mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-04 21:57:51 +02:00
Code Issues Releases Wiki Activity

New sessions related improvements/fixes; extra check in Site preferences area for cookie name - session/cookie regeneration, prevent logout; varoious redirection handler improvements plus new e107 method candidates - get/set/clear Cookies based on site preferences.

Browse Source
This commit is contained in:
secretr
2010-10-27 11:31:18 +00:00
parent c11685e482
commit cd49c6c850
6 changed files with 191 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
e107_admin/prefs.php
View File

@@ -86,6 +86,7 @@ if(isset($_POST['updateprefs']))
// FIXME - automate - pref model & validation handler // FIXME - automate - pref model & validation handler
$prefChanges = array(); $prefChanges = array();
$sessionRegenerate = false;
foreach($_POST as $key => $value) foreach($_POST as $key => $value)
{ {
if(isset($pref_limits[$key])) if(isset($pref_limits[$key]))
@@ -95,12 +96,12 @@ if(isset($_POST['updateprefs']))
if($value < $pref_limits[$key]['min']) if($value < $pref_limits[$key]['min'])
{ {
$value = $pref_limits[$key]['min']; $value = $pref_limits[$key]['min'];
$emessage->add(str_replace(array('--FIELD--','--VALUE--'),array($key,$value),PRFLAN_213), E_MESSAGE_WARNING); $emessage->addWarning(str_replace(array('--FIELD--','--VALUE--'),array($key,$value),PRFLAN_213));
} }
if($value > $pref_limits[$key]['max']) if($value > $pref_limits[$key]['max'])
{ {
$value = $pref_limits[$key]['max']; $value = $pref_limits[$key]['max'];
$emessage->add(str_replace(array('--FIELD--','--VALUE--'),array($key,$value),PRFLAN_212), E_MESSAGE_WARNING); $emessage->addWarning(str_replace(array('--FIELD--','--VALUE--'),array($key,$value),PRFLAN_212));
} }
} }
else else
@@ -109,6 +110,20 @@ if(isset($_POST['updateprefs']))
} }
$newValue = $value; $newValue = $value;
} }
elseif('cookie_name' == $key && $core_pref->get($key) != $value)
{
// special case
if(!preg_match('/^[\w\-]+$/', $value))
{
$newValue = e_COOKIE;
$emessage->addWarning(PRFLAN_219);
}
else
{
$newValue = $value;
$sessionRegenerate = true;
}
}
else else
{ {
$newValue = $tp->toDB($value); $newValue = $tp->toDB($value);
@@ -121,30 +136,18 @@ if(isset($_POST['updateprefs']))
}*/ }*/
} }
$core_pref->save(false); $core_pref->save(false);
/*if(count($prefChanges)) // special case, do session cleanup, logout, redirect to login screen
{ // Values have changed if($sessionRegenerate)
$e107cache->clear('', TRUE);
$saved = save_prefs();
$logStr = '';
foreach($prefChanges as $k => $v)
{
$logStr .= "[!br!]{$k} => {$v}";
}
$admin_log->log_event('PREFS_01', PRFLAN_195.$logStr);
$e107->sql->db_Select_gen("TRUNCATE ".MPREFIX."online");
}*/
//if($saved)
{ {
/*$emessage->addSession(PRFLAN_106, E_MESSAGE_SUCCESS); // reset cookie
header("location:".e_ADMIN."prefs.php?u"); cookie($core_pref->get('cookie_name'), $_COOKIE[e_COOKIE], (time() + 3600 * 24 * 30), e_HTTP, e107::getLanguage()->getCookieDomain());
exit();*/ cookie(e_COOKIE, null, null);
//no redirect, smarter form (remember last used tab
//$emessage->add(PRFLAN_106, E_MESSAGE_SUCCESS); // regenerate session
} $s = $_SESSION;
//else e107::getSession()->destroy();
{ $session = new e_core_session(array('name' => $core_pref->get('cookie_name')));
// done in class2: include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_admin.php'); $_SESSION = $s;
//$emessage->add(LAN_NO_CHANGE);
} }
} }

