} else {
// New comment:
if (($Comment = get_comment_from_session()) == NULL) {
// there is no saved Comment in Session
$Comment = new Comment();
if (!empty($PageCache) && $PageCache->is_collecting) {
// This page is going into the cache, we don't want personal data cached!!!
// fp> These fields should be filled out locally with Javascript tapping directly into the cookies. Anyone JS savvy enough to do that?
$comment_author = '';
$comment_author_email = '';
$comment_author_url = '';
} else {
// Get params from $_COOKIE
$comment_author = param_cookie($cookie_name, 'string', '');
$comment_author_email = evo_strtolower(param_cookie($cookie_email, 'string', ''));
$comment_author_url = param_cookie($cookie_url, 'string', '');
}
if (empty($comment_author_url)) {
// Even if we have a blank cookie, let's reset this to remind the bozos what it's for
$comment_author_url = 'http://';
}
$comment_content = $params['default_text'];
} else {
// set saved Comment attributes from Session
$comment_content = $Comment->content;
$comment_author = $Comment->author;
$comment_author_email = $Comment->author_email;
$comment_author_url = $Comment->author_url;
// comment_attachments contains all file IDs that have been attached
$comment_attachments = $Comment->preview_attachments;
// checked_attachments contains all attachment file IDs which checkbox was checked in
/**
* Outputs debug info, according to {@link $debug} or $force param. This gets called typically at the end of the page.
*
* @param boolean true to force output regardless of {@link $debug}
* @param boolean true to force clean output (without HTML) regardless of {@link $is_cli}
*/
function debug_info($force = false, $force_clean = false)
{
global $debug, $debug_done, $debug_jslog, $debug_jslog_done, $Debuglog, $DB, $obhandler_debug, $Timer, $ReqHost, $ReqPath, $is_cli;
global $cache_imgsize, $cache_File;
global $Session;
global $db_config, $tableprefix, $http_response_code, $disp, $disp_detail, $robots_index, $robots_follow, $content_type_header;
/**
* @var Hit
*/
global $Hit;
// Detect content-type
$content_type = NULL;
foreach (headers_list() as $header) {
if (stripos($header, 'content-type:') !== false) {
// content type sent
# "Content-Type:text/html;charset=utf-8" => "text/html"
$content_type = trim(array_shift(explode(';', array_pop(explode(':', $header, 2)))));
break;
}
}
// ---- Print AJAX Log
if (empty($debug_jslog_done) && ($debug || $debug_jslog) && $content_type == 'text/html') {
// Display debug jslog once
global $rsc_url, $app_version;
echo '<script type="text/javascript" src="' . $rsc_url . 'js/debug_jslog.js"></script>';
echo '<script type="text/javascript" src="' . $rsc_url . 'js/jquery/jquery.cookie.min.js"></script>';
$jquery_ui_css_url = url_add_param($rsc_url . 'css/jquery/smoothness/jquery-ui.css', 'v=' . $app_version);
echo '<link href="' . $jquery_ui_css_url . '" type="text/css" rel="stylesheet" />';
$jslog_style_cookies = param_cookie('jslog_style', 'string');
$jslog_styles = array();
if (!empty($jslog_style_cookies)) {
// Get styles only from cookies
$jslog_style_cookies = explode(';', $jslog_style_cookies);
foreach ($jslog_style_cookies as $jsc => $style) {
if (strpos($style, 'height') !== false) {
// Unset the height param from defined styles ( and the display param if jslog is disabled )
unset($jslog_style_cookies[$jsc]);
}
}
$jslog_styles[] = implode(';', $jslog_style_cookies);
} else {
if (!is_logged_in()) {
// Align top when evobar is hidden
$jslog_styles[] = 'top:0';
}
if ($debug_jslog) {
// Display the jslog
$jslog_styles[] = 'display:block';
}
}
$jslog_styles = count($jslog_styles) > 0 ? ' style="' . implode(';', $jslog_styles) . '"' : '';
$close_url = url_add_param($_SERVER['REQUEST_URI'], 'jslog');
echo '<div id="debug_ajax_info" class="debug"' . $jslog_styles . '>';
echo '<div class="jslog_titlebar">AJAX Debug log' . get_manual_link('ajax_debug_log') . action_icon(T_('Close'), 'close', $close_url, NULL, NULL, NULL, array('class' => 'jslog_switcher')) . '</div>';
echo '<div id="jslog_container"></div>';
echo '<div class="jslog_statusbar">' . '<a href="' . $_SERVER['REQUEST_URI'] . '#" class="jslog_clear">' . T_('Clear') . '</a>' . '</div>';
echo '</div>';
// Make sure debug jslog output only happens once:
$debug_jslog_done = true;
}
// ----
if (!$force) {
if (!empty($debug_done)) {
// Already displayed!
