New sessions related improvements/fixes; extra check in Site preferences area for cookie name - session/cookie regeneration, prevent logout; varoious redirection handler improvements plus new e107 method candidates - get/set/clear Cookies based on site preferences.

2025-03-14 01:19:44 +01:00 · 2010-10-27 11:31:18 +00:00 · 2010-10-27 11:31:18 +00:00 · cd49c6c850
commit cd49c6c850
parent c11685e482
6 changed files with 191 additions and 81 deletions
--- a/e107_admin/prefs.php
+++ b/e107_admin/prefs.php
@ -86,6 +86,7 @@ if(isset($_POST['updateprefs']))

 	// FIXME - automate - pref model & validation handler
 	$prefChanges = array();
+	$sessionRegenerate = false;
 	foreach($_POST as $key => $value)
 	{
 		if(isset($pref_limits[$key]))
@ -95,12 +96,12 @@ if(isset($_POST['updateprefs']))
 				if($value < $pref_limits[$key]['min'])
 				{
 					$value = $pref_limits[$key]['min'];
-					$emessage->add(str_replace(array('--FIELD--','--VALUE--'),array($key,$value),PRFLAN_213), E_MESSAGE_WARNING);
+					$emessage->addWarning(str_replace(array('--FIELD--','--VALUE--'),array($key,$value),PRFLAN_213));
 				}
 				if($value > $pref_limits[$key]['max'])
 				{
 					$value = $pref_limits[$key]['max'];
-					$emessage->add(str_replace(array('--FIELD--','--VALUE--'),array($key,$value),PRFLAN_212), E_MESSAGE_WARNING);
+					$emessage->addWarning(str_replace(array('--FIELD--','--VALUE--'),array($key,$value),PRFLAN_212));
 				}
 			}
 			else
@ -109,6 +110,20 @@ if(isset($_POST['updateprefs']))
 			}
 			$newValue = $value;
 		}
+		elseif('cookie_name' == $key && $core_pref->get($key) != $value)
+		{
+			// special case
+			if(!preg_match('/^[\w\-]+$/', $value))
+			{
+				$newValue = e_COOKIE;
+				$emessage->addWarning(PRFLAN_219);
+			}
+			else 
+			{
+				$newValue = $value;
+				$sessionRegenerate = true;
+			}
+		}
 		else
 		{
 			$newValue = $tp->toDB($value);
@ -121,30 +136,18 @@ if(isset($_POST['updateprefs']))
 		}*/
 	}
 	$core_pref->save(false);
-	/*if(count($prefChanges))
-	{ // Values have changed
-		$e107cache->clear('', TRUE);
-		$saved = save_prefs();
-		$logStr = '';
-		foreach($prefChanges as $k => $v)
-		{
-			$logStr .= "[!br!]{$k} => {$v}";
-		}
-		$admin_log->log_event('PREFS_01', PRFLAN_195.$logStr);
-		$e107->sql->db_Select_gen("TRUNCATE ".MPREFIX."online");
-	}*/
-	//if($saved)
+	// special case, do session cleanup, logout, redirect to login screen
+	if($sessionRegenerate)
 	{
-		/*$emessage->addSession(PRFLAN_106, E_MESSAGE_SUCCESS);
-		header("location:".e_ADMIN."prefs.php?u");
-		exit();*/
-		//no redirect, smarter form (remember last used tab
-		//$emessage->add(PRFLAN_106, E_MESSAGE_SUCCESS);
-	}
-	//else
-	{
-// done in class2:		include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_admin.php');
-		//$emessage->add(LAN_NO_CHANGE);
+		// reset cookie
+		cookie($core_pref->get('cookie_name'), $_COOKIE[e_COOKIE], (time() + 3600 * 24 * 30), e_HTTP, e107::getLanguage()->getCookieDomain());
+		cookie(e_COOKIE, null, null);
+		
+		// regenerate session
+		$s = $_SESSION;
+		e107::getSession()->destroy();
+		$session = new e_core_session(array('name' => $core_pref->get('cookie_name')));
+		$_SESSION = $s;
 	}
 }

