From dddf8963384e3cdb679ace9fa39e99711a93777b Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Tue, 21 Aug 2001 18:34:56 +0000 Subject: [PATCH] Semi-major adjustement with the goal of removing the register_globals requirement; Silence possible error if line# is not sent to errorlog class (often); This was tested with the setting on again and seems to work --- home.php | 78 ++++----- index.php | 21 +-- login.php | 11 +- logout.php | 26 +-- phpgwapi/inc/class.common.inc.php | 22 ++- phpgwapi/inc/class.errorlog.inc.php | 41 +++-- phpgwapi/inc/class.sessions.inc.php | 254 ++++++++++++++-------------- phpgwapi/inc/functions.inc.php | 3 +- 8 files changed, 237 insertions(+), 219 deletions(-) diff --git a/home.php b/home.php index 147c67dc00..1d971c5d86 100755 --- a/home.php +++ b/home.php @@ -18,14 +18,14 @@ . 'here.'; exit; } - - if (!isset($sessionid) || !$sessionid) + $GLOBALS['sessionid'] = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid']; + if (!isset($GLOBALS['sessionid']) || !$GLOBALS['sessionid']) { Header('Location: login.php'); exit; } - $phpgw_info['flags'] = array( + $GLOBALS['phpgw_info']['flags'] = array( 'noheader' => True, 'nonavbar' => True, 'currentapp' => 'home', @@ -35,7 +35,7 @@ ); include('header.inc.php'); - if ($phpgw_forward) + if ($GLOBALS['phpgw_forward']) { while (list($name,$value) = each($HTTP_GET_VARS)) { @@ -44,17 +44,17 @@ $extra_vars .= '&' . $name . '=' . urlencode($value); } } - $phpgw->redirect($phpgw->link($phpgw_forward,$extra_vars)); + $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link($GLOBALS['phpgw_forward'],$extra_vars)); } - if ($phpgw_info['server']['force_default_app'] && $phpgw_info['server']['force_default_app'] != 'user_choice') + if ($GLOBALS['phpgw_info']['server']['force_default_app'] && $GLOBALS['phpgw_info']['server']['force_default_app'] != 'user_choice') { - $phpgw_info['user']['preferences']['common']['default_app'] = $phpgw_info['server']['force_default_app']; + $GLOBALS['phpgw_info']['user']['preferences']['common']['default_app'] = $GLOBALS['phpgw_info']['server']['force_default_app']; } - if (($phpgw_info['user']['preferences']['common']['useframes'] && - $phpgw_info['server']['useframes'] == 'allowed') || - ($phpgw_info['server']['useframes'] == 'always')) + if (($GLOBALS['phpgw_info']['user']['preferences']['common']['useframes'] && + $GLOBALS['phpgw_info']['server']['useframes'] == 'allowed') || + ($GLOBALS['phpgw_info']['server']['useframes'] == 'always')) { if ($cd == 'yes') { @@ -66,17 +66,17 @@ 'frame_body' => 'frames_body.tpl', 'frame_navbar' => 'frames_navbar.tpl' )); - $tpl->set_var('navbar_link',$phpgw->link('index.php','navbarframe=True&cd=yes')); - if ($forward) + $tpl->set_var('navbar_link',$GLOBALS['phpgw']->link('index.php','navbarframe=True&cd=yes')); + if ($GLOBALS['forward']) { - $tpl->set_var('body_link',$phpgw->link($forward)); + $tpl->set_var('body_link',$GLOBALS['phpgw']->link($GLOBALS['forward'])); } else { - $tpl->set_var('body_link',$phpgw->link('index.php','framebody=True&cd=yes')); + $tpl->set_var('body_link',$GLOBALS['phpgw']->link('index.php','framebody=True&cd=yes')); } - if ($phpgw_info['user']['preferences']['common']['frame_navbar_location'] == 'bottom') + if ($GLOBALS['phpgw_info']['user']['preferences']['common']['frame_navbar_location'] == 'bottom') { $tpl->set_var('frame_size','*,60'); $tpl->parse('frames_','frame_body',True); @@ -92,55 +92,55 @@ } if ($navbarframe) { - $phpgw->common->phpgw_header(); + $GLOBALS['phpgw']->common->phpgw_header(); echo parse_navbar(); } } } - elseif ($cd=='yes' && $phpgw_info['user']['preferences']['common']['default_app'] - && $phpgw_info['user']['apps'][$phpgw_info['user']['preferences']['common']['default_app']]) + elseif ($cd=='yes' && $GLOBALS['phpgw_info']['user']['preferences']['common']['default_app'] + && $GLOBALS['phpgw_info']['user']['apps'][$GLOBALS['phpgw_info']['user']['preferences']['common']['default_app']]) { - $phpgw->redirect($phpgw->link('/' . $phpgw_info['user']['preferences']['common']['default_app'] . '/' . 'index.php')); - $phpgw->common->phpgw_exit(); + $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/' . $GLOBALS['phpgw_info']['user']['preferences']['common']['default_app'] . '/' . 