Moving to e_REQUEST_* instead e_QUERY/e_SELF usage; set system browser cache to false by default; user logout event triggered a bit earlier

class2.php

@@ -485,10 +485,10 @@ if($pref['redirectsiteurl'] && $pref['siteurl']) {
 
 	if(isset($pref['multilanguage_subdomain']) && $pref['multilanguage_subdomain'])
 	{
-   		if(substr(e_SELF, 7, 4)=='www.' || substr(e_SELF, 8, 4)=='www.')
+   		if(substr(e_REQUEST_URL, 7, 4)=='www.' || substr(e_REQUEST_URL, 8, 4)=='www.')
 		{
-			$self = e_SELF;
-			if(e_QUERY){ $self .= '?'.e_QUERY; }
+			$self = e_REQUEST_URL;
+			//if(e_QUERY){ $self .= '?'.e_QUERY; }
 			$location = str_replace('://www.', '://', $self);
 			header("Location: {$location}", true, 301); // send 301 header, not 302
 			exit();
@@ -514,13 +514,13 @@ if($pref['redirectsiteurl'] && $pref['siteurl']) {
 			// -- ports do not match (http <==> https)
 			// -- base domain does not match (case-insensitive)
 			// -- NOT admin area
-			if (($urlport != $PrefSitePort || stripos($PrefSiteBase, $urlbase) === false) && strpos(e_SELF, ADMINDIR) === false)
+			if (($urlport != $PrefSitePort || stripos($PrefSiteBase, $urlbase) === false) && strpos(e_REQUEST_SELF, ADMINDIR) === false)
 			{
-				$aeSELF = explode('/', e_SELF, 4);
+				$aeSELF = explode('/', e_REQUEST_SELF, 4);
 				$aeSELF[0] = $aPrefURL[0];	// Swap in correct type of query (http, https)
 				$aeSELF[1] = '';						// Defensive code: ensure http:// not http:/<garbage>/
 				$aeSELF[2] = $aPrefURL[2];  // Swap in correct domain and possibly port
-				$location = implode('/',$aeSELF).(e_QUERY ? '?'.e_QUERY : '');
+				$location = implode('/',$aeSELF).($_SERVER['QUERY_STRING'] ? '?'.$_SERVER['QUERY_STRING'] : '');
 
 			header("Location: {$location}", true, 301); // send 301 header, not 302
 			exit();
@@ -837,6 +837,9 @@ if (($_SERVER['QUERY_STRING'] == 'logout')/* || (($pref['user_tracking'] == 'ses
 	{
 		$sql->db_Update('online', "online_user_id = 0, online_pagecount=online_pagecount+1 WHERE online_user_id = '{$udata}' LIMIT 1");
 	}
+	
+	// earlier event trigger with user data still available 
+	e107::getEvent()->trigger('logout');
 
 	if ($pref['user_tracking'] == 'session')
 	{
@@ -847,13 +850,11 @@ if (($_SERVER['QUERY_STRING'] == 'logout')/* || (($pref['user_tracking'] == 'ses
 	cookie(e_COOKIE, '', (time() - 2592000));
 	e107::getUser()->logout();
 	
-	e107::getEvent()->trigger('logout');
 	e107::getRedirect()->redirect(SITEURL);
 	// header('location:'.e_BASE.'index.php');
 	exit();
 }
 
-
 /*
 * Calculate time zone offset, based on session cookie set in e107.js.
 * (Buyer beware: this may be wrong for the first pageview in a session,

e107_handlers/e107_class.php

@@ -510,9 +510,10 @@ class e107
 	 * @param string $key
 	 * @return boolean
 	 */
-	public static function getE107($key)
+	public static function getE107($key = null)
 	{
 		$self = self::getInstance();
+		if(null === $key) return $self->_E107;
 		return (isset($self->_E107[$key]) && $self->_E107[$key] ? true : false);
 	}
 

e107_handlers/login.php

@@ -71,8 +71,10 @@ class userlogin
 	*/
 	public function login($username, $userpass, $autologin, $response = '', $noredirect = false)
 	{
-		global $pref, $e_event, $_E107;
-
+		$pref = e107::getPref();
+		$e_event = e107::getEvent();
+		$_E107 = e107::getE107();
+		
 		$username = trim($username);
 		$userpass = trim($userpass);
 
