From 51de7b7aac7ed626bee3bce1c3068159e54ab95b Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 24 Jun 2021 14:45:05 +0200
Subject: [locations/minilinux] Minor cleanups and fixes

---
 inc/request.inc.php | 10 +++++-----
 inc/session.inc.php | 35 +++++++++++++++++++++++------------
 inc/user.inc.php    |  4 ++--
 3 files changed, 30 insertions(+), 19 deletions(-)

(limited to 'inc')

diff --git a/inc/request.inc.php b/inc/request.inc.php
index 7e9ed97e..bdbd32d5 100644
--- a/inc/request.inc.php
+++ b/inc/request.inc.php
@@ -23,7 +23,7 @@ class Request
 	 * @param string $type if the parameter exists, cast it to given type
 	 * @return mixed Field from $_GET, or $default if not set
 	 */
-	public static function get($key, $default = false, $type = false)
+	public static function get(string $key, $default = false, $type = false)
 	{
 		return self::handle($_GET, $key, $default, $type);
 	}
@@ -34,7 +34,7 @@ class Request
 	 * @param string $default Value to return if $_POST does not contain $key
 	 * @return mixed Field from $_POST, or $default if not set
 	 */
-	public static function post($key, $default = false, $type = false)
+	public static function post(string $key, $default = false, $type = false)
 	{
 		return self::handle($_POST, $key, $default, $type);
 	}
@@ -45,7 +45,7 @@ class Request
 	 * @param string $default Value to return if $_REQUEST does not contain $key
 	 * @return mixed Field from $_REQUEST, or $default if not set
 	 */
-	public static function any($key, $default = false, $type = false)
+	public static function any(string $key, $default = false, $type = false)
 	{
 		return self::handle($_REQUEST, $key, $default, $type);
 	}
@@ -68,14 +68,14 @@ class Request
 
 	private static function handle(&$array, $key, $default, $type)
 	{
-		if (!isset($array[$key])) {
+		if (!array_key_exists($key, $array)) {
 			if ($default === self::REQUIRED || $default === self::REQUIRED_EMPTY) {
 				Message::addError('main.parameter-missing', $key);
 				Util::redirect('?do=' . $_REQUEST['do']);
 			}
 			return $default;
 		}
-		if ($default === self::REQUIRED && (string)$array[$key] === '') {
+		if ($default === self::REQUIRED && is_string($array[$key]) && $array[$key] === '') {
 			Message::addError('main.parameter-empty', $key);
 			Util::redirect('?do=' . $_REQUEST['do']);
 		}
diff --git a/inc/session.inc.php b/inc/session.inc.php
index f06cd580..fc875669 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -8,6 +8,7 @@ class Session
 	private static $data = false;
 	private static $dataChanged = false;
 	private static $userId = 0;
+	private static $updateSessionDateline = false;
 	
 	private static function generateSessionId(string $salt)
 	{
@@ -37,6 +38,7 @@ class Session
 					'userid' => $userId,
 					'fixedip' => $fixedAddress ? 1 : 0,
 		]);
+		self::setupSessionAccounting(true);
 	}
 
 	public static function load(): bool
@@ -48,6 +50,7 @@ class Session
 		if (self::readSessionData())
 			return true;
 		// Loading session data failed
+		self::$sid = false;
 		return false;
 	}
 
@@ -123,6 +126,8 @@ class Session
 		if ($row['fixedip'] && $row['lastip'] !== $_SERVER['REMOTE_ADDR']) {
 			return false; // Ignore but don't invalidate
 		}
+		// Refresh cookie if appropriate
+		self::setupSessionAccounting(Request::isGet() && $row['dateline'] + 86400 < $now + CONFIG_SESSION_TIMEOUT);
 		self::$userId = $row['userid'];
 		self::$data = @json_decode($row['data'], true);
 		if (!is_array(self::$data)) {
@@ -136,14 +141,28 @@ class Session
 		}
 		return true;
 	}
+
+	private static function setupSessionAccounting(bool $cookie)
+	{
+		if ($cookie) {
+			self::$updateSessionDateline = true;
+			$ret = setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT,
+				null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+			if (!$ret)
+				Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
+		}
+		register_shutdown_function(function () {
+			Session::saveInternal();
+		});
+	}
 	
 	public static function saveInternal()
 	{
 		$now = time();
-		$args = [
-			'dateline' => $now + CONFIG_SESSION_TIMEOUT,
-			'lastip' => $_SERVER['REMOTE_ADDR'],
-		];
+		$args = ['lastip' => $_SERVER['REMOTE_ADDR']];
+		if (self::$updateSessionDateline) {
+			$args['dateline'] = $now + CONFIG_SESSION_TIMEOUT;
+		}
 		if (self::$dataChanged) {
 			$args['data'] = json_encode(self::$data);
 		}
@@ -152,14 +171,6 @@ class Session
 			}, array_keys($args))) . " WHERE sid = :sid";
 		$args['sid'] = self::$sid;
 		Database::exec($query, $args);
-		$ret = setcookie('sid', self::$sid, $now + CONFIG_SESSION_TIMEOUT,
-			null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
-		if (!$ret)
-			Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
 	}
 
 }
-
-register_shutdown_function(function () {
-	Session::saveInternal();
-});
diff --git a/inc/user.inc.php b/inc/user.inc.php
index d587c462..e89a4355 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -83,7 +83,7 @@ class User
 		}
 	}
 
-	public static function getAllowedLocations($permission)
+	public static function getAllowedLocations(string $permission): array
 	{
 		if (!self::isLoggedIn())
 			return [];
@@ -105,7 +105,7 @@ class User
 			}
 			return $a;
 		}
-		return array();
+		return [];
 	}
 
 	public static function load()
-- 
cgit v1.2.3-55-g7522