'index.php')); + $GLOBALS['phpgw']->common->phpgw_exit(); } else { - $phpgw->common->phpgw_header(); + $GLOBALS['phpgw']->common->phpgw_header(); echo parse_navbar(); } - $phpgw->db->query("select app_version from phpgw_applications where app_name='phpgwapi'",__LINE__,__FILE__); - if($phpgw->db->next_record()) + $GLOBALS['phpgw']->db->query("select app_version from phpgw_applications where app_name='phpgwapi'",__LINE__,__FILE__); + if($GLOBALS['phpgw']->db->next_record()) { - $apiversion = $phpgw->db->f('app_version'); + $apiversion = $GLOBALS['phpgw']->db->f('app_version'); } else { - $phpgw->db->query("select app_version from phpgw_applications where app_name='admin'",__LINE__,__FILE__); - $phpgw->db->next_record(); - $apiversion = $phpgw->db->f('app_version'); + $GLOBALS['phpgw']->db->query("select app_version from phpgw_applications where app_name='admin'",__LINE__,__FILE__); + $GLOBALS['phpgw']->db->next_record(); + $apiversion = $GLOBALS['phpgw']->db->f('app_version'); } - if ($phpgw_info['server']['versions']['phpgwapi'] > $apiversion) + if ($GLOBALS['phpgw_info']['server']['versions']['phpgwapi'] > $apiversion) { echo '

' . lang('You are running a newer version of phpGroupWare than your database is setup for') . '.' . '
' . lang('It is recommended that you run setup to upgrade your tables to the current version') . '.' . '
'; } - $phpgw->translation->add_app('mainscreen'); + $GLOBALS['phpgw']->translation->add_app('mainscreen'); if (lang('mainscreen_message') != 'mainscreen_message*') { echo '

' . stripslashes(lang('mainscreen_message')) . '
'; } - if ((isset($phpgw_info['user']['apps']['admin']) && - $phpgw_info['user']['apps']['admin']) && - (isset($phpgw_info['server']['checkfornewversion']) && - $phpgw_info['server']['checkfornewversion'])) + if ((isset($GLOBALS['phpgw_info']['user']['apps']['admin']) && + $GLOBALS['phpgw_info']['user']['apps']['admin']) && + (isset($GLOBALS['phpgw_info']['server']['checkfornewversion']) && + $GLOBALS['phpgw_info']['server']['checkfornewversion'])) { - $phpgw->network->set_addcrlf(False); - $lines = $phpgw->network->gethttpsocketfile('http://www.phpgroupware.org/currentversion'); + $GLOBALS['phpgw']->network->set_addcrlf(False); + $lines = $GLOBALS['phpgw']->network->gethttpsocketfile('http://www.phpgroupware.org/currentversion'); for ($i=0; $icommon->cmp_version($phpgw_info['server']['versions']['phpgwapi'],$line_found[1])) + if($GLOBALS['phpgw']->common->cmp_version($GLOBALS['phpgw_info']['server']['versions']['phpgwapi'],$line_found[1])) { echo '

There is a new version of phpGroupWare available. http://www.phpgroupware.org'; @@ -168,7 +168,7 @@ NotifyWindow.close(); } } - NotifyWindow = window.open("link('/notify.php')?>", "NotifyWindow", "width=300,height=35,location=no,menubar=no,directories=no,toolbar=no,scrollbars=yes,resizable=yes,status=yes"); + NotifyWindow = window.open("link('/notify.php')?>", "NotifyWindow", "width=300,height=35,location=no,menubar=no,directories=no,toolbar=no,scrollbars=yes,resizable=yes,status=yes"); if (NotifyWindow.opener == null) { NotifyWindow.opener = window; @@ -181,7 +181,7 @@ //Uncomment the next line to enable the notify window. It will not work until a notifywindow app is added. echo '' . lang('Open notify window') . ''; - $phpgw->common->hook('home',array('email','calendar','news','addressbook')); + $GLOBALS['phpgw']->common->hook('home',array('email','calendar','news','addressbook')); //$phpgw->common->debug_phpgw_info(); //$phpgw->common->debug_list_core_functions(); @@ -189,5 +189,5 @@ common->phpgw_footer(); + $GLOBALS['phpgw']->common->phpgw_footer(); ?> diff --git a/index.php b/index.php index 29d02ea76b..844a252086 100755 --- a/index.php +++ b/index.php @@ -11,7 +11,8 @@ /* $Id$ */ - if (! $sessionid) + $GLOBALS['sessionid'] = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid']; + if (! $GLOBALS['sessionid']) { Header('Location: login.php'); exit; @@ -20,9 +21,9 @@ /* This is the preliminary menuaction driver for the new multi-layered design */ - if (@isset($menuaction)) + if (@isset($GLOBALS['HTTP_GET_VARS']['menuaction'])) { - list($app,$class,$method) = explode('.',$menuaction); + list($app,$class,$method) = explode('.',$GLOBALS['HTTP_GET_VARS']['menuaction']); if (! $app || ! $class || ! $method) { $invalid_data = True; @@ -37,7 +38,7 @@ $invalid_data = True; } - $phpgw_info['flags'] = array( + $GLOBALS['phpgw_info']['flags'] = array( 'noheader' => True, 'nonavbar' => True, 'currentapp' => $app @@ -46,7 +47,7 @@ if ($app == 'home') { - Header('Location: ' . $phpgw->link('/home.php')); + Header('Location: ' . $GLOBALS['phpgw']->link('/home.php')); } $obj = CreateObject(sprintf('%s.