PHP Session::request_contains_session_id Examples

Example #1

File: ShortList.php Project: salted-herring/silverstripe-shortlist

 /**
  * Ensure we populate these fields before a save.
  */
 public function onBeforeWrite()
 {
     // Run other beforewrites first.
     parent::onBeforeWrite();
     if (!$this->isBrowser()) {
         return false;
     }
     // If this is the first save...
     if (!$this->ID) {
         // Ensure the session exists before querying it.
         if (!Session::request_contains_session_id()) {
             Session::start();
         }
         // Store the sesion and has information in the database.
         $this->SessionID = SecurityToken::getSecurityID();
         if (is_null($this->SessionID)) {
             return false;
         }
         $gen = new RandomGenerator();
         $uniqueurl = substr($gen->randomToken(), 0, 32);
         while (ShortList::get()->filter('URL', $uniqueurl)->count() > 0) {
             $uniqueurl = substr($gen->randomToken(), 0, 32);
         }
         $this->URL = $uniqueurl;
         $this->UserAgent = Controller::curr()->getRequest()->getHeader('User-Agent');
     }
 }

Example #2

File: Utilities.php Project: salted-herring/silverstripe-shortlist

 /**
  * Generate a security token.
  * */
 public static function getSecurityToken()
 {
     // Ensure the session exists before querying it.
     if (!Session::request_contains_session_id()) {
         Session::start();
     }
     return SecurityToken::inst()->getSecurityID();
 }

Example #3

File: Director.php Project: jacobbuck/silverstripe-framework

 /**
  * Process the given URL, creating the appropriate controller and executing it.
  *
  * Request processing is handled as follows:
  * - Director::direct() creates a new SS_HTTPResponse object and passes this to
  *   Director::handleRequest().
  * - Director::handleRequest($request) checks each of the Director rules and identifies a controller
  *   to handle this request.
  * - Controller::handleRequest($request) is then called.  This will find a rule to handle the URL,
  *   and call the rule handling method.
  * - RequestHandler::handleRequest($request) is recursively called whenever a rule handling method
  *   returns a RequestHandler object.
  *
  * In addition to request processing, Director will manage the session, and perform the output of
  * the actual response to the browser.
  *
  * @uses handleRequest() rule-lookup logic is handled by this.
  * @uses Controller::run() Controller::run() handles the page logic for a Director::direct() call.
  *
  * @param string $url
  * @param DataModel $model
  *
  * @throws SS_HTTPResponse_Exception
  */
 public static function direct($url, DataModel $model)
 {
     // Validate $_FILES array before merging it with $_POST
     foreach ($_FILES as $k => $v) {
         if (is_array($v['tmp_name'])) {
             $v = ArrayLib::array_values_recursive($v['tmp_name']);
             foreach ($v as $tmpFile) {
                 if ($tmpFile && !is_uploaded_file($tmpFile)) {
                     user_error("File upload '{$k}' doesn't appear to be a valid upload", E_USER_ERROR);
                 }
             }
         } else {
             if ($v['tmp_name'] && !is_uploaded_file($v['tmp_name'])) {
                 user_error("File upload '{$k}' doesn't appear to be a valid upload", E_USER_ERROR);
             }
         }
     }
     $req = new SS_HTTPRequest(isset($_SERVER['X-HTTP-Method-Override']) ? $_SERVER['X-HTTP-Method-Override'] : $_SERVER['REQUEST_METHOD'], $url, $_GET, ArrayLib::array_merge_recursive((array) $_POST, (array) $_FILES), @file_get_contents('php://input'));
     $headers = self::extract_request_headers($_SERVER);
     foreach ($headers as $header => $value) {
         $req->addHeader($header, $value);
     }
     // Initiate an empty session - doesn't initialize an actual PHP session until saved (see below)
     $session = Injector::inst()->create('Session', isset($_SESSION) ? $_SESSION : array());
     // Only resume a session if its not started already, and a session identifier exists
     if (!isset($_SESSION) && Session::request_contains_session_id()) {
         $session->inst_start();
     }
     $output = Injector::inst()->get('RequestProcessor')->preRequest($req, $session, $model);
     if ($output === false) {
         // @TODO Need to NOT proceed with the request in an elegant manner
         throw new SS_HTTPResponse_Exception(_t('Director.INVALID_REQUEST', 'Invalid request'), 400);
     }
     $result = Director::handleRequest($req, $session, $model);
     // Save session data. Note that inst_save() will start/resume the session if required.
     $session->inst_save();
     // Return code for a redirection request
     if (is_string($result) && substr($result, 0, 9) == 'redirect:') {
         $url = substr($result, 9);
         if (Director::is_cli()) {
             // on cli, follow SilverStripe redirects automatically
             return Director::direct(str_replace(Director::absoluteBaseURL(), '', $url), DataModel::inst());
         } else {
             $response = new SS_HTTPResponse();
             $response->redirect($url);
             $res = Injector::inst()->get('RequestProcessor')->postRequest($req, $response, $model);
             if ($res !== false) {
                 $response->output();
             }
         }
         // Handle a controller
     } elseif ($result) {
         if ($result instanceof SS_HTTPResponse) {
             $response = $result;
         } else {
             $response = new SS_HTTPResponse();
             $response->setBody($result);
         }
         $res = Injector::inst()->get('RequestProcessor')->postRequest($req, $response, $model);
         if ($res !== false) {
             $response->output();
         } else {
             // @TODO Proper response here.
             throw new SS_HTTPResponse_Exception("Invalid response");
         }
         //$controllerObj->getSession()->inst_save();
     }
 }

Example #4

File: main.php Project: maent45/redefine_renos

        $chain->setSuppression(false);
    }
    // Load in core
    require_once 'core/Core.php';
    // Connect to database
    require_once 'model/DB.php';
    global $databaseConfig;
    if ($databaseConfig) {
        DB::connect($databaseConfig);
    }
    // Check if a token is requesting a redirect
    if (!$reloadToken) {
        return;
    }
    // Otherwise, we start up the session if needed
    if (!isset($_SESSION) && Session::request_contains_session_id()) {
        Session::start();
    }
    // Next, check if we're in dev mode, or the database doesn't have any security data, or we are admin
    if (Director::isDev() || !Security::database_is_ready() || Permission::check('ADMIN')) {
        return $reloadToken->reloadWithToken();
    }
    // Fail and redirect the user to the login page
    $loginPage = Director::absoluteURL(Config::inst()->get('Security', 'login_url'));
    $loginPage .= "?BackURL=" . urlencode($_SERVER['REQUEST_URI']);
    header('location: ' . $loginPage, true, 302);
    die;
})->thenIfErrored(function () use($reloadToken) {
    if ($reloadToken) {
        $reloadToken->reloadWithToken();
    }

Example #5

File: main.php Project: helpfulrobot/heyday-silverstripe-cacheinclude

<?php

require_once __DIR__ . '/../framework/core/Core.php';
$request = new SS_HTTPRequest($_SERVER['REQUEST_METHOD'], isset($_GET['url']) ? $_GET['url'] : '', $_GET);
$headers = Director::extract_request_headers($_SERVER);
foreach ($headers as $header => $value) {
    $request->addHeader($header, $value);
}
$container = Injector::inst();
$session = $container->create('Session', array());
if (Session::request_contains_session_id()) {
    $session->inst_start();
}
$container->get('RequestProcessor')->preRequest($request, $session, DataModel::inst());
require_once __DIR__ . '/../framework/main.php';