mirror of
https://github.com/Mibew/mibew.git
synced 2025-02-07 16:24:43 +03:00
Use SESSION_PREFIX everywhere
This commit is contained in:
Dmitriy Simushev
parent
96724464e2
commit
ad8c815b3c
@ -692,7 +692,7 @@ function chat_start_for_user(
|
||||
// Check if visitor was invited to chat
|
||||
$is_invited = false;
|
||||
if (Settings::get('enabletracking')) {
|
||||
$invitation_state = invitation_state($_SESSION['visitorid']);
|
||||
$invitation_state = invitation_state($_SESSION[SESSION_PREFIX . 'visitorid']);
|
||||
if ($invitation_state['invited']) {
|
||||
$is_invited = true;
|
||||
}
|
||||
@ -709,7 +709,7 @@ function chat_start_for_user(
|
||||
// Get thread object
|
||||
if ($is_invited) {
|
||||
// Get thread from invitation
|
||||
$thread = invitation_accept($_SESSION['visitorid']);
|
||||
$thread = invitation_accept($_SESSION[SESSION_PREFIX . 'visitorid']);
|
||||
if (!$thread) {
|
||||
die("Cannot start thread");
|
||||
}
|
||||
@ -734,13 +734,13 @@ function chat_start_for_user(
|
||||
$thread->userAgent = $user_browser;
|
||||
$thread->save();
|
||||
|
||||
$_SESSION['threadid'] = $thread->id;
|
||||
$_SESSION[SESSION_PREFIX . 'threadid'] = $thread->id;
|
||||
|
||||
// Store own thread ids to restrict access for other people
|
||||
if (!isset($_SESSION['own_threads'])) {
|
||||
$_SESSION['own_threads'] = array();
|
||||
if (!isset($_SESSION[SESSION_PREFIX . 'own_threads'])) {
|
||||
$_SESSION[SESSION_PREFIX . 'own_threads'] = array();
|
||||
}
|
||||
$_SESSION['own_threads'][] = $thread->id;
|
||||
$_SESSION[SESSION_PREFIX . 'own_threads'][] = $thread->id;
|
||||
|
||||
// Bind thread to the visitor
|
||||
if (Settings::get('enabletracking')) {
|
||||
|
||||
@ -402,10 +402,10 @@ class Application implements
|
||||
if ($request->attributes->get('_route') == 'users_update') {
|
||||
// Do not use "users" client application gateway as the backpath.
|
||||
// Use the awaiting visitors page instead.
|
||||
$_SESSION['backpath'] = $this->getRouter()->generate('users');
|
||||
$_SESSION[SESSION_PREFIX . 'backpath'] = $this->getRouter()->generate('users');
|
||||
} else {
|
||||
// Just use the current URI as the backpath.
|
||||
$_SESSION['backpath'] = $request->getUri();
|
||||
$_SESSION[SESSION_PREFIX . 'backpath'] = $request->getUri();
|
||||
}
|
||||
// Redirect the operator to the login page.
|
||||
$response = new RedirectResponse($this->getRouter()->generate('login'));
|
||||
|
||||
@ -72,7 +72,7 @@ class SessionAuthenticationManager implements AuthenticationManagerInterface
|
||||
if ($this->loggedOut) {
|
||||
// An operator is logged out. Clean up session data.
|
||||
unset($_SESSION[SESSION_PREFIX . 'operator']);
|
||||
unset($_SESSION['backpath']);
|
||||
unset($_SESSION[SESSION_PREFIX . 'backpath']);
|
||||
} elseif ($this->loggedIn) {
|
||||
// An operator is logged in. Update operator in the session.