%s',$app,$class)); @@ -56,13 +57,13 @@ } else { - Header('Location: ' . $phpgw->link('/home.php')); - $phpgw->log->message(array('text'=>'W-BadmenuactionVariable, menuaction missing or corrupt: %1','p1'=>$menuaction)); + Header('Location: ' . $GLOBALS['phpgw']->link('/home.php')); + $GLOBALS['phpgw']->log->message(array('text'=>'W-BadmenuactionVariable, menuaction missing or corrupt: %1','p1'=>$menuaction)); if (! is_array($obj->public_functions) || ! $obj->public_functions[$method]) { - $phpgw->log->message(array('text'=>'W-BadmenuactionVariable, attempted to access private method: %1','p1'=>$method)); + $GLOBALS['phpgw']->log->message(array('text'=>'W-BadmenuactionVariable, attempted to access private method: %1','p1'=>$method)); } - $phpgw->log->commit(); + $GLOBALS['phpgw']->log->commit(); /* $_obj = CreateObject('home.home'); @@ -70,4 +71,4 @@ */ } - $phpgw->common->phpgw_footer(); + $GLOBALS['phpgw']->common->phpgw_footer(); diff --git a/login.php b/login.php index 7f5b9968d2..04eceb50ad 100755 --- a/login.php +++ b/login.php @@ -145,20 +145,21 @@ unset($sslattributes); } - if (isset($submit) && $submit || $submit_x || $submit_y) + if (isset($HTTP_POST_VARS['submit']) && $HTTP_POST_VARS['submit'] || $submit_x || $submit_y) { if (getenv(REQUEST_METHOD) != 'POST' && !isset($PHP_AUTH_USER) && !isset($HTTP_SERVER_VARS["SSL_CLIENT_S_DN"])) { $phpgw->redirect($phpgw->link('/login.php','code=5')); } - $sessionid = $phpgw->session->create($login,$passwd); - if (! isset($sessionid) || ! $sessionid) + $GLOBALS['sessionid'] = $GLOBALS['phpgw']->session->create($GLOBALS['HTTP_POST_VARS']['login'],$GLOBALS['HTTP_POST_VARS']['passwd']); + + if (! isset($GLOBALS['sessionid']) || ! $GLOBALS['sessionid']) { $phpgw->redirect($phpgw_info['server']['webserver_url'] . '/login.php?cd=5'); } else { - if ($phpgw_forward) + if ($GLOBALS['phpgw_forward']) { while (list($name,$value) = each($HTTP_GET_VARS)) { @@ -168,7 +169,7 @@ } } } - $phpgw->redirect($phpgw->link('/home.php','cd=yes' . $extra_vars)); + $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/home.php','cd=yes' . $extra_vars)); } } else diff --git a/logout.php b/logout.php index 17a2a61ccc..7887fa30c4 100755 --- a/logout.php +++ b/logout.php @@ -12,8 +12,8 @@ /* $Id$ */ - $phpgw_info = array(); - $phpgw_info['flags'] = array( + $GLOBALS['phpgw_info'] = array(); + $GLOBALS['phpgw_info']['flags'] = array( 'disable_template_class' => True, 'currentapp' => 'logout', 'noheader' => True, @@ -23,30 +23,34 @@ include('./header.inc.php'); - if ($phpgw->session->verify($sessionid)) + $GLOBALS['sessionid'] = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid']; + $GLOBALS['kp3'] = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3']; + + $verified = $GLOBALS['phpgw']->session->verify(); + if ($verified) { - if (file_exists($phpgw_info['server']['temp_dir'] . SEP . $sessionid)) + if (file_exists($GLOBALS['phpgw_info']['server']['temp_dir'] . SEP . $GLOBALS['sessionid'])) { - $dh = opendir($phpgw_info['server']['temp_dir'] . SEP . $sessionid); + $dh = opendir($GLOBALS['phpgw_info']['server']['temp_dir'] . SEP . $GLOBALS['sessionid']); while ($file = readdir($dh)) { if ($file != '.' && $file != '..') { - unlink($phpgw_info['server']['temp_dir'] . SEP . $sessionid . SEP . $file); + unlink($GLOBALS['phpgw_info']['server']['temp_dir'] . SEP . $GLOBALS['sessionid'] . SEP . $file); } } - rmdir($phpgw_info['server']['temp_dir'] . SEP . $sessionid); + rmdir($GLOBALS['phpgw_info']['server']['temp_dir'] . SEP . $GLOBALS['sessionid']); } - $phpgw->common->hook('logout'); - $phpgw->session->destroy(); + $GLOBALS['phpgw']->common->hook('logout'); + $GLOBALS['phpgw']->session->destroy(); } else { - $phpgw->log->write(array('text'=>'W-VerifySession, could not verify session durring logout')); + $GLOBALS['phpgw']->log->write(array('text'=>'W-VerifySession, could not verify session during logout')); } Setcookie('sessionid'); Setcookie('kp3'); Setcookie('domain'); - $phpgw->redirect($phpgw_info['server']['webserver_url'].'/login.php?cd=1'); + $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'].'/login.php?cd=1'); ?