From 28519f15a1d94685ade147966b1002a2f7388541 Mon Sep 17 00:00:00 2001
From: danpros <dan@danpros.com>
Date: Sat, 6 Jan 2024 19:09:01 +0700
Subject: [PATCH] Multi URLs session

---
 system/admin/admin.php                   | 18 +++++++--------
 system/admin/views/backup.html.php       |  2 +-
 system/admin/views/denied.html.php       |  2 +-
 system/admin/views/edit-page.html.php    |  4 ++--
 system/admin/views/main.html.php         |  4 ++--
 system/admin/views/static-pages.html.php |  2 +-
 system/htmly.php                         | 38 ++++++++++++++++----------------
 system/includes/functions.php            |  2 +-
 system/includes/session.php              |  2 +-
 9 files changed, 37 insertions(+), 37 deletions(-)

diff --git a/system/admin/admin.php b/system/admin/admin.php
index eef9074..b363a3a 100644
--- a/system/admin/admin.php
+++ b/system/admin/admin.php
@@ -65,7 +65,7 @@ function session($user, $pass)
             if (password_needs_rehash($user_pass, PASSWORD_DEFAULT)) {
                 update_user($user, $pass, $user_role);
             }
-            $_SESSION[config("site.url")]['user'] = $user;
+            $_SESSION[site_url()]['user'] = $user;
             header('location: admin');
         } else {
             return $str = '<div class="error-message"><ul><li class="alert alert-danger">' . i18n('Invalid_Error') . '</li></ul></div>';
@@ -73,7 +73,7 @@ function session($user, $pass)
     } else if (old_password_verify($pass, $user_enc, $user_pass)) {
         if (session_status() == PHP_SESSION_NONE) session_start();
         update_user($user, $pass, $user_role);
-        $_SESSION[config("site.url")]['user'] = $user;
+        $_SESSION[site_url()]['user'] = $user;
         header('location: admin');
     } else {
         return $str = '<div class="error-message"><ul><li class="alert alert-danger">' . i18n('Invalid_Error') . '</li></ul></div>';
@@ -89,16 +89,16 @@ function old_password_verify($pass, $user_enc, $user_pass)
 // Generate csrf token
 function generate_csrf_token()
 {
-    $_SESSION[config("site.url")]['csrf_token'] = sha1(microtime(true) . mt_rand(10000, 90000));
+    $_SESSION[site_url()]['csrf_token'] = sha1(microtime(true) . mt_rand(10000, 90000));
 }
 
 // Get csrf token
 function get_csrf()
 {
-    if (!isset($_SESSION[config("site.url")]['csrf_token']) || empty($_SESSION[config("site.url")]['csrf_token'])) {
+    if (!isset($_SESSION[site_url()]['csrf_token']) || empty($_SESSION[site_url()]['csrf_token'])) {
         generate_csrf_token();
     }
-    return $_SESSION[config("site.url")]['csrf_token'];
+    return $_SESSION[site_url()]['csrf_token'];
 }
 
 // Check the csrf token
@@ -936,7 +936,7 @@ function get_feed($feed_url, $credit)
             $tags = $entry->category;
             $title = rtrim($entry->title, ' \,\.\-');
             $title = ltrim($title, ' \,\.\-');
-            $user = $_SESSION[config("site.url")]['user'];
+            $user = $_SESSION[site_url()]['user'];
             $url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \-\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($title)));
             if ($credit == 'yes') {
                 $source = $entry->link;
@@ -994,7 +994,7 @@ function Zip($source, $destination, $include_dir = false)
 // Return toolbar
 function toolbar()
 {
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
     $base = site_url();
 
@@ -1272,7 +1272,7 @@ function find_draft($year, $month, $name)
 function get_draft($profile, $page, $perpage)
 {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
     $posts = get_draft_posts();
 
@@ -1451,7 +1451,7 @@ function find_scheduled($year, $month, $name)
 function get_scheduled($profile, $page, $perpage)
 {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
     $posts = get_scheduled_posts();
 
diff --git a/system/admin/views/backup.html.php b/system/admin/views/backup.html.php
index 848573e..ecd8ad4 100644
--- a/system/admin/views/backup.html.php
+++ b/system/admin/views/backup.html.php
@@ -23,7 +23,7 @@ Please install the ZIP extension to use the backup feature.
     <br><br>
 <?php 
 