--- a/e107_handlers/language_class.php
+++ b/e107_handlers/language_class.php
@ -25,6 +25,7 @@ class language{
 // Valid Language Pack Names are shown directly below on the right. 
 	var $detect = FALSE;
 	var $e_language = 'English'; // replaced later with $pref
+	var $_cookie_domain = '';

 	var $list = array(
            "aa" => "Afar",
@ -369,8 +370,6 @@ class language{
        return $urlval;
 	}
 	
-	
-	
 	/**
 	* Detect a Language Change
 	* 1. Parked (sub)Domain		eg. http://es.mydomain.com (Preferred for SEO)
@ -387,12 +386,13 @@ class language{
 		
 		
 		if(false !== $this->detect && !$foce) return $this->detect;
-		
+		$this->_cookie_domain = '';
 		if(varsettrue($pref['multilanguage_subdomain']) && $this->isLangDomain(e_DOMAIN) && (defset('MULTILANG_SUBDOMAIN') !== FALSE)) 
 		{
 			$detect_language = (e_SUBDOMAIN) ? $this->isValid(e_SUBDOMAIN) : $pref['sitelanguage'];
 			// Done in session handler now, based on MULTILANG_SUBDOMAIN value
 			//e107_ini_set("session.cookie_domain", ".".e_DOMAIN); // Must be before session_start()
+			$this->_cookie_domain = ".".e_DOMAIN;
 			define('MULTILANG_SUBDOMAIN',TRUE);
 		}
 		elseif(e_MENU && ($detect_language = $this->isValid(e_MENU))) // 
@ -425,7 +425,16 @@ class language{
 		return $detect_language;
 	}

-
+	/**
+	 * Get domain to be used in cookeis (e.g. .domain.com), or empty
+	 * if multi-language subdomain settings not enabled
+	 * Available after self::detect() 
+	 * @return string
+	 */
+	public function getCookieDomain()
+	{
+		return $this->_cookie_domain;
+	}

 	/**
 	 * Set the Language (Constants, $_SESSION and $_COOKIE) for the current page. 
--- a/e107_handlers/redirection_class.php
+++ b/e107_handlers/redirection_class.php
@ -1,20 +1,15 @@
 <?php 
 /*
- + ----------------------------------------------------------------------------+
- |     e107 website system
- |
- |     Copyright (C) 2008-2009 e107 Inc
- |     http://e107.org
- |
- |
- |     Released under the terms and conditions of the
- |     GNU General Public License (http://gnu.org).
- |
- |     $Source: /cvs_backup/e107_0.8/e107_handlers/redirection_class.php,v $
- |     $Revision$
- |     $Date$
- |     $Author$
- +----------------------------------------------------------------------------+
+ * e107 website system
+ *
+ * Copyright (C) 2008-2010 e107 Inc (e107.org)
+ * Released under the terms and conditions of the
+ * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
+ *
+ * Redirection handler
+ *
+ * $URL$
+ * $Id$
 */

 /**
@ -24,7 +19,7 @@
 * @category e107_handlers
 * @version 1.0
 * @author Cameron
- * @copyright Copyright (C) 2009, e107 Inc.
+ * @copyright Copyright (C) 2008-2010 e107 Inc.
 */
 class redirection
 {
@ -42,7 +37,10 @@ class redirection
 	 */
 	protected $page_exceptions = array();
 	
-	
+	/**
+	 * List of queries to not check against e_QUERY
+	 * @var array
+	 */
 	protected $query_exceptions = array();
 	
 	/**
@ -59,53 +57,127 @@ class redirection
 	
 	/**
 	 * Store the current URL in a cookie for 5 minutes so we can return to it after being logged out. 
-	 * @return none
+	 * @param string $url if empty self url will be used
+	 * @param boolean $forceNoSef if false REQUEST_URI will be used (mod_rewrite support)
+	 * @return redirection
 	 */
-	function setPreviousUrl()
+	function setPreviousUrl($url = null, $forceNoSef = false, $forceCookie = false)
 	{
-		if(in_array(e_SELF, $this->self_exceptions))
+		if(!$url)
 		{
-			return;
-		}
-		if(in_array(e_PAGE, $this->page_exceptions))
-		{
-			return;
-		}
-		if(in_array(e_QUERY, $this->query_exceptions))
-		{
-			return;
+			if(in_array(e_SELF, $this->self_exceptions))
+			{
+				return;
+			}
+			if(in_array(e_PAGE, $this->page_exceptions))
+			{
+				return;
+			}
+			if(in_array(e_QUERY, $this->query_exceptions))
+			{
+				return;
+			}
+			$url = $this->getSelf($forceNoSef);
 		}
 		
