mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-05 06:07:32 +02:00
Code Issues Releases Wiki Activity

Mass changes (work in progress - related beta testing and feedback highly appreciated)

Browse Source 
- New session handler - appropriate changes made at important core areas (language handler, chap login related)
- Overall better COOKIE handling (on both server and client side) - cookies respect now installation path, domain (based on language settings)
- Introduced Security Levels (see session handler constants/docs), security level option could be added to install routine now
- Security level printed on Administration info panel, appropriate lans added (subject of discussion)
- e_TOKEN security part of session handling now - logic depends depends on security level (TODO - POST_REFERER removal)
- e_print, e_dump debug functions added (for quick and nice debug view via site output), native overall FirePhp support planned
- a lot of minor bugfixes
This commit is contained in:
secretr
2010-10-26 07:41:20 +00:00
parent 6196a3e425
commit 645d2dda6d
29 changed files with 342 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
class2.php
View File

@@ -223,6 +223,23 @@ $e107_paths = compact('ADMIN_DIRECTORY', 'FILES_DIRECTORY', 'IMAGES_DIRECTORY',
$sql_info = compact('mySQLserver', 'mySQLuser', 'mySQLpassword', 'mySQLdefaultdb', 'mySQLprefix'); $sql_info = compact('mySQLserver', 'mySQLuser', 'mySQLpassword', 'mySQLdefaultdb', 'mySQLprefix');
$e107 = e107::getInstance()->initCore($e107_paths, realpath(dirname(__FILE__)), $sql_info, varset($E107_CONFIG, array())); $e107 = e107::getInstance()->initCore($e107_paths, realpath(dirname(__FILE__)), $sql_info, varset($E107_CONFIG, array()));
/**
* NEW - system security levels
* Could be overridden by e107_config.php OR $CLASS2_INCLUDE script (if not set earlier)
*
* 0 disabled
* 5 safe mode (balanced)
* 7 high
* 9 paranoid
* 10 insane
* for more detailed info see e_session SECURITY_LEVEL_* constants
* default is e_session::SECURITY_LEVEL_BALANCED (5)
*/
if(!defined('e_SECURITY_LEVEL'))
{
require_once(e_HANDLER.'session_handler.php');
define('e_SECURITY_LEVEL', e_session::SECURITY_LEVEL_BALANCED);
}
// MOVED TO $e107->set_request() // MOVED TO $e107->set_request()
//$inArray = array("'", ';', '/**/', '/UNION/', '/SELECT/', 'AS '); //$inArray = array("'", ';', '/**/', '/UNION/', '/SELECT/', 'AS ');
@@ -281,6 +298,7 @@ $tp = e107::getParser(); //TODO - find & replace $tp, $e107->tp
// All debug objects and constants are defined in the debug handler // All debug objects and constants are defined in the debug handler
// i.e. from here on you can use E107_DEBUG_LEVEL or any // i.e. from here on you can use E107_DEBUG_LEVEL or any
// E107_DBG_* constant for debug testing. // E107_DBG_* constant for debug testing.
// TODO - rewrite the debug init phase, add e107 class getters
// //
require_once(e_HANDLER.'debug_handler.php'); require_once(e_HANDLER.'debug_handler.php');
@@ -292,6 +310,7 @@ if(E107_DEBUG_LEVEL && isset($db_debug) && is_object($db_debug))
// //
// I: Sanity check on e107_config.php // I: Sanity check on e107_config.php
// e107_config.php upgrade check // e107_config.php upgrade check
// FIXME - obsolete check, rewrite it
if (!$ADMIN_DIRECTORY && !$DOWNLOADS_DIRECTORY) if (!$ADMIN_DIRECTORY && !$DOWNLOADS_DIRECTORY)
{ {
message_handler('CRITICAL_ERROR', 8, ': generic, ', 'e107_config.php'); message_handler('CRITICAL_ERROR', 8, ': generic, ', 'e107_config.php');
@@ -304,7 +323,7 @@ if (!$ADMIN_DIRECTORY && !$DOWNLOADS_DIRECTORY)
e107::getSingleton('e107_traffic'); // We start traffic counting ASAP e107::getSingleton('e107_traffic'); // We start traffic counting ASAP
//$eTraffic->Calibrate($eTraffic); //$eTraffic->Calibrate($eTraffic);
e107_require_once(e_HANDLER.'mysql_class.php'); // e107_require_once(e_HANDLER.'mysql_class.php');
//DEPRECATED, BC, $e107->sql caught by __get() //DEPRECATED, BC, $e107->sql caught by __get()
$sql = e107::getDb(); //TODO - find & replace $sql, $e107->sql $sql = e107::getDb(); //TODO - find & replace $sql, $e107->sql
@@ -317,8 +336,7 @@ $merror=$sql->db_Connect($mySQLserver, $mySQLuser, $mySQLpassword, $mySQLdefault
//DEPRECATED, BC, call the method only when needed //DEPRECATED, BC, call the method only when needed
$sql2 = e107::getDb('sql2'); //TODO find & replace all $sql2 calls $sql2 = e107::getDb('sql2'); //TODO find & replace all $sql2 calls
$sql->db_Mark_Time('Start: Prefs, misc tables'); $sql->db_Mark_Time('Start: Prefs, misc tables');
//DEPRECATED, BC, call the method only when needed, $e107->admin_log caught by __get() //DEPRECATED, BC, call the method only when needed, $e107->admin_log caught by __get()
$admin_log = e107::getAdminLog(); //TODO - find & replace $admin_log, $e107->admin_log $admin_log = e107::getAdminLog(); //TODO - find & replace $admin_log, $e107->admin_log
@@ -403,7 +421,7 @@ if(!e107::getConfig()->hasData())
} }
//DEPRECATED, BC, call e107::getPref() instead //DEPRECATED, BC, call e107::getPref/findPref() instead
$pref = e107::getPref(); $pref = e107::getPref();
//this could be part of e107->init() method now, prefs will be auto-initialized //this could be part of e107->init() method now, prefs will be auto-initialized
@@ -426,7 +444,7 @@ e107::getLanguage()->detect();
// //
// if a cookie name pref isn't set, make one :) // if a cookie name pref isn't set, make one :)
// TODO - do we really need this? e107 method could do the job. // e_COOKIE used as unique session cookie name now (see session handler)
if (!$pref['cookie_name']) { $pref['cookie_name'] = 'e107cookie'; } if (!$pref['cookie_name']) { $pref['cookie_name'] = 'e107cookie'; }
define('e_COOKIE', $pref['cookie_name']); define('e_COOKIE', $pref['cookie_name']);
@@ -434,28 +452,6 @@ define('e_COOKIE', $pref['cookie_name']);
//define('SITEURLBASE', ($pref['ssl_enabled'] == '1' ? 'https://' : 'http://').$_SERVER['HTTP_HOST']); //define('SITEURLBASE', ($pref['ssl_enabled'] == '1' ? 'https://' : 'http://').$_SERVER['HTTP_HOST']);
//define('SITEURL', SITEURLBASE.e_HTTP); //define('SITEURL', SITEURLBASE.e_HTTP);
// start a session if session based login is enabled
// if ($pref['user_tracking'] == 'session')
{
session_start();
if (!isset($_SESSION['challenge']))
{ // New session
// Create a unique challenge string for CHAP login
$_SESSION['challenge'] = sha1(time().session_id());
}
$ubrowser = md5('E107'.$_SERVER['HTTP_USER_AGENT']);
if (!isset($_SESSION['ubrowser']))
{
$_SESSION['ubrowser'] = $ubrowser;
}
}
// if the option to force users to use a particular url for the site is enabled, redirect users there as needed // if the option to force users to use a particular url for the site is enabled, redirect users there as needed
// Now matches RFC 2616 (sec 3.2): case insensitive, https/:443 and http/:80 are equivalent. // Now matches RFC 2616 (sec 3.2): case insensitive, https/:443 and http/:80 are equivalent.
// And, this is robust against hack attacks. Malignant users can put **anything** in HTTP_HOST! // And, this is robust against hack attacks. Malignant users can put **anything** in HTTP_HOST!
@@ -511,6 +507,12 @@ if($pref['redirectsiteurl'] && $pref['siteurl']) {
* Set the User's Language * Set the User's Language
*/ */
$sql->db_Mark_Time('Start: Set User Language'); $sql->db_Mark_Time('Start: Set User Language');
// SESSION Needs to be started after:
// - Site preferences are available
// - Language detection (because of session.cookie_domain)
// to avoid multi-language 'access-denied' issues.
//session_start(); see e107::getSession() above
e107::getSession(); //init core _SESSION - actually here for reference only, it's done by language handler set() method
e107::getLanguage()->set(); // set e_LANGUAGE, USERLAN, Language Session / Cookies etc. requires $pref; e107::getLanguage()->set(); // set e_LANGUAGE, USERLAN, Language Session / Cookies etc. requires $pref;
if(varset($pref['multilanguage']) && (e_LANGUAGE != $pref['sitelanguage'])) if(varset($pref['multilanguage']) && (e_LANGUAGE != $pref['sitelanguage']))
@@ -523,10 +525,14 @@ if(varset($pref['multilanguage']) && (e_LANGUAGE != $pref['sitelanguage']))
e107_include_once(e_LANGUAGEDIR.e_LANGUAGE.'/'.e_LANGUAGE.'.php'); e107_include_once(e_LANGUAGEDIR.e_LANGUAGE.'/'.e_LANGUAGE.'.php');
e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/".e_LANGUAGE.'_custom.php'); e107_include_once(e_LANGUAGEDIR.e_LANGUAGE."/".e_LANGUAGE.'_custom.php');
e107::getSession()
->challenge() // Create a unique challenge string for CHAP login
->check(); // Token protection
// echo e_print($_SESSION, e107::getSession()->getSessionId(), e107::getSession()->getSessionName());
// //
// N: misc setups: online user tracking, cache // N: misc setups: online user tracking, cache
// //
$sql -> db_Mark_Time('Start: Misc resources. Online user tracking, cache'); $sql->db_Mark_Time('Start: Misc resources. Online user tracking, cache');
//DEPRECATED, BC, call the method only when needed, $e107->ecache caught by __get() //DEPRECATED, BC, call the method only when needed, $e107->ecache caught by __get()
$e107cache = e107::getCache(); //TODO - find & replace $e107cache, $e107->ecache $e107cache = e107::getCache(); //TODO - find & replace $e107cache, $e107->ecache
@@ -771,8 +777,8 @@ if (isset($_POST['userlogin']) || isset($_POST['userlogin_x']))
// $usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin'], varset($_POST['hashchallenge'],'')); // $usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin'], varset($_POST['hashchallenge'],''));
} }
// $_SESSION['ubrowser'] check not needed anymore - see session handler
if ((e_QUERY == 'logout') || (($pref['user_tracking'] == 'session') && isset($_SESSION['ubrowser']) && ($_SESSION['ubrowser'] != $ubrowser))) if ((e_QUERY == 'logout')/* || (($pref['user_tracking'] == 'session') && isset($_SESSION['ubrowser']) && ($_SESSION['ubrowser'] != $ubrowser))*/)
{ {
if (USER) if (USER)
{ {
@@ -784,6 +790,8 @@ if ((e_QUERY == 'logout') || (($pref['user_tracking'] == 'session') && isset($_S
$ip = $e107->getip(); $ip = $e107->getip();
$udata = (USER === true ? USERID.'.'.USERNAME : '0'); $udata = (USER === true ? USERID.'.'.USERNAME : '0');
// TODO - should be done inside online handler, more core areas need it (session handler for example)
$sql->db_Update('online', "online_user_id = 0, online_pagecount=online_pagecount+1 WHERE online_user_id = '{$udata}' LIMIT 1"); $sql->db_Update('online', "online_user_id = 0, online_pagecount=online_pagecount+1 WHERE online_user_id = '{$udata}' LIMIT 1");
if ($pref['user_tracking'] == 'session') if ($pref['user_tracking'] == 'session')
@@ -1423,6 +1431,7 @@ function init_session()
define('POST_REFERER', md5($user->getToken())); define('POST_REFERER', md5($user->getToken()));
// Check for intruders - outside the model for now // Check for intruders - outside the model for now
// TODO replace __referer with e-token, remove the above
if((isset($_POST['__referer']) && !$user->checkToken($_POST['__referer'])) if((isset($_POST['__referer']) && !$user->checkToken($_POST['__referer']))
|| (isset($_GET['__referer']) && !$user->checkToken($_GET['__referer']))) || (isset($_GET['__referer']) && !$user->checkToken($_GET['__referer'])))
{ {
@@ -1691,6 +1700,16 @@ if(!isset($_E107['no_online']) && varset($pref['track_online']))
e107::getOnline()->goOnline($pref['track_online'], $pref['flood_protect']); e107::getOnline()->goOnline($pref['track_online'], $pref['flood_protect']);
} }
/**
* Set Cookie
* @param string $name
* @param string $value
* @param integer $expire seconds
* @param string $path
* @param string $domain
* @param boolean $secure
* @return void
*/
function cookie($name, $value, $expire=0, $path = e_HTTP, $domain = '', $secure = 0) function cookie($name, $value, $expire=0, $path = e_HTTP, $domain = '', $secure = 0)
{ {
setcookie($name, $value, $expire, $path, $domain, $secure); setcookie($name, $value, $expire, $path, $domain, $secure);

