Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-02-12 10:31:09 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use SESSION_PREFIX everywhere

Browse Source
This commit is contained in:
Dmitriy Simushev 2014-12-11 13:56:22 +00:00
parent 96724464e2
commit ad8c815b3c
11 changed files with 47 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/mibew/libs/chat.php
View File

@ -692,7 +692,7 @@ function chat_start_for_user(
// Check if visitor was invited to chat // Check if visitor was invited to chat
$is_invited = false; $is_invited = false;
if (Settings::get('enabletracking')) { if (Settings::get('enabletracking')) {
$invitation_state = invitation_state($_SESSION['visitorid']); $invitation_state = invitation_state($_SESSION[SESSION_PREFIX . 'visitorid']);
if ($invitation_state['invited']) { if ($invitation_state['invited']) {
$is_invited = true; $is_invited = true;
} }
@ -709,7 +709,7 @@ function chat_start_for_user(
// Get thread object // Get thread object
if ($is_invited) { if ($is_invited) {
// Get thread from invitation // Get thread from invitation
$thread = invitation_accept($_SESSION['visitorid']); $thread = invitation_accept($_SESSION[SESSION_PREFIX . 'visitorid']);
if (!$thread) { if (!$thread) {
die("Cannot start thread"); die("Cannot start thread");
} }
@ -734,13 +734,13 @@ function chat_start_for_user(
$thread->userAgent = $user_browser; $thread->userAgent = $user_browser;
$thread->save(); $thread->save();
$_SESSION['threadid'] = $thread->id; $_SESSION[SESSION_PREFIX . 'threadid'] = $thread->id;
// Store own thread ids to restrict access for other people // Store own thread ids to restrict access for other people
if (!isset($_SESSION['own_threads'])) { if (!isset($_SESSION[SESSION_PREFIX . 'own_threads'])) {
$_SESSION['own_threads'] = array(); $_SESSION[SESSION_PREFIX . 'own_threads'] = array();
} }
$_SESSION['own_threads'][] = $thread->id; $_SESSION[SESSION_PREFIX . 'own_threads'][] = $thread->id;
// Bind thread to the visitor // Bind thread to the visitor
if (Settings::get('enabletracking')) { if (Settings::get('enabletracking')) {

4
src/mibew/libs/classes/Mibew/Application.php
View File

@ -402,10 +402,10 @@ class Application implements
if ($request->attributes->get('_route') == 'users_update') { if ($request->attributes->get('_route') == 'users_update') {
// Do not use "users" client application gateway as the backpath. // Do not use "users" client application gateway as the backpath.
// Use the awaiting visitors page instead. // Use the awaiting visitors page instead.
$_SESSION['backpath'] = $this->getRouter()->generate('users'); $_SESSION[SESSION_PREFIX . 'backpath'] = $this->getRouter()->generate('users');
} else { } else {
// Just use the current URI as the backpath. // Just use the current URI as the backpath.
$_SESSION['backpath'] = $request->getUri(); $_SESSION[SESSION_PREFIX . 'backpath'] = $request->getUri();
} }
// Redirect the operator to the login page. // Redirect the operator to the login page.
$response = new RedirectResponse($this->getRouter()->generate('login')); $response = new RedirectResponse($this->getRouter()->generate('login'));

2
src/mibew/libs/classes/Mibew/Authentication/SessionAuthenticationManager.php
View File

@ -72,7 +72,7 @@ class SessionAuthenticationManager implements AuthenticationManagerInterface
if ($this->loggedOut) { if ($this->loggedOut) {
// An operator is logged out. Clean up session data. // An operator is logged out. Clean up session data.
unset($_SESSION[SESSION_PREFIX . 'operator']); unset($_SESSION[SESSION_PREFIX . 'operator']);
unset($_SESSION['backpath']); unset($_SESSION[SESSION_PREFIX . 'backpath']);
} elseif ($this->loggedIn) { } elseif ($this->loggedIn) {
// An operator is logged in. Update operator in the session. // An operator is logged in. Update operator in the session.
$_SESSION[SESSION_PREFIX . 'operator'] = $this->operator; $_SESSION[SESSION_PREFIX . 'operator'] = $this->operator;

