Index: branches/unlabeled/unlabeled-1.38.2/core/kernel/event_manager.php
===================================================================
diff -u -r6128 -r6235
--- branches/unlabeled/unlabeled-1.38.2/core/kernel/event_manager.php (.../event_manager.php) (revision 6128)
+++ branches/unlabeled/unlabeled-1.38.2/core/kernel/event_manager.php (.../event_manager.php) (revision 6235)
@@ -309,7 +309,8 @@
case 'd': // "down/push" new template to opener stack, deeplevel++
if ($this->Application->GetVar('front')) {
- array_push($opener_stack, '../'.$this->Application->RecallVar('last_template') );
+ $front_session =& $this->Application->recallObject('Session.front');
+ array_push($opener_stack, '../'.$front_session->RecallVar('last_template') );
}
else {
array_push($opener_stack, $this->Application->RecallVar('last_template') );
@@ -334,18 +335,18 @@
$this->Application->StoreVar('opener_stack', serialize($opener_stack));
}
-
+
function openerStackPush($t, $params, $pass = 'all')
{
$opener_stack = $this->Application->RecallVar('opener_stack');
- $opener_stack = $opener_stack ? unserialize($opener_stack) : Array();
-
+ $opener_stack = $opener_stack ? unserialize($opener_stack) : Array();
+
$redirect_params = array_merge_recursive2(Array('m_opener' => 'u', '__URLENCODE__' => 1), $params);
$new_level = $this->Application->BuildEnv($t, $redirect_params, $pass, true);
array_push($opener_stack, 'index.php|'.ltrim($new_level, ENV_VAR_NAME.'=') );
$this->Application->StoreVar('opener_stack', serialize($opener_stack));
}
-
+
function registerHook($hookto_prefix, $hookto_special, $hookto_event, $mode, $do_prefix, $do_special, $do_event, $conditional)
{
if( !$this->Application->prefixRegistred($hookto_prefix) )
Index: branches/unlabeled/unlabeled-1.156.2/core/kernel/application.php
===================================================================
diff -u -r6104 -r6235
--- branches/unlabeled/unlabeled-1.156.2/core/kernel/application.php (.../application.php) (revision 6104)
+++ branches/unlabeled/unlabeled-1.156.2/core/kernel/application.php (.../application.php) (revision 6235)
@@ -1327,7 +1327,7 @@
$session =& $this->recallObject('Session');
$ssl = isset($params['__SSL__']) ? $params['__SSL__'] : 0;
$sid = $session->NeedQueryString() && !$this->RewriteURLs($ssl) ? $this->GetSID() : '';
- if (getArrayValue($params,'admin') == 1) $sid = $this->GetSID();
+// if (getArrayValue($params,'admin') == 1) $sid = $this->GetSID();
$ret = '';
if ($env_var) {
@@ -1480,7 +1480,11 @@
}
ob_end_flush();
- $this->Session->SaveData();
+ // session expiration is called from session initialization,
+ // that's why $this->Session may be not defined here
+ if (is_object($this->Session)) {
+ $this->Session->SaveData();
+ }
exit;
}
Index: branches/unlabeled/unlabeled-1.74.2/core/kernel/db/db_event_handler.php
===================================================================
diff -u -r6144 -r6235
--- branches/unlabeled/unlabeled-1.74.2/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 6144)
+++ branches/unlabeled/unlabeled-1.74.2/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 6235)
@@ -1480,8 +1480,17 @@
if(!$field_type) $field_type = 'string'; // default LIKE filter for all fields without type
$filter_value = '';
- $table_name = ($filter_type == 'where') ? '`'.$object->TableName.'`.' : '';
+ if (preg_match('/(.*)\.(.*)/', $search_field, $regs)) {
+ $table_name = '`'.$regs[1].'`.';