> diff --git a/phpgwapi/inc/class.common.inc.php b/phpgwapi/inc/class.common.inc.php index f463d96f4b..e7e21c889f 100644 --- a/phpgwapi/inc/class.common.inc.php +++ b/phpgwapi/inc/class.common.inc.php @@ -612,10 +612,9 @@ */ function get_tpl_dir($appname = '') { - global $phpgw_info; if (! $appname) { - $appname = $phpgw_info['flags']['currentapp']; + $appname = $GLOBALS['phpgw_info']['flags']['currentapp']; } if ($appname == 'home' || $appname == 'logout' || $appname == 'login') { @@ -623,24 +622,23 @@ } // Setting this for display of template choices in user preferences - if ($phpgw_info['server']['template_set'] == 'user_choice') + if ($GLOBALS['phpgw_info']['server']['template_set'] == 'user_choice') { - $phpgw_info['server']['usrtplchoice'] = 'user_choice'; + $GLOBALS['phpgw_info']['server']['usrtplchoice'] = 'user_choice'; } - if ($phpgw_info['server']['template_set'] == 'user_choice' && - isset($phpgw_info['user']['preferences']['common']['template_set'])) + if ($GLOBALS['phpgw_info']['server']['template_set'] == 'user_choice' && + isset($GLOBALS['phpgw_info']['user']['preferences']['common']['template_set'])) { - $phpgw_info['server']['template_set'] = $phpgw_info['user']['preferences']['common']['template_set']; + $GLOBALS['phpgw_info']['server']['template_set'] = $GLOBALS['phpgw_info']['user']['preferences']['common']['template_set']; } - elseif ($phpgw_info['server']['template_set'] == 'user_choice' || - !isset($phpgw_info['server']['template_set'])) + elseif ($GLOBALS['phpgw_info']['server']['template_set'] == 'user_choice' || + !isset($GLOBALS['phpgw_info']['server']['template_set'])) { - $phpgw_info['server']['template_set'] = 'default'; + $GLOBALS['phpgw_info']['server']['template_set'] = 'default'; } - $tpldir = PHPGW_SERVER_ROOT . '/' . $appname . '/templates/' - . $phpgw_info['server']['template_set']; + $tpldir = PHPGW_SERVER_ROOT . '/' . $appname . '/templates/' . $GLOBALS['phpgw_info']['server']['template_set']; $tpldir_default = PHPGW_SERVER_ROOT . '/' . $appname . '/templates/default'; if (is_dir($tpldir)) diff --git a/phpgwapi/inc/class.errorlog.inc.php b/phpgwapi/inc/class.errorlog.inc.php index 60d8041855..5ba78e073d 100644 --- a/phpgwapi/inc/class.errorlog.inc.php +++ b/phpgwapi/inc/class.errorlog.inc.php @@ -77,17 +77,26 @@ { switch($err->severity) { - case 'F': return 'F'; break; - case 'E': $max = 'E'; break; - case 'W': if ($max != 'E') - { - $max = 'W'; - } - break; - case 'I': if ($max == 'D') - { - $max = 'I'; - } + case 'F': + return 'F'; + break; + case 'E': + $max = 'E'; + break; + case 'W': + if ($max != 'E') + { + $max = 'W'; + } + break; + case 'I': + if ($max == 'D') + { + $max = 'I'; + } + break; + default: + break; } } return $max; @@ -108,7 +117,7 @@ ,__LINE__,__FILE__); $log_id = $db->get_last_insert_id('phpgw_log','log_id'); -// $db->query('select max(log_id) as lid from phpgw_log'); +// $db->query('select max(log_id) as lid from phpgw_log'); // $db->next_record(); // $log_id = $db->f('lid'); // $db->unlock(); @@ -125,11 +134,11 @@ .", '" . $phpgw->db->to_timestamp($err->timestamp ) ."', '". $err->severity . "'" - .", '". $err->code . "'" - .", '". $err->msg . "'" + .", '". $err->code . "'" + .", '". $err->msg . "'" .", '". addslashes(implode('|',$err->parms)). "'" - .", '". $err->fname . "'" - .", ". $err->line + .", '". $err->fname . "'" + .", " . intval($err->line) .")" ,__LINE__,__FILE__); }; diff --git a/phpgwapi/inc/class.sessions.inc.php b/phpgwapi/inc/class.sessions.inc.php index caf74472b2..4fe63203d6 100644 --- a/phpgwapi/inc/class.sessions.inc.php +++ b/phpgwapi/inc/class.sessions.inc.php @@ -61,33 +61,32 @@ \*************************************************************************/ function getuser_ip() { - global $REMOTE_ADDR, $HTTP_X_FORWARDED_FOR; - - if ($HTTP_X_FORWARDED_FOR) + if ($GLOBALS['HTTP_X_FORWARDED_FOR']) { - return $HTTP_X_FORWARDED_FOR; + return $GLOBALS['HTTP_X_FORWARDED_FOR']; } else { - return $REMOTE_ADDR; + return $GLOBALS['HTTP_SERVER_VARS']['REMOTE_ADDR']; } } function verify() { - global $phpgw, $phpgw_info, $sessionid, $kp3; + $sessionid = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid']; + $kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3']; - $db = $phpgw->db; - $db2 = $phpgw->db; + $db = $GLOBALS['phpgw']->db; + $db2 = $GLOBALS['phpgw']->db; $this->sessionid = $sessionid; $this->kp3 = $kp3; - $phpgw->common->key = md5($this->kp3 . $this->sessionid . $phpgw_info['server']['encryptkey']); - $phpgw->common->iv = $phpgw_info['server']['mcrypt_iv']; + $GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); + $GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; - $cryptovars[0] = $phpgw->common->key; - $cryptovars[1] = $phpgw->common->iv; - $phpgw->crypto = CreateObject('phpgwapi.crypto', $cryptovars); + $cryptovars[0] = $GLOBALS['phpgw']->common->key; + $cryptovars[1] = $GLOBALS['phpgw']->common->iv; + $GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars); $db->query("select * from phpgw_sessions where session_id='" . $this->sessionid . "'",__LINE__,__FILE__); $db->next_record(); @@ -103,71 +102,70 @@ } else { - $this->account_domain = $phpgw_info['server']['default_domain']; + $this->account_domain = $GLOBALS['phpgw_info']['server']['default_domain']; } - $phpgw_info['user']['kp3'] = $this->kp3; - $phpgw_info_flags = $phpgw_info['flags']; + $GLOBALS['phpgw_info']['user']['kp3'] = $this->kp3; - $phpgw_info['flags'] = $phpgw_info_flags; $userid_array = explode('@',$db->f('session_lid')); // Thinking this might solve auth_http problems if(@$userid_array[1] == '') { $userid_array[1] = 'default'; } $this->account_lid = $userid_array[0]; $this->update_dla(); - $this->account_id = $phpgw->accounts->name2id($this->account_lid); + $this->account_id = $GLOBALS['phpgw']->accounts->name2id($this->account_lid); if (! $this->account_id) { +// echo 'er'; return False; } - $phpgw_info['user']['account_id'] = $this->account_id; - - $this->read_repositories(@$phpgw_info['server']['cache_phpgw_info']); + $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; + + $this->read_repositories(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info']); if ($this->user['expires'] != -1 && $this->user['expires'] < time()) { - $phpgw->log->message('W-VerifySession, account loginid %1 is expired',$this->account_lid); - $phpgw->log->commit(); + $GLOBALS['phpgw']->log->message('W-VerifySession, account loginid %1 is expired',$this->account_lid); + $GLOBALS['phpgw']->log->commit(); return False; } - $phpgw_info['user'] = $this->user; - $phpgw_info['hooks'] = $this->hooks; + $GLOBALS['phpgw_info']['user'] = $this->user; + $GLOBALS['phpgw_info']['hooks'] = $this->hooks; - $phpgw_info['user']['session_ip'] = $db->f('session_ip'); - $phpgw_info['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); + $GLOBALS['phpgw_info']['user']['session_ip'] = $db->f('session_ip'); + $GLOBALS['phpgw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); - if ($userid_array[1] != $phpgw_info['user']['domain']) + if ($userid_array[1] != $GLOBALS['phpgw_info']['user']['domain']) { - $phpgw->log->message('W-VerifySession, the domains %1 and %2 don\t match',$userid_array[1],$phpgw_info['user']['domain']); - $phpgw->log->commit(); + $GLOBALS['phpgw']->log->message('W-VerifySession, the domains %1 and %2 don\t match',$userid_array[1],$GLOBALS['phpgw_info']['user']['domain']); + $GLOBALS['phpgw']->log->commit(); return False; } - if (@$phpgw_info['server']['sessions_checkip']) + if (@$GLOBALS['phpgw_info']['server']['sessions_checkip']) { - if (PHP_OS != 'Windows' && (! $phpgw_info['user']['session_ip'] || $phpgw_info['user']['session_ip'] != $this->getuser_ip())) + if (PHP_OS != 'Windows' && (! $GLOBALS['phpgw_info']['user']['session_ip'] || $GLOBALS['phpgw_info']['user']['session_ip'] != $this->getuser_ip())) { // This needs some better wording - $phpgw->log->message('W-VerifySession, IP %1 doesn\'t match IP %2 in session table',$this->getuser_ip(),$phpgw_info['user']['session_ip']); - $phpgw->log->commit(); + $GLOBALS['phpgw']->log->message('W-VerifySession, IP %1 doesn\'t match IP %2 in session table',$this->getuser_ip(),$GLOBALS['phpgw_info']['user']['session_ip']); + $GLOBALS['phpgw']->log->commit(); return False; } } - $phpgw->acl->acl($this->account_id); - $phpgw->accounts->accounts($this->account_id); - $phpgw->preferences->preferences($this->account_id); - $phpgw->applications->applications($this->account_id); + $GLOBALS['phpgw']->acl->acl($this->account_id); + $GLOBALS['phpgw']->accounts->accounts($this->account_id); + $GLOBALS['phpgw']->preferences->preferences($this->account_id); + $GLOBALS['phpgw']->applications->applications($this->account_id); if (! $this->account_lid) { // This needs some better wording - $phpgw->log->message('W-VerifySession, account_id is empty'); - $phpgw->log->commit(); + $GLOBALS['phpgw']->log->message('W-VerifySession, account_id is empty'); + $GLOBALS['phpgw']->log->commit(); return False; } @@ -180,22 +178,20 @@ // This will remove stale sessions out of the database function clean_sessions() { - global $phpgw_info, $phpgw; - // If you plan on using the cron apps, please remove the following lines. // I am going to make this a config option durring 0.9.11, instead of an application (jengo) - $phpgw->db->query("delete from phpgw_sessions where session_dla <= '" . (time() - 7200) + $GLOBALS['phpgw']->db->query("delete from phpgw_sessions where session_dla <= '" . (time() - 7200) . "' and session_flags !