diff options
-rw-r--r-- | dashboard/index.php | 2 | ||||
-rw-r--r-- | engine/lib/access.php | 16 | ||||
-rw-r--r-- | engine/lib/annotations.php | 4 | ||||
-rw-r--r-- | engine/lib/entities.php | 27 | ||||
-rw-r--r-- | engine/lib/extender.php | 16 | ||||
-rw-r--r-- | engine/lib/filestore.php | 2 | ||||
-rw-r--r-- | engine/lib/group.php | 4 | ||||
-rw-r--r-- | engine/lib/languages.php | 12 | ||||
-rw-r--r-- | engine/lib/metadata.php | 13 | ||||
-rw-r--r-- | engine/lib/notification.php | 7 | ||||
-rw-r--r-- | engine/lib/plugins.php | 12 | ||||
-rw-r--r-- | engine/lib/sessions.php | 48 | ||||
-rw-r--r-- | engine/lib/tags.php | 5 | ||||
-rw-r--r-- | engine/lib/users.php | 11 | ||||
-rw-r--r-- | engine/lib/usersettings.php | 9 |
15 files changed, 108 insertions, 80 deletions
diff --git a/dashboard/index.php b/dashboard/index.php index ae3fa546c..1c46cc450 100644 --- a/dashboard/index.php +++ b/dashboard/index.php @@ -19,7 +19,7 @@ // Set context and title
set_context('dashboard');
- set_page_owner($_SESSION['user']->getGUID());
+ set_page_owner(get_loggedin_userid());
$title = elgg_echo('dashboard');
// wrap intro message in a div
diff --git a/engine/lib/access.php b/engine/lib/access.php index ae0ae891b..28584feeb 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -23,13 +23,13 @@ */
function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
- global $CONFIG, $init_finished;
+ global $CONFIG, $init_finished, $SESSION;
static $access_list;
if (!isset($access_list) || !$init_finished)
$access_list = array();
- if ($user_id == 0) $user_id = $_SESSION['id'];
+ if ($user_id == 0) $user_id = $SESSION['id'];
if (($site_id == 0) && (isset($CONFIG->site_id))) $site_id = $CONFIG->site_id;
$user_id = (int) $user_id;
$site_id = (int) $site_id;
@@ -58,7 +58,7 @@ if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished))
$access_array = array();
- if ($user_id == 0) $user_id = $_SESSION['guid'];
+ if ($user_id == 0) $user_id = get_loggedin_userid();
if (($site_id == 0) && (isset($CONFIG->site_guid))) $site_id = $CONFIG->site_guid;
$user_id = (int) $user_id;
@@ -70,8 +70,8 @@ $query .= " LEFT JOIN {$CONFIG->dbprefix}access_collections ag ON ag.id = am.access_collection_id ";
$query .= " WHERE am.user_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)";
- $tmp_access_array = array(2);
- if (isloggedin())
+ $tmp_access_array = array(2);
+ if (isloggedin())
$tmp_access_array[] = 1;
if ($collections = get_data($query)) {
@@ -153,7 +153,7 @@ $access = get_access_list(); - $owner = $_SESSION['id']; + $owner = get_loggedin_userid(); if (!$owner) $owner = -1;
global $is_admin;
@@ -185,7 +185,7 @@ global $CONFIG;
static $access_array;
- if ($user_id == 0) $user_id = $_SESSION['guid'];
+ if ($user_id == 0) $user_id = get_loggedin_userid();
if (($site_id == 0) && (isset($CONFIG->site_id))) $site_id = $CONFIG->site_id;
$user_id = (int) $user_id;
$site_id = (int) $site_id;
@@ -230,7 +230,7 @@ $name = trim($name);
if (empty($name)) return false;
- if ($user_id == 0) $user_id = $_SESSION['id'];
+ if ($user_id == 0) $user_id = get_loggedin_userid();
if (($site_id == 0) && (isset($CONFIG->site_guid))) $site_id = $CONFIG->site_guid;
$name = sanitise_string($name);
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index 699430431..6cc6ae1c6 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -166,7 +166,7 @@ $value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type)));
$owner_guid = (int)$owner_guid;
- if ($owner_guid==0) $owner_guid = $_SESSION['id'];
+ if ($owner_guid==0) $owner_guid = get_loggedin_userid();
$access_id = (int)$access_id;
@@ -216,7 +216,7 @@ $value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type)));
$owner_guid = (int)$owner_guid;
- if ($owner_guid==0) $owner_guid = $_SESSION['id'];
+ if ($owner_guid==0) $owner_guid = get_loggedin_userid();
$access_id = (int)$access_id;
diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 1d5ad471e..fd0475d07 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -80,8 +80,10 @@ $this->attributes['guid'] = ""; $this->attributes['type'] = ""; $this->attributes['subtype'] = ""; - $this->attributes['owner_guid'] = $_SESSION['guid']; - $this->attributes['container_guid'] = $_SESSION['guid']; + + $this->attributes['owner_guid'] = get_loggedin_userid(); + $this->attributes['container_guid'] = get_loggedin_userid(); + $this->attributes['site_guid'] = 0; $this->attributes['access_id'] = 0; $this->attributes['time_created'] = ""; @@ -811,7 +813,7 @@ $this->attributes['subtype'] = $data->getAttribute('subclass'); // Set owner - $this->attributes['owner_guid'] = $_SESSION['id']; // Import as belonging to importer. + $this->attributes['owner_guid'] = get_loggedin_userid(); // Import as belonging to importer. // Set time $this->attributes['time_created'] = strtotime($data->getAttribute('published')); @@ -1181,7 +1183,7 @@ /** * Determine whether a given user is able to write to a given container. * - * @param int $user_guid The user guid, or 0 for $_SESSION['user']->getGUID() + * @param int $user_guid The user guid, or 0 for get_loggedin_userid() * @param int $container_guid The container, or 0 for the current page owner. */ function can_write_to_container($user_guid = 0, $container_guid = 0, $entity_type = 'all') @@ -1189,8 +1191,8 @@ global $CONFIG; $user_guid = (int)$user_guid; - if (!$user_guid) $user_guid = (int) $_SESSION['guid']; $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); $container_guid = (int)$container_guid; if (!$container_guid) $container_guid = page_owner(); @@ -1347,6 +1349,7 @@ function get_entity($guid) { static $newentity_cache; + $new_entity = false; if ((!$newentity_cache) && (is_memcache_available())) $newentity_cache = new ElggMemcache('new_entity_cache'); if ($newentity_cache) $new_entity = $newentity_cache->load($guid); @@ -1806,16 +1809,10 @@ */ function can_edit_entity($entity_guid, $user_guid = 0) { global $CONFIG; - if ($user_guid == 0) { - - if (isset($_SESSION['user'])) { - $user = $_SESSION['user']; - } else { - $user = null; - } - } else { - $user = get_entity($user_guid); - } + + $user_guid = (int)$user_guid; + $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); if ($entity = get_entity($entity_guid)) { diff --git a/engine/lib/extender.php b/engine/lib/extender.php index 988899409..206d98be4 100644 --- a/engine/lib/extender.php +++ b/engine/lib/extender.php @@ -327,20 +327,14 @@ * @param int $user_guid The GUID of the user
* @return true|false
*/
- function can_edit_extender($extender_id, $type, $user_guid = 0) {
+ function can_edit_extender($extender_id, $type, $user_guid = 0) { if (!isloggedin())
return false;
-
- if ($user_guid == 0) {
- if (isset($_SESSION['user'])) {
- $user = $_SESSION['user'];
- } else {
- $user = null;
- }
- } else {
- $user = get_entity($user_guid);
- }
+ + $user_guid = (int)$user_guid; + $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user();
$functionname = "get_{$type}";
if (is_callable($functionname)) {
diff --git a/engine/lib/filestore.php b/engine/lib/filestore.php index 94ab26594..690ea304c 100644 --- a/engine/lib/filestore.php +++ b/engine/lib/filestore.php @@ -239,7 +239,7 @@ { $owner = $file->getOwnerEntity(); if (!$owner) - $owner = $_SESSION['user']; + $owner = get_loggedin_user(); if ((!$owner) || (!$owner->username)) throw InvalidParameterException(elgg_echo('InvalidParameterException:MissingOwner')); diff --git a/engine/lib/group.php b/engine/lib/group.php index 51afd8e41..0a218b6f1 100644 --- a/engine/lib/group.php +++ b/engine/lib/group.php @@ -230,8 +230,8 @@ */ public function isMember($user = 0) {
- if (!($user instanceof ElggUser)) $user = $_SESSION['user'];
- if (!($_SESSION['user'] instanceof ElggUser)) return false; + if (!($user instanceof ElggUser)) $user = get_loggedin_user();
+ if (!($user instanceof ElggUser)) return false; return is_group_member($this->getGUID(), $user->getGUID()); } diff --git a/engine/lib/languages.php b/engine/lib/languages.php index acca80c6c..5c62eaa81 100644 --- a/engine/lib/languages.php +++ b/engine/lib/languages.php @@ -55,8 +55,10 @@ { global $CONFIG; - if ((isset($_SESSION['user'])) && ($_SESSION['user']->language)) - $language = $_SESSION['user']->language; + $user = get_loggedin_user(); + + if ((isset($user)) && ($user->language)) + $language = $user->language; if ((empty($language)) && (isset($CONFIG->language))) $language = $CONFIG->language; @@ -78,8 +80,10 @@ global $CONFIG;
