function startSessionIfRequired()
{
global $SETTINGS;
// don't run this more than once
if (defined('SESSION_STARTED')) {
return;
}
define('SESSION_STARTED', true);
// error-checking for custom session settings
$customSessionErrors = getCustomSessionErrors(@$SETTINGS['advanced']['session_cookie_domain'], @$SETTINGS['advanced']['session_save_path']);
if ($customSessionErrors) {
$customSessionErrors .= sprintf(t('To change %1$s settings edit %2$s'), 'session', '/data/' . SETTINGS_FILENAME);
die($customSessionErrors);
}
// Initialize session
$session_name = cookiePrefix() . 'PHPSESSID';
// use a unique session cookie for each CMS installation
ini_set('session.name', $session_name);
// sets session.name
ini_set('session.cookie_secure', isHTTPS());
// use/require secure cookies when on HTTPS:// connections
ini_set('session.use_cookies', true);
ini_set('session.use_only_cookies', true);
ini_set('session.cookie_domain', @$SETTINGS['advanced']['session_cookie_domain']);
// use this to allow shared login access between subdomains such as host1.example.com, host2.example.com, example.com
ini_set('session.cookie_path', '/');
ini_set('session.cookie_httponly', true);
ini_set('session.cookie_lifetime', 60 * 60 * 24 * 365 * 25);
// save session cookies forever (or 25 years) so they'll work even if users who have turned their system clocks back a few years
ini_set('session.gc_maxlifetime', 60 * 60 * 24);
// session garbage-collection code starts getting randomly called after this many seconds of inactiity
ini_set('session.use_trans_sid', false);
if (@$SETTINGS['advanced']['session_save_path']) {
ini_set('session.save_path', @$SETTINGS['advanced']['session_save_path']);
// use this if your host imposes restrictive session removal timeouts
ini_set('session.gc_probability', 1);
// after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests
ini_set('session.gc_divisor', 100);
// after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests
// we don't set gc_ values by default because they cause errors on some server configs: http://bugs.php.net/bug.php?id=20720
}
unset($php_errormsg);
@session_start();
// session_start doesn't output correct return value until PHP 5.3.0+ so we test on the next line
if (isset($php_errormsg)) {
die("Couldn't start session! '{$php_errormsg}'!");
}
}
function admin_saveSettings($savePagePath)
{
global $SETTINGS, $APP;
// error checking
clearAlertsAndNotices();
// so previous alerts won't prevent saving of admin options
// security checks
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('settings', $savePagePath);
# license error checking
if (array_key_exists('licenseProductId', $_REQUEST)) {
if (!isValidProductId($_REQUEST['licenseProductId'])) {
alert("Invalid Product License ID!");
} else {
if ($SETTINGS['licenseProductId'] != $_REQUEST['licenseProductId']) {
$SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName'];
// update settings
$SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName'];
// ...
$SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId'];
// ...
$isValid = register();
// validate productId (and save new settings)
if (!$isValid) {
redirectBrowserToURL('?menu=admin', true);
exit;
}
}
}
}
# program url / adminUrl
if (array_key_exists('adminUrl', $_REQUEST)) {
if (!preg_match('/^http/i', $_REQUEST['adminUrl'])) {
alert("Program URL must start with http:// or https://<br/>\n");
}
if (preg_match('/\\?/i', $_REQUEST['adminUrl'])) {
alert("Program URL can not contain a ?<br/>\n");
}
}
# webPrefixUrl - v2.53
if (@$_REQUEST['webPrefixUrl'] != '') {
if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL must start with /") . "<br/>\n");
}
if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL cannot end with /") . "<br/>\n");
}
}
# upload url/dir
if (array_key_exists('uploadDir', $_REQUEST)) {
# if (!preg_match('/\/$/', $_REQUEST['uploadDir'])) { alert("Upload Directory must end with a slash! (eg: /www/htdocs/uploads/)<br/>\n"); }
}
if (array_key_exists('uploadUrl', $_REQUEST)) {
# if (preg_match('/^\w+:\/\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must be the web path only without a domain (eg: /uploads/)<br/>\n"); }
# else if (!preg_match('/^\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must start with a slash! (eg: /uploads/)<br/>\n"); }
# if (!preg_match('/\/$/', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must end with a slash! (eg: /uploads/)<br/>\n"); }
$_REQUEST['uploadUrl'] = chop($_REQUEST['uploadUrl'], '\\\\/');
// remove trailing slashes
}
# admin email
if (array_key_exists('adminEmail', $_REQUEST) && !isValidEmail($_REQUEST['adminEmail'])) {
alert("Admin Email must be a valid email (example: user@example.com)<br/>\n");
}
// error checking - require HTTPS
if (@$_REQUEST['requireHTTPS'] && !isHTTPS()) {
alert("Require HTTPS: You must be logged in with a secure HTTPS url to set this option!<br/>\n");
}
// error checking - require HTTPS
if (@$_REQUEST['restrictByIP'] && !isIpAllowed(true, @$_REQUEST['restrictByIP_allowed'])) {
alert(t("Restrict IP Access: You current IP address must be in the allowed IP list!") . "<br/>\n");
}
// error checking - session values
$sessionErrors = getCustomSessionErrors(@$_REQUEST['session_cookie_domain'], @$_REQUEST['session_save_path']);
if ($sessionErrors) {
alert($sessionErrors);
}
# show errors
if (alert()) {
showInterface('admin/general.php');
exit;
}
### update global settings
$globalSettings =& $SETTINGS;
foreach (array_keys($globalSettings) as $key) {
if (array_key_exists($key, $_REQUEST)) {
$globalSettings[$key] = $_REQUEST[$key];
}
}
# update subsection settings
$subsections = array('advanced', 'wysiwyg');
foreach ($subsections as $subsection) {
$sectionSettings =& $SETTINGS[$subsection];
foreach (array_keys($sectionSettings) as $key) {
if (array_key_exists($key, $_REQUEST)) {
$sectionSettings[$key] = $_REQUEST[$key];
}
}
}
# save to file
saveSettings();
# return to admin home
notice('Settings have been saved.');
showInterface($savePagePath);
}
