Commit f8de498e authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files

Broke $SESSION and $USER into distinct roles. $SESSION is now a waffer thin

wrapper around $_SESSION, and $USER deals with system users and their
preferences.
parent 26deabdf
...@@ -60,7 +60,7 @@ $type = param_alpha('type', 'all'); ...@@ -60,7 +60,7 @@ $type = param_alpha('type', 'all');
$limit = param_integer('limit', 10); $limit = param_integer('limit', 10);
$offset = param_integer('offset', 0); $offset = param_integer('offset', 0);
$userid = $SESSION->get('id'); $userid = $USER->get('id');
if ($type == 'all') { if ($type == 'all') {
$count = count_records('notification_internal_activity', 'usr', $userid); $count = count_records('notification_internal_activity', 'usr', $userid);
......
...@@ -37,7 +37,7 @@ $notifications = plugins_installed('notification'); ...@@ -37,7 +37,7 @@ $notifications = plugins_installed('notification');
$elements = array(); $elements = array();
foreach ($activitytypes as $type) { foreach ($activitytypes as $type) {
if (!$dv = $SESSION->get_activity_preference($type->name)) { if (!$dv = $USER->get_activity_preference($type->name)) {
$dv = 'internal'; $dv = 'internal';
} }
$elements[$type->name] = array( $elements[$type->name] = array(
...@@ -76,11 +76,11 @@ $smarty->assign('form', pieform($prefsform)); ...@@ -76,11 +76,11 @@ $smarty->assign('form', pieform($prefsform));
$smarty->display('account/activity/preferences/index.tpl'); $smarty->display('account/activity/preferences/index.tpl');
function activityprefs_submit($values) { function activityprefs_submit($values) {
global $activitytypes, $SESSION; global $activitytypes, $USER;
$userid = $SESSION->get('id'); $userid = $USER->get('id');
foreach ($activitytypes as $type) { foreach ($activitytypes as $type) {
$SESSION->set_activity_preference($type->name, $values[$type->name]); $USER->set_activity_preference($type->name, $values[$type->name]);
} }
json_reply(false, get_string('prefssaved', 'account')); json_reply(false, get_string('prefssaved', 'account'));
exit; exit;
......
...@@ -32,9 +32,9 @@ require(dirname(dirname(__FILE__)) . '/init.php'); ...@@ -32,9 +32,9 @@ require(dirname(dirname(__FILE__)) . '/init.php');
require_once('pieforms/pieform.php'); require_once('pieforms/pieform.php');
// load up user preferences // load up user preferences
$prefs = (object)($SESSION->get('accountprefs')); $prefs = (object)($USER->get('accountprefs'));
$authtype = auth_get_authtype_for_institution($USER->institution); $authtype = auth_get_authtype_for_institution($USER->get('institution'));
$authclass = 'Auth' . ucfirst($authtype); $authclass = 'Auth' . ucfirst($authtype);
safe_require('auth', $authtype); safe_require('auth', $authtype);
...@@ -149,15 +149,12 @@ $smarty->display('account/index.tpl'); ...@@ -149,15 +149,12 @@ $smarty->display('account/index.tpl');
function accountprefs_validate(Pieform $form, $values) { function accountprefs_validate(Pieform $form, $values) {
if ($values['oldpassword'] !== '') { if ($values['oldpassword'] !== '') {
global $SESSION, $authtype, $authclass; global $USER, $authtype, $authclass;
if (!call_static_method($authclass, 'authenticate_user_account', $SESSION->get('username'), $values['oldpassword'], $SESSION->get('institution'))) { if (!call_static_method($authclass, 'authenticate_user_account', $USER->get('username'), $values['oldpassword'], $USER->get('institution'))) {
$form->set_error('oldpassword', get_string('oldpasswordincorrect', 'account')); $form->set_error('oldpassword', get_string('oldpasswordincorrect', 'account'));
return; return;
} }
$user = new StdClass; password_validate($form, $values, $USER);
$user->username = $SESSION->get('username');
$user->institution = $SESSION->get('institution');
password_validate($form, $values, $user);
} }
else if ($values['password1'] !== '' || $values['password2'] !== '') { else if ($values['password1'] !== '' || $values['password2'] !== '') {
$form->set_error('oldpassword', get_string('mustspecifyoldpassword')); $form->set_error('oldpassword', get_string('mustspecifyoldpassword'));
...@@ -165,26 +162,26 @@ function accountprefs_validate(Pieform $form, $values) { ...@@ -165,26 +162,26 @@ function accountprefs_validate(Pieform $form, $values) {
} }
function accountprefs_submit($values) { function accountprefs_submit($values) {
global $SESSION; global $USER;
db_begin(); db_begin();
if ($values['password1'] !== '') { if ($values['password1'] !== '') {
global $authclass; global $authclass;
$password = call_static_method($authclass, 'change_password', $SESSION->get('username'), $values['password1']); $password = call_static_method($authclass, 'change_password', $USER->get('username'), $values['password1']);
$user = new StdClass; $user = new StdClass;
$user->password = $password; $user->password = $password;
$user->passwordchange = 0; $user->passwordchange = 0;
$where = new StdClass; $where = new StdClass;
$where->username = $SESSION->get('username'); $where->username = $USER->get('username');
update_record('usr', $user, $where); update_record('usr', $user, $where);
$SESSION->set('password', $password); $USER->set('password', $password);
$SESSION->set('passwordchange', 0); $USER->set('passwordchange', 0);
} }
// use this as looping through values is not safe. // use this as looping through values is not safe.
