function Q_nonce_response_data() { $method = Q_Request::method(); if ($method !== 'POST') { throw new Q_Exception_MethodNotSupported($method); } Q_Session::setNonce(); // we could technically return the nonce in the response, // because other sites can't read the response from a cross-domain post // but we aren't going to do that because we already set the cookie // so just return true return true; }
function Q_init() { // apc_clear_cache('user'); // the following statement causes the session to be opened for every request if (!empty($_SERVER['HTTP_HOST'])) { Q_Session::setNonce(); } if (Q_Config::get('Trump', 'testing', false)) { apc_clear_cache('user'); } $logging = Q_Config::get('Db', 'logging', true); if ($logging) { Q::log("\n-----"); Q_Config::set('Q', 'handlersAfterEvent', 'Db/query/execute', 'log_shard_query'); } }
function Q_init() { if (Q_Config::get('Db', 'logging', true)) { // logging database queries Q::log("\n-----"); Q_Config::set('Q', 'handlersAfterEvent', 'Db/query/execute', 'log_shard_query'); Q_Config::set('Q', 'handlersAfterEvent', 'Db/query/exception', 'log_shard_query'); } if (!empty($_SERVER['HTTP_HOST'])) { // the following statement causes the session to be opened for every request Q_Session::setNonce(); } if (Q_Config::get('Shipping', 'testing', false)) { // sometimes the APC can cause files to appear missing // if they were created after it tried to load them once apc_clear_cache('user'); } }
/** * Use with caution! This bypasses authentication. * This functionality should not be exposed externally. * @method setLoggedInUser * @static * @param {Users_User|string} $user The user object or user id */ static function setLoggedInUser($user = null) { if (!$user) { return Users::logout(); } if (is_string($user)) { $user = Users_User::fetch($user); } if (isset($_SESSION['Users']['loggedInUser']['id'])) { if ($user->id == $_SESSION['Users']['loggedInUser']['id']) { // This user is already the logged-in user. return; } } if ($sessionId = Q_Session::id()) { // Change the session id to prevent session fixation attacks $sessionId = Q_Session::regenerateId(true); } // Store the new information in the session $snf = Q_Config::get('Q', 'session', 'nonceField', 'nonce'); $_SESSION['Users']['loggedInUser']['id'] = $user->id; Q_Session::setNonce(true); $user->sessionCount = isset($user->sessionCount) ? $user->sessionCount + 1 : 1; // Do we need to update it? if (Q_Config::get('Users', 'setLoggedInUser', 'updateSessionKey', true)) { /** * @event Users/setLoggedInUser/updateSessionKey {before} * @param {Users_User} user */ Q::event('Users/setLoggedInUser/updateSessionKey', compact('user'), 'before'); $user->sessionId = $sessionId; $user->save(); // update sessionId in user /** * @event Users/setLoggedInUser/updateSessionKey {after} * @param {Users_User} user */ Q::event('Users/setLoggedInUser/updateSessionKey', compact('user'), 'after'); } $votes = Users_Vote::select('*')->where(array('userId' => $user->id, 'forType' => 'Users/hinted'))->fetchDbRows(null, null, 'forId'); // Cache already shown hints in the session. // The consistency of this mechanism across sessions is not perfect, i.e. // the same hint may repeat in multiple concurrent sessions, but it's ok. $_SESSION['Users']['hinted'] = array_keys($votes); /** * @event Users/setLoggedInUser {after} * @param {Users_User} user */ Q::event('Users/setLoggedInUser', compact('user'), 'after'); self::$loggedOut = false; }
function Q_nonce_post() { Q_Session::setNonce(); }