return;
}
if (empty($debug)) {
// No debug output desired:
return;
}
// Do not display, if no content-type header has been sent or it's != "text/html" (debug > 1 skips this)
if ($debug < 2) {
if ($content_type != 'text/html') {
return;
}
}
}
//Make sure debug output only happens once:
$debug_done = true;
// clean output:
$clean = $is_cli || $force_clean;
$printf_format = '| %-45s | %-5s | %-7s | %-5s |';
$table_headerlen = 73;
/* This calculates the number of dashes to print e. g. on the top and
* bottom of the table and after the header, making the table look
* better (looks like the tables of the mysql command line client).
* Normally, the value won't change, so it's hardcoded above. If you
* change the printf() format above, this might be useful.
preg_match_all( '#\d+#', $printf_format, $table_headerlen );
$table_headerlen = array_sum( $table_headerlen[0] ) +
strlen( preg_replace( '#[^ \|]+#', '',
$printf_format ) ) - 2;
*/
$ReqHostPathQuery = $ReqHost . $ReqPath . (empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING']);
echo "\n\n\n";
echo $clean ? '*** Debug info ***' . "\n\n" : '<div class="debug" id="debug_info"><h2>Debug info</h2>';
if (!$obhandler_debug) {
// don't display changing items when we want to test obhandler
// ---------------------------
echo '<div class="log_container"><div>';
echo 'HTTP Response code: ' . $http_response_code;
echo $clean ? "\n" : '<br />';
echo '$content_type_header: ' . $content_type_header;
echo $clean ? "\n" : '<br />';
echo '$disp: ' . $disp . ' -- detail: ' . $disp_detail;
echo $clean ? "\n" : '<br />';
echo '$robots_index: ' . $robots_index;
echo $clean ? "\n" : '<br />';
echo '$robots_follow: ' . $robots_follow;
echo $clean ? "\n" : '<br />';
echo '</div></div>';
// ================================== DB Summary ================================
if (isset($DB)) {
echo '<div class="log_container"><div>';
echo $DB->num_queries . ' SQL queries executed in ' . $Timer->get_duration('SQL QUERIES') . " seconds\n";
if (!$clean) {
echo ' <a href="' . $ReqHostPathQuery . '#evo_debug_queries">scroll down to details</a><p>';
}
echo '</div></div>';
}
// ========================== Timer table ================================
$time_page = $Timer->get_duration('total');
$timer_rows = array();
foreach ($Timer->get_categories() as $l_cat) {
if ($l_cat == 'sql_query') {
continue;
}
$timer_rows[$l_cat] = $Timer->get_duration($l_cat);
}
// Don't sort to see orginal order of creation
// arsort( $timer_rows );
// ksort( $timer_rows );
// Remove "total", it will get output as the last one:
$total_time = $timer_rows['total'];
unset($timer_rows['total']);
$percent_total = $time_page > 0 ? number_format(100 / $time_page * $total_time, 2) : '0';
if ($clean) {
echo '== Timers ==' . "\n\n";
echo '+' . str_repeat('-', $table_headerlen) . '+' . "\n";
printf($printf_format . "\n", 'Category', 'Time', '%', 'Count');
echo '+' . str_repeat('-', $table_headerlen) . '+' . "\n";
} else {
echo '<table class="debug_timer"><thead>' . '<tr><td colspan="4" class="center">Timers</td></tr>' . '<tr><th>Category</th><th>Time</th><th>%</th><th>Count</th></tr>' . '</thead>';
// Output "total":
echo "\n<tfoot><tr>" . '<td>total</td>' . '<td class="right red">' . $total_time . '</td>' . '<td class="right">' . $percent_total . '%</td>' . '<td class="right">' . $Timer->get_count('total') . '</td></tr></tfoot>';
echo '<tbody>';
}
$table_rows_collapse = array();
foreach ($timer_rows as $l_cat => $l_time) {
$percent_l_cat = $time_page > 0 ? number_format(100 / $time_page * $l_time, 2) : '0';
if ($clean) {
$row = sprintf($printf_format, $l_cat, $l_time, $percent_l_cat . '%', $Timer->get_count($l_cat));
} else {
$row = "\n<tr>" . '<td>' . $l_cat . '</td>' . '<td class="right">' . $l_time . '</td>' . '<td class="right">' . $percent_l_cat . '%</td>' . '<td class="right">' . $Timer->get_count($l_cat) . '</td></tr>';
}
// Maybe ignore this row later, but not for clean display.
