From 881a2380e05831b4d21aca6fe3b6bfc8caccc152 Mon Sep 17 00:00:00 2001 From: SJ Date: Mon, 18 Nov 2013 19:24:33 +0100 Subject: [PATCH] rewrote php session variables --- util/gmail-imap-import.php | 2 - webui/config.php | 11 +- webui/controller/common/error.php | 8 +- webui/controller/login/google.php | 11 +- webui/controller/message/bulkrestore.php | 3 +- webui/controller/message/note.php | 4 +- webui/controller/message/restore.php | 3 +- webui/controller/message/view.php | 7 +- webui/controller/search/folder.php | 3 +- webui/controller/search/tag.php | 3 +- webui/controller/user/add.php | 6 +- webui/controller/user/settings.php | 20 +- webui/index.php | 6 - webui/model/accounting/accounting.php | 17 +- webui/model/audit/audit.php | 7 +- webui/model/folder/folder.php | 26 ++- webui/model/mail/mail.php | 4 +- webui/model/saas/customer.php | 7 +- webui/model/search/search.php | 79 +++++-- webui/model/stat/chart.php | 10 +- webui/model/user/google.php | 20 +- webui/model/user/prefs.php | 16 +- webui/model/user/user.php | 4 +- webui/qr.php | 4 - webui/securimage/captcha.html | 13 -- webui/securimage/example_form.ajax.php | 207 ------------------ webui/securimage/example_form.php | 192 ---------------- webui/securimage/securimage.php | 130 +++++------ webui/system/controller.php | 5 +- webui/system/language.php | 9 +- webui/system/misc.php | 42 ++-- webui/system/request.php | 12 +- webui/system/startup.php | 4 +- .../theme/default/templates/login/login.tpl | 2 +- .../view/theme/default/templates/user/add.tpl | 2 +- .../theme/default/templates/user/settings.tpl | 4 +- .../theme/mobile/templates/login/login.tpl | 2 +- .../view/theme/mobile/templates/user/add.tpl | 2 +- .../theme/mobile/templates/user/settings.tpl | 4 +- 39 files changed, 302 insertions(+), 609 deletions(-) delete mode 100644 webui/securimage/captcha.html delete mode 100644 webui/securimage/example_form.ajax.php delete mode 100644 webui/securimage/example_form.php diff --git a/util/gmail-imap-import.php b/util/gmail-imap-import.php index d05ab5c4..6e0028f8 100644 --- a/util/gmail-imap-import.php +++ b/util/gmail-imap-import.php @@ -17,8 +17,6 @@ $request = new Request(); Registry::set("request", $request); -session_start(); - Registry::set('document', new Document()); diff --git a/webui/config.php b/webui/config.php index 9f55f828..36b32b53 100644 --- a/webui/config.php +++ b/webui/config.php @@ -267,7 +267,14 @@ define('NOW', time()); require_once 'config-site.php'; -if(isset($_SESSION['theme']) && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $_SESSION['theme'])) { $config['THEME'] = $_SESSION['theme']; } +require($config['DIR_BASE'] . "/system/registry.php"); +require($config['DIR_BASE'] . "/system/request.php"); + +$session = new Session(); +Registry::set("session", $session); + + +if($session->get("theme") && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $session->get("theme"))) { $config['THEME'] = $session->get("theme"); } include("system/helper/detectmobilebrowser.php"); @@ -275,7 +282,7 @@ if(MOBILE_DEVICE == 1 || OUTLOOK == 1) { $config['THEME'] = 'mobile'; } // make sure auditors are restricted in a saas environment if($config['ENABLE_SAAS'] == 1) { $config['RESTRICTED_AUDITOR'] = 1; } -if(isset($_SESSION['username']) && $_SESSION['username'] == 'auditor@local') { $config['RESTRICTED_AUDITOR'] = 0; } +if($session->get("username") == 'auditor@local') { $config['RESTRICTED_AUDITOR'] = 0; } diff --git a/webui/controller/common/error.php b/webui/controller/common/error.php index f4562106..1a0a71da 100644 --- a/webui/controller/common/error.php +++ b/webui/controller/common/error.php @@ -9,13 +9,15 @@ class ControllerCommonError extends Controller { $this->template = "common/error.tpl"; $this->layout = "common/layout"; + $session = Registry::get('session'); + $this->document->title = $this->data['text_error']; $this->data['errortitle'] = $this->data['text_error']; - if(isset($_SESSION['error'])){ - $this->data['errorstring'] = $_SESSION['error']; - unset($_SESSION['error']); + if($session->get("error")) { + $this->data['errorstring'] = $session->get("error"); + $session->set("error", ""); } else { $this->data['errorstring'] = "this is the errorstring"; diff --git a/webui/controller/login/google.php b/webui/controller/login/google.php index 1658864e..82de7d13 100644 --- a/webui/controller/login/google.php +++ b/webui/controller/login/google.php @@ -14,6 +14,7 @@ class ControllerLoginGoogle extends Controller { $request = Registry::get('request'); $db = Registry::get('db'); + $session = Registry::get('session'); $this->load->model('user/auth'); $this->load->model('user/user'); @@ -44,19 +45,19 @@ class ControllerLoginGoogle extends Controller { if(isset($_GET['code'])) { $client->authenticate(); - $_SESSION['access_token'] = $client->getAccessToken(); + $session->set("access_token", $client->getAccessToken()); header('Location: ' . GOOGLE_REDIRECT_URL); } - if(isset($_SESSION['access_token'])) { - $client->setAccessToken($_SESSION['access_token']); + if($session->get("access_token")) { + $client->setAccessToken($session->get("access_token")); } if($client->getAccessToken()) { - $_SESSION['access_token'] = $client->getAccessToken(); + $session->set("access_token", $client->getAccessToken()); - $token = json_decode($_SESSION['access_token']); + $token = json_decode($session->get("access_token")); if(isset($token->{'access_token'}) && isset($token->{'refresh_token'})) { $account = $oauth2->userinfo->get(); diff --git a/webui/controller/message/bulkrestore.php b/webui/controller/message/bulkrestore.php index e451a4fa..c3df341f 100644 --- a/webui/controller/message/bulkrestore.php +++ b/webui/controller/message/bulkrestore.php @@ -9,6 +9,7 @@ class ControllerMessageBulkrestore extends Controller { $this->template = "message/bulkrestore.tpl"; $this->layout = "common/layout-empty"; + $session = Registry::get('session'); $request = Registry::get('request'); $db = Registry::get('db'); @@ -65,7 +66,7 @@ class ControllerMessageBulkrestore extends Controller { $rcpt = $this->model_search_search->get_message_recipients($id); } else { - array_push($rcpt, $_SESSION['email']); + array_push($rcpt, $session->get("email")); } if(count($rcpt) > 0) { diff --git a/webui/controller/message/note.php b/webui/controller/message/note.php index 54a7807f..0d15416e 100644 --- a/webui/controller/message/note.php +++ b/webui/controller/message/note.php @@ -10,7 +10,7 @@ class ControllerMessageNote extends Controller { $this->template = "message/note.tpl"; $this->layout = "common/layout-empty"; - + $session = Registry::get('session'); $request = Registry::get('request'); $db = Registry::get('db'); @@ -20,7 +20,7 @@ class ControllerMessageNote extends Controller { if(isset($this->request->post['note']) && isset($this->request->post['id'])) { if($this->model_search_search->check_your_permission_by_id($this->request->post['id']) == 