-		$self = (e_QUERY) ? e_SELF."?".e_QUERY : e_SELF;
+		$this->setCookie('_previousUrl', $url, 300, $forceCookie);
+		//session_set(e_COOKIE.'_previousUrl',$self ,(time()+300));	
 		
-		session_set(e_COOKIE.'_previousUrl',$self ,(time()+300));	
+		return $this;
+	}
+	
+	public function getSelf($forceNoSef = false)
+	{
+		if($forceNoSef)
+		{
+			$url = (e_QUERY) ? e_SELF."?".e_QUERY : e_SELF;
+		}
+		else
+		{
+			// TODO - e107::requestUri() - sanitize, add support for various HTTP servers
+			$url = SITEURLBASE.strip_tags($_SERVER['REQUEST_URI']);
+		}
+		return $url;
 	}

-	
 	/**
 	 * Return the URL the admin was on, prior to being logged-out. 
 	 * @return string 
 	 */
 	public function getPreviousUrl()
-	{		
-		return $this->getCookie('previousUrl');
+	{
+		return $this->getCookie('_previousUrl');
 	}
 		
-	
-	private function getCookie($name) //TODO move to e107_class or a new user l class. 
+	/**
+	 * Get value stored with self::setCookie()
+	 * @param string $name
+	 * @return mixed
+	 */
+	public function getCookie($name) //TODO move to e107_class or a new user l class. 
 	{	
 		$cookiename = e_COOKIE."_".$name;
+		$session = e107::getSession();
 		
-		if(vartrue($_SESSION[$cookiename]))
+		if($session->has($name))
 		{
-			return $_SESSION[$cookiename];
+			// expired - cookie like session implementation
+			if((integer) $session->get($name.'_expire') < time())
+			{
+				$session->clear($name.'_expire')
+					->clear($name);
+				return false;
+			}
+			return $session->get($name);
 		}
-		elseif(vartrue($_COOKIE[$cookiename]))
+		// fix - prevent null values
+		elseif(isset($_COOKIE[$cookiename]) && $_COOKIE[$cookiename])
 		{
 			return $_COOKIE[$cookiename];	
 		}

-		return FALSE;	
+		return false;	
+	}
+	
+	/**
+	 * Register url in current session
+	 * @param string $name
+	 * @param string $value
+	 * @param integer $expire expire after value in seconds, null (default) - ignore
+	 * @return redirection
+	 */
+	public function setCookie($name, $value, $expire = null, $forceCookie = false)
+	{
+		$cookiename = e_COOKIE."_".$name;
+		$session = e107::getSession();
+		
+		if(!$forceCookie && e107::getPref('cookie_name') != 'cookie')
+		{
+			// expired - cookie like session implementation
+			if(null !== $expire) $session->set($name.'_expire', time() + (integer) $expire); 
+			$session->set($name, $value);
+		}
+		else
+		{
+			cookie($cookiename, $value, time() + (integer) $expire, e_HTTP, e107::getLanguage()->getCookieDomain());
+		}
+
+		return $this;
+	}
+	
+	/**
+	 * Clear data set via self::setCookie()
+	 * @param string $name
+	 * @return redirection
+	 */
+	public function clearCookie($name)
+	{
+		$cookiename = e_COOKIE."_".$name;
+		$session = e107::getSession();
+		$session->clear($name)
+			->clear($name.'_expire');
+		cookie($cookiename, null, null, e_HTTP, e107::getLanguage()->getCookieDomain());
+		return $this;
 	}
 	
 	
@ -193,12 +265,12 @@ class redirection
 	 *
 	 * @return void
 	 */
-	private function saveMembersOnlyUrl()
+	private function saveMembersOnlyUrl($forceNoSef = false)
 	{
 		// remember the url for after-login.
-		$afterlogin = e_COOKIE.'_afterlogin';
-		$url = (e_QUERY ? e_SELF.'?'.e_QUERY : e_SELF);
-		session_set($afterlogin, $url, time() + 300);
+		//$afterlogin = e_COOKIE.'_afterlogin';
+		$this->setCookie('_afterlogin', $this->getSelf($forceNoSef), 300);
+		//session_set($afterlogin, $url, time() + 300);
 	}

