diff options
| author | fisharebest <fisharebest@gmail.com> | 2010-09-21 19:24:23 +0000 |
|---|---|---|
| committer | fisharebest <fisharebest@gmail.com> | 2010-09-21 19:24:23 +0000 |
| commit | 2314e103a0dd5e6cfa16debc20f7969b62905984 (patch) | |
| tree | e717ff579937c6f2c418038ba920c322a990ae9d | |
| parent | 391b14252cf1c4257123fa6b6410920c4bd3e3e2 (diff) | |
| download | webtrees-2314e103a0dd5e6cfa16debc20f7969b62905984.tar.gz webtrees-2314e103a0dd5e6cfa16debc20f7969b62905984.tar.bz2 webtrees-2314e103a0dd5e6cfa16debc20f7969b62905984.zip | |
| -rw-r--r-- | autocomplete.php | 4 | ||||
| -rw-r--r-- | genservice.php | 4 | ||||
| -rw-r--r-- | includes/authentication.php | 2 | ||||
| -rw-r--r-- | includes/functions/functions_edit.php | 2 | ||||
| -rw-r--r-- | includes/functions/functions_print.php | 4 | ||||
| -rw-r--r-- | includes/session.php | 37 | ||||
| -rw-r--r-- | includes/session_spider.php | 8 | ||||
| -rw-r--r-- | index.php | 4 | ||||
| -rw-r--r-- | individual.php | 5 | ||||
| -rw-r--r-- | login.php | 5 | ||||
| -rw-r--r-- | mediafirewall.php | 4 | ||||
| -rw-r--r-- | message.php | 2 | ||||
| -rw-r--r-- | note.php | 4 | ||||
| -rw-r--r-- | repo.php | 4 | ||||
| -rw-r--r-- | reportengine.php | 4 | ||||
| -rw-r--r-- | source.php | 4 |
16 files changed, 43 insertions, 54 deletions
diff --git a/autocomplete.php b/autocomplete.php index 825c47a102..2173d800c0 100644 --- a/autocomplete.php +++ b/autocomplete.php @@ -32,8 +32,8 @@ require './includes/session.php'; header('Content-Type: text/plain; charset=UTF-8'); -// We have finished writing to $_SESSION, so release the lock -session_write_close(); +// We have finished writing session data, so release the lock +Zend_Session::writeClose(); // Maximum number of results in auto-complete fields define('WT_AUTOCOMPLETE_LIMIT', 500); diff --git a/genservice.php b/genservice.php index fa525a9e9d..4c9f8a1325 100644 --- a/genservice.php +++ b/genservice.php @@ -34,7 +34,6 @@ require './includes/session.php'; * we have to manually pull the SID from the SOAP request * in order to set the correct session during initialization. */ -$SID = ""; //Only include and set the session if it's not a wsdl request if(!isset($_SERVER['QUERY_STRING']) || strstr($_SERVER['QUERY_STRING'],'wsdl')===false) { @@ -42,8 +41,7 @@ if(!isset($_SERVER['QUERY_STRING']) || strstr($_SERVER['QUERY_STRING'],'wsdl')== //-- set the session id // <ns4:SID>6ca1b44936bf4zb7202e6bd8ce4bkcbd</ns4:SID> $ct = preg_match("~<\w*:SID>(.*)</\w*:SID>~", $HTTP_RAW_POST_DATA, $match); - if ($ct>0) $SID = trim($match[1]); - $MANUAL_SESSION_START = true; + if ($ct>0) Zend_Session::setId(trim($match[1])); //-- set the gedcom id $ct = preg_match("~<\w*:gedcom_id>(.*)</\w*:gedcom_id>~", $HTTP_RAW_POST_DATA, $match); diff --git a/includes/authentication.php b/includes/authentication.php index a8b4633744..63c057b0f3 100644 --- a/includes/authentication.php +++ b/includes/authentication.php @@ -109,7 +109,7 @@ function userLogout($user_id) { AddToLog('Logout '.getUserName($user_id), 'auth'); // If we are logging ourself out, then end our session too. if (WT_USER_ID==$user_id) { - session_destroy(); + Zend_Session::destroy(); } } diff --git a/includes/functions/functions_edit.php b/includes/functions/functions_edit.php index 1eea077eee..bbe37a0fd6 100644 --- a/includes/functions/functions_edit.php +++ b/includes/functions/functions_edit.php @@ -229,7 +229,7 @@ function edit_field_default_tab($name, $selected='', $extra='') { //-- and adds it to the connections file //-- it returns the connection identifier function newConnection() { - return session_name()."\t".session_id()."\n"; + return WT_SESSION_NAME."\t".Zend_Session::getId()."