Merge branch '1.8RC'

4 files changed, 168 insertions, 24 deletions

diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php
index e6733ffdb..f9290ac30 100644
--- a/Zotlabs/Web/Router.php
+++ b/Zotlabs/Web/Router.php
@@ -206,13 +206,15 @@ class Router {
 		 	 * load current theme info
 		 	 */
 
-			$theme_info_file = 'view/theme/' . current_theme() . '/php/theme.php';
+			$current_theme = \Zotlabs\Render\Theme::current();
+
+			$theme_info_file = 'view/theme/' . $current_theme[0] . '/php/theme.php';
 			if (file_exists($theme_info_file)){
 				require_once($theme_info_file);
 			}
 
-			if(function_exists(str_replace('-', '_', current_theme()) . '_init')) {
-				$func = str_replace('-', '_', current_theme()) . '_init';
+			if(function_exists(str_replace('-', '_', $current_theme[0]) . '_init')) {
+				$func = str_replace('-', '_', $current_theme[0]) . '_init';
 				$func($a);
 			}
 			elseif (x(\App::$theme_info, 'extends') && file_exists('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php')) {
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index e18ad38fb..4f2a3f1f7 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -13,10 +13,10 @@ namespace Zotlabs\Web;
 
 class Session {
 
-	private static $handler = null;
-	private static $session_started = false;
+	private $handler = null;
+	private $session_started = false;
 
-	function init() {
+	public function init() {
 
 		$gc_probability = 50;
 
@@ -29,7 +29,8 @@ class Session {
 		 */
 
 		$handler = new \Zotlabs\Web\SessionHandler();
-		self::$handler = $handler;
+
+		$this->handler = $handler;
 
 		$x = session_set_save_handler($handler,false);
 		if(! $x)
@@ -38,11 +39,17 @@ class Session {
 		// Force cookies to be secure (https only) if this site is SSL enabled. 
 		// Must be done before session_start().
 
+
 		$arr = session_get_cookie_params();
+
+		// Note when setting cookies: set the domain to false which creates a single domain
+		// cookie. If you use a hostname it will create a .domain.com wildcard which will
+		// have some nasty side effects if you have any other subdomains running hubzilla. 
+
 		session_set_cookie_params(
 			((isset($arr['lifetime']))   ? $arr['lifetime'] : 0),
 			((isset($arr['path']))      ? $arr['path']     : '/'),
-			((isset($arr['domain']))    ? $arr['domain']   : App::get_hostname()),
+			(($arr['domain'])    ? $arr['domain']   : false),
 			((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
 			((isset($arr['httponly']))  ? $arr['httponly'] : true)
 		);
@@ -51,9 +58,9 @@ class Session {
 
 	}
 
-	function start() {
+	public function start() {
 		session_start();
-		self::$session_started = true;
+		$this->session_started = true;
 	}
 
 	/**
@@ -62,8 +69,8 @@ class Session {
 	 * @return void
 	 */
 
-	function nuke() {
-		self::new_cookie(0); // 0 means delete on browser exit
+	public function nuke() {
+		$this->new_cookie(0); // 0 means delete on browser exit
 		if($_SESSION && count($_SESSION)) {
 			foreach($_SESSION as $k => $v) {
 				unset($_SESSION[$k]);
@@ -71,48 +78,53 @@ class Session {
 		}
 	}
 
-	function new_cookie($xtime) {
+	public function new_cookie($xtime) {
 
 		$newxtime = (($xtime> 0) ? (time() + $xtime) : 0);
 
 		$old_sid = session_id();
 
-		if(self::$handler && self::$session_started) {
+		$arr = session_get_cookie_params();
+
+		if($this->handler && $this->session_started) {
+
 			session_regenerate_id(true);
 
 			// force SessionHandler record creation with the new session_id
 			// which occurs as a side effect of read()
 
-			self::$handler->read(session_id());
+			$this->handler->read(session_id());
 		}
 		else 
 			logger('no session handler');
 
 		if (x($_COOKIE, 'jsdisabled')) {
-			setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime);
+			setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly']))  ? $arr['httponly'] : true));
 		}
-		setcookie(session_name(),session_id(),$newxtime);
+		setcookie(session_name(),session_id(),$newxtime, '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly']))  ? $arr['httponly'] : true));
 
 		$arr = array('expire' => $xtime);
 		call_hooks('new_cookie', $arr);
 
 	}
 
-	function extend_cookie() {
+	public function extend_cookie() {
+
+		$arr = session_get_cookie_params();
 
 		// if there's a long-term cookie, extend it
 
 		$xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 );
 
 		if($xtime)
-			setcookie(session_name(),session_id(),(time() + $xtime));
+			setcookie(session_name(),session_id(),(time() + $xtime), '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly']))  ? $arr['httponly'] : true));
 		$arr = array('expire' => $xtime);
 		call_hooks('extend_cookie', $arr);
 