='A'",__LINE__,__FILE__); // This is set a little higher, we don't want to kill session data for anonymous sessions. - $phpgw->db->query("delete from phpgw_app_sessions where session_dla <= '" . (time() - 86400) + $GLOBALS['phpgw']->db->query("delete from phpgw_app_sessions where session_dla <= '" . (time() - 86400) . "'",__LINE__,__FILE__); } function create($login,$passwd) { - global $phpgw_info, $phpgw, $PHP_SELF; + global $PHP_SELF; $this->login = $login; $this->passwd = $passwd; @@ -210,47 +206,47 @@ } else { - $this->account_domain = $phpgw_info['server']['default_domain']; + $this->account_domain = $GLOBALS['phpgw_info']['server']['default_domain']; } - if ($phpgw_info['server']['global_denied_users'][$this->account_lid]) + if ($GLOBALS['phpgw_info']['server']['global_denied_users'][$this->account_lid]) { return False; } - if (! $phpgw->auth->authenticate($this->account_lid, $passwd)) + if (! $GLOBALS['phpgw']->auth->authenticate($this->account_lid, $passwd)) { return False; exit; } - if (!$phpgw->accounts->exists($this->account_lid) && $phpgw_info['server']['auto_create_acct'] == True) + if (!$GLOBALS['phpgw']->accounts->exists($this->account_lid) && $GLOBALS['phpgw_info']['server']['auto_create_acct'] == True) { - $this->account_id = $phpgw->accounts->auto_add($this->account_lid, $passwd); + $this->account_id = $GLOBALS['phpgw']->accounts->auto_add($this->account_lid, $passwd); } else { - $this->account_id = $phpgw->accounts->name2id($this->account_lid); + $this->account_id = $GLOBALS['phpgw']->accounts->name2id($this->account_lid); } - $phpgw_info['user']['account_id'] = $this->account_id; - $phpgw->accounts->accounts($this->account_id); + $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; + $GLOBALS['phpgw']->accounts->accounts($this->account_id); - $this->sessionid = md5($phpgw->common->randomstring(10)); - $this->kp3 = md5($phpgw->common->randomstring(15)); + $this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10)); + $this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15)); - $phpgw->common->key = md5($this->kp3 . $this->sessionid . $phpgw_info['server']['encryptkey']); - $phpgw->common->iv = $phpgw_info['server']['mcrypt_iv']; - $cryptovars[0] = $phpgw->common->key; - $cryptovars[1] = $phpgw->common->iv; - $phpgw->crypto = CreateObject('phpgwapi.crypto', $cryptovars); + $GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); + $GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; + $cryptovars[0] = $GLOBALS['phpgw']->common->key; + $cryptovars[1] = $GLOBALS['phpgw']->common->iv; + $GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars); - if ($phpgw_info['server']['usecookies']) + if ($GLOBALS['phpgw_info']['server']['usecookies']) { Setcookie('sessionid',$this->sessionid); Setcookie('kp3',$this->kp3); Setcookie('domain',$this->account_domain); Setcookie('last_domain',$this->account_domain,$now+1209600); - if ($this->account_domain == $phpgw_info['server']['default_domain']) + if ($this->account_domain == $GLOBALS['phpgw_info']['server']['default_domain']) { Setcookie('last_loginid', $this->account_lid ,$now+1209600); // For 2 weeks } @@ -258,7 +254,7 @@ { Setcookie('last_loginid', $login ,$now+1209600); // For 2 weeks } - unset ($phpgw_info['server']['default_domain']); // we kill this for security reasons + unset ($GLOBALS['phpgw_info']['server']['default_domain']); // we kill this for security reasons } $this->read_repositories(False); @@ -270,11 +266,11 @@ return False; } - $phpgw_info['user'] = $this->user; - $phpgw_info['hooks'] = $this->hooks; + $GLOBALS['phpgw_info']['user'] = $this->user; + $GLOBALS['phpgw_info']['hooks'] = $this->hooks; $this->appsession('password','phpgwapi',base64_encode($this->passwd)); - if ($phpgw->acl->check('anonymous',1,'phpgwapi')) + if ($GLOBALS['phpgw']->acl->check('anonymous',1,'phpgwapi')) { $session_flags = 'A'; } @@ -285,38 +281,36 @@ $user_ip = $this->getuser_ip(); - $phpgw->db->transaction_begin(); - $phpgw->db->query("insert into phpgw_sessions values ('" . $this->sessionid + $GLOBALS['phpgw']->db->transaction_begin(); + $GLOBALS['phpgw']->db->query("insert into phpgw_sessions values ('" . $this->sessionid . "','".