+ $search_field = $regs[2];
+ }
+ elseif ($filter_type == 'where') {
+ $table_name = '`'.$object->TableName.'`.';
+ }
+
+ $table_name = ($filter_type == 'where') ? $table_name : '';
+
// get field clause by formatter name and/or parameters
$formatter = getArrayValue($object->Fields[$search_field],'formatter');
switch($formatter)
Index: branches/unlabeled/unlabeled-1.18.2/core/units/general/helpers/permissions_helper.php
===================================================================
diff -u -r6107 -r6235
--- branches/unlabeled/unlabeled-1.18.2/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 6107)
+++ branches/unlabeled/unlabeled-1.18.2/core/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 6235)
@@ -335,7 +335,13 @@
*/
function CheckPermission($name, $type = 1, $cat_id = null)
{
- if ($this->Application->GetVar('u_id') == -1) {
+ $user_id = $this->Application->GetVar('u_id');
+ return $this->CheckUserPermission($user_id, $name, $type, $cat_id);
+ }
+
+ function CheckUserPermission($user_id, $name, $type = 1, $cat_id = null)
+ {
+ if ($user_id == -1) {
// "root" is allowed anywhere
return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
}
@@ -371,7 +377,16 @@
WHERE (PermId = '.$perm_id.') AND (CategoryId = '.$cat_id.')';
$view_filters = Array();
- $groups = explode(',', $this->Application->RecallVar('UserGroups'));
+ if ($user_id == $this->Application->GetVar('u_id')) {
+ $groups = explode(',', $this->Application->RecallVar('UserGroups'));
+ }
+ else { // checking not current user
+ $sql = 'SELECT GroupId FROM '.TABLE_PREFIX.'UserGroup
+ WHERE (PortalUserId = '.$user_id.') AND
+ ( (MembershipExpires IS NULL) OR ( MembershipExpires >= UNIX_TIMESTAMP() ) )';
+ $groups = $this->Conn->GetCol($sql);
+ array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup') );
+ }
foreach ($groups as $group) {
$view_filters[] = 'FIND_IN_SET('.$group.', ACL)';
}
Index: branches/unlabeled/unlabeled-1.18.2/kernel/units/general/helpers/permissions_helper.php
===================================================================
diff -u -r6107 -r6235
--- branches/unlabeled/unlabeled-1.18.2/kernel/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 6107)
+++ branches/unlabeled/unlabeled-1.18.2/kernel/units/general/helpers/permissions_helper.php (.../permissions_helper.php) (revision 6235)
@@ -335,7 +335,13 @@
*/
function CheckPermission($name, $type = 1, $cat_id = null)
{
- if ($this->Application->GetVar('u_id') == -1) {
+ $user_id = $this->Application->GetVar('u_id');
+ return $this->CheckUserPermission($user_id, $name, $type, $cat_id);
+ }
+
+ function CheckUserPermission($user_id, $name, $type = 1, $cat_id = null)
+ {
+ if ($user_id == -1) {
// "root" is allowed anywhere
return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
}
@@ -371,7 +377,16 @@
WHERE (PermId = '.$perm_id.') AND (CategoryId = '.$cat_id.')';
$view_filters = Array();
- $groups = explode(',', $this->Application->RecallVar('UserGroups'));
+ if ($user_id == $this->Application->GetVar('u_id')) {
+ $groups = explode(',', $this->Application->RecallVar('UserGroups'));
+ }
+ else { // checking not current user
+ $sql = 'SELECT GroupId FROM '.TABLE_PREFIX.'UserGroup
+ WHERE (PortalUserId = '.$user_id.') AND
+ ( (MembershipExpires IS NULL) OR ( MembershipExpires >= UNIX_TIMESTAMP() ) )';
+ $groups = $this->Conn->GetCol($sql);
+ array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup') );
+ }