22
e107_admin/auth.php
View File

@@ -115,11 +115,13 @@ else
} }
$edata_li = array("user_id"=>$row['user_id'], "user_name"=>$row['user_name'], 'class_list'=>implode(',', $class_list), 'user_admin'=> $row['user_admin']); $edata_li = array("user_id"=>$row['user_id'], "user_name"=>$row['user_name'], 'class_list'=>implode(',', $class_list), 'user_admin'=> $row['user_admin']);
e107::getEvent()->trigger("login", $edata_li); // Fix - set cookie before login trigger
session_set(e_COOKIE, $cookieval, (time() + 3600 * 24 * 30)); session_set(e_COOKIE, $cookieval, (time() + 3600 * 24 * 30));
echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n";
e107::getEvent()->trigger("login", $edata_li);
e107::getRedirect()->redirect(e_ADMIN_ABS.'admin.php');
//echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n";
} }
} }
@@ -166,9 +168,10 @@ class auth
<td style='width:35%' class='forumheader3'>".ADLAN_90."</td> <td style='width:35%' class='forumheader3'>".ADLAN_90."</td>
<td class='forumheader3' style='text-align:center'><input class='tbox' type='password' name='authpass' id='userpass' size='30' value='' maxlength='30' />\n"; <td class='forumheader3' style='text-align:center'><input class='tbox' type='password' name='authpass' id='userpass' size='30' value='' maxlength='30' />\n";
if (isset($_SESSION['challenge']) && varset($pref['password_CHAP'], 0)) $session = e107::getSession();
if ($session->is('challenge') && varset($pref['password_CHAP'], 0))
$text .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='{$_SESSION['challenge']}' />\n\n"; $text .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='".$session->get('challenge')."' />\n\n";
$text .= "</td></tr>\n"; $text .= "</td></tr>\n";
if ($use_imagecode) if ($use_imagecode)
@@ -210,7 +213,7 @@ class auth
$tp = e107::getParser(); $tp = e107::getParser();
$sql_auth = e107::getDb('sql_auth'); $sql_auth = e107::getDb('sql_auth');
$user_info = e107::getSession(); $user_info = e107::getUserSession();
$reason = ''; $reason = '';
$authname = $tp->toDB(preg_replace("/\sOR\s|\=|\#/", "", trim($authname))); $authname = $tp->toDB(preg_replace("/\sOR\s|\=|\#/", "", trim($authname)));
@@ -239,9 +242,10 @@ class auth
} }
if (!$reason && ($row['user_id'])) // Can validate password if (!$reason && ($row['user_id'])) // Can validate password
{ {
if (($authresponse && isset($_SESSION['challenge'])) && ($authresponse != $_SESSION['challenge'])) $session = e107::getSession();
if (($authresponse && $session->is('challenge')) && ($authresponse != $session->get('challenge')))
{ // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted) { // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted)
if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) if (($pass_result = $user_info->CheckCHAP($session->get('challenge'), $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID)
{ {
return $$row; return $$row;
} }

