From aeef0ce3148c0ede8edc90070a63c08cc857d793 Mon Sep 17 00:00:00 2001
From: Kenji ITO <mystralkk@gmail.com>
Date: Sun, 16 Sep 2018 21:23:23 +0900
Subject: [PATCH 1/2] Added COM_getInstallDir to get the actual "admin/install"
 directory

---
 public_html/admin/sectest.php | 18 ++-----
 public_html/index.php         | 31 +++--------
 public_html/lib-common.php    | 27 ++++++++++
 system/classes/Session.php    | 98 +++++++++++++++++++++++++++++++++++
 4 files changed, 134 insertions(+), 40 deletions(-)
 create mode 100644 system/classes/Session.php

diff --git a/public_html/admin/sectest.php b/public_html/admin/sectest.php
index b2ebc2433..919ffcdff 100644
--- a/public_html/admin/sectest.php
+++ b/public_html/admin/sectest.php
@@ -204,23 +204,11 @@ function doTest($baseUrl, $urlToCheck, $what)
  */
 function checkInstallDir()
 {
-    global $_CONF, $LANG_SECTEST, $failed_tests;
+    global $LANG_SECTEST, $failed_tests;
 
-    // we don't have the path to the admin directory, so try to figure it out
-    // from $_CONF['site_admin_url']
-    $adminUrl = $_CONF['site_admin_url'];
-    if (strrpos($adminUrl, '/') === strlen($adminUrl)) {
-        $adminUrl = substr($adminUrl, 0, -1);
-    }
-    $pos = strrpos($adminUrl, '/');
-    if ($pos === false) {
-        // only guessing ...
-        $installDir = $_CONF['path_html'] . 'admin/install';
-    } else {
-        $installDir = $_CONF['path_html'] . substr($adminUrl, $pos + 1) . '/install';
-    }
+    $installDir = COM_getInstallDir();
 
-    if (is_dir($installDir)) {
+    if (!empty($installDir)) {
         $retval = '<li>' . sprintf($LANG_SECTEST['remove_inst'],
                 '<strong>' . $installDir . '</strong>') . ' '
             . $LANG_SECTEST['remove_inst2'] . '</li>';
diff --git a/public_html/index.php b/public_html/index.php
index 1230e9e71..432f15555 100644
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -8,7 +8,7 @@
 // |                                                                           |
 // | Geeklog homepage.                                                         |
 // +---------------------------------------------------------------------------+
-// | Copyright (C) 2000-2017 by the following authors:                         |
+// | Copyright (C) 2000-2018 by the following authors:                         |
 // |                                                                           |
 // | Authors: Tony Bibbs        - tony@tonybibbs.com                           |
 // |          Mark Limburg      - mlimburg@users.sourceforge.net               |
@@ -163,31 +163,12 @@ function fixTopic(&$A, $tid_list)
 
 if (SEC_inGroup('Root') && ($page === 1)) {
     $done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
-    if ($done != 1) {
-        /**
-         * we don't have the path to the admin directory, so try to figure it
-         * out from $_CONF['site_admin_url']
-         *
-         * @todo FIXME: this duplicates some code from admin/sectest.php
-         */
-        $adminurl = $_CONF['site_admin_url'];
-        if (strrpos($adminurl, '/') == strlen($adminurl)) {
-            $adminurl = substr($adminurl, 0, -1);
-        }
-        $pos = strrpos($adminurl, '/');
-        if ($pos === false) {
-            // only guessing ...
-            $installdir = $_CONF['path_html'] . 'admin/install';
-        } else {
-            $installdir = $_CONF['path_html'] . substr($adminurl, $pos + 1)
-                . '/install';
-        }
 
-        if (is_dir($installdir)) {
-            // deliberatly NOT print the actual path to the install dir
-            $secmsg = sprintf($LANG_SECTEST['remove_inst'], '')
-                . ' ' . $MESSAGE[92];
-            $display .= COM_showMessageText($secmsg);
+    if ($done != 1) {
+        if (COM_getInstallDir() !== '') {
+            // deliberately NOT print the actual path to the install dir
+            $secMsg = sprintf($LANG_SECTEST['remove_inst'], '') . ' ' . $MESSAGE[92];
+            $display .= COM_showMessageText($secMsg);
         }
     }
 }
diff --git a/public_html/lib-common.php b/public_html/lib-common.php
index 6d170896e..793ee5f1a 100644
--- a/public_html/lib-common.php
+++ b/public_html/lib-common.php
@@ -8595,6 +8595,33 @@ function COM_isEnableDeveloperModeLog($type)
     require_once $_CONF['path'] . 'plugins/' . $pi_name . '/functions.inc';
 }
 