1) { - $this->model_search_message->add_message_note($this->request->post['id'], $_SESSION['uid'], urldecode($this->request->post['note'])); + $this->model_search_message->add_message_note($this->request->post['id'], $session->get("uid"), urldecode($this->request->post['note'])); } } } diff --git a/webui/controller/message/restore.php b/webui/controller/message/restore.php index 718f4d35..89641fba 100644 --- a/webui/controller/message/restore.php +++ b/webui/controller/message/restore.php @@ -9,6 +9,7 @@ class ControllerMessageRestore extends Controller { $this->template = "message/restore.tpl"; $this->layout = "common/layout-empty"; + $session = Registry::get('session'); $request = Registry::get('request'); $db = Registry::get('db'); @@ -55,7 +56,7 @@ class ControllerMessageRestore extends Controller { /* send the email to all the recipients of the original email if we are admin or auditor users */ if(Registry::get('auditor_user') == 0) { - array_push($rcpt, $_SESSION['email']); + array_push($rcpt, $session->get("email")); } $this->data['data'] = $this->data['text_failed_to_restore']; diff --git a/webui/controller/message/view.php b/webui/controller/message/view.php index f71230c0..043980f2 100644 --- a/webui/controller/message/view.php +++ b/webui/controller/message/view.php @@ -9,6 +9,7 @@ class ControllerMessageView extends Controller { $this->template = "message/view.tpl"; $this->layout = "common/layout-empty"; + $session = Registry::get('session'); $request = Registry::get('request'); $db = Registry::get('db'); @@ -56,7 +57,7 @@ class ControllerMessageView extends Controller { if($this->request->server['REQUEST_METHOD'] == 'POST' && isset($this->request->post['tag'])) { - $this->model_search_message->add_message_tag($this->data['id'], $_SESSION['uid'], $this->request->post['tag']); + $this->model_search_message->add_message_tag($this->data['id'], $session->get("uid"), $this->request->post['tag']); header("Location: " . $_SERVER['HTTP_REFERER']); exit; } @@ -66,8 +67,8 @@ class ControllerMessageView extends Controller { $this->data['attachments'] = $this->model_search_message->get_attachment_list($this->data['piler_id']); $this->data['message'] = $this->model_search_message->extract_message($this->data['piler_id'], $this->data['search']); - $this->data['message']['tag'] = $this->model_search_message->get_message_tag($this->data['id'], $_SESSION['uid']); - $this->data['message']['note'] = $this->model_search_message->get_message_note($this->data['id'], $_SESSION['uid']); + $this->data['message']['tag'] = $this->model_search_message->get_message_tag($this->data['id'], $session->get("uid")); + $this->data['message']['note'] = $this->model_search_message->get_message_note($this->data['id'], $session->get("uid")); $this->data['images'] = array(); diff --git a/webui/controller/search/folder.php b/webui/controller/search/folder.php index 4ec4190e..9ae43329 100644 --- a/webui/controller/search/folder.php +++ b/webui/controller/search/folder.php @@ -8,6 +8,7 @@ class ControllerSearchFolder extends Controller { $this->id = "folder"; $this->template = "search/folder.tpl"; + $session = Registry::get('session'); $request = Registry::get('request'); $db = Registry::get('db'); @@ -16,7 +17,7 @@ class ControllerSearchFolder extends Controller { $this->data['folders'] = $this->model_folder_folder->get_folders_for_user(); $this->data['extra_folders'] = $this->model_folder_folder->get_extra_folders_for_user(); - $this->data['folders_by_hier'] = $this->model_folder_folder->get_all_folder_ids_hier($_SESSION['uid']); + $this->data['folders_by_hier'] = $this->model_folder_folder->get_all_folder_ids_hier($session->get("uid")); $this->render(); } diff --git a/webui/controller/search/tag.php b/webui/controller/search/tag.php index 0f03025d..473673c3 100644 --- a/webui/controller/search/tag.php +++ b/webui/controller/search/tag.php @@ -11,6 +11,7 @@ class ControllerSearchTag extends Controller { $this->layout = "common/layout-empty"; + $session = Registry::get('session'); $request = Registry::get('request'); $db = Registry::get('db'); @@ -29,7 +30,7 @@ class ControllerSearchTag extends Controller { for($i=0; $imodel_search_message->bulk_add_message_tag($ids, $_SESSION['uid'], urldecode($this->request->post['tag']), $q); + $this->model_search_message->bulk_add_message_tag($ids, $session->get("uid"), urldecode($this->request->post['tag']), $q); } } } diff --git a/webui/controller/user/add.php b/webui/controller/user/add.php index b541cda4..5da8c612 100644 --- a/webui/controller/user/add.php +++ b/webui/controller/user/add.php @@ -11,7 +11,7 @@ class ControllerUserAdd extends Controller { $this->template = "user/add.tpl"; $this->layout = "common/layout"; - + $session = Registry::get('session'); $request = Registry::get('request'); $db = Registry::get('db'); @@ -40,7 +40,7 @@ class ControllerUserAdd extends Controller { if($this->validate() == true){ $ret = $this->model_user_user->add_user($this->request->post); - $_SESSION['last_domain'] = $this->request->post['domain']; + $session->set("last_domain", $this->request->post['domain']); if($ret == 1){ $this->data['x'] = $this->data['text_successfully_added']; @@ -73,6 +73,8 @@ class ControllerUserAdd extends Controller { $this->data['errorstring'] = $this->data['text_you_are_not_admin']; } + $this->data['last_domain'] = $session->get("last_domain"); + $this->render(); } diff --git a/webui/controller/user/settings.php b/webui/controller/user/settings.php index 8296e733..904a514a 100644 --- a/webui/controller/user/settings.php +++ b/webui/controller/user/settings.php @@ -30,17 +30,21 @@ class ControllerUserSettings extends Controller { $d = $r = ''; $auditemails = $auditdomains = $auditgroups = $auditfolders = ''; - $auditemails = implode(", ", $_SESSION['emails']); - - foreach($_SESSION['auditdomains'] as $d) { - $auditdomains .= ', '.$d; + $auditemails = implode(", ", $session->get("emails")); + + $_auditdomains = $session->get("auditdomains"); + + foreach($_auditdomains as $d) { + $auditdomains .= ', ' . $d; } $auditdomains = preg_replace("/^,\s/", "", $auditdomains); - $auditgroups = preg_replace("/\s/", ", ", $this->model_group_group->get_groups_by_uid($_SESSION['uid'])); + $auditgroups = preg_replace("/\s/", ", ", $this->model_group_group->get_groups_by_uid($session->get("uid"))); + + $folders = $session->get("folders"); - foreach ($_SESSION['folders'] as $r) { - $auditfolders .= ', '.$r; + foreach ($folders as $r) { + $auditfolders .