From 605c05fc8b6af43c095818a69150e35b41795d78 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 16 May 2016 02:03:15 -0700 Subject: changes to session for cdev compatibility --- Zotlabs/Web/Session.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index e18ad38fb..5ee4343df 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -16,7 +16,7 @@ class Session { private static $handler = null; private static $session_started = false; - function init() { + static public function init() { $gc_probability = 50; @@ -51,7 +51,7 @@ class Session { } - function start() { + static public function start() { session_start(); self::$session_started = true; } @@ -62,7 +62,7 @@ class Session { * @return void */ - function nuke() { + static public function nuke() { self::new_cookie(0); // 0 means delete on browser exit if($_SESSION && count($_SESSION)) { foreach($_SESSION as $k => $v) { @@ -71,7 +71,7 @@ class Session { } } - function new_cookie($xtime) { + static public function new_cookie($xtime) { $newxtime = (($xtime> 0) ? (time() + $xtime) : 0); @@ -98,7 +98,7 @@ class Session { } - function extend_cookie() { + static public function extend_cookie() { // if there's a long-term cookie, extend it @@ -112,7 +112,7 @@ class Session { } - function return_check() { + static public function return_check() { // check a returning visitor against IP changes. // If the change results in being blocked from re-entry with the current cookie -- cgit v1.2.3 From 18a9831cd3408ec4ac7e22320f1f92ef81c6d293 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 16 May 2016 13:46:35 -0700 Subject: restrict static to the one function that requires it --- Zotlabs/Web/Session.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index 5ee4343df..248da51a7 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -16,7 +16,7 @@ class Session { private static $handler = null; private static $session_started = false; - static public function init() { + public function init() { $gc_probability = 50; @@ -51,7 +51,7 @@ class Session { } - static public function start() { + public function start() { session_start(); self::$session_started = true; } @@ -71,7 +71,7 @@ class Session { } } - static public function new_cookie($xtime) { + public function new_cookie($xtime) { $newxtime = (($xtime> 0) ? (time() + $xtime) : 0); @@ -98,7 +98,7 @@ class Session { } - static public function extend_cookie() { + public function extend_cookie() { // if there's a long-term cookie, extend it @@ -112,7 +112,7 @@ class Session { } - static public function return_check() { + public function return_check() { // check a returning visitor against IP changes. // If the change results in being blocked from re-entry with the current cookie -- cgit v1.2.3 From 2dcedd69519a40ca0f40bf7b8b86423e98c778c9 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 16 May 2016 17:07:39 -0700 Subject: more work on sessions and cookies, as some anomalies appeared in caldav and firefox which suggested deeper issues --- Zotlabs/Web/Session.php | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index 248da51a7..df7249a34 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,8 +13,8 @@ namespace Zotlabs\Web; class Session { - private static $handler = null; - private static $session_started = false; + static private $handler = null; + static private $session_started = false; public function init() { @@ -29,7 +29,7 @@ class Session { */ $handler = new \Zotlabs\Web\SessionHandler(); - self::$handler = $handler; + $this->handler = $handler; $x = session_set_save_handler($handler,false); if(! $x) @@ -38,11 +38,12 @@ class Session { // Force cookies to be secure (https only) if this site is SSL enabled. // Must be done before session_start(). + $arr = session_get_cookie_params(); session_set_cookie_params( ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0), ((isset($arr['path'])) ? $arr['path'] : '/'), - ((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()), + (($arr['domain']) ? $arr['domain'] : \App::get_hostname()), ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false), ((isset($arr['httponly'])) ? $arr['httponly'] : true) ); @@ -53,7 +54,7 @@ class Session { public function start() { session_start(); - self::$session_started = true; + $this->session_started = true; } /** @@ -62,8 +63,8 @@ class Session { * @return void */ - static public function nuke() { - self::new_cookie(0); // 0 means delete on browser exit + public function nuke() { + $this->new_cookie(0); // 0 means delete on browser exit if($_SESSION && count($_SESSION)) { foreach($_SESSION as $k => $v) { unset($_SESSION[$k]); @@ -77,21 +78,23 @@ class Session { $old_sid = session_id(); - if(self::$handler && self::$session_started) { + $arr = session_get_cookie_params(); + + if($this->handler && $this->session_started) { session_regenerate_id(true); // force SessionHandler record creation with the new session_id // which occurs as a side effect of read() - self::$handler->read(session_id()); + $this->handler->read(session_id()); } else logger('no session handler'); if (x($_COOKIE, 'jsdisabled')) { - setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime); + setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); } - setcookie(session_name(),session_id(),$newxtime); + setcookie(session_name(),session_id(),$newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); $arr = array('expire' => $xtime); call_hooks('new_cookie', $arr); @@ -100,12 +103,14 @@ class Session { public function extend_cookie() { + $arr = session_get_cookie_params(); + // if there's a long-term cookie, extend it $xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 ); if($xtime) - setcookie(session_name(),session_id(),(time() + $xtime)); + setcookie(session_name(),session_id(),(time() + $xtime), '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); $arr = array('expire' => $xtime); call_hooks('extend_cookie', $arr); @@ -152,7 +157,7 @@ class Session { // check any difference at all logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - self::nuke(); + $this->nuke(); goaway(z_root()); break; } -- cgit v1.2.3 From 883b1ff51355b72a1af2a1ab09877bc444ee905f Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 16 May 2016 19:23:42 -0700 Subject: an issue related to #386 --- Zotlabs/Web/Session.php | 1 + 1 file changed, 1 insertion(+) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index df7249a34..b1f5526ea 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -29,6 +29,7 @@ class Session { */ $handler = new \Zotlabs\Web\SessionHandler(); + $this->handler = $handler; $x = session_set_save_handler($handler,false); -- cgit v1.2.3 From 51edd472c2e007490bdad3198ba1b2a3d7a09c45 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 16 May 2016 22:01:33 -0700 Subject: yet more session work --- Zotlabs/Web/Session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index b1f5526ea..c26b3523c 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,8 +13,8 @@ namespace Zotlabs\Web; class Session { - static private $handler = null; - static private $session_started = false; + private $handler = null; + private $session_started = false; public function init() { -- cgit v1.2.3 From 20cb4130d47028cbedf09f8da9feb6ccf8f759db Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 17 May 2016 17:46:30 -0700 Subject: support work for a long-term fix for issue #390, essentially one can specify a theme:schema string anywhere a theme is input. It will be honoured unless an existing schema setting over-rides this behaviour. This should also be backward compatible but the theme selection code has been cleaned up slightly and there may be subtle differences in behaviour after this commit. On my site this required a page refresh as the first page load after this change was a bit confused. --- Zotlabs/Web/Router.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index e6733ffdb..f9290ac30 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -206,13 +206,15 @@ class Router { * load current theme info */ - $theme_info_file = 'view/theme/' . current_theme() . '/php/theme.php'; + $current_theme = \Zotlabs\Render\Theme::current(); + + $theme_info_file = 'view/theme/' . $current_theme[0] . '/php/theme.php'; if (file_exists($theme_info_file)){ require_once($theme_info_file); } - if(function_exists(str_replace('-', '_', current_theme()) . '_init')) { - $func = str_replace('-', '_', current_theme()) . '_init'; + if(function_exists(str_replace('-', '_', $current_theme[0]) . '_init')) { + $func = str_replace('-', '_', $current_theme[0]) . '_init'; $func($a); } elseif (x(\App::$theme_info, 'extends') && file_exists('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php')) { -- cgit v1.2.3 From 37d14f3a1dbc8b4fea6831585c746be4a6602fcb Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 18 May 2016 17:02:46 -0700 Subject: Revert "yet more session work" This reverts commit 51edd472c2e007490bdad3198ba1b2a3d7a09c45. --- Zotlabs/Web/Session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index c26b3523c..b1f5526ea 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,8 +13,8 @@ namespace Zotlabs\Web; class Session { - private $handler = null; - private $session_started = false; + static private $handler = null; + static private $session_started = false; public function init() { -- cgit v1.2.3 From 1f7e6cae823e75ab47fa9c9a1a496842d20901d5 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 18 May 2016 17:03:54 -0700 Subject: Revert "Revert "yet more session