diff options
Diffstat (limited to 'Zotlabs/Web')
-rw-r--r-- | Zotlabs/Web/Router.php | 8 | ||||
-rw-r--r-- | Zotlabs/Web/Session.php | 48 | ||||
-rw-r--r-- | Zotlabs/Web/SessionHandler.php | 6 | ||||
-rw-r--r-- | Zotlabs/Web/WebServer.php | 130 |
4 files changed, 168 insertions, 24 deletions
diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index e6733ffdb..f9290ac30 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -206,13 +206,15 @@ class Router { * load current theme info */ - $theme_info_file = 'view/theme/' . current_theme() . '/php/theme.php'; + $current_theme = \Zotlabs\Render\Theme::current(); + + $theme_info_file = 'view/theme/' . $current_theme[0] . '/php/theme.php'; if (file_exists($theme_info_file)){ require_once($theme_info_file); } - if(function_exists(str_replace('-', '_', current_theme()) . '_init')) { - $func = str_replace('-', '_', current_theme()) . '_init'; + if(function_exists(str_replace('-', '_', $current_theme[0]) . '_init')) { + $func = str_replace('-', '_', $current_theme[0]) . '_init'; $func($a); } elseif (x(\App::$theme_info, 'extends') && file_exists('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php')) { diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index e18ad38fb..4f2a3f1f7 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,10 +13,10 @@ namespace Zotlabs\Web; class Session { - private static $handler = null; - private static $session_started = false; + private $handler = null; + private $session_started = false; - function init() { + public function init() { $gc_probability = 50; @@ -29,7 +29,8 @@ class Session { */ $handler = new \Zotlabs\Web\SessionHandler(); - self::$handler = $handler; + + $this->handler = $handler; $x = session_set_save_handler($handler,false); if(! $x) @@ -38,11 +39,17 @@ class Session { // Force cookies to be secure (https only) if this site is SSL enabled. // Must be done before session_start(). + $arr = session_get_cookie_params(); + + // Note when setting cookies: set the domain to false which creates a single domain + // cookie. If you use a hostname it will create a .domain.com wildcard which will + // have some nasty side effects if you have any other subdomains running hubzilla. + session_set_cookie_params( ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0), ((isset($arr['path'])) ? $arr['path'] : '/'), - ((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()), + (($arr['domain']) ? $arr['domain'] : false), ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false), ((isset($arr['httponly'])) ? $arr['httponly'] : true) ); @@ -51,9 +58,9 @@ class Session { } - function start() { + public function start() { session_start(); - self::$session_started = true; + $this->session_started = true; } /** @@ -62,8 +69,8 @@ class Session { * @return void */ - function nuke() { - self::new_cookie(0); // 0 means delete on browser exit + public function nuke() { + $this->new_cookie(0); // 0 means delete on browser exit if($_SESSION && count($_SESSION)) { foreach($_SESSION as $k => $v) { unset($_SESSION[$k]); @@ -71,48 +78,53 @@ class Session { } } - function new_cookie($xtime) { + public function new_cookie($xtime) { $newxtime = (($xtime> 0) ? (time() + $xtime) : 0); $old_sid = session_id(); - if(self::$handler && self::$session_started) { + $arr = session_get_cookie_params(); + + if($this->handler && $this->session_started) { + session_regenerate_id(true); // force SessionHandler record creation with the new session_id // which occurs as a side effect of read() - self::$handler->read(session_id()); + $this->handler->read(session_id()); } else logger('no session handler'); if (x($_COOKIE, 'jsdisabled')) { - setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime); + setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); } - setcookie(session_name(),session_id(),$newxtime); + setcookie(session_name(),session_id(),$newxtime, '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); $arr = array('expire' => $xtime); call_hooks('new_cookie', $arr); } - function extend_cookie() { + public function extend_cookie() { + + $arr = session_get_cookie_params(); // if there's a long-term cookie, extend it $xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 ); if($xtime) - setcookie(session_name(),session_id(),(time() + $xtime)); + setcookie(session_name(),session_id(),(time() + $xtime), '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); $arr = array('expire' => $xtime); call_hooks('extend_cookie', $arr); } - function return_check() { + public function return_check() { // check a returning visitor