Mercurial > hg > fapweb

changeset 33:5bf22431176c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Modularize.
author Matti Hamalainen <ccr@tnsp.org>
date Tue, 11 Dec 2012 11:46:47 +0200
parents 36392d1d6b5f
children 8ecf7c04a837
files admin.inc.php admlogin.php admlogout.php ajax.php index.php msession.inc.php msite.inc.php
diffstat 7 files changed, 167 insertions(+), 160 deletions(-) [+]
line wrap: on
line diff
--- a/admin.inc.php	Mon Dec 10 11:14:05 2012 +0200
+++ b/admin.inc.php	Tue Dec 11 11:46:47 2012 +0200
@@ -50,7 +50,6 @@
     "<p>Please use illegal telepathy over HTTP to provide a password to enter the party administration systembolaget.</p>\n".
     stGetFormStart("admlogin", "admlogin.php").
     stGetFormHiddenInput("mode", "check")."\n".
-    stGetFormHiddenInput("goto", "admin")."\n".
     stGetFormPasswordInput("admpass", "", "")."\n".
     stGetFormSubmitInput("submit", "Login").
     "</form>\n";
--- a/admlogin.php	Mon Dec 10 11:14:05 2012 +0200
+++ b/admlogin.php	Tue Dec 11 11:46:47 2012 +0200
@@ -2,13 +2,10 @@
 $sessionType = "admin";
 require "mconfig.inc.php";
 require "msite.inc.php";
+require "msession.inc.php";
 
 stSetupCacheControl();
 
-$target = stGetRequestItem("goto", FALSE);
-if (!stCheckHTTPS() || $target === FALSE || $target == "" || strpos($target, "login.php") !== FALSE)
-  exit;
-
 $password = stGetSetting("admPassword");
 if (stGetRequestItem("admpass", FALSE) == $password)
 {
@@ -20,5 +17,5 @@
   error_log("Admin session AUTH LOGIN failed (password)");
 }
 
-header("Location: ".$target);
+header("Location: admin");
 ?>
\ No newline at end of file
--- a/admlogout.php	Mon Dec 10 11:14:05 2012 +0200
+++ b/admlogout.php	Tue Dec 11 11:46:47 2012 +0200
@@ -2,6 +2,7 @@
 $sessionType = "admin";
 require "mconfig.inc.php";
 require "msite.inc.php";
+require "msession.inc.php";
 
 stSetupCacheControl();
 
--- a/ajax.php	Mon Dec 10 11:14:05 2012 +0200
+++ b/ajax.php	Tue Dec 11 11:46:47 2012 +0200
@@ -2,6 +2,7 @@
 $sessionType = "admin";
 require "mconfig.inc.php";
 require "msite.inc.php";
+require "msession.inc.php";
 
 // Check if we are allowed to execute
 if (!stCheckHTTPS() || !stAdmSessionAuth())
--- a/index.php	Mon Dec 10 11:14:05 2012 +0200
+++ b/index.php	Tue Dec 11 11:46:47 2012 +0200
@@ -2,6 +2,7 @@
 require "mconfig.inc.php";
 require "msite.inc.php";
 require "mcommon.inc.php";
+require "msession.inc.php";
 
