aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Web')
-rw-r--r--Zotlabs/Web/Router.php8
-rw-r--r--Zotlabs/Web/Session.php48
-rw-r--r--Zotlabs/Web/SessionHandler.php6
-rw-r--r--Zotlabs/Web/WebServer.php130
4 files changed, 168 insertions, 24 deletions
diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php
index e6733ffdb..f9290ac30 100644
--- a/Zotlabs/Web/Router.php
+++ b/Zotlabs/Web/Router.php
@@ -206,13 +206,15 @@ class Router {
* load current theme info
*/
- $theme_info_file = 'view/theme/' . current_theme() . '/php/theme.php';
+ $current_theme = \Zotlabs\Render\Theme::current();
+
+ $theme_info_file = 'view/theme/' . $current_theme[0] . '/php/theme.php';
if (file_exists($theme_info_file)){
require_once($theme_info_file);
}
- if(function_exists(str_replace('-', '_', current_theme()) . '_init')) {
- $func = str_replace('-', '_', current_theme()) . '_init';
+ if(function_exists(str_replace('-', '_', $current_theme[0]) . '_init')) {
+ $func = str_replace('-', '_', $current_theme[0]) . '_init';
$func($a);
}
elseif (x(\App::$theme_info, 'extends') && file_exists('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php')) {
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index e18ad38fb..4f2a3f1f7 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -13,10 +13,10 @@ namespace Zotlabs\Web;
class Session {
- private static $handler = null;
- private static $session_started = false;
+ private $handler = null;
+ private $session_started = false;
- function init() {
+ public function init() {
$gc_probability = 50;
@@ -29,7 +29,8 @@ class Session {
*/
$handler = new \Zotlabs\Web\SessionHandler();
- self::$handler = $handler;
+
+ $this->handler = $handler;
$x = session_set_save_handler($handler,false);
if(! $x)
@@ -38,11 +39,17 @@ class Session {
// Force cookies to be secure (https only) if this site is SSL enabled.
// Must be done before session_start().
+
$arr = session_get_cookie_params();
+
+ // Note when setting cookies: set the domain to false which creates a single domain
+ // cookie. If you use a hostname it will create a .domain.com wildcard which will
+ // have some nasty side effects if you have any other subdomains running hubzilla.
+
session_set_cookie_params(
((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
((isset($arr['path'])) ? $arr['path'] : '/'),
- ((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()),
+ (($arr['domain']) ? $arr['domain'] : false),
((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
((isset($arr['httponly'])) ? $arr['httponly'] : true)
);
@@ -51,9 +58,9 @@ class Session {
}
- function start() {
+ public function start() {
session_start();
- self::$session_started = true;
+ $this->session_started = true;
}
/**
@@ -62,8 +69,8 @@ class Session {
* @return void
*/
- function nuke() {
- self::new_cookie(0); // 0 means delete on browser exit
+ public function nuke() {
+ $this->new_cookie(0); // 0 means delete on browser exit
if($_SESSION && count($_SESSION)) {
foreach($_SESSION as $k => $v) {
unset($_SESSION[$k]);
@@ -71,48 +78,53 @@ class Session {
}
}
- function new_cookie($xtime) {
+ public function new_cookie($xtime) {
$newxtime = (($xtime> 0) ? (time() + $xtime) : 0);
$old_sid = session_id();
- if(self::$handler && self::$session_started) {
+ $arr = session_get_cookie_params();
+
+ if($this->handler && $this->session_started) {
+
session_regenerate_id(true);
// force SessionHandler record creation with the new session_id
// which occurs as a side effect of read()
- self::$handler->read(session_id());
+ $this->handler->read(session_id());
}
else
logger('no session handler');
if (x($_COOKIE, 'jsdisabled')) {
- setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime);
+ setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true));
}
- setcookie(session_name(),session_id(),$newxtime);
+ setcookie(session_name(),session_id(),$newxtime, '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true));
$arr = array('expire' => $xtime);
call_hooks('new_cookie', $arr);
}
- function extend_cookie() {
+ public function extend_cookie() {
+
+ $arr = session_get_cookie_params();
// if there's a long-term cookie, extend it
$xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 );
if($xtime)
- setcookie(session_name(),session_id(),(time() + $xtime));
+ setcookie(session_name(),session_id(),(time() + $xtime), '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true));
$arr = array('expire' => $xtime);
call_hooks('extend_cookie', $arr);
}
- function return_check() {
+ public function return_check() {
// check a returning visitor against IP changes.
