From 9bd5aad2c3bdb4a283d2b15ed0f91e295099c9e2 Mon Sep 17 00:00:00 2001 From: marcus Date: Fri, 14 Nov 2008 19:03:58 +0000 Subject: * Introducing get_loggedin_user() and get_loggedin_userid() * ACLs now using get_loggedin_user* * Some logic cleaned up * Some "Undefined..." messages cleaned up git-svn-id: https://code.elgg.org/elgg/trunk@2459 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/access.php | 16 +++++++-------- engine/lib/annotations.php | 4 ++-- engine/lib/entities.php | 27 ++++++++++++------------- engine/lib/extender.php | 16 +++++---------- engine/lib/filestore.php | 2 +- engine/lib/group.php | 4 ++-- engine/lib/languages.php | 12 ++++++++---- engine/lib/metadata.php | 13 ++++++------ engine/lib/notification.php | 7 ++----- engine/lib/plugins.php | 12 ++++++------ engine/lib/sessions.php | 48 ++++++++++++++++++++++++++++++++++++--------- engine/lib/tags.php | 5 +++-- engine/lib/users.php | 11 +++++++---- engine/lib/usersettings.php | 9 +++++---- 14 files changed, 107 insertions(+), 79 deletions(-) (limited to 'engine/lib') diff --git a/engine/lib/access.php b/engine/lib/access.php index ae0ae891b..28584feeb 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -23,13 +23,13 @@ */ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { - global $CONFIG, $init_finished; + global $CONFIG, $init_finished, $SESSION; static $access_list; if (!isset($access_list) || !$init_finished) $access_list = array(); - if ($user_id == 0) $user_id = $_SESSION['id']; + if ($user_id == 0) $user_id = $SESSION['id']; if (($site_id == 0) && (isset($CONFIG->site_id))) $site_id = $CONFIG->site_id; $user_id = (int) $user_id; $site_id = (int) $site_id; @@ -58,7 +58,7 @@ if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) $access_array = array(); - if ($user_id == 0) $user_id = $_SESSION['guid']; + if ($user_id == 0) $user_id = get_loggedin_userid(); if (($site_id == 0) && (isset($CONFIG->site_guid))) $site_id = $CONFIG->site_guid; $user_id = (int) $user_id; @@ -70,8 +70,8 @@ $query .= " LEFT JOIN {$CONFIG->dbprefix}access_collections ag ON ag.id = am.access_collection_id "; $query .= " WHERE am.user_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; - $tmp_access_array = array(2); - if (isloggedin()) + $tmp_access_array = array(2); + if (isloggedin()) $tmp_access_array[] = 1; if ($collections = get_data($query)) { @@ -153,7 +153,7 @@ $access = get_access_list(); - $owner = $_SESSION['id']; + $owner = get_loggedin_userid(); if (!$owner) $owner = -1; global $is_admin; @@ -185,7 +185,7 @@ global $CONFIG; static $access_array; - if ($user_id == 0) $user_id = $_SESSION['guid']; + if ($user_id == 0) $user_id = get_loggedin_userid(); if (($site_id == 0) && (isset($CONFIG->site_id))) $site_id = $CONFIG->site_id; $user_id = (int) $user_id; $site_id = (int) $site_id; @@ -230,7 +230,7 @@ $name = trim($name); if (empty($name)) return false; - if ($user_id == 0) $user_id = $_SESSION['id']; + if ($user_id == 0) $user_id = get_loggedin_userid(); if (($site_id == 0) && (isset($CONFIG->site_guid))) $site_id = $CONFIG->site_guid; $name = sanitise_string($name); diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index 699430431..6cc6ae1c6 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -166,7 +166,7 @@ $value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type))); $owner_guid = (int)$owner_guid; - if ($owner_guid==0) $owner_guid = $_SESSION['id']; + if ($owner_guid==0) $owner_guid = get_loggedin_userid(); $access_id = (int)$access_id; @@ -216,7 +216,7 @@ $value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type))); $owner_guid = (int)$owner_guid; - if ($owner_guid==0) $owner_guid = $_SESSION['id']; + if ($owner_guid==0) $owner_guid = get_loggedin_userid(); $access_id = (int)$access_id; diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 1d5ad471e..fd0475d07 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -80,8 +80,10 @@ $this->attributes['guid'] = ""; $this->attributes['type'] = ""; $this->attributes['subtype'] = ""; - $this->attributes['owner_guid'] = $_SESSION['guid']; - $this->attributes['container_guid'] = $_SESSION['guid']; + + $this->attributes['owner_guid'] = get_loggedin_userid(); + $this->attributes['container_guid'] = get_loggedin_userid(); + $this->attributes['site_guid'] = 