$login."','" . $user_ip . "','" . $now . "','" . $now . "','" . $PHP_SELF . "','" . $session_flags . "')",__LINE__,__FILE__); - $phpgw->db->query("insert into phpgw_access_log values ('" . $this->sessionid . "','" + $GLOBALS['phpgw']->db->query("insert into phpgw_access_log values ('" . $this->sessionid . "','" . "$login','" . $user_ip . "','$now','','" . $this->account_id . "')",__LINE__,__FILE__); - $this->appsession('account_previous_login','phpgwapi',$phpgw->auth->previous_login); - $phpgw->auth->update_lastlogin($this->account_id,$user_ip); - $phpgw->db->transaction_commit(); + $this->appsession('account_previous_login','phpgwapi',$GLOBALS['phpgw']->auth->previous_login); + $GLOBALS['phpgw']->auth->update_lastlogin($this->account_id,$user_ip); + $GLOBALS['phpgw']->db->transaction_commit(); return $this->sessionid; } function verify_server($sessionid, $kp3) { - global $phpgw, $phpgw_info; - - $phpgw->interserver = CreateObject('phpgwapi.interserver'); - $db = $phpgw->db; - $db2 = $phpgw->db; + $GLOBALS['phpgw']->interserver = CreateObject('phpgwapi.interserver'); + $db = $GLOBALS['phpgw']->db; + $db2 = $GLOBALS['phpgw']->db; $this->sessionid = $sessionid; $this->kp3 = $kp3; - $phpgw->common->key = md5($this->kp3 . $this->sessionid . $phpgw_info['server']['encryptkey']); - $phpgw->common->iv = $phpgw_info['server']['mcrypt_iv']; + $GLOBALS['phpgw']->common->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); + $GLOBALS['phpgw']->common->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; - $cryptovars[0] = $phpgw->common->key; - $cryptovars[1] = $phpgw->common->iv; - $phpgw->crypto = CreateObject('phpgwapi.crypto', $cryptovars); + $cryptovars[0] = $GLOBALS['phpgw']->common->key; + $cryptovars[1] = $GLOBALS['phpgw']->common->iv; + $GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto', $cryptovars); $db->query("select * from phpgw_sessions where session_id='" . $this->sessionid . "'",__LINE__,__FILE__); $db->next_record(); @@ -332,65 +326,65 @@ } else { - $this->account_domain = $phpgw_info['server']['default_domain']; + $this->account_domain = $GLOBALS['phpgw_info']['server']['default_domain']; } - $phpgw_info['user']['kp3'] = $this->kp3; - $phpgw_info_flags = $phpgw_info['flags']; + $GLOBALS['phpgw_info']['user']['kp3'] = $this->kp3; + $phpgw_info_flags = $GLOBALS['phpgw_info']['flags']; - $phpgw_info['flags'] = $phpgw_info_flags; + $GLOBALS['phpgw_info']['flags'] = $phpgw_info_flags; $userid_array = explode('@',$db->f('session_lid')); // Thinking this might solve auth_http problems if(@$userid_array[1] == '') { $userid_array[1] = 'default'; } $this->account_lid = $userid_array[1]; $this->update_dla(); - $this->account_id = $phpgw->interserver->name2id($this->account_lid); + $this->account_id = $GLOBALS['phpgw']->interserver->name2id($this->account_lid); if (!$this->account_id) { return False; } - $phpgw_info['user']['account_id'] = $this->account_id; + $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; - $this->read_repositories(@$phpgw_info['server']['cache_phpgw_info']); + $this->read_repositories(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info']); - $phpgw_info['user'] = $this->user; - $phpgw_info['hooks'] = $this->hooks; + $GLOBALS['phpgw_info']['user'] = $this->user; + $GLOBALS['phpgw_info']['hooks'] = $this->hooks; - $phpgw_info['user']['session_ip'] = $db->f('session_ip'); - $phpgw_info['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); + $GLOBALS['phpgw_info']['user']['session_ip'] = $db->f('session_ip'); + $GLOBALS['phpgw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); - if ($userid_array[1] != $phpgw_info['user']['domain']) + if ($userid_array[1] != $GLOBALS['phpgw_info']['user']['domain']) { - $phpgw->log->message('W-VerifySession, the domains %1 and %2 don\t match',$userid_array[1],$phpgw_info['user']['domain']); - $phpgw->log->commit(); + $GLOBALS['phpgw']->log->message('W-VerifySession, the domains %1 and %2 don\t match',$userid_array[1],$GLOBALS['phpgw_info']['user']['domain']); + $GLOBALS['phpgw']->log->commit(); return False; } - if (@$phpgw_info['server']['sessions_checkip']) + if (@$GLOBALS['phpgw_info']['server']['sessions_checkip']) { - if (PHP_OS != 'Windows' && (! $phpgw_info['user']['session_ip'] || $phpgw_info['user']['session_ip'] != $this->getuser_ip())) + if (PHP_OS != 'Windows' && (! $GLOBALS['phpgw_info']['user']['session_ip'] || $GLOBALS['phpgw_info']['user']['session_ip'] != $this->getuser_ip())) { // This needs some better wording - $phpgw->log->message('W-VerifySession, IP %1 doesn\'t match IP %2 in session table',$this->getuser_ip(),$phpgw_info['user']['session_ip']); - $phpgw->log->commit(); + $GLOBALS['phpgw']->log->message('W-VerifySession, IP %1 doesn\'t match IP %2 in session table',$this->getuser_ip(),$GLOBALS['phpgw_info']['user']['session_ip']); + $GLOBALS['phpgw']->log->commit(); return False; } } - $phpgw->acl->acl($this->account_id); - $phpgw->accounts->accounts($this->account_id); - $phpgw->preferences->preferences($this->account_id); - $phpgw->applications->applications($this->account_id); + $GLOBALS['phpgw']->acl->acl($this->account_id); + $GLOBALS['phpgw']->accounts->accounts($this->account_id); + $GLOBALS['phpgw']->preferences->preferences($this->account_id); + $GLOBALS['phpgw']->applications->applications($this->account_id); if (! $this->account_lid) { // This needs some better wording - $phpgw->log->message('W-VerifySession, account_id is empty'); - $phpgw->log->commit(); + $GLOBALS['phpgw']->log->message('W-VerifySession, account_id is empty'); + $GLOBALS['phpgw']->log->commit(); return False; } @@ -497,7 +491,16 @@ function destroy() { - global $phpgw, $phpgw_info, $sessionid, $kp3; + global $phpgw, $phpgw_info; + + $sessionid = $GLOBALS['HTTP_GET_VARS']['sessionid'] ? $GLOBALS['HTTP_GET_VARS']['sessionid'] : $GLOBALS['HTTP_COOKIE_VARS']['sessionid']; + $kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3']; + + if(!$sessionid && $kp3) + { + return False; + } + $phpgw_info['user']['sessionid'] = $sessionid; $phpgw_info['user']['kp3'] = $kp3; @@ -528,22 +531,21 @@ \*************************************************************************/ function read_repositories($cached='') { - global $phpgw, $phpgw_info; - $phpgw->acl->acl($this->account_id); - $phpgw->accounts->accounts($this->account_id); - $phpgw->preferences->preferences($this->account_id); - $phpgw->applications->applications($this->account_id); + $GLOBALS['phpgw']->acl->acl($this->account_id); + $GLOBALS['phpgw']->accounts->accounts($this->account_id); + $GLOBALS['phpgw']->preferences->preferences($this->account_id); + $GLOBALS['phpgw']->applications->applications($this->account_id); if(@$cached) { $this->user = $this->appsession('phpgw_info_cache','phpgwapi'); if(!empty($this->user)) { - $phpgw->preferences->data = $this->user['preferences']; - if (!isset($phpgw_info['apps']) || - gettype($phpgw_info['apps']) != 'array') + $GLOBALS['phpgw']->preferences->data = $this->user['preferences']; + if (!isset($GLOBALS['phpgw_info']['apps']) || + gettype($GLOBALS['phpgw_info']['apps']) != 'array') { - $phpgw->applications->read_installed_apps(); + $GLOBALS['phpgw']->applications->read_installed_apps(); } } else @@ -555,7 +557,7 @@ { $this->setup_cache(); } - $this->hooks = $phpgw->hooks->read(); + $this->hooks = $GLOBALS['phpgw']->hooks->read(); } function setup_cache() @@ -726,11 +728,13 @@ \*************************************************************************/ function link($url, $extravars = '') { - global $phpgw, $phpgw_info, $usercookie, $kp3, $PHP_SELF; + global $usercookie, $PHP_SELF; + + $kp3 = $GLOBALS['HTTP_GET_VARS']['kp3'] ? $GLOBALS['HTTP_GET_VARS']['kp3'] : $GLOBALS['HTTP_COOKIE_VARS']['kp3']; if (! $kp3) { - $kp3 = $phpgw_info['user']['kp3']; + $kp3 = $GLOBALS['phpgw_info']['user']['kp3']; } // Explicit hack to work around problems with php running as CGI on windows @@ -751,7 +755,7 @@ } */ - $url = $phpgw_info['server']['webserver_url'] . $url; + $url = $GLOBALS['phpgw_info']['server']['webserver_url'] . $url; // This needs to be tested as well. (jengo) @@ -782,7 +786,7 @@ $extravars = $new_extravars; } - if (isset($phpgw_info['server']['usecookies']) && $phpgw_info['server']['usecookies']) + if (isset($GLOBALS['phpgw_info']['server']['usecookies']) && $GLOBALS['phpgw_info']['server']['usecookies']) { if ($extravars) { @@ -791,15 +795,15 @@ } else { - $sessionID = 'sessionid=' . @$phpgw_info['user']['sessionid']; + $sessionID = 'sessionid=' . @$GLOBALS['phpgw_info']['user']['sessionid']; $sessionID .= '&kp3=' . $kp3; - $sessionID .= '&domain=' . @$phpgw_info['user']['domain']; + $sessionID .= '&domain=' . @$GLOBALS['phpgw_info']['user']['domain']; // This doesn't belong in the API. // Its up to the app to pass this value. (jengo) // Putting it into the app requires a massive number of updates in email app. // Until that happens this needs to stay here (seek3r) - if (isset($phpgw_info['flags']['newsmode']) && - $phpgw_info['flags']['newsmode']) + if (isset($GLOBALS['phpgw_info']['flags']['newsmode']) && + $GLOBALS['phpgw_info']['flags']['newsmode']) { $url .= '&newsmode=on'; } diff --git a/phpgwapi/inc/functions.inc.php b/phpgwapi/inc/functions.inc.php index 3723a2d8ac..377efbc426 100644 --- a/phpgwapi/inc/functions.inc.php +++ b/phpgwapi/inc/functions.inc.php @@ -326,7 +326,8 @@ /* Make sure the developer is following the rules. */ if (!isset($GLOBALS['phpgw_info']['flags']['currentapp'])) { - $phpgw->log->write(array('text'=>'W-MissingFlags, currentapp flag not set')); + /* This object does not exist yet. */ + /* $GLOBALS['phpgw']->log->write(array('text'=>'W-MissingFlags, currentapp flag not set'));*/ echo '!!! YOU DO NOT HAVE YOUR $phpgw_info["flags"]["currentapp"] SET !!!'; echo '
!!! PLEASE CORRECT THIS SITUATION !!!
';