aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--dashboard/index.php2
-rw-r--r--engine/lib/access.php16
-rw-r--r--engine/lib/annotations.php4
-rw-r--r--engine/lib/entities.php27
-rw-r--r--engine/lib/extender.php16
-rw-r--r--engine/lib/filestore.php2
-rw-r--r--engine/lib/group.php4
-rw-r--r--engine/lib/languages.php12
-rw-r--r--engine/lib/metadata.php13
-rw-r--r--engine/lib/notification.php7
-rw-r--r--engine/lib/plugins.php12
-rw-r--r--engine/lib/sessions.php48
-rw-r--r--engine/lib/tags.php5
-rw-r--r--engine/lib/users.php11
-rw-r--r--engine/lib/usersettings.php9
15 files changed, 108 insertions, 80 deletions
diff --git a/dashboard/index.php b/dashboard/index.php
index ae3fa546c..1c46cc450 100644
--- a/dashboard/index.php
+++ b/dashboard/index.php
@@ -19,7 +19,7 @@
// Set context and title
set_context('dashboard');
- set_page_owner($_SESSION['user']->getGUID());
+ set_page_owner(get_loggedin_userid());
$title = elgg_echo('dashboard');
// wrap intro message in a div
diff --git a/engine/lib/access.php b/engine/lib/access.php
index ae0ae891b..28584feeb 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -23,13 +23,13 @@
*/
function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
- global $CONFIG, $init_finished;
+ global $CONFIG, $init_finished, $SESSION;
static $access_list;
if (!isset($access_list) || !$init_finished)
$access_list = array();
- if ($user_id == 0) $user_id = $_SESSION['id'];
+ if ($user_id == 0) $user_id = $SESSION['id'];
if (($site_id == 0) && (isset($CONFIG->site_id))) $site_id = $CONFIG->site_id;
$user_id = (int) $user_id;
$site_id = (int) $site_id;
@@ -58,7 +58,7 @@
if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished))
$access_array = array();
- if ($user_id == 0) $user_id = $_SESSION['guid'];
+ if ($user_id == 0) $user_id = get_loggedin_userid();
if (($site_id == 0) && (isset($CONFIG->site_guid))) $site_id = $CONFIG->site_guid;
$user_id = (int) $user_id;
@@ -70,8 +70,8 @@
$query .= " LEFT JOIN {$CONFIG->dbprefix}access_collections ag ON ag.id = am.access_collection_id ";
$query .= " WHERE am.user_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)";
- $tmp_access_array = array(2);
- if (isloggedin())
+ $tmp_access_array = array(2);
+ if (isloggedin())
$tmp_access_array[] = 1;
if ($collections = get_data($query)) {
@@ -153,7 +153,7 @@
$access = get_access_list();
- $owner = $_SESSION['id'];
+ $owner = get_loggedin_userid();
if (!$owner) $owner = -1;
global $is_admin;
@@ -185,7 +185,7 @@
global $CONFIG;
static $access_array;
- if ($user_id == 0) $user_id = $_SESSION['guid'];
+ if ($user_id == 0) $user_id = get_loggedin_userid();
if (($site_id == 0) && (isset($CONFIG->site_id))) $site_id = $CONFIG->site_id;
$user_id = (int) $user_id;
$site_id = (int) $site_id;
@@ -230,7 +230,7 @@
$name = trim($name);
if (empty($name)) return false;
- if ($user_id == 0) $user_id = $_SESSION['id'];
+ if ($user_id == 0) $user_id = get_loggedin_userid();
if (($site_id == 0) && (isset($CONFIG->site_guid))) $site_id = $CONFIG->site_guid;
$name = sanitise_string($name);
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index 699430431..6cc6ae1c6 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -166,7 +166,7 @@
$value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type)));
$owner_guid = (int)$owner_guid;
- if ($owner_guid==0) $owner_guid = $_SESSION['id'];
+ if ($owner_guid==0) $owner_guid = get_loggedin_userid();
$access_id = (int)$access_id;
@@ -216,7 +216,7 @@
$value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type)));
$owner_guid = (int)$owner_guid;
- if ($owner_guid==0) $owner_guid = $_SESSION['id'];
+ if ($owner_guid==0) $owner_guid = get_loggedin_userid();
$access_id = (int)$access_id;
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 1d5ad471e..fd0475d07 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -80,8 +80,10 @@
$this->attributes['guid'] = "";
$this->attributes['type'] = "";
$this->attributes['subtype'] = "";
- $this->attributes['owner_guid'] = $_SESSION['guid'];
- $this->attributes['container_guid'] = $_SESSION['guid'];
+
+ $this->attributes['owner_guid'] = get_loggedin_userid();
+ $this->attributes['container_guid'] = get_loggedin_userid();
+
$this->attributes['site_guid'] = 0;
$this->attributes['access_id'] = 0;
$this->attributes['time_created'] = "";
@@ -811,7 +813,7 @@
$this->attributes['subtype'] = $data->getAttribute('subclass');
// Set owner
- $this->attributes['owner_guid'] = $_SESSION['id']; // Import as belonging to importer.
