diff options
| author | fisharebest <fisharebest@gmail.com> | 2010-12-13 20:39:27 +0000 |
|---|---|---|
| committer | fisharebest <fisharebest@gmail.com> | 2010-12-13 20:39:27 +0000 |
| commit | d5dbc48906dcac7949861e19f867b0563f09b1ba (patch) | |
| tree | 28bd85ecf78328b57cc9311f0fea14b3b5217ed6 | |
| parent | b3526a697a320418fdbc3a20bc3dda297b6cbff0 (diff) | |
| download | webtrees-d5dbc48906dcac7949861e19f867b0563f09b1ba.tar.gz webtrees-d5dbc48906dcac7949861e19f867b0563f09b1ba.tar.bz2 webtrees-d5dbc48906dcac7949861e19f867b0563f09b1ba.zip | |
| -rw-r--r-- | genservice.php | 22 | ||||
| -rw-r--r-- | includes/authentication.php | 4 | ||||
| -rw-r--r-- | includes/session.php | 16 | ||||
| -rw-r--r-- | includes/session_spider.php | 5 |
4 files changed, 19 insertions, 28 deletions
diff --git a/genservice.php b/genservice.php index e32190d0ba..2cf71725c5 100644 --- a/genservice.php +++ b/genservice.php @@ -29,27 +29,7 @@ define('WT_SCRIPT_NAME', 'genservice.php'); require './includes/session.php'; - -/** - * we have to manually pull the SID from the SOAP request - * in order to set the correct session during initialization. - */ -//Only include and set the session if it's not a wsdl request -if (!isset($_SERVER['QUERY_STRING']) || strstr($_SERVER['QUERY_STRING'],'wsdl')===false) -{ - if (isset($HTTP_RAW_POST_DATA)) { - //-- set the session id - // <ns4:SID>6ca1b44936bf4zb7202e6bd8ce4bkcbd</ns4:SID> - $ct = preg_match("~<\w*:SID>(.*)</\w*:SID>~", $HTTP_RAW_POST_DATA, $match); - if ($ct>0) Zend_Session::setId(trim($match[1])); - - //-- set the gedcom id - $ct = preg_match("~<\w*:gedcom_id>(.*)</\w*:gedcom_id>~", $HTTP_RAW_POST_DATA, $match); - if ($ct>0) $_REQUEST['ged'] = trim($match[1]); - - require_once WT_ROOT.'includes/functions/functions_edit.php'; - } -} +require_once WT_ROOT.'includes/functions/functions_edit.php'; // Our SOAP library uses lots of deprecated features - ignore them if (version_compare(PHP_VERSION, '5.3')>0) { diff --git a/includes/authentication.php b/includes/authentication.php index fbf06000ee..8be90d0d9d 100644 --- a/includes/authentication.php +++ b/includes/authentication.php @@ -62,8 +62,8 @@ function authenticateUser($user_name, $password, $basic=false) { $dbpassword=get_user_password($user_id); if (crypt($password, $dbpassword)==$dbpassword) { if (get_user_setting($user_id, 'verified') && get_user_setting($user_id, 'verified_by_admin') || get_user_setting($user_id, 'canadmin')) { - //-- reset the user's session - $_SESSION = array(); + // Whenever we change our authorisation level change the session ID + Zend_Session::regenerateId(); $_SESSION['wt_user'] = $user_id; AddToLog(($basic ? 'Basic HTTP Authentication' :'Login'). ' Successful', 'auth'); return $user_id; diff --git a/includes/session.php b/includes/session.php index 52ff6a94b7..68da16de39 100644 --- a/includes/session.php +++ b/includes/session.php @@ -296,6 +296,22 @@ $cfg=array( 'gc_maxlifetime' => get_site_setting('SESSION_TIME'), 'cookie_path' => WT_SCRIPT_PATH, ); + +// Search engines don't send cookies, and so create a new session with every visit. +// Make sure they always use the same one +if ($SEARCH_SPIDER) { + Zend_Session::setId('search_engine_'.$_SERVER['REMOTE_ADDR']); +} + +// If we're using remote linking, the session ID is in the body of the POST request +if ( + WT_SCRIPT_NAME=='genservice.php' && + isset($HTTP_RAW_POST_DATA) && + preg_match('/<SID xsi:type="xsd:string">([a-z0-9]+)<\/SID>/', $HTTP_RAW_POST_DATA, $match) +) { + Zend_Session::setId($match[1]); +} + Zend_Session::start($cfg); // Register a session "namespace" to store session data. This is better than diff --git a/includes/session_spider.php b/includes/session_spider.php index e4d3e2f4d7..89e313c563 100644 --- a/includes/session_spider.php +++ b/includes/session_spider.php @@ -332,16 +332,11 @@ try { $SEARCH_SPIDER = 'Manual Search Engine entry of '.$_SERVER['REMOTE_ADDR']; } } - $bot_name = 'MAN'.$_SERVER['REMOTE_ADDR']; - Zend_Session::setId(gen_spider_session_name($bot_name, '')); } } catch (PDOException $ex) { // Initial installation? Site Down? Fail silently. } -if ((empty($SEARCH_SPIDER)) && (!empty($_SESSION['last_spider_name']))) // user following a search engine listing in, -Zend_Session::regenerateId(); - if (!empty($SEARCH_SPIDER)) { $spidertime = time(); $spiderdate = date("d.m.Y", $spidertime); |
