    207. 

  207. require($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/epilog_admin.php");
    208. 

  208. ?>
    209.