- if ((empty($language)) && (isset($_SESSION['user'])) && ($_SESSION['user']->language)) - $language = $_SESSION['user']->language; + $user = get_loggedin_user(); + + if ((empty($language)) && (isset($user)) && ($user->language)) + $language = $user->language; if ((empty($language)) && (isset($CONFIG->language)))
$language = $CONFIG->language; diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 204b027c3..2e6337694 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -153,7 +153,7 @@ $id = (int)$id; $access = get_access_sql_suffix("e");
$md_access = get_access_sql_suffix("m"); - + return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access and $md_access")); } @@ -208,7 +208,7 @@ $owner_guid = (int)$owner_guid; $allow_multiple = (boolean)$allow_multiple; - if ($owner_guid==0) $owner_guid = $_SESSION['id']; + if ($owner_guid==0) $owner_guid = get_loggedin_userid(); $access_id = (int)$access_id; @@ -276,10 +276,10 @@ global $CONFIG; $id = (int)$id;
-
- if (!$md = get_metadata($id)) return false;
+
+ if (!$md = get_metadata($id)) return false;
if (!$md->canEdit()) return false; - + // If memcached then we invalidate the cache for this entry static $metabyname_memcache; if ((!$metabyname_memcache) && (is_memcache_available())) @@ -291,7 +291,7 @@ $value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type))); $owner_guid = (int)$owner_guid; - if ($owner_guid==0) $owner_guid = $_SESSION['id']; + if ($owner_guid==0) $owner_guid = get_loggedin_userid(); $access_id = (int)$access_id; @@ -386,6 +386,7 @@ $md_access = get_access_sql_suffix("m"); // If memcache is available then cache this (cache only by name for now since this is the most common query) + $meta = null; static $metabyname_memcache; if ((!$metabyname_memcache) && (is_memcache_available())) $metabyname_memcache = new ElggMemcache('metabyname_memcache'); diff --git a/engine/lib/notification.php b/engine/lib/notification.php index 8eeb009c0..7f7238daa 100644 --- a/engine/lib/notification.php +++ b/engine/lib/notification.php @@ -137,8 +137,7 @@ { $user_guid = (int)$user_guid; - if ($user_guid == 0) - $user_guid = $_SESSION['user']->guid; + if ($user_guid == 0) $user_guid = get_loggedin_userid(); $all_metadata = get_metadata_for_entity($user_guid); if ($all_metadata) @@ -173,11 +172,9 @@ { $user_guid = (int)$user_guid; $method = sanitise_string($method); - - if ($user_guid == 0) - $user_guid = $_SESSION['user']->guid; $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); if (($user) && ($user instanceof ElggUser)) { diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php index 3cc11f96c..d2381db40 100644 --- a/engine/lib/plugins.php +++ b/engine/lib/plugins.php @@ -320,7 +320,7 @@ if (!$plugin_name) $plugin_name = get_plugin_name(); - if ($user_guid == 0) $user_guid = $_SESSION['user']->guid; + if ($user_guid == 0) $user_guid = get_loggedin_userid(); // Get metadata for user $all_metadata = get_metadata_for_entity($user_guid); @@ -360,10 +360,10 @@ if (!$plugin_name) $plugin_name = get_plugin_name(); - - if ($user_guid == 0) $user_guid = $_SESSION['user']->guid; - + $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); + if (($user) && ($user instanceof ElggUser)) { $prefix = "plugin:settings:$plugin_name:$name"; @@ -391,9 +391,9 @@ if (!$plugin_name) $plugin_name = get_plugin_name(); - if ($user_guid == 0) $user_guid = $_SESSION['user']->guid; - $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); + if (($user) && ($user instanceof ElggUser)) { $prefix = "plugin:settings:$plugin_name:$name"; diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index b7d0ce90f..dda4e960a 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -87,21 +87,50 @@ if ($this->offsetGet($offset)) return true; } } + + + /** + * Return the current logged in user, or null if no user is logged in. + * + * If no user can be found in the current session, a plugin hook - 'session:get' 'user' to give plugin + * authors another way to provide user details to the ACL system without touching the session. + */ + function get_loggedin_user() + { + global $SESSION; + + return $SESSION['user']; + } + + /** + * Return the current logged in user by id. + * + * @see get_loggedin_user() + * @return int + */ + function get_loggedin_userid() + { + $user = get_loggedin_user(); + if ($user) + return $user->guid; + + return 0; + } /**
