Session initialization has been simplified. The session directory has been deleted, as all sessions are now in the database.

.gitignore

@@ -6,4 +6,3 @@
 /html/js/select2/
 /.vscode/
 /html/log/*.log
-/html/sessions/sess_*

html/admin/iplist/index.php

@@ -230,7 +230,7 @@ print_navigation($page_url,$page,$displayed,$count_records,$total);
         </tr>
 <?php
 
-$sSQL = "SELECT user_auth.*, user_list.login, user_list.enabled as UEnabled, user_list.blocked as UBlocked, ou.ou_name
+$sSQL = "SELECT user_auth.*, user_list.login, user_list.enabled as uenabled, user_list.blocked as ublocked, ou.ou_name
 FROM user_auth
 LEFT JOIN user_list
 ON user_auth.user_id = user_list.id
@@ -256,7 +256,7 @@ foreach ($users as $user) {
     $cl = "data";
     if (!$user['enabled']) { $cl = "warn"; }
     if ($user['blocked']) { $cl = "error"; }
-    if (!$user['UEnabled'] or $user['UBlocked']) { $cl = "off"; }
+    if ($user['uenabled'] !== 1 || $user['ublocked'] == 1) { $cl = "off"; }
     print "<td class=\"$cl\" style='padding:0'><input type=checkbox name=fid[] value=".$user['id']."></td>\n";
     print "<td class=\"$cl\" >".$user['ou_name']."</td>\n";
     if (empty($user['login'])) { $user_name = $user['user_id']; } else { $user_name = $user['login']; }

html/api.php

@@ -1,7 +1,5 @@
 <?php
 
-$session_init = 0;
-
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/auth.utils.php");
 
 login($db_link);

html/cfg/config.sample.php

@@ -8,6 +8,7 @@ define("HTML_LANG","russian");
 define("HTML_STYLE","white");
 
 define("DB_HOST","localhost");
+//db_type => mysql OR pgsql
 define("DB_TYPE","db_type");
 define("DB_NAME","stat");
 define("DB_USER","user");

html/inc/auth.php

@@ -5,8 +5,6 @@ $start_time = microtime();
 
 ob_start();
 
-$session_init=1;
-
 require_once ($_SERVER['DOCUMENT_ROOT']."/inc/auth.utils.php");
 
 login($db_link);

html/inc/auth.utils.php

@@ -27,6 +27,18 @@ if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PRO
     $_SERVER['HTTPS'] = 'on';
 }
 
+// исправление дублирующихся PHPSESSID <<<
+/*
+if (session_status() == PHP_SESSION_ACTIVE && isset($_SERVER['HTTP_COOKIE'])) {
+        preg_match_all('/PHPSESSID=([^;\s]+)/', $_SERVER['HTTP_COOKIE'], $matches);
+        if (!empty($matches[1])) {
+            $real_session_id = end($matches[1]);
+            session_id($real_session_id);
+            $_COOKIE['PHPSESSID'] = $real_session_id;
+        }
+    }
+*/
+
 ini_set('session.cookie_lifetime', SESSION_LIFETIME);
 ini_set('session.cookie_path', '/');
 ini_set('session.cookie_domain', $clean_domain);
@@ -37,46 +49,6 @@ ini_set('session.gc_maxlifetime', SESSION_LIFETIME);
 //ini_set('session.use_trans_sid', true);
 //ini_set('session.use_only_cookies', false);
 
-if (!empty($session_init) and $session_init==1) {
-    // Включим подробное логирование сессий
-    LOG_DEBUG($db_link, "=== SESSION DEBUG START ===");
-    LOG_DEBUG($db_link, "Session status: " . session_status());
-    LOG_DEBUG($db_link, "PHP_SESSION_ACTIVE: " . PHP_SESSION_ACTIVE);
-    LOG_DEBUG($db_link, "DOCUMENT_ROOT: " . $_SERVER['DOCUMENT_ROOT']);
-    LOG_DEBUG($db_link, "REQUEST_URI: " . ($_SERVER['REQUEST_URI'] ?? 'unknown'));
-    LOG_DEBUG($db_link, "HTTP_COOKIE: " . ($_SERVER['HTTP_COOKIE'] ?? 'no cookies'));
-    // Инициализация системы сессий
-    log_session_debug($db_link, "Before init_db_sessions");
-    init_db_sessions($db_link);
-    // Инициализация сессии
-    log_session_debug($db_link, "Before session_start check");
-
-    // исправление дублирующихся PHPSESSID <<<
-    if (isset($_SERVER['HTTP_COOKIE'])) {
-	preg_match_all('/PHPSESSID=([^;\s]+)/', $_SERVER['HTTP_COOKIE'], $matches);
-        if (!empty($matches[1])) {
-	    $real_session_id = end($matches[1]);
-    	    session_id($real_session_id);
-            $_COOKIE['PHPSESSID'] = $real_session_id;
-	}
-    }
-
-    if (session_status() !== PHP_SESSION_ACTIVE) {
-	log_session_debug($db_link, "Starting session");
-	session_start();
-        log_session_debug($db_link, "After session_start", [
-	    'session_status' => session_status(),
-            'session_id' => session_id(),
-	    'session_cookie_params' => session_get_cookie_params()
-        ]);
-	} else {
-        log_session_debug($db_link, "Session already active", [
-	    'session_id' => session_id(),
-            'session_status' => session_status()
-	]);
-	}
-    LOG_DEBUG($db_link, "=== SESSION DEBUG END ===");
-    }
 