|
||||
$_SESSION[SESSION_PREFIX . 'operator'] = $this->operator;
|
||||
|
||||
@ -39,8 +39,8 @@ class ButtonController extends AbstractController
|
||||
{
|
||||
$referer = $request->server->get('HTTP_REFERER', '');
|
||||
|
||||
if ($referer && isset($_SESSION['threadid'])) {
|
||||
$thread = Thread::load($_SESSION['threadid']);
|
||||
if ($referer && isset($_SESSION[SESSION_PREFIX . 'threadid'])) {
|
||||
$thread = Thread::load($_SESSION[SESSION_PREFIX . 'threadid']);
|
||||
if ($thread && $thread->state != Thread::STATE_CLOSED) {
|
||||
$msg = getlocal(
|
||||
"Visitor navigated to {0}",
|
||||
|
||||
@ -36,7 +36,7 @@ class CaptchaController extends AbstractController
|
||||
public function drawAction(Request $request)
|
||||
{
|
||||
$captcha_code = gen_captcha();
|
||||
$_SESSION["mibew_captcha"] = $captcha_code;
|
||||
$_SESSION[SESSION_PREFIX . 'mibew_captcha'] = $captcha_code;
|
||||
$image = draw_captcha($captcha_code, true);
|
||||
|
||||
$response = new Response(
|
||||
|
||||
@ -44,8 +44,8 @@ class UserChatController extends AbstractController
|
||||
$token = $request->attributes->get('token');
|
||||
|
||||
// We have to check that the thread is owned by the user.
|
||||
$is_own_thread = isset($_SESSION['own_threads'])
|
||||
&& in_array($thread_id, $_SESSION['own_threads']);
|
||||
$is_own_thread = isset($_SESSION[SESSION_PREFIX . 'own_threads'])
|
||||
&& in_array($thread_id, $_SESSION[SESSION_PREFIX . 'own_threads']);
|
||||
|
||||
$thread = Thread::load($thread_id, $token);
|
||||
if (!$thread || !$is_own_thread) {
|
||||
@ -103,8 +103,8 @@ class UserChatController extends AbstractController
|
||||
|
||||
$thread = null;
|
||||
// Try to get thread from the session
|
||||
if (isset($_SESSION['threadid'])) {
|
||||
$thread = Thread::reopen($_SESSION['threadid']);
|
||||
if (isset($_SESSION[SESSION_PREFIX . 'threadid'])) {
|
||||
$thread = Thread::reopen($_SESSION[SESSION_PREFIX . 'threadid']);
|
||||
}
|
||||
|
||||
// Create new thread
|
||||
@ -171,8 +171,8 @@ class UserChatController extends AbstractController
|
||||
}
|
||||
|
||||
// Get invitation info
|
||||
if (Settings::get('enabletracking') && !empty($_SESSION['visitorid'])) {
|
||||
$invitation_state = invitation_state($_SESSION['visitorid']);
|
||||
if (Settings::get('enabletracking') && !empty($_SESSION[SESSION_PREFIX . 'visitorid'])) {
|
||||
$invitation_state = invitation_state($_SESSION[SESSION_PREFIX . 'visitorid']);
|
||||
$visitor_is_invited = $invitation_state['invited'];
|
||||
} else {
|
||||
$visitor_is_invited = false;
|
||||
@ -253,7 +253,7 @@ class UserChatController extends AbstractController
|
||||
}
|
||||
|
||||
// Check if user invited to chat.
|
||||
$invitation_state = invitation_state($_SESSION['visitorid']);
|
||||
$invitation_state = invitation_state($_SESSION[SESSION_PREFIX . 'visitorid']);
|
||||
|
||||
if (!$invitation_state['invited'] || !$invitation_state['threadid']) {
|
||||
return $this->redirect($this->generateUrl('chat_user_start'));
|
||||
@ -262,10 +262,10 @@ class UserChatController extends AbstractController
|
||||
$thread = Thread::load($invitation_state['threadid']);
|
||||
|
||||
// Store own thread ids to restrict access for other people
|
||||
if (!isset($_SESSION['own_threads'])) {
|
||||
$_SESSION['own_threads'] = array();
|
||||
if (!isset($_SESSION[SESSION_PREFIX . 'own_threads'])) {
|
||||
$_SESSION[SESSION_PREFIX . 'own_threads'] = array();
|
||||
}
|
||||
$_SESSION['own_threads'][] = $thread->id;
|
||||
$_SESSION[SESSION_PREFIX . 'own_threads'][] = $thread->id;
|
||||
|
||||
// Prepare page
|
||||
$page = setup_invitation_view($thread);
|
||||
|
||||
@ -98,8 +98,8 @@ class LoginController extends AbstractController
|
||||
$this->getAuthenticationManager()->loginOperator($operator, $remember);
|
||||
|
||||
// Redirect the current operator to the needed page.