2
e107_admin/cron.php
View File

@@ -291,7 +291,7 @@ function setCronPwd()
{ {
global $pref; global $pref;
$userMethods = e107::getSession(); $userMethods = e107::getUserSession();
$newpwd = $userMethods->generateRandomString('*^*#.**^*'); $newpwd = $userMethods->generateRandomString('*^*#.**^*');
$newpwd = sha1($newpwd.time()); $newpwd = sha1($newpwd.time());
$pref['e_cron_pwd'] = $newpwd; $pref['e_cron_pwd'] = $newpwd;

7
e107_admin/footer.php
View File

@@ -21,6 +21,9 @@ $In_e107_Footer = TRUE; // For registered shutdown function
global $error_handler,$db_time,$ADMIN_FOOTER; global $error_handler,$db_time,$ADMIN_FOOTER;
// Clean session shutdown
e107::getSession()->shutdown();
// //
// SHUTDOWN SEQUENCE // SHUTDOWN SEQUENCE
// //
@@ -287,6 +290,8 @@ e107::getJs()->renderJs('footer_inline', true);
// This must be done as late as possible in page processing. // This must be done as late as possible in page processing.
$_serverTime = time(); $_serverTime = time();
$lastSet = isset($_COOKIE['e107_tdSetTime']) ? $_COOKIE['e107_tdSetTime'] : 0; $lastSet = isset($_COOKIE['e107_tdSetTime']) ? $_COOKIE['e107_tdSetTime'] : 0;
$_serverPath = e_HTTP;
$_serverDomain = deftrue('MULTILANG_SUBDOMAIN') ? '.'.e_DOMAIN : '';
if (abs($_serverTime - $lastSet) > 120) if (abs($_serverTime - $lastSet) > 120)
{ {
/* update time delay every couple of minutes. /* update time delay every couple of minutes.
@@ -294,7 +299,7 @@ if (abs($_serverTime - $lastSet) > 120)
* Drawback: each update may cause all server times to display a bit different * Drawback: each update may cause all server times to display a bit different
*/ */
echo "<script type='text/javascript'>\n"; echo "<script type='text/javascript'>\n";
echo "SyncWithServerTime('{$_serverTime}'); echo "SyncWithServerTime('{$_serverTime}', '{$_serverPath}', '{$_serverDomain}');
</script>\n"; </script>\n";
} }

6
e107_admin/language.php
View File

@@ -25,10 +25,10 @@ $e_sub_cat = 'language';
require_once ("auth.php"); require_once ("auth.php");
require_once (e_HANDLER."form_handler.php"); require_once (e_HANDLER."form_handler.php");
require_once (e_HANDLER."message_handler.php"); require_once (e_HANDLER."message_handler.php");
$frm = new e_form(); $frm = e107::getForm();
$emessage = &eMessage::getInstance(); $emessage = e107::getMessage();
$tabs = table_list(); // array("news","content","links"); $tabs = table_list(); // array("news","content","links");
$lanlist = explode(",", e_LANLIST); $lanlist = e107::getLanguage()->installed();// Bugfix - don't use e_LANLIST as it's cached (SESSION)
$message = ''; $message = '';
if (e_QUERY) if (e_QUERY)
{ {

40
e107_admin/links.php
View File

@@ -1,21 +1,25 @@
<?php <?php
/* /*
+ ----------------------------------------------------------------------------+ * e107 website system
| e107 website system *
| * Copyright (C) 2008-2010 e107 Inc (e107.org)
| Copyright (C) 2008-2009 e107 Inc (e107.org) * Released under the terms and conditions of the
| http://e107.org * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
| *
| * Site navigation administration
| Released under the terms and conditions of the *
| GNU General Public License (http://gnu.org). * $URL$
| * $Id$
| $Source: /cvs_backup/e107_0.8/e107_admin/links.php,v $ */
| $Revision$
| $Date$ /**
| $Author$ * @package e107
+----------------------------------------------------------------------------+ * @subpackage admin
*/ * @version $Id$
*
* Manage site navigation links
*/
require_once("../class2.php"); require_once("../class2.php");
if (!getperms("I")) if (!getperms("I"))
{ {
@@ -66,9 +70,9 @@ class links_admin_ui extends e_admin_ui
'checkboxes' => array('title'=> '', 'width' => '3%','forced' => true,'thclass' => 'center first','class' => 'center first'), 'checkboxes' => array('title'=> '', 'width' => '3%','forced' => true,'thclass' => 'center first','class' => 'center first'),
'link_button' => array('title'=> LAN_ICON, 'type'=>'icon', 'width'=>'5%', 'thclass' => 'center', 'class'=>'center'), 'link_button' => array('title'=> LAN_ICON, 'type'=>'icon', 'width'=>'5%', 'thclass' => 'center', 'class'=>'center'),
'link_id' => array('title'=> ID, 'nolist'=>TRUE), 'link_id' => array('title'=> ID, 'nolist'=>TRUE),
'link_name' => array('title'=> LCLAN_15, 'width'=>'auto','type'=>'method'), 'link_name' => array('title'=> LCLAN_15, 'width'=>'auto','type'=>'method', 'validate' => true),
'link_parent' => array('title'=> 'Sublink of', 'type' => 'dropdown', 'width' => 'auto', 'batch'=>true, 'filter'=>true, 'thclass' => 'left first'), 'link_parent' => array('title'=> 'Sublink of', 'type' => 'dropdown', 'width' => 'auto', 'batch'=>true, 'filter'=>true, 'thclass' => 'left first'),
'link_url' => array('title'=> LCLAN_93, 'width'=>'auto', 'type'=>'text'), 'link_url' => array('title'=> LCLAN_93, 'width'=>'auto', 'type'=>'text', 'validate' => true),
'link_class' => array('title'=> LAN_USERCLASS, 'type' => 'userclass', 'batch'=>true, 'filter'=>true, 'width' => 'auto'), 'link_class' => array('title'=> LAN_USERCLASS, 'type' => 'userclass', 'batch'=>true, 'filter'=>true, 'width' => 'auto'),
'link_description' => array('title'=> LCLAN_17, 'type' => 'bbarea', 'method'=>'tinymce_plugins', 'width' => 'auto'), 'link_description' => array('title'=> LCLAN_17, 'type' => 'bbarea', 'method'=>'tinymce_plugins', 'width' => 'auto'),
'link_category' => array('title'=> LCLAN_12, 'type' => 'dropdown', 'batch'=>true, 'filter'=>true, 'width' => 'auto'), 'link_category' => array('title'=> LCLAN_12, 'type' => 'dropdown', 'batch'=>true, 'filter'=>true, 'width' => 'auto'),

6
e107_admin/updateadmin.php
View File

@@ -23,10 +23,10 @@ $e_sub_cat = 'admin_pass';
require_once(e_ADMIN.'auth.php'); require_once(e_ADMIN.'auth.php');
require_once(e_HANDLER.'message_handler.php'); require_once(e_HANDLER.'message_handler.php');
// require_once(e_HANDLER.'user_handler.php'); //use e107::getSession() instead. // require_once(e_HANDLER.'user_handler.php'); //use e107::getUserSession() instead.
require_once(e_HANDLER.'validator_class.php'); require_once(e_HANDLER.'validator_class.php');
$userMethods = e107::getSession(); $userMethods = e107::getUserSession();
$emessage = &eMessage::getInstance(); $emessage = e107::getMessage();
if (isset($_POST['update_settings'])) if (isset($_POST['update_settings']))
{ {

2
e107_admin/users.php
View File

@@ -89,7 +89,7 @@ require_once (e_HANDLER.'validator_class.php');
// $userMethods = new UserHandler; // $userMethods = new UserHandler;
// $colList = $userMethods->getNiceNames(TRUE); // $colList = $userMethods->getNiceNames(TRUE);
$ue = new e107_user_extended; $ue = new e107_user_extended;
$userMethods = e107::getSession(); $userMethods = e107::getUserSession();
$user_data = array(); $user_data = array();
$frm = new e_form; $frm = new e_form;
$rs = new form; $rs = new form;