0; $this->attributes['access_id'] = 0; $this->attributes['time_created'] = ""; @@ -811,7 +813,7 @@ $this->attributes['subtype'] = $data->getAttribute('subclass'); // Set owner - $this->attributes['owner_guid'] = $_SESSION['id']; // Import as belonging to importer. + $this->attributes['owner_guid'] = get_loggedin_userid(); // Import as belonging to importer. // Set time $this->attributes['time_created'] = strtotime($data->getAttribute('published')); @@ -1181,7 +1183,7 @@ /** * Determine whether a given user is able to write to a given container. * - * @param int $user_guid The user guid, or 0 for $_SESSION['user']->getGUID() + * @param int $user_guid The user guid, or 0 for get_loggedin_userid() * @param int $container_guid The container, or 0 for the current page owner. */ function can_write_to_container($user_guid = 0, $container_guid = 0, $entity_type = 'all') @@ -1189,8 +1191,8 @@ global $CONFIG; $user_guid = (int)$user_guid; - if (!$user_guid) $user_guid = (int) $_SESSION['guid']; $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); $container_guid = (int)$container_guid; if (!$container_guid) $container_guid = page_owner(); @@ -1347,6 +1349,7 @@ function get_entity($guid) { static $newentity_cache; + $new_entity = false; if ((!$newentity_cache) && (is_memcache_available())) $newentity_cache = new ElggMemcache('new_entity_cache'); if ($newentity_cache) $new_entity = $newentity_cache->load($guid); @@ -1806,16 +1809,10 @@ */ function can_edit_entity($entity_guid, $user_guid = 0) { global $CONFIG; - if ($user_guid == 0) { - - if (isset($_SESSION['user'])) { - $user = $_SESSION['user']; - } else { - $user = null; - } - } else { - $user = get_entity($user_guid); - } + + $user_guid = (int)$user_guid; + $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); if ($entity = get_entity($entity_guid)) { diff --git a/engine/lib/extender.php b/engine/lib/extender.php index 988899409..206d98be4 100644 --- a/engine/lib/extender.php +++ b/engine/lib/extender.php @@ -327,20 +327,14 @@ * @param int $user_guid The GUID of the user * @return true|false */ - function can_edit_extender($extender_id, $type, $user_guid = 0) { + function can_edit_extender($extender_id, $type, $user_guid = 0) { if (!isloggedin()) return false; - - if ($user_guid == 0) { - if (isset($_SESSION['user'])) { - $user = $_SESSION['user']; - } else { - $user = null; - } - } else { - $user = get_entity($user_guid); - } + + $user_guid = (int)$user_guid; + $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); $functionname = "get_{$type}"; if (is_callable($functionname)) { diff --git a/engine/lib/filestore.php b/engine/lib/filestore.php index 94ab26594..690ea304c 100644 --- a/engine/lib/filestore.php +++ b/engine/lib/filestore.php @@ -239,7 +239,7 @@ { $owner = $file->getOwnerEntity(); if (!$owner) - $owner = $_SESSION['user']; + $owner = get_loggedin_user(); if ((!$owner) || (!$owner->username)) throw InvalidParameterException(elgg_echo('InvalidParameterException:MissingOwner')); diff --git a/engine/lib/group.php b/engine/lib/group.php index 51afd8e41..0a218b6f1 100644 --- a/engine/lib/group.php +++ b/engine/lib/group.php @@ -230,8 +230,8 @@ */ public function isMember($user = 0) { - if (!($user instanceof ElggUser)) $user = $_SESSION['user']; - if (!($_SESSION['user'] instanceof ElggUser)) return false; + if (!($user instanceof ElggUser)) $user = get_loggedin_user(); + if (!($user instanceof ElggUser)) return false; return is_group_member($this->getGUID(), $user->getGUID()); } diff --git a/engine/lib/languages.php b/engine/lib/languages.php index acca80c6c..5c62eaa81 100644 --- a/engine/lib/languages.php +++ b/engine/lib/languages.php @@ -55,8 +55,10 @@ { global $CONFIG; - if ((isset($_SESSION['user'])) && ($_SESSION['user']->language)) - $language = $_SESSION['user']->language; + $user = get_loggedin_user(); + + if ((isset($user)) && ($user->language)) + $language = $user->language; if ((empty($language)) && (isset($CONFIG->language))) $language = $CONFIG->language; @@ -78,8 +80,10 @@ global $CONFIG; - if ((empty($language)) && (isset($_SESSION['user'])) && ($_SESSION['user']->language)) - $language = $_SESSION['user']->language; + $user = get_loggedin_user(); + + if ((empty($language)) && (isset($user)) && ($user->language)) + $language = $user->language; if ((empty($language)) && (isset($CONFIG->language))) $language = $CONFIG->language; diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 204b027c3..2e6337694 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -153,7 +153,7 @@ $id = (int)$id; $access = get_access_sql_suffix("e"); $md_access = get_access_sql_suffix("m"); - + return row_to_elggmetadata(get_data_row("SELECT m.