From 6a591966c2725e8074bb8351c3644d5871abd917 Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Thu, 16 Dec 2010 14:16:32 +0000
Subject: [PATCH] Added hook for session handling, fixed bug [0000315]

---
 CHANGELOG.txt        |  5 +++++
 includes/hooks.inc   | 14 ++++++++++++++
 includes/session.inc |  5 ++++-
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 0afe9ba3..b312c4b2 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -20,12 +20,17 @@ Legend:
 $ -> Affected files
 
 16-Dec-2010 Janusz Dobrowolski
++ Added hook for session handling, fixed bug [0000315] (session fixation)
+$ /includes/hooks.inc
+  /includes/session.inc
 # Cleanup on add_quick_entry() qid parameter added
 $ /gl/includes/db/gl_db_bank_accounts.inc
 # Could not change quick entry base amount description
 $ /gl/manage/gl_quick_entries.php
 # Fixed error handling
 $ /includes/ui/items_cart.inc
+# Fixed get_gl_trans_from_to return type
+$ /gl/includes/db/gl_db_trans.inc
 
 15-Dec-2010 Janusz Dobrowolski
 + Added Georgian installer wizard translation by Giorgi Natsvlishvili
diff --git a/includes/hooks.inc b/includes/hooks.inc
index c279b4af..d89c1d3e 100644
--- a/includes/hooks.inc
+++ b/includes/hooks.inc
@@ -367,3 +367,17 @@ function hook_price_in_words($amount, $document)
 {
 	return hook_invoke_last('price_in_words', $amount, $document);
 }
+//
+//	Session handling hook. This is special case of hook class which have to be run before session is started.
+//	If fa_session_manager class is defined in any installed extension, this class provides session handling
+//	for application, otherwise standard php session handling is used.
+//
+function hook_session_start($company)
+{
+	if (class_exists('fa_session_manager')) {
+		global $SessionManager;
+		$SessionManager = new fa_session_manager($company);
+		return $SessionManager->installed;
+	}
+	return false;
+}
diff --git a/includes/session.inc b/includes/session.inc
index f98c97b2..2424b574 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -192,9 +192,12 @@ include_once($path_to_root . "/includes/hooks.inc");
 
 ini_set('session.gc_maxlifetime', 36000); // 10hrs
 
+hook_session_start(@$_POST["company_login_name"]);
+
 session_name('FA'.md5(dirname(__FILE__)));
-//include_once($path_to_root.'/modules/www_statistics/includes/db_sessions.inc');
+
 session_start();
+session_regenerate_id();
 
 // this is to fix the "back-do-you-want-to-refresh" issue - thanx PHPFreaks
 header("Cache-control: private");
-- 
2.30.2