// If the change results in being blocked from re-entry with the current cookie
@@ -152,7 +164,7 @@ class Session {
// check any difference at all
logger('Session address changed. Paranoid setting in effect, blocking session. '
. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
- self::nuke();
+ $this->nuke();
goaway(z_root());
break;
}
diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php
index 6980a6408..6e7333b4b 100644
--- a/Zotlabs/Web/SessionHandler.php
+++ b/Zotlabs/Web/SessionHandler.php
@@ -18,10 +18,10 @@ class SessionHandler implements \SessionHandlerInterface {
function read ($id) {
if($id) {
- $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
+ $r = q("SELECT `sess_data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
if($r) {
- return $r[0]['data'];
+ return $r[0]['sess_data'];
}
else {
q("INSERT INTO `session` (sid, expire) values ('%s', '%s')",
@@ -59,7 +59,7 @@ class SessionHandler implements \SessionHandlerInterface {
}
q("UPDATE `session`
- SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
+ SET `sess_data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
dbesc($data),
dbesc($expire),
dbesc($id)
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
new file mode 100644
index 000000000..88ab4995b
--- /dev/null
+++ b/Zotlabs/Web/WebServer.php
@@ -0,0 +1,130 @@
+<?php /** @file */
+
+namespace Zotlabs\Web;
+
+class WebServer {
+
+ public function run() {
+
+
+ /*
+ * Bootstrap the application, load configuration, load modules, load theme, etc.
+ */
+
+ require_once('boot.php');
+
+ sys_boot();
+
+
+ \App::$language = get_best_language();
+ load_translation_table(\App::$language,\App::$install);
+
+
+ /**
+ *
+ * Important stuff we always need to do.
+ *
+ * The order of these may be important so use caution if you think they're all
+ * intertwingled with no logical order and decide to sort it out. Some of the
+ * dependencies have changed, but at least at one time in the recent past - the
+ * order was critical to everything working properly
+ *
+ */
+
+ if(\App::$session) {
+ \App::$session->start();
+ }
+ else {
+ session_start();
+ register_shutdown_function('session_write_close');
+ }
+
+ /**
+ * Language was set earlier, but we can over-ride it in the session.
+ * We have to do it here because the session was just now opened.
+ */
+
+ if(array_key_exists('system_language',$_POST)) {
+ if(strlen($_POST['system_language']))
+ $_SESSION['language'] = $_POST['system_language'];
+ else
+ unset($_SESSION['language']);
+ }
+ if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
+ \App::$language = $_SESSION['language'];
+ load_translation_table(\App::$language);
+ }
+
+ if((x($_GET,'zid')) && (! \App::$install)) {
+ \App::$query_string = strip_zids(\App::$query_string);
+ if(! local_channel()) {
+ $_SESSION['my_address'] = $_GET['zid'];
+ zid_init($a);
+ }
+ }
+
+ if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || (\App::$module === 'login'))
+ require('include/auth.php');
+
+ if(! x($_SESSION, 'sysmsg'))
+ $_SESSION['sysmsg'] = array();
+
+ if(! x($_SESSION, 'sysmsg_info'))
+ $_SESSION['sysmsg_info'] = array();
+
+ /*
+ * check_config() is responsible for running update scripts. These automatically
+ * update the DB schema whenever we push a new one out. It also checks to see if
+ * any plugins have been added or removed and reacts accordingly.
+ */
+
+
+ if(\App::$install) {
+ /* Allow an exception for the view module so that pcss will be interpreted during installation */
+ if(\App::$module != 'view')
+ \App::$module = 'setup';
+ }
+ else
+ check_config($a);
+
+ nav_set_selected('nothing');
+
+ $Router = new Router($a);
+
+ /* initialise content region */
+
+ if(! x(\App::$page, 'content'))
+ \App::$page['content'] = '';
+
+ call_hooks('page_content_top', \App::$page['content']);
+
+
+ $Router->Dispatch($a);
+
+
+ // If you're just visiting, let javascript take you home
+
+ if(x($_SESSION, 'visitor_home')) {
+ $homebase = $_SESSION['visitor_home'];
+ } elseif(local_channel()) {
+ $homebase = z_root() . '/channel/' . \App::$channel['channel_address'];
+ }
+
+ if(isset($homebase)) {
+ \App::$page['content'] .= '<script>var homebase = "' . $homebase . '";</script>';
+ }
+
+ // now that we've been through the module content, see if the page reported
+ // a permission problem and if so, a 403 response would seem to be in order.
+
+ if(stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) {
+ header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.'));
+ }
+
+ call_hooks('page_end', \App::$page['content']);
+
+ construct_page($a);
+
+ killme();
+ }
+} \ No newline at end of file