[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc class.sessions.inc.php class.sessi...
From: |
Dave Hall |
Subject: |
[Phpgroupware-cvs] phpgwapi/inc class.sessions.inc.php class.sessi... |
Date: |
Wed, 30 Aug 2006 15:23:14 +0000 |
CVSROOT: /cvsroot/phpgwapi
Module name: phpgwapi
Changes by: Dave Hall <skwashd> 06/08/30 15:23:14
Modified files:
inc : class.sessions.inc.php
class.sessions_php4.inc.php functions.inc.php
Log message:
E_ALL, code clean up, switch to http_build_query (with php4 compat) and
generally make this a little neater, tested pretty well
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/phpgwapi/inc/class.sessions.inc.php?cvsroot=phpgwapi&r1=1.113&r2=1.114
http://cvs.savannah.gnu.org/viewcvs/phpgwapi/inc/class.sessions_php4.inc.php?cvsroot=phpgwapi&r1=1.24&r2=1.25
http://cvs.savannah.gnu.org/viewcvs/phpgwapi/inc/functions.inc.php?cvsroot=phpgwapi&r1=1.194&r2=1.195
Patches:
Index: class.sessions.inc.php
===================================================================
RCS file: /cvsroot/phpgwapi/phpgwapi/inc/class.sessions.inc.php,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -b -r1.113 -r1.114
--- class.sessions.inc.php 6 Aug 2006 04:51:25 -0000 1.113
+++ class.sessions.inc.php 30 Aug 2006 15:23:14 -0000 1.114
@@ -10,14 +10,20 @@
* @license http://www.fsf.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
- * @version $Id: class.sessions.inc.php,v 1.113 2006/08/06 04:51:25
skwashd Exp $
- * @link http://www.sanisoft.com/phplib/manual/DB_sql.php
+ * @version $Id: class.sessions.inc.php,v 1.114 2006/08/30 15:23:14
skwashd Exp $
+ * @link http://www.sanisoft.com/phplib/manual/session.php
*/
if (empty($GLOBALS['phpgw_info']['server']['sessions_type']))
{
- $GLOBALS['phpgw_info']['server']['sessions_type'] = 'db';
+ $GLOBALS['phpgw_info']['server']['sessions_type'] = 'php4';
}
+
+ /**
+ * The phpGroupWare session identifier
+ */
+ define('PHPGW_PHPSESSID', ini_get('session.name'));
+
/**
* Include concrete subclass
*/
@@ -492,21 +498,26 @@
}
$this->clean_sessions();
- list($this->account_lid,$this->account_domain) =
explode('@', $login);
$now = time();
if (strstr($login,'@') === False)
{
$this->account_domain =
$GLOBALS['phpgw_info']['server']['default_domain'];
+ $this->account_lid = $login;
+ }
+ else
+ {
+ list($this->account_lid, $this->account_domain)
= explode('@', $login);
}
//echo "<p>session::create(login='$login'):
lid='$this->account_lid', domain='$this->account_domain'</p>\n";
$user_ip = $this->getuser_ip();
- if (($blocked = $this->login_blocked($login,
@$_SERVER['REMOTE_ADDR'], @$_SERVER['HTTP_X_FORWARDED_FOR'])) || // too many
unsuccessful attempts
-
$GLOBALS['phpgw_info']['server']['global_denied_users'][$this->account_lid] ||
-
!$GLOBALS['phpgw']->auth->authenticate($this->account_lid, $this->passwd,
$this->passwd_type) ||
-
$GLOBALS['phpgw']->accounts->get_type($this->account_lid) == 'g')
+ $blocked = false;
+ if ( ($blocked = $this->login_blocked($login,
$_SERVER['REMOTE_ADDR'])) // too many unsuccessful attempts
+ || (
isset($GLOBALS['phpgw_info']['server']['global_denied_users'][$this->account_lid])
&& $GLOBALS['phpgw_info']['server']['global_denied_users'][$this->account_lid]
)
+ ||
!$GLOBALS['phpgw']->auth->authenticate($this->account_lid, $this->passwd,
$this->passwd_type)
+ ||
$GLOBALS['phpgw']->accounts->get_type($this->account_lid) == 'g')
{
$this->reason = $blocked ? 'blocked, too many
attempts' : 'bad login or password';
$this->cd_reason = $blocked ? 99 : 5;
@@ -528,13 +539,16 @@
$this->sessionid =
md5($GLOBALS['phpgw']->common->randomstring(15));
$this->kp3 =
md5($GLOBALS['phpgw']->common->randomstring(15));
- if ($GLOBALS['phpgw_info']['server']['usecookies'])
+ if (
isset($GLOBALS['phpgw_info']['server']['usecookies'])
+ &&
$GLOBALS['phpgw_info']['server']['usecookies'] )
{
$this->phpgw_setcookie('sessionid',$this->sessionid);
$this->phpgw_setcookie('kp3',$this->kp3);
$this->phpgw_setcookie('domain',$this->account_domain);
}
- if ($GLOBALS['phpgw_info']['server']['usecookies'] ||
isset($_COOKIE['last_loginid']))
+
+ if ( (
isset($GLOBALS['phpgw_info']['server']['usecookies']) &&
$GLOBALS['phpgw_info']['server']['usecookies'] )
+ || isset($_COOKIE['last_loginid']))
{
$this->phpgw_setcookie('last_loginid',
$this->account_lid ,$now+1209600); /* For 2 weeks */
$this->phpgw_setcookie('last_domain',$this->account_domain,$now+1209600);
@@ -623,14 +637,12 @@
* Protect against brute force attacks, block login if too many
unsuccessful login attmepts
*
* @param string $login account_lid (evtl. with domain)
- * @param string $nat_ip the ip that made the request
- * @param string $real_ip the "real" ip for the request
+ * @param string $ip the ip that made the request
* @returns bool login blocked?
