Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Qual: Now creation of session is done before the loading of conf. This make code much easier to understand.

Browse Source
This commit is contained in:
Laurent Destailleur 2009-05-22 00:20:45 +00:00
parent 0c6606a260
commit 8e167d3f80
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/lib/security.lib.php
View File

@ -43,6 +43,10 @@ function dol_loginfunction($langs,$conf,$mysoc)
header('Cache-Control: Public, must-revalidate');
header("Content-type: text/html; charset=".$conf->file->character_set_client);
// Set cookie for timeout management
$sessiontimeout='DOLSESSTIMEOUT_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]);
if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", '', 0);
if (! empty($_REQUEST["urlfrom"])) $_SESSION["urlfrom"]=$_REQUEST["urlfrom"];
else unset($_SESSION["urlfrom"]);

11
htdocs/main.inc.php
View File

@ -121,13 +121,13 @@ set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
// Init session. Name of session is specific to Dolibarr instance.
$sessionname='DOLSESSID_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]);
if (! empty($_SERVER["DOLSESSTIMEOUT"])) ini_set('session.gc_maxlifetime',$_SERVER["DOLSESSTIMEOUT"]);
if (! empty($_COOKIE["DOLSESSTIMEOUT"])) ini_set('session.gc_maxlifetime',$_REQUEST["DOLSESSTIMEOUT"]);
$sessiontimeout='DOLSESSTIMEOUT_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]);
if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$sessiontimeout);
session_name($sessionname);
session_start();
// Security. TODO Check if this is usefull.
if (!isset($_SESSION['cryptkey'])) $_SESSION['cryptkey'] = mt_rand();
//if (!isset($_SESSION['cryptkey'])) $_SESSION['cryptkey'] = mt_rand();
// Set and init common variables
// This include will set: config file variable $dolibarr_xxx, $conf, $langs and $mysoc objects
@ -189,7 +189,7 @@ if (isset($_POST['token']) && isset($_SESSION['token_level_1']) && isset($_SESSI
}
// Disable modules (this must be after session_start and after conf has been reloaded)
// Disable modules (this must be after session_start and after conf has been loaded)
if (! empty($_REQUEST["disablemodules"])) $_SESSION["disablemodules"]=$_REQUEST["disablemodules"];
if (! empty($_SESSION["disablemodules"]))
{
@ -448,7 +448,7 @@ if (! isset($_SESSION["dol_login"]))
// No data specific to session must be stored in cookies as this is the goal of session
// object and not cookie. Saving entity in session should save a large amount of useless code,
// make code cleaner and solve pb of forged cookie.
if ($conf->multicompany->enabled && isset($_POST["entity"]))
/* if ($conf->multicompany->enabled && isset($_POST["entity"]))
{
include_once(DOL_DOCUMENT_ROOT . "/core/cookie.class.php");
@ -462,6 +462,7 @@ if (! isset($_SESSION["dol_login"]))
$entityCookie->_setCookie($entityCookieName, $entity);
}
}
*/
// Module webcalendar
if (! empty($conf->webcal->enabled) && $user->webcal_login != "")

2
htdocs/master.inc.php
View File

@ -223,6 +223,7 @@ if (! defined('NOREQUIREDB'))
{
// TODO MULTICOMP This can be removed now.
// Cookie usage replaced with session to save a lot of code and avoid cookie forging.
/*
$entityCookieName="DOLENTITYID_dolibarr";
if (isset($_COOKIE[$entityCookieName])) // Should not be used anymore
{
@ -232,6 +233,7 @@ if (! defined('NOREQUIREDB'))
$entityCookie = new DolCookie($_SESSION['cryptkey']);
$conf->entity = $entityCookie->_getCookie($entityCookieName);
}
*/
}
}
$conf->setValues($db);