17
e107_handlers/language_class.php
View File

@@ -25,6 +25,7 @@ class language{
// Valid Language Pack Names are shown directly below on the right. // Valid Language Pack Names are shown directly below on the right.
var $detect = FALSE; var $detect = FALSE;
var $e_language = 'English'; // replaced later with $pref var $e_language = 'English'; // replaced later with $pref
var $_cookie_domain = '';
var $list = array( var $list = array(
"aa" => "Afar", "aa" => "Afar",
@@ -369,8 +370,6 @@ class language{
return $urlval; return $urlval;
} }
/** /**
* Detect a Language Change * Detect a Language Change
* 1. Parked (sub)Domain eg. http://es.mydomain.com (Preferred for SEO) * 1. Parked (sub)Domain eg. http://es.mydomain.com (Preferred for SEO)
@@ -387,12 +386,13 @@ class language{
if(false !== $this->detect && !$foce) return $this->detect; if(false !== $this->detect && !$foce) return $this->detect;
$this->_cookie_domain = '';
if(varsettrue($pref['multilanguage_subdomain']) && $this->isLangDomain(e_DOMAIN) && (defset('MULTILANG_SUBDOMAIN') !== FALSE)) if(varsettrue($pref['multilanguage_subdomain']) && $this->isLangDomain(e_DOMAIN) && (defset('MULTILANG_SUBDOMAIN') !== FALSE))
{ {
$detect_language = (e_SUBDOMAIN) ? $this->isValid(e_SUBDOMAIN) : $pref['sitelanguage']; $detect_language = (e_SUBDOMAIN) ? $this->isValid(e_SUBDOMAIN) : $pref['sitelanguage'];
// Done in session handler now, based on MULTILANG_SUBDOMAIN value // Done in session handler now, based on MULTILANG_SUBDOMAIN value
//e107_ini_set("session.cookie_domain", ".".e_DOMAIN); // Must be before session_start() //e107_ini_set("session.cookie_domain", ".".e_DOMAIN); // Must be before session_start()
$this->_cookie_domain = ".".e_DOMAIN;
define('MULTILANG_SUBDOMAIN',TRUE); define('MULTILANG_SUBDOMAIN',TRUE);
} }
elseif(e_MENU && ($detect_language = $this->isValid(e_MENU))) // elseif(e_MENU && ($detect_language = $this->isValid(e_MENU))) //
@@ -425,7 +425,16 @@ class language{
return $detect_language; return $detect_language;
} }
/**
* Get domain to be used in cookeis (e.g. .domain.com), or empty
* if multi-language subdomain settings not enabled
* Available after self::detect()
* @return string
*/
public function getCookieDomain()
{
return $this->_cookie_domain;
}
/** /**
* Set the Language (Constants, $_SESSION and $_COOKIE) for the current page. * Set the Language (Constants, $_SESSION and $_COOKIE) for the current page.