*/
- function login_blocked($login, $nat_ip, $real_ip)
+ function login_blocked($login, $ip)
{
- $ip = ($real_ip ? $real_ip : $nat_ip);
- $blocked = False;
+ $blocked = false;
$block_time = time() -
$GLOBALS['phpgw_info']['server']['block_time'] * 60;
$ip = $this->db->db_addslashes($ip);
@@ -656,7 +668,7 @@
// notify admin(s) via email
$from =
'phpGroupWare@'.$GLOBALS['phpgw_info']['server']['mail_suffix'];
$subject = lang("phpGroupWare: login blocked
for user '%1', IP %2",$login,$ip);
- $body = lang("Too many unsuccessful attempts
to login: %1 for the user '%2', %3 for the IP
%4",$false_id,$login,$false_ip,($real_ip ? $real_ip . ' (' . $nat_ip . ')' :
$nat_ip));
+ $body = lang("Too many unsuccessful attempts
to login: %1 for the user '%2', %3 for the IP %4", $false_id, $login,
$false_ip, $ip);
if(!is_object($GLOBALS['phpgw']->send))
{
@@ -1102,10 +1114,10 @@
*/
function link($url, $extravars = array(), $redirect=false)
{
- $term = '&';
- if ( !$redirect )
+ $term = '&'; //W3C Compliant in markup
+ if ( $redirect )
{
- $term = '&'; // W3C Compliant
+ $term = '&'; // RFC Compliant for
Header('Location: ...
}
/* first we process the $url to build the full
scriptname */
@@ -1139,7 +1151,7 @@
}
}
-
if(@isset($GLOBALS['phpgw_info']['server']['enforce_ssl']) &&
$GLOBALS['phpgw_info']['server']['enforce_ssl']) // && !$_SERVER['HTTPS']) imho
https should always be a full path - skwashd
+
if(isset($GLOBALS['phpgw_info']['server']['enforce_ssl']) &&
$GLOBALS['phpgw_info']['server']['enforce_ssl'])
{
if(substr($url ,0,4) != 'http')
{
@@ -1169,11 +1181,11 @@
}
/* if using frames we make sure there is a framepart */
- if(@defined('PHPGW_USE_FRAMES') && PHPGW_USE_FRAMES)
+ if(defined('PHPGW_USE_FRAMES') && PHPGW_USE_FRAMES)
{
if (!isset($extravars['framepart']))
{
- $extravars['framepart']='body';
+ $extravars['framepart'] = 'body';
}
}
@@ -1190,23 +1202,10 @@
//used for repost prevention
$extravars['click_history'] =
$this->generate_click_history();
- /* if we end up with any extravars then we generate the
url friendly string */
- /* and return the result */
- if (is_array($extravars))
- {
- $new_extravars = '';
- reset($extravars);
- while(list($key,$value) = each($extravars))
+ if (is_array($extravars)) //we have something to append
{
- if (!empty($new_extravars))
- {
- $new_extravars .= $term;
- }
- $new_extravars .=
$key.'='.urlencode($value);
- }
- return $url .= '?' . $new_extravars;
+ return "{$url}?" . http_build_query($extravars,
null, $term);
}
- /* if no extravars then we return the cleaned up
url/scriptname */
return $url;
}
Index: class.sessions_php4.inc.php
===================================================================
RCS file: /cvsroot/phpgwapi/phpgwapi/inc/class.sessions_php4.inc.php,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -b -r1.24 -r1.25
--- class.sessions_php4.inc.php 6 Aug 2006 04:51:25 -0000 1.24
+++ class.sessions_php4.inc.php 30 Aug 2006 15:23:14 -0000 1.25
@@ -8,7 +8,7 @@
* @license http://www.fsf.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
- * @version $Id: class.sessions_php4.inc.php,v 1.24 2006/08/06 04:51:25
skwashd Exp $
+ * @version $Id: class.sessions_php4.inc.php,v 1.25 2006/08/30 15:23:14
skwashd Exp $
*/
/**
@@ -32,8 +32,6 @@
//controls the time out for php4 sessions - skwashd
18-May-2003
ini_set('session.gc_maxlifetime',
$GLOBALS['phpgw_info']['server']['sessions_timeout']);
- //ini_set('session.name', 'session_id');
- define('PHPGW_PHPSESSID', ini_get('session.name'));
}
function read_session($sessionid)
@@ -58,11 +56,15 @@
function register_session($login,$user_ip,$now,$session_flags)
{
- if(@isset($this->sessionid))
+ if(isset($this->sessionid))
{
session_id($this->sessionid);
}
+
+ if ( !strlen(session_id() ) )
+ {
session_start();
+ }
$GLOBALS['phpgw_session']['session_id'] =
$this->sessionid;
$GLOBALS['phpgw_session']['session_lid'] = $login;
Index: functions.inc.php