4
src/mibew/libs/classes/Mibew/Controller/ButtonController.php
View File

@ -39,8 +39,8 @@ class ButtonController extends AbstractController
{ {
$referer = $request->server->get('HTTP_REFERER', ''); $referer = $request->server->get('HTTP_REFERER', '');
if ($referer && isset($_SESSION['threadid'])) { if ($referer && isset($_SESSION[SESSION_PREFIX . 'threadid'])) {
$thread = Thread::load($_SESSION['threadid']); $thread = Thread::load($_SESSION[SESSION_PREFIX . 'threadid']);
if ($thread && $thread->state != Thread::STATE_CLOSED) { if ($thread && $thread->state != Thread::STATE_CLOSED) {
$msg = getlocal( $msg = getlocal(
"Visitor navigated to {0}", "Visitor navigated to {0}",

2
src/mibew/libs/classes/Mibew/Controller/CaptchaController.php
View File

@ -36,7 +36,7 @@ class CaptchaController extends AbstractController
public function drawAction(Request $request) public function drawAction(Request $request)
{ {
$captcha_code = gen_captcha(); $captcha_code = gen_captcha();
$_SESSION["mibew_captcha"] = $captcha_code; $_SESSION[SESSION_PREFIX . 'mibew_captcha'] = $captcha_code;
$image = draw_captcha($captcha_code, true); $image = draw_captcha($captcha_code, true);
$response = new Response( $response = new Response(

20
src/mibew/libs/classes/Mibew/Controller/Chat/UserChatController.php
View File

@ -44,8 +44,8 @@ class UserChatController extends AbstractController
$token = $request->attributes->get('token'); $token = $request->attributes->get('token');
// We have to check that the thread is owned by the user. // We have to check that the thread is owned by the user.
$is_own_thread = isset($_SESSION['own_threads']) $is_own_thread = isset($_SESSION[SESSION_PREFIX . 'own_threads'])
&& in_array($thread_id, $_SESSION['own_threads']); && in_array($thread_id, $_SESSION[SESSION_PREFIX . 'own_threads']);
$thread = Thread::load($thread_id, $token); $thread = Thread::load($thread_id, $token);
if (!$thread || !$is_own_thread) { if (!$thread || !$is_own_thread) {
@ -103,8 +103,8 @@ class UserChatController extends AbstractController
$thread = null; $thread = null;
// Try to get thread from the session // Try to get thread from the session
if (isset($_SESSION['threadid'])) { if (isset($_SESSION[SESSION_PREFIX . 'threadid'])) {
$thread = Thread::reopen($_SESSION['threadid']); $thread = Thread::reopen($_SESSION[SESSION_PREFIX . 'threadid']);
} }
// Create new thread // Create new thread
@ -171,8 +171,8 @@ class UserChatController extends AbstractController
} }
// Get invitation info // Get invitation info
if (Settings::get('enabletracking') && !empty($_SESSION['visitorid'])) { if (Settings::get('enabletracking') && !empty($_SESSION[SESSION_PREFIX . 'visitorid'])) {
$invitation_state = invitation_state($_SESSION['visitorid']); $invitation_state = invitation_state($_SESSION[SESSION_PREFIX . 'visitorid']);
$visitor_is_invited = $invitation_state['invited']; $visitor_is_invited = $invitation_state['invited'];
} else { } else {
$visitor_is_invited = false; $visitor_is_invited = false;
@ -253,7 +253,7 @@ class UserChatController extends AbstractController
} }
// Check if user invited to chat. // Check if user invited to chat.
$invitation_state = invitation_state($_SESSION['visitorid']); $invitation_state = invitation_state($_SESSION[SESSION_PREFIX . 'visitorid']);
if (!$invitation_state['invited'] || !$invitation_state['threadid']) { if (!$invitation_state['invited'] || !$invitation_state['threadid']) {
return $this->redirect($this->generateUrl('chat_user_start')); return $this->redirect($this->generateUrl('chat_user_start'));
@ -262,10 +262,10 @@ class UserChatController extends AbstractController
$thread = Thread::load($invitation_state['threadid']); $thread = Thread::load($invitation_state['threadid']);
// Store own thread ids to restrict access for other people // Store own thread ids to restrict access for other people
if (!isset($_SESSION['own_threads'])) { if (!isset($_SESSION[SESSION_PREFIX . 'own_threads'])) {
$_SESSION['own_threads'] = array(); $_SESSION[SESSION_PREFIX . 'own_threads'] = array();
} }
$_SESSION['own_threads'][] = $thread->id; $_SESSION[SESSION_PREFIX . 'own_threads'][] = $thread->id;
// Prepare page // Prepare page
$page = setup_invitation_view($thread); $page = setup_invitation_view($thread);

