<div id="login" style="display: none">
<form method="post" action="{link controller='Login'}{/link}">
- {include file='formError'}
+ {if !$errorField|empty && $errorField == 'cookie'}
+ <p class="error">{lang}wcf.user.login.error.cookieRequired{/lang}</p>
+ {else}
+ {include file='formError'}
+ {/if}
<dl{if $errorField == 'username'} class="formError"{/if}>
<dt><label for="username">{lang}wcf.user.username{/lang}</label></dt>
public function validate() {
parent::validate();
+ if (!WCF::getSession()->hasValidCookie()) {
+ throw new UserInputException('cookie');
+ }
+
// error handling
if (empty($this->username)) {
throw new UserInputException('username');
if (isset($_POST['useCookies'])) $this->useCookies = intval($_POST['useCookies']);
}
- /**
- * @see \wcf\form\IForm::validate()
- */
- public function validate() {
- if (!WCF::getSession()->hasValidCookie()) {
- throw new UserInputException('cookie');
- }
-
- parent::validate();
- }
-
/**
* @see \wcf\form\IForm::save()
*/
* @see \wcf\system\WCF::initSession()
*/
protected function initSession() {
+ self::$sessionObj = SessionHandler::getInstance();
+ self::$sessionObj->setCookieSuffix('_acp');
+
$factory = new ACPSessionFactory();
$factory->load();
- self::$sessionObj = SessionHandler::getInstance();
+ self::$sessionObj->setHasValidCookie($factory->hasValidCookie());
}
/**
<?php
namespace wcf\system\session;
+use wcf\data\acp\session\ACPSessionEditor;
use wcf\system\event\EventHandler;
+use wcf\util\HeaderUtil;
/**
* Handles the ACP session of the active user.
*
* @author Marcel Werk
- * @copyright 2001-2015 WoltLab GmbH
+ * @copyright 2001-2016 WoltLab GmbH
* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
* @package com.woltlab.wcf
* @subpackage system.session
* @category Community Framework
*/
class ACPSessionFactory {
+ /**
+ * suffix used to tell ACP and frontend cookies apart
+ * @var string
+ */
+ protected $cookieSuffix = '_acp';
+
/**
* session editor class name
* @var string
*/
- protected $sessionEditor = 'wcf\data\acp\session\ACPSessionEditor';
+ protected $sessionEditor = ACPSessionEditor::class;
/**
* Loads the object of the active session.
* @since 2.2
*/
public function hasValidCookie() {
+ if (isset($_COOKIE[COOKIE_PREFIX.'cookieHash'.$this->cookieSuffix])) {
+ if ($_COOKIE[COOKIE_PREFIX.'cookieHash'.$this->cookieSuffix] == SessionHandler::getInstance()->sessionID) {
+ return true;
+ }
+ }
+
return false;
}
* Initializes the session system.
*/
protected function init() {
+ if (!$this->hasValidCookie()) {
+ // cookie support will be enabled upon next request
+ HeaderUtil::setCookie('cookieHash'.$this->cookieSuffix, SessionHandler::getInstance()->sessionID);
+ }
+
SessionHandler::getInstance()->initSession();
}
/**
- * Returns the session id from request (GET/POST). Returns an empty string,
- * if no session id was given.
+ * Returns the session id from cookie. Returns an empty string,
+ * if no session cookie was provided.
*
* @return string
*/
protected function readSessionID() {
- if (isset($_GET['s'])) {
- if (is_string($_GET['s'])) {
- return $_GET['s'];
- }
- }
- else if (isset($_POST['s'])) {
- if (is_string($_POST['s'])) {
- return $_POST['s'];
- }
+ // get sessionID from cookie
+ if (isset($_COOKIE[COOKIE_PREFIX.'cookieHash'.$this->cookieSuffix])) {
+ return $_COOKIE[COOKIE_PREFIX . 'cookieHash'.$this->cookieSuffix];
}
return '';
<?php
namespace wcf\system\session;
-use wcf\util\HeaderUtil;
+use wcf\data\session\SessionEditor;
/**
* Handles the session of the active user.
