From 6fa4cc864e03dd4595b46a08a7da37dbd9cdd32a Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 7 Aug 2012 08:55:41 +0000 Subject: [PATCH] not storing $GLOBALS[egw_info][user] twice in session (was also stored as $GLOBALS[egw]->session->user), also removing not used $GLOBALS[egw_info][user][acl], but re-reading preferences in session::verify() so long running sessions get preferences set by an other session, removing nowhere used creditspoint class from api (calls not public available creditspoint app) --- phpgwapi/inc/class.asyncservice.inc.php | 3 +- phpgwapi/inc/class.creditspoint.inc.php | 119 ------------------------ phpgwapi/inc/class.egw_session.inc.php | 60 ++++++------ 3 files changed, 32 insertions(+), 150 deletions(-) delete mode 100644 phpgwapi/inc/class.creditspoint.inc.php diff --git a/phpgwapi/inc/class.asyncservice.inc.php b/phpgwapi/inc/class.asyncservice.inc.php index cf04944537..759e2126c0 100644 --- a/phpgwapi/inc/class.asyncservice.inc.php +++ b/phpgwapi/inc/class.asyncservice.inc.php @@ -414,8 +414,7 @@ class asyncservice { $GLOBALS['egw']->session->account_lid = $GLOBALS['egw']->accounts->id2name($job['account_id']); $GLOBALS['egw']->session->account_domain = $domain; - $GLOBALS['egw']->session->read_repositories(); - $GLOBALS['egw_info']['user'] = $GLOBALS['egw']->session->user; + $GLOBALS['egw_info']['user'] = $GLOBALS['egw']->session->read_repositories(); if ($lang != $GLOBALS['egw_info']['user']['preferences']['common']['lang']) { diff --git a/phpgwapi/inc/class.creditspoint.inc.php b/phpgwapi/inc/class.creditspoint.inc.php deleted file mode 100644 index f2a670559c..0000000000 --- a/phpgwapi/inc/class.creditspoint.inc.php +++ /dev/null @@ -1,119 +0,0 @@ - * - * * - * Wrapper for the savant2 template engine www.phpsavant.com * - * Copyright (C) 2005 Lingewoud BV and Rob van Kraanen * - * -------------------------------------------------------------------------* - * This library is part of the eGroupWare API * - * http://www.egroupware.org * - * ------------------------------------------------------------------------ * - * This library is free software; you can redistribute it and/or modify it * - * under the terms of the GNU Lesser General Public License as published by * - * the Free Software Foundation; either version 2.1 of the License, * - * or any later version. * - * This library is distributed in the hope that it will be useful, but * - * WITHOUT ANY WARRANTY; without even the implied warranty of * - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * - * See the GNU Lesser General Public License for more details. * - * You should have received a copy of the GNU Lesser General Public License * - * along with this library; if not, write to the Free Software Foundation, * - * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - \**************************************************************************/ - - class creditspoint - { - var $cpapi; - var $useCP = false; - - - function creditspoint() - { - $found = false; - foreach($GLOBALS['phpgw_info']['user']['acl'] as $acl) - { - if($acl['appname'] == 'creditspoint') - { - $found =true; - } - } - if( is_array($GLOBALS['phpgw_info']['apps']['creditspoint']) and $found) - { - $this->cpapi = CreateObject('creditspoint.api'); - $this->useCP = true; - } - } - - function exec_service_plain($appname, $service, $link, $uniqid) - { - if($this->useCP) - { - return $this->cpapi->exec_service_plain($appname, $service, $link, $uniqid); - } - else - { - return $link; - } - } - - function exec_service_link($appname, $service, $link, $linkname, $uniqid) - { - if($this->useCP) - { - return $this->cpapi->exec_service_link($appname, $service, $link, $linkname, $uniqid); - } - else - { - return $link; - } - } - - function exec_service_button($appname, $service, $link, $buttonlabel, $uniqid) - { - if($this->useCP) - { - return $this->cpapi->exec_service_button($appname, $service, $link, $buttonlabel, $uniqid); - } - else - { - return $link; - } - } - - function exec_service_img($appname, $service, $link, $imgsrc, $uniqid) - { - if($this->useCP) - { - return $this->cpapi->exec_service_img($appname, $service, $link, $imgsrc, $uniqid); - } - else - { - return $link; - } - } - - function confirm($uniqid) - { - if($this->useCP) - { - return $this->cpapi->confirm($uniqid); - } - else - { - return $link; - } - } - - function refund($uniqid) - { - if($this->useCP) - { - return $this->cpapi->refund($uniqid); - } - else - { - return $link; - } - } - } diff --git a/phpgwapi/inc/class.egw_session.inc.php b/phpgwapi/inc/class.egw_session.inc.php index 401dac1bb9..6d27f454ea 100644 --- a/phpgwapi/inc/class.egw_session.inc.php +++ b/phpgwapi/inc/class.egw_session.inc.php @@ -1,6 +1,6 @@ kp3 = common::randomstring(24); - $this->read_repositories(); - if ($GLOBALS['egw']->accounts->is_expired($this->user)) + $GLOBALS['egw_info']['user'] = $this->read_repositories(); + if ($GLOBALS['egw']->accounts->is_expired($GLOBALS['egw_info']['user'])) { if(is_object($GLOBALS['egw']->log)) { @@ -547,8 +547,6 @@ class egw_session return false; } - $GLOBALS['egw_info']['user'] = $this->user; - $this->appsession('password','phpgwapi',base64_encode($this->passwd)); if ($GLOBALS['egw']->acl->check('anonymous',1,'phpgwapi')) @@ -927,10 +925,15 @@ class egw_session if ($fill_egw_info_and_repositories) { - $this->read_repositories(); + $GLOBALS['egw_info']['user'] = $this->read_repositories(); + } + else + { + // update prefs, which might be changed by an other session + $GLOBALS['egw_info']['user']['preferences'] = $GLOBALS['egw']->preferences->read_repository(); } - if ($this->user['expires'] != -1 && $this->user['expires'] < time()) + if ($GLOBALS['egw']->accounts->is_expired($GLOBALS['egw_info']['user'])) { if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) accounts is expired"); if(is_object($GLOBALS['egw']->log)) @@ -947,8 +950,6 @@ class egw_session } if ($fill_egw_info_and_repositories) { - $GLOBALS['egw_info']['user'] = $this->user; - $GLOBALS['egw_info']['user']['session_ip'] = $session['session_ip']; $GLOBALS['egw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); } @@ -994,7 +995,6 @@ class egw_session if ($fill_egw_info_and_repositories) { $GLOBALS['egw']->acl->acl($this->account_id); - accounts::getInstance()->setAccountId($this->account_id); $GLOBALS['egw']->preferences->preferences($this->account_id); $GLOBALS['egw']->applications->applications($this->account_id); } @@ -1207,6 +1207,7 @@ class egw_session * @param string $location free lable to store the data * @param string $appname='' default current application (egw_info[flags][currentapp]) * @param mixed $data='##NOTHING##' if given, data to store, if not specified + * @deprecated use egw_cache::setSession($appname, $location, $data) or egw_cache::getSession($appname, $location) * @return mixed session data or false if no data stored for $appname/$location */ public static function &appsession($location = 'default', $appname = '', $data = '##NOTHING##') @@ -1463,46 +1464,47 @@ class egw_session /** * Read the diverse repositories / init classes with data from the just loged in user * + * @return array used to assign to $GLOBALS['egw_info']['user'] */ public function read_repositories() { $GLOBALS['egw']->acl->acl($this->account_id); - accounts::getInstance()->setAccountId($this->account_id); $GLOBALS['egw']->preferences->preferences($this->account_id); $GLOBALS['egw']->applications->applications($this->account_id); - $this->user = $GLOBALS['egw']->accounts->read_repository(); + $user = $GLOBALS['egw']->accounts->read($this->account_id); // set homedirectory from auth_ldap or auth_ads, to be able to use it in vfs - if (!isset($this->user['homedirectory'])) + if (!isset($user['homedirectory'])) { // authentication happens in login.php, which does NOT yet create egw-object in session // --> need to store homedirectory in session if(isset($GLOBALS['auto_create_acct']['homedirectory'])) { egw_cache::setSession(__CLASS__, 'homedirectory', - $this->user['homedirectory'] = $GLOBALS['auto_create_acct']['homedirectory']); + $user['homedirectory'] = $GLOBALS['auto_create_acct']['homedirectory']); } else { - $this->user['homedirectory'] = egw_cache::getSession(__CLASS__, 'homedirectory'); + $user['homedirectory'] = egw_cache::getSession(__CLASS__, 'homedirectory'); } } - $this->user['acl'] = $GLOBALS['egw']->acl->read_repository(); - $this->user['preferences'] = $GLOBALS['egw']->preferences->read_repository(); + $user['preferences'] = $GLOBALS['egw']->preferences->read_repository(); if (is_object($GLOBALS['egw']->datetime)) { $GLOBALS['egw']->datetime->datetime(); // to set tz_offset from the now read prefs } - $this->user['apps'] = $GLOBALS['egw']->applications->read_repository(); - $this->user['domain'] = $this->account_domain; - $this->user['sessionid'] = $this->sessionid; - $this->user['kp3'] = $this->kp3; - $this->user['session_ip'] = $this->getuser_ip(); - $this->user['session_lid'] = $this->account_lid.'@'.$this->account_domain; - $this->user['account_id'] = $this->account_id; - $this->user['account_lid'] = $this->account_lid; - $this->user['userid'] = $this->account_lid; - $this->user['passwd'] = @$this->passwd; + $user['apps'] = $GLOBALS['egw']->applications->read_repository(); + $user['domain'] = $this->account_domain; + $user['sessionid'] = $this->sessionid; + $user['kp3'] = $this->kp3; + $user['session_ip'] = $this->getuser_ip(); + $user['session_lid'] = $this->account_lid.'@'.$this->account_domain; + $user['account_id'] = $this->account_id; + $user['account_lid'] = $this->account_lid; + $user['userid'] = $this->account_lid; + $user['passwd'] = $this->passwd; + + return $user; } /**