 
 // Switch to https first, if needed
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/msession.inc.php	Tue Dec 11 11:46:47 2012 +0200
@@ -0,0 +1,161 @@
+<?
+//
+// FAPWEB - Demo Party Website System System
+// Session management and authentication
+// (C) Copyright 2012 Matti 'ccr' Hamalainen <ccr@tnsp.org>
+//
+
+function stGetSessionItem($name, $default = "")
+{
+  global $sessionType;
+  if (isset($sessionType))
+    return (isset($_SESSION[$sessionType]) && isset($_SESSION[$sessionType][$name])) ? trim($_SESSION[$sessionType][$name]) : $default;
+  else
+    return isset($_SESSION[$name]) ? trim($_SESSION[$name]) : $default;
+}
+
+
+function stSetSessionItem($name, $value)
+{
+  global $sessionType;
+  if (!isset($sessionType))
+    die("Session type not set.");
+  
+  $_SESSION[$sessionType][$name] = $value;
+}
+
+
+function stSessionExpire()
+{
+  global $sessionType;
+
+  // Check for session expiration
+  if (!isset($_SESSION[$sessionType]) || !isset($_SESSION[$sessionType]["expires"]))
+  {
+    if (stGetSetting("debug")) error_log("Session ".$sessionType." expires due to expire time not set.");
+    stSessionEnd();
+    return FALSE;
+  }
+  
+  if ($_SESSION[$sessionType]["expires"] < time())
+  {
+    if (stGetSetting("debug")) error_log("Session ".$sessionType." / ".session_id()." expires due to timeout ".$_SESSION[$sessionType]["expires"]." < ".time());
+    stSessionEnd();
+    return FALSE;
+  }
+
+  // Add more time to expiration
+  $timeout = stGetSetting($_SESSION[$sessionType]["timeout"], 0);
+  if (stGetSetting("debug")) error_log("Adding more time to ".$sessionType." session ".session_id()." :: ".$timeout);
+  $_SESSION[$sessionType]["expires"] = time() + $timeout * 60;
+  return TRUE;
+}
+
+
+function stSessionEnd()
+{
+  global $sessionType;
+  $result = FALSE;
+
+  if (stGetSetting("debug")) error_log("Request END session ".$sessionType);
+
+  if (@session_start() === TRUE && isset($_SESSION))
+  {
+    // End current session type
+    if (isset($_SESSION[$sessionType]))
+    {
+      if (stGetSetting("debug")) error_log("END session ".$sessionType." / ".$_SESSION[$sessionType]["expires"]);
+      $_SESSION[$sessionType] = array();
+      unset($_SESSION[$sessionType]);
+      $result = TRUE;
+    }
+
+    // If all session types are ended, clear the cookies etc
+    if (!isset($_SESSION["user"]) && !isset($_SESSION["admin"]))
+    {
+      if (stGetSetting("debug")) error_log("Clearing all session data.");
+      $_SESSION = array();
+
+      if (ini_get("session.use_cookies"))
+      {
+        $params = session_get_cookie_params();
+        setcookie(session_name(), "", time() - 242000,
+          $params["path"], $params["domain"],
+          $params["secure"], $params["httponly"]
+        );
+      }
+
+      @session_destroy();
+    }
+  }
+
+  return $result;
+}
+
+
+function stSessionStart($key, $timeout)
+{
+  global $sessionType;
+
+  if (@session_start() === TRUE)
+  {
+    if (stGetSetting("debug")) error_log("START ".$sessionType." session OK.");
+    $_SESSION[$sessionType] = array(
+      "key" => $key,
+      "timeout" => $timeout,
+      "expires" => time() + stGetSetting($timeout) * 60,
+      "message" => "",
+      "status" => 0,
+    );
+    return TRUE;
+  }
+  else
+  {
+    if (stGetSetting("debug")) error_log("START ".$sessionType." session --FAILED--");
+    return FALSE;
+  }
+}
+
+
+function stAdmSessionAuth()
+{
+  if (@session_start() === TRUE &&
+    stGetSessionItem("key", FALSE) == stGetSetting("admPassword"))
+  {
+    if (stGetSetting("debug")) error_log("AUTH admin session OK.");
+    return stSessionExpire();
+  }
+  else
+  {
+    if (stGetSetting("debug")) error_log("AUTH admin session FAIL.");
+    return FALSE;
+  }
+}
+
+
+function stUserSessionAuth()
+{
+  global $sessionType;
+
+  if (@session_start() === TRUE &&
+    isset($_SESSION[$sessionType]) &&
+    isset($_SESSION[$sessionType]["key"]))
+    return stSessionExpire();
+  else
+    return FALSE;
+}
+
+
+function stSetSessionStatus($status)
+{
+  global $sessionType;
+  if (isset($_SESSION[$sessionType]) || session_start() === TRUE)
+  {
+    if ($status >= 0)
+      stSetSessionItem("prevstatus", stGetSessionItem("status", FALSE));
+
+    stSetSessionItem("status", $status);
+  }
+}
+
+?>
\ No newline at end of file
--- a/msite.inc.php	Mon Dec 10 11:14:05 2012 +0200
+++ b/msite.inc.php	Tue Dec 11 11:46:47 2012 +0200
@@ -1,6 +1,7 @@
 <?
 //
 // FAPWEB - Demo Party Website System System
+// Generic and miscellaneous site support code
 // (C) Copyright 2012 Matti 'ccr' Hamalainen <ccr@tnsp.org>
 //
 