foreach ($groups as $group) {
$view_filters[] = 'FIND_IN_SET('.$group.', ACL)';
}
Index: branches/unlabeled/unlabeled-1.51.2/kernel/include/modules.php
===================================================================
diff -u -r6135 -r6235
--- branches/unlabeled/unlabeled-1.51.2/kernel/include/modules.php (.../modules.php) (revision 6135)
+++ branches/unlabeled/unlabeled-1.51.2/kernel/include/modules.php (.../modules.php) (revision 6235)
@@ -4,9 +4,13 @@
*/
$ado =& GetADODBConnection();
-$session_cookie_name = $ado->GetOne('SELECT VariableValue FROM '.$g_TablePrefix.'ConfigurationValues WHERE VariableName = "SessionCookieName"');
-define('SESSION_COOKIE_NAME', $session_cookie_name ? $session_cookie_name : 'sid');
+$application =& kApplication::Instance();
+define('SESSION_COOKIE_NAME', $application->Session->CookieName);
+
+/*$session_cookie_name = $ado->GetOne('SELECT VariableValue FROM '.$g_TablePrefix.'ConfigurationValues WHERE VariableName = "SessionCookieName"');
+define('SESSION_COOKIE_NAME', $session_cookie_name ? $session_cookie_name : 'sid');
+*/
set_cookie('cookies_on', '1', adodb_mktime() + 31104000);
// if branches that uses if($mod_prefix) or like that will never be executed
@@ -339,72 +343,72 @@
function admin_login()
{
- global $objSession,$login_error, $objConfig,$g_Allow,$g_Deny;
-// echo ""; print_r($objSession); echo "
";
+ global $objSession,$login_error, $objConfig,$g_Allow,$g_Deny;
+ // echo ""; print_r($objSession); echo "
";
if( GetVar('help_usage') == 'install' ) return true;
- $env_arr = explode('-', $_GET['env']);
- $get_session_key = $env_arr[0];
- $admin_login = isset($_POST['adminlogin']) && $_POST['adminlogin'];
- if(!$objSession->ValidSession() || ($objSession->GetSessionKey() != $get_session_key && !$admin_login)) {
- if( isset($_GET['expired']) && ($_GET['expired'] == 1) )
- $login_error = admin_language("la_text_sess_expired");
+ $env_arr = explode('-', $_GET['env']);
+ $get_session_key = $env_arr[0];
+ $admin_login = isset($_POST['adminlogin']) && $_POST['adminlogin'];
+ if(!$objSession->ValidSession()) { // || ($objSession->GetSessionKey() != $get_session_key && !$admin_login)
+ if( isset($_GET['expired']) && ($_GET['expired'] == 1) )
+ $login_error = admin_language("la_text_sess_expired");
- return FALSE;
- //echo "Expired
";
- }
+ return FALSE;
+ //echo "Expired
";
+ }
if ($objSession->HasSystemPermission("ADMIN") == 1)
- return TRUE;
+ return TRUE;
- if(count($_POST)==0 || $_POST["adminlogin"]!=1)
- return FALSE;
- $login=$_POST["login"];
- $password = $_POST["password"];
+ if(count($_POST)==0 || $_POST["adminlogin"]!=1)
+ return FALSE;
+ $login=$_POST["login"];
+ $password = $_POST["password"];
- if (strlen($login) && strlen($password))
- {
- if(!_IpAccess($_SERVER['REMOTE_ADDR'],$g_Allow,$g_Deny))
- {
- $login_error = admin_language("la_text_address_denied");
- return FALSE;
- }
- $valid = $objSession->Login($login, md5($password));
- $hasperm = ($objSession->HasSystemPermission("ADMIN") == 1);
- if (($login=="root" || $hasperm) && $valid)
- {
- if(_ValidateModules())
- {
- return TRUE;
- }
- else
- $login_error = "Missing or invalid In-Portal License";
- }
- else
- {
- if(!$hasperm && $valid)
- {
- $login_error = admin_language("la_text_nopermissions");
- }
- else
- {
- $login_error = admin_language("la_Text_Access_Denied");
- }
- return FALSE;
- }
+ if (strlen($login) && strlen($password))
+ {
+ if(!_IpAccess($_SERVER['REMOTE_ADDR'],$g_Allow,$g_Deny))
