From 2077464d464e485a978166604faf158b654fb0cb Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 3 May 2011 09:14:32 +0200 Subject: [PATCH 01/12] begin bookmark model class with URL validation method --- data/config.default.php | 15 ++++++ src/SemanticScuttle/Model/Bookmark.php | 38 +++++++++++++++ src/SemanticScuttle/header.php | 1 + tests/Model/BookmarkTest.php | 65 ++++++++++++++++++++++++++ 4 files changed, 119 insertions(+) create mode 100644 src/SemanticScuttle/Model/Bookmark.php create mode 100644 tests/Model/BookmarkTest.php diff --git a/data/config.default.php b/data/config.default.php index af79891..b2c7307 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -462,6 +462,21 @@ $filetypes = array( 'video' => array('avi', 'mov', 'mp4', 'mpeg', 'mpg', 'wmv') ); +/** + * Link protocols that are allowed for newly added bookmarks. + * This prevents i.e. adding javascript: links. + * + * @link http://en.wikipedia.org/wiki/URI_scheme + * + * @var array + */ +$allowedProtocols = array( + 'ftp', 'ftps', + 'http', 'https', + 'mailto', 'nntp', + 'xmpp' +); + /** * Enable the "common bookmark description" functionality * diff --git a/src/SemanticScuttle/Model/Bookmark.php b/src/SemanticScuttle/Model/Bookmark.php new file mode 100644 index 0000000..2cbe38d --- /dev/null +++ b/src/SemanticScuttle/Model/Bookmark.php @@ -0,0 +1,38 @@ + + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +/** + * Bookmark model class, keeping the data of a single bookmark. + * It will slowly replace the old array style format. + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ +class SemanticScuttle_Model_Bookmark +{ + public static function isValidUrl($url) + { + $scheme = parse_url($url, PHP_URL_SCHEME); + if (array_search($scheme, $GLOBALS['allowedProtocols']) === false) { + return false; + } + return true; + } + +} + + +?> \ No newline at end of file diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php index 75e5204..d812124 100644 --- a/src/SemanticScuttle/header.php +++ b/src/SemanticScuttle/header.php @@ -82,6 +82,7 @@ require_once 'SemanticScuttle/Service.php'; require_once 'SemanticScuttle/DbService.php'; require_once 'SemanticScuttle/Service/Factory.php'; require_once 'SemanticScuttle/functions.php'; +require_once 'SemanticScuttle/Model/Bookmark.php'; require_once 'SemanticScuttle/Model/UserArray.php'; if (count($GLOBALS['serviceoverrides']) > 0 diff --git a/tests/Model/BookmarkTest.php b/tests/Model/BookmarkTest.php new file mode 100644 index 0000000..9f55143 --- /dev/null +++ b/tests/Model/BookmarkTest.php @@ -0,0 +1,65 @@ + + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ + +/** + * Unit tests for the SemanticScuttle Bookmark model + * + * @category Bookmarking + * @package SemanticScuttle + * @author Christian Weiske + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + */ +class Model_BookmarkTest extends TestBase +{ + public function testIsValidUrlValid() + { + $this->assertTrue( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'http://example.org/foo/bar?baz=foorina' + ) + ); + $this->assertTrue( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'https://example.org/' + ) + ); + $this->assertTrue( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'ftp://user:pass@example.org/' + ) + ); + $this->assertTrue( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'mailto:cweiske@example.org' + ) + ); + } + + public function testIsValidUrlInvalid() + { + $this->assertFalse( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'javascript:alert("foo")' + ) + ); + $this->assertFalse( + SemanticScuttle_Model_Bookmark::isValidUrl( + 'foo://example.org/foo/bar' + ) + ); + } + +} + +?> \ No newline at end of file From 218ac05e712a85572afd0ed76ff969bcbe6c4b09 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 3 May 2011 09:19:08 +0200 Subject: [PATCH 02/12] docblock for isValidUrl method --- src/SemanticScuttle/Model/Bookmark.