6
e107_core/shortcodes/batch/admin_shortcodes.php
View File

@@ -776,7 +776,7 @@ class admin_shortcodes
$obj = e107::getDateConvert(); $obj = e107::getDateConvert();
$install_date = $obj->convert_date($pref['install_date'], 'long'); $install_date = $obj->convert_date($pref['install_date'], 'long');
$text = "<b>".FOOTLAN_1."</b> $text = "<b>".FOOTLAN_1."</b>
<br />". <br />".
SITENAME." SITENAME."
@@ -790,6 +790,10 @@ class admin_shortcodes
<br /> <br />
".FOOTLAN_3." ".$e107info['e107_version']." ".FOOTLAN_3." ".$e107info['e107_version']."
<br /><br /> <br /><br />
<b>".FOOTLAN_20."</b>
<br />
[".e_SECURITY_LEVEL."] ".defset('LAN_SECURITYL_'.e_SECURITY_LEVEL, 'n/a')."
<br /><br />
<b>".FOOTLAN_18."</b> <b>".FOOTLAN_18."</b>
<br />".$pref['sitetheme']."<br /><br /> <br />".$pref['sitetheme']."<br /><br />
<b>".FOOTLAN_5."</b> <b>".FOOTLAN_5."</b>

11
e107_files/e107.js
View File

@@ -36,21 +36,24 @@ var localTime = Math.floor(nowLocal.getTime()/1000); /* time, in ms -- recorded
* The value calculated in SyncWithServerTime is not known until after the * The value calculated in SyncWithServerTime is not known until after the
* entire page has been processed. * entire page has been processed.
*/ */
function SyncWithServerTime(serverTime) function SyncWithServerTime(serverTime, path, domain)
{ {
if (serverTime) if (serverTime)
{ {
/* update time difference cookie */ /* update time difference cookie */
var serverDelta=Math.floor(localTime-serverTime); var serverDelta=Math.floor(localTime-serverTime);
document.cookie = 'e107_tdOffset='+serverDelta+'; path=/'; if(!path) path = '/';
document.cookie = 'e107_tdSetTime='+(localTime-serverDelta)+'; path=/'; /* server time when set */ if(!domain) domain = '';
else domain = '; domain=' + domain;
document.cookie = 'e107_tdOffset='+serverDelta+'; path='+path+domain;
document.cookie = 'e107_tdSetTime='+(localTime-serverDelta)+'; path='+path+domain; /* server time when set */
} }
var tzCookie = 'e107_tzOffset='; var tzCookie = 'e107_tzOffset=';
// if (document.cookie.indexOf(tzCookie) < 0) { // if (document.cookie.indexOf(tzCookie) < 0) {
/* set if not already set */ /* set if not already set */
var timezoneOffset = nowLocal.getTimezoneOffset(); /* client-to-GMT in minutes */ var timezoneOffset = nowLocal.getTimezoneOffset(); /* client-to-GMT in minutes */
document.cookie = tzCookie + timezoneOffset+'; path=/'; document.cookie = tzCookie + timezoneOffset+'; path='+path+domain;
// } // }
} }
var ns6=0; var ns6=0;

13
e107_files/jslib/e107.js.php
View File

@@ -31,21 +31,24 @@ var localTime = Math.floor(nowLocal.getTime()/1000); /* time, in ms -- recorded
* The value calculated in SyncWithServerTime is not known until after the * The value calculated in SyncWithServerTime is not known until after the
* entire page has been processed. * entire page has been processed.
*/ */
function SyncWithServerTime(serverTime) function SyncWithServerTime(serverTime, path, domain)
{ {
if (serverTime) if (serverTime)
{ {
/* update time difference cookie */ /* update time difference cookie */
var serverDelta=Math.floor(localTime-serverTime); var serverDelta=Math.floor(localTime-serverTime);
document.cookie = 'e107_tdOffset='+serverDelta+'; path=/'; if(!path) path = '/';
document.cookie = 'e107_tdSetTime='+(localTime-serverDelta)+'; path=/'; /* server time when set */ if(!domain) domain = '';
else domain = '; domain=' + domain;
document.cookie = 'e107_tdOffset='+serverDelta+'; path='+path+domain;
document.cookie = 'e107_tdSetTime='+(localTime-serverDelta)+'; path='+path+domain; /* server time when set */
} }
var tzCookie = 'e107_tzOffset='; var tzCookie = 'e107_tzOffset=';
// if (document.cookie.indexOf(tzCookie) < 0) { // if (document.cookie.indexOf(tzCookie) < 0) {
/* set if not already set */ /* set if not already set */
var timezoneOffset = nowLocal.getTimezoneOffset(); /* client-to-GMT in minutes */ var timezoneOffset = nowLocal.getTimezoneOffset(); /* client-to-GMT in minutes */
document.cookie = tzCookie + timezoneOffset+'; path=/'; document.cookie = tzCookie + timezoneOffset+'; path='+path+domain;
// } // }
} }

9
e107_handlers/admin_log_class.php
View File

@@ -88,7 +88,9 @@ class e_admin_log
define('USER_AUDIT_TEMP_ACCOUNT', 24); // User temporary account define('USER_AUDIT_TEMP_ACCOUNT', 24); // User temporary account
// Init E_MESSAGE_* constants if not already done // Init E_MESSAGE_* constants if not already done
e107::getMessage(); // e107::getMessage(); - just include, message handler is creating session in construct
// it breaks stuff (see class2 - language detection and comments)
require_once(e_HANDLER.'message_handler.php');
$this->_messages = array(); $this->_messages = array();
} }
@@ -139,6 +141,11 @@ class e_admin_log
$event_detail = implode("[!br!]\n", $tmp); $event_detail = implode("[!br!]\n", $tmp);
unset($tmp); unset($tmp);
} }
else
{
// auto-format long details - TODO - shrink details on administration log page, expand/show in DHTML window full details.
$event_detail = str_replace("\n", "[!br!]", $event_detail);
}
if ($this->_options['backtrace'] == true) if ($this->_options['backtrace'] == true)
{ {

1
e107_handlers/admin_ui.php
View File

@@ -2989,6 +2989,7 @@ class e_admin_controller_ui extends e_admin_controller
{ {
$this->$callbackAfter($model->getData(), $old_data, $model->getId()); $this->$callbackAfter($model->getData(), $old_data, $model->getId());
} }
$model->setMessages(true); //FIX - move messages (and session messages) to the default stack
$this->doAfterSubmit($model->getId(), $noredirectAction); $this->doAfterSubmit($model->getId(), $noredirectAction);
return true; return true;
} }

20
e107_handlers/core_functions.php
View File

@@ -152,6 +152,26 @@ function print_a($var, $return = FALSE)
} }
} }
function e_print($expr = null)
{
$args = func_get_args();
if(!$args) return;
foreach ($args as $arg)
{
print_a($arg);
}
}
function e_dump($expr = null)
{
$args = func_get_args();
if(!$args) return;
echo '<pre>';
call_user_func_array('var_dump', $args);
echo '</pre>';
}
/** /**
* Strips slashes from a var if magic_quotes_gqc is enabled * Strips slashes from a var if magic_quotes_gqc is enabled
* *

20
e107_handlers/e107_class.php
View File

@@ -144,6 +144,7 @@ class e107
'e107_user_extended' => '{e_HANDLER}user_extended_class.php', 'e107_user_extended' => '{e_HANDLER}user_extended_class.php',
'e107plugin' => '{e_HANDLER}plugin_class.php', 'e107plugin' => '{e_HANDLER}plugin_class.php',
'eURL' => '{e_HANDLER}e107Url.php', 'eURL' => '{e_HANDLER}e107Url.php',
'e_core_session' => '{e_HANDLER}session_handler.php',
'e_admin_controller' => '{e_HANDLER}admin_ui.php', 'e_admin_controller' => '{e_HANDLER}admin_ui.php',
'e_admin_controller_ui' => '{e_HANDLER}admin_ui.php', 'e_admin_controller_ui' => '{e_HANDLER}admin_ui.php',
'e_admin_dispatcher' => '{e_HANDLER}admin_ui.php', 'e_admin_dispatcher' => '{e_HANDLER}admin_ui.php',
@@ -949,10 +950,27 @@ class e107
* *
* @return UserHandler * @return UserHandler
*/ */
public static function getSession() public static function getUserSession()
{ {
return self::getSingleton('UserHandler', true); return self::getSingleton('UserHandler', true);
} }
/**
* Retrieve core session singleton object(s)
*
* @return e_core_session
*/
public static function getSession($namespace = null)
{
$id = 'core/e107/session/'.(null === $namespace ? 'e107' : $namespace);
if(self::getRegistry($id))
{
return self::getRegistry($id);
}
$session = self::getObject('e_core_session', array('namespace' => $namespace), true);
self::setRegistry($id, $session);
return $session;
}
/** /**
* Retrieve redirection singleton object * Retrieve redirection singleton object