$expectedprefs = expected_account_preferences(); $expectedprefs = expected_account_preferences();
foreach (array_keys($expectedprefs) as $pref) { foreach (array_keys($expectedprefs) as $pref) {
$SESSION->set_account_preference($pref, $values[$pref]); $USER->set_account_preference($pref, $values[$pref]);
} }
db_commit(); db_commit();
......
...@@ -34,7 +34,7 @@ $stopmonitoring = param_integer('stopmonitoring', 0); ...@@ -34,7 +34,7 @@ $stopmonitoring = param_integer('stopmonitoring', 0);
$getartefacts = param_integer('getartefacts', 0); $getartefacts = param_integer('getartefacts', 0);
if ($stopmonitoring) { if ($stopmonitoring) {
$userid = $SESSION->get('id'); $userid = $USER->get('id');
$count = 0; $count = 0;
db_begin(); db_begin();
try { try {
...@@ -71,7 +71,7 @@ $type = param_alpha('type', 'views'); ...@@ -71,7 +71,7 @@ $type = param_alpha('type', 'views');
$limit = param_integer('limit', 10); $limit = param_integer('limit', 10);
$offset = param_integer('offset', 0); $offset = param_integer('offset', 0);
$userid = $SESSION->get('id'); $userid = $USER->get('id');
$prefix = get_config('dbprefix'); $prefix = get_config('dbprefix');
if ($type == 'views') { if ($type == 'views') {
......
...@@ -37,7 +37,7 @@ $upgrades = check_upgrades(); ...@@ -37,7 +37,7 @@ $upgrades = check_upgrades();
if (isset($upgrades['core']) && !empty($upgrades['core']->install)) { if (isset($upgrades['core']) && !empty($upgrades['core']->install)) {
$smarty->assign('installing', true); $smarty->assign('installing', true);
$smarty->assign('releaseargs', array($upgrades['core']->torelease,$upgrades['core']->to)); $smarty->assign('releaseargs', array($upgrades['core']->torelease, $upgrades['core']->to));
$smarty->display('admin/installgpl.tpl'); $smarty->display('admin/installgpl.tpl');
exit; exit;
} }
......