if (!$clean && $percent_l_cat < 1) {
// Hide everything that tool less tahn 5% of the time
$table_rows_collapse[] = $row;
} else {
echo $row . "\n";
}
}
$count_collapse = count($table_rows_collapse);
// Collapse ignored rows, allowing to expand them with Javascript:
if ($count_collapse > 5) {
echo '<tr><td colspan="4" class="center" id="evo-debuglog-timer-long-header">';
echo '<a href="" onclick="var e = document.getElementById(\'evo-debuglog-timer-long\'); e.style.display = (e.style.display == \'none\' ? \'\' : \'none\'); return false;">+ ' . $count_collapse . ' queries < 1%</a> </td></tr>';
echo '</tbody>';
echo '<tbody id="evo-debuglog-timer-long" style="display:none;">';
}
echo implode("\n", $table_rows_collapse) . "\n";
if ($clean) {
// "total" (done in tfoot for html above)
echo sprintf($printf_format, 'total', $total_time, $percent_total . '%', $Timer->get_count('total'));
echo '+' . str_repeat('-', $table_headerlen) . '+' . "\n\n";
} else {
echo "\n</tbody></table>";
// add jquery.tablesorter to the "Debug info" table.
global $rsc_uri;
echo '
<script type="text/javascript" src="' . $rsc_uri . 'js/jquery/jquery.tablesorter.min.js"></script>
<script type="text/javascript">
(function($){
var clicked_once;
jQuery("table.debug_timer th").click( function(event) {
if( clicked_once ) return; else clicked_once = true;
jQuery("#evo-debuglog-timer-long tr").appendTo(jQuery("table.debug_timer tbody")[0]);
jQuery("#evo-debuglog-timer-long-header").remove();
// click for tablesorter:
jQuery("table.debug_timer").tablesorter();
jQuery(event.currentTarget).click();
});
})(jQuery);
</script>';
}
// ================================ Opcode caching ================================
echo '<div class="log_container"><div>';
echo 'Opcode cache: ' . get_active_opcode_cache();
echo $clean ? "\n" : '<p>';
echo '</div></div>';
// ================================ Memory Usage ================================
echo '<div class="log_container"><div>';
foreach (array('memory_get_usage' => array('display' => 'Memory usage', 'high' => 8000000), 'memory_get_peak_usage' => array('display' => 'Memory peak usage', 'high' => 8000000)) as $l_func => $l_var) {
if (function_exists($l_func)) {
$_usage = $l_func();
if ($_usage > $l_var['high']) {
echo $clean ? '[!!] ' : '<span style="color:red; font-weight:bold">';
}
echo $l_var['display'] . ': ' . bytesreadable($_usage, !$clean);
if (!$clean && $_usage > $l_var['high']) {
echo '</span>';
}
echo $clean ? "\n" : '<br />';
}
}
echo 'Len of serialized $cache_imgsize: ' . strlen(serialize($cache_imgsize));
echo $clean ? "\n" : '<br />';
echo 'Len of serialized $cache_File: ' . strlen(serialize($cache_File));
echo $clean ? "\n" : '<br />';
echo '</div></div>';
}
// DEBUGLOG(s) FROM PREVIOUS SESSIONS, after REDIRECT(s) (with list of categories at top):
if (isset($Session) && ($sess_Debuglogs = $Session->get('Debuglogs')) && !empty($sess_Debuglogs)) {
$count_sess_Debuglogs = count($sess_Debuglogs);
if ($count_sess_Debuglogs > 1) {
// Links to those Debuglogs:
if ($clean) {
// kind of useless, but anyway...