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/SemanticScuttle/Model/Bookmark.php b/src/SemanticScuttle/Model/Bookmark.php index 2cbe38d..8bda0b3 100644 --- a/src/SemanticScuttle/Model/Bookmark.php +++ b/src/SemanticScuttle/Model/Bookmark.php @@ -23,6 +23,14 @@ */ class SemanticScuttle_Model_Bookmark { + /** + * Checks if the given URL is valid and may be used with this + * SemanticScuttle installation. + * + * @param string $url URL to verify. + * + * @return boolean True if the URL is allowed, false if not + */ public static function isValidUrl($url) { $scheme = parse_url($url, PHP_URL_SCHEME); From fb11021ed7eadf7443755e936cbad34fbfec7d4c Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 3 May 2011 19:10:12 +0200 Subject: [PATCH 03/12] do not add bookmarks with an invalid URL --- src/SemanticScuttle/Service/Bookmark.php | 10 +++++++++- tests/BookmarkTest.php | 11 ++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/SemanticScuttle/Service/Bookmark.php b/src/SemanticScuttle/Service/Bookmark.php index a30ad5f..919ca7a 100644 --- a/src/SemanticScuttle/Service/Bookmark.php +++ b/src/SemanticScuttle/Service/Bookmark.php @@ -435,6 +435,10 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService /** * Adds a bookmark to the database. * + * Security checks are being made here, but no error reasons will be + * returned. It is the responsibility of the code that calls + * addBookmark() to verify the data. + * * @param string $address Full URL of the bookmark * @param string $title Bookmark title * @param string $description Long bookmark description @@ -453,7 +457,8 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService * @param boolean $fromImport True when the bookmark is from an import. * @param integer $sId ID of user who creates the bookmark. * - * @return integer Bookmark ID + * @return mixed Integer bookmark ID if saving succeeded, false in + * case of an error. Error reasons are not returned. */ public function addBookmark( $address, $title, $description, $privateNote, $status, $tags, @@ -466,6 +471,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService } $address = $this->normalize($address); + if (!SemanticScuttle_Model_Bookmark::isValidUrl($address)) { + return false; + } /* * Note that if date is NULL, then it's added with a date and diff --git a/tests/BookmarkTest.php b/tests/BookmarkTest.php index e7ce488..7533f3a 100644 --- a/tests/BookmarkTest.php +++ b/tests/BookmarkTest.php @@ -65,7 +65,16 @@ class BookmarkTest extends TestBase $this->assertEquals('myShortName', $bm['bShort']); } - public function testHardCharactersInBookmarks() + public function testAddBookmarkInvalidUrl() + { + $retval = $this->bs->addBookmark( + 'javascript:alert(123)', 'title', 'desc', 'priv', + 0, array() + ); + $this->assertFalse($retval, 'Bookmark with invalid URL was accepted'); + } + + public function testAddBookmarkWithSpecialCharacters() { $bs = $this->bs; $title = "title&é\"'(-è_çà)="; From 4a3fdcc4dd5e1298ec701817ae7041e9992a8ff8 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 3 May 2011 19:10:30 +0200 Subject: [PATCH 04/12] rename test method --- tests/BookmarkTest.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/BookmarkTest.php b/tests/BookmarkTest.php index 7533f3a..b50dab2 100644 --- a/tests/BookmarkTest.php +++ b/tests/BookmarkTest.php @@ -50,8 +50,6 @@ class BookmarkTest extends TestBase /** * Tests if adding a bookmark with short url name * saves it in the database. - * - * @return void */ public function testAddBookmarkShort() { @@ -104,7 +102,7 @@ class BookmarkTest extends TestBase ); } - public function testUnificationOfBookmarks() + public function testAddBookmarkUnification() { $bs = $this->bs; From c8a5f29677383cb607faef3e19f95a2be2e469cd Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 3 May 2011 19:15:36 +0200 Subject: [PATCH 05/12] show proper error message when url is invalid --- www/bookmarks.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/www/bookmarks.php b/www/bookmarks.php index 3b1d50a..ee0612e 100644 --- a/www/bookmarks.php +++ b/www/bookmarks.php @@ -135,8 +135,11 @@ if ($userservice->isLoggedOn() && POST_SUBMITTED != '') { $templatename = 'editbookmark.tpl'; } else { $address = trim(POST_ADDRESS); - // If the bookmark exists already, edit the original - if ($bookmarkservice->bookmarkExists($address, $currentUserID)) { + if (!SemanticScuttle_Model_Bookmark::isValidUrl($address)) { + $tplVars['error'] = T_('This bookmark URL may not be added'); + $templatename = 'editbookmark.tpl'; + } else if ($bookmarkservice->bookmarkExists($address, $currentUserID)) { + // If the bookmark exists already, edit the original $bookmark = $bookmarkservice->getBookmarkByAddress($address); header('Location: '. createURL('edit', $bookmark['bId'])); exit(); From 69d0ef4ff52f5d872dcab294bd6b3b84148f74ba Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 