= ', ' . $r; } $auditfolders = preg_replace("/^,\s/", "", $auditfolders); @@ -76,6 +80,8 @@ class ControllerUserSettings extends Controller { $this->data['page_len'] = get_page_length(); + $this->data['theme'] = $session->get("theme"); + $this->data['lang'] = $session->get("lang"); $this->render(); } diff --git a/webui/index.php b/webui/index.php index 5540d7c4..1121ddc6 100644 --- a/webui/index.php +++ b/webui/index.php @@ -1,15 +1,9 @@ get("email")); + $emails = $session->get("emails"); + + foreach ($emails as $e) { array_push($return,$e); } @@ -206,12 +210,15 @@ class ModelAccountingAccounting extends Model private function __getDomains() { $return = array(); - + $session = Registry::get('session'); + if(Registry::get('admin_user') >= 1) { $return = $this->__getAcceptedDomains(); }elseif(Registry::get('auditor_user') == 1) { - array_push($return,$_SESSION['domain']); - foreach ($_SESSION['auditdomains'] as $d) { + array_push($return, $session->get("domain")); + $auditdomains = $session->get("auditdomains"); + + foreach ($auditdomains as $d) { array_push($return,$d); } } diff --git a/webui/model/audit/audit.php b/webui/model/audit/audit.php index 9c190b1a..8c6a014b 100644 --- a/webui/model/audit/audit.php +++ b/webui/model/audit/audit.php @@ -12,6 +12,7 @@ class ModelAuditAudit extends Model { $date1 = $date2 = 0; $q = ''; + $session = Registry::get('session'); if($data['sort'] == "user") { $sort = "email"; } if($data['sort'] == "ipaddr") { $sort = "ipaddr"; } @@ -40,7 +41,9 @@ class ModelAuditAudit extends Model { } if(Registry::get('admin_user') == 0 && RESTRICTED_AUDITOR == 1) { - while(list($k, $v) = each($_SESSION['auditdomains'])) { + $auditdomains = $session->get("auditdomains"); + + while(list($k, $v) = each($auditdomains)) { if($q) { $q .= ","; } $q .= "?"; array_push($arr, $v); @@ -48,7 +51,7 @@ class ModelAuditAudit extends Model { $where .= " AND domain IN ($q) "; - reset($_SESSION['auditdomains']); + reset($session->get("auditdomains")); } diff --git a/webui/model/folder/folder.php b/webui/model/folder/folder.php index 9c1dd2c8..2154fc56 100644 --- a/webui/model/folder/folder.php +++ b/webui/model/folder/folder.php @@ -43,10 +43,12 @@ class ModelFolderFolder extends Model { public function get_folders_for_user() { - $q = str_repeat("?,", count($_SESSION['folders'])); + $session = Registry::get('session'); + + $q = str_repeat("?,", count($session->get("folders"))); $q = preg_replace("/\,$/", "", $q); - $query = $this->db->query("SELECT `id`, `name` FROM `" . TABLE_FOLDER . "` WHERE id IN ($q)", $_SESSION['folders']); + $query = $this->db->query("SELECT `id`, `name` FROM `" . TABLE_FOLDER . "` WHERE id IN ($q)", $session->get("folders")); if(isset($query->rows)) { return $query->rows; } @@ -55,7 +57,9 @@ class ModelFolderFolder extends Model { public function get_extra_folders_for_user() { - $query = $this->db->query("SELECT `id`, `name` FROM `" . TABLE_FOLDER_EXTRA . "` WHERE uid=? ORDER BY name", array($_SESSION['uid'])); + $session = Registry::get('session'); + + $query = $this->db->query("SELECT `id`, `name` FROM `" . TABLE_FOLDER_EXTRA . "` WHERE uid=? ORDER BY name", array($session->get("uid"))); if(isset($query->rows)) { return $query->rows; } @@ -64,7 +68,9 @@ class ModelFolderFolder extends Model { private function is_your_extra_folder($folder_id = 0) { - $query = $this->db->query("SELECT `id` FROM `" . TABLE_FOLDER_EXTRA . "` WHERE uid=? AND id=?", array($_SESSION['uid'], $folder_id)); + $session = Registry::get('session'); + + $query = $this->db->query("SELECT `id` FROM `" . TABLE_FOLDER_EXTRA . "` WHERE uid=? AND id=?", array($session->get("uid"), $folder_id)); if(isset($query->row['id'])) { return 1; } return 0; @@ -187,11 +193,15 @@ class ModelFolderFolder extends Model { public function add_extra_folder($name = '') { if($name == '') { return -1; } - $query = $this->db->query("INSERT INTO " . TABLE_FOLDER_EXTRA . " (uid, name) VALUES(?,?)", array($_SESSION['uid'], $name)); + $session = Registry::get('session'); + + $query = $this->db->query("INSERT INTO " . TABLE_FOLDER_EXTRA . " (uid, name) VALUES(?,?)", array($session->get("uid"), $name)); $last_id = $this->db->getLastId(); - if(!isset($_SESSION['extra_folders'][$last_id])) { array_push($_SESSION['extra_folders'], $last_id); } + $extra_folders = $session->get("extra_folders"); + + if(!isset($extra_folders[$last_id])) { array_push($extra_folders, $last_id); } return $this->db->countAffected(); } @@ -200,7 +210,9 @@ class ModelFolderFolder extends Model { public function remove_extra_folder($id = 0) { if($id == 0) { return -1; } - $query = $this->db->query("DELETE FROM " . TABLE_FOLDER_EXTRA . " WHERE id=? AND uid=?", array($id, $_SESSION['uid'])); + $session = Registry::get('session'); + + $query = $this->db->query("DELETE FROM " . TABLE_FOLDER_EXTRA . " WHERE id=? AND uid=?", array($id, $session->get("uid"))); if($this->db->countAffected() == 1) { $query = $this->db->query("DELETE FROM " . TABLE_FOLDER_MESSAGE . " WHERE folder_id=?", array($id)); return $this->db->countAffected(); diff --git a/webui/model/mail/mail.php b/webui/model/mail/mail.php index 93e9056b..7de21b65 100644 --- a/webui/model/mail/mail.php +++ b/webui/model/mail/mail.php @@ -54,8 +54,10 @@ class ModelMailMail extends Model { public function connect_imap() { $this->imap = new Zend_Mail_Protocol_Imap(IMAP_HOST, IMAP_PORT, IMAP_SSL); + $session = Registry::get('session'); + if($this->imap) { - if($this->imap->login($_SESSION['username'], $_SESSION['password'])) { return 1; } + if($this->imap->login($session->get("username"), $session->get("password"))) { return 1; } } return 0; diff --git a/webui/model/saas/customer.php b/webui/model/saas/customer.php index cd991b4f..61f29a73 100644 --- a/webui/model/saas/customer.php +++ b/webui/model/saas/customer.php @@ -93,9 +93,12 @@ class ModelSaasCustomer extends Model ); - if(!isset($_SESSION['email']) || !strchr($_SESSION['email'], '@') ) { return $data; } + $session = Registry::get('session'); - list ($user, $domain) = explode("@", $_SESSION['email']); + + if($session->get("email") == '' || !strchr($session->get("email"), '@') ) { return $data; } + + list ($user, $domain) = explode("@", $session->get("email")); if(MEMCACHED_ENABLED) { $cache_key = sha1("customer_settings:" . $domain); diff --git a/webui/model/search/search.php b/webui/model/search/search.php index 63559b28..91356ec3 100644 --- a/webui/model/search/search.php +++ b/webui/model/search/search.php @@ -129,6 +129,7 @@ class ModelSearchSearch extends Model { $emailfilter = $this->assemble_email_address_filter(); + $session = Registry::get('session'); $i = 0; @@ -194,7 +195,7 @@ class ModelSearchSearch extends Model { if(ENABLE_FOLDER_RESTRICTIONS == 1) { $s = explode(" ", $data['folders']); while(list($k,$v) = each($s)) { - if(in_array($v, $_SESSION['folders'])) { + if(in_array($v, $session->get("folders"))) { array_push($__folders, $v); } } @@ -203,7 +204,7 @@ class ModelSearchSearch extends Model { $folders = "folder IN (" . implode(",", $__folders) . ") AND "; } else { - $folders = "folder IN (" . implode(",", $_SESSION['folders']) . ") AND "; + $folders = "folder IN (" . implode(",", $session->get("folders")) . ") AND "; } } @@ -275,6 +276,8 @@ class ModelSearchSearch extends Model { if($reference == '') { return $ids; } + $session = Registry::get('session'); + $query = $this->db->query("SELECT id FROM " . TABLE_META . " WHERE message_id=? OR reference=? ORDER BY id DESC", array($reference, $reference)); foreach($query->rows as $q) { @@ -285,7 +288,7 @@ class ModelSearchSearch extends Model { $query = $this->sphx->query("SELECT id, folder FROM " . SPHINX_MAIN_INDEX . " WHERE id IN (" . implode(",", $ids) . ")"); $ids = array(); foreach($query->rows as $q) { - if(isset($q['folder']) && in_array($q['folder'], $_SESSION['folders'])) { array_push($ids, $q['id']); } + if(isset($q['folder']) && in_array($q['folder'], $session->get("folders"))) { array_push($ids, $q['id']); } } } @@ -302,9 +305,11 @@ class ModelSearchSearch extends Model { private function get_sphinx_id_list($s = '', $sphx_table = '', $field = '') { $id_list = ''; + $session = Registry::get('session'); + $s = $this->fixup_sphinx_operators($s); - $q = $this->sphx->query("SELECT id FROM $sphx_table WHERE uid=" . $_SESSION['uid'] . " AND MATCH('@$field $s') "); + $q = $this->sphx->query("SELECT id FROM $sphx_table WHERE uid=" . $session->get("uid") . " AND MATCH('@$field $s') "); foreach($q->rows as $a) { $id_list .