...@@ -132,6 +132,9 @@ EOJS; ...@@ -132,6 +132,9 @@ EOJS;
$smarty->assign('INLINEJAVASCRIPT', $js); $smarty->assign('INLINEJAVASCRIPT', $js);
$smarty->assign_by_ref('upgrades', $upgrades); $smarty->assign_by_ref('upgrades', $upgrades);
if (isset($upgrades['core'])) {
$smarty->assign('releaseargs', array($upgrades['core']->torelease, $upgrades['core']->to));
}
$smarty->display('admin/upgrade.tpl'); $smarty->display('admin/upgrade.tpl');
?> ?>
...@@ -36,7 +36,7 @@ $element_required = call_static_method('ArtefactTypeProfile', 'get_mandatory_fie ...@@ -36,7 +36,7 @@ $element_required = call_static_method('ArtefactTypeProfile', 'get_mandatory_fie
// load existing profile information // load existing profile information
$profilefields = array(); $profilefields = array();
$profile_data = get_records_select('artefact', "owner=? AND artefacttype IN (" . join(",",array_map(create_function('$a','return db_quote($a);'),array_keys($element_list))) . ")", array($USER->id)); $profile_data = get_records_select('artefact', "owner=? AND artefacttype IN (" . join(",",array_map(create_function('$a','return db_quote($a);'),array_keys($element_list))) . ")", array($USER->get('id')));
if ($profile_data) { if ($profile_data) {
foreach ($profile_data as $field) { foreach ($profile_data as $field) {
...@@ -45,7 +45,7 @@ if ($profile_data) { ...@@ -45,7 +45,7 @@ if ($profile_data) {
} }
$profilefields['email'] = array(); $profilefields['email'] = array();
$profilefields['email']['all'] = get_rows('artefact_internal_profile_email', 'owner', $USER->id); $profilefields['email']['all'] = get_rows('artefact_internal_profile_email', 'owner', $USER->get('id'));
$profilefields['email']['validated'] = array(); $profilefields['email']['validated'] = array();
$profilefields['email']['unvalidated'] = array(); $profilefields['email']['unvalidated'] = array();
if ($profilefields['email']['all']) { if ($profilefields['email']['all']) {
...@@ -148,20 +148,20 @@ function profileform_submit($values) { ...@@ -148,20 +148,20 @@ function profileform_submit($values) {
email_user( email_user(
(object)array( (object)array(
'firstname' => $USER->firstname, 'firstname' => $USER->get('firstname'),
'lastname' => $USER->lastname, 'lastname' => $USER->get('lastname'),
'preferredname' => $USER->preferredname, 'preferredname' => $USER->get('preferredname'),
'email' => $email, 'email' => $email,
), ),
null, null,
get_string('emailvalidation_subject', 'artefact.internal'), get_string('emailvalidation_subject', 'artefact.internal'),
get_string('emailvalidation_body', 'artefact.internal', $USER->firstname, $email, $key_url) get_string('emailvalidation_body', 'artefact.internal', $USER->get('firstname'), $email, $key_url)
); );
insert_record( insert_record(
'artefact_internal_profile_email', 'artefact_internal_profile_email',
(object) array( (object) array(
'owner' => $USER->id, 'owner' => $USER->get('id'),
'email' => $email, 'email' => $email,
'verified' => 0, 'verified' => 0,
'key' => $key, 'key' => $key,
...@@ -179,9 +179,9 @@ function profileform_submit($values) { ...@@ -179,9 +179,9 @@ function profileform_submit($values) {
continue; continue;
} }
$artefact_id = get_field('artefact_internal_profile_email', 'artefact', 'email', $email, 'owner', $USER->id); $artefact_id = get_field('artefact_internal_profile_email', 'artefact', 'email', $email, 'owner', $USER->get('id'));
delete_records('artefact_internal_profile_email', 'email', $email, 'owner', $USER->id); delete_records('artefact_internal_profile_email', 'email', $email, 'owner', $USER->get('id'));
if ($artefact_id) { if ($artefact_id) {
global $db; global $db;
...@@ -205,7 +205,7 @@ function profileform_submit($values) { ...@@ -205,7 +205,7 @@ function profileform_submit($values) {
continue; continue;
} }
delete_records('artefact_internal_profile_email', 'email', $email, 'owner', $USER->id); delete_records('artefact_internal_profile_email', 'email', $email, 'owner', $USER->get('id'));
} }
if ($profilefields['email']['default'] != $values['email']['default']) { if ($profilefields['email']['default'] != $values['email']['default']) {
...@@ -215,7 +215,7 @@ function profileform_submit($values) { ...@@ -215,7 +215,7 @@ function profileform_submit($values) {
'principal' => 0, 'principal' => 0,
), ),
(object)array( (object)array(
'owner' => $USER->id, 'owner' => $USER->get('id'),
'email' => $profilefields['email']['default'], 'email' => $profilefields['email']['default'],
) )
); );
...@@ -225,7 +225,7 @@ function profileform_submit($values) { ...@@ -225,7 +225,7 @@ function profileform_submit($values) {
'principal' => 1, 'principal' => 1,
), ),
(object) array( (object) array(
'owner' => $USER->id, 'owner' => $USER->get('id'),
'email' => $values['email']['default'], 'email' => $values['email']['default'],
) )
); );
...@@ -235,14 +235,14 @@ function profileform_submit($values) { ...@@ -235,14 +235,14 @@ function profileform_submit($values) {
'email' => $values['email']['default'], 'email' => $values['email']['default'],
), ),
(object) array( (object) array(
'id' => $USER->id, 'id' => $USER->get('id'),
) )
); );
} }
} }
else { else {
$classname = generate_artefact_class_name($element); $classname = generate_artefact_class_name($element);
$profile = new $classname(0, array('owner' => $USER->id)); $profile = new $classname(0, array('owner' => $USER->get('id')));
$profile->set('title', $values[$element]); $profile->set('title', $values[$element]);
$profile->commit(); $profile->commit();
} }
......