+ $this->attributes['owner_guid'] = get_loggedin_userid(); // Import as belonging to importer.
// Set time
$this->attributes['time_created'] = strtotime($data->getAttribute('published'));
@@ -1181,7 +1183,7 @@
/**
* Determine whether a given user is able to write to a given container.
*
- * @param int $user_guid The user guid, or 0 for $_SESSION['user']->getGUID()
+ * @param int $user_guid The user guid, or 0 for get_loggedin_userid()
* @param int $container_guid The container, or 0 for the current page owner.
*/
function can_write_to_container($user_guid = 0, $container_guid = 0, $entity_type = 'all')
@@ -1189,8 +1191,8 @@
global $CONFIG;
$user_guid = (int)$user_guid;
- if (!$user_guid) $user_guid = (int) $_SESSION['guid'];
$user = get_entity($user_guid);
+ if (!$user) $user = get_loggedin_user();
$container_guid = (int)$container_guid;
if (!$container_guid) $container_guid = page_owner();
@@ -1347,6 +1349,7 @@
function get_entity($guid)
{
static $newentity_cache;
+ $new_entity = false;
if ((!$newentity_cache) && (is_memcache_available()))
$newentity_cache = new ElggMemcache('new_entity_cache');
if ($newentity_cache) $new_entity = $newentity_cache->load($guid);
@@ -1806,16 +1809,10 @@
*/
function can_edit_entity($entity_guid, $user_guid = 0) {
global $CONFIG;
- if ($user_guid == 0) {
-
- if (isset($_SESSION['user'])) {
- $user = $_SESSION['user'];
- } else {
- $user = null;
- }
- } else {
- $user = get_entity($user_guid);
- }
+
+ $user_guid = (int)$user_guid;
+ $user = get_entity($user_guid);
+ if (!$user) $user = get_loggedin_user();
if ($entity = get_entity($entity_guid)) {
diff --git a/engine/lib/extender.php b/engine/lib/extender.php
index 988899409..206d98be4 100644
--- a/engine/lib/extender.php
+++ b/engine/lib/extender.php
@@ -327,20 +327,14 @@
* @param int $user_guid The GUID of the user
* @return true|false
*/
- function can_edit_extender($extender_id, $type, $user_guid = 0) {
+ function can_edit_extender($extender_id, $type, $user_guid = 0) {
if (!isloggedin())
return false;
-
- if ($user_guid == 0) {
- if (isset($_SESSION['user'])) {
- $user = $_SESSION['user'];
- } else {
- $user = null;
- }
- } else {
- $user = get_entity($user_guid);
- }
+
+ $user_guid = (int)$user_guid;
+ $user = get_entity($user_guid);
+ if (!$user) $user = get_loggedin_user();
$functionname = "get_{$type}";
if (is_callable($functionname)) {
diff --git a/engine/lib/filestore.php b/engine/lib/filestore.php
index 94ab26594..690ea304c 100644
--- a/engine/lib/filestore.php
+++ b/engine/lib/filestore.php
@@ -239,7 +239,7 @@
{
$owner = $file->getOwnerEntity();
if (!$owner)
- $owner = $_SESSION['user'];
+ $owner = get_loggedin_user();
if ((!$owner) || (!$owner->username)) throw InvalidParameterException(elgg_echo('InvalidParameterException:MissingOwner'));
diff --git a/engine/lib/group.php b/engine/lib/group.php
index 51afd8e41..0a218b6f1 100644
--- a/engine/lib/group.php
+++ b/engine/lib/group.php
@@ -230,8 +230,8 @@
*/
public function isMember($user = 0)
{
- if (!($user instanceof ElggUser)) $user = $_SESSION['user'];
- if (!($_SESSION['user'] instanceof ElggUser)) return false;
+ if (!($user instanceof ElggUser)) $user = get_loggedin_user();
+ if (!($user instanceof ElggUser)) return false;
return is_group_member($this->getGUID(), $user->getGUID());
}
diff --git a/engine/lib/languages.php b/engine/lib/languages.php
index acca80c6c..5c62eaa81 100644
--- a/engine/lib/languages.php
+++ b/engine/lib/languages.php
@@ -55,8 +55,10 @@
{
global $CONFIG;
- if ((isset($_SESSION['user'])) && ($_SESSION['user']->language))
- $language = $_SESSION['user']->language;
+ $user = get_loggedin_user();
+
+ if ((isset($user)) && ($user->language))
+ $language = $user->language;
if ((empty($language)) && (isset($CONFIG->language)))
$language = $CONFIG->language;
@@ -78,8 +80,10 @@
global $CONFIG;
- if ((empty($language)) && (isset($_SESSION['user'])) && ($_SESSION['user']->language))
- $language = $_SESSION['user']->language;