= "," . $a['id']; @@ -321,9 +326,11 @@ class ModelSearchSearch extends Model { $q = ''; $__folders = array(); + $session = Registry::get('session'); + $s = explode(" ", $extra_folders); while(list($k,$v) = each($s)) { - if(in_array($v, $_SESSION['extra_folders']) && is_numeric($v)) { + if(in_array($v, $session->get("extra_folders")) && is_numeric($v)) { array_push($__folders, $v); if($q) { $q .= ",?"; } else { $q = "?"; } @@ -358,6 +365,8 @@ class ModelSearchSearch extends Model { if(isset($m['meta'])) { return unserialize($m['meta']); } } + $session = Registry::get('session'); + $query = $this->db->query("SELECT `id`, `to` FROM `" . TABLE_RCPT . "` WHERE `id` IN ($q)", $ids); if(isset($query->rows)) { @@ -377,7 +386,7 @@ class ModelSearchSearch extends Model { if(isset($query->rows)) { - array_unshift($ids, (int)$_SESSION['uid']); + array_unshift($ids, (int)$session->get("uid")); $tags = $this->db->query("SELECT `id`, `tag` FROM `" . TABLE_TAG . "` WHERE `uid`=? AND `id` IN ($q)", $ids); @@ -413,7 +422,7 @@ class ModelSearchSearch extends Model { $m['date'] = date(DATE_TEMPLATE, $m['sent']); $m['size'] = nice_size($m['size']); - in_array($m['from'], $_SESSION['emails']) ? $m['yousent'] = 1 : $m['yousent'] = 0; + in_array($m['from'], $session->get("emails")) ? $m['yousent'] = 1 : $m['yousent'] = 0; /* * verifying 20 messages takes some time, still it's useful @@ -514,7 +523,11 @@ class ModelSearchSearch extends Model { private function get_all_your_address() { $s = ''; - while(list($k, $v) = each($_SESSION['emails'])) { + $session = Registry::get('session'); + + $emails = $session->get("emails"); + + while(list($k, $v) = each($emails)) { if($s) { $s .= '| ' . $this->fix_email_address_for_sphinx($v); } else { $s = $this->fix_email_address_for_sphinx($v); } } @@ -531,15 +544,19 @@ class ModelSearchSearch extends Model { if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 0) { return 1; } + $session = Registry::get('session'); + array_push($arr, $id); if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) { - if(validdomain($_SESSION['domain']) == 1) { + if(validdomain($session->get("domain")) == 1) { $q .= ",?"; - array_push($a, $_SESSION['domain']); + array_push($a, $session->get("domain")); } - while(list($k, $v) = each($_SESSION['auditdomains'])) { + $auditdomains = $session->get("auditdomains"); + + while(list($k, $v) = each($auditdomains)) { if(validdomain($v) == 1 && !in_array($v, $a)) { $q .= ",?"; array_push($a, $v); @@ -547,7 +564,9 @@ class ModelSearchSearch extends Model { } } else { - while(list($k, $v) = each($_SESSION['emails'])) { + $emails = $session->get("emails"); + + while(list($k, $v) = each($emails)) { if(validemail($v) == 1) { $q .= ",?"; array_push($a, $v); @@ -561,7 +580,7 @@ class ModelSearchSearch extends Model { if(ENABLE_FOLDER_RESTRICTIONS == 1) { $query = $this->sphx->query("SELECT folder FROM " . SPHINX_MAIN_INDEX . " WHERE id=" . (int)$id); - if(isset($query->row['folder']) && in_array($query->row['folder'], $_SESSION['folders'])) { return 1; } + if(isset($query->row['folder']) && in_array($query->row['folder'], $session->get("folders"))) { return 1; } } else { if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) { @@ -583,6 +602,8 @@ class ModelSearchSearch extends Model { if(count($id) < 1) { return $result; } + $session = Registry::get('session'); + $arr = $id; for($i=0; $iget("domain")) == 1) { $q .= ",?"; - array_push($a, $_SESSION['domain']); + array_push($a, $session->get("domain")); } - while(list($k, $v) = each($_SESSION['auditdomains'])) { + $auditdomains = $session->get("auditdomains"); + + while(list($k, $v) = each($auditdomains)) { if(validdomain($v) == 1 && !in_array($v, $a)) { $q .= ",?"; array_push($a, $v); @@ -607,7 +630,9 @@ class ModelSearchSearch extends Model { } else { if(Registry::get('auditor_user') == 0) { - while(list($k, $v) = each($_SESSION['emails'])) { + $emails = $session->get("emails"); + + while(list($k, $v) = each($emails)) { if(validemail($v) == 1) { $q .= ",?"; array_push($a, $v); @@ -641,7 +666,7 @@ class ModelSearchSearch extends Model { if($query->num_rows > 0) { foreach ($query->rows as $q) { if(ENABLE_FOLDER_RESTRICTIONS == 1) { - if(in_array($q['folder'], $_SESSION['folders'])) { array_push($result, $q['id']); } + if(in_array($q['folder'], $session->get("folders"))) { array_push($result, $q['id']); } } else { array_push($result, $q['id']); @@ -660,8 +685,9 @@ class ModelSearchSearch extends Model { public function get_search_terms() { + $session = Registry::get('session'); - $query = $this->db->query("SELECT term, ts FROM " . TABLE_SEARCH . " WHERE email=? ORDER BY ts DESC", array($_SESSION['email'])); + $query = $this->db->query("SELECT term, ts FROM " . TABLE_SEARCH . " WHERE email=? ORDER BY ts DESC", array($session->get("email"))); if(isset($query->rows)) { return $query->rows; } return array(); @@ -671,12 +697,14 @@ class ModelSearchSearch extends Model { public function add_search_term($term = '') { if($term == '') { return 0; } + $session = Registry::get('session'); + parse_str($term, $s); if(!isset($s['search']) || $s['search'] == '') { return 0; } if($this->update_search_term($term) == 0) { AUDIT(ACTION_SAVE_SEARCH, '', '', '', $term); - $query = $this->db->query("INSERT INTO " . TABLE_SEARCH . " (email, ts, term) VALUES(?,?,?)", array($_SESSION['email'], time(), $term)); + $query = $this->db->query("INSERT INTO " . TABLE_SEARCH . " (email, ts, term) VALUES(?,?,?)", array($session->get("email"), time(), $term)); } return 1; @@ -688,14 +716,18 @@ class ModelSearchSearch extends Model { AUDIT(ACTION_SEARCH, '', '', '', $term); - $query = $this->db->query("UPDATE " . TABLE_SEARCH . " SET ts=? WHERE term=? AND email=?", array(time(), $term, $_SESSION['email'])); + $session = Registry::get('session'); + + $query = $this->db->query("UPDATE " . TABLE_SEARCH . " SET ts=? WHERE term=? AND email=?", array(time(), $term, $session->get("email"))); return $this->db->countAffected(); } public function