centreon · sc979 · Oct 2, 2019 · Sep 30, 2019 · Sep 30, 2019 · Oct 1, 2019
diff --git a/www/class/centreonSession.class.php b/www/class/centreonSession.class.php
@@ -1,8 +1,7 @@
 <?php
-
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -56,6 +55,7 @@ public static function start($flag = 0)
 
     public static function stop()
     {
+        // destroy the session
         session_unset();
         session_destroy();
     }
@@ -64,6 +64,7 @@ public static function restart()
     {
         static::stop();
         self::start();
+        // regenerate the session id value
         session_regenerate_id(true);
     }
 

diff --git a/www/include/core/login/login.php b/www/include/core/login/login.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -72,7 +72,7 @@
     $loginMessages[] = _('Your session is expired.');
 }
 
-if ($file_install_acces) {
+if ($file_install_access) {
     $loginMessages[] = $error_msg;
 }
 
@@ -100,7 +100,7 @@
 if (isset($freeze) && $freeze) {
     $form->freeze();
 }
-if ($file_install_acces) {
+if ($file_install_access) {
     $submitLogin->freeze();
 }
 

diff --git a/www/include/core/login/processLogin.php b/www/include/core/login/processLogin.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Copyright 2005-2015 Centreon
- * Centreon is developped by : Julien Mathis and Romain Le Merlus under
+ * Copyright 2005-2019 Centreon
+ * Centreon is developed by : Julien Mathis and Romain Le Merlus under
  * GPL Licence 2.0.
  *
  * This program is free software; you can redistribute it and/or modify it under
@@ -97,30 +97,31 @@
     );
     if ($centreonAuth->passwdOk == 1) {
         $centreon = new Centreon($centreonAuth->userInfos);
+        // security fix - regenerate the sid after the login to prevent session fixation
+        session_regenerate_id();
         $_SESSION["centreon"] = $centreon;
-
+        // saving session data in the DB
         $query = "INSERT INTO `session` (`session_id` , `user_id` , `current_page` , `last_reload`, `ip_address`) " .
             "VALUES (?, ?, ?, ?, ?)";
-        $DBRESULT = $pearDB->prepare($query);
+        $dbResult = $pearDB->prepare($query);
         $pearDB->execute(
-            $DBRESULT,
+            $dbResult,
             array(session_id(), $centreon->user->user_id, '1', time(), $_SERVER["REMOTE_ADDR"])
         );
+
         if (!isset($_POST["submit"])) {
+            $headerRedirection = "./main.php";
             $minimize = '';
             if (isset($_GET["min"]) && $_GET["min"] == '1') {
                 $minimize = '&min=1';
             }
-            if (isset($_GET["p"]) && $_GET["p"] != '') {
-                header('Location: ./main.php?p=' . $_GET["p"] . $minimize);
+            if (!empty($_GET["p"])) {
+                $headerRedirection .= "?p=" . $_GET["p"];
             } else if (isset($centreon->user->default_page) && $centreon->user->default_page != '') {
-                header('Location: ./main.php?p=' . $centreon->user->default_page . $minimize);
-            } else {
-                header('Location: ./main.php');
+                $headerRedirection .= "?p=" . $centreon->user->default_page;
             }
-        } else {
-            header("Location: ./main.php");
         }
+        header("Location: " . $headerRedirection . $minimize);
         $connect = true;
     } else {
         $connect = false;

diff --git a/www/index.php b/www/index.php
@@ -78,11 +78,11 @@
 /*
  * detect installation dir
  */
-$file_install_acces = 0;
+$file_install_access = 0;
 if (file_exists("./install/setup.php")) {
     $error_msg = "Installation Directory '" . __DIR__ .
         "/install/' is accessible. Delete this directory to prevent security problem.";
-    $file_install_acces = 1;
+    $file_install_access = 1;
 }
 
 /**
@@ -102,11 +102,6 @@
     file_put_contents($indexHtmlPath, $indexHtmlContent);
 }
 
-/*
- * Set PHP Session Expiration time
- */
-ini_set("session.gc_maxlifetime", "31536000");
-
 CentreonSession::start();
 
 if (isset($_GET["disconnect"])) {
@@ -136,7 +131,7 @@
 /*
  * Check PHP version
  *
- *  Centreon 18.10 doesn't support PHP < 7.1
+ *  Centreon >= 18.10 doesn't support PHP < 7.1
  *
  */
 if (version_compare(phpversion(), '7.1') < 0) {