175
e107_handlers/redirection_class.php
View File

@@ -1,20 +1,15 @@
<?php <?php
/* /*
+ ----------------------------------------------------------------------------+ * e107 website system
| e107 website system *
| * Copyright (C) 2008-2010 e107 Inc (e107.org)
| Copyright (C) 2008-2009 e107 Inc * Released under the terms and conditions of the
| http://e107.org * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
| *
| * Redirection handler
| Released under the terms and conditions of the *
| GNU General Public License (http://gnu.org). * $URL$
| * $Id$
| $Source: /cvs_backup/e107_0.8/e107_handlers/redirection_class.php,v $
| $Revision$
| $Date$
| $Author$
+----------------------------------------------------------------------------+
*/ */
/** /**
@@ -24,7 +19,7 @@
* @category e107_handlers * @category e107_handlers
* @version 1.0 * @version 1.0
* @author Cameron * @author Cameron
* @copyright Copyright (C) 2009, e107 Inc. * @copyright Copyright (C) 2008-2010 e107 Inc.
*/ */
class redirection class redirection
{ {
@@ -42,7 +37,10 @@ class redirection
*/ */
protected $page_exceptions = array(); protected $page_exceptions = array();
/**
* List of queries to not check against e_QUERY
* @var array
*/
protected $query_exceptions = array(); protected $query_exceptions = array();
/** /**
@@ -59,53 +57,127 @@ class redirection
/** /**
* Store the current URL in a cookie for 5 minutes so we can return to it after being logged out. * Store the current URL in a cookie for 5 minutes so we can return to it after being logged out.
* @return none * @param string $url if empty self url will be used
* @param boolean $forceNoSef if false REQUEST_URI will be used (mod_rewrite support)
* @return redirection
*/ */
function setPreviousUrl() function setPreviousUrl($url = null, $forceNoSef = false, $forceCookie = false)
{ {
if(in_array(e_SELF, $this->self_exceptions)) if(!$url)
{ {
return; if(in_array(e_SELF, $this->self_exceptions))
} {
if(in_array(e_PAGE, $this->page_exceptions)) return;
{ }
return; if(in_array(e_PAGE, $this->page_exceptions))
} {
if(in_array(e_QUERY, $this->query_exceptions)) return;
{ }
return; if(in_array(e_QUERY, $this->query_exceptions))
{
return;
}
$url = $this->getSelf($forceNoSef);
} }
$self = (e_QUERY) ? e_SELF."?".e_QUERY : e_SELF; $this->setCookie('_previousUrl', $url, 300, $forceCookie);
//session_set(e_COOKIE.'_previousUrl',$self ,(time()+300));
session_set(e_COOKIE.'_previousUrl',$self ,(time()+300)); return $this;
}
public function getSelf($forceNoSef = false)
{
if($forceNoSef)
{
$url = (e_QUERY) ? e_SELF."?".e_QUERY : e_SELF;
}
else
{
// TODO - e107::requestUri() - sanitize, add support for various HTTP servers
$url = SITEURLBASE.strip_tags($_SERVER['REQUEST_URI']);
}
return $url;
} }
/** /**
* Return the URL the admin was on, prior to being logged-out. * Return the URL the admin was on, prior to being logged-out.
* @return string * @return string
*/ */
public function getPreviousUrl() public function getPreviousUrl()
{ {
return $this->getCookie('previousUrl'); return $this->getCookie('_previousUrl');
} }
/**
private function getCookie($name) //TODO move to e107_class or a new user l class. * Get value stored with self::setCookie()
* @param string $name
* @return mixed
*/
public function getCookie($name) //TODO move to e107_class or a new user l class.
{ {
$cookiename = e_COOKIE."_".$name; $cookiename = e_COOKIE."_".$name;
$session = e107::getSession();
if(vartrue($_SESSION[$cookiename])) if($session->has($name))
{ {
return $_SESSION[$cookiename]; // expired - cookie like session implementation
if((integer) $session->get($name.'_expire') < time())
{
$session->clear($name.'_expire')
->clear($name);
return false;
}
return $session->get($name);
} }
elseif(vartrue($_COOKIE[$cookiename])) // fix - prevent null values
elseif(isset($_COOKIE[$cookiename]) && $_COOKIE[$cookiename])
{ {
return $_COOKIE[$cookiename]; return $_COOKIE[$cookiename];
} }
return FALSE; return false;
}
/**
* Register url in current session
* @param string $name
* @param string $value
* @param integer $expire expire after value in seconds, null (default) - ignore
* @return redirection
*/
public function setCookie($name, $value, $expire = null, $forceCookie = false)
{
$cookiename = e_COOKIE."_".$name;
$session = e107::getSession();
if(!$forceCookie && e107::getPref('cookie_name') != 'cookie')
{
// expired - cookie like session implementation
if(null !== $expire) $session->set($name.'_expire', time() + (integer) $expire);
$session->set($name, $value);
}
else
{
cookie($cookiename, $value, time() + (integer) $expire, e_HTTP, e107::getLanguage()->getCookieDomain());
}
return $this;
}
/**
* Clear data set via self::setCookie()
* @param string $name
* @return redirection
*/
public function clearCookie($name)
{
$cookiename = e_COOKIE."_".$name;
$session = e107::getSession();
$session->clear($name)
->clear($name.'_expire');
cookie($cookiename, null, null, e_HTTP, e107::getLanguage()->getCookieDomain());
return $this;
} }
@@ -193,12 +265,12 @@ class redirection
* *
* @return void * @return void
*/ */
private function saveMembersOnlyUrl() private function saveMembersOnlyUrl($forceNoSef = false)
{ {
// remember the url for after-login. // remember the url for after-login.
$afterlogin = e_COOKIE.'_afterlogin'; //$afterlogin = e_COOKIE.'_afterlogin';
$url = (e_QUERY ? e_SELF.'?'.e_QUERY : e_SELF); $this->setCookie('_afterlogin', $this->getSelf($forceNoSef), 300);
session_set($afterlogin, $url, time() + 300); //session_set($afterlogin, $url, time() + 300);
} }
@@ -209,13 +281,22 @@ class redirection
*/ */
private function restoreMembersOnlyUrl() private function restoreMembersOnlyUrl()
{ {
if(USER && ($_SESSION[e_COOKIE.'_afterlogin'] || $_COOKIE[e_COOKIE.'_afterlogin'])) $url = $this->getCookie('_afterlogin');
if(USER && $url)
{ {
$url = ($_SESSION[e_COOKIE.'_afterlogin']) ? $_SESSION[e_COOKIE.'_afterlogin'] : $_COOKIE[e_COOKIE.'_afterlogin']; //session_set(e_COOKIE.'_afterlogin', FALSE, -1000);
session_set(e_COOKIE.'_afterlogin', FALSE, -1000); $this->clearCookie('_afterlogin');
$this->redirect($url); $this->redirect($url);
} }
} }
public function redirectPrevious()
{
if($this->getPreviousUrl())
{
$this->redirect($this->getPreviousUrl());
}
}
/** /**