*
* @author Marcel Werk
- * @copyright 2001-2015 WoltLab GmbH
+ * @copyright 2001-2016 WoltLab GmbH
* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
* @package com.woltlab.wcf
* @subpackage system.session
*/
class SessionFactory extends ACPSessionFactory {
/**
- * @see \wcf\system\session\ACPSessionFactory::$sessionEditor
+ * @inheritDoc
*/
- protected $sessionEditor = 'wcf\data\session\SessionEditor';
+ protected $cookieSuffix = '';
/**
- * @see \wcf\system\session\ACPSessionFactory::hasValidCookie()
- * @since 2.2
+ * @inheritDoc
*/
- public function hasValidCookie() {
- if (isset($_COOKIE[COOKIE_PREFIX.'cookieHash'])) {
- if ($_COOKIE[COOKIE_PREFIX.'cookieHash'] == SessionHandler::getInstance()->sessionID) {
- return true;
- }
- }
-
- return false;
- }
-
- /**
- * @see \wcf\system\session\ACPSessionFactory::readSessionID()
- */
- protected function readSessionID() {
- // get sessionID from cookie
- if (isset($_COOKIE[COOKIE_PREFIX.'cookieHash'])) {
- return $_COOKIE[COOKIE_PREFIX . 'cookieHash'];
- }
-
- return '';
- }
-
- /**
- * @see \wcf\system\session\ACPSessionFactory::init()
- */
- protected function init() {
- if (!$this->hasValidCookie()) {
- // cookie support will be enabled upon next request
- HeaderUtil::setCookie('cookieHash', SessionHandler::getInstance()->sessionID);
- }
-
- // enable cookie support
-
- SessionHandler::getInstance()->enableCookies();
-
- parent::init();
- }
+ protected $sessionEditor = SessionEditor::class;
}
* @category Community Framework
*/
class SessionHandler extends SingletonFactory {
+ /**
+ * suffix used to tell ACP and frontend cookies apart
+ * @var string
+ */
+ protected $cookieSuffix = '';
+
/**
* prevents update on shutdown
* @var boolean
*/
protected $styleID = null;
- /**
- * enable cookie support
- * @var boolean
- */
- protected $useCookies = false;
-
/**
* user object
* @var \wcf\data\user\User
$this->usersOnlyPermissions = UserGroupOptionCacheBuilder::getInstance()->getData(array(), 'usersOnlyOptions');
}
+ /**
+ * Suffix used to tell ACP and frontend cookies apart
+ *
+ * @param string $cookieSuffix cookie suffix
+ */
+ public function setCookieSuffix($cookieSuffix) {
+ $this->cookieSuffix = $cookieSuffix;
+ }
+
/**
* Sets a boolean value to determine if the client provided a valid session cookie.
*
// fetch new session data from database
$this->session = new $this->sessionClassName($newSessionID);
- if ($this->useCookies) {
- // we know that the user accepts cookies, simply send new session id
- HeaderUtil::setCookie('cookieHash', $newSessionID);
- }
- else if ($_SERVER['REQUEST_METHOD'] === 'GET') {
- // user maybe does not accept cookies, replace session id in url
- // otherwise reloading the page will generate a new session
-
- $this->update();
- HeaderUtil::redirect(str_replace('s='.$oldSessionID, 's='.$newSessionID, UserUtil::getRequestURI()));
- exit;
- }
- }
-
- /**
- * Enables cookie support.
- */
- public function enableCookies() {
- $this->useCookies = true;
+ HeaderUtil::setCookie('cookieHash'.$this->cookieSuffix, $newSessionID);
}
/**
* Defines global wcf constants related to session.
*/
protected function defineConstants() {
- if ($this->useCookies || $this->session->spiderID) {
- if (!defined('SID_ARG_1ST')) define('SID_ARG_1ST', '');
- if (!defined('SID_ARG_2ND')) define('SID_ARG_2ND', '');
- if (!defined('SID_ARG_2ND_NOT_ENCODED')) define('SID_ARG_2ND_NOT_ENCODED', '');
- if (!defined('SID')) define('SID', '');
- if (!defined('SID_INPUT_TAG')) define('SID_INPUT_TAG', '');
- }
- else {
- if (!defined('SID_ARG_1ST')) define('SID_ARG_1ST', '?s='.$this->session->sessionID);
- if (!defined('SID_ARG_2ND')) define('SID_ARG_2ND', '&s='.$this->session->sessionID);
- if (!defined('SID_ARG_2ND_NOT_ENCODED')) define('SID_ARG_2ND_NOT_ENCODED', '&s='.$this->session->sessionID);
- if (!defined('SID')) define('SID', $this->session->sessionID);
- if (!defined('SID_INPUT_TAG')) define('SID_INPUT_TAG', '<input type="hidden" name="s" value="'.$this->session->sessionID.'" />');
- }
+ /* the SID*-constants below are deprecated since 2.2 */
+ if (!defined('SID_ARG_1ST')) define('SID_ARG_1ST', '');
+ if (!defined('SID_ARG_2ND')) define('SID_ARG_2ND', '');
+ if (!defined('SID_ARG_2ND_NOT_ENCODED')) define('SID_ARG_2ND_NOT_ENCODED', '');
+ if (!defined('SID')) define('SID', '');
+ if (!defined('SID_INPUT_TAG')) define('SID_INPUT_TAG', '');
// security token
if (!defined('SECURITY_TOKEN')) define('SECURITY_TOKEN', $this->getSecurityToken());
$this->session = call_user_func(array($this->sessionEditorClassName, 'create'), $sessionData);
- HeaderUtil::setCookie('cookieHash', $this->session->sessionID);
+ HeaderUtil::setCookie('cookieHash'.$this->cookieSuffix, $this->session->sessionID);
}
else {
// this was the last virtual session, re-use current session
$this->register('__SECURITY_TOKEN', $variables['__SECURITY_TOKEN']);
}
- HeaderUtil::setCookie('cookieHash', $this->session->sessionID);
+ HeaderUtil::setCookie('cookieHash'.$this->cookieSuffix, $this->session->sessionID);
}
break;
}
projects / GitHub / WoltLab / WCF.git / commitdiff