+/**
+ * Return the actual admin/install directory
+ *
+ * @return string
+ * @since  Geeklog 2.2.1
+ */
+function COM_getInstallDir()
+{
+    global $_CONF;
+
+    $adminUrl = $_CONF['site_admin_url'];
+    if (strrpos($adminUrl, '/') == strlen($adminUrl)) {
+        $adminUrl = substr($adminUrl, 0, -1);
+    }
+
+    $pos = strrpos($adminUrl, '/');
+    if ($pos === false) {
+        // only guessing ...
+        $installDir = $_CONF['path_html'] . 'admin/install';
+    } else {
+        $installDir = $_CONF['path_html'] . substr($adminUrl, $pos + 1) . '/install';
+    }
+    $installDir = str_replace('\\', '/', $installDir);
+
+    return is_dir($installDir) ? $installDir : '';
+}
+
 // Check and see if any plugins (or custom functions)
 // have scheduled tasks to perform
 if (!isset($_VARS['last_scheduled_run']) || !is_numeric($_VARS['last_scheduled_run'])) {
diff --git a/system/classes/Session.php b/system/classes/Session.php
new file mode 100644
index 000000000..d4c296ca9
--- /dev/null
+++ b/system/classes/Session.php
@@ -0,0 +1,98 @@
+<?php
+
+namespace Geeklog;
+
+/**
+ * Class Session
+ *
+ * @package Geeklog
+ */
+abstract class Session
+{
+    // Index of $_SESSION value
+    const GL_NAMESPACE = '__gl';
+    const VAR_NAMESPACE = '__v';
+    const FLASH_NAMESPACE = '__f';
+
+    /**
+     * @var array
+     */
+    private static $flashVars = [];
+
+    /**
+     * @var bool
+     */
+    private static $isInitialized = false;
+
+    /**
+     * Init the Session class
+     *
+     * @param array $options
+     */
+    public static function init(array $options = [])
+    {
+        if (self::$isInitialized) {
+            return;
+        }
+
+        if (!session_start()) {
+            die('Cannot start session.');
+        }
+
+
+
+        if (isset($_SESSION[self::GL_NAMESPACE][self::FLASH_NAMESPACE])) {
+            self::$flashVars = $_SESSION[self::GL_NAMESPACE][self::FLASH_NAMESPACE];
+        }
+
+        self::$isInitialized = true;
+    }
+
+    /**
+     * Set a session value
+     *
+     * @param  string $name
+     * @param  mixed  $value
+     */
+    public static function set($name, $value)
+    {
+        $_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE][$name] = $value;
+    }
+
+    /**
+     * Set a "flash" session value
+     *
+     * @param  string $name
+     * @param  mixed  $value
+     */
+    public static function setFlash($name, $value)
+    {
+        $_SESSION[self::GL_NAMESPACE][self::FLASH_NAMESPACE][$name] = $value;
+    }
+
+    /**
+     * Get a session value
+     *
+     * @param  string $name
+     * @param  mixed  $defaultValue
+     * @return mixed
+     */
+    public static function get($name, $defaultValue = null)
+    {
+        return isset($_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE][$name])
+            ? $_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE][$name]
+            : $defaultValue;
+    }
+
+    /**
+     * Get a "flash" session value
+     *
+     * @param  string $name
+     * @param  mixed  $defaultValue
+     * @return mixed
+     */
+    public static function getFlash($name, $defaultValue = null)
+    {
+        return isset(self::$flashVars[$name]) ? self::$flashVars[$name] : $defaultValue;
+    }
+}

From 20ea6e5c2e5c46069826670b23aa5f2114af6868 Mon Sep 17 00:00:00 2001
From: Kenji ITO <mystralkk@gmail.com>
Date: Sat, 22 Sep 2018 16:54:50 +0900
Subject: [PATCH 2/2] Update Session class