work"" This reverts commit 37d14f3a1dbc8b4fea6831585c746be4a6602fcb. --- Zotlabs/Web/Session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index b1f5526ea..c26b3523c 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,8 +13,8 @@ namespace Zotlabs\Web; class Session { - static private $handler = null; - static private $session_started = false; + private $handler = null; + private $session_started = false; public function init() { -- cgit v1.2.3 From c17b47518d57de90264378ff082e8a2576bec273 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 18 May 2016 17:55:22 -0700 Subject: comment out session_regenerate until we get this sorted --- Zotlabs/Web/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index c26b3523c..2b058d379 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -82,7 +82,7 @@ class Session { $arr = session_get_cookie_params(); if($this->handler && $this->session_started) { - session_regenerate_id(true); + // session_regenerate_id(true); // force SessionHandler record creation with the new session_id // which occurs as a side effect of read() -- cgit v1.2.3 From f4b31dcb3a56789c9c96e982466b11fe472e1444 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 18 May 2016 20:36:03 -0700 Subject: Document what I know about the session regeneration issue. I'm really tired of fighting this darn thing. Sessions and cookies need to work. --- Zotlabs/Web/Session.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index 2b058d379..63ccd91fe 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -82,6 +82,19 @@ class Session { $arr = session_get_cookie_params(); if($this->handler && $this->session_started) { + + // The session should be regenerated to prevent session fixation attacks. + // Traditionally this has been working well, but stopped working in Firefox + // recently (~46.0). It works well in other browsers. FF takes time for the + // new cookie to propagate and it appears to still use the old cookie for the + // next several requests. We don't have an easy way to flush the cookies and + // ensure the browser is using the right one. I've tried several methods including + // delayed cookie deletion and issuing a page reload just after authentication + // and none have been successful and all are hacks to work around what looks to be + // a browser issue. This is an important @FIXME. We should enable by default and let + // folks disable it if they have issues, except they can't login to change it if + // their sessions aren't working. + // session_regenerate_id(true); // force SessionHandler record creation with the new session_id -- cgit v1.2.3 From ada26dd2cbf99e7e8395b4e466a3f73245d004f1 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 18 May 2016 21:00:31 -0700 Subject: This explains it all. Don't set the domain when creating a cookie. You'll get a wildcard and sessions will break if you have multiple domains running hubzilla (or any php basic session based code). --- Zotlabs/Web/Session.php | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index 63ccd91fe..4f2a3f1f7 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -41,10 +41,15 @@ class Session { $arr = session_get_cookie_params(); + + // Note when setting cookies: set the domain to false which creates a single domain + // cookie. If you use a hostname it will create a .domain.com wildcard which will + // have some nasty side effects if you have any other subdomains running hubzilla. + session_set_cookie_params( ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0), ((isset($arr['path'])) ? $arr['path'] : '/'), - (($arr['domain']) ? $arr['domain'] : \App::get_hostname()), + (($arr['domain']) ? $arr['domain'] : false), ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false), ((isset($arr['httponly'])) ? $arr['httponly'] : true) ); @@ -83,19 +88,7 @@ class Session { if($this->handler && $this->session_started) { - // The session should be regenerated to prevent session fixation attacks. - // Traditionally this has been working well, but stopped working in Firefox - // recently (~46.0). It works well in other browsers. FF takes time for the - // new cookie to propagate and it appears to still use the old cookie for the - // next several requests. We don't have an easy way to flush the cookies and - // ensure the browser is using the right one. I've tried several methods including - // delayed cookie deletion and issuing a page reload just after authentication - // and none have been successful and all are hacks to work around what looks to be - // a browser issue. This is an important @FIXME. We should enable by default and let - // folks disable it if they have issues, except they can't login to change it if - // their sessions aren't