\n"; } /** diff --git a/includes/functions/functions_print.php b/includes/functions/functions_print.php index 04a50d43ae..a255d9ab39 100644 --- a/includes/functions/functions_print.php +++ b/includes/functions/functions_print.php @@ -410,8 +410,8 @@ function print_header($title, $head="", $use_alternate_styles=true) { var themeName = "'.strtolower($theme_name).'"; var SCRIPT_NAME = "'.WT_SCRIPT_NAME.'"; /* keep the session id when opening new windows */ - var sessionid = "'.session_id().'"; - var sessionname = "'.session_name().'"; + var sessionid = "'.Zend_Session::getId().'"; + var sessionname = "'.WT_SESSION_NAME.'"; var accesstime = '.WT_DB::prepare("SELECT UNIX_TIMESTAMP(NOW())")->fetchOne().'; var plusminus = new Array(); plusminus[0] = new Image(); diff --git a/includes/session.php b/includes/session.php index aad575dfe0..23fa2d404c 100644 --- a/includes/session.php +++ b/includes/session.php @@ -270,30 +270,25 @@ if ($SEARCH_SPIDER && !array_key_exists(WT_SCRIPT_NAME , array( exit; } -// Start the php session -$session_time=get_site_setting('SESSION_TIME'); -$session_save_path=get_site_setting('SESSION_SAVE_PATH'); +// Use the Zend_Session object to start the session. +// This allows all the other Zend Framework components to integrate with the session +define('WT_SESSION_NAME', 'WT_SESSION'); +Zend_Session::start(array( + 'name' => WT_SESSION_NAME, + 'save_path' => get_site_setting('SESSION_SAVE_PATH'), + 'cookie_lifetime' => get_site_setting('SESSION_TIME'), + 'cookie_path' => WT_SCRIPT_PATH, +)); -session_name('WTSESSION'); -session_set_cookie_params(date('D M j H:i:s T Y', time()+$session_time), WT_SCRIPT_PATH); +// Register a session "namespace" to store session data. This is better than +// using $_SESSION, as we can avoid clashes with other modules/applications, +// and problems with servers that have enabled "register_globals". +$WT_SESSION=new Zend_Session_Namespace('WEBTREES'); -if ($session_time>0) { - session_cache_expire($session_time/60); -} -if ($session_save_path) { - session_save_path($session_save_path); -} -if (isset($MANUAL_SESSION_START) && !empty($SID)) { - session_id($SID); -} - -session_start(); -unset($session_time, $session_save_path, $MANUAL_SESSION_START, $SID); - -if (!$SEARCH_SPIDER && !isset($_SESSION['initiated'])) { +if (!$SEARCH_SPIDER && !$WT_SESSION->initiated) { // A new session, so prevent session fixation attacks by choosing a new PHPSESSID. - session_regenerate_id(true); - $_SESSION['initiated']=true; + Zend_Session::regenerateId(); + $WT_SESSION->initiated=true; } else { // An existing session } diff --git a/includes/session_spider.php b/includes/session_spider.php index 7ae6deeae2..5565cffb22 100644 --- a/includes/session_spider.php +++ b/includes/session_spider.php @@ -310,8 +310,7 @@ if(!$real) { } // The SEARCH_SPIDER is set to 70 vetted chars, the session to 26 chars. $SEARCH_SPIDER = $spider_name; - $bot_session = gen_spider_session_name($spider_name, ""); - session_id($bot_session); + Zend_Session::setId(gen_spider_session_name($spider_name, "")); } // stop spiders from accessing certain parts of the site @@ -349,15 +348,14 @@ try { } } $bot_name = 'MAN'.$_SERVER['REMOTE_ADDR']; - $bot_session = gen_spider_session_name($bot_name, ''); - session_id($bot_session); + Zend_Session::setId(gen_spider_session_name($bot_name, '')); } } catch (PDOException $ex) { // Initial installation? Site Down? Fail silently. } if((empty($SEARCH_SPIDER)) && (!empty($_SESSION['last_spider_name']))) // user following a search engine listing in, -session_regenerate_id(); +Zend_Session::regenerateId(); if(!empty($SEARCH_SPIDER)) { $spidertime = time(); @@ -62,8 +62,8 @@ if ($ctype=='user') { $blocks=get_gedcom_blocks(WT_GED_ID); } -// We have finished writing to $_SESSION, so release the lock -session_write_close(); +// We have finished writing session data, so release the lock +Zend_Session::writeClose(); $all_blocks=WT_Module::getActiveBlocks(); diff --git a/individual.php b/individual.php index 6fcad1a7d4..41c92aa0fb 100644 --- a/individual.php +++ b/individual.php @@ -46,8 +46,9 @@ $controller->init(); // tell tabs that use jquery that it is already loaded define('WT_JQUERY_LOADED', 1); -// We have finished writing to $_SESSION, so release the lock -session_write_close(); +// We have finished writing session data, so release the lock +Zend_Session::writeClose(); + print_header($controller->getPageTitle()); if (!