|
||||
$target = isset($_SESSION['backpath'])
|
||||
? $_SESSION['backpath']
|
||||
$target = isset($_SESSION[SESSION_PREFIX . 'backpath'])
|
||||
? $_SESSION[SESSION_PREFIX . 'backpath']
|
||||
: $request->getUriForPath('/operator');
|
||||
|
||||
return $this->redirect($target);
|
||||
|
||||
@ -60,9 +60,9 @@ class WidgetController extends AbstractController
|
||||
$user_id = $request->query->get('user_id', false);
|
||||
|
||||
// Check if session was started
|
||||
if (isset($_SESSION['visitorid']) && preg_match('/^[0-9]+$/', $_SESSION['visitorid'])) {
|
||||
if (isset($_SESSION[SESSION_PREFIX . 'visitorid']) && preg_match('/^[0-9]+$/', $_SESSION[SESSION_PREFIX . 'visitorid'])) {
|
||||
// Session was started. Just track the visitor.
|
||||
$visitor_id = track_visitor($_SESSION['visitorid'], $entry, $referer);
|
||||
$visitor_id = track_visitor($_SESSION[SESSION_PREFIX . 'visitorid'], $entry, $referer);
|
||||
$visitor = track_get_visitor_by_id($visitor_id);
|
||||
} else {
|
||||
$visitor = track_get_visitor_by_user_id($user_id);
|
||||
@ -79,7 +79,7 @@ class WidgetController extends AbstractController
|
||||
}
|
||||
|
||||
if ($visitor_id) {
|
||||
$_SESSION['visitorid'] = $visitor_id;
|
||||
$_SESSION[SESSION_PREFIX . 'visitorid'] = $visitor_id;
|
||||
}
|
||||
|
||||
if ($user_id === false) {
|
||||
@ -98,17 +98,17 @@ class WidgetController extends AbstractController
|
||||
$invitation_state = invitation_state($visitor_id);
|
||||
|
||||
// Check if invitation is closed
|
||||
if (!$invitation_state['invited'] && !empty($_SESSION['invitation_threadid'])) {
|
||||
if (!$invitation_state['invited'] && !empty($_SESSION[SESSION_PREFIX . 'invitation_threadid'])) {
|
||||
$response_data['handlers'][] = 'invitationClose';
|
||||
$response_data['dependencies']['invitationClose'] = array();
|
||||
unset($_SESSION['invitation_threadid']);
|
||||
unset($_SESSION[SESSION_PREFIX . 'invitation_threadid']);
|
||||
}
|
||||
|
||||
// Check if the visitor is just invited to chat
|
||||
$is_invited = $invitation_state['invited']
|
||||
&& (empty($_SESSION['invitation_threadid'])
|
||||
&& (empty($_SESSION[SESSION_PREFIX . 'invitation_threadid'])
|
||||
? true
|
||||
: ($_SESSION['invitation_threadid'] != $invitation_state['threadid']));
|
||||
: ($_SESSION[SESSION_PREFIX . 'invitation_threadid'] != $invitation_state['threadid']));
|
||||
|
||||
if ($is_invited) {
|
||||
// Load invitation thread
|
||||
@ -135,7 +135,7 @@ class WidgetController extends AbstractController
|
||||
'acceptCaption' => getlocal('Answer'),
|
||||
);
|
||||
|
||||
$_SESSION['invitation_threadid'] = $thread->id;
|
||||
$_SESSION[SESSION_PREFIX . 'invitation_threadid'] = $thread->id;
|
||||
}
|
||||
|
||||
// Check if the visitor rejects invitation
|
||||
|
||||
@ -317,8 +317,8 @@ class ThreadProcessor extends ClientSideProcessor implements
|
||||
// argument is mandatory, but some function allows it to be null. In
|
||||
// such cases there is no thread and there is nothing to check.