-if (isset($_SESSION[config("site.url")]['user'])) {
+if (isset($_SESSION[site_url()]['user'])) {
     $files = get_zip_files();
     if (!empty($files)) {
         krsort($files);
diff --git a/system/admin/views/denied.html.php b/system/admin/views/denied.html.php
index 8c37d24..da08b83 100644
--- a/system/admin/views/denied.html.php
+++ b/system/admin/views/denied.html.php
@@ -1,2 +1,2 @@
 <?php if (!defined('HTMLY')) die('HTMLy'); ?>
-<h1><?echo i18n('You_dont_have_permission_to_access_this_page');?></h1>
\ No newline at end of file
+<h1><?php echo i18n('You_dont_have_permission_to_access_this_page');?></h1>
\ No newline at end of file
diff --git a/system/admin/views/edit-page.html.php b/system/admin/views/edit-page.html.php
index 34df3f7..8936c41 100644
--- a/system/admin/views/edit-page.html.php
+++ b/system/admin/views/edit-page.html.php
@@ -14,8 +14,8 @@ if ($type == 'is_frontpage') {
     }
 } elseif ($type == 'is_profile') {
 
-    if (isset($_SESSION[config("site.url")]['user'])) {
-        $user = $_SESSION[config("site.url")]['user'];
+    if (isset($_SESSION[site_url()]['user'])) {
+        $user = $_SESSION[site_url()]['user'];
     }
 
     $filename = 'content/' . $user . '/author.md';
diff --git a/system/admin/views/main.html.php b/system/admin/views/main.html.php
index d149929..ac1bb47 100644
--- a/system/admin/views/main.html.php
+++ b/system/admin/views/main.html.php
@@ -5,8 +5,8 @@
 <br><br>
 <?php 
 
-if (isset($_SESSION[config("site.url")]['user'])) {
-    $posts = get_profile_posts($_SESSION[config("site.url")]['user'], 1, 5);
+if (isset($_SESSION[site_url()]['user'])) {
+    $posts = get_profile_posts($_SESSION[site_url()]['user'], 1, 5);
     if (!empty($posts)) {
         echo '<table class="table post-list">';
         echo '<tr class="head"><th>' . i18n('Title') . '</th><th>' . i18n('Published') . '</th>';
diff --git a/system/admin/views/static-pages.html.php b/system/admin/views/static-pages.html.php
index 8660c6f..9b0deb1 100644
--- a/system/admin/views/static-pages.html.php
+++ b/system/admin/views/static-pages.html.php
@@ -3,7 +3,7 @@
 <br>
 <a class="btn btn-primary right" href="<?php echo site_url();?>add/page"><?php echo i18n('Add_new_page');?></a>
 <br><br>
-<?php if (isset($_SESSION[config("site.url")]['user'])):?>
+<?php if (isset($_SESSION[site_url()]['user'])):?>
     <?php $posts = find_page();
     if (!empty($posts)): ?>
         <table class="table post-list">
diff --git a/system/htmly.php b/system/htmly.php
index 0a1ece5..6edfe1e 100644
--- a/system/htmly.php
+++ b/system/htmly.php
@@ -321,7 +321,7 @@ post('/edit/profile', function () {
 
     $proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $title = from($_REQUEST, 'title');
     $content = from($_REQUEST, 'content');
     if ($proper && !empty($title) && !empty($content)) {
@@ -380,7 +380,7 @@ post('/edit/frontpage', function () {
 
     $proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $title = from($_REQUEST, 'title');
     $content = from($_REQUEST, 'content');
     if ($proper && !empty($title) && !empty($content)) {
@@ -488,7 +488,7 @@ post('/add/content', function () {
     $url = from($_REQUEST, 'url');
     $content = from($_REQUEST, 'content');
     $description = from($_REQUEST, 'description');
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $draft = from($_REQUEST, 'draft');
     $category = from($_REQUEST, 'category');
     $date = from($_REQUEST, 'date');
@@ -742,7 +742,7 @@ post('/add/category', function () {
 // Show admin/posts 
 get('/admin/posts', function () {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
     if (login()) {
 
@@ -813,7 +813,7 @@ get('/admin/posts', function () {
 // Show admin/popular 
 get('/admin/popular', function () {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
     if (login()) {
 
@@ -886,7 +886,7 @@ get('/admin/mine', function () {
 
         config('views.root', 'system/admin/views');
 
-        $name = $_SESSION[config("site.url")]['user'];
+        $name = $_SESSION[site_url()]['user'];
 