10
e107_handlers/form_handler.php
View File

@@ -660,9 +660,9 @@ class e_form
* Generate hidden security field * Generate hidden security field
* @return string * @return string
*/ */
function referer() function token()
{ {
return "<input type='hidden' name='__referer' value='".defset('POST_REFERER', '')."' id='e-form-referer' />"; return "<input type='hidden' name='e-token' value='".defset('e_TOKEN', '')."' />";
} }
function submit($name, $value, $options = array()) function submit($name, $value, $options = array())
@@ -1724,7 +1724,7 @@ class e_form
$text = " $text = "
<form method='post' action='{$formurl}' id='{$elid}-list-form'> <form method='post' action='{$formurl}' id='{$elid}-list-form'>
<div>".$this->referer()." <div>".$this->token()."
".vartrue($options['fieldset_pre'])." ".vartrue($options['fieldset_pre'])."
<fieldset id='{$elid}-list'> <fieldset id='{$elid}-list'>
<legend class='e-hideme'>".$options['legend']."</legend> <legend class='e-hideme'>".$options['legend']."</legend>
@@ -1845,7 +1845,7 @@ class e_form
$text .= " $text .= "
<form method='post' action='".$url."' id='{$form['id']}-form' enctype='multipart/form-data'> <form method='post' action='".$url."' id='{$form['id']}-form' enctype='multipart/form-data'>
<div> <div>
".$this->referer()." ".$this->token()."
"; ";
foreach ($form['fieldsets'] as $elid => $data) foreach ($form['fieldsets'] as $elid => $data)
@@ -2119,7 +2119,7 @@ class form {
$method = ($form_method ? "method='".$form_method."'" : ""); $method = ($form_method ? "method='".$form_method."'" : "");
$target = ($form_target ? " target='".$form_target."'" : ""); $target = ($form_target ? " target='".$form_target."'" : "");
$name = ($form_name ? " id='".$form_name."' " : " id='myform'"); $name = ($form_name ? " id='".$form_name."' " : " id='myform'");
return "\n<form action='".$form_action."' ".$method.$target.$name.$form_enctype.$form_js.">".e107::getForm()->referer(); return "\n<form action='".$form_action."' ".$method.$target.$name.$form_enctype.$form_js.">".e107::getForm()->token();
} }
function form_text($form_name, $form_size, $form_value, $form_maxlength = FALSE, $form_class = "tbox", $form_readonly = "", $form_tooltip = "", $form_js = "") { function form_text($form_name, $form_size, $form_value, $form_maxlength = FALSE, $form_class = "tbox", $form_readonly = "", $form_tooltip = "", $form_js = "") {

71
e107_handlers/language_class.php
View File

@@ -1,14 +1,22 @@
<?php <?php
/* /*
+ ----------------------------------------------------------------------------+ * e107 website system
| e107 website system - Language Class. *
| * Copyright (C) 2008-2010 e107 Inc (e107.org)
| $URL$ * Released under the terms and conditions of the
| $Revision$ * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
| $Id$ *
| $Author$ * Language handler
+----------------------------------------------------------------------------+ *
*/ * $URL$
* $Id$
*/
/**
* @package e107
* @subpackage e107_handlers
* @version $Id$
*/
class language{ class language{
@@ -370,14 +378,21 @@ class language{
* 3. $_GET['elan'] eg. /index.php?elan=es * 3. $_GET['elan'] eg. /index.php?elan=es
* 4. $_POST['sitelanguage'] eg. <input type='hidden' name='sitelanguage' value='Spanish' /> * 4. $_POST['sitelanguage'] eg. <input type='hidden' name='sitelanguage' value='Spanish' />
* 5. $GLOBALS['elan'] eg. <?php $GLOBALS['elan']='es' (deprecated) * 5. $GLOBALS['elan'] eg. <?php $GLOBALS['elan']='es' (deprecated)
*
* @param boolean $force force detection, don't use cached value
*/ */
function detect() function detect($force = false)
{ {
global $pref; global $pref;
if(false !== $this->detect && !$foce) return $this->detect;
if(varsettrue($pref['multilanguage_subdomain']) && $this->isLangDomain(e_DOMAIN) && (defset('MULTILANG_SUBDOMAIN') !== FALSE)) if(varsettrue($pref['multilanguage_subdomain']) && $this->isLangDomain(e_DOMAIN) && (defset('MULTILANG_SUBDOMAIN') !== FALSE))
{ {
$detect_language = (e_SUBDOMAIN) ? $this->isValid(e_SUBDOMAIN) : $pref['sitelanguage']; $detect_language = (e_SUBDOMAIN) ? $this->isValid(e_SUBDOMAIN) : $pref['sitelanguage'];
e107_ini_set("session.cookie_domain", ".".e_DOMAIN); // Must be before session_start() // Done in session handler now, based on MULTILANG_SUBDOMAIN value
//e107_ini_set("session.cookie_domain", ".".e_DOMAIN); // Must be before session_start()
define('MULTILANG_SUBDOMAIN',TRUE); define('MULTILANG_SUBDOMAIN',TRUE);
} }
elseif(e_MENU && ($detect_language = $this->isValid(e_MENU))) // elseif(e_MENU && ($detect_language = $this->isValid(e_MENU))) //
@@ -403,7 +418,8 @@ class language{
$detect_language = FALSE; // ie. No Change. $detect_language = FALSE; // ie. No Change.
} }
e107_ini_set("session.cookie_path", e_HTTP); // Done in session handler now
// e107_ini_set("session.cookie_path", e_HTTP);
$this->detect = $detect_language; $this->detect = $detect_language;
return $detect_language; return $detect_language;
@@ -417,14 +433,15 @@ class language{
*/ */
function set() function set()
{ {
global $pref; $pref = e107::getPref();
$session = e107::getSession(); // default core session namespace
if($this->detect) // Language-Change Trigger Detected. if($this->detect) // Language-Change Trigger Detected.
{ {
if(!varset($_SESSION['e_language']) || (($_SESSION['e_language'] != $this->detect) && $this->isValid($_SESSION['e_language']))) // new - e_language moved to e107 namespace - $_SESSION['e107']['e_language']
if(!$session->has('e_language') || (($session->get('e_language') != $this->detect) && $this->isValid($session->get('e_language'))))
{ {
$_SESSION['e_language'] = $this->detect; $session->set('e_language', $this->detect);
// echo "Assigning Session Language";
} }
if(varset($_COOKIE['e107_language'])!=$this->detect && (defset('MULTILANG_SUBDOMAIN') != TRUE)) if(varset($_COOKIE['e107_language'])!=$this->detect && (defset('MULTILANG_SUBDOMAIN') != TRUE))
@@ -444,21 +461,21 @@ class language{
} }
else // No Language-change Trigger Detected. else // No Language-change Trigger Detected.
{ {
if(varset($_SESSION['e_language'])!='') if($session->has('e_language'))
{ {
$user_language = $_SESSION['e_language']; $user_language = $session->get('e_language');
} }
elseif(isset($_COOKIE['e107_language']) && ($user_language = $this->isValid($_COOKIE['e107_language']))) elseif(isset($_COOKIE['e107_language']) && ($user_language = $this->isValid($_COOKIE['e107_language'])))
{ {
$_SESSION['e_language'] = $user_language; $session->set('e_language', $user_language);
} }
else else
{ {
$user_language = $pref['sitelanguage']; $user_language = $pref['sitelanguage'];
if(isset($_SESSION['e_language'])) if($session->is('e_language'))
{ {
unset($_SESSION['e_language']); $session->clear('e_language');
} }
if(isset($_COOKIE['e107_language'])) if(isset($_COOKIE['e107_language']))
@@ -485,13 +502,14 @@ class language{
global $pref; global $pref;
$language = $this->e_language; $language = $this->e_language;
$session = e107::getSession();
if(!isset($_SESSION['language-list'])) if(!$session->is('language-list'))
{ {
$_SESSION['language-list'] = implode(',',$this->installed()); $session->set('language-list', implode(',',$this->installed()));
} }
define('e_LANLIST', $_SESSION['language-list']); define('e_LANLIST', $session->get('language-list'));
define('e_LANGUAGE', $language); define('e_LANGUAGE', $language);
define('USERLAN', $language); // Keep USERLAN for backward compatibility define('USERLAN', $language); // Keep USERLAN for backward compatibility
$iso = $this->convert($language); $iso = $this->convert($language);
@@ -511,8 +529,3 @@ class language{
} }
?>