20
e107_handlers/session_handler.php
View File

@@ -322,6 +322,15 @@ class e_session
} }
return $this; return $this;
} }
/**
* Get registered namespace key
* @return string
*/
public function getNamespaceKey()
{
return $this->_namespace;
}
/** /**
* Reset session options * Reset session options
@@ -714,6 +723,11 @@ class e_session
session_destroy(); session_destroy();
return $this; return $this;
} }
public function replaceRegistry()
{
e107::setRegistry('core/e107/session/'.$this->_namespace, $this, true);
}
} }
class e_core_session extends e_session class e_core_session extends e_session
@@ -724,15 +738,17 @@ class e_core_session extends e_session
* able to extend the base e_session class and * able to extend the base e_session class and
* add more or override the implemented functionality, has their own * add more or override the implemented functionality, has their own
* namespace, add more session security etc. * namespace, add more session security etc.
* @param array $config session config data * @param array $data session config data
*/ */
public function __construct($data = array()) public function __construct($data = array())
{ {
// default system configuration // default system configuration
$this->setDefaultSystemConfig(); $this->setDefaultSystemConfig();
// TODO $data[config] and $data[options] to override default settings
$namespace = 'e107'; $namespace = 'e107';
$name = deftrue('e_COOKIE', 'e107').'SID'; $name = (isset($data['name']) && !empty($data['name']) ? $data['name'] : deftrue('e_COOKIE', 'e107')).'SID';
if(isset($data['namespace']) && !empty($data['namespace'])) $namespace = $data['namespace']; if(isset($data['namespace']) && !empty($data['namespace'])) $namespace = $data['namespace'];
// create $_SESSION['e107'] namespace by default // create $_SESSION['e107'] namespace by default
$this->init($namespace, $name); $this->init($namespace, $name);

5
e107_handlers/user_model.php
View File

@@ -1081,7 +1081,8 @@ class e_user extends e_user_model
->_destroySession(); ->_destroySession();
parent::destroy(); parent::destroy();
if(session_id()) session_destroy(); //if(session_id()) session_destroy();
e107::getSession()->destroy();
e107::setRegistry('core/e107/current_user', null); e107::setRegistry('core/e107/current_user', null);
return $this; return $this;
@@ -1244,7 +1245,7 @@ class e_user extends e_user_model
final protected function _destroySession() final protected function _destroySession()
{ {
cookie($this->_session_key, '', (time() - 2592000)); cookie($this->_session_key, '', (time() - 2592000));
$_SESSION[$this->_session_key] = ''; unset($_SESSION[$this->_session_key]);
return $this; return $this;
} }

2
e107_languages/English/admin/lan_prefs.php
View File

@@ -231,5 +231,5 @@ define('PRFLAN_216', '(Requires HTML posting rights as well)');
define('PRFLAN_217', 'Filter HTML content'); define('PRFLAN_217', 'Filter HTML content');
define('PRFLAN_218', 'If \'off\', puts users at increased risk of XSS exploits posted by members of the above class, or prior to 0.7.24'); define('PRFLAN_218', 'If \'off\', puts users at increased risk of XSS exploits posted by members of the above class, or prior to 0.7.24');
define('PRFLAN_219', 'Not allowed characters found in Cookie name (alphanumeric characters allowed only). Cookie name not saved.');
?> ?>