4
src/mibew/libs/classes/Mibew/Controller/LoginController.php
View File

@ -98,8 +98,8 @@ class LoginController extends AbstractController
$this->getAuthenticationManager()->loginOperator($operator, $remember); $this->getAuthenticationManager()->loginOperator($operator, $remember);
// Redirect the current operator to the needed page. // Redirect the current operator to the needed page.
$target = isset($_SESSION['backpath']) $target = isset($_SESSION[SESSION_PREFIX . 'backpath'])
? $_SESSION['backpath'] ? $_SESSION[SESSION_PREFIX . 'backpath']
: $request->getUriForPath('/operator'); : $request->getUriForPath('/operator');
return $this->redirect($target); return $this->redirect($target);

16
src/mibew/libs/classes/Mibew/Controller/WidgetController.php
View File

@ -60,9 +60,9 @@ class WidgetController extends AbstractController
$user_id = $request->query->get('user_id', false); $user_id = $request->query->get('user_id', false);
// Check if session was started // Check if session was started
if (isset($_SESSION['visitorid']) && preg_match('/^[0-9]+$/', $_SESSION['visitorid'])) { if (isset($_SESSION[SESSION_PREFIX . 'visitorid']) && preg_match('/^[0-9]+$/', $_SESSION[SESSION_PREFIX . 'visitorid'])) {
// Session was started. Just track the visitor. // Session was started. Just track the visitor.
$visitor_id = track_visitor($_SESSION['visitorid'], $entry, $referer); $visitor_id = track_visitor($_SESSION[SESSION_PREFIX . 'visitorid'], $entry, $referer);
$visitor = track_get_visitor_by_id($visitor_id); $visitor = track_get_visitor_by_id($visitor_id);
} else { } else {
$visitor = track_get_visitor_by_user_id($user_id); $visitor = track_get_visitor_by_user_id($user_id);
@ -79,7 +79,7 @@ class WidgetController extends AbstractController
} }
if ($visitor_id) { if ($visitor_id) {
$_SESSION['visitorid'] = $visitor_id; $_SESSION[SESSION_PREFIX . 'visitorid'] = $visitor_id;
} }
if ($user_id === false) { if ($user_id === false) {
@ -98,17 +98,17 @@ class WidgetController extends AbstractController
$invitation_state = invitation_state($visitor_id); $invitation_state = invitation_state($visitor_id);
// Check if invitation is closed // Check if invitation is closed
if (!$invitation_state['invited'] && !empty($_SESSION['invitation_threadid'])) { if (!$invitation_state['invited'] && !empty($_SESSION[SESSION_PREFIX . 'invitation_threadid'])) {
$response_data['handlers'][] = 'invitationClose'; $response_data['handlers'][] = 'invitationClose';
$response_data['dependencies']['invitationClose'] = array(); $response_data['dependencies']['invitationClose'] = array();
unset($_SESSION['invitation_threadid']); unset($_SESSION[SESSION_PREFIX . 'invitation_threadid']);
} }
// Check if the visitor is just invited to chat // Check if the visitor is just invited to chat
$is_invited = $invitation_state['invited'] $is_invited = $invitation_state['invited']
&& (empty($_SESSION['invitation_threadid']) && (empty($_SESSION[SESSION_PREFIX . 'invitation_threadid'])
? true ? true
: ($_SESSION['invitation_threadid'] != $invitation_state['threadid'])); : ($_SESSION[SESSION_PREFIX . 'invitation_threadid'] != $invitation_state['threadid']));
if ($is_invited) { if ($is_invited) {
// Load invitation thread // Load invitation thread
@ -135,7 +135,7 @@ class WidgetController extends AbstractController
'acceptCaption' => getlocal('Answer'), 'acceptCaption' => getlocal('Answer'),
); );
$_SESSION['invitation_threadid'] = $thread->id; $_SESSION[SESSION_PREFIX . 'invitation_threadid'] = $thread->id;
} }
// Check if the visitor rejects invitation // Check if the visitor rejects invitation