11
e107_handlers/login.php
View File

@@ -345,7 +345,7 @@ class userlogin
} }
// Now check password // Now check password
$this->userMethods = e107::getSession(); $this->userMethods = e107::getUserSession();
if ($forceLogin) if ($forceLogin)
{ {
if (md5($this->userData['user_name'].$this->userData['user_password'].$this->userData['user_join']) != $userpass) if (md5($this->userData['user_name'].$this->userData['user_password'].$this->userData['user_join']) != $userpass)
@@ -355,17 +355,18 @@ class userlogin
} }
else else
{ {
if ((($pref['password_CHAP'] > 0) && ($response && isset($_SESSION['challenge'])) && ($response != $_SESSION['challenge'])) || ($pref['password_CHAP'] == 2)) $session = e107::getSession();
if ((($pref['password_CHAP'] > 0) && ($response && $session->is('challenge')) && ($response != $session->get('challenge'))) || ($pref['password_CHAP'] == 2))
{ // Verify using CHAP { // Verify using CHAP
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login","U: {$username}, P: {$userpass}, C: {$_SESSION['challenge']} R:{$response} S: {$this->userData['user_password']}",FALSE,LOG_TO_ROLLING); // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login","U: {$username}, P: {$userpass}, C: ".$session->get('challenge')." R:{$response} S: {$this->userData['user_password']}",FALSE,LOG_TO_ROLLING);
if (($pass_result = $this->userMethods->CheckCHAP($_SESSION['challenge'], $response, $username, $requiredPassword)) === PASSWORD_INVALID) if (($pass_result = $this->userMethods->CheckCHAP($session->get('challenge'), $response, $username, $requiredPassword)) === PASSWORD_INVALID)
{ {
return $this->invalidLogin($username,LOGIN_CHAP_FAIL); return $this->invalidLogin($username,LOGIN_CHAP_FAIL);
} }
} }
else else
{ // Plaintext password { // Plaintext password
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Plaintext login","U: {$username}, P: {$userpass}, C: {$_SESSION['challenge']} R:{$response} S: {$this->userData['user_password']}",FALSE,LOG_TO_ROLLING); // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Plaintext login","U: {$username}, P: {$userpass}, C: ".$session->get('challenge')." R:{$response} S: {$this->userData['user_password']}",FALSE,LOG_TO_ROLLING);
if (($pass_result = $this->userMethods->CheckPassword($userpass,($this->lookEmail ? $this->userData['user_loginname'] : $username),$requiredPassword)) === PASSWORD_INVALID) if (($pass_result = $this->userMethods->CheckPassword($userpass,($this->lookEmail ? $this->userData['user_loginname'] : $username),$requiredPassword)) === PASSWORD_INVALID)
{ {
return $this->invalidLogin($username,LOGIN_BAD_PW); return $this->invalidLogin($username,LOGIN_BAD_PW);