+ {
+ $login_error = admin_language("la_text_address_denied");
+ return FALSE;
+ }
+ $valid = $objSession->Login($login, md5($password));
+ $hasperm = ($objSession->HasSystemPermission("ADMIN") == 1);
+ if (($login=="root" || $hasperm) && $valid)
+ {
+ if(_ValidateModules())
+ {
+ return TRUE;
+ }
+ else
+ $login_error = "Missing or invalid In-Portal License";
+ }
+ else
+ {
+ if(!$hasperm && $valid)
+ {
+ $login_error = admin_language("la_text_nopermissions");
+ }
+ else
+ {
+ $login_error = admin_language("la_Text_Access_Denied");
+ }
+ return FALSE;
+ }
}
- else
- {
- if(!strlen($login))
- {
- $login_error = admin_language("la_Text_Missing_Username");
- }
- else
- if(!strlen($password))
- $login_error = admin_language("la_Text_Missing_Password");
- return FALSE;
- }
+ else
+ {
+ if(!strlen($login))
+ {
+ $login_error = admin_language("la_Text_Missing_Username");
+ }
+ else
+ if(!strlen($password))
+ $login_error = admin_language("la_Text_Missing_Password");
+ return FALSE;
+ }
}
@@ -813,8 +817,12 @@
$SessionQueryString = false; // by default assume, that SID is located in cookie
if( !isset($FrontEnd) ) $FrontEnd = false; // if frontend not explicitly defined, than
-if($FrontEnd != 1)
+ $SessionQueryString = $application->Session->NeedQueryString();
+
+
+/*if($FrontEnd != 1) {
$SessionQueryString = true;
+}*/
if (is_array($mod_prefix)) {
ParseEnv();
@@ -834,26 +842,26 @@
if ( !isset($var_list['sid']) ) $var_list['sid'] = '';
if ( !isset($_GET['env']) ) $_GET['env'] = '';
-if(strlen($var_list["sid"])==0 && strlen($_GET["env"])>0 && $objConfig->Get("CookieSessions")==2)
+if(strlen($var_list["sid"])==0 && strlen($_GET["env"])>0 && $objConfig->Get("CookieSessions")==smCOOKIES_ONLY)
{
- if(_IsSpider($_SERVER["HTTP_USER_AGENT"]))
- {
- $UseSession = FALSE;
- }
- else
- {
- /* switch user to GET session var */
- if (!$_COOKIE[SESSION_COOKIE_NAME]) {
- $SessionQueryString = TRUE;
- }
- //else {
- //$cg = '--code--';
- //}
- $UseSession = TRUE;
- }
+ if(_IsSpider($_SERVER["HTTP_USER_AGENT"]))
+ {
+ $UseSession = FALSE;
+ }
+ else
+ {
+ /* switch user to GET session var */
+ if (!$_COOKIE[SESSION_COOKIE_NAME]) {
+ $SessionQueryString = TRUE;
+ }
+ //else {
+ //$cg = '--code--';
+ //}
+ $UseSession = TRUE;
+ }
}
else {
- $UseSession = TRUE;
+ $UseSession = TRUE;
}
if($var_list["sid"]=="_")
@@ -864,7 +872,7 @@
if($Action == 'm_logout')
{
- $u = new clsUserSession($var_list['sid'] ,($SessionQueryString && $FrontEnd==1));
+ $u = new clsUserSession($var_list['sid']); // ,($SessionQueryString && $FrontEnd==1)
$application =& kApplication::Instance();
$application->HandleEvent( new kEvent('u:OnInpLogout') );
@@ -888,13 +896,13 @@
$HTTP_REFERER = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
-if ( ($CookieTest == 1) /*|| !strstr($HTTP_REFERER, $_SERVER['HTTP_HOST'].$objConfig->Get("Site_Path"))*/) {
+/*if ( ($CookieTest == 1) ) { // || !strstr($HTTP_REFERER, $_SERVER['HTTP_HOST'].$objConfig->Get("Site_Path"))
$SessionQueryString = FALSE;
}
if ($FrontEnd != 1) {
$SessionQueryString = TRUE;
-}
+}*/
// SID detecting engine: end
@@ -914,7 +922,7 @@
$objSession->SetThemeName($m_var_list["theme"]);
if($objConfig->Get("CookieSessions")>0 && !$SessionQueryString && !headers_sent())
{
- set_cookie(SESSION_COOKIE_NAME, $var_list['sid'], 0);
+// set_cookie(SESSION_COOKIE_NAME, $var_list['sid'], 0);
}
//echo "New Session: ".$objSession->GetSessionKey()."