@@ -269,9 +271,9 @@ class userlogin
 		}
 
 		if($noredirect) return true;
-
-		$redir = e_SELF;
-		if (e_QUERY) $redir .= '?'.str_replace('&','&',e_QUERY);
+		$redir = e_REQUEST_URL;
+		//$redir = e_SELF;
+		//if (e_QUERY) $redir .= '?'.str_replace('&','&',e_QUERY);
 		if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force']))
 		{	// See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules
 //		  $log_info = "New user: ".$this->userData['user_name']."  Class: ".$this->userData['user_class']."  Admin: ".$this->userData['user_admin']."  Perms: ".$this->userData['user_perms'];

e107_handlers/redirection_class.php

@@ -50,12 +50,13 @@ class redirection
 	 */
 	function __construct()
 	{
-		$this->self_exceptions = array(SITEURL.e_SIGNUP, SITEURL.'index.php', SITEURL.'fpw.php', SITEURL.e_LOGIN, SITEURL.'membersonly.php');
+		$this->self_exceptions = array(SITEURL.e_SIGNUP, SITEURL, SITEURL.'index.php', SITEURL.'fpw.php', SITEURL.e_LOGIN, SITEURL.'membersonly.php');
 		$this->page_exceptions = array('e_ajax.php', 'e_js.php', 'e_jslib.php', 'sitedown.php');
 		$this->query_exceptions = array('logout');
 	}
 	
 	/**
+	 * FIXME - build self_exceptions dynamically - use URL assembling to match the proper URLs later
 	 * Store the current URL in a cookie for 5 minutes so we can return to it after being logged out. 
 	 * @param string $url if empty self url will be used
 	 * @param boolean $forceNoSef if false REQUEST_URI will be used (mod_rewrite support)
@@ -70,6 +71,11 @@ class redirection
 			{
 				return;
 			}
+			elseif(in_array(e_REQUEST_URI, $this->self_exceptions))
+			{
+				return;
+			}
+			
 			if(defset('e_PAGE') && in_array(e_PAGE, $this->page_exceptions))
 			{
 				return;
@@ -87,11 +93,11 @@ class redirection
 		return $this;
 	}
 	
-	public function getSelf($forceNoSef = false)
+	public function getSelf($full = false)
 	{
-		if($forceNoSef)
+		if($full)
 		{
-			$url = (e_QUERY) ? e_SELF."?".e_QUERY : e_SELF;
+			$url = e_REQUEST_URL;//(e_QUERY) ? e_SELF."?".e_QUERY : e_SELF;
 		}
 		else
 		{
@@ -325,6 +331,10 @@ class redirection
 		
 		// Safari endless loop fix.
 		header('Content-Length: 0');
+		
+		// write session if needed
+		if(session_id()) session_write_close();
+		
 		exit();
 	}
 }

e107_handlers/user_model.php

@@ -1293,6 +1293,7 @@ class e_user extends e_user_model
 	{
 		if($force || null === $this->_session_data)
 		{
+			$this->_session_data = null;
 			$this->_session_key = e107::getPref('cookie_name', 'e107cookie');
 			$this->_session_type = e107::getPref('user_tracking', 'cookie');
 			

e107_themes/templates/footer_default.php

@@ -23,6 +23,15 @@ global $error_handler,$db_time,$FOOTER;
 // Clean session shutdown
 e107::getSession()->shutdown();
 
+
+// System browser CACHE control - defaults to no cache; override in e107_config or on the fly
+// This is temporary solution, we'll implement more flexible way for cache control override
+// per page, more investigation needed about cache related headers, browser quirks etc
+if(!defined('e_NOCACHE'))
+{
+	define('e_NOCACHE', true);
+}
+
 //
 // SHUTDOWN SEQUENCE
 //
@@ -301,11 +310,13 @@ $etag = md5($page);
 
 //header('Pragma:');
 // previously disabled or there is posted data
-if(!deftrue('e_NOCACHE') && $_SERVER['REQUEST_METHOD'] === 'GET')
+$canCache = false;
+if(!deftrue('e_NOCACHE') && $_SERVER['REQUEST_METHOD'] === 'GET' && $_SERVER['QUERY_STRING'] != 'logout')
 {
+	$canCache = true;
 	header("Cache-Control: must-revalidate", true);	
 	if(e107::getPref('site_page_expires')) // TODO - allow per page
-	{
+	{ 
 		if (function_exists('date_default_timezone_set')) 
 		{
 		    date_default_timezone_set('UTC');
@@ -349,7 +360,7 @@ else
 }
 
 // should come after the Etag header
-if (isset($_SERVER['HTTP_IF_NONE_MATCH']))
+if ($canCache && isset($_SERVER['HTTP_IF_NONE_MATCH']))
 {
 	$IF_NONE_MATCH = str_replace('"','',$_SERVER['HTTP_IF_NONE_MATCH']);