$controller->indi){ @@ -98,8 +98,6 @@ if ($action=='login') { } } - session_write_close(); - // If we've clicked login from the login page, we don't want to go back there. if (substr($url, 0, 9)=='login.php') { $url='index.php'; @@ -207,8 +205,7 @@ echo '</td></tr></table><br /><br />'; </form><br /><br /> <?php -$sessname = session_name(); -if (!isset($_COOKIE[$sessname])) print "<center><div class=\"error width50\">".i18n::translate('This site uses cookies to keep track of your login status.<br /><br />Cookies do not appear to be enabled in your browser. You must enable cookies for this site before you can login. You can consult your browser\'s help documentation for information on enabling cookies.')."</div></center><br /><br />"; +if (!isset($_COOKIE[WT_SESSION_NAME])) print "<center><div class=\"error width50\">".i18n::translate('This site uses cookies to keep track of your login status.<br /><br />Cookies do not appear to be enabled in your browser. You must enable cookies for this site before you can login. You can consult your browser\'s help documentation for information on enabling cookies.')."</div></center><br /><br />"; if (get_site_setting('USE_REGISTRATION_MODULE')) { ?> <table class="center facts_table width50"> diff --git a/mediafirewall.php b/mediafirewall.php index 325a015aea..3bb36ad0f4 100644 --- a/mediafirewall.php +++ b/mediafirewall.php @@ -33,8 +33,8 @@ define('WT_SCRIPT_NAME', 'mediafirewall.php'); require './includes/session.php'; require_once WT_ROOT.'includes/controllers/media_ctrl.php'; -// We have finished writing to $_SESSION, so release the lock -session_write_close(); +// We have finished writing session data, so release the lock +Zend_Session::writeClose(); $controller = new MediaController(); $controller->init(); diff --git a/message.php b/message.php index d459f47c68..2297072ddf 100644 --- a/message.php +++ b/message.php @@ -127,7 +127,7 @@ if (($action=="send")&&(isset($_SESSION["good_to_send"]))&&($_SESSION["good_to_s $message["from_email"] = $from_email; } $message["subject"] = $subject; - $url = preg_replace("/".session_name()."=.*/", "", $url); + $url = preg_replace("/".WT_SESSION_NAME."=.*/", "", $url); $message["body"] = $body; $message["created"] = $time; $message["method"] = $method; @@ -32,8 +32,8 @@ require './includes/session.php'; require WT_ROOT.'includes/controllers/note_ctrl.php'; require WT_ROOT.'includes/functions/functions_print_lists.php'; -// We have finished writing to $_SESSION, so release the lock -session_write_close(); +// We have finished writing session data, so release the lock +Zend_Session::writeClose(); $nonfacts = array(); @@ -32,8 +32,8 @@ require './includes/session.php'; require WT_ROOT.'includes/controllers/repository_ctrl.php'; require WT_ROOT.'includes/functions/functions_print_lists.php'; -// We have finished writing to $_SESSION, so release the lock -session_write_close(); +// We have finished writing session data, so release the lock +Zend_Session::writeClose(); $nonfacts = array(); diff --git a/reportengine.php b/reportengine.php index 9d089d6b0c..a2c73ecbce 100644 --- a/reportengine.php +++ b/reportengine.php @@ -32,8 +32,8 @@ define('WT_SCRIPT_NAME', 'reportengine.php'); require './includes/session.php'; -// We have finished writing to $_SESSION, so release the lock -session_write_close(); +// We have finished writing session data, so release the lock +Zend_Session::writeClose(); $famid=safe_GET("famid"); $pid =safe_GET("pid"); diff --git a/source.php b/source.php index 9ed73c09e7..5ae99778fe 100644 --- a/source.php +++ b/source.php @@ -32,8 +32,8 @@ require './includes/session.php'; require WT_ROOT.'includes/controllers/source_ctrl.php'; require WT_ROOT.'includes/functions/functions_print_lists.php'; -// We have finished writing to $_SESSION, so release the lock -session_write_close(); +// We have finished writing session data, so release the lock +Zend_Session::writeClose(); $nonfacts = array(); |