@@ -45,140 +46,6 @@
 }
 
 
-function stSessionExpire()
-{
-  global $sessionType;
-
-  // Check for session expiration
-  if (!isset($_SESSION[$sessionType]) || !isset($_SESSION[$sessionType]["expires"]))
-  {
-    if (stGetSetting("debug")) error_log("Session ".$sessionType." expires due to expire time not set.");
-    stSessionEnd();
-    return FALSE;
-  }
-  
-  if ($_SESSION[$sessionType]["expires"] < time())
-  {
-    if (stGetSetting("debug")) error_log("Session ".$sessionType." / ".session_id()." expires due to timeout ".$_SESSION[$sessionType]["expires"]." < ".time());
-    stSessionEnd();
-    return FALSE;
-  }
-
-  // Add more time to expiration
-  $timeout = stGetSetting($_SESSION[$sessionType]["timeout"], 0);
-  if (stGetSetting("debug")) error_log("Adding more time to ".$sessionType." session ".session_id()." :: ".$timeout);
-  $_SESSION[$sessionType]["expires"] = time() + $timeout * 60;
-  return TRUE;
-}
-
-
-function stSessionEnd()
-{
-  global $sessionType;
-  $result = FALSE;
-
-  if (stGetSetting("debug")) error_log("Request END session ".$sessionType);
-
-  if (@session_start() === TRUE && isset($_SESSION))
-  {
-    // End current session type
-    if (isset($_SESSION[$sessionType]))
-    {
-      if (stGetSetting("debug")) error_log("END session ".$sessionType." / ".$_SESSION[$sessionType]["expires"]);
-      $_SESSION[$sessionType] = array();
-      unset($_SESSION[$sessionType]);
-      $result = TRUE;
-    }
-
-    // If all session types are ended, clear the cookies etc
-    if (!isset($_SESSION["user"]) && !isset($_SESSION["admin"]))
-    {
-      if (stGetSetting("debug")) error_log("Clearing all session data.");
-      $_SESSION = array();
-
-      if (ini_get("session.use_cookies"))
-      {
-        $params = session_get_cookie_params();
-        setcookie(session_name(), "", time() - 242000,
-          $params["path"], $params["domain"],
-          $params["secure"], $params["httponly"]
-        );
-      }
-
-      @session_destroy();
-    }
-  }
-
-  return $result;
-}
-
-
-function stSessionStart($key, $timeout)
-{
-  global $sessionType;
-
-  if (@session_start() === TRUE)
-  {
-    if (stGetSetting("debug")) error_log("START ".$sessionType." session OK.");
-    $_SESSION[$sessionType] = array(
-      "key" => $key,
-      "timeout" => $timeout,
-      "expires" => time() + stGetSetting($timeout) * 60,
-      "message" => "",
-      "status" => 0,
-    );
-    return TRUE;
-  }
-  else
-  {
-    if (stGetSetting("debug")) error_log("START ".$sessionType." session --FAILED--");
-    return FALSE;
-  }
-}
-
-
-function stAdmSessionAuth()
-{
-  if (@session_start() === TRUE &&
-    stGetSessionItem("key", FALSE) == stGetSetting("admPassword"))
-  {
-    if (stGetSetting("debug")) error_log("AUTH admin session OK.");
-    return stSessionExpire();
-  }
-  else
-  {
-    if (stGetSetting("debug")) error_log("AUTH admin session FAIL.");
-    return FALSE;
-  }
-}
-
-
-function stUserSessionAuth()
-{
-  global $sessionType;
-
-  if (@session_start() === TRUE &&
-    isset($_SESSION[$sessionType]) &&
-    isset($_SESSION[$sessionType]["key"]))
-    return stSessionExpire();
-  else
-    return FALSE;
-}
-
-
-function stSetSessionStatus($status)
-{
-  global $sessionType;
-  if (isset($_SESSION[$sessionType]) || session_start() === TRUE)
-  {
-    if ($status >= 0)
-      stSetSessionItem("prevstatus", stGetSessionItem("status", FALSE));
-
-    stSetSessionItem("status", $status);
-  }
-}
-
-
 function stReloadSettings()
 {
   global $siteSettings;
@@ -420,26 +287,6 @@
 }
 
 
-function stGetSessionItem($name, $default = "")
-{
-  global $sessionType;
-  if (isset($sessionType))
-    return (isset($_SESSION[$sessionType]) && isset($_SESSION[$sessionType][$name])) ? trim($_SESSION[$sessionType][$name]) : $default;
-  else
-    return isset($_SESSION[$name]) ? trim($_SESSION[$name]) : $default;
-}
-
-
-function stSetSessionItem($name, $value)
-{
-  global $sessionType;
-  if (!isset($sessionType))
-    die("Session type not set.");
-  
-  $_SESSION[$sessionType][$name] = $value;
-}
-
-
 function stLogSQLError($sql)
 {
   global $db;