against IP changes. // If the change results in being blocked from re-entry with the current cookie @@ -152,7 +164,7 @@ class Session { // check any difference at all logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - self::nuke(); + $this->nuke(); goaway(z_root()); break; } diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php index 6980a6408..6e7333b4b 100644 --- a/Zotlabs/Web/SessionHandler.php +++ b/Zotlabs/Web/SessionHandler.php @@ -18,10 +18,10 @@ class SessionHandler implements \SessionHandlerInterface { function read ($id) { if($id) { - $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); + $r = q("SELECT `sess_data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); if($r) { - return $r[0]['data']; + return $r[0]['sess_data']; } else { q("INSERT INTO `session` (sid, expire) values ('%s', '%s')", @@ -59,7 +59,7 @@ class SessionHandler implements \SessionHandlerInterface { } q("UPDATE `session` - SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", + SET `sess_data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", dbesc($data), dbesc($expire), dbesc($id) diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php new file mode 100644 index 000000000..88ab4995b --- /dev/null +++ b/Zotlabs/Web/WebServer.php @@ -0,0 +1,130 @@ +<?php /** @file */ + +namespace Zotlabs\Web; + +class WebServer { + + public function run() { + + + /* + * Bootstrap the application, load configuration, load modules, load theme, etc. + */ + + require_once('boot.php'); + + sys_boot(); + + + \App::$language = get_best_language(); + load_translation_table(\App::$language,\App::$install); + + + /** + * + * Important stuff we always need to do. + * + * The order of these may be important so use caution if you think they're all + * intertwingled with no logical order and decide to sort it out. Some of the + * dependencies have changed, but at least at one time in the recent past - the + * order was critical to everything working properly + * + */ + + if(\App::$session) { + \App::$session->start(); + } + else { + session_start(); + register_shutdown_function('session_write_close'); + } + + /** + * Language was set earlier, but we can over-ride it in the session. + * We have to do it here because the session was just now opened. + */ + + if(array_key_exists('system_language',$_POST)) { + if(strlen($_POST['system_language'])) + $_SESSION['language'] = $_POST['system_language']; + else + unset($_SESSION['language']); + } + if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) { + \App::$language = $_SESSION['language']; + load_translation_table(\App::$language); + } + + if((x($_GET,'zid')) && (! \App::$install)) { + \App::$query_string = strip_zids(\App::$query_string); + if(! local_channel()) { + $_SESSION['my_address'] = $_GET['zid']; + zid_init($a); + } + } + + if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || (\App::$module === 'login')) + require('include/auth.php'); + + if(! x($_SESSION, 'sysmsg')) + $_SESSION['sysmsg'] = array(); + + if(! x($_SESSION, 'sysmsg_info')) + $_SESSION['sysmsg_info'] = array(); + + /* + * check_config() is responsible for running update scripts. These automatically + * update the DB schema whenever we push a new one out. It also checks to see if + * any plugins have been added or removed and reacts accordingly. + */ + + + if(\App::$install) { + /* Allow an exception for the view module so that pcss will be interpreted during installation */ + if(\App::$module != 'view') + \App::$module = 'setup'; + } + else + check_config($a); + + nav_set_selected('nothing'); + + $Router = new Router($a); + + /* initialise content region */ + + if(! x(\App::$page, 'content')) + \App::$page['content'] = ''; + + call_hooks('page_content_top', \App::$page['content']); + + + $Router->Dispatch($a); + + + // If you're just visiting, let javascript take you home + + if(x($_SESSION, 'visitor_home')) { + $homebase = $_SESSION['visitor_home']; + } elseif(local_channel()) { + $homebase = z_root() . '/channel/' . \App::$channel['channel_address']; + } + + if(isset($homebase)) { + \App::$page['content'] .= '<script>var homebase = "' . $homebase . '";</script>'; + } + + // now that we've been through the module content, see if the page reported + // a permission problem and if so, a 403 response would seem to be in order. + + if(stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { + header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.')); + } + + call_hooks('page_end', \App::$page['content']); + + construct_page($a); + + killme(); + } +}
\ No newline at end of file |