---
 system/classes/Session.php | 110 +++++++++++++++++++++++++++++++++++--
 1 file changed, 106 insertions(+), 4 deletions(-)

diff --git a/system/classes/Session.php b/system/classes/Session.php
index d4c296ca9..b60d0dded 100644
--- a/system/classes/Session.php
+++ b/system/classes/Session.php
@@ -9,17 +9,34 @@
  */
 abstract class Session
 {
-    // Index of $_SESSION value
+    // Index of $_SESSION array
     const GL_NAMESPACE = '__gl';
     const VAR_NAMESPACE = '__v';
     const FLASH_NAMESPACE = '__f';
 
+    // Lifespan of the session in seconds
+    const LIFE_SPAN = 60 * 60 * 2;
+
+    // Anonymous user id
+    const ANON_USER_ID = 1;
+
+    /**
+     * Session options
+     *
+     * @var array
+     */
+    private static $options = [];
+
     /**
+     * "flash", i.e., one-time session variables
+     *
      * @var array
      */
     private static $flashVars = [];
 
     /**
+     * The flag to show if the class is initialized
+     *
      * @var bool
      */
     private static $isInitialized = false;
@@ -35,19 +52,96 @@ public static function init(array $options = [])
             return;
         }
 
+        // Save options
+        self::$options = $options;
+
+        // Set PHP settings
+        ini_set('session.use_strict_mode', 1);
+        ini_set('session.use_cookies', 1);
+        ini_set('session.use_only_cookies', 1);
+        ini_set('session.use_trans_sid', 0);
+
+        // Start a new session
         if (!session_start()) {
-            die('Cannot start session.');
+            die(__METHOD__ . ': Cannot start session.');
         }
 
+        // Check if the user is new
+        if (!isset($_SESSION[self::GL_NAMESPACE])
+            || ($_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE]['uid'] < self::ANON_USER_ID)
+            || self::isExpires()) {
+            $_SESSION[self::GL_NAMESPACE] = [
+                self::FLASH_NAMESPACE => [],
+                self::VAR_NAMESPACE   => [
+                    'uid' => self::ANON_USER_ID,
+                ],
+            ];
+        }
 
-
-        if (isset($_SESSION[self::GL_NAMESPACE][self::FLASH_NAMESPACE])) {
+        // Move "flash" session vars to the property of the class
+        if (isset($_SESSION[self::GL_NAMESPACE][self::FLASH_NAMESPACE])
+            && is_array($_SESSION[self::GL_NAMESPACE][self::FLASH_NAMESPACE])) {
             self::$flashVars = $_SESSION[self::GL_NAMESPACE][self::FLASH_NAMESPACE];
         }
+        $_SESSION[self::GL_NAMESPACE][self::FLASH_NAMESPACE] = [];
+
+        // Update life span
+        $_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE]['expiresAt'] = time() + self::LIFE_SPAN;
 
+        // Finished initialization
         self::$isInitialized = true;
     }
 
+    /**
+     * Return if the current session has expired
+     *
+     * @return bool
+     */
+    public static function isExpires()
+    {
+        return isset($_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE]['expiresAt'])
+            && is_int($_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE]['expiresAt'])
+            && ($_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE]['expiresAt']) < time();
+    }
+
+    /**
+     * Return if the current user is anonymous
+     *
+     * @return bool
+     */
+    public static function isLoggedIn()
+    {
+        return ($_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE]['uid'] > self::ANON_USER_ID);
+    }
+
+    /**
+     * Return the current user id
+     *
+     * @return int
+     */
+    public static function getUid()
+    {
+        return (int) $_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE]['uid'];
+    }
+
+    /**
+     * Set the current user id
+     *
+     * @param  int $uid
+     * @throws \InvalidArgumentException
+     */
+    public static function setUid($uid)
+    {
+        $uid = (int) $uid;
+
+        if ($uid >= self::ANON_USER_ID) {
+            $_SESSION[self::GL_NAMESPACE][self::VAR_NAMESPACE]['uid'] = $uid;
+            self::regenerate();
+        } else {
+            throw new \InvalidArgumentException('User id must be ' . self::ANON_USER_ID . ' or greater.');
+        }
+    }
+
     /**
      * Set a session value
      *
@@ -95,4 +189,12 @@ public static function getFlash($name, $defaultValue = null)
     {
         return isset(self::$flashVars[$name]) ? self::$flashVars[$name] : $defaultValue;
     }
+
+    /**
+     * Regenerate the session id
+     */
+    public static function regenerate()
+    {
+        session_regenerate_id(false);
+    }
 }