134
e107_handlers/message_handler.php
View File

@@ -30,7 +30,7 @@ define('E_MESSAGE_DEBUG', 'debug');
* Handle system messages * Handle system messages
* *
* @package e107 * @package e107
* @subpackage e107_handlers * @subpackage e107_handlers
* @version $Id$ * @version $Id$
* @author SecretR * @author SecretR
* @copyright Copyright (C) 2008-2010 e107 Inc (e107.org) * @copyright Copyright (C) 2008-2010 e107 Inc (e107.org)
@@ -52,6 +52,11 @@ class eMessage
*/ */
protected $_session_id; protected $_session_id;
/**
* @var e_core_session
*/
protected $_session_handler = null;
/** /**
* Singleton instance * Singleton instance
* *
@@ -69,26 +74,10 @@ class eMessage
*/ */
protected function __construct() protected function __construct()
{ {
if(!session_id()) session_start(); //if(!session_id()) session_start();
require_once(e_HANDLER.'e107_class.php'); require_once(e_HANDLER.'e107_class.php');
$this->_session_id = e107::getPref('cookie_name', 'e107').'_system_messages'; $this->_session_id = '_system_messages';
//clean up old not used sessions
$tmp = array_keys($_SESSION);
foreach ($tmp as $key)
{
if($key != $this->_session_id && strpos($key, '_system_messages'))
{
unset($_SESSION[$key]);
}
}
unset($tmp);
if(!isset($_SESSION[$this->_session_id]))
{
$_SESSION[$this->_session_id] = array();
}
$this->reset()->mergeWithSession(); $this->reset()->mergeWithSession();
} }
@@ -120,11 +109,36 @@ class eMessage
* @param string $name * @param string $name
* @return object $this * @return object $this
*/ */
public function setSessionId($name) public function setSessionId($name = '')
{ {
$this->_session_id = $name.'_system_messages'; $sid = $name.'_system_messages';
if($this->_session_id != $sid)
{
if(session_id())
{
$session = $this->getSessionHandler();
$session->set($sid, $session->get($this->_session_id, true)); // move
if(!$session->has($sid)) $session->set($sid, array()); // be sure it's array
}
$this->_session_id = $sid;
}
return $this; return $this;
} }
/**
* Get session handler
* @return unknown_type
*/
public function getSessionHandler()
{
if(null === $this->_session_handler)
{
$session = e107::getSession();
if(!$session->has($this->_session_id)) $session->set($this->_session_id, array());
$this->_session_handler = $session;
}
return $this->_session_handler;
}
/** /**
* Add message to a type stack and default message stack * Add message to a type stack and default message stack
@@ -258,7 +272,7 @@ class eMessage
*/ */
public function addSession($message, $type = E_MESSAGE_INFO) public function addSession($message, $type = E_MESSAGE_INFO)
{ {
if(empty($message)) return $this; if(empty($message) || !session_id()) return $this;
$mstack = 'default'; $mstack = 'default';
if(is_array($message)) if(is_array($message))
@@ -266,8 +280,13 @@ class eMessage
$mstack = $message[1]; $mstack = $message[1];
$message = $message[0]; $message = $message[0];
} }
$SESSION = $this->getSessionHandler()->get($this->_session_id);
if($this->isType($type)) $_SESSION[$this->_session_id][$type][$mstack][] = $message; if($this->isType($type))
{
$SESSION[$type][$mstack][] = $message;
$this->getSessionHandler()->set($this->_session_id, $SESSION);
}
return $this; return $this;
} }
@@ -362,7 +381,9 @@ class eMessage
*/ */
public function getSession($type, $mstack = 'default', $raw = false, $reset = true) public function getSession($type, $mstack = 'default', $raw = false, $reset = true)
{ {
$message = isset($_SESSION[$this->_session_id][$type][$mstack]) ? $_SESSION[$this->_session_id][$type][$mstack] : ''; if(!session_id()) return null;
$SESSION = $this->getSessionHandler()->get($this->_session_id);
$message = isset($SESSION[$type][$mstack]) ? $SESSION[$type][$mstack] : '';
if($reset) $this->resetSession($type, $mstack); if($reset) $this->resetSession($type, $mstack);
return (true === $raw ? $message : self::formatMessage($mstack, $type, $message)); return (true === $raw ? $message : self::formatMessage($mstack, $type, $message));
@@ -378,6 +399,7 @@ class eMessage
*/ */
public function getAllSession($mstack = 'default', $raw = false, $reset = true) public function getAllSession($mstack = 'default', $raw = false, $reset = true)
{ {
if(!session_id()) return array();
$ret = array(); $ret = array();
foreach ($this->_get_types() as $type) foreach ($this->_get_types() as $type)
{ {
@@ -511,35 +533,37 @@ class eMessage
*/ */
public function resetSession($type = false, $mstack = false) public function resetSession($type = false, $mstack = false)
{ {
if(!session_id()) return $this;
$SESSION = $this->getSessionHandler()->get($this->_session_id);
if(false === $type) if(false === $type)
{ {
if(false === $mstack) if(false === $mstack)
{ {
$_SESSION[$this->_session_id] = $this->_type_map(); $SESSION = $this->_type_map();
} }
elseif($_SESSION[$this->_session_id]) elseif($SESSION)
{ {
foreach ($_SESSION[$this->_session_id] as $t => $_mstack) foreach ($SESSION as $t => $_mstack)
{ {
if(is_array($_mstack)) if(is_array($_mstack))
{ {
unset($_SESSION[$this->_session_id][$t][$mstack]); unset($SESSION[$t][$mstack]);
} }
} }
} }
} }
elseif(isset($_SESSION[$this->_session_id][$type])) elseif(isset($SESSION[$type]))
{ {
if(false === $mstack) if(false === $mstack)
{ {
$_SESSION[$this->_session_id][$type] = array(); $SESSION[$type] = array();
} }
elseif(is_array($_SESSION[$this->_session_id][$type])) elseif(is_array($SESSION[$type]))
{ {
unset($_SESSION[$this->_session_id][$type][$mstack]); unset($SESSION[$type][$mstack]);
} }
} }
$this->getSessionHandler()->set($this->_session_id, $SESSION);
return $this; return $this;
} }
@@ -551,27 +575,31 @@ class eMessage
*/ */
public function mergeWithSession($reset = true, $mstack = false) public function mergeWithSession($reset = true, $mstack = false)
{ {
if(is_array($_SESSION[$this->_session_id])) // do nothing if there is still no session
if(!session_id()) return $this;
$SESSION = $this->getSessionHandler()->get($this->_session_id);
if(!empty($SESSION))
{ {
foreach (array_keys($_SESSION[$this->_session_id]) as $type) foreach (array_keys($SESSION) as $type)
{ {
if(!$this->isType($type)) if(!$this->isType($type))
{ {
unset($_SESSION[$this->_session_id][$type]); unset($SESSION[$type]);
continue; continue;
} }
if(false === $mstack) if(false === $mstack)
{ {
$this->_sysmsg[$type] = array_merge_recursive($this->_sysmsg[$type], $_SESSION[$this->_session_id][$type]); $this->_sysmsg[$type] = array_merge_recursive($this->_sysmsg[$type], $SESSION[$type]);
continue; continue;
} }
if(isset($_SESSION[$this->_session_id][$type][$mstack])) if(isset($SESSION[$type][$mstack]))
{ {
$this->_sysmsg[$type][$mstack] = $_SESSION[$this->_session_id][$type][$mstack]; $this->_sysmsg[$type][$mstack] = $SESSION[$type][$mstack];
} }
} }
$this->getSessionHandler()->set($this->_session_id, $SESSION);
} }
if($reset) $this->resetSession(false, $mstack); if($reset) $this->resetSession(false, $mstack);
return $this; return $this;
@@ -586,6 +614,10 @@ class eMessage
*/ */
public function moveToSession($mstack = false, $message_type = false) public function moveToSession($mstack = false, $message_type = false)
{ {
// do nothing if there is still no session
if(!session_id()) return $this;
$SESSION = $this->getSessionHandler()->get($this->_session_id);
foreach (array_keys($this->_sysmsg) as $type) foreach (array_keys($this->_sysmsg) as $type)
{ {
if(!$this->isType($type) || ($message_type && $message_type !== $type)) if(!$this->isType($type) || ($message_type && $message_type !== $type))
@@ -595,16 +627,16 @@ class eMessage
} }
if(false === $mstack) if(false === $mstack)
{ {
$_SESSION[$this->_session_id][$type] = array_merge_recursive( $_SESSION[$this->_session_id][$type], $this->_sysmsg[$type]); $SESSION[$type] = array_merge_recursive($SESSION[$type], $this->_sysmsg[$type]);
continue; continue;
} }
if(isset($this->_sysmsg[$type][$mstack])) if(isset($this->_sysmsg[$type][$mstack]))
{ {
$_SESSION[$this->_session_id][$type][$mstack] = $this->_sysmsg[$type][$mstack]; $SESSION[$type][$mstack] = $this->_sysmsg[$type][$mstack];
} }
} }
$this->getSessionHandler()->set($this->_session_id, $SESSION);
$this->reset($message_type, $mstack, false); $this->reset($message_type, $mstack, false);
return $this; return $this;
} }
@@ -656,8 +688,11 @@ class eMessage
*/ */
public function moveSessionStack($from_stack, $to_stack = 'default', $type = false) public function moveSessionStack($from_stack, $to_stack = 'default', $type = false)
{ {
if($from_stack == $to_stack) return $this; // do nothing if there is still no session
foreach ($_SESSION[$this->_session_id] as $_type => $stacks) if(!session_id() || $from_stack == $to_stack) return $this;
$SESSION = $this->getSessionHandler()->get($this->_session_id);
foreach ($SESSION as $_type => $stacks)
{ {
if($type && $type !== $_type) if($type && $type !== $_type)
{ {
@@ -665,14 +700,15 @@ class eMessage
} }
if(isset($stacks[$from_stack])) if(isset($stacks[$from_stack]))
{ {
if(!isset($_SESSION[$this->_session_id][$_type][$to_stack])) if(!isset($SESSION[$_type][$to_stack]))
{ {
$_SESSION[$this->_session_id][$_type][$to_stack] = array(); $SESSION[$_type][$to_stack] = array();
} }
$_SESSION[$this->_session_id][$_type][$to_stack] = array_merge($_SESSION[$this->_session_id][$_type][$to_stack], $this->_sysmsg[$_type][$from_stack]); $SESSION[$_type][$to_stack] = array_merge($SESSION[$_type][$to_stack], $this->_sysmsg[$_type][$from_stack]);
unset($_SESSION[$this->_session_id][$_type][$from_stack]); unset($SESSION[$_type][$from_stack]);
} }
} }
$this->getSessionHandler()->set($this->_session_id, $SESSION);
return $this; return $this;
} }

11
e107_handlers/user_model.php
View File

@@ -183,13 +183,16 @@ class e_user_model extends e_front_model
return ($this->isAdmin() ? $this->get('user_perms') : false); return ($this->isAdmin() ? $this->get('user_perms') : false);
} }
/**
* DEPRECATED - will be removed or changed soon (see e_session)
* @return string
*/
public function getToken() public function getToken()
{ {
if($this->isUser()) return '';
if(null === $this->get('user_token')) if(null === $this->get('user_token'))
{ {
$this->set('user_token', md5($this->get('user_password').$this->get('user_lastvisit').$this->get('user_pwchange').$this->get('user_class'))); //$this->set('user_token', md5($this->get('user_password').$this->get('user_lastvisit').$this->get('user_pwchange').$this->get('user_class')));
$this->set('user_token', e107::getSession()->getFormToken(false));
} }
return $this->get('user_token'); return $this->get('user_token');
} }
@@ -307,6 +310,7 @@ class e_user_model extends e_front_model
/** /**
* Check passed value against current user token * Check passed value against current user token
* DEPRECATED - will be removed or changed soon (see e_core_session)
* @param string $token md5 sum of e.g. posted token * @param string $token md5 sum of e.g. posted token
* @return boolean * @return boolean
*/ */
@@ -1286,6 +1290,7 @@ class e_user extends e_user_model
{ {
$this->_session_key = e107::getPref('cookie_name', 'e107cookie'); $this->_session_key = e107::getPref('cookie_name', 'e107cookie');
$this->_session_type = e107::getPref('user_tracking', 'cookie'); $this->_session_type = e107::getPref('user_tracking', 'cookie');
if('session' == $this->_session_type && isset($_SESSION[$this->_session_key]) && !empty($_SESSION[$this->_session_key])) if('session' == $this->_session_type && isset($_SESSION[$this->_session_key]) && !empty($_SESSION[$this->_session_key]))
{ {
$this->_session_data = &$_SESSION[$this->_session_key]; $this->_session_data = &$_SESSION[$this->_session_key];

9
e107_languages/English/admin/lan_admin.php
View File

@@ -315,7 +315,8 @@ define("LAN_DESCRIPTION", "Description");
define("LAN_VISIBILITY", "Visibility"); define("LAN_VISIBILITY", "Visibility");
define("LAN_ICON", "Icon"); define("LAN_ICON", "Icon");
define("LAN_SECURITYL_0", "Looking for troubles (none)");
define("LAN_SECURITYL_5", "Balanced");
define("LAN_SECURITYL_7", "High");
define("LAN_SECURITYL_9", "Paranoid");
define("LAN_SECURITYL_10", "Insane");