echo "\n" . 'There are ' . $count_sess_Debuglogs . ' Debuglogs from redirected pages.' . "\n";
} else {
echo '<p>There are ' . $count_sess_Debuglogs . ' Debuglogs from redirected pages: ';
for ($i = 1; $i <= $count_sess_Debuglogs; $i++) {
echo '<a href="' . $ReqHostPathQuery . '#debug_sess_debuglog_' . $i . '">#' . $i . '</a> ';
}
echo '</p>';
}
}
foreach ($sess_Debuglogs as $k => $sess_Debuglog) {
$log_categories = array('error', 'note', 'all');
// Categories to output (in that order)
if ($clean) {
$log_container_head = "\n" . '== Debug messages from redirected page (#' . ($k + 1) . ') ==' . "\n" . 'See below for the Debuglog from the current request.' . "\n";
echo format_to_output($sess_Debuglog->display(array('container' => array('string' => $log_container_head, 'template' => false), 'all' => array('string' => '= %s =' . "\n\n", 'template' => false)), '', false, $log_categories, '', 'raw', false), 'raw');
} else {
$log_container_head = '<h3 id="debug_sess_debuglog_' . ($k + 1) . '" style="color:#f00;">Debug messages from redirected page (#' . ($k + 1) . ')</h3>' . '<p><a href="' . $ReqHostPathQuery . '#debug_debuglog">See below for the Debuglog from the current request.</a></p>';
$log_cats = array_keys($sess_Debuglog->get_messages($log_categories));
// the real list (with all replaced and only existing ones)
$log_head_links = array();
foreach ($log_cats as $l_cat) {
$log_head_links[] .= '<a href="' . $ReqHostPathQuery . '#debug_redir_' . ($k + 1) . '_info_cat_' . str_replace(' ', '_', $l_cat) . '">' . $l_cat . '</a>';
}
$log_container_head .= implode(' | ', $log_head_links);
echo format_to_output($sess_Debuglog->display(array('container' => array('string' => $log_container_head, 'template' => false), 'all' => array('string' => '<h4 id="debug_redir_' . ($k + 1) . '_info_cat_%s">%s:</h4>', 'template' => false)), '', false, $log_categories), 'htmlbody');
}
}
// Delete logs since they have been displayed...
// EXCEPT if we are redirecting, because in this case we won't see these logs in a browser (only in request debug tools)
// So in that case we want them to move over to the next page...
