Ejemplo n.º 1
0
require_once 'lib/functions/configCheck.php';
checkConfiguration();
require_once 'config.inc.php';
require_once 'common.php';
doSessionStart();
unset($_SESSION['basehref']);
// will be very interesting understand why we do this
setPaths();
list($args, $gui) = initEnv();
// verify the session during a work
$redir2login = true;
if (isset($_SESSION['currentUser'])) {
    // Session exists we need to do other checks.
    //
    // we use/copy Mantisbt approach
    $securityCookie = tlUser::auth_get_current_user_cookie();
    $redir2login = is_null($securityCookie);
    if (!$redir2login) {
        // need to get fresh info from db, before asking for securityCookie
        doDBConnect($db, database::ONERROREXIT);
        $user = new tlUser();
        $user->dbID = $_SESSION['currentUser']->dbID;
        $user->readFromDB($db);
        $dbSecurityCookie = $user->getSecurityCookie();
        $redir2login = $securityCookie != $dbSecurityCookie;
    }
}
if ($redir2login) {
    // destroy user in session as security measure
    unset($_SESSION['currentUser']);
    // If session does not exists I think is better in order to