*, n.string as name, v.string as value from {$CONFIG->dbprefix}metadata m JOIN {$CONFIG->dbprefix}entities e on e.guid = m.entity_guid JOIN {$CONFIG->dbprefix}metastrings v on m.value_id = v.id JOIN {$CONFIG->dbprefix}metastrings n on m.name_id = n.id where m.id=$id and $access and $md_access")); } @@ -208,7 +208,7 @@ $owner_guid = (int)$owner_guid; $allow_multiple = (boolean)$allow_multiple; - if ($owner_guid==0) $owner_guid = $_SESSION['id']; + if ($owner_guid==0) $owner_guid = get_loggedin_userid(); $access_id = (int)$access_id; @@ -276,10 +276,10 @@ global $CONFIG; $id = (int)$id; - - if (!$md = get_metadata($id)) return false; + + if (!$md = get_metadata($id)) return false; if (!$md->canEdit()) return false; - + // If memcached then we invalidate the cache for this entry static $metabyname_memcache; if ((!$metabyname_memcache) && (is_memcache_available())) @@ -291,7 +291,7 @@ $value_type = detect_extender_valuetype($value, sanitise_string(trim($value_type))); $owner_guid = (int)$owner_guid; - if ($owner_guid==0) $owner_guid = $_SESSION['id']; + if ($owner_guid==0) $owner_guid = get_loggedin_userid(); $access_id = (int)$access_id; @@ -386,6 +386,7 @@ $md_access = get_access_sql_suffix("m"); // If memcache is available then cache this (cache only by name for now since this is the most common query) + $meta = null; static $metabyname_memcache; if ((!$metabyname_memcache) && (is_memcache_available())) $metabyname_memcache = new ElggMemcache('metabyname_memcache'); diff --git a/engine/lib/notification.php b/engine/lib/notification.php index 8eeb009c0..7f7238daa 100644 --- a/engine/lib/notification.php +++ b/engine/lib/notification.php @@ -137,8 +137,7 @@ { $user_guid = (int)$user_guid; - if ($user_guid == 0) - $user_guid = $_SESSION['user']->guid; + if ($user_guid == 0) $user_guid = get_loggedin_userid(); $all_metadata = get_metadata_for_entity($user_guid); if ($all_metadata) @@ -173,11 +172,9 @@ { $user_guid = (int)$user_guid; $method = sanitise_string($method); - - if ($user_guid == 0) - $user_guid = $_SESSION['user']->guid; $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); if (($user) && ($user instanceof ElggUser)) { diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php index 3cc11f96c..d2381db40 100644 --- a/engine/lib/plugins.php +++ b/engine/lib/plugins.php @@ -320,7 +320,7 @@ if (!$plugin_name) $plugin_name = get_plugin_name(); - if ($user_guid == 0) $user_guid = $_SESSION['user']->guid; + if ($user_guid == 0) $user_guid = get_loggedin_userid(); // Get metadata for user $all_metadata = get_metadata_for_entity($user_guid); @@ -360,10 +360,10 @@ if (!$plugin_name) $plugin_name = get_plugin_name(); - - if ($user_guid == 0) $user_guid = $_SESSION['user']->guid; - + $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); + if (($user) && ($user instanceof ElggUser)) { $prefix = "plugin:settings:$plugin_name:$name"; @@ -391,9 +391,9 @@ if (!$plugin_name) $plugin_name = get_plugin_name(); - if ($user_guid == 0) $user_guid = $_SESSION['user']->guid; - $user = get_entity($user_guid); + if (!