 // Функция для логирования отладки сессий, нужна только для отладки
 function log_session_debug($db, $message, $data = null) {
@@ -216,6 +188,35 @@ function login($db) {
         return IsSilentAuthenticated($db);
     }
 
+    // Включим подробное логирование сессий
+    LOG_DEBUG($db, "=== SESSION DEBUG START ===");
+    LOG_DEBUG($db, "Session status: " . session_status());
+    LOG_DEBUG($db, "PHP_SESSION_ACTIVE: " . PHP_SESSION_ACTIVE);
+    LOG_DEBUG($db, "DOCUMENT_ROOT: " . $_SERVER['DOCUMENT_ROOT']);
+    LOG_DEBUG($db, "REQUEST_URI: " . ($_SERVER['REQUEST_URI'] ?? 'unknown'));
+    LOG_DEBUG($db, "HTTP_COOKIE: " . ($_SERVER['HTTP_COOKIE'] ?? 'no cookies'));
+
+    // Гарантируем, что сессия запущена
+    if (session_status() !== PHP_SESSION_ACTIVE) {
+        // Инициализация системы сессий
+        log_session_debug($db, "Session not active, initializing now");
+        init_db_sessions($db);
+        // Инициализация сессии
+	log_session_debug($db, "Starting session");
+	session_start();
+        log_session_debug($db, "After session_start", [
+	    'session_status' => session_status(),
+            'session_id' => session_id(),
+	    'session_cookie_params' => session_get_cookie_params()
+        ]);
+	} else {
+        log_session_debug($db, "Session already active", [
+	    'session_id' => session_id(),
+            'session_status' => session_status()
+	]);
+	}
+    LOG_DEBUG($db, "=== SESSION DEBUG END ===");
+
     log_session_debug($db, "Login function started", [
         'session_status' => session_status(),
         'session_id' => session_id(),
@@ -265,7 +266,7 @@ function login($db) {
     }
 
     log_session_debug($db, "All auth methods failed, calling logout");
-    logout($db, FALSE, $redirect_url);
+    logout($db, $redirect_url);
     exit;
 }
 
@@ -438,9 +439,16 @@ function IsSilentAuthenticated($db) {
     return true;
 }
 
-function logout($db, $silent = FALSE, $redirect_url = DEFAULT_PAGE) {
+function logout($db, $redirect_url = DEFAULT_PAGE) {
+// Запускаем сессию только если браузер прислал куку — 
+// это позволяет корректно деактивировать запись в user_sessions 
+// и удалить куку с теми же параметрами, с которыми она была создана.
+    if (session_status() !== PHP_SESSION_ACTIVE && !empty($_COOKIE[session_name()])) {
+        init_db_sessions($db);
+        session_start();
+    }
+
     log_session_debug($db, "Logout function called", [
-        'silent' => $silent,
         'redirect_url' => $redirect_url,
         'session_status' => session_status(),
         'session_id' => session_id()
@@ -464,18 +472,17 @@ function logout($db, $silent = FALSE, $redirect_url = DEFAULT_PAGE) {
         session_destroy();
 
         if (!headers_sent()) {
-            setcookie(session_name(), '', time() - SESSION_LIFETIME, '/');
-            if (isset($_COOKIE['Auth'])) {
-                setcookie('Auth', '', time() - SESSION_LIFETIME, '/');
-            }
+            $params = session_get_cookie_params();
+            setcookie(session_name(), '', time() - SESSION_LIFETIME, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+//            if (isset($_COOKIE['Auth'])) {  setcookie('Auth', '', time() - SESSION_LIFETIME, '/');  }
             log_session_debug($db, "Session cookies cleared");
         }
     } else {
         log_session_debug($db, "Logout - no active session to destroy");
     }
 
-    if (!$silent && !headers_sent()) {
-        log_session_debug($db, "Performing redirect after logout");
+    if (!headers_sent()) {
+        LOG_DEBUG($db, "Performing redirect after logout");
         if ($redirect_url == DEFAULT_PAGE || empty($redirect_url) || $redirect_url == '/') {
             header('Location: ' . LOGIN_PAGE);
         } else {

html/inc/sql.php

@@ -154,13 +154,13 @@ function db_escape($connection, $value) {
 
 function new_connection ($db_type, $db_host, $db_user, $db_password, $db_name, $db_port = null)
 {
-    // Создаем временный логгер для отладки до установки соединения
-    $temp_debug_message = function($message) {
-        error_log("DB_CONNECTION_DEBUG: " . $message);
-    };
+// Создаем временный логгер для отладки до установки соединения
+//    $temp_debug_message = function($message) {
+//        error_log("DB_CONNECTION_DEBUG: " . $message);
+//    };
 