working. - - // session_regenerate_id(true); + session_regenerate_id(true); // force SessionHandler record creation with the new session_id // which occurs as a side effect of read() @@ -106,9 +99,9 @@ class Session { logger('no session handler'); if (x($_COOKIE, 'jsdisabled')) { - setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); + setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime, '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); } - setcookie(session_name(),session_id(),$newxtime, '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); + setcookie(session_name(),session_id(),$newxtime, '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); $arr = array('expire' => $xtime); call_hooks('new_cookie', $arr); @@ -124,7 +117,7 @@ class Session { $xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 ); if($xtime) - setcookie(session_name(),session_id(),(time() + $xtime), '/', \App::get_hostname(),((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); + setcookie(session_name(),session_id(),(time() + $xtime), '/', false,((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),((isset($arr['httponly'])) ? $arr['httponly'] : true)); $arr = array('expire' => $xtime); call_hooks('extend_cookie', $arr); -- cgit v1.2.3 From 84ba6393ad32406a9875044aef2d031c7d0d7a46 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 24 May 2016 16:36:55 -0700 Subject: relocate index and db --- Zotlabs/Web/WebServer.php | 191 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 Zotlabs/Web/WebServer.php (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php new file mode 100644 index 000000000..98bf62c9a --- /dev/null +++ b/Zotlabs/Web/WebServer.php @@ -0,0 +1,191 @@ +convert(); + + \App::$timezone = ((x($default_timezone)) ? $default_timezone : 'UTC'); + date_default_timezone_set(\App::$timezone); + + + /* + * Try to open the database; + */ + + require_once('include/dba/dba_driver.php'); + + if(! \App::$install) { + $db = DBA::dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, \App::$install); + if(! $db->connected) { + system_unavailable(); + } + + unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type); + + /** + * Load configs from db. Overwrite configs from .htconfig.php + */ + + load_config('config'); + load_config('system'); + load_config('feature'); + + \App::$session = new Zotlabs\Web\Session(); + \App::$session->init(); + load_hooks(); + call_hooks('init_1'); + + } + + + \App::$language = get_best_language(); + load_translation_table(\App::$language,\App::$install); + + + /** + * + * Important stuff we always need to do. + * + * The order of these may be important so use caution if you think they're all + * intertwingled with no logical order and decide to sort it out. Some of the + * dependencies have changed, but at least at one time in the recent past - the + * order was critical to everything working properly + * + */ + + if(\App::$session) { + \App::$session->start(); + } + else { + session_start(); + register_shutdown_function('session_write_close'); + } + + /** + * Language was set earlier, but we can over-ride it in the session. + * We have to do it here because the session was just now opened. + */ + + if(array_key_exists('system_language',$_POST)) { + if(strlen($_POST['system_language'])) + $_SESSION['language'] = $_POST['system_language']; + else + unset($_SESSION['language']); + } + if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) { + \App::$language = $_SESSION['language']; + load_translation_table(\App::$language); + } + + if((x($_GET,'zid')) && (! \App::$install)) { + \App::$query_string = strip_zids(\App::$query_string); + if(! local_channel()) { + $_SESSION['my_address'] = $_GET['zid']; + zid_init($a); + } + } + + if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || (\App::$module === 'login')) + require('include/auth.php'); + + if(! x($_SESSION, 'sysmsg')) + $_SESSION['sysmsg'] = array(); + + if(! x($_SESSION, 'sysmsg_info')) + $_SESSION['sysmsg_info'] = array(); + + /* + * check_config() is responsible for running update scripts. These automatically + * update the DB schema whenever we push a new one out. It also checks to see if + * any plugins have been added or removed and reacts accordingly. + */ + + + if(\App::$install) { + /* Allow an exception for the view module so that pcss will be interpreted during installation */ + if(\App::$module != 'view') + \App::$module = 'setup'; + } + else + check_config($a); + + nav_set_selected('nothing'); + + $Router = new Zotlabs\Web\Router($a); + + /* initialise content region */ + + if(! x(\App::$page, 'content')) + \App::$page['content'] = ''; + + call_hooks('page_content_top', \App::$page['content']); + + + $Router->Dispatch($a); + + + // If you're just visiting, let javascript take you home + + if(x($_SESSION, 'visitor_home')) { + $homebase = $_SESSION['visitor_home']; + } elseif(local_channel()) { + $homebase = z_root() . '/channel/' . \App::$channel['channel_address']; + } + + if(isset($homebase)) { + \App::$page['content'] .