===================================================================
RCS file: /cvsroot/phpgwapi/phpgwapi/inc/functions.inc.php,v
retrieving revision 1.194
retrieving revision 1.195
diff -u -b -r1.194 -r1.195
--- functions.inc.php 29 Aug 2006 04:24:29 -0000 1.194
+++ functions.inc.php 30 Aug 2006 15:23:14 -0000 1.195
@@ -7,7 +7,7 @@
* @license http://www.fsf.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage utilities
- * @version $Id: functions.inc.php,v 1.194 2006/08/29 04:24:29 skwashd
Exp $
+ * @version $Id: functions.inc.php,v 1.195 2006/08/30 15:23:14 skwashd
Exp $
*/
@@ -28,13 +28,54 @@
');
}
-
/****************************************************************************\
- * If running in PHP3, then force admin to upgrade
*
-
\****************************************************************************/
+ /*
+ * This makes our life a lot easier
+ */
+ if (!function_exists('http_build_query'))
+ {
+ /**
+ * PHP4 implementation of PHP5's http_build_query
+ *
+ * @author Nikulin Alexander http://the-notebook.org
+ * @author Dave Hall skwashd at phpgroupware.org
+ * @link taken from
http://the-notebook.org/wp-content/uploads/2006/04/openid-comments-0.9.1.zip
+ * @see http://php.net/http-build-query
+ *
+ * @param array $formdata elements of the query string
+ * @param string $numeric_prefix the prefix to apply to all
numbers
+ * @param string $separator the string used between variable,
the default (&) is W3C compliant
+ * @param string $key the parent element used for recursive
arrays
+ * @return string the formatted query string
+ */
+ function http_build_query( $formdata, $numeric_prefix = null,
$separator = '&', $key = null )
+ {
+ $res = array();
+ foreach( (array)$formdata as $k => $v )
+ {
+ $tmp_key = urlencode( is_int($k) ?
$numeric_prefix.$k : $k );
+ if( $key )
+ {
+ $tmp_key = $key.'['.$tmp_key.']';
+ }
+
+ if ( is_array( $v ) || is_object( $v ) )
+ {
+ $res[] = http_build_query( $v, null,
$separator, $tmp_key );
+ }
+ else
+ {
+ $res[] = $tmp_key."=".urlencode( $v );
+ }
+ }
+
+ return implode( $separator, $res );
+ }
+ }
+
- if (!function_exists('version_compare'))//version_compare() is only
available in PHP4.1+
+ if (!function_exists('html_entity_decode'))//html_entity_decode() is
only available in PHP4.3+
{
- echo 'phpGroupWare now requires PHP 4.1 or greater.<br>';
+ echo 'phpGroupWare now requires PHP 4.3 or greater.<br>';
echo 'Please contact your System Administrator';
exit;
}
@@ -414,35 +455,6 @@
}
/*************************************************************************\
- * These lines load up the themes
*
-
\*************************************************************************/
- if (!
$GLOBALS['phpgw_info']['user']['preferences']['common']['theme'])
- {
- if (@$GLOBALS['phpgw_info']['server']['template_set']
== 'user_choice')
- {
-
$GLOBALS['phpgw_info']['user']['preferences']['common']['theme'] = 'default';
- }
- else
- {
-
$GLOBALS['phpgw_info']['user']['preferences']['common']['theme'] =
$GLOBALS['phpgw_info']['server']['template_set'];
- }
- }
- if (@$GLOBALS['phpgw_info']['server']['force_theme'] ==
'user_choice')
- {
- if
(!isset($GLOBALS['phpgw_info']['user']['preferences']['common']['theme']))
- {
-
$GLOBALS['phpgw_info']['user']['preferences']['common']['theme'] = 'default';
- }
- }
- else
- {
- if
(isset($GLOBALS['phpgw_info']['server']['force_theme']))
- {
-
$GLOBALS['phpgw_info']['user']['preferences']['common']['theme'] =
$GLOBALS['phpgw_info']['server']['force_theme'];
- }
- }
-
-
/*************************************************************************\
* If they are using frames, we need to set some variables
*
\*************************************************************************/
if
(((isset($GLOBALS['phpgw_info']['user']['preferences']['common']['useframes'])
&&
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] phpgwapi/inc class.sessions.inc.php class.sessi...,
Dave Hall <=