summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfisharebest <fisharebest@gmail.com>2010-12-13 20:39:27 +0000
committerfisharebest <fisharebest@gmail.com>2010-12-13 20:39:27 +0000
commitd5dbc48906dcac7949861e19f867b0563f09b1ba (patch)
tree28bd85ecf78328b57cc9311f0fea14b3b5217ed6
parentb3526a697a320418fdbc3a20bc3dda297b6cbff0 (diff)
downloadwebtrees-d5dbc48906dcac7949861e19f867b0563f09b1ba.tar.gz
webtrees-d5dbc48906dcac7949861e19f867b0563f09b1ba.tar.bz2
webtrees-d5dbc48906dcac7949861e19f867b0563f09b1ba.zip
-rw-r--r--genservice.php22
-rw-r--r--includes/authentication.php4
-rw-r--r--includes/session.php16
-rw-r--r--includes/session_spider.php5
4 files changed, 19 insertions, 28 deletions
diff --git a/genservice.php b/genservice.php
index e32190d0ba..2cf71725c5 100644
--- a/genservice.php
+++ b/genservice.php
@@ -29,27 +29,7 @@
define('WT_SCRIPT_NAME', 'genservice.php');
require './includes/session.php';
-
-/**
- * we have to manually pull the SID from the SOAP request
- * in order to set the correct session during initialization.
- */
-//Only include and set the session if it's not a wsdl request
-if (!isset($_SERVER['QUERY_STRING']) || strstr($_SERVER['QUERY_STRING'],'wsdl')===false)
-{
- if (isset($HTTP_RAW_POST_DATA)) {
- //-- set the session id
- // <ns4:SID>6ca1b44936bf4zb7202e6bd8ce4bkcbd</ns4:SID>
- $ct = preg_match("~<\w*:SID>(.*)</\w*:SID>~", $HTTP_RAW_POST_DATA, $match);
- if ($ct>0) Zend_Session::setId(trim($match[1]));
-
- //-- set the gedcom id
- $ct = preg_match("~<\w*:gedcom_id>(.*)</\w*:gedcom_id>~", $HTTP_RAW_POST_DATA, $match);
- if ($ct>0) $_REQUEST['ged'] = trim($match[1]);
-
- require_once WT_ROOT.'includes/functions/functions_edit.php';
- }
-}
+require_once WT_ROOT.'includes/functions/functions_edit.php';
// Our SOAP library uses lots of deprecated features - ignore them
if (version_compare(PHP_VERSION, '5.3')>0) {
diff --git a/includes/authentication.php b/includes/authentication.php
index fbf06000ee..8be90d0d9d 100644
--- a/includes/authentication.php
+++ b/includes/authentication.php
@@ -62,8 +62,8 @@ function authenticateUser($user_name, $password, $basic=false) {
$dbpassword=get_user_password($user_id);
if (crypt($password, $dbpassword)==$dbpassword) {
if (get_user_setting($user_id, 'verified') && get_user_setting($user_id, 'verified_by_admin') || get_user_setting($user_id, 'canadmin')) {
- //-- reset the user's session
- $_SESSION = array();
+ // Whenever we change our authorisation level change the session ID
+ Zend_Session::regenerateId();
$_SESSION['wt_user'] = $user_id;
AddToLog(($basic ? 'Basic HTTP Authentication' :'Login'). ' Successful', 'auth');
return $user_id;
diff --git a/includes/session.php b/includes/session.php
index 52ff6a94b7..68da16de39 100644
--- a/includes/session.php
+++ b/includes/session.php
@@ -296,6 +296,22 @@ $cfg=array(
'gc_maxlifetime' => get_site_setting('SESSION_TIME'),
'cookie_path' => WT_SCRIPT_PATH,
);
+
+// Search engines don't send cookies, and so create a new session with every visit.
+// Make sure they always use the same one
+if ($SEARCH_SPIDER) {
+ Zend_Session::setId('search_engine_'.$_SERVER['REMOTE_ADDR']);
+}
+
+// If we're using remote linking, the session ID is in the body of the POST request
+if (
+ WT_SCRIPT_NAME=='genservice.php' &&
+ isset($HTTP_RAW_POST_DATA) &&
+ preg_match('/<SID xsi:type="xsd:string">([a-z0-9]+)<\/SID>/', $HTTP_RAW_POST_DATA, $match)
+) {
+ Zend_Session::setId($match[1]);
+}
+
Zend_Session::start($cfg);
// Register a session "namespace" to store session data. This is better than
diff --git a/includes/session_spider.php b/includes/session_spider.php
index e4d3e2f4d7..89e313c563 100644
--- a/includes/session_spider.php
+++ b/includes/session_spider.php
@@ -332,16 +332,11 @@ try {
$SEARCH_SPIDER = 'Manual Search Engine entry of '.$_SERVER['REMOTE_ADDR'];
}
}
- $bot_name = 'MAN'.$_SERVER['REMOTE_ADDR'];
- Zend_Session::setId(gen_spider_session_name($bot_name, ''));
}
} catch (PDOException $ex) {
// Initial installation? Site Down? Fail silently.
}
-if ((empty($SEARCH_SPIDER)) && (!empty($_SESSION['last_spider_name']))) // user following a search engine listing in,
-Zend_Session::regenerateId();
-
if (!empty($SEARCH_SPIDER)) {
$spidertime = time();
$spiderdate = date("d.m.Y", $spidertime);