remove_search_term($ts = 0) { - $query = $this->db->query("DELETE FROM " . TABLE_SEARCH . " WHERE email=? AND ts=?", array($_SESSION['email'], $ts)); + $session = Registry::get('session'); + + $query = $this->db->query("DELETE FROM " . TABLE_SEARCH . " WHERE email=? AND ts=?", array($session->get("email"), $ts)); } @@ -736,6 +768,7 @@ class ModelSearchSearch extends Model { private function make_cache_file_name($data = array(), $sortorder = '') { $s = ''; + $session = Registry::get('session'); while(list($k, $v) = each($data)) { if($v) { @@ -744,7 +777,7 @@ class ModelSearchSearch extends Model { } } - return sha1($_SESSION['email'] . "/" . $s . "-" . (NOW - NOW % 3600) . "-" . $sortorder); + return sha1($session->get("email") . "/" . $s . "-" . (NOW - NOW % 3600) . "-" . $sortorder); } } diff --git a/webui/model/stat/chart.php b/webui/model/stat/chart.php index 31b110cf..2b706b63 100644 --- a/webui/model/stat/chart.php +++ b/webui/model/stat/chart.php @@ -7,6 +7,8 @@ class ModelStatChart extends Model { $ydata2 = array(); $dates = array(); + $session = Registry::get('session'); + $chart = new LineChart($size_x, $size_y); $chart->getPlot()->getPalette()->setLineColor(array( @@ -35,11 +37,13 @@ class ModelStatChart extends Model { if(Registry::get('admin_user') == 0) { $q = ''; - foreach($_SESSION['auditdomains'] as $a) { + $auditdomains = $session->get('auditdomains'); + + foreach($auditdomains as $a) { if($q) { $q .= ",?"; } else { $q = "?"; } } - reset($_SESSION['auditdomains']); - $query = $this->db->query("select arrived-(arrived%$delta) as ts, count(*) as num from " . VIEW_MESSAGES . " where arrived > $range AND todomain IN ($q) $domains $grouping ORDER BY ts DESC limit $limit", $_SESSION['auditdomains']); + reset($auditdomains); + $query = $this->db->query("select arrived-(arrived%$delta) as ts, count(*) as num from " . VIEW_MESSAGES . " where arrived > $range AND todomain IN ($q) $domains $grouping ORDER BY ts DESC limit $limit", $auditdomains); } else { $query = $this->db->query("select arrived-(arrived%$delta) as ts, count(*) as num from " . TABLE_META . " where arrived > $range $grouping ORDER BY ts DESC limit $limit"); } diff --git a/webui/model/user/google.php b/webui/model/user/google.php index b05ea723..3fc6c624 100644 --- a/webui/model/user/google.php +++ b/webui/model/user/google.php @@ -4,6 +4,8 @@ class ModelUserGoogle extends Model { public function check_for_account($google_account = array()) { + $session = Registry::get('session'); + $query = $this->db->query("SELECT " . TABLE_USER . ".username, " . TABLE_USER . ".uid, " . TABLE_USER . ".realname, " . TABLE_USER . ".dn, " . TABLE_USER . ".password, " . TABLE_USER . ".isadmin, " . TABLE_USER . ".domain FROM " . TABLE_USER . ", " . TABLE_EMAIL . " WHERE " . TABLE_EMAIL . ".email=? AND " . TABLE_EMAIL . ".uid=" . TABLE_USER . ".uid", array($google_account['email'])); if($query->num_rows == 1) { @@ -39,16 +41,16 @@ class ModelUserGoogle extends Model { $this->model_domain_domain->addDomain($user['domain'], $user['domain']); } - $_SESSION['username'] = $user['username']; - $_SESSION['uid'] = $user['uid']; - $_SESSION['admin_user'] = 0; - $_SESSION['email'] = $user['username']; - $_SESSION['domain'] = $query->row['domain']; - $_SESSION['realname'] = $query->row['realname']; + $session->set("username", $user['username']); + $session->set("uid", $user['uid']); + $session->set("admin_user", 0); + $session->set("email", $user['username']); + $session->set("domain", $query->row['domain']); + $session->set("realname", $query->row['realname']); - $_SESSION['emails'] = $this->model_user_user->get_users_all_email_addresses($user['uid']); - $_SESSION['folders'] = $this->model_folder_folder->get_all_folder_ids($user['uid']); - $_SESSION['extra_folders'] = $this->model_folder_folder->get_all_extra_folder_ids($user['uid']); + $session->set("emails", $this->model_user_user->get_users_all_email_addresses($user['uid'])); + $session->set("folders", $this->model_folder_folder->get_all_folder_ids($user['uid'])); + $session->set("extra_folders", $this->model_folder_folder->get_all_extra_folder_ids($user['uid'])); AUDIT(ACTION_LOGIN, $user['username'], '', '', 'successful auth against Google'); diff --git a/webui/model/user/prefs.php b/webui/model/user/prefs.php index f3c709d1..4b97a37b 100644 --- a/webui/model/user/prefs.php +++ b/webui/model/user/prefs.php @@ -5,11 +5,13 @@ class ModelUserPrefs extends Model { public function get_user_preferences($username = '') { if($username == "") { return 0; } + $session = Registry::get('session'); + $query = $this->db->query("SELECT * FROM " . TABLE_USER_SETTINGS . " WHERE username=?", array($username)); - if(isset($query->row['pagelen'])) { $_SESSION['pagelen'] = $query->row['pagelen']; } else { $_SESSION['pagelen'] = PAGE_LEN; } - if(isset($query->row['theme'])) { $_SESSION['theme'] = $query->row['theme']; } else { $_SESSION['theme'] = THEME; } - if(isset($query->row['lang'])) { $_SESSION['lang'] = $query->row['lang']; } else { $_SESSION['lang'] = DEFAULT_LANG; } + if(isset($query->row['pagelen'])) { $session->set("pagelen", $query->row['pagelen']); } else { $session->set("pagelen", PAGE_LEN); } + if(isset($query->row['theme'])) { $session->set("theme", $query->row['theme']); } else { $session->set("theme", THEME); } + if(isset($query->row['lang'])) { $session->set("lang", $query->row['lang']); } else { $session->set("lang", DEFAULT_LANG); } return 1; } @@ -20,6 +22,8 @@ class ModelUserPrefs extends Model { if(!isset($prefs['pagelen']) || !is_numeric($prefs['pagelen']) || $prefs['pagelen'] < 10 || $prefs['pagelen'] > 100 || !isset($prefs['theme']) || !preg_match("/^([a-zA-Z0-9\-\_]+)$/", $prefs['theme']) || !file_exists(DIR_THEME . $prefs['theme']) ) { return 1; } + $session = Registry::get('session'); + $query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_USER_SETTINGS . " WHERE username=?", array($username)); if((int)@$query->row['num'] == 1) { @@ -30,9 +34,9 @@ class ModelUserPrefs extends Model { } - $_SESSION['pagelen'] = $prefs['pagelen']; - $_SESSION['theme'] = $prefs['theme']; - $_SESSION['lang'] = $prefs['lang']; + $session->set("pagelen", $prefs['pagelen']); + $session->set("theme", $prefs['theme']); + $session->set("lang", $prefs['lang']); LOGGER("set user preference", $username); diff --git a/webui/model/user/user.php b/webui/model/user/user.php index 2dd49960..400c213d 100644 --- a/webui/model/user/user.php +++ b/webui/model/user/user.php @@ -85,7 +85,9 @@ class ModelUserUser extends Model { public function get_users_all_domains($uid = 0) { $data = array(); - array_push($data, $_SESSION['domain']); + $session = Registry::get('session'); + + array_push($data, $session->get('domain')); if($uid > 0) { $query = $this->db->query("SELECT domain FROM " . TABLE_DOMAIN_USER . " WHERE uid=?", array((int)$uid)); diff --git a/webui/qr.php b/webui/qr.php index a7cdbb71..7caf767f 100644 --- a/webui/qr.php +++ b/webui/qr.php @@ -1,13 +1,9 @@ - -

