Fixed session->update_session_info() should only be called if its for the current session

2024-10-06 10:02:21 +02:00 · 2001-02-07 15:27:19 +00:00 · 2001-02-07 15:27:19 +00:00 · 1054c949b4
commit 1054c949b4
parent 28a751a4ca
5 changed files with 53 additions and 25 deletions
--- a/addressbook/preferences.php
+++ b/addressbook/preferences.php
@ -42,7 +42,7 @@
           $phpgw->preferences->delete("addressbook","mainscreen_showbirthdays");
        }

-        $phpgw->preferences->save_repository();
+        $phpgw->preferences->save_repository(True);
        Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] . "/preferences/index.php"));
     }
  }
--- a/calendar/preferences.php
+++ b/calendar/preferences.php
@ -26,7 +26,7 @@
     } else {
        $phpgw->preferences->delete("calendar","mainscreen_showevents");
     }
-     $phpgw->preferences->save_repository();
+     $phpgw->preferences->save_repository(True);
     
     Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] . "/preferences/index.php"));
     $phpgw->common->phpgw_exit();
--- a/phpgwapi/inc/class.preferences.inc.php
+++ b/phpgwapi/inc/class.preferences.inc.php
@ -92,22 +92,29 @@
      return $this->data;
    }

-    function save_repository()
+    function save_repository($update_session_info = False)
    {
      global $phpgw, $phpgw_info;
-      $this->db->lock("preferences");
-      $this->db->query("delete from preferences where preference_owner='" . $this->account_id . "'",__LINE__,__FILE__);

-      if ($PHP_VERSION < "4.0.0") {
-        $pref_info = addslashes(serialize($this->data));
-      } else {
-        $pref_info = serialize($this->data);
+      if (! $phpgw->acl->check("session_only_preferences",1,"preferences")) {
+         $this->db->lock("preferences");
+         $this->db->query("delete from preferences where preference_owner='" . $this->account_id . "'",__LINE__,__FILE__);
+   
+         if ($PHP_VERSION < "4.0.0") {
+           $pref_info = addslashes(serialize($this->data));
+         } else {
+           $pref_info = serialize($this->data);
+         }
+   
+         $this->db->query("insert into preferences (preference_owner,preference_value) values ('"
+                        . $this->account_id . "','" . $pref_info . "')",__LINE__,__FILE__);
+   
+         $this->db->unlock();
+      }
+      if ($update_session_info) {
+         $phpgw_info["user"]["preferences"] = $this->data;
+         $phpgw->session->update_session_info();
      }
-
-      $this->db->query("insert into preferences (preference_owner,preference_value) values ('"
-                     . $this->account_id . "','" . $pref_info . "')",__LINE__,__FILE__);
-
-      $this->db->unlock();
      return $this->data;
    }

@ -124,9 +131,9 @@
    {
      return $this->add($app_name,$var,$value);
    }
-    function commit()
+    function commit($update_session_info = False)
    {
-      return $this->save_repository();
+      return $this->save_repository($update_session_info);
    }

  } //end of preferences class
--- a/phpgwapi/inc/class.sessions.inc.php
+++ b/phpgwapi/inc/class.sessions.inc.php
@ -95,6 +95,7 @@
       $phpgw_info["user"]["kp3"] = $this->kp3;
       $phpgw_info_flags    = $phpgw_info["flags"];
       $phpgw_info          = $phpgw->crypto->decrypt($db->f("session_info"));
+       $this->data          = $phpgw_info["user"];
       $phpgw_info["flags"] = $phpgw_info_flags;
       $userid_array = explode("@",$db->f("session_lid"));
       $this->account_lid = $userid_array[0];
@ -102,6 +103,7 @@
       if ($userid_array[1] != $phpgw_info["user"]["domain"]) {
          return False;
       }
+
       if (PHP_OS != "Windows" && (! $phpgw_info["user"]["session_ip"] || $phpgw_info["user"]["session_ip"] != $this->getuser_ip())){
          return False;
       }
@ -130,6 +132,23 @@
                          . "'",__LINE__,__FILE__);
       }
    }
+    
+    function update_session_info()
+    {
+       global $phpgw, $phpgw_info;
+       $phpgw_info_temp = $phpgw_info;
+       $phpgw_info_temp["user"]["kp3"] = "";
+       $phpgw_info_temp["flags"] = array();
+
+       //$this->read_repositories();
+       if ($PHP_VERSION < "4.0.0") {
+          $info_string = addslashes($phpgw->crypto->encrypt($phpgw_info_temp));
+       } else {
+          $info_string = $phpgw->crypto->encrypt($phpgw_info_temp);
+       }
+       $phpgw->db->query("update phpgw_sessions set session_info='$info_string' where session_id='"
+                       . $this->sessionid . "'",__LINE__,__FILE__);
+    }

    function read_repositories()
    {
@ -138,10 +157,10 @@
      $phpgw->accounts->accounts($this->account_id);
      $phpgw->preferences->preferences($this->account_id);
      $phpgw->applications->applications($this->account_id);
-      $phpgw_info["user"] = $phpgw->accounts->read_repository();
-      $phpgw_info["user"]["acl"] = $phpgw->acl->read_repository();
+      $phpgw_info["user"]                = $phpgw->accounts->read_repository();
+      $phpgw_info["user"]["acl"]         = $phpgw->acl->read_repository();
      $phpgw_info["user"]["preferences"] = $phpgw->preferences->read_repository();
-      $phpgw_info["user"]["apps"] = $phpgw->applications->read_repository();
+      $phpgw_info["user"]["apps"]        = $phpgw->applications->read_repository();
      @reset($phpgw_info["user"]["apps"]);

      $phpgw_info["user"]["domain"]      = $this->account_domain;
@ -193,8 +212,8 @@
      $phpgw->accounts->account_id = $this->account_id;

      $phpgw_info["user"] = $phpgw->accounts->read_repository();
-      $this->sessionid = md5($phpgw->common->randomstring(10));
-      $this->kp3 = md5($phpgw->common->randomstring(15));
+      $this->sessionid    = md5($phpgw->common->randomstring(10));
+      $this->kp3          = md5($phpgw->common->randomstring(15));

      $phpgw->common->key  = $phpgw_info["server"]["encryptkey"];
      $phpgw->common->key .= $this->sessionid;
@ -213,13 +232,15 @@
         if ($this->account_domain == $phpgw_info["server"]["default_domain"]) {
            Setcookie("last_loginid", $this->account_lid ,time()+1209600);  // For 2 weeks
         } else {
-            Setcookie("last_loginid", $login ,time()+1209600);  // For 2 weeks
+            Setcookie("last_loginid", $login ,time()+1209600);              // For 2 weeks
         }
-         unset ($phpgw_info["server"]["default_domain"]); // we kill this for security reasons
+         unset ($phpgw_info["server"]["default_domain"]);                   // we kill this for security reasons
      }

+      // Why are we double encrypting it ?
+      // If mcrypt is already installed, the entire session_info field is all ready encrypted. (jengo)
      $this->passwd = $phpgw->common->encrypt($passwd);
-      $this->read_repositories($this->account_id);
+      $this->read_repositories();

      if ($PHP_VERSION < "4.0.0") {
         $info_string = addslashes($phpgw->crypto->encrypt($this->data));
--- a/preferences/settings.php
+++ b/preferences/settings.php
@ -242,7 +242,7 @@
        }
     }

-     $phpgw->preferences->commit();
+     $phpgw->preferences->commit(True);

     if ($phpgw_info["server"]["useframes"] != "never") {
        Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] . "/preferences/index.php"));