summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/authentication.php2
-rw-r--r--includes/functions/functions_edit.php2
-rw-r--r--includes/functions/functions_print.php4
-rw-r--r--includes/session.php37
-rw-r--r--includes/session_spider.php8
5 files changed, 23 insertions, 30 deletions
diff --git a/includes/authentication.php b/includes/authentication.php
index a8b4633744..63c057b0f3 100644
--- a/includes/authentication.php
+++ b/includes/authentication.php
@@ -109,7 +109,7 @@ function userLogout($user_id) {
AddToLog('Logout '.getUserName($user_id), 'auth');
// If we are logging ourself out, then end our session too.
if (WT_USER_ID==$user_id) {
- session_destroy();
+ Zend_Session::destroy();
}
}
diff --git a/includes/functions/functions_edit.php b/includes/functions/functions_edit.php
index 1eea077eee..bbe37a0fd6 100644
--- a/includes/functions/functions_edit.php
+++ b/includes/functions/functions_edit.php
@@ -229,7 +229,7 @@ function edit_field_default_tab($name, $selected='', $extra='') {
//-- and adds it to the connections file
//-- it returns the connection identifier
function newConnection() {
- return session_name()."\t".session_id()."\n";
+ return WT_SESSION_NAME."\t".Zend_Session::getId()."\n";
}
/**
diff --git a/includes/functions/functions_print.php b/includes/functions/functions_print.php
index 04a50d43ae..a255d9ab39 100644
--- a/includes/functions/functions_print.php
+++ b/includes/functions/functions_print.php
@@ -410,8 +410,8 @@ function print_header($title, $head="", $use_alternate_styles=true) {
var themeName = "'.strtolower($theme_name).'";
var SCRIPT_NAME = "'.WT_SCRIPT_NAME.'";
/* keep the session id when opening new windows */
- var sessionid = "'.session_id().'";
- var sessionname = "'.session_name().'";
+ var sessionid = "'.Zend_Session::getId().'";
+ var sessionname = "'.WT_SESSION_NAME.'";
var accesstime = '.WT_DB::prepare("SELECT UNIX_TIMESTAMP(NOW())")->fetchOne().';
var plusminus = new Array();
plusminus[0] = new Image();
diff --git a/includes/session.php b/includes/session.php
index aad575dfe0..23fa2d404c 100644
--- a/includes/session.php
+++ b/includes/session.php
@@ -270,30 +270,25 @@ if ($SEARCH_SPIDER && !array_key_exists(WT_SCRIPT_NAME , array(
exit;
}
-// Start the php session
-$session_time=get_site_setting('SESSION_TIME');
-$session_save_path=get_site_setting('SESSION_SAVE_PATH');
+// Use the Zend_Session object to start the session.
+// This allows all the other Zend Framework components to integrate with the session
+define('WT_SESSION_NAME', 'WT_SESSION');
+Zend_Session::start(array(
+ 'name' => WT_SESSION_NAME,
+ 'save_path' => get_site_setting('SESSION_SAVE_PATH'),
+ 'cookie_lifetime' => get_site_setting('SESSION_TIME'),
+ 'cookie_path' => WT_SCRIPT_PATH,
+));
-session_name('WTSESSION');
-session_set_cookie_params(date('D M j H:i:s T Y', time()+$session_time), WT_SCRIPT_PATH);
+// Register a session "namespace" to store session data. This is better than
+// using $_SESSION, as we can avoid clashes with other modules/applications,
+// and problems with servers that have enabled "register_globals".
+$WT_SESSION=new Zend_Session_Namespace('WEBTREES');
-if ($session_time>0) {
- session_cache_expire($session_time/60);
-}
-if ($session_save_path) {
- session_save_path($session_save_path);
-}
-if (isset($MANUAL_SESSION_START) && !empty($SID)) {
- session_id($SID);
-}
-
-session_start();
-unset($session_time, $session_save_path, $MANUAL_SESSION_START, $SID);
-
-if (!$SEARCH_SPIDER && !isset($_SESSION['initiated'])) {
+if (!$SEARCH_SPIDER && !$WT_SESSION->initiated) {
// A new session, so prevent session fixation attacks by choosing a new PHPSESSID.
- session_regenerate_id(true);
- $_SESSION['initiated']=true;
+ Zend_Session::regenerateId();
+ $WT_SESSION->initiated=true;
} else {
// An existing session
}
diff --git a/includes/session_spider.php b/includes/session_spider.php
index 7ae6deeae2..5565cffb22 100644
--- a/includes/session_spider.php
+++ b/includes/session_spider.php
@@ -310,8 +310,7 @@ if(!$real) {
}
// The SEARCH_SPIDER is set to 70 vetted chars, the session to 26 chars.
$SEARCH_SPIDER = $spider_name;
- $bot_session = gen_spider_session_name($spider_name, "");
- session_id($bot_session);
+ Zend_Session::setId(gen_spider_session_name($spider_name, ""));
}
// stop spiders from accessing certain parts of the site
@@ -349,15 +348,14 @@ try {
}
}
$bot_name = 'MAN'.$_SERVER['REMOTE_ADDR'];
- $bot_session = gen_spider_session_name($bot_name, '');
- session_id($bot_session);
+ Zend_Session::setId(gen_spider_session_name($bot_name, ''));
}
} catch (PDOException $ex) {
// Initial installation? Site Down? Fail silently.
}
if((empty($SEARCH_SPIDER)) && (!empty($_SESSION['last_spider_name']))) // user following a search engine listing in,
-session_regenerate_id();
+Zend_Session::regenerateId();
if(!empty($SEARCH_SPIDER)) {
$spidertime = time();