...@@ -27,6 +27,7 @@ ...@@ -27,6 +27,7 @@
defined('INTERNAL') || die(); defined('INTERNAL') || die();
require('session.php'); require('session.php');
require(get_config('docroot') . 'auth/user.php');
/** /**
* Unknown user exception * Unknown user exception
...@@ -90,35 +91,6 @@ abstract class Auth { ...@@ -90,35 +91,6 @@ abstract class Auth {
return true; return true;
} }
/**
* If a validation form is to be used, the result of
* {@link get_configuration_form} should be passed through this method
* before being returned. This method builds the rest of the form.
*
* @param string $method The name of the authentication method (for
* example 'internal'). Lowercase please.
* @param array $elements The elements in the form.
* @return array The form definition. <kbd>false</kbd> if there
* is no form for the authentication method.
*/
protected static final function build_form($method, $elements) {
if (count($elements)) {
$elements['submit'] = array(
'type' => 'submit',
'value' => 'Update'
);
$elements['method'] = array(
'type' => 'hidden',
'value' => $method
);
return array(
'name' => 'auth',
'elements' => $elements
);
}
return false;
}
} }
...@@ -139,58 +111,64 @@ abstract class Auth { ...@@ -139,58 +111,64 @@ abstract class Auth {
* testing is done to make sure the user has the required permissions to see * testing is done to make sure the user has the required permissions to see
* the page. * the page.
* *
* @return object The $USER object, if the user is logged in and continuing
* their session.
*/ */
function auth_setup () { function auth_setup () {
global $SESSION, $USER; global $SESSION, $USER;
// If the system is not installed, let the user through in the hope that // If the system is not installed, let the user through in the hope that
// they can fix this little problem :) // they can fix this little problem :)
log_debug('auth_setup()');
if (!get_config('installed')) { if (!get_config('installed')) {
$SESSION->logout(); log_debug('system not installed, letting user through');
$USER->logout();
return; return;
} }
// Check the time that the session is set to log out. If the user does // Check the time that the session is set to log out. If the user does
// not have a session, this time will be 0. // not have a session, this time will be 0.
$sessionlogouttime = $SESSION->get('logout_time'); $sessionlogouttime = $USER->get('logout_time');
log_debug("logout time: $sessionlogouttime");
if ($sessionlogouttime && isset($_GET['logout'])) { if ($sessionlogouttime && isset($_GET['logout'])) {
if (isset($_GET['logout'])) { log_debug("logging user out");
$SESSION->logout(); $USER->logout();
$SESSION->add_ok_msg(get_string('loggedoutok')); $SESSION->add_ok_msg(get_string('loggedoutok'));
redirect(get_config('wwwroot')); redirect(get_config('wwwroot'));
}
} }
if ($sessionlogouttime > time()) { if ($sessionlogouttime > time()) {
log_debug("session still active");
// The session is still active, so continue it. // The session is still active, so continue it.