+ $user = get_loggedin_user();
+
+ if ((empty($language)) && (isset($user)) && ($user->language))
+ $language = $user->language;
if ((empty($language)) && (isset($CONFIG->language)))
$language = $CONFIG->language;
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 204b027c3..2e6337694 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -153,7 +153,7 @@
$id = (int)$id;
$access = get_access_sql_suffix("e");
$md_access = get_access_sql_suffix("m");
-
+
return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access and $md_access"));
}
@@ -208,7 +208,7 @@
$owner_guid = (int)$owner_guid;
$allow_multiple = (boolean)$allow_multiple;
- if ($owner_guid==0) $owner_guid = $_SESSION['id'];
+ if ($owner_guid==0) $owner_guid = get_loggedin_userid();
$access_id = (int)$access_id;
@@ -276,10 +276,10 @@
global $CONFIG;
$id = (int)$id;
-
- if (!$md = get_metadata($id)) return false;
+
+ if (!$md = get_metadata($id)) return false;
if (!$md->canEdit()) return false;
-
+
// If memcached then we invalidate the cache for this entry
static $metabyname_memcache;
if ((!$metabyname_memcache) && (is_memcache_available()))
@@ -291,7 +291,7 @@
$value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type)));
$owner_guid = (int)$owner_guid;
- if ($owner_guid==0) $owner_guid = $_SESSION['id'];
+ if ($owner_guid==0) $owner_guid = get_loggedin_userid();
$access_id = (int)$access_id;
@@ -386,6 +386,7 @@
$md_access = get_access_sql_suffix("m");
// If memcache is available then cache this (cache only by name for now since this is the most common query)
+ $meta = null;
static $metabyname_memcache;
if ((!$metabyname_memcache) && (is_memcache_available()))
$metabyname_memcache = new ElggMemcache('metabyname_memcache');
diff --git a/engine/lib/notification.php b/engine/lib/notification.php
index 8eeb009c0..7f7238daa 100644
--- a/engine/lib/notification.php
+++ b/engine/lib/notification.php
@@ -137,8 +137,7 @@
{
$user_guid = (int)$user_guid;
- if ($user_guid == 0)
- $user_guid = $_SESSION['user']->guid;
+ if ($user_guid == 0) $user_guid = get_loggedin_userid();
$all_metadata = get_metadata_for_entity($user_guid);
if ($all_metadata)
@@ -173,11 +172,9 @@
{
$user_guid = (int)$user_guid;
$method = sanitise_string($method);
-
- if ($user_guid == 0)
- $user_guid = $_SESSION['user']->guid;
$user = get_entity($user_guid);
+ if (!$user) $user = get_loggedin_user();
if (($user) && ($user instanceof ElggUser))
{
diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php
index 3cc11f96c..d2381db40 100644
--- a/engine/lib/plugins.php
+++ b/engine/lib/plugins.php
@@ -320,7 +320,7 @@
if (!$plugin_name)
$plugin_name = get_plugin_name();
- if ($user_guid == 0) $user_guid = $_SESSION['user']->guid;
+ if ($user_guid == 0) $user_guid = get_loggedin_userid();
// Get metadata for user
$all_metadata = get_metadata_for_entity($user_guid);
@@ -360,10 +360,10 @@
if (!$plugin_name)
$plugin_name = get_plugin_name();
-
- if ($user_guid == 0) $user_guid = $_SESSION['user']->guid;
-
+
$user = get_entity($user_guid);
+ if (!$user) $user = get_loggedin_user();
+
if (($user) && ($user instanceof ElggUser))
{
$prefix = "plugin:settings:$plugin_name:$name";
@@ -391,9 +391,9 @@
if (!$plugin_name)
$plugin_name = get_plugin_name();
- if ($user_guid == 0) $user_guid = $_SESSION['user']->guid;
-
$user = get_entity($user_guid);
+ if (!$user) $user = get_loggedin_user();
+
if (($user) && ($user instanceof ElggUser))
{
$prefix = "plugin:settings:$plugin_name:$name";
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index b7d0ce90f..dda4e960a 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -87,21 +87,50 @@
if ($this->offsetGet($offset)) return true;
}
}
+
+
+ /**
+ * Return the current logged in user, or null if no user is logged in.
+ *
+ * If no user can be found in the current session, a plugin hook - 'session:get' 'user' to give plugin
+ * authors another way to provide user details to the ACL system without touching the session.
