diff --git a/class2.php b/class2.php index 155ef5c98..6edcbdc52 100644 --- a/class2.php +++ b/class2.php @@ -485,10 +485,10 @@ if($pref['redirectsiteurl'] && $pref['siteurl']) { if(isset($pref['multilanguage_subdomain']) && $pref['multilanguage_subdomain']) { - if(substr(e_SELF, 7, 4)=='www.' || substr(e_SELF, 8, 4)=='www.') + if(substr(e_REQUEST_URL, 7, 4)=='www.' || substr(e_REQUEST_URL, 8, 4)=='www.') { - $self = e_SELF; - if(e_QUERY){ $self .= '?'.e_QUERY; } + $self = e_REQUEST_URL; + //if(e_QUERY){ $self .= '?'.e_QUERY; } $location = str_replace('://www.', '://', $self); header("Location: {$location}", true, 301); // send 301 header, not 302 exit(); @@ -514,13 +514,13 @@ if($pref['redirectsiteurl'] && $pref['siteurl']) { // -- ports do not match (http <==> https) // -- base domain does not match (case-insensitive) // -- NOT admin area - if (($urlport != $PrefSitePort || stripos($PrefSiteBase, $urlbase) === false) && strpos(e_SELF, ADMINDIR) === false) + if (($urlport != $PrefSitePort || stripos($PrefSiteBase, $urlbase) === false) && strpos(e_REQUEST_SELF, ADMINDIR) === false) { - $aeSELF = explode('/', e_SELF, 4); + $aeSELF = explode('/', e_REQUEST_SELF, 4); $aeSELF[0] = $aPrefURL[0]; // Swap in correct type of query (http, https) $aeSELF[1] = ''; // Defensive code: ensure http:// not http:// $aeSELF[2] = $aPrefURL[2]; // Swap in correct domain and possibly port - $location = implode('/',$aeSELF).(e_QUERY ? '?'.e_QUERY : ''); + $location = implode('/',$aeSELF).($_SERVER['QUERY_STRING'] ? '?'.$_SERVER['QUERY_STRING'] : ''); header("Location: {$location}", true, 301); // send 301 header, not 302 exit(); @@ -837,6 +837,9 @@ if (($_SERVER['QUERY_STRING'] == 'logout')/* || (($pref['user_tracking'] == 'ses { $sql->db_Update('online', "online_user_id = 0, online_pagecount=online_pagecount+1 WHERE online_user_id = '{$udata}' LIMIT 1"); } + + // earlier event trigger with user data still available + e107::getEvent()->trigger('logout'); if ($pref['user_tracking'] == 'session') { @@ -847,13 +850,11 @@ if (($_SERVER['QUERY_STRING'] == 'logout')/* || (($pref['user_tracking'] == 'ses cookie(e_COOKIE, '', (time() - 2592000)); e107::getUser()->logout(); - e107::getEvent()->trigger('logout'); e107::getRedirect()->redirect(SITEURL); // header('location:'.e_BASE.'index.php'); exit(); } - /* * Calculate time zone offset, based on session cookie set in e107.js. * (Buyer beware: this may be wrong for the first pageview in a session, diff --git a/e107_handlers/e107_class.php b/e107_handlers/e107_class.php index 43efe8d8e..cb699a44f 100644 --- a/e107_handlers/e107_class.php +++ b/e107_handlers/e107_class.php @@ -510,9 +510,10 @@ class e107 * @param string $key * @return boolean */ - public static function getE107($key) + public static function getE107($key = null) { $self = self::getInstance(); + if(null === $key) return $self->_E107; return (isset($self->_E107[$key]) && $self->_E107[$key] ? true : false); } diff --git a/e107_handlers/login.php b/e107_handlers/login.php index 77a013425..f42b8b611 100644 --- a/e107_handlers/login.php +++ b/e107_handlers/login.php @@ -71,8 +71,10 @@ class userlogin */ public function login($username, $userpass, $autologin, $response = '', $noredirect = false) { - global $pref, $e_event, $_E107; - + $pref = e107::getPref(); + $e_event = e107::getEvent(); + $_E107 = e107::getE107(); + $username = trim($username); $userpass = trim($userpass); @@ -269,9 +271,9 @@ class userlogin } if($noredirect) return true; - - $redir = e_SELF; - if (e_QUERY) $redir .= '?'.str_replace('&','&',e_QUERY); + $redir = e_REQUEST_URL; + //$redir = e_SELF; + //if (e_QUERY) $redir .= '?'.str_replace('&','&',e_QUERY); if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force'])) { // See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules // $log_info = "New user: ".