// Make sure that if a user's admin status has changed, they're kicked // Make sure that if a user's admin status has changed, they're kicked
// out of the admin section // out of the admin section
if (defined('ADMIN')) { if (defined('ADMIN')) {
$userreallyadmin = get_field('usr', 'admin', 'id', $SESSION->get('id')); $userreallyadmin = get_field('usr', 'admin', 'id', $USER->get('id'));
if (!$SESSION->get('admin') && $userreallyadmin) { if (!$USER->get('admin') && $userreallyadmin) {
// The user has been made into an admin // The user has been made into an admin
$SESSION->set('admin', 1); log_debug("user has been made an admin");
$USER->set('admin', 1);
} }
else if ($SESSION->get('admin') && !$userreallyadmin) { else if ($USER->get('admin') && !$userreallyadmin) {
// The user's admin rights have been taken away // The user's admin rights have been taken away
$SESSION->set('admin', 0); log_debug("users admin rights have been revoked!");
$USER->set('admin', 0);
$SESSION->add_err_msg(get_string('accessforbiddentoadminsection')); $SESSION->add_err_msg(get_string('accessforbiddentoadminsection'));
redirect(get_config('wwwroot')); redirect(get_config('wwwroot'));
} }
elseif (!$SESSION->get('admin')) { elseif (!$USER->get('admin')) {
// The user never was an admin // The user never was an admin
log_debug("denying user access to administration");
$SESSION->add_err_msg(get_string('accessforbiddentoadminsection')); $SESSION->add_err_msg(get_string('accessforbiddentoadminsection'));
redirect(get_config('wwwroot')); redirect(get_config('wwwroot'));
} }
} }
$USER = $SESSION->renew(); log_debug("renewing user's session");
$USER->renew();
auth_check_password_change(); auth_check_password_change();
return $USER; //return $USER;
} }
else if ($sessionlogouttime > 0) { else if ($sessionlogouttime > 0) {
// The session timed out // The session timed out
$SESSION->logout(); log_debug('session timed out');
$USER->logout();
// If the page the user is viewing is public, inform them that they can // If the page the user is viewing is public, inform them that they can
// log in again // log in again
...@@ -198,6 +176,7 @@ function auth_setup () { ...@@ -198,6 +176,7 @@ function auth_setup () {
// @todo this links to ?login - later it should do magic to make // @todo this links to ?login - later it should do magic to make
// sure that whatever GET string is made it includes the old data // sure that whatever GET string is made it includes the old data
// correctly // correctly
log_debug('timed out on public page');
$SESSION->add_info_msg(get_string('sessiontimedoutpublic'), false); $SESSION->add_info_msg(get_string('sessiontimedoutpublic'), false);
return; return;
} }
...@@ -206,23 +185,23 @@ function auth_setup () { ...@@ -206,23 +185,23 @@ function auth_setup () {
// The auth_draw_login_page function may authenticate a user if a login // The auth_draw_login_page function may authenticate a user if a login
// request was sent at the same time that the "timed out" message is to // request was sent at the same time that the "timed out" message is to
// be displayed. // be displayed.
return $USER; //return $USER;
} }
else { else {
// There is no session, so we check to see if one needs to be started. // There is no session, so we check to see if one needs to be started.
log_debug('no session');
// Build login form. If the form is submitted it will be handled here, // Build login form. If the form is submitted it will be handled here,
// and set $USER for us (this will happen when users hit a page and // and set $USER for us (this will happen when users hit a page and
// specify login data immediately // specify login data immediately
//require_once('form.php');
require_once('pieforms/pieform.php'); require_once('pieforms/pieform.php');
$form = new Pieform(auth_get_login_form()); $form = new Pieform(auth_get_login_form());
if ($USER) { if ($USER->is_logged_in()) {
return $USER; return;
} }
// Check if the page is public or the site is configured to be public. // Check if the page is public or the site is configured to be public.
if (defined('PUBLIC') && !isset($_GET['login'])) { if (defined('PUBLIC') && !isset($_GET['login'])) {
log_debug('user viewing public page');
return; return;
} }
...@@ -254,11 +233,11 @@ function auth_get_authtype_for_institution($institution) { ...@@ -254,11 +233,11 @@ function auth_get_authtype_for_institution($institution) {
*/ */
function auth_check_password_change() { function auth_check_password_change() {
global $USER; global $USER;
if (!$USER->passwordchange) { if (!$USER->get('passwordchange')) {
return; return;
} }
$authtype = auth_get_authtype_for_institution($USER->institution); $authtype = auth_get_authtype_for_institution($USER->get('institution'));
$authclass = 'Auth' . ucfirst($authtype); $authclass = 'Auth' . ucfirst($authtype);
$url = ''; $url = '';
safe_require('auth', $authtype); safe_require('auth', $authtype);
...@@ -328,7 +307,7 @@ function change_password_validate(Pieform $form, $values) { ...@@ -328,7 +307,7 @@ function change_password_validate(Pieform $form, $values) {
// Get the authentication type for the user (based on the institution), and // Get the authentication type for the user (based on the institution), and
// use the information to validate the password // use the information to validate the password
$authtype = auth_get_authtype_for_institution($USER->institution); $authtype = auth_get_authtype_for_institution($USER->get('institution'));
$authclass = 'Auth' . ucfirst($authtype); $authclass = 'Auth' . ucfirst($authtype);
$authlang = 'auth.' . $authtype; $authlang = 'auth.' . $authtype;
safe_require('auth', $authtype); safe_require('auth', $authtype);
...@@ -338,7 +317,7 @@ function change_password_validate(Pieform $form, $values) { ...@@ -338,7 +317,7 @@ function change_password_validate(Pieform $form, $values) {
// The password cannot be the same as the old one // The password cannot be the same as the old one
if (!$form->get_error('password1')