function sessionStart($keepopen) { self::$session =& OMVSession::getInstance(); self::$session->start(); if (self::$session->isAuthenticated() && !self::$session->isTimeout()) { self::$session->validate(); self::$session->updateLastAccess(); $_SESSION['admin'] = self::$session->getRole() !== OMV_ROLE_USER; $_SESSION['user'] = $_SESSION['username']; $_SESSION['valid'] = self::$session->getRole() !== OMV_ROLE_USER || $this->config['allowNonAdmin']; } else { $_SESSION['admin'] = $_SESSION['user'] = $_SESSION['valid'] = null; } if (!$keepopen) { session_write_close(); } }
{ switch ($errno) { case E_STRICT: break; default: throw new ErrorException($errstr, 0, $errno, $errfile, $errline); break; } } set_error_handler("exception_error_handler"); require_once "openmediavault/env.inc"; require_once "openmediavault/globals.inc"; require_once "openmediavault/config.inc"; // Must be included here require_once "openmediavault/session.inc"; $session =& OMVSession::getInstance(); $session->start(); if ($session->isAuthenticated()) { $session->validate(); // Do not update last access time //$session->updateLastAccess(); } else { throw new OMVException(OMVErrorMsg::E_SESSION_NOT_AUTHENTICATED); } // The parameter 'name' may not contain the characters '..'. This is // because of security reasons: the given canonicalized absolute // path MUST be below the given image directory. if (1 == preg_match("/\\.\\./", $_GET['name'])) { throw new OMVException(OMVErrorMsg::E_RPC_INVALID_PARAMS, sprintf(gettext("The parameter '%s' contains forbidden two-dot symbols"), "name")); } // Build the image filename. If it does not exist, then display an error