diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/authentication.php | 2 | ||||
| -rw-r--r-- | includes/functions/functions_edit.php | 2 | ||||
| -rw-r--r-- | includes/functions/functions_print.php | 4 | ||||
| -rw-r--r-- | includes/session.php | 37 | ||||
| -rw-r--r-- | includes/session_spider.php | 8 |
5 files changed, 23 insertions, 30 deletions
diff --git a/includes/authentication.php b/includes/authentication.php index a8b4633744..63c057b0f3 100644 --- a/includes/authentication.php +++ b/includes/authentication.php @@ -109,7 +109,7 @@ function userLogout($user_id) { AddToLog('Logout '.getUserName($user_id), 'auth'); // If we are logging ourself out, then end our session too. if (WT_USER_ID==$user_id) { - session_destroy(); + Zend_Session::destroy(); } } diff --git a/includes/functions/functions_edit.php b/includes/functions/functions_edit.php index 1eea077eee..bbe37a0fd6 100644 --- a/includes/functions/functions_edit.php +++ b/includes/functions/functions_edit.php @@ -229,7 +229,7 @@ function edit_field_default_tab($name, $selected='', $extra='') { //-- and adds it to the connections file //-- it returns the connection identifier function newConnection() { - return session_name()."\t".session_id()."\n"; + return WT_SESSION_NAME."\t".Zend_Session::getId()."\n"; } /** diff --git a/includes/functions/functions_print.php b/includes/functions/functions_print.php index 04a50d43ae..a255d9ab39 100644 --- a/includes/functions/functions_print.php +++ b/includes/functions/functions_print.php @@ -410,8 +410,8 @@ function print_header($title, $head="", $use_alternate_styles=true) { var themeName = "'.strtolower($theme_name).'"; var SCRIPT_NAME = "'.WT_SCRIPT_NAME.'"; /* keep the session id when opening new windows */ - var sessionid = "'.session_id().'"; - var sessionname = "'.session_name().'"; + var sessionid = "'.Zend_Session::getId().'"; + var sessionname = "'.WT_SESSION_NAME.'"; var accesstime = '.WT_DB::prepare("SELECT UNIX_TIMESTAMP(NOW())")->fetchOne().'; var plusminus = new Array(); plusminus[0] = new Image(); diff --git a/includes/session.php b/includes/session.php index aad575dfe0..23fa2d404c 100644 --- a/includes/session.php +++ b/includes/session.php @@ -270,30 +270,25 @@ if ($SEARCH_SPIDER && !array_key_exists(WT_SCRIPT_NAME , array( exit; } -// Start the php session -$session_time=get_site_setting('SESSION_TIME'); -$session_save_path=get_site_setting('SESSION_SAVE_PATH'); +// Use the Zend_Session object to start the session. +// This allows all the other Zend Framework components to integrate with the session +define('WT_SESSION_NAME', 'WT_SESSION'); +Zend_Session::start(array( + 'name' => WT_SESSION_NAME, + 'save_path' => get_site_setting('SESSION_SAVE_PATH'), + 'cookie_lifetime' => get_site_setting('SESSION_TIME'), + 'cookie_path' => WT_SCRIPT_PATH, +)); -session_name('WTSESSION'); -session_set_cookie_params(date('D M j H:i:s T Y', time()+$session_time), WT_SCRIPT_PATH); +// Register a session "namespace" to store session data. This is better than +// using $_SESSION, as we can avoid clashes with other modules/applications, +// and problems with servers that have enabled "register_globals". +$WT_SESSION=new Zend_Session_Namespace('WEBTREES'); -if ($session_time>0) { - session_cache_expire($session_time/60); -} -if ($session_save_path) { - session_save_path($session_save_path); -} -if (isset($MANUAL_SESSION_START) && !empty($SID)) { - session_id($SID); -} - -session_start(); -unset($session_time, $session_save_path, $MANUAL_SESSION_START, $SID); - -if (!$SEARCH_SPIDER && !isset($_SESSION['initiated'])) { +if (!$SEARCH_SPIDER && !$WT_SESSION->initiated) { // A new session, so prevent session fixation attacks by choosing a new PHPSESSID. - session_regenerate_id(true); - $_SESSION['initiated']=true; + Zend_Session::regenerateId(); + $WT_SESSION->initiated=true; } else { // An existing session } diff --git a/includes/session_spider.php b/includes/session_spider.php index 7ae6deeae2..5565cffb22 100644 --- a/includes/session_spider.php +++ b/includes/session_spider.php @@ -310,8 +310,7 @@ if(!$real) { } // The SEARCH_SPIDER is set to 70 vetted chars, the session to 26 chars. $SEARCH_SPIDER = $spider_name; - $bot_session = gen_spider_session_name($spider_name, ""); - session_id($bot_session); + Zend_Session::setId(gen_spider_session_name($spider_name, "")); } // stop spiders from accessing certain parts of the site @@ -349,15 +348,14 @@ try { } } $bot_name = 'MAN'.$_SERVER['REMOTE_ADDR']; - $bot_session = gen_spider_session_name($bot_name, ''); - session_id($bot_session); + Zend_Session::setId(gen_spider_session_name($bot_name, '')); } } catch (PDOException $ex) { // Initial installation? Site Down? Fail silently. } if((empty($SEARCH_SPIDER)) && (!empty($_SESSION['last_spider_name']))) // user following a search engine listing in, -session_regenerate_id(); +Zend_Session::regenerateId(); if(!empty($SEARCH_SPIDER)) { $spidertime = time(); |
