/** * set session data after modification or authorization * * @param resource &$db reference to DB identifier * @param string $user * @param integer $id * @param integer $roleID * @param string $email * @param string $locale [default = null] * @param boolean $active [default = null] documentation * * @return integer status code * * @TODO havlatm: move to tlSession class * @TODO fix return functionality **/ function setUserSession(&$db, $user, $id, $roleID, $email, $locale = null, $active = null) { tLog('setUserSession: $user='******' $id=' . $id . ' $roleID=' . $roleID . ' $email=' . $email . ' $locale=' . $locale); $_SESSION['userID'] = $id; $_SESSION['testprojectID'] = null; $_SESSION['s_lastAttachmentList'] = null; if (!is_null($locale)) { $_SESSION['locale'] = $locale; setDateTimeFormats($locale); } $tproject_mgr = new testproject($db); $gui_cfg = config_get('gui'); $opt = array('output' => 'map_name_with_inactive_mark', 'order_by' => $gui_cfg->tprojects_combo_order_by); $arrProducts = $tproject_mgr->get_accessible_for_user($id, $opt); $tproject_cookie = 'TL_lastTestProjectForUserID_' . $id; if (isset($_COOKIE[$tproject_cookie])) { if (isset($arrProducts[$_COOKIE[$tproject_cookie]]) && $arrProducts[$_COOKIE[$tproject_cookie]]) { $_SESSION['testprojectID'] = $_COOKIE[$tproject_cookie]; tLog('Cookie: {$tproject_cookie}=' . $_SESSION['testprojectID']); } } if (!$_SESSION['testprojectID']) { $tpID = null; if (sizeof($arrProducts)) { $tpID = key($arrProducts); } $_SESSION['testprojectID'] = $tpID; } // Validation is done in navBar.php $tplan_cookie = 'TL_lastTestPlanForUserID_' . $id; if (isset($_COOKIE[$tplan_cookie])) { $_SESSION['testplanID'] = $_COOKIE[$tplan_cookie]; tLog("Cookie: {$tplan_cookie}=" . $_SESSION['testplanID']); } return 1; }
/** * */ function setUpEnvForAnonymousAccess(&$dbHandler, $apikey, $rightsCheck = null, $opt = null) { $my = array('opt' => array('setPaths' => false, 'clearSession' => false)); $my['opt'] = array_merge($my['opt'], (array) $opt); if ($my['opt']['clearSession']) { $_SESSION = null; } doSessionStart($my['opt']['setPaths']); if (isset($_SESSION['locale']) && !is_null($_SESSION['locale'])) { setDateTimeFormats($_SESSION['locale']); } doDBConnect($dbHandler); // @since 1.9.14 $checkMode = 'paranoic'; if (property_exists($rightsCheck->args, 'envCheckMode')) { $checkMode = $rightsCheck->args->envCheckMode; } switch ($checkMode) { case 'hippie': $tk = array('testplan', 'testproject'); break; default: $tk[] = intval($rightsCheck->args->tplan_id) != 0 ? 'testplan' : 'testproject'; break; } foreach ($tk as $ak) { $item = getEntityByAPIKey($dbHandler, $apikey, $ak); if (!is_null($item)) { break; } } $status_ok = false; if (!is_null($item)) { $_SESSION['lastActivity'] = time(); $userObj = new tlUser(); $_SESSION['currentUser'] = $userObj; $_SESSION['userID'] = -1; $_SESSION['locale'] = config_get('default_language'); // if user do this: // 1. login to test link // 2. get direct link and open in new tab or new window while still logged // 3. logout // If user refresh tab / window open on (2), because on (3) we destroyed // session we have loose basehref, and we are not able to recreate it. // Without basehref we are not able to get CSS, JS, etc. // In this situation we destroy session, this way user is forced to login // again in one of two ways // a. using the direct link // b. using traditional login // In both way we assure that behaivour will be OK. // if (!isset($_SESSION['basehref'])) { // echo $rightsCheck->redirect_target; session_unset(); session_destroy(); if (property_exists($rightsCheck, 'redirect_target') && !is_null($rightsCheck->redirect_target)) { redirect($rightsCheck->redirect_target); } else { // best guess for all features that live on ./lib/results/ redirect("../../login.php?note=logout"); } exit; } if (!is_null($rightsCheck->method)) { checkUserRightsFor($dbHandler, $rightsCheck->method, true); } $status_ok = true; } return $status_ok; }