/** * General GUI page initialization procedure * - init session * - init database * - check rights * - initialize project data (if requested) * * @param integer $db DB connection identifier * @param boolean $initProject (optional) Set true if adjustment of Product or * Test Plan is required; default is FALSE * @param boolean $bDontCheckSession (optional) Set to true if no session should be * started */ function testlinkInitPage(&$db, $initProject = FALSE, $bDontCheckSession = false, $userRightsCheckFunction = null) { doSessionStart(); setPaths(); set_dt_formats(); doDBConnect($db); static $pageStatistics = null; if (!$pageStatistics && config_get('log_level') == 'EXTENDED') { $pageStatistics = new tlPageStatistics($db); } if (!$bDontCheckSession) { checkSessionValid($db); } if ($userRightsCheckFunction) { checkUserRightsFor($db, $userRightsCheckFunction); } // adjust Product and Test Plan to $_SESSION if ($initProject) { initProject($db, $_REQUEST); } // used to disable the attachment feature if there are problems with repository path /** @TODO this check should not be done anytime but on login and using */ global $g_repositoryType; global $g_attachments; global $g_repositoryPath; $g_attachments->disabled_msg = ""; if ($g_repositoryType == TL_REPOSITORY_TYPE_FS) { $ret = checkForRepositoryDir($g_repositoryPath); if (!$ret['status_ok']) { $g_attachments->enabled = FALSE; $g_attachments->disabled_msg = $ret['msg']; } } }
/** * */ function setUpEnvForAnonymousAccess(&$dbHandler, $apikey, $rightsCheck = null, $opt = null) { $my = array('opt' => array('setPaths' => false, 'clearSession' => false)); $my['opt'] = array_merge($my['opt'], (array) $opt); if ($my['opt']['clearSession']) { $_SESSION = null; } doSessionStart($my['opt']['setPaths']); if (isset($_SESSION['locale']) && !is_null($_SESSION['locale'])) { setDateTimeFormats($_SESSION['locale']); } doDBConnect($dbHandler); // @since 1.9.14 $checkMode = 'paranoic'; if (property_exists($rightsCheck->args, 'envCheckMode')) { $checkMode = $rightsCheck->args->envCheckMode; } switch ($checkMode) { case 'hippie': $tk = array('testplan', 'testproject'); break; default: $tk[] = intval($rightsCheck->args->tplan_id) != 0 ? 'testplan' : 'testproject'; break; } foreach ($tk as $ak) { $item = getEntityByAPIKey($dbHandler, $apikey, $ak); if (!is_null($item)) { break; } } $status_ok = false; if (!is_null($item)) { $_SESSION['lastActivity'] = time(); $userObj = new tlUser(); $_SESSION['currentUser'] = $userObj; $_SESSION['userID'] = -1; $_SESSION['locale'] = config_get('default_language'); // if user do this: // 1. login to test link // 2. get direct link and open in new tab or new window while still logged // 3. logout // If user refresh tab / window open on (2), because on (3) we destroyed // session we have loose basehref, and we are not able to recreate it. // Without basehref we are not able to get CSS, JS, etc. // In this situation we destroy session, this way user is forced to login // again in one of two ways // a. using the direct link // b. using traditional login // In both way we assure that behaivour will be OK. // if (!isset($_SESSION['basehref'])) { // echo $rightsCheck->redirect_target; session_unset(); session_destroy(); if (property_exists($rightsCheck, 'redirect_target') && !is_null($rightsCheck->redirect_target)) { redirect($rightsCheck->redirect_target); } else { // best guess for all features that live on ./lib/results/ redirect("../../login.php?note=logout"); } exit; } if (!is_null($rightsCheck->method)) { checkUserRightsFor($dbHandler, $rightsCheck->method, true); } $status_ok = true; } return $status_ok; }