 	}
 
 
-	function return_check() {
+	public function return_check() {
 
 		// check a returning visitor against IP changes.
 		// If the change results in being blocked from re-entry with the current cookie
@@ -152,7 +164,7 @@ class Session {
 					// check any difference at all
 					logger('Session address changed. Paranoid setting in effect, blocking session. '
 					. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
-					self::nuke();
+					$this->nuke();
 					goaway(z_root());
 					break;
 			}
diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php
index 6980a6408..6e7333b4b 100644
--- a/Zotlabs/Web/SessionHandler.php
+++ b/Zotlabs/Web/SessionHandler.php
@@ -18,10 +18,10 @@ class SessionHandler implements \SessionHandlerInterface {
 	function read ($id) {
 
 		if($id) {
-			$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
+			$r = q("SELECT `sess_data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
 
 			if($r) {
-				return $r[0]['data'];
+				return $r[0]['sess_data'];
 			}
 			else {
 				q("INSERT INTO `session` (sid, expire) values ('%s', '%s')",
@@ -59,7 +59,7 @@ class SessionHandler implements \SessionHandlerInterface {
 		}
 
 		q("UPDATE `session`
-			SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
+			SET `sess_data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
 			dbesc($data),
 			dbesc($expire),
 			dbesc($id)
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
new file mode 100644
index 000000000..88ab4995b
--- /dev/null
+++ b/Zotlabs/Web/WebServer.php
@@ -0,0 +1,130 @@
+<?php /** @file */
+
+namespace Zotlabs\Web;
+
+class WebServer {
+
+	public function run() {
+
+
+		/*
+		 * Bootstrap the application, load configuration, load modules, load theme, etc.
+		 */
+
+		require_once('boot.php');
+
+		sys_boot();
+
+
+		\App::$language = get_best_language();
+		load_translation_table(\App::$language,\App::$install);
+
+
+		/**
+		 *
+		 * Important stuff we always need to do.
+		 *
+		 * The order of these may be important so use caution if you think they're all
+		 * intertwingled with no logical order and decide to sort it out. Some of the
+		 * dependencies have changed, but at least at one time in the recent past - the
+		 * order was critical to everything working properly
+		 *
+		 */
+
+		if(\App::$session) {
+			\App::$session->start();
+	  	}
+  		else {
+			session_start();
+			register_shutdown_function('session_write_close');
+  		}
+
+		/**
+		 * Language was set earlier, but we can over-ride it in the session.
+		 * We have to do it here because the session was just now opened.
+		 */
+
+		if(array_key_exists('system_language',$_POST)) {
+			if(strlen($_POST['system_language']))
+				$_SESSION['language'] = $_POST['system_language'];
+			else
+				unset($_SESSION['language']);
+		}
+		if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
+			\App::$language = $_SESSION['language'];
+			load_translation_table(\App::$language);
+		}
+
+		if((x($_GET,'zid')) && (! \App::$install)) {
+			\App::$query_string = strip_zids(\App::$query_string);
+			if(! local_channel()) {
+				$_SESSION['my_address'] = $_GET['zid'];
+				zid_init($a);
+			}
+		}
+
+		if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || (\App::$module === 'login'))
+			require('include/auth.php');
+
+		if(! x($_SESSION, 'sysmsg'))
+			$_SESSION['sysmsg'] = array();
+
+		if(! x($_SESSION, 'sysmsg_info'))
+			$_SESSION['sysmsg_info'] = array();
+
+		/*
+		 * check_config() is responsible for running update scripts. These automatically
+		 * update the DB schema whenever we push a new one out. It also checks to see if
+		 * any plugins have been added or removed and reacts accordingly.
+		 */
+
+
+		if(\App::$install) {
+			/* Allow an exception for the view module so that pcss will be interpreted during installation */
+			if(\App::$module != 'view')
+				\App::$module = 'setup';
+		}
+		else
+			check_config($a);
+
+		nav_set_selected('nothing');
+
+		$Router = new Router($a);
+
+		/* initialise content region */
+
+		if(! x(\App::$page, 'content'))
+			\App::$page['content'] = '';
+
+		call_hooks('page_content_top', \App::$page['content']);
+
+
+		$Router->Dispatch($a);
+
+
+		// If you're just visiting, let javascript take you home
+
+		if(x($_SESSION, 'visitor_home')) {
+			$homebase = $_SESSION['visitor_home'];
+		} elseif(local_channel()) {
+			$homebase = z_root() . '/channel/' . \App::$channel['channel_address'];
+		}
+
+		if(isset($homebase)) {
+			\App::$page['content'] .= '<script>var homebase = "' . $homebase . '";</script>';
+		}
+
+		// now that we've been through the module content, see if the page reported
+		// a permission problem and if so, a 403 response would seem to be in order.
+
+		if(stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) {
+			header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.'));
+		}
+
+		call_hooks('page_end', \App::$page['content']);
+
+		construct_page($a);
+
+		killme();
+	}
+}
\ No newline at end of file