 	
@ -209,13 +281,22 @@ class redirection
 	 */
 	private function restoreMembersOnlyUrl()
 	{
-		if(USER && ($_SESSION[e_COOKIE.'_afterlogin'] || $_COOKIE[e_COOKIE.'_afterlogin']))
+		$url = $this->getCookie('_afterlogin');
+		if(USER && $url)
 		{
-			$url = ($_SESSION[e_COOKIE.'_afterlogin']) ? $_SESSION[e_COOKIE.'_afterlogin'] : $_COOKIE[e_COOKIE.'_afterlogin'];
-			session_set(e_COOKIE.'_afterlogin', FALSE, -1000);
+			//session_set(e_COOKIE.'_afterlogin', FALSE, -1000);
+			$this->clearCookie('_afterlogin');
 			$this->redirect($url);
 		}
 	}
+	
+	public function redirectPrevious()
+	{
+		if($this->getPreviousUrl())
+		{
+			$this->redirect($this->getPreviousUrl());
+		}
+	}

 	
 	/**
--- a/e107_handlers/session_handler.php
+++ b/e107_handlers/session_handler.php
@ -322,6 +322,15 @@ class e_session
 		}
 		return $this;
 	}
+	
+	/**
+	 * Get registered namespace key
+	 * @return string
+	 */
+	public function getNamespaceKey()
+	{
+		return $this->_namespace;
+	}

 	/**
 	 * Reset session options
@ -714,6 +723,11 @@ class e_session
 		session_destroy();
 		return $this;
 	}
+	
+	public function replaceRegistry()
+	{
+		e107::setRegistry('core/e107/session/'.$this->_namespace, $this, true);
+	}
 }

 class e_core_session extends e_session
@ -724,15 +738,17 @@ class e_core_session extends e_session
 	 * able to extend the base e_session class and 
 	 * add more or override the implemented functionality, has their own
 	 * namespace, add more session security etc.
-	 * @param array $config session config data
+	 * @param array $data session config data
 	 */
 	public function __construct($data = array())
 	{	
 		// default system configuration
 		$this->setDefaultSystemConfig();
 		
+		// TODO $data[config] and $data[options] to override default settings
+		
 		$namespace = 'e107';
-		$name = deftrue('e_COOKIE', 'e107').'SID';
+		$name = (isset($data['name']) && !empty($data['name']) ? $data['name'] : deftrue('e_COOKIE', 'e107')).'SID';
 		if(isset($data['namespace']) && !empty($data['namespace'])) $namespace = $data['namespace'];
 		// create $_SESSION['e107'] namespace by default
 		$this->init($namespace, $name);
--- a/e107_handlers/user_model.php
+++ b/e107_handlers/user_model.php
@ -1081,7 +1081,8 @@ class e_user extends e_user_model
 			->_destroySession();

 		parent::destroy();
-		if(session_id()) session_destroy();
+		//if(session_id()) session_destroy();
+		e107::getSession()->destroy();

 		e107::setRegistry('core/e107/current_user', null);
 		return $this;
@ -1244,7 +1245,7 @@ class e_user extends e_user_model
 	final protected function _destroySession()
 	{
 		cookie($this->_session_key, '', (time() - 2592000));
-		$_SESSION[$this->_session_key] = '';
+		unset($_SESSION[$this->_session_key]);

 		return $this;
 	}
--- a/e107_languages/English/admin/lan_prefs.php
+++ b/e107_languages/English/admin/lan_prefs.php
@ -231,5 +231,5 @@ define('PRFLAN_216', '(Requires HTML posting rights as well)');
 define('PRFLAN_217', 'Filter HTML content');
 define('PRFLAN_218', 'If \'off\', puts users at increased risk of XSS exploits posted by members of the above class, or prior to 0.7.24');

-
+define('PRFLAN_219', 'Not allowed characters found in Cookie name (alphanumeric characters allowed only). Cookie name not saved.');
 ?>