|
||||
if (!is_null($thread_id)) {
|
||||
$is_own_thread = isset($_SESSION['own_threads'])
|
||||
&& in_array($thread_id, $_SESSION['own_threads']);
|
||||
$is_own_thread = isset($_SESSION[SESSION_PREFIX . 'own_threads'])
|
||||
&& in_array($thread_id, $_SESSION[SESSION_PREFIX . 'own_threads']);
|
||||
if (!$is_own_thread) {
|
||||
throw new AccessDeniedException();
|
||||
}
|
||||
@ -698,10 +698,10 @@ class ThreadProcessor extends ClientSideProcessor implements
|
||||
// Check captcha
|
||||
if (Settings::get('enablecaptcha') == '1' && can_show_captcha()) {
|
||||
$captcha = $args['captcha'];
|
||||
$original = isset($_SESSION["mibew_captcha"])
|
||||
? $_SESSION["mibew_captcha"]
|
||||
$original = isset($_SESSION[SESSION_PREFIX . 'mibew_captcha'])
|
||||
? $_SESSION[SESSION_PREFIX . 'mibew_captcha']
|
||||
: '';
|
||||
unset($_SESSION['mibew_captcha']);
|
||||
unset($_SESSION[SESSION_PREFIX . 'mibew_captcha']);
|
||||
if (empty($original) || empty($captcha) || $captcha != $original) {
|
||||
throw new ThreadProcessorException(
|
||||
getlocal('The letters you typed don\'t match the letters that were shown in the picture.'),
|
||||
|
||||
@ -36,7 +36,7 @@ function csrf_check_token(Request $request)
|
||||
? $token = $request->request->get('csrf_token', false)
|
||||
: $token = $request->query->get('csrf_token', false);
|
||||
|
||||
if ($token !== $_SESSION['csrf_token']) {
|
||||
if ($token !== $_SESSION[SESSION_PREFIX . 'csrf_token']) {
|
||||
throw new BadRequestException('CSRF failure');
|
||||
}
|
||||
|
||||
@ -47,21 +47,21 @@ function get_csrf_token_input()
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
return '<input name="csrf_token" type="hidden" value="' . $_SESSION['csrf_token'] . '" />';
|
||||
return '<input name="csrf_token" type="hidden" value="' . $_SESSION[SESSION_PREFIX . 'csrf_token'] . '" />';
|
||||
}
|
||||
|
||||
function get_csrf_token()
|
||||
{
|
||||
set_csrf_token();
|
||||
|
||||
return $_SESSION['csrf_token'];
|
||||
return $_SESSION[SESSION_PREFIX . 'csrf_token'];
|
||||
}
|
||||
|
||||
/* set csrf token */
|
||||
function set_csrf_token()
|
||||
{
|
||||
if (!isset($_SESSION['csrf_token'])) {
|
||||
$_SESSION['csrf_token'] = sha1(session_id() . (function_exists('openssl_random_pseudo_bytes')
|
||||
if (!isset($_SESSION[SESSION_PREFIX . 'csrf_token'])) {
|
||||
$_SESSION[SESSION_PREFIX . 'csrf_token'] = sha1(session_id() . (function_exists('openssl_random_pseudo_bytes')
|
||||
? openssl_random_pseudo_bytes(32)
|
||||
: (time() + microtime()) . mt_rand(0, 99999999)));
|
||||
}
|
||||
|
||||
@ -206,14 +206,14 @@ function get_current_locale()
|
||||
&& locale_is_available($locale);
|
||||
|
||||
// Check if locale code stored in session data is valid
|
||||
$session_locale_valid = isset($_SESSION['locale'])
|
||||
&& locale_pattern_check($_SESSION['locale'])
|
||||
&& locale_is_available($_SESSION['locale']);
|
||||
$session_locale_valid = isset($_SESSION[SESSION_PREFIX . 'locale'])
|
||||
&& locale_pattern_check($_SESSION[SESSION_PREFIX . 'locale'])
|
||||
&& locale_is_available($_SESSION[SESSION_PREFIX . 'locale']);
|
||||
|
||||
if ($locale_param_valid) {
|
||||
$_SESSION['locale'] = $locale;
|
||||
$_SESSION[SESSION_PREFIX . 'locale'] = $locale;
|
||||
} elseif ($session_locale_valid) {
|
||||
$locale = $_SESSION['locale'];
|
||||
$locale = $_SESSION[SESSION_PREFIX . 'locale'];
|
||||
} else {
|
||||
$locale = get_user_locale();
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user