$user) $user = get_loggedin_user(); + if (($user) && ($user instanceof ElggUser)) { $prefix = "plugin:settings:$plugin_name:$name"; diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index b7d0ce90f..dda4e960a 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -87,21 +87,50 @@ if ($this->offsetGet($offset)) return true; } } + + + /** + * Return the current logged in user, or null if no user is logged in. + * + * If no user can be found in the current session, a plugin hook - 'session:get' 'user' to give plugin + * authors another way to provide user details to the ACL system without touching the session. + */ + function get_loggedin_user() + { + global $SESSION; + + return $SESSION['user']; + } + + /** + * Return the current logged in user by id. + * + * @see get_loggedin_user() + * @return int + */ + function get_loggedin_userid() + { + $user = get_loggedin_user(); + if ($user) + return $user->guid; + + return 0; + } /** * Returns whether or not the user is currently logged in * - * @uses $_SESSION * @return true|false */ function isloggedin() { + + if (!is_installed()) return false; - global $SESSION; + $user = get_loggedin_user(); - if (!is_installed()) return false; - if ((isset($SESSION['guid'])) && ($SESSION['guid'] > 0) && (isset($SESSION['id'])) && ($SESSION['id'] > 0) ) - - return true; + if ((isset($user)) && ($user->guid > 0)) + return true; + return false; } @@ -109,15 +138,16 @@ /** * Returns whether or not the user is currently logged in and that they are an admin user. * - * @uses $_SESSION * @uses isloggedin() * @return true|false */ function isadminloggedin() { - global $SESSION; + if (!is_installed()) return false; + + $user = get_loggedin_user(); - if ((isloggedin()) && (($SESSION['user']->admin || $SESSION['user']->siteadmin))) + if ((isloggedin()) && (($user->admin || $user->siteadmin))) return true; return false; diff --git a/engine/lib/tags.php b/engine/lib/tags.php index 30aa9f78c..107ac3ce7 100644 --- a/engine/lib/tags.php +++ b/engine/lib/tags.php @@ -131,8 +131,9 @@ } else if (is_int($owner_guid)) { $query .= " and e.container_guid = {$owner_guid} "; } - - $query .= " and (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$_SESSION['id']}))"; + + $userid = get_loggedin_userid(); + $query .= " and (e.access_id in {$access} or (e.access_id = 0 and e.owner_guid = {$userid}))"; $query .= " group by msvalue.string having total > {$threshold} order by total desc limit {$limit} "; diff --git a/engine/lib/users.php b/engine/lib/users.php index 37a6b5bbd..d32dc5c0a 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -1159,8 +1159,9 @@ * */ function collections_submenu_items() { - global $CONFIG; - add_submenu_item(elgg_echo('friends:collections'), $CONFIG->wwwroot . "pg/collections/" . $_SESSION['user']->username); + global $CONFIG; + $user = get_loggedin_user(); + add_submenu_item(elgg_echo('friends:collections'), $CONFIG->wwwroot . "pg/collections/" . $user->username); add_submenu_item(elgg_echo('friends:collections:add'),$CONFIG->wwwroot."pg/collections/add"); } @@ -1300,8 +1301,10 @@ global $CONFIG; // Set up menu for logged in users - if (isloggedin()) - add_menu(elgg_echo('friends'), $CONFIG->wwwroot . "pg/friends/" . $_SESSION['user']->username); + if (isloggedin()) { + $user = get_loggedin_user(); + add_menu(elgg_echo('friends'), $CONFIG->wwwroot . "pg/friends/" . $user->username); + } register_page_handler('friends','friends_page_handler'); register_page_handler('friendsof','friends_of_page_handler'); diff --git a/engine/lib/usersettings.php b/engine/lib/usersettings.php index 6f10ebdbd..fc7b0ae0c 100644 --- a/engine/lib/usersettings.php +++ b/engine/lib/usersettings.php @@ -39,11 +39,12 @@ global $CONFIG; // Menu options - if (get_context() == "settings") { - add_submenu_item(elgg_echo('usersettings:user:opt:linktext'),$CONFIG->wwwroot . "pg/settings/user/{$_SESSION['user']->username}/"); + if (get_context() == "settings") { + $user = get_loggedin_user(); + add_submenu_item(elgg_echo('usersettings:user:opt:linktext'),$CONFIG->wwwroot . "pg/settings/user/{$user->username}/"); add_submenu_item(elgg_echo('profile:editicon'), $CONFIG->wwwroot . 'mod/profile/editicon.php'); - add_submenu_item(elgg_echo('usersettings:plugins:opt:linktext'),$CONFIG->wwwroot . "pg/settings/plugins/{$_SESSION['user']->username}/"); - add_submenu_item(elgg_echo('usersettings:statistics:opt:linktext'),$CONFIG->wwwroot . "pg/settings/statistics/{$_SESSION['user']->username}/"); + add_submenu_item(elgg_echo('usersettings:plugins:opt:linktext'),$CONFIG->wwwroot . "pg/settings/plugins/{$user->username}/"); + add_submenu_item(elgg_echo('usersettings:statistics:opt:linktext'),$CONFIG->wwwroot . "pg/settings/statistics/{$user->username}/"); } } -- cgit v1.2.3