\n";
if(isset($_COOKIE["login"]) && $Action != "m_logout" && $FrontEnd==1)
Index: branches/unlabeled/unlabeled-1.20.2/kernel/units/general/inp_ses_storage.php
===================================================================
diff -u -r5538 -r6235
--- branches/unlabeled/unlabeled-1.20.2/kernel/units/general/inp_ses_storage.php (.../inp_ses_storage.php) (revision 5538)
+++ branches/unlabeled/unlabeled-1.20.2/kernel/units/general/inp_ses_storage.php (.../inp_ses_storage.php) (revision 6235)
@@ -7,18 +7,25 @@
$this->SessionTimeout = $this->Application->ConfigValue('SessionTimeout');
$path = (BASE_PATH == '') ? '/' : BASE_PATH;
- if ( $this->Application->IsAdmin() ) $path = rtrim($path, '/').'/admin';
+// if ( $this->Application->IsAdmin() ) $path = rtrim($path, '/').'/admin';
$this->SetCookiePath($path);
$cookie_name = $this->Application->ConfigValue('SessionCookieName');
- $this->SetCookieName($cookie_name ? $cookie_name : 'sid');
+ if (!$cookie_name) $cookie_name = 'sid';
+ if (($this->Application->IsAdmin() && $special !== 'front') || $special == 'admin' ) { // || $this->Application->GetVar('admin') == 1
+ $cookie_name = 'adm_'.$cookie_name;
+ }
+ $this->SetCookieName($cookie_name);
$this->SetCookieDomain(SERVER_NAME);
- if( $this->Application->IsAdmin() )
+ if( $this->Application->IsAdmin()) // && $this->Application->GetVar('admin') != 1
{
$mode = constOn('IS_INSTALL') ? smCOOKIES_ONLY : smAUTO;
}
+ /*elseif ($this->Application->IsAdmin() && $this->Application->GetVar('admin') == 1) {
+ $mode = smCOOKIES_ONLY;
+ }*/
else
{
$ses_mode = $this->Application->ConfigValue('CookieSessions');
Index: branches/unlabeled/unlabeled-1.50.2/core/kernel/session/session.php
===================================================================
diff -u -r5498 -r6235
--- branches/unlabeled/unlabeled-1.50.2/core/kernel/session/session.php (.../session.php) (revision 5498)
+++ branches/unlabeled/unlabeled-1.50.2/core/kernel/session/session.php (.../session.php) (revision 6235)
@@ -412,13 +412,7 @@
function CheckIfCookiesAreOn()
{
// $this->CheckDuplicateCookies();
- if ($this->Mode == smGET_ONLY ||
- ( defined('INPORTAL_ENV') &&
- INPORTAL_ENV &&
- $this->Application->IsAdmin()
- &&
- !$this->Application->GetVar('front'))
- )
+ if ($this->Mode == smGET_ONLY)
{
//we don't need to bother checking if we would not use it
$this->CookiesEnabled = false;
@@ -528,11 +522,8 @@
break;
}
}
+
- if ($this->Application->GetVar('front')) {
- $this->CookiesEnabled = false;
- }
-
$this->CachedSID = $sid;
return $this->CachedSID;
}
Index: branches/unlabeled/unlabeled-1.20.2/core/units/general/inp_ses_storage.php
===================================================================
diff -u -r5538 -r6235
--- branches/unlabeled/unlabeled-1.20.2/core/units/general/inp_ses_storage.php (.../inp_ses_storage.php) (revision 5538)
+++ branches/unlabeled/unlabeled-1.20.2/core/units/general/inp_ses_storage.php (.../inp_ses_storage.php) (revision 6235)
@@ -7,18 +7,25 @@
$this->SessionTimeout = $this->Application->ConfigValue('SessionTimeout');
$path = (BASE_PATH == '') ? '/' : BASE_PATH;
- if ( $this->Application->IsAdmin() ) $path = rtrim($path, '/').'/admin';
+// if ( $this->Application->IsAdmin() ) $path = rtrim($path, '/').'/admin';
$this->SetCookiePath($path);
$cookie_name = $this->Application->ConfigValue('SessionCookieName');
- $this->SetCookieName($cookie_name ? $cookie_name : 'sid');
+ if (!$cookie_name) $cookie_name = 'sid';
+ if (($this->Application->IsAdmin() && $special !== 'front') || $special == 'admin' ) { // || $this->Application->GetVar('admin') == 1
+ $cookie_name = 'adm_'.$cookie_name;
+ }
+ $this->SetCookieName($cookie_name);
$this->SetCookieDomain(SERVER_NAME);
- if( $this->Application->IsAdmin() )
+ if( $this->Application->IsAdmin()) // && $this->Application->GetVar('admin') != 1
{
$mode = constOn('IS_INSTALL') ? smCOOKIES_ONLY : smAUTO;
}
+ /*elseif ($this->Application->IsAdmin() && $this->Application->GetVar('admin') == 1) {
+ $mode = smCOOKIES_ONLY;
+ }*/
else
{
$ses_mode = $this->Application->ConfigValue('CookieSessions');