* Returns whether or not the user is currently logged in
*
- * @uses $_SESSION
* @return true|false
*/
function isloggedin() {
+
+ if (!is_installed()) return false; - global $SESSION; + $user = get_loggedin_user(); - if (!is_installed()) return false;
- if ((isset($SESSION['guid'])) && ($SESSION['guid'] > 0) && (isset($SESSION['id'])) && ($SESSION['id'] > 0) ) -
- return true;
+ if ((isset($user)) && ($user->guid > 0))
+ return true; +
return false;
}
@@ -109,15 +138,16 @@ /** * Returns whether or not the user is currently logged in and that they are an admin user. * - * @uses $_SESSION * @uses isloggedin() * @return true|false */ function isadminloggedin() { - global $SESSION; + if (!is_installed()) return false; + + $user = get_loggedin_user(); - if ((isloggedin()) && (($SESSION['user']->admin || $SESSION['user']->siteadmin))) + if ((isloggedin()) && (($user->admin || $user->siteadmin))) return true; return false; diff --git a/engine/lib/tags.php b/engine/lib/tags.php index 30aa9f78c..107ac3ce7 100644 --- a/engine/lib/tags.php +++ b/engine/lib/tags.php @@ -131,8 +131,9 @@ } else if (is_int($owner_guid)) {
$query .= " and e.container_guid = {$owner_guid} ";
}
-
- $query .= " and (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))";
+ + $userid = get_loggedin_userid();
+ $query .= " and (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$userid}))";
$query .= " group by msvalue.string having total > {$threshold} order by total desc limit {$limit} ";
diff --git a/engine/lib/users.php b/engine/lib/users.php index 37a6b5bbd..d32dc5c0a 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -1159,8 +1159,9 @@ *
*/
function collections_submenu_items() {
- global $CONFIG;
- add_submenu_item(elgg_echo('friends:collections'), $CONFIG->wwwroot . "pg/collections/" . $_SESSION['user']->username);
+ global $CONFIG; + $user = get_loggedin_user();
+ add_submenu_item(elgg_echo('friends:collections'), $CONFIG->wwwroot . "pg/collections/" . $user->username);
add_submenu_item(elgg_echo('friends:collections:add'),$CONFIG->wwwroot."pg/collections/add");
}
@@ -1300,8 +1301,10 @@ global $CONFIG;
// Set up menu for logged in users
- if (isloggedin())
- add_menu(elgg_echo('friends'), $CONFIG->wwwroot . "pg/friends/" . $_SESSION['user']->username);
+ if (isloggedin()) { + $user = get_loggedin_user();
+ add_menu(elgg_echo('friends'), $CONFIG->wwwroot . "pg/friends/" . $user->username); + }
register_page_handler('friends','friends_page_handler');
register_page_handler('friendsof','friends_of_page_handler');
diff --git a/engine/lib/usersettings.php b/engine/lib/usersettings.php index 6f10ebdbd..fc7b0ae0c 100644 --- a/engine/lib/usersettings.php +++ b/engine/lib/usersettings.php @@ -39,11 +39,12 @@ global $CONFIG;
// Menu options
- if (get_context() == "settings") {
- add_submenu_item(elgg_echo('usersettings:user:opt:linktext'),$CONFIG->wwwroot . "pg/settings/user/{$_SESSION['user']->username}/");
+ if (get_context() == "settings") { + $user = get_loggedin_user();
+ add_submenu_item(elgg_echo('usersettings:user:opt:linktext'),$CONFIG->wwwroot . "pg/settings/user/{$user->username}/");
add_submenu_item(elgg_echo('profile:editicon'), $CONFIG->wwwroot . 'mod/profile/editicon.php'); - add_submenu_item(elgg_echo('usersettings:plugins:opt:linktext'),$CONFIG->wwwroot . "pg/settings/plugins/{$_SESSION['user']->username}/");
- add_submenu_item(elgg_echo('usersettings:statistics:opt:linktext'),$CONFIG->wwwroot . "pg/settings/statistics/{$_SESSION['user']->username}/");
+ add_submenu_item(elgg_echo('usersettings:plugins:opt:linktext'),$CONFIG->wwwroot . "pg/settings/plugins/{$user->username}/");
+ add_submenu_item(elgg_echo('usersettings:statistics:opt:linktext'),$CONFIG->wwwroot . "pg/settings/statistics/{$user->username}/");
}
} |