aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-11-14 13:17:55 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-11-14 13:17:55 +0000
commitcca93b954711e1729e3c43ed1eca25b1516ba8fa (patch)
tree89322fb3529cda80de548e3a4d0c814e1e00f599 /engine/lib
parentd7fc2feb27caa7c35100ac62faf6076004370d84 (diff)
downloadelgg-cca93b954711e1729e3c43ed1eca25b1516ba8fa.tar.gz
elgg-cca93b954711e1729e3c43ed1eca25b1516ba8fa.tar.bz2
* Candidate for initial ElggSession magic class
* Session now properly cleared on init and logout - this has knock on effect that you can no longer assume that $_SESSION['id'] or 'guid' will be integer, making it necessary to cast. git-svn-id: https://code.elgg.org/elgg/trunk@2448 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/sessions.php78
1 files changed, 43 insertions, 35 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index bd9ce9d31..dee5cd4a9 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -13,7 +13,7 @@
*/
/** Elgg magic session */
- static $SESSION;
+ global $SESSION;
/**
* Magic session class.
@@ -23,11 +23,13 @@
* Primarily this is intended to provide a way of supplying "logged in user" details without touching the session
* (which can cause problems when accessed server side).
*
- * If a value is present in the session then that value is returned, otherwise a plugin hook 'session::get', '$var' is called,
+ * If a value is present in the session then that value is returned, otherwise a plugin hook 'session:get', '$var' is called,
* where $var is the variable being requested.
*
* Setting values will store variables in the session in the normal way.
*
+ * LIMITATIONS: You can not access multidimensional arrays
+ *
* This is EXPERIMENTAL.
*/
class ElggSession implements ArrayAccess
@@ -35,6 +37,8 @@
/** Local cache of trigger retrieved variables */
private static $__localcache;
+ function __isset($key) { return $this->offsetExists($key); }
+
/** Set a value, go straight to session. */
function offsetSet($key, $value) { $_SESSION[$key] = $value; }
@@ -44,21 +48,21 @@
*/
function offsetGet($key)
{
+ if (!ElggSession::$__localcache)
+ ElggSession::$__localcache = array();
+
if (isset($_SESSION[$key]))
return $_SESSION[$key];
- if (isset($this->__localcache[$key]))
- return $this->__localcache[$key];
+ if (isset(ElggSession::$__localcache[$key]))
+ return ElggSession::$__localcache[$key];
$value = null;
- $value = trigger_plugin_hook('session::get', $key, null, $value);
-
- if (!$this->__localcache)
- $this->__localcache = array();
+ $value = trigger_plugin_hook('session:get', $key, null, $value);
- $this->__localcache[$key] = $value;
+ ElggSession::$__localcache[$key] = $value;
- return $this->__localcache[$key];
+ return ElggSession::$__localcache[$key];
}
/**
@@ -66,7 +70,7 @@
*/
function offsetUnset($key)
{
- unset($this->__localcache[$key]);
+ unset(ElggSession::$__localcache[$key]);
unset($_SESSION[$key]);
}
@@ -74,10 +78,13 @@
* Return whether the value is set in either the session or the cache.
*/
function offsetExists($offset) {
- if (isset($this->__localcache[$key]))
+ if (isset(ElggSession::$__localcache[$offset]))
return true;
- return isset($_SESSION[$key]);
+ if (isset($_SESSION[$offset]))
+ return true;
+
+ if ($this->offsetGet($offset)) return true;
}
}
@@ -88,9 +95,11 @@
* @return true|false
*/
function isloggedin() {
+
+ global $SESSION;
- if (!is_installed()) return false;
- if ((isset($_SESSION['guid'])) && ($_SESSION['guid'] > 0) && (isset($_SESSION['id'])) && ($_SESSION['id'] > 0) )
+ if (!is_installed()) return false;
+ if ((isset($SESSION['guid'])) && ($SESSION['guid'] > 0) && (isset($SESSION['id'])) && ($SESSION['id'] > 0) )
return true;
return false;
@@ -106,7 +115,9 @@
*/
function isadminloggedin()
{
- if ((isloggedin()) && (($_SESSION['user']->admin || $_SESSION['user']->siteadmin)))
+ global $SESSION;
+
+ if ((isloggedin()) && (($SESSION['user']->admin || $SESSION['user']->siteadmin)))
return true;
return false;
@@ -287,9 +298,8 @@
if (isset($_COOKIE['elggperm'])) {
$code = $_COOKIE['elggperm'];
$code = md5($code);
- $_SESSION['guid'] = 0;
- $_SESSION['id'] = 0;
- // $_SESSION['user'] = new ElggDummy();
+ unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
+ unset($_SESSION['id']);//$_SESSION['id'] = 0;
if ($user = get_user_by_code($code)) {
$_SESSION['user'] = $user;
$_SESSION['id'] = $user->getGUID();
@@ -297,10 +307,9 @@
$_SESSION['code'] = $_COOKIE['elggperm'];
}
} else {
- //$_SESSION['user'] = new ElggDummy();
- $_SESSION['id'] = 0;
- $_SESSION['guid'] = 0;
- $_SESSION['code'] = "";
+ unset($_SESSION['id']); //$_SESSION['id'] = 0;
+ unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
+ unset($_SESSION['code']);//$_SESSION['code'] = "";
}
} else {
if (!empty($_SESSION['code'])) {
@@ -310,17 +319,16 @@
$_SESSION['id'] = $user->getGUID();
$_SESSION['guid'] = $_SESSION['id'];
} else {
- unset($_SESSION['user']);
- // $_SESSION['user'] = new ElggDummy();
- $_SESSION['guid'] = 0;
- $_SESSION['id'] = 0;
- $_SESSION['code'] = "";
+ unset($_SESSION['user']);
+ unset($_SESSION['id']); //$_SESSION['id'] = 0;
+ unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
+ unset($_SESSION['code']);//$_SESSION['code'] = "";
}
} else {
//$_SESSION['user'] = new ElggDummy();
- $_SESSION['guid'] = 0;
- $_SESSION['id'] = 0;
- $_SESSION['code'] = "";
+ unset($_SESSION['id']); //$_SESSION['id'] = 0;
+ unset($_SESSION['guid']);//$_SESSION['guid'] = 0;
+ unset($_SESSION['code']);//$_SESSION['code'] = "";
}
}
if ($_SESSION['id'] > 0) {
@@ -334,13 +342,13 @@
register_pam_handler('pam_auth_userpass');
// Initialise the magic session
- static $SESSION;
+ global $SESSION;
$SESSION = new ElggSession();
return true;
- }
-
+ }
+
/**
* Used at the top of a page to mark it as logged in users only.
*
@@ -359,7 +367,7 @@
function admin_gatekeeper()
{
gatekeeper();
- if (!$_SESSION['user']->admin && !$_SESSION['user']->siteadmin) {
+ if (!isadminloggedin()) {
$_SESSION['last_forward_from'] = current_page_url();
forward();
}