+ */
+ function get_loggedin_user()
+ {
+ global $SESSION;
+
+ return $SESSION['user'];
+ }
+
+ /**
+ * Return the current logged in user by id.
+ *
+ * @see get_loggedin_user()
+ * @return int
+ */
+ function get_loggedin_userid()
+ {
+ $user = get_loggedin_user();
+ if ($user)
+ return $user->guid;
+
+ return 0;
+ }
/**
* Returns whether or not the user is currently logged in
*
- * @uses $_SESSION
* @return true|false
*/
function isloggedin() {
+
+ if (!is_installed()) return false;
- global $SESSION;
+ $user = get_loggedin_user();
- if (!is_installed()) return false;
- if ((isset($SESSION['guid'])) && ($SESSION['guid'] > 0) && (isset($SESSION['id'])) && ($SESSION['id'] > 0) )
-
- return true;
+ if ((isset($user)) && ($user->guid > 0))
+ return true;
+
return false;
}
@@ -109,15 +138,16 @@
/**
* Returns whether or not the user is currently logged in and that they are an admin user.
*
- * @uses $_SESSION
* @uses isloggedin()
* @return true|false
*/
function isadminloggedin()
{
- global $SESSION;
+ if (!is_installed()) return false;
+
+ $user = get_loggedin_user();
- if ((isloggedin()) && (($SESSION['user']->admin || $SESSION['user']->siteadmin)))
+ if ((isloggedin()) && (($user->admin || $user->siteadmin)))
return true;
return false;
diff --git a/engine/lib/tags.php b/engine/lib/tags.php
index 30aa9f78c..107ac3ce7 100644
--- a/engine/lib/tags.php
+++ b/engine/lib/tags.php
@@ -131,8 +131,9 @@
} else if (is_int($owner_guid)) {
$query .= " and e.container_guid = {$owner_guid} ";
}
-
- $query .= " and (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))";
+
+ $userid = get_loggedin_userid();
+ $query .= " and (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$userid}))";
$query .= " group by msvalue.string having total > {$threshold} order by total desc limit {$limit} ";
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 37a6b5bbd..d32dc5c0a 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -1159,8 +1159,9 @@
*
*/
function collections_submenu_items() {
- global $CONFIG;
- add_submenu_item(elgg_echo('friends:collections'), $CONFIG->wwwroot . "pg/collections/" . $_SESSION['user']->username);
+ global $CONFIG;
+ $user = get_loggedin_user();
+ add_submenu_item(elgg_echo('friends:collections'), $CONFIG->wwwroot . "pg/collections/" . $user->username);
add_submenu_item(elgg_echo('friends:collections:add'),$CONFIG->wwwroot."pg/collections/add");
}
@@ -1300,8 +1301,10 @@
global $CONFIG;
// Set up menu for logged in users
- if (isloggedin())
- add_menu(elgg_echo('friends'), $CONFIG->wwwroot . "pg/friends/" . $_SESSION['user']->username);
+ if (isloggedin()) {
+ $user = get_loggedin_user();
+ add_menu(elgg_echo('friends'), $CONFIG->wwwroot . "pg/friends/" . $user->username);
+ }
register_page_handler('friends','friends_page_handler');
register_page_handler('friendsof','friends_of_page_handler');
diff --git a/engine/lib/usersettings.php b/engine/lib/usersettings.php
index 6f10ebdbd..fc7b0ae0c 100644
--- a/engine/lib/usersettings.php
+++ b/engine/lib/usersettings.php
@@ -39,11 +39,12 @@
global $CONFIG;
// Menu options
- if (get_context() == "settings") {
- add_submenu_item(elgg_echo('usersettings:user:opt:linktext'),$CONFIG->wwwroot . "pg/settings/user/{$_SESSION['user']->username}/");
+ if (get_context() == "settings") {
+ $user = get_loggedin_user();
+ add_submenu_item(elgg_echo('usersettings:user:opt:linktext'),$CONFIG->wwwroot . "pg/settings/user/{$user->username}/");
add_submenu_item(elgg_echo('profile:editicon'), $CONFIG->wwwroot . 'mod/profile/editicon.php');
- add_submenu_item(elgg_echo('usersettings:plugins:opt:linktext'),$CONFIG->wwwroot . "pg/settings/plugins/{$_SESSION['user']->username}/");
- add_submenu_item(elgg_echo('usersettings:statistics:opt:linktext'),$CONFIG->wwwroot . "pg/settings/statistics/{$_SESSION['user']->username}/");
+ add_submenu_item(elgg_echo('usersettings:plugins:opt:linktext'),$CONFIG->wwwroot . "pg/settings/plugins/{$user->username}/");
+ add_submenu_item(elgg_echo('usersettings:statistics:opt:linktext'),$CONFIG->wwwroot . "pg/settings/statistics/{$user->username}/");
}
}