mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-23 14:44:29 +02:00
Code Issues Releases Wiki Activity

Mass changes (work in progress - related beta testing and feedback highly appreciated)

Browse Source 
- New session handler - appropriate changes made at important core areas (language handler, chap login related)
- Overall better COOKIE handling (on both server and client side) - cookies respect now installation path, domain (based on language settings)
- Introduced Security Levels (see session handler constants/docs), security level option could be added to install routine now
- Security level printed on Administration info panel, appropriate lans added (subject of discussion)
- e_TOKEN security part of session handling now - logic depends depends on security level (TODO - POST_REFERER removal)
- e_print, e_dump debug functions added (for quick and nice debug view via site output), native overall FirePhp support planned
- a lot of minor bugfixes
This commit is contained in:
secretr
2010-10-26 07:41:20 +00:00
parent 6196a3e425
commit 645d2dda6d
29 changed files with 342 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
e107_handlers/user_model.php
View File

@@ -183,13 +183,16 @@ class e_user_model extends e_front_model
return ($this->isAdmin() ? $this->get('user_perms') : false);
}
/**
* DEPRECATED - will be removed or changed soon (see e_session)
* @return string
*/
public function getToken()
{
if($this->isUser()) return '';
if(null === $this->get('user_token'))
{
$this->set('user_token', md5($this->get('user_password').$this->get('user_lastvisit').$this->get('user_pwchange').$this->get('user_class')));
//$this->set('user_token', md5($this->get('user_password').$this->get('user_lastvisit').$this->get('user_pwchange').$this->get('user_class')));
$this->set('user_token', e107::getSession()->getFormToken(false));
}
return $this->get('user_token');
}
@@ -307,6 +310,7 @@ class e_user_model extends e_front_model
/**
* Check passed value against current user token
* DEPRECATED - will be removed or changed soon (see e_core_session)
* @param string $token md5 sum of e.g. posted token
* @return boolean
*/
@@ -1286,6 +1290,7 @@ class e_user extends e_user_model
{
$this->_session_key = e107::getPref('cookie_name', 'e107cookie');
$this->_session_type = e107::getPref('user_tracking', 'cookie');
if('session' == $this->_session_type && isset($_SESSION[$this->_session_key]) && !empty($_SESSION[$this->_session_key]))
{
$this->_session_data = &$_SESSION[$this->_session_key];