         $page = from($_GET, 'page');
         $page = $page ? (int)$page : 1;
@@ -951,7 +951,7 @@ get('/admin/draft', function () {
 
         config('views.root', 'system/admin/views');
 
-        $name = $_SESSION[config("site.url")]['user'];
+        $name = $_SESSION[site_url()]['user'];
 
         $page = from($_GET, 'page');
         $page = $page ? (int)$page : 1;
@@ -1024,7 +1024,7 @@ get('/admin/scheduled', function () {
 
         config('views.root', 'system/admin/views');
 
-        $name = $_SESSION[config("site.url")]['user'];
+        $name = $_SESSION[site_url()]['user'];
 
         $page = from($_GET, 'page');
         $page = $page ? (int)$page : 1;
@@ -1197,7 +1197,7 @@ post('/admin/import', function () {
 // Show Config page
 get('/admin/config', function () {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
 
     if (login()) {
@@ -1263,7 +1263,7 @@ post('/admin/config', function () {
 // Show Config page
 get('/admin/config/custom', function () {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
 
     if (login()) {
@@ -1331,7 +1331,7 @@ post('/admin/config/custom', function () {
 // Show Config page
 get('/admin/config/reading', function () {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
 
     if (login()) {
@@ -1398,7 +1398,7 @@ post('/admin/config/reading', function () {
 // Show Config page
 get('/admin/config/widget', function () {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
 
     if (login()) {
@@ -1465,7 +1465,7 @@ post('/admin/config/widget', function () {
 // Show Config page
 get('/admin/config/metatags', function () {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
 
     if (login()) {
@@ -1532,7 +1532,7 @@ post('/admin/config/metatags', function () {
 // Show Config page
 get('/admin/config/performance', function () {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
 
     if (login()) {
@@ -1757,7 +1757,7 @@ get('/admin/categories', function () {
 // Show the category page
 get('/admin/categories/:category', function ($category) {
 
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
     if (login()) {
         
@@ -2549,7 +2549,7 @@ get('/post/:name/edit', function ($name) {
 
     if (login()) {
 
-        $user = $_SESSION[config("site.url")]['user'];
+        $user = $_SESSION[site_url()]['user'];
         $role = user('role', $user);
 
         config('views.root', 'system/admin/views');
@@ -2762,7 +2762,7 @@ get('/post/:name/delete', function ($name) {
 
     if (login()) {
 
-        $user = $_SESSION[config("site.url")]['user'];
+        $user = $_SESSION[site_url()]['user'];
         $role = user('role', $user);
 
         config('views.root', 'system/admin/views');
@@ -3615,7 +3615,7 @@ get('/:year/:month/:name/edit', function ($year, $month, $name) {
 
     if (login()) {
 
-        $user = $_SESSION[config("site.url")]['user'];
+        $user = $_SESSION[site_url()]['user'];
         $role = user('role', $user);
 
         config('views.root', 'system/admin/views');
@@ -3828,7 +3828,7 @@ get('/:year/:month/:name/delete', function ($year, $month, $name) {
 
     if (login()) {
 
-        $user = $_SESSION[config("site.url")]['user'];
+        $user = $_SESSION[site_url()]['user'];
         $role = user('role', $user);
 
         config('views.root', 'system/admin/views');
diff --git a/system/includes/functions.php b/system/includes/functions.php
index dd9f403..5c3a790 100644
--- a/system/includes/functions.php
+++ b/system/includes/functions.php
@@ -2171,7 +2171,7 @@ function get_image($text)
 // Return edit tab on post
 function tab($p)
 {
-    $user = $_SESSION[config("site.url")]['user'];
+    $user = $_SESSION[site_url()]['user'];
     $role = user('role', $user);
     if (isset($p->author)) {
         if ($user === $p->author || $role === 'admin') {
diff --git a/system/includes/session.php b/system/includes/session.php
index 308855b..b7e2dc1 100644
--- a/system/includes/session.php
+++ b/system/includes/session.php
@@ -11,7 +11,7 @@ session_start();
 function login()
 {
     if (session_status() == PHP_SESSION_NONE) return false;
-    if (isset($_SESSION[config("site.url")]['user']) && !empty($_SESSION[config("site.url")]['user'])) {
+    if (isset($_SESSION[site_url()]['user']) && !empty($_SESSION[site_url()]['user'])) {
         return true;
     } else {
         return false;