3 May 2011 19:17:28 +0200 Subject: [PATCH 06/12] update changelog --- doc/ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/ChangeLog b/doc/ChangeLog index a7374e2..98ca4b2 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -13,6 +13,7 @@ ChangeLog for SemantiScuttle - Update php-gettext library to 1.0.10 - api/posts/add respects the "replace" parameter now - Fix privacy issue when fetching tags of several users +- Only URLs with an allowed protocol may be added to the database 0.97.2 - 2011-02-17 From e2c4b53ecb1b52a91249562b0e34b24f5e4d8d3e Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Tue, 3 May 2011 19:21:26 +0200 Subject: [PATCH 07/12] update changelog; bug #3251877 has been fixed with the query switch --- doc/ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/ChangeLog b/doc/ChangeLog index 98ca4b2..dacee5a 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -7,6 +7,7 @@ ChangeLog for SemantiScuttle - Fix bug #3187177: Wrong URL / Export XML Bookmarks - Fix bug in getTagsForBookmarks() that fetched all tags - Fix bug #3097187: Using opensearch with two tags does not work in Firefox +- Fix bug #3251877: French translation JavaScript Bug when editing bookmarks - Implement request #3054906: Show user's full name instead of nickname - Implement patch #3059829: update FR_CA translation - Show error message on mysqli connection errors From 69e58d8632198cf3eb39317d9382007731a10141 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Wed, 4 May 2011 07:24:52 +0200 Subject: [PATCH 08/12] Support HTTPS connections when $root is not configured --- doc/ChangeLog | 1 + src/SemanticScuttle/constants.php | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index dacee5a..d9b6f57 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -15,6 +15,7 @@ ChangeLog for SemantiScuttle - api/posts/add respects the "replace" parameter now - Fix privacy issue when fetching tags of several users - Only URLs with an allowed protocol may be added to the database +- Support HTTPS connections when $root is not configured 0.97.2 - 2011-02-17 diff --git a/src/SemanticScuttle/constants.php b/src/SemanticScuttle/constants.php index b023840..f8567d9 100644 --- a/src/SemanticScuttle/constants.php +++ b/src/SemanticScuttle/constants.php @@ -41,7 +41,10 @@ if (!isset($GLOBALS['root'])) { $rootTmp .= '/'; } - define('ROOT', 'http://'. $_SERVER['HTTP_HOST'] . $rootTmp); + //we do not prepend http since we also want to support https connections + // "http" is not required; it's automatically determined by the browser + // depending on the current connection. + define('ROOT', '//'. $_SERVER['HTTP_HOST'] . $rootTmp); } else { define('ROOT', $GLOBALS['root']); } From dda05f5cc7e1d984564e5154f6ceda762c2224a3 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Wed, 4 May 2011 08:02:33 +0200 Subject: [PATCH 09/12] SQL schema version table to ease future database upgrades --- data/schema/6.sql | 4 ++++ data/tables.sql | 8 +++++++- doc/ChangeLog | 1 + doc/UPGRADE.txt | 11 +++++++++++ 4 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 data/schema/6.sql diff --git a/data/schema/6.sql b/data/schema/6.sql new file mode 100644 index 0000000..4ae7cb9 --- /dev/null +++ b/data/schema/6.sql @@ -0,0 +1,4 @@ +CREATE TABLE `sc_version` ( + `schema_version` int(11) NOT NULL +) DEFAULT CHARSET=utf8; +INSERT INTO `sc_version` (`schema_version`) VALUES ('6'); diff --git a/data/tables.sql b/data/tables.sql index c61c2f5..7a9c5bd 100644 --- a/data/tables.sql +++ b/data/tables.sql @@ -182,4 +182,10 @@ CREATE TABLE `sc_votes` ( UNIQUE KEY `bid_2` (`bId`,`uId`), KEY `bid` (`bId`), KEY `uid` (`uId`) -) CHARACTER SET utf8 COLLATE utf8_general_ci ; \ No newline at end of file +) CHARACTER SET utf8 COLLATE utf8_general_ci ; + + +CREATE TABLE `sc_version` ( + `schema_version` int(11) NOT NULL +) DEFAULT CHARSET=utf8; +INSERT INTO `sc_version` (`schema_version`) VALUES ('6'); diff --git a/doc/ChangeLog b/doc/ChangeLog index d9b6f57..a54e71e 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -16,6 +16,7 @@ ChangeLog for SemantiScuttle - Fix privacy issue when fetching tags of several users - Only URLs with an allowed protocol may be added to the database - Support HTTPS connections when $root is not configured +- SQL schema version table to ease future database upgrades 0.97.2 - 2011-02-17 diff --git