- CAPTCHA Image - - - -   - Reload Image
- Enter Code*:
- -

- \ No newline at end of file diff --git a/webui/securimage/example_form.ajax.php b/webui/securimage/example_form.ajax.php deleted file mode 100644 index a7642b3f..00000000 --- a/webui/securimage/example_form.ajax.php +++ /dev/null @@ -1,207 +0,0 @@ - - - - - - Securimage Example Form - - - - -
-Example Form - -

- This is an example PHP form that processes user information, checks for errors, and validates the captcha code.
- This example form also demonstrates how to submit a form to itself to display error messages. -

- - - -
- - -

- Name*:
- -

- -

- Email*:
- -

- -

- URL:
- -

- -

- Message*:
- -

- -

- CAPTCHA Image - - - -   - Reload Image
- Enter Code*:
- -

- -

-
- -

- -
-
- - - - - - - - $value) { - if (!is_array($key)) { - // sanitize the input data - if ($key != 'ct_message') $value = strip_tags($value); - $_POST[$key] = htmlspecialchars(stripslashes(trim($value))); - } - } - - $name = @$_POST['ct_name']; // name from the form - $email = @$_POST['ct_email']; // email from the form - $URL = @$_POST['ct_URL']; // url from the form - $message = @$_POST['ct_message']; // the message from the form - $captcha = @$_POST['ct_captcha']; // the user's entry for the captcha code - $name = substr($name, 0, 64); // limit name to 64 characters - - $errors = array(); // initialize empty error array - - if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) { - // only check for errors if the form is not in debug mode - - if (strlen($name) < 3) { - // name too short, add error - $errors['name_error'] = 'Your name is required'; - } - - if (strlen($email) == 0) { - // no email address given - $errors['email_error'] = 'Email address is required'; - } else if ( !preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/i', $email)) { - // invalid email format - $errors['email_error'] = 'Email address entered is invalid'; - } - - if (strlen($message) < 20) { - // message length too short - $errors['message_error'] = 'Please enter a message'; - } - } - - // Only try to validate the captcha if the form has no errors - // This is especially important for ajax calls - if (sizeof($errors) == 0) { - require_once dirname(__FILE__) . '/securimage.php'; - $securimage = new Securimage(); - - if ($securimage->check($captcha) == false) { - $errors['captcha_error'] = 'Incorrect security code entered'; - } - } - - if (sizeof($errors) == 0) { - // no errors, send the form - $time = date('r'); - $message = "A message was submitted from the contact form. The following information was provided.

" - . "Name: $name
" - . "Email: $email
" - . "URL: $URL
" - . "Message:
" - . "
$message
" - . "

IP Address: {$_SERVER['REMOTE_ADDR']}
" - . "Time: $time
" - . "Browser: {$_SERVER['HTTP_USER_AGENT']}
"; - - if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) { - // send the message with mail() - mail($GLOBALS['ct_recipient'], $GLOBALS['ct_msg_subject'], $message, "From: {$GLOBALS['ct_recipient']}\r\nReply-To: {$email}\r\nContent-type: text/html; charset=ISO-8859-1\r\nMIME-Version: 1.0"); - } - - $return = array('error' => 0, 'message' => 'OK'); - die(json_encode($return)); - } else { - $errmsg = ''; - foreach($errors as $key => $error) { - // set up error messages to display with each field - $errmsg .= " - {$error}\n"; - } - - $return = array('error' => 1, 'message' => $errmsg); - die(json_encode($return)); - } - } // POST -} // function process_si_contact_form() diff --git a/webui/securimage/example_form.php b/webui/securimage/example_form.php deleted file mode 100644 index 90877a53..00000000 --- a/webui/securimage/example_form.php +++ /dev/null @@ -1,192 +0,0 @@ - - - - - - Securimage Example Form - - - - -
-Example Form - -

- This is an example PHP form that processes user information, checks for errors, and validates the captcha code.
- This example form also demonstrates how to submit a form to itself to display error messages. -

- - -There was a problem with your submission. Errors are displayed below in red.

- -The captcha was correct and the message has been sent!

- - -
- - -

- Name*:   
- -

- -

- Email*:   
- -

- -

- URL:   
- -

- -

- Message*:   
- -

- -

- CAPTCHA Image - - - -   - Reload Image
- Enter Code*:
- - -

- -

-
- -

- -
-
- - - - - $value) { - if (!is_array($key)) { - // sanitize the input data - if ($key != 'ct_message') $value = strip_tags($value); - $_POST[$key] = htmlspecialchars(stripslashes(trim($value))); - } - } - - $name = @$_POST['ct_name']; // name from the form - $email = @$_POST['ct_email']; // email from the form - $URL = @$_POST['ct_URL']; // url from the form - $message = @$_POST['ct_message']; // the message from the form - $captcha = @$_POST['ct_captcha']; // the user's entry for the captcha code - $name = substr($name, 0, 64); // limit name to 64 characters - - $errors = array(); // initialize empty error array - - if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) { - // only check for errors if the form is not in debug mode - - if (strlen($name) < 3) { - // name too short, add error - $errors['name_error'] = 'Your name is required'; - } - - if (strlen($email) == 0) { - // no email address given - $errors['email_error'] = 'Email address is required'; - } else if ( !preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/i', $email)) { - // invalid email format - $errors['email_error'] = 'Email address entered is invalid'; - } - - if (strlen($message) < 20) { - // message length too short - $errors['message_error'] = 'Please enter a message'; - } - } - - // Only try to validate the captcha if the form has no errors - // This is especially important for ajax calls - if (sizeof($errors) == 0) { - require_once dirname(__FILE__) . '/securimage.php'; - $securimage = new Securimage(); - - if ($securimage->check($captcha) == false) { - $errors['captcha_error'] = 'Incorrect security code entered
'; - } - } - - if (sizeof($errors) == 0) { - // no errors, send the form - $time = date('r'); - $message = "A message was submitted from the contact form. The following information was provided.