-    $temp_debug_message("Starting new_connection function");
-    $temp_debug_message("DB parameters - type: $db_type, host: $db_host, user: $db_user, db: $db_name");
+//    $temp_debug_message("Starting new_connection function");
+//    $temp_debug_message("DB parameters - type: $db_type, host: $db_host, user: $db_user, db: $db_name");
 
     if (function_exists('filter_var') && defined('FILTER_SANITIZE_FULL_SPECIAL_CHARS')) {
         $db_host = filter_var($db_host, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
@@ -171,7 +171,7 @@ function new_connection ($db_type, $db_host, $db_user, $db_password, $db_name, $
     $db_name = preg_replace('/[^a-zA-Z0-9_-]/', '', $db_name);
 
     try {
-        $temp_debug_message("Constructing DSN");
+//        $temp_debug_message("Constructing DSN");
         
         // Определяем DSN в зависимости от типа базы данных
         $dsn = "";
@@ -192,9 +192,9 @@ function new_connection ($db_type, $db_host, $db_user, $db_password, $db_name, $
             throw new Exception("Unsupported database type: $db_type. Supported types: mysql, pgsql");
         }
 
-        $temp_debug_message("DSN: $dsn");
-        $temp_debug_message("PDO options: " . json_encode($options));
-        $temp_debug_message("Attempting to create PDO connection");
+//        $temp_debug_message("DSN: $dsn");
+//        $temp_debug_message("PDO options: " . json_encode($options));
+//        $temp_debug_message("Attempting to create PDO connection");
 
         $result = new PDO($dsn, $db_user, $db_password, $options);
         // Устанавливаем кодировку для PostgreSQL
@@ -202,25 +202,25 @@ function new_connection ($db_type, $db_host, $db_user, $db_password, $db_name, $
                 $result->exec("SET client_encoding TO 'UTF8'");
             }
 
-        $temp_debug_message("PDO connection created successfully");
-        $temp_debug_message("PDO connection info: " . ($result->getAttribute(PDO::ATTR_CONNECTION_STATUS) ?? 'N/A for PostgreSQL'));
+//        $temp_debug_message("PDO connection created successfully");
+//        $temp_debug_message("PDO connection info: " . ($result->getAttribute(PDO::ATTR_CONNECTION_STATUS) ?? 'N/A for PostgreSQL'));
         // Проверяем наличие атрибутов перед использованием
         if ($db_type === 'mysql') {
-            $temp_debug_message("PDO client version: " . $result->getAttribute(PDO::ATTR_CLIENT_VERSION));
-            $temp_debug_message("PDO server version: " . $result->getAttribute(PDO::ATTR_SERVER_VERSION));
+//            $temp_debug_message("PDO client version: " . $result->getAttribute(PDO::ATTR_CLIENT_VERSION));
+//            $temp_debug_message("PDO server version: " . $result->getAttribute(PDO::ATTR_SERVER_VERSION));
             // Проверка кодировки для MySQL
             $stmt = $result->query("SHOW VARIABLES LIKE 'character_set_connection'");
             $charset = $stmt->fetch(PDO::FETCH_ASSOC);
-            $temp_debug_message("Database character set: " . ($charset['Value'] ?? 'not set'));
+//            $temp_debug_message("Database character set: " . ($charset['Value'] ?? 'not set'));
         } elseif ($db_type === 'pgsql' || $db_type === 'postgresql') {
             // Проверка кодировки для PostgreSQL
             $stmt = $result->query("SHOW server_encoding");
             $charset = $stmt->fetch(PDO::FETCH_ASSOC);
-            $temp_debug_message("PostgreSQL server encoding: " . ($charset['server_encoding'] ?? 'not set'));
+//            $temp_debug_message("PostgreSQL server encoding: " . ($charset['server_encoding'] ?? 'not set'));
             // Получаем версию PostgreSQL
             $stmt = $result->query("SELECT version()");
             $version = $stmt->fetch(PDO::FETCH_ASSOC);
-            $temp_debug_message("PostgreSQL version: " . ($version['version'] ?? 'unknown'));
+//            $temp_debug_message("PostgreSQL version: " . ($version['version'] ?? 'unknown'));
         }
 
         return $result;

html/sessions/.htaccess

@@ -1,18 +0,0 @@
-<IfModule mod_version.c>
-	<IfVersion < 2.4>
-		Order Deny,Allow
-		Deny from All
-	</IfVersion>
-	<IfVersion >= 2.4>
-		Require all denied
-	</IfVersion>
-</IfModule>
-<IfModule !mod_version.c>
-	<IfModule !mod_authz_core.c>
-		Order Deny,Allow
-		Deny from All
-	</IfModule>
-	<IfModule mod_authz_core.c>
-		Require all denied
-	</IfModule>
-</IfModule>