1
e107_languages/English/admin/lan_footer.php
View File

@@ -28,4 +28,5 @@ define("FOOTLAN_16", "Database");
define("FOOTLAN_17", "Charset"); define("FOOTLAN_17", "Charset");
define("FOOTLAN_18", "Site Theme"); define("FOOTLAN_18", "Site Theme");
define("FOOTLAN_19", "Server Time"); define("FOOTLAN_19", "Server Time");
define("FOOTLAN_20", "Security level");
?> ?>

2
e107_plugins/login_menu/login_menu_shortcodes.php
View File

@@ -55,7 +55,7 @@ SC_END
SC_BEGIN LM_PASSWORD_INPUT SC_BEGIN LM_PASSWORD_INPUT
global $pref; global $pref;
$t_password = "<input class='tbox login pass' type='password' name='userpass' id='userpass' size='15' value='' maxlength='30' />\n"; $t_password = "<input class='tbox login pass' type='password' name='userpass' id='userpass' size='15' value='' maxlength='30' />\n";
if (!USER && isset($_SESSION['challenge']) && varset($pref['password_CHAP'],0)) $t_password .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='{$_SESSION['challenge']}' />\n\n"; if (!USER && e107::getSession()->is('challenge') && varset($pref['password_CHAP'],0)) $t_password .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='".e107::getSession()->get('challenge')."' />\n\n";
return $t_password; return $t_password;
SC_END SC_END

7
e107_themes/templates/footer_default.php
View File

@@ -20,6 +20,9 @@ $In_e107_Footer = TRUE; // For registered shutdown function
global $error_handler,$db_time,$FOOTER; global $error_handler,$db_time,$FOOTER;
// Clean session shutdown
e107::getSession()->shutdown();
// //
// SHUTDOWN SEQUENCE // SHUTDOWN SEQUENCE
// //
@@ -267,6 +270,8 @@ e107::getJs()->renderJs('footer_inline', true);
// This must be done as late as possible in page processing. // This must be done as late as possible in page processing.
$_serverTime = time(); $_serverTime = time();
$lastSet = isset($_COOKIE['e107_tdSetTime']) ? $_COOKIE['e107_tdSetTime'] : 0; $lastSet = isset($_COOKIE['e107_tdSetTime']) ? $_COOKIE['e107_tdSetTime'] : 0;
$_serverPath = e_HTTP;
$_serverDomain = deftrue('MULTILANG_SUBDOMAIN') ? '.'.e_DOMAIN : '';
if (abs($_serverTime - $lastSet) > 120) if (abs($_serverTime - $lastSet) > 120)
{ {
/* update time delay every couple of minutes. /* update time delay every couple of minutes.
@@ -274,7 +279,7 @@ if (abs($_serverTime - $lastSet) > 120)
* Drawback: each update may cause all server times to display a bit different * Drawback: each update may cause all server times to display a bit different
*/ */
echo "<script type='text/javascript'>\n"; echo "<script type='text/javascript'>\n";
echo "SyncWithServerTime('{$_serverTime}'); echo "SyncWithServerTime('{$_serverTime}', '{$_serverPath}', '{$_serverDomain}');
</script>\n"; </script>\n";
} }

2
fpw.php
View File

@@ -44,7 +44,7 @@ if ($pref['membersonly_enabled'])
$FOOTER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_FOOTER); $FOOTER = preg_replace("/\{(.*?)\}/e", '$\1', $FPW_TABLE_FOOTER);
} }
$user_info = e107::getSession(); $user_info = e107::getUserSession();
require_once(HEADERF); require_once(HEADERF);

15
install_.php
View File

@@ -160,7 +160,13 @@ $e107_paths = array();
$e107 = e107::getInstance(); $e107 = e107::getInstance();
$e107->initInstall($e107_paths, realpath(dirname(__FILE__))); $e107->initInstall($e107_paths, realpath(dirname(__FILE__)));
unset($e107_paths); unset($e107_paths);
session_start();
// NEW - session handler
require_once(e_HANDLER.'session_handler.php');
define('e_SECURITY_LEVEL', e_session::SECURITY_LEVEL_NONE);
define('e_COOKIE', 'e107install');
e107::getSession(); // starts session, creates default namespace
// session_start();
function include_lan($path, $force = false) function include_lan($path, $force = false)
{ {
@@ -199,7 +205,7 @@ class e_install
var $required = ""; //TODO - use for highlighting required fields with css/js. var $required = ""; //TODO - use for highlighting required fields with css/js.
var $logFile; // Name of log file, empty string if logging disabled var $logFile; // Name of log file, empty string if logging disabled
var $dbLink = NULL; // DB link - needed for PHP5.3 bug var $dbLink = NULL; // DB link - needed for PHP5.3 bug
var $session = null;
// public function __construct() // public function __construct()
function e_install() function e_install()
@@ -208,6 +214,9 @@ class e_install
define('USERID', 1); define('USERID', 1);
define('USER', true); define('USER', true);
define('ADMIN', true); define('ADMIN', true);
// session instance
$this->session = e107::getSession();
$this->logFile = ''; $this->logFile = '';
if (MAKE_INSTALL_LOG) if (MAKE_INSTALL_LOG)
@@ -1357,7 +1366,7 @@ class e_install
return nl2br(LANINS_060)."<br /><br />"; return nl2br(LANINS_060)."<br /><br />";
} }
preg_match_all("/create(.*?)(?:myisam|innodb);/si", $sql_data, $result ); preg_match_all("/create(.*?)(?:myisam|innodb);/si", $sql_data, $result );
// Force UTF-8 again // Force UTF-8 again
$this->dbqry('SET NAMES `utf8`'); $this->dbqry('SET NAMES `utf8`');

4
login.php
View File

@@ -48,9 +48,9 @@ if (!USER)
$LOGIN_TABLE_LOGINMESSAGE = LOGINMESSAGE; $LOGIN_TABLE_LOGINMESSAGE = LOGINMESSAGE;
$LOGIN_TABLE_USERNAME = "<input class='tbox' type='text' name='username' id='username' size='40' maxlength='100' />"; $LOGIN_TABLE_USERNAME = "<input class='tbox' type='text' name='username' id='username' size='40' maxlength='100' />";
$LOGIN_TABLE_PASSWORD = "<input class='tbox' type='password' name='userpass' id='userpass' size='40' maxlength='100' />"; $LOGIN_TABLE_PASSWORD = "<input class='tbox' type='password' name='userpass' id='userpass' size='40' maxlength='100' />";
if (!USER && isset($_SESSION['challenge']) && varset($pref['password_CHAP'],0)) if (!USER && e107::getSession()->is('challenge') && varset($pref['password_CHAP'],0))
{ {
$LOGIN_TABLE_PASSWORD .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='{$_SESSION['challenge']}' />\n\n"; $LOGIN_TABLE_PASSWORD .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='".e107::getSession()->get('challenge')."' />\n\n";
} }
if ($use_imagecode) if ($use_imagecode)
{ {

2
signup.php
View File

@@ -36,7 +36,7 @@ require_once(e_HANDLER.'calendar/calendar_class.php');
$cal = new DHTML_Calendar(true); $cal = new DHTML_Calendar(true);
require_once(e_HANDLER.'validator_class.php'); require_once(e_HANDLER.'validator_class.php');
// require_once(e_HANDLER.'user_handler.php'); // require_once(e_HANDLER.'user_handler.php');
$userMethods = e107::getSession(); $userMethods = e107::getUserSession();
$userMethods->deleteExpired(); // Delete time-expired partial registrations $userMethods->deleteExpired(); // Delete time-expired partial registrations
require_once(e107::coreTemplatePath('signup')); //correct way to load a core template. require_once(e107::coreTemplatePath('signup')); //correct way to load a core template.

2
usersettings.php
View File

@@ -53,7 +53,7 @@ require_once (e_HANDLER.'user_extended_class.php');
require_once(e_HANDLER.'validator_class.php'); require_once(e_HANDLER.'validator_class.php');
$ue = new e107_user_extended; $ue = new e107_user_extended;
$userMethods = e107::getSession(); $userMethods = e107::getUserSession();
require_once (e_HANDLER.'ren_help.php'); require_once (e_HANDLER.'ren_help.php');
include_once (e107::coreTemplatePath('usersettings')); //correct way to load a core template. include_once (e107::coreTemplatePath('usersettings')); //correct way to load a core template.