= ''; + } + + // now that we've been through the module content, see if the page reported + // a permission problem and if so, a 403 response would seem to be in order. + + if(stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) { + header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.')); + } + + call_hooks('page_end', \App::$page['content']); + + construct_page($a); + + killme(); + } +} \ No newline at end of file -- cgit v1.2.3 From 516c43ba154dc43ec0ef6135fb0a9732d0185a6f Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 24 May 2016 17:54:45 -0700 Subject: more work associated with DBA and index.php shuffle --- Zotlabs/Web/WebServer.php | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index 98bf62c9a..5237bf667 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -1,19 +1,16 @@ connected) { + \DBA::dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, \App::$install); + if(! \DBA::$dba->connected) { system_unavailable(); } @@ -69,7 +66,7 @@ class WebServer { load_config('system'); load_config('feature'); - \App::$session = new Zotlabs\Web\Session(); + \App::$session = new Session(); \App::$session->init(); load_hooks(); call_hooks('init_1'); @@ -150,7 +147,7 @@ class WebServer { nav_set_selected('nothing'); - $Router = new Zotlabs\Web\Router($a); + $Router = new Router($a); /* initialise content region */ -- cgit v1.2.3 From 096fdfc61b5381bd3f7918a7c5f6004461354f32 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 26 May 2016 16:33:01 -0700 Subject: consolidate all the sys_boot functionality that is common between the web server and the cli daemon manager. Get rid of yet another global variable ($default_timezone) whilst doing so. --- Zotlabs/Web/WebServer.php | 60 +---------------------------------------------- 1 file changed, 1 insertion(+), 59 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index 5237bf667..88ab4995b 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -13,65 +13,7 @@ class WebServer { require_once('boot.php'); - if(file_exists('.htsite.php')) - include('.htsite.php'); - - - // miniApp is a conversion object from old style .htconfig.php files - - $a = new \miniApp; - - // our central App object - - \App::init(); - - /* - * Load the configuration file which contains our DB credentials. - * Ignore errors. If the file doesn't exist or is empty, we are running in - * installation mode. - */ - - \App::$install = ((file_exists('.htconfig.php') && filesize('.htconfig.php')) ? false : true); - - @include('.htconfig.php'); - - if(! defined('UNO')) - define('UNO', 0); - - $a->convert(); - - \App::$timezone = ((x($default_timezone)) ? $default_timezone : 'UTC'); - date_default_timezone_set(\App::$timezone); - - - /* - * Try to open the database; - */ - - require_once('include/dba/dba_driver.php'); - - if(! \App::$install) { - \DBA::dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, \App::$install); - if(! \DBA::$dba->connected) { - system_unavailable(); - } - - unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type); - - /** - * Load configs from db. Overwrite configs from .htconfig.php - */ - - load_config('config'); - load_config('system'); - load_config('feature'); - - \App::$session = new Session(); - \App::$session->init(); - load_hooks(); - call_hooks('init_1'); - - } + sys_boot(); \App::$language = get_best_language(); -- cgit v1.2.3 From dfb6255f59980835d364402b372dd39f2b41ee7c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Tue, 31 May 2016 17:50:47 -0700 Subject: more removal of reserved words from DB schemas --- Zotlabs/Web/SessionHandler.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Web') diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php index 6980a6408..6e7333b4b 100644 --- a/Zotlabs/Web/SessionHandler.php +++ b/Zotlabs/Web/SessionHandler.php @@ -18,10 +18,10 @@ class SessionHandler implements \SessionHandlerInterface { function read ($id) { if($id) { - $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); + $r = q("SELECT `sess_data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); if($r) { - return $r[0]['data']; + return $r[0]['sess_data']; } else { q("INSERT INTO `session` (sid, expire) values ('%s', '%s')", @@ -59,7 +59,7 @@ class SessionHandler implements \SessionHandlerInterface { } q("UPDATE `session` - SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", + SET `sess_data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", dbesc($data), dbesc($expire), dbesc($id) -- cgit v1.2.3