Disabled non-cookie sessions (ACP still remains w/o cookies)
authorAlexander Ebert <ebert@woltlab.com>
Thu, 21 May 2015 18:46:13 +0000 (20:46 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Thu, 21 May 2015 18:46:13 +0000 (20:46 +0200)
com.woltlab.wcf/templates/headIncludeJavaScript.tpl
com.woltlab.wcf/templates/login.tpl
wcfsetup/install/files/lib/form/LoginForm.class.php
wcfsetup/install/files/lib/system/WCF.class.php
wcfsetup/install/files/lib/system/session/ACPSessionFactory.class.php
wcfsetup/install/files/lib/system/session/SessionFactory.class.php
wcfsetup/install/files/lib/system/session/SessionHandler.class.php
wcfsetup/install/lang/de.xml
wcfsetup/install/lang/en.xml

index fa9dec4342f1b5c1ff9776c95a39d6d7a75395d7..c85d941bd9bf832eaa39a0e866c556f0737639dc 100644 (file)
@@ -3,14 +3,12 @@
 *}
 
 <script>
-       //<![CDATA[
-       var SID_ARG_2ND = '{@SID_ARG_2ND_NOT_ENCODED}';
+       var SID_ARG_2ND = '';
        var WCF_PATH = '{@$__wcf->getPath()}';
        var SECURITY_TOKEN = '{@SECURITY_TOKEN}';
        var LANGUAGE_ID = {@$__wcf->getLanguage()->languageID};
        var TIME_NOW = {@TIME_NOW};
        var URL_LEGACY_MODE = {if URL_LEGACY_MODE}true{else}false{/if};
-       //]]>
 </script>
 
 {if ENABLE_DEBUG_MODE}
index 72025b2d8146c2abf78417dbaedeaccd6d9e5cb4..710b3640630213e12b85cc5cac11f003745dfb59 100644 (file)
 
 {include file='userNotice'}
 
-{include file='formError'}
+{if !$errorField|empty && $errorField == 'cookie'}
+       <p class="error">{lang}wcf.user.login.error.cookieRequired{/lang}</p>
+{else}
+       {include file='formError'}
+{/if}
 
 <div class="contentNavigation">
        {hascontent}
index 0aa592bc9d75dbe136e95e7783c67a8d373b6635..320ae1e8fc41efa9b60f712ef295829a8bd10ecf 100644 (file)
@@ -1,5 +1,6 @@
 <?php
 namespace wcf\form;
+use wcf\system\exception\UserInputException;
 use wcf\system\request\LinkHandler;
 use wcf\system\user\authentication\UserAuthenticationFactory;
 use wcf\system\WCF;
@@ -25,7 +26,7 @@ class LoginForm extends \wcf\acp\form\LoginForm {
        public $enableTracking = true;
        
        /**
-        * true enables the usage of cookies
+        * true enables the usage of cookies to save login credentials
         * @var boolean
         */
        public $useCookies = 1;
@@ -53,6 +54,17 @@ class LoginForm extends \wcf\acp\form\LoginForm {
                if (isset($_POST['useCookies'])) $this->useCookies = intval($_POST['useCookies']);
        }
        
+       /**
+        * @see \wcf\form\IForm::validate()
+        */
+       public function validate() {
+               if (!WCF::getSession()->hasValidCookie()) {
+                       throw new UserInputException('cookie');
+               }
+               
+               parent::validate();
+       }
+       
        /**
         * @see \wcf\form\IForm::save()
         */
index 4b0d76c140c8068a783ea5a8f09d5080c7a5c86c..f2d594a9f2e7fb7ae3d599892e43fe5ace431c70 100644 (file)
@@ -23,7 +23,6 @@ use wcf\system\session\SessionHandler;
 use wcf\system\style\StyleHandler;
 use wcf\system\template\TemplateEngine;
 use wcf\system\user\storage\UserStorageHandler;
-use wcf\util\ArrayUtil;
 use wcf\util\ClassUtil;
 use wcf\util\FileUtil;
 use wcf\util\StringUtil;
@@ -304,6 +303,7 @@ class WCF {
                $factory->load();
                
                self::$sessionObj = SessionHandler::getInstance();
+               self::$sessionObj->setHasValidCookie($factory->hasValidCookie());
        }
        
        /**
index f02b652977c8bbd192d5d51c5d15a0d4b06bbb3c..7371b22ffe5c2849dad758b6373a806fe5d48930 100644 (file)
@@ -40,6 +40,15 @@ class ACPSessionFactory {
                }
        }
        
+       /**
+        * Returns true if session was based upon a valid cookie.
+        * 
+        * @return      boolean
+        */
+       public function hasValidCookie() {
+               return false;
+       }
+       
        /**
         * Initializes the session system.
         */
index a13990147ecd22d3813c48919bf24fc4330bfbda..493514677eaffd9bf3ffe1697dcf4d48f1bd33aa 100644 (file)
@@ -18,43 +18,42 @@ class SessionFactory extends ACPSessionFactory {
         */
        protected $sessionEditor = 'wcf\data\session\SessionEditor';
        