$this->userData['user_name']." Class: ".$this->userData['user_class']." Admin: ".$this->userData['user_admin']." Perms: ".$this->userData['user_perms']; diff --git a/e107_handlers/redirection_class.php b/e107_handlers/redirection_class.php index b32309191..fca5aa3d9 100644 --- a/e107_handlers/redirection_class.php +++ b/e107_handlers/redirection_class.php @@ -50,12 +50,13 @@ class redirection */ function __construct() { - $this->self_exceptions = array(SITEURL.e_SIGNUP, SITEURL.'index.php', SITEURL.'fpw.php', SITEURL.e_LOGIN, SITEURL.'membersonly.php'); + $this->self_exceptions = array(SITEURL.e_SIGNUP, SITEURL, SITEURL.'index.php', SITEURL.'fpw.php', SITEURL.e_LOGIN, SITEURL.'membersonly.php'); $this->page_exceptions = array('e_ajax.php', 'e_js.php', 'e_jslib.php', 'sitedown.php'); $this->query_exceptions = array('logout'); } /** + * FIXME - build self_exceptions dynamically - use URL assembling to match the proper URLs later * Store the current URL in a cookie for 5 minutes so we can return to it after being logged out. * @param string $url if empty self url will be used * @param boolean $forceNoSef if false REQUEST_URI will be used (mod_rewrite support) @@ -70,6 +71,11 @@ class redirection { return; } + elseif(in_array(e_REQUEST_URI, $this->self_exceptions)) + { + return; + } + if(defset('e_PAGE') && in_array(e_PAGE, $this->page_exceptions)) { return; @@ -87,11 +93,11 @@ class redirection return $this; } - public function getSelf($forceNoSef = false) + public function getSelf($full = false) { - if($forceNoSef) + if($full) { - $url = (e_QUERY) ? e_SELF."?".e_QUERY : e_SELF; + $url = e_REQUEST_URL;//(e_QUERY) ? e_SELF."?".e_QUERY : e_SELF; } else { @@ -325,6 +331,10 @@ class redirection // Safari endless loop fix. header('Content-Length: 0'); + + // write session if needed + if(session_id()) session_write_close(); + exit(); } } diff --git a/e107_handlers/user_model.php b/e107_handlers/user_model.php index 92a4d2539..694bb63f6 100644 --- a/e107_handlers/user_model.php +++ b/e107_handlers/user_model.php @@ -1293,6 +1293,7 @@ class e_user extends e_user_model { if($force || null === $this->_session_data) { + $this->_session_data = null; $this->_session_key = e107::getPref('cookie_name', 'e107cookie'); $this->_session_type = e107::getPref('user_tracking', 'cookie'); diff --git a/e107_themes/templates/footer_default.php b/e107_themes/templates/footer_default.php index 54eee1c77..5cd70d4f0 100644 --- a/e107_themes/templates/footer_default.php +++ b/e107_themes/templates/footer_default.php @@ -23,6 +23,15 @@ global $error_handler,$db_time,$FOOTER; // Clean session shutdown e107::getSession()->shutdown(); + +// System browser CACHE control - defaults to no cache; override in e107_config or on the fly +// This is temporary solution, we'll implement more flexible way for cache control override +// per page, more investigation needed about cache related headers, browser quirks etc +if(!defined('e_NOCACHE')) +{ + define('e_NOCACHE', true); +} + // // SHUTDOWN SEQUENCE // @@ -301,11 +310,13 @@ $etag = md5($page); //header('Pragma:'); // previously disabled or there is posted data -if(!deftrue('e_NOCACHE') && $_SERVER['REQUEST_METHOD'] === 'GET') +$canCache = false; +if(!deftrue('e_NOCACHE') && $_SERVER['REQUEST_METHOD'] === 'GET' && $_SERVER['QUERY_STRING'] != 'logout') { + $canCache = true; header("Cache-Control: must-revalidate", true); if(e107::getPref('site_page_expires')) // TODO - allow per page - { + { if (function_exists('date_default_timezone_set')) { date_default_timezone_set('UTC'); @@ -349,7 +360,7 @@ else } // should come after the Etag header -if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) +if ($canCache && isset($_SERVER['HTTP_IF_NONE_MATCH'])) { $IF_NONE_MATCH = str_replace('"','',$_SERVER['HTTP_IF_NONE_MATCH']);