Ejemplo n.º 1
0
function Q_nonce_response_data()
{
    $method = Q_Request::method();
    if ($method !== 'POST') {
        throw new Q_Exception_MethodNotSupported($method);
    }
    Q_Session::setNonce();
    // we could technically return the nonce in the response,
    // because other sites can't read the response from a cross-domain post
    // but we aren't going to do that because we already set the cookie
    // so just return true
    return true;
}
Ejemplo n.º 2
0
function Q_init()
{
    // apc_clear_cache('user');
    // the following statement causes the session to be opened for every request
    if (!empty($_SERVER['HTTP_HOST'])) {
        Q_Session::setNonce();
    }
    if (Q_Config::get('Trump', 'testing', false)) {
        apc_clear_cache('user');
    }
    $logging = Q_Config::get('Db', 'logging', true);
    if ($logging) {
        Q::log("\n-----");
        Q_Config::set('Q', 'handlersAfterEvent', 'Db/query/execute', 'log_shard_query');
    }
}
Ejemplo n.º 3
0
function Q_init()
{
    if (Q_Config::get('Db', 'logging', true)) {
        // logging database queries
        Q::log("\n-----");
        Q_Config::set('Q', 'handlersAfterEvent', 'Db/query/execute', 'log_shard_query');
        Q_Config::set('Q', 'handlersAfterEvent', 'Db/query/exception', 'log_shard_query');
    }
    if (!empty($_SERVER['HTTP_HOST'])) {
        // the following statement causes the session to be opened for every request
        Q_Session::setNonce();
    }
    if (Q_Config::get('Shipping', 'testing', false)) {
        // sometimes the APC can cause files to appear missing
        // if they were created after it tried to load them once
        apc_clear_cache('user');
    }
}
Ejemplo n.º 4
0
 /**
  * Use with caution! This bypasses authentication.
  * This functionality should not be exposed externally.
  * @method setLoggedInUser
  * @static
  * @param {Users_User|string} $user The user object or user id
  */
 static function setLoggedInUser($user = null)
 {
     if (!$user) {
         return Users::logout();
     }
     if (is_string($user)) {
         $user = Users_User::fetch($user);
     }
     if (isset($_SESSION['Users']['loggedInUser']['id'])) {
         if ($user->id == $_SESSION['Users']['loggedInUser']['id']) {
             // This user is already the logged-in user.
             return;
         }
     }
     if ($sessionId = Q_Session::id()) {
         // Change the session id to prevent session fixation attacks
         $sessionId = Q_Session::regenerateId(true);
     }
     // Store the new information in the session
     $snf = Q_Config::get('Q', 'session', 'nonceField', 'nonce');
     $_SESSION['Users']['loggedInUser']['id'] = $user->id;
     Q_Session::setNonce(true);
     $user->sessionCount = isset($user->sessionCount) ? $user->sessionCount + 1 : 1;
     // Do we need to update it?
     if (Q_Config::get('Users', 'setLoggedInUser', 'updateSessionKey', true)) {
         /**
          * @event Users/setLoggedInUser/updateSessionKey {before}
          * @param {Users_User} user
          */
         Q::event('Users/setLoggedInUser/updateSessionKey', compact('user'), 'before');
         $user->sessionId = $sessionId;
         $user->save();
         // update sessionId in user
         /**
          * @event Users/setLoggedInUser/updateSessionKey {after}
          * @param {Users_User} user
          */
         Q::event('Users/setLoggedInUser/updateSessionKey', compact('user'), 'after');
     }
     $votes = Users_Vote::select('*')->where(array('userId' => $user->id, 'forType' => 'Users/hinted'))->fetchDbRows(null, null, 'forId');
     // Cache already shown hints in the session.
     // The consistency of this mechanism across sessions is not perfect, i.e.
     // the same hint may repeat in multiple concurrent sessions, but it's ok.
     $_SESSION['Users']['hinted'] = array_keys($votes);
     /**
      * @event Users/setLoggedInUser {after}
      * @param {Users_User} user
      */
     Q::event('Users/setLoggedInUser', compact('user'), 'after');
     self::$loggedOut = false;
 }
Ejemplo n.º 5
0
function Q_nonce_post()
{
    Q_Session::setNonce();
}