10
src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php
View File

@ -317,8 +317,8 @@ class ThreadProcessor extends ClientSideProcessor implements
// argument is mandatory, but some function allows it to be null. In // argument is mandatory, but some function allows it to be null. In
// such cases there is no thread and there is nothing to check. // such cases there is no thread and there is nothing to check.
if (!is_null($thread_id)) { if (!is_null($thread_id)) {
$is_own_thread = isset($_SESSION['own_threads']) $is_own_thread = isset($_SESSION[SESSION_PREFIX . 'own_threads'])
&& in_array($thread_id, $_SESSION['own_threads']); && in_array($thread_id, $_SESSION[SESSION_PREFIX . 'own_threads']);
if (!$is_own_thread) { if (!$is_own_thread) {
throw new AccessDeniedException(); throw new AccessDeniedException();
} }
@ -698,10 +698,10 @@ class ThreadProcessor extends ClientSideProcessor implements
// Check captcha // Check captcha
if (Settings::get('enablecaptcha') == '1' && can_show_captcha()) { if (Settings::get('enablecaptcha') == '1' && can_show_captcha()) {
$captcha = $args['captcha']; $captcha = $args['captcha'];
$original = isset($_SESSION["mibew_captcha"]) $original = isset($_SESSION[SESSION_PREFIX . 'mibew_captcha'])
? $_SESSION["mibew_captcha"] ? $_SESSION[SESSION_PREFIX . 'mibew_captcha']
: ''; : '';
unset($_SESSION['mibew_captcha']); unset($_SESSION[SESSION_PREFIX . 'mibew_captcha']);
if (empty($original) || empty($captcha) || $captcha != $original) { if (empty($original) || empty($captcha) || $captcha != $original) {
throw new ThreadProcessorException( throw new ThreadProcessorException(
getlocal('The letters you typed don\'t match the letters that were shown in the picture.'), getlocal('The letters you typed don\'t match the letters that were shown in the picture.'),

10
src/mibew/libs/common/csrf.php
View File

@ -36,7 +36,7 @@ function csrf_check_token(Request $request)
? $token = $request->request->get('csrf_token', false) ? $token = $request->request->get('csrf_token', false)
: $token = $request->query->get('csrf_token', false); : $token = $request->query->get('csrf_token', false);
if ($token !== $_SESSION['csrf_token']) { if ($token !== $_SESSION[SESSION_PREFIX . 'csrf_token']) {
throw new BadRequestException('CSRF failure'); throw new BadRequestException('CSRF failure');
} }
@ -47,21 +47,21 @@ function get_csrf_token_input()
{ {
set_csrf_token(); set_csrf_token();
return '<input name="csrf_token" type="hidden" value="' . $_SESSION['csrf_token'] . '" />'; return '<input name="csrf_token" type="hidden" value="' . $_SESSION[SESSION_PREFIX . 'csrf_token'] . '" />';
} }
function get_csrf_token() function get_csrf_token()
{ {
set_csrf_token(); set_csrf_token();
return $_SESSION['csrf_token']; return $_SESSION[SESSION_PREFIX . 'csrf_token'];
} }
/* set csrf token */ /* set csrf token */
function set_csrf_token() function set_csrf_token()
{ {
if (!isset($_SESSION['csrf_token'])) { if (!isset($_SESSION[SESSION_PREFIX . 'csrf_token'])) {
$_SESSION['csrf_token'] = sha1(session_id() . (function_exists('openssl_random_pseudo_bytes') $_SESSION[SESSION_PREFIX . 'csrf_token'] = sha1(session_id() . (function_exists('openssl_random_pseudo_bytes')
? openssl_random_pseudo_bytes(32) ? openssl_random_pseudo_bytes(32)
: (time() + microtime()) . mt_rand(0, 99999999))); : (time() + microtime()) . mt_rand(0, 99999999)));
} }

10
src/mibew/libs/common/locale.php
View File

@ -206,14 +206,14 @@ function get_current_locale()
&& locale_is_available($locale); && locale_is_available($locale);
// Check if locale code stored in session data is valid // Check if locale code stored in session data is valid
$session_locale_valid = isset($_SESSION['locale']) $session_locale_valid = isset($_SESSION[SESSION_PREFIX . 'locale'])
&& locale_pattern_check($_SESSION['locale']) && locale_pattern_check($_SESSION[SESSION_PREFIX . 'locale'])
&& locale_is_available($_SESSION['locale']); && locale_is_available($_SESSION[SESSION_PREFIX . 'locale']);
if ($locale_param_valid) { if ($locale_param_valid) {
$_SESSION['locale'] = $locale; $_SESSION[SESSION_PREFIX . 'locale'] = $locale;
} elseif ($session_locale_valid) { } elseif ($session_locale_valid) {
$locale = $_SESSION['locale']; $locale = $_SESSION[SESSION_PREFIX . 'locale'];
} else { } else {
$locale = get_user_locale(); $locale = get_user_locale();
} }