" - . "Name: $name
" - . "Email: $email
" - . "URL: $URL
" - . "Message:
" - . "
$message
" - . "

IP Address: {$_SERVER['REMOTE_ADDR']}
" - . "Time: $time
" - . "Browser: {$_SERVER['HTTP_USER_AGENT']}
"; - - $message = wordwrap($message, 70); - - if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) { - // send the message with mail() - mail($GLOBALS['ct_recipient'], $GLOBALS['ct_msg_subject'], $message, "From: {$GLOBALS['ct_recipient']}\r\nReply-To: {$email}\r\nContent-type: text/html; charset=ISO-8859-1\r\nMIME-Version: 1.0"); - } - - $_SESSION['ctform']['error'] = false; // no error with form - $_SESSION['ctform']['success'] = true; // message sent - } else { - // save the entries, this is to re-populate the form - $_SESSION['ctform']['ct_name'] = $name; // save name from the form submission - $_SESSION['ctform']['ct_email'] = $email; // save email - $_SESSION['ctform']['ct_URL'] = $URL; // save URL - $_SESSION['ctform']['ct_message'] = $message; // save message - - foreach($errors as $key => $error) { - // set up error messages to display with each field - $_SESSION['ctform'][$key] = "$error"; - } - - $_SESSION['ctform']['error'] = true; // set error floag - } - } // POST -} - -$_SESSION['ctform']['success'] = false; // clear success value after running diff --git a/webui/securimage/securimage.php b/webui/securimage/securimage.php index 85a0dd36..c7a60930 100644 --- a/webui/securimage/securimage.php +++ b/webui/securimage/securimage.php @@ -853,13 +853,13 @@ class Securimage try { $audio = $this->getAudibleCode(); } catch (Exception $ex) { - if (($fp = @fopen(dirname(__FILE__) . '/si.error_log', 'a+')) !== false) { - fwrite($fp, date('Y-m-d H:i:s') . ': Securimage audio error "' . $ex->getMessage() . '"' . "\n"); - fclose($fp); + if (($fp = @fopen(dirname(__FILE__) . '/si.error_log', 'a+')) !== false) { + fwrite($fp, date('Y-m-d H:i:s') . ': Securimage audio error "' . $ex->getMessage() . '"' . "\n"); + fclose($fp); } $audio = $this->audioError(); - } + } if ($this->canSendHeaders() || $this->send_headers == false) { if ($this->send_headers) { @@ -890,15 +890,15 @@ class Securimage if (!$this->no_exit) exit; } - /** - * Return the code from the session or sqlite database if used. If none exists yet, an empty string is returned - * - * @param $array bool True to receive an array containing the code and properties - * @return array|string Array if $array = true, otherwise a string containing the code - */ - public function getCode($array = false, $returnExisting = false) - { - $code = ''; + /** + * Return the code from the session or sqlite database if used. If none exists yet, an empty string is returned + * + * @param $array bool True to receive an array containing the code and properties + * @return array|string Array if $array = true, otherwise a string containing the code + */ + public function getCode($array = false, $returnExisting = false) + { + $code = ''; $time = 0; $disp = 'error'; @@ -911,31 +911,31 @@ class Securimage } else { return $this->code; } - } + } - if ($this->no_session != true) { - if (isset($_SESSION['securimage_code_value'][$this->namespace]) && - trim($_SESSION['securimage_code_value'][$this->namespace]) != '') { - if ($this->isCodeExpired( - $_SESSION['securimage_code_ctime'][$this->namespace]) == false) { - $code = $_SESSION['securimage_code_value'][$this->namespace]; - $time = $_SESSION['securimage_code_ctime'][$this->namespace]; - $disp = $_SESSION['securimage_code_disp'] [$this->namespace]; - } + if ($this->no_session != true) { + if (isset($_SESSION['securimage_code_value'][$this->namespace]) && + trim($_SESSION['securimage_code_value'][$this->namespace]) != '') { + if ($this->isCodeExpired( + $_SESSION['securimage_code_ctime'][$this->namespace]) == false) { + $code = $_SESSION['securimage_code_value'][$this->namespace]; + $time = $_SESSION['securimage_code_ctime'][$this->namespace]; + $disp = $_SESSION['securimage_code_disp'] [$this->namespace]; + } } } - if (empty($code) && $this->use_database) { - // no code in session - may mean user has cookies turned off - $this->openDatabase(); - $code = $this->getCodeFromDatabase(); - } else { /* no code stored in session or sqlite database, validation will fail */ } - - if ($array == true) { - return array('code' => $code, 'ctime' => $time, 'display' => $disp); - } else { - return $code; - } + if (empty($code) && $this->use_database) { + // no code in session - may mean user has cookies turned off + $this->openDatabase(); + $code = $this->getCodeFromDatabase(); + } else { /* no code stored in session or sqlite database, validation will fail */ } + + if ($array == true) { + return array('code' => $code, 'ctime' => $time, 'display' => $disp); + } else { + return $code; + } } /** @@ -1378,24 +1378,24 @@ class Securimage header("Pragma: no-cache"); } - switch ($this->image_type) { - case self::SI_IMAGE_JPEG: - if ($this->send_headers) header("Content-Type: image/jpeg"); - imagejpeg($this->im, null, 90); - break; - case self::SI_IMAGE_GIF: - if ($this->send_headers) header("Content-Type: image/gif"); - imagegif($this->im); - break; - default: - if ($this->send_headers) header("Content-Type: image/png"); - imagepng($this->im); - break; + switch ($this->image_type) { + case self::SI_IMAGE_JPEG: + if ($this->send_headers) header("Content-Type: image/jpeg"); + imagejpeg($this->im, null, 90); + break; + case self::SI_IMAGE_GIF: + if ($this->send_headers) header("Content-Type: image/gif"); + imagegif($this->im); + break; + default: + if ($this->send_headers) header("Content-Type: image/png"); + imagepng($this->im); + break; } - } else { - echo '
' - .'Failed to generate captcha image, content has already been ' - .'output.
This is most likely due to misconfiguration or ' + } else { + echo '
' + .'Failed to generate captcha image, content has already been ' + .'output.
This is most likely due to misconfiguration or ' .'a PHP error was sent to the browser.'; } @@ -1943,10 +1943,10 @@ class Securimage if ($this->audio_gap_max > 0 && $this->audio_gap_max > $this->audio_gap_min) { $wavCaptcha->insertSilence( mt_rand($this->audio_gap_min, $this->audio_gap_max) / 1000.0 ); } - } catch (Exception $ex) { + } catch (Exception $ex) { // failed to open file, or the wav file is broken or not supported // 2 wav files were not compatible, different # channels, bits/sample, or sample rate - throw $ex; + throw $ex; } } @@ -2038,18 +2038,18 @@ class Securimage * * @return bool true if headers haven't been sent and no output/errors will break audio/images, false if unsafe */ - protected function canSendHeaders() - { - if (headers_sent()) { - // output has been flushed and headers have already been sent - return false; - } else if (strlen((string)ob_get_contents()) > 0) { - // headers haven't been sent, but there is data in the buffer that will break image and audio data - return false; - } - - return true; - } + protected function canSendHeaders() + { + if (headers_sent()) { + // output has been flushed and headers have already been sent + return false; + } else if (strlen((string)ob_get_contents()) > 0) { + // headers haven't been sent, but there is data in the buffer that will break image and audio data + return false; + } + + return true; + } /** * Return a random float between 0 and 0.9999 diff --git a/webui/system/controller.php b/webui/system/controller.php