a/doc/UPGRADE.txt b/doc/UPGRADE.txt index c4470f9..3be6654 100644 --- a/doc/UPGRADE.txt +++ b/doc/UPGRADE.txt @@ -2,6 +2,17 @@ Upgrading SemanticScuttle from a previous version ================================================= +From version 0.97 to 0.98 +------------------------- +Database updates: Apply data/schema/6.sql or do the following: + + CREATE TABLE `sc_version` ( + `schema_version` int(11) NOT NULL + ) DEFAULT CHARSET=utf8; + + INSERT INTO `sc_version` (`schema_version`) VALUES ('6'); + + From version 0.96 to 0.97 ------------------------- No database changes necessary. From f647c4847783101edd32d48eeec3131fe2e48bd8 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Thu, 12 May 2011 09:22:04 +0200 Subject: [PATCH 10/12] reformat userservice::getWatchNames --- src/SemanticScuttle/Service/User.php | 37 ++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index 9ef8430..e8ee723 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -492,10 +492,18 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService return $arrWatch; } - function getWatchNames($uId, $watchedby = false) { - // Gets the list of user names being watched by the given user. - // - If $watchedby is false get the list of users that $uId watches - // - If $watchedby is true get the list of users that watch $uId + + /** + * Gets the list of user names being watched by the given user. + * + * @param integer $uId User ID + * @param boolean $watchedby if false: get the list of users that $uId watches + * if true: get the list of users that watch $uId + * + * @return array Array of user names + */ + public function getWatchNames($uId, $watchedby = false) + { if ($watchedby) { $table1 = 'b'; $table2 = 'a'; @@ -503,10 +511,22 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService $table1 = 'a'; $table2 = 'b'; } - $query = 'SELECT '. $table1 .'.'. $this->getFieldName('username') .' FROM '. $GLOBALS['tableprefix'] .'watched AS W, '. $this->getTableName() .' AS a, '. $this->getTableName() .' AS b WHERE W.watched = a.'. $this->getFieldName('primary') .' AND W.uId = b.'. $this->getFieldName('primary') .' AND '. $table2 .'.'. $this->getFieldName('primary') .' = '. intval($uId) .' ORDER BY '. $table1 .'.'. $this->getFieldName('username'); + $primary = $this->getFieldName('primary'); + $userfield = $this->getFieldName('username'); + $query = 'SELECT '. $table1 .'.'. $userfield + . ' FROM '. $GLOBALS['tableprefix'] . 'watched AS W,' + . ' ' . $this->getTableName() .' AS a,' + . ' ' . $this->getTableName() .' AS b' + . ' WHERE W.watched = a.' . $primary + . ' AND W.uId = b.' . $primary + . ' AND ' . $table2 . '.' . $primary . ' = '. intval($uId) + . ' ORDER BY '. $table1 . '.' . $userfield; - if (!($dbresult =& $this->db->sql_query($query))) { - message_die(GENERAL_ERROR, 'Could not get watchlist', '', __LINE__, __FILE__, $query, $this->db); + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, 'Could not get watchlist', + '', __LINE__, __FILE__, $query, $this->db + ); return false; } @@ -515,13 +535,14 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService $this->db->sql_freeresult($dbresult); return $arrWatch; } - while ($row =& $this->db->sql_fetchrow($dbresult)) { + while ($row = $this->db->sql_fetchrow($dbresult)) { $arrWatch[] = $row[$this->getFieldName('username')]; } $this->db->sql_freeresult($dbresult); return $arrWatch; } + function getWatchStatus($watcheduser, $currentuser) { // Returns true if the current user is watching the given user, and false otherwise. $query = 'SELECT watched FROM '. $GLOBALS['tableprefix'] .'watched AS W INNER JOIN '. $this->getTableName() .' AS U ON U.'. $this->getFieldName('primary') .' = W.watched WHERE U.'. $this->getFieldName('primary') .' = '. intval($watcheduser) .' AND W.uId = '. intval($currentuser); From aea9c9ddbb1c0fd51192ebdcb1d1dfa258298e8c Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Thu, 12 May 2011 19:09:30 +0200 Subject: [PATCH 11/12] fix a test that failed when using a base URL without protocol --- tests/Api/OpenSearchTest.php | 2 +- tests/TestBaseApi.php | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/tests/Api/OpenSearchTest.php b/tests/Api/OpenSearchTest.php index 050713b..f438b46 100644 --- a/tests/Api/OpenSearchTest.php +++ b/tests/Api/OpenSearchTest.php @@ -27,7 +27,7 @@ class Api_OpenSearchTest extends TestBaseApi 1, count($arElements), 'OpenSearch