From 17d93489910bf46d03d1af54f163365bbe567ea9 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Fri, 16 Jan 2009 20:43:17 +0000
Subject: [PATCH] MDL-14992 towards better db sessions

---
 index.php          | 2 +-
 lib/db/install.xml | 2 +-
 lib/db/upgrade.php | 6 +++---
 lib/sessionlib.php | 5 +++--
 login/index.php    | 2 +-
 version.php        | 2 +-
 6 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/index.php b/index.php
index 4f39b5b8b1..5730fed538 100644
--- a/index.php
+++ b/index.php
@@ -47,7 +47,7 @@
     define('BLOCK_R_MAX_WIDTH', $rmax);
 
     // check if major upgrade needed - also present in login/index.php
-    if (empty($CFG->version) or (int)$CFG->version < 2009011400) { //1.9 or older
+    if (empty($CFG->version) or (int)$CFG->version < 2009011600) { //1.9 or older
         @require_logout();
         redirect("$CFG->wwwroot/$CFG->admin/");
     }
diff --git a/lib/db/install.xml b/lib/db/install.xml
index ca443a3b09..b33b7bac01 100644
--- a/lib/db/install.xml
+++ b/lib/db/install.xml
@@ -443,7 +443,7 @@
         <FIELD NAME="sid" TYPE="char" LENGTH="128" NOTNULL="true" SEQUENCE="false" ENUM="false" COMMENT="Session id" PREVIOUS="state" NEXT="userid"/>
         <FIELD NAME="userid" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" ENUM="false" PREVIOUS="sid" NEXT="sessdata"/>
         <FIELD NAME="sessdata" TYPE="text" LENGTH="big" NOTNULL="false" SEQUENCE="false" ENUM="false" COMMENT="session content" PREVIOUS="userid" NEXT="sessdatahash"/>
-        <FIELD NAME="sessdatahash" TYPE="char" LENGTH="40" NOTNULL="true" SEQUENCE="false" ENUM="false" COMMENT="verifies integrity of sessdata" PREVIOUS="sessdata" NEXT="timecreated"/>
+        <FIELD NAME="sessdatahash" TYPE="char" LENGTH="40" NOTNULL="false" SEQUENCE="false" ENUM="false" COMMENT="verifies integrity of sessdata" PREVIOUS="sessdata" NEXT="timecreated"/>
         <FIELD NAME="timecreated" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" ENUM="false" PREVIOUS="sessdatahash" NEXT="timemodified"/>
         <FIELD NAME="timemodified" TYPE="int" LENGTH="10" NOTNULL="true" UNSIGNED="true" SEQUENCE="false" ENUM="false" PREVIOUS="timecreated" NEXT="firstip"/>
         <FIELD NAME="firstip" TYPE="char" LENGTH="45" NOTNULL="false" SEQUENCE="false" ENUM="false" PREVIOUS="timemodified" NEXT="lastip"/>
diff --git a/lib/db/upgrade.php b/lib/db/upgrade.php
index 89d2e1f3d5..2ea3ddffab 100644
--- a/lib/db/upgrade.php
+++ b/lib/db/upgrade.php
@@ -1323,7 +1323,7 @@ function xmldb_main_upgrade($oldversion) {
         upgrade_main_savepoint($result, 2009011303);
     }
 
-    if ($result && $oldversion < 2009011400) {
+    if ($result && $oldversion < 2009011600) {
 
     /// Define table sessions2 to be dropped
         $table = new xmldb_table('sessions2');
@@ -1350,7 +1350,7 @@ function xmldb_main_upgrade($oldversion) {
         $table->add_field('sid', XMLDB_TYPE_CHAR, '128', null, XMLDB_NOTNULL, null, null, null, null);
         $table->add_field('userid', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null, null, null);
         $table->add_field('sessdata', XMLDB_TYPE_TEXT, 'big', null, null, null, null, null, null);
-        $table->add_field('sessdatahash', XMLDB_TYPE_CHAR, '40', null, XMLDB_NOTNULL, null, null, null, null);
+        $table->add_field('sessdatahash', XMLDB_TYPE_CHAR, '40', null, null, null, null, null, null);
         $table->add_field('timecreated', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null, null, null);
         $table->add_field('timemodified', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null, null, null);
         $table->add_field('firstip', XMLDB_TYPE_CHAR, '45', null, null, null, null, null, null);
@@ -1370,7 +1370,7 @@ function xmldb_main_upgrade($oldversion) {
         $dbman->create_table($table);
 
     /// Main savepoint reached
-        upgrade_main_savepoint($result, 2009011400);
+        upgrade_main_savepoint($result, 2009011600);
     }
 
 
diff --git a/lib/sessionlib.php b/lib/sessionlib.php
index e324436fc4..c91bcaa45c 100644
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@@ -324,7 +324,7 @@ class database_session extends session_stub {
                 $record->state        = 0;
                 $record->sid          = $sid;
                 $record->sessdata     = null;
-                $record->sessdatahash = sha1('');
+                $record->sessdatahash = null;
                 $record->userid       = 0;
                 $record->timecreated  = $record->timemodified = time();
                 $record->firstip      = $record->lastip = getremoteaddr();
@@ -359,7 +359,7 @@ class database_session extends session_stub {
 
         $this->record->sid          = $sid;                         // it might be regenerated
         $this->record->sessdata     = base64_encode($session_data); // there might be some binary mess :-(
-        $this->record->sessdatahash = sha1($this->record->sessdata);
+        $this->record->sessdatahash = md5($this->record->sessdata);
         $this->record->userid       = empty($USER->realuser) ? $USER->id : $USER->realuser;
         $this->record->timemodified = time();
         $this->record->lastip       = getremoteaddr();
@@ -369,6 +369,7 @@ class database_session extends session_stub {
         } catch (dml_exception $ex) {
             error_log('Can not write session to database.');
         }
+
         return true;
     }
 
diff --git a/login/index.php b/login/index.php
index ab7295c77e..bea71e8adc 100644
--- a/login/index.php
+++ b/login/index.php
@@ -4,7 +4,7 @@
     require_once("../config.php");
 
 /// check if major upgrade needed - also present in /index.php
-    if ((int)$CFG->version < 2009011400) { //1.9 or older
+    if ((int)$CFG->version < 2009011600) { //1.9 or older
         @require_logout();
         redirect("$CFG->wwwroot/$CFG->admin/");
     }
diff --git a/version.php b/version.php
index 458f921d0e..0b5e8d7f96 100644
--- a/version.php
+++ b/version.php
@@ -6,7 +6,7 @@
 // This is compared against the values stored in the database to determine
 // whether upgrades should be performed (see lib/db/*.php)
 
-    $version = 2009011400;  // YYYYMMDD   = date of the last version bump
+    $version = 2009011600;  // YYYYMMDD   = date of the last version bump
                             //         XX = daily increments
 
     $release = '2.0 dev (Build: 20090116)';  // Human-friendly version name
-- 
2.39.5