index 6a5b017e..8a3a950b 100644 --- a/webui/system/controller.php +++ b/webui/system/controller.php @@ -86,9 +86,10 @@ class Controller { protected function fetch(){ + $session = Registry::get('session'); - if(isset($_SESSION['theme']) && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $_SESSION['theme']) && file_exists(DIR_THEME . $_SESSION['theme']) ) { - $file = DIR_THEME . $_SESSION['theme'] . '/templates/' . $this->template; + if($session->get("theme") && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $session->get("theme")) && file_exists(DIR_THEME . $session->get("theme")) ) { + $file = DIR_THEME . $session->get("theme") . '/templates/' . $this->template; } else { $file = DIR_THEME . THEME . '/templates/' . $this->template; } diff --git a/webui/system/language.php b/webui/system/language.php index e3540135..8dcce51c 100644 --- a/webui/system/language.php +++ b/webui/system/language.php @@ -8,10 +8,11 @@ class Language { global $langs; $lang = ''; + $session = Registry::get('session'); - if(isset($_SESSION['lang']) && $_SESSION['lang'] != '') { - $file = DIR_LANGUAGE . $_SESSION['lang'] . '/messages.php'; - define('LANG', $_SESSION['lang']); + if($session->get("lang")) { + $file = DIR_LANGUAGE . $session->get("lang") . '/messages.php'; + define('LANG', $session->get("lang")); } else { $pref_langs = $this->get_preferred_languages(); @@ -26,7 +27,7 @@ class Language { if($lang == '') { $lang = DEFAULT_LANG; } - $_SESSION['lang'] = $lang; + $session->set("lang", $lang); $file = DIR_LANGUAGE . $lang . '/messages.php'; } diff --git a/webui/system/misc.php b/webui/system/misc.php index f172b44d..30bc9701 100644 --- a/webui/system/misc.php +++ b/webui/system/misc.php @@ -3,8 +3,10 @@ function LOGGER($event = '', $username = '') { if($event == "") { return 0; } + $session = Registry::get('session'); + if($username == '') { - if(isset($_SESSION['username'])) { $username = $_SESSION['username']; } + if($session->get("username")) { $username = $session->get("username"); } else { $username = 'unknown'; } } @@ -16,8 +18,10 @@ function AUDIT($action = 0, $email = '', $ipaddr = '', $id = 0, $description = ' if(ENABLE_AUDIT == 0) { return 0; } + $session = Registry::get('session'); + if($ipaddr == '' && isset($_SERVER['REMOTE_ADDR'])) { $ipaddr = $_SERVER['REMOTE_ADDR']; } - if($email == '') { $email = $_SESSION['email']; } + if($email == '') { $email = $session->get("email"); } $a = explode("@", $email); @@ -30,42 +34,51 @@ function AUDIT($action = 0, $email = '', $ipaddr = '', $id = 0, $description = ' function getAuthenticatedUsername() { + $session = Registry::get('session'); - if(isset($_SESSION['username'])){ return $_SESSION['username']; } + if($session->get("username")) { return $session->get("username"); } return ""; } function isAdminUser() { - if(isset($_SESSION['admin_user']) && $_SESSION['admin_user'] == 1){ return 1; } + $session = Registry::get('session'); + + if($session->get("admin_user") == 1){ return 1; } return 0; } function isAuditorUser() { - if(isset($_SESSION['admin_user']) && $_SESSION['admin_user'] == 2){ return 1; } + $session = Registry::get('session'); + + if($session->get("admin_user") == 2){ return 1; } return 0; } function isReadonlyAdmin() { - if(isset($_SESSION['admin_user']) && $_SESSION['admin_user'] == 3){ return 1; } + $session = Registry::get('session'); + + if($session->get("admin_user") == 3){ return 1; } return 0; } function logout() { - AUDIT(ACTION_LOGOUT, $_SESSION['email'], '', '', ''); + $session = Registry::get('session'); - $_SESSION['username'] = ""; - $_SESSION['admin_user'] = 0; + AUDIT(ACTION_LOGOUT, $session->get("email"), '', '', ''); - unset($_SESSION['username']); - unset($_SESSION['admin_user']); + $session->set("username", ""); + $session->set("admin_user", 0); + + $session->remove("username"); + $session->remove("admin_user"); Registry::set('username', ''); @@ -82,9 +95,10 @@ function isBinary($num = '') { function get_page_length() { $page_len = PAGE_LEN; - - if(isset($_SESSION['pagelen']) && is_numeric($_SESSION['pagelen']) && $_SESSION['pagelen'] >= 10 && $_SESSION['pagelen'] <= MAX_SEARCH_HITS) { - $page_len = $_SESSION['pagelen']; + $session = Registry::get('session'); + + if($session->get("pagelen") && is_numeric($session->get("pagelen")) && $session->get("pagelen") >= 10 && $session->get("pagelen") <= MAX_SEARCH_HITS) { + $page_len = $session->get("pagelen"); } return $page_len; diff --git a/webui/system/request.php b/webui/system/request.php index 21ac2c34..ee0771a3 100644 --- a/webui/system/request.php +++ b/webui/system/request.php @@ -27,12 +27,12 @@ class Request { class Session { public function __construct() { - //session_start(); + session_start(); } - public function get($s = '') { - if($s && isset($_SESSION[$s])) { return $_SESSION[$s]; } + public function get($k = '') { + if($k && isset($_SESSION[$k])) { return $_SESSION[$k]; } return ''; } @@ -44,6 +44,12 @@ class Session { } + + public function remove($k = '') { + if($k) { unset($_SESSION[$k]); } + } + + } diff --git a/webui/system/startup.php b/webui/system/startup.php index c7865ccc..1369b474 100644 --- a/webui/system/startup.php +++ b/webui/system/startup.php @@ -6,8 +6,8 @@ require(DIR_SYSTEM . "/front.php"); require(DIR_SYSTEM . "/language.php"); require(DIR_SYSTEM . "/loader.php"); require(DIR_SYSTEM . "/model.php"); -require(DIR_SYSTEM . "/registry.php"); -require(DIR_SYSTEM . "/request.php"); +//require(DIR_SYSTEM . "/registry.php"); +//require(DIR_SYSTEM . "/request.php"); require(DIR_SYSTEM . "/router.php"); require(DIR_SYSTEM . "/misc.php"); diff --git a/webui/view/theme/default/templates/login/login.tpl b/webui/view/theme/default/templates/login/login.tpl index 8b94ac13..269bc4f3 100644 --- a/webui/view/theme/default/templates/login/login.tpl +++ b/webui/view/theme/default/templates/login/login.tpl @@ -26,7 +26,7 @@ - +
Archive Logo Image
diff --git a/webui/view/theme/default/templates/user/add.tpl b/webui/view/theme/default/templates/user/add.tpl index 4741f594..ebb1d88c 100644 --- a/webui/view/theme/default/templates/user/add.tpl +++ b/webui/view/theme/default/templates/user/add.tpl @@ -42,7 +42,7 @@
diff --git a/webui/view/theme/default/templates/user/settings.tpl b/webui/view/theme/default/templates/user/settings.tpl index c7cc48a7..c1f7149e 100644 --- a/webui/view/theme/default/templates/user/settings.tpl +++ b/webui/view/theme/default/templates/user/settings.tpl @@ -66,7 +66,7 @@
@@ -77,7 +77,7 @@
diff --git a/webui/view/theme/mobile/templates/login/login.tpl b/webui/view/theme/mobile/templates/login/login.tpl index 801ad2a3..43456f39 100644 --- a/webui/view/theme/mobile/templates/login/login.tpl +++ b/webui/view/theme/mobile/templates/login/login.tpl @@ -30,7 +30,7 @@ - +
Archive Logo Image
diff --git a/webui/view/theme/mobile/templates/user/add.tpl b/webui/view/theme/mobile/templates/user/add.tpl index 5400109c..042c1100 100644 --- a/webui/view/theme/mobile/templates/user/add.tpl +++ b/webui/view/theme/mobile/templates/user/add.tpl @@ -26,7 +26,7 @@
diff --git a/webui/view/theme/mobile/templates/user/settings.tpl b/webui/view/theme/mobile/templates/user/settings.tpl index f0b85d1d..082c616d 100644 --- a/webui/view/theme/mobile/templates/user/settings.tpl +++ b/webui/view/theme/mobile/templates/user/settings.tpl @@ -73,7 +73,7 @@
@@ -85,7 +85,7 @@