+       /**
+        * @see \wcf\system\session\ACPSessionFactory::hasValidCookie()
+        */
+       public function hasValidCookie() {
+               if (isset($_COOKIE[COOKIE_PREFIX.'cookieHash'])) {
+                       if ($_COOKIE[COOKIE_PREFIX.'cookieHash'] == SessionHandler::getInstance()->sessionID) {
+                               return true;
+                       }
+               }
+               
+               return false;
+       }
+       
        /**
         * @see \wcf\system\session\ACPSessionFactory::readSessionID()
         */
        protected function readSessionID() {
-               $sessionID = parent::readSessionID();
-               
                // get sessionID from cookie
-               if (empty($sessionID) && isset($_COOKIE[COOKIE_PREFIX.'cookieHash'])) {
-                       $sessionID = $_COOKIE[COOKIE_PREFIX . 'cookieHash'];
+               if (isset($_COOKIE[COOKIE_PREFIX.'cookieHash'])) {
+                       return $_COOKIE[COOKIE_PREFIX . 'cookieHash'];
                }
                
-               return $sessionID;
+               return '';
        }
        
        /**
         * @see \wcf\system\session\ACPSessionFactory::init()
         */
        protected function init() {
-               $usesCookies = true;
-               
-               if (isset($_COOKIE[COOKIE_PREFIX.'cookieHash'])) {
-                       if ($_COOKIE[COOKIE_PREFIX.'cookieHash'] != SessionHandler::getInstance()->sessionID) {
-                               $usesCookies = false;
-                       }
-               }
-               else {
-                       $usesCookies = false;
-               }
-               
-               if (!$usesCookies) {
+               if (!$this->hasValidCookie()) {
                        // cookie support will be enabled upon next request
                        HeaderUtil::setCookie('cookieHash', SessionHandler::getInstance()->sessionID);
                }
-               else {
-                       // enable cookie support
-                       SessionHandler::getInstance()->enableCookies();
-               }
+               
+               // enable cookie support
+               SessionHandler::getInstance()->enableCookies();
                
                parent::init();
        }
index 47b590a249fc1bc7030c3baf8f888cbbd054e214..8a00833981d55ca64085c03a1dcb4cfdb82d9b4e 100644 (file)
@@ -51,6 +51,12 @@ class SessionHandler extends SingletonFactory {
         */
        protected $groupData = null;
        
+       /**
+        * true if client provided a valid session cookie
+        * @var boolean
+        */
+       protected $hasValidCookie = false;
+       
        /**
         * language id for active user
         * @var integer
@@ -156,6 +162,24 @@ class SessionHandler extends SingletonFactory {
                $this->usersOnlyPermissions = UserGroupOptionCacheBuilder::getInstance()->getData(array(), 'usersOnlyOptions');
        }
        
+       /**
+        * Sets a boolean value to determine if the client provided a valid session cookie.
+        * 
+        * @param       boolean         $hasValidCookie
+        */
+       public function setHasValidCookie($hasValidCookie) {
+               $this->hasValidCookie = $hasValidCookie;
+       }
+       
+       /**
+        * Returns true if client provided a valid session cookie.
+        * 
+        * @return      boolean
+        */
+       public function hasValidCookie() {
+               return $this->hasValidCookie;
+       }
+       
        /**
         * Loads an existing session or creates a new one.
         * 
index 0ff3764157cf570a5e2c6ece1d0744cabd80a698..4a373f56d8ced36351d892a466bc1234c6f507d9 100644 (file)
@@ -2684,6 +2684,7 @@ Fehler sind beispielsweise:
                <item name="wcf.user.userAgent"><![CDATA[Browser-Kennung]]></item>
                <item name="wcf.user.login"><![CDATA[Anmeldung]]></item>
                <item name="wcf.user.login.data"><![CDATA[Zugangsdaten]]></item>
+               <item name="wcf.user.login.error.cookieRequired"><![CDATA[Die Anmeldung erfordert den Einsatz von Cookies, bitte aktivieren Sie diese um die Anmeldung durchzufĂĽhren.]]></item>
                <item name="wcf.user.password.error.false"><![CDATA[Dieses Kennwort ist falsch.]]></item>
                <item name="wcf.user.language"><![CDATA[Sprache]]></item>
                <item name="wcf.user.language.description"><![CDATA[Sprache der Benutzeroberfläche]]></item>
index bb87591833060a4a7022c19a33b6b1485a521ba2..a0f905d219ec95d9183b1621e6def22aeb3c92bb 100644 (file)
@@ -2682,6 +2682,7 @@ Errors are:
                <item name="wcf.user.userAgent"><![CDATA[User Agent]]></item>
                <item name="wcf.user.login"><![CDATA[Login]]></item>
                <item name="wcf.user.login.data"><![CDATA[Credentials]]></item>
+               <item name="wcf.user.login.error.cookieRequired"><![CDATA[The login requires the acceptance of cookies, please enable cookies to proceed.]]></item>
                <item name="wcf.user.password.error.false"><![CDATA[The entered password is wrong.]]></item>
                <item name="wcf.user.language"><![CDATA[Language]]></item>
                <item name="wcf.user.language.description"><![CDATA[User interface language]]></item>