link in HTML is missing' ); - $searchDescUrl = (string)$arElements[0]['href']; + $searchDescUrl = $this->completeUrl((string)$arElements[0]['href']); $this->assertNotNull($searchDescUrl, 'Search description URL is empty'); $req = new HTTP_Request2($searchDescUrl); diff --git a/tests/TestBaseApi.php b/tests/TestBaseApi.php index 8ed41cd..036ab6b 100644 --- a/tests/TestBaseApi.php +++ b/tests/TestBaseApi.php @@ -92,6 +92,23 @@ class TestBaseApi extends TestBase } + /** + * Completes an URL that's missing the protocol. + * Useful when re-using URLs extracted from HTML + * + * @param string $url Potentially partial URL + * + * @return string Full URL + */ + protected function completeUrl($url) + { + if (substr($url, 0, 2) == '//') { + $url = 'http:' . $url; + } + return $url; + } + + /** * Creates a user and a HTTP request object and prepares From b57c8d4581b05cd70a363cacd37f9ffc7da785d8 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Thu, 12 May 2011 19:23:53 +0200 Subject: [PATCH 12/12] do not automatically store user id in session --- src/SemanticScuttle/Service/User.php | 53 +++++++++++++++++++++------- 1 file changed, 40 insertions(+), 13 deletions(-) diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index e8ee723..072ce85 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -28,6 +28,14 @@ require_once 'SemanticScuttle/Model/User.php'; */ class SemanticScuttle_Service_User extends SemanticScuttle_DbService { + /** + * The ID of the currently logged on user. + * NULL when not logged in. + * + * @var integer + */ + protected $currentuserId = null; + /** * Currently logged on user from database * @@ -363,10 +371,17 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService */ public function getCurrentUserId() { - if (isset($_SESSION[$this->getSessionKey()])) { - return (int)$_SESSION[$this->getSessionKey()]; + if ($this->currentuserId !== null) { + return $this->currentuserId; + } - } else if (isset($_COOKIE[$this->getCookieKey()])) { + if (isset($_SESSION[$this->getSessionKey()])) { + $this->currentuserId = (int)$_SESSION[$this->getSessionKey()]; + return $this->currentuserId; + + } + + if (isset($_COOKIE[$this->getCookieKey()])) { $cook = explode(':', $_COOKIE[$this->getCookieKey()]); //cookie looks like this: 'id:md5(username+password)' $query = 'SELECT * FROM '. $this->getTableName() . @@ -385,10 +400,10 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService if ($row = $this->db->sql_fetchrow($dbresult)) { $this->setCurrentUserId( - (int)$row[$this->getFieldName('primary')] + (int)$row[$this->getFieldName('primary')], true ); $this->db->sql_freeresult($dbresult); - return (int)$_SESSION[$this->getSessionKey()]; + return $this->currentuserId; } } return false; @@ -402,16 +417,23 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService * @internal * No ID verification is being done. * - * @param integer $user User ID or null to unset the user + * @param integer $user User ID or null to unset the user + * @param boolean $storeInSession Store the user ID in the session * * @return void */ - public function setCurrentUserId($user) + public function setCurrentUserId($user, $storeInSession = false) { if ($user === null) { - unset($_SESSION[$this->getSessionKey()]); + $this->currentuserId = null; + if ($storeInSession) { + unset($_SESSION[$this->getSessionKey()]); + } } else { - $_SESSION[$this->getSessionKey()] = (int)$user; + $this->currentuserId = (int)$user; + if ($storeInSession) { + $_SESSION[$this->getSessionKey()] = $this->currentuserId; + } } //reload user object $this->getCurrentUser(true); @@ -449,10 +471,9 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService $this->db->sql_freeresult($dbresult); if ($row) { - $id = $_SESSION[$this->getSessionKey()] - = $row[$this->getFieldName('primary')]; + $this->setCurrentUserId($row[$this->getFieldName('primary')], true); if ($remember) { - $cookie = $id .':'. md5($username.$password); + $cookie = $this->currentuserId . ':' . md5($username.$password); setcookie( $this->cookiekey, $cookie, time() + $this->cookietime, '/' @@ -464,7 +485,13 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService } } - function logout() { + /** + * Logs the user off + * + * @return void + */ + public function logout() + { @setcookie($this->getCookiekey(), '', time() - 1, '/'); unset($_COOKIE[$this->getCookiekey()]); session_unset();