if ($http_response_code < 300 || $http_response_code >= 400) {
// This is NOT a 3xx redirect, assume debuglogs have been seen & delete them:
$Session->delete('Debuglogs');
}
}
// CURRENT DEBUGLOG (with list of categories at top):
$log_categories = array('error', 'note', 'all');
// Categories to output (in that order)
$log_container_head = $clean ? "\n" . '== Debug messages ==' . "\n" : '<h3 id="debug_debuglog">Debug messages</h3>';
if (!empty($sess_Debuglogs)) {
// link to first sess_Debuglog:
if ($clean) {
$log_container_head .= 'See above for the Debuglog(s) from before the redirect.' . "\n";
} else {
$log_container_head .= '<p><a href="' . $ReqHostPathQuery . '#debug_sess_debuglog_1">See above for the Debuglog(s) from before the redirect.</a></p>';
}
}
if (!$clean) {
$log_cats = array_keys($Debuglog->get_messages($log_categories));
// the real list (with all replaced and only existing ones)
$log_head_links = array();
foreach ($log_cats as $l_cat) {
$log_head_links[] .= '<a href="' . $ReqHostPathQuery . '#debug_info_cat_' . str_replace(' ', '_', $l_cat) . '">' . $l_cat . '</a>';
}
$log_container_head .= implode(' | ', $log_head_links);
echo format_to_output($Debuglog->display(array('container' => array('string' => $log_container_head, 'template' => false), 'all' => array('string' => '<h4 id="debug_info_cat_%s">%s:</h4>', 'template' => false)), '', false, $log_categories), 'htmlbody');
echo '<h3 id="evo_debug_queries">DB</h3>';
} else {
echo format_to_output($Debuglog->display(array('container' => array('string' => $log_container_head, 'template' => false), 'all' => array('string' => '= %s =' . "\n\n", 'template' => false)), '', false, $log_categories, '', 'raw', false), 'raw');
echo "\n" . '== DB ==' . "\n\n";
}
if ($db_config) {
if (!$clean) {
echo '<pre>';
}
echo 'Config DB Username: '******'user'] . "\n" . 'Config DB Database: ' . $db_config['name'] . "\n" . 'Config DB Host: ' . (isset($db_config['host']) ? $db_config['host'] : 'unset (localhost)') . "\n" . 'Config DB tables prefix: ' . $tableprefix . "\n" . 'Config DB connection charset: ' . $db_config['connection_charset'] . "\n";
echo $clean ? "\n" : '</pre>';
}
if (!isset($DB)) {
echo 'No DB object.' . ($clean ? "\n" : '');
} else {
echo '<pre>Current DB charset: ' . $DB->connection_charset . "</pre>\n";
$DB->dump_queries(!$clean);
}
if (!$clean) {
echo '</div>';
}
}
$recipient_id = param('recipient_id', 'integer', 0);
$post_id = param('post_id', 'integer', 0);
$comment_id = param('comment_id', 'integer', 0);
$subject = param('subject', 'string', '');
// User's preferred name or the stored value in her cookie (from commenting):
$email_author = '';
// User's email address or the stored value in her cookie (from commenting):
$email_author_address = '';
if (is_logged_in()) {
$email_author = $current_User->get_preferred_name();
$email_author_address = $current_User->email;
}
if (!strlen($email_author)) {
// Try to get params from $_COOKIE through the param() function
$email_author = param_cookie($cookie_name, 'string', '');
$email_author_address = param_cookie($cookie_email, 'string', '');
}
$recipient_User = NULL;
// Get the name and email address of the recipient
if (empty($recipient_id)) {
$recipient_name = param('recipient_name', 'string', '');
$recipient_address = param('recipient_address', 'string', '');
} else {
// If the email is to a registered user get the email address from the users table
$UserCache =& get_UserCache();
$recipient_User =& $UserCache->get_by_ID($recipient_id);
if ($recipient_User) {
// recipient User found
$recipient_name = $recipient_User->get('preferredname');
$recipient_address = $recipient_User->get('email');
}
if (!defined('EVO_MAIN_INIT')) {
die('Please, do not access this page directly.');
}
global $app_version, $disp, $Blog, $Skin, $Settings;
if (version_compare($app_version, '4.0.0-dev') < 0) {
// Older 2.x skins work on newer 2.x b2evo versions, but newer 2.x skins may not work on older 2.x b2evo versions.
die('This skin is designed for b2evolution 4.0.0 and above. Please <a href="http://b2evolution.net/downloads/index.html">upgrade your b2evolution</a>.');
}
if ($Skin->get_setting('width_switcher')) {
/**
* @var string Name of cookie for skin width
*/
$cookie_skin_width_name = 'skin_width';
if (isset($_COOKIE[$cookie_skin_width_name])) {
// Get skin width from $_COOKIE through param function
$cookie_skin_width_value = param_cookie($cookie_skin_width_name, '/^\\d+(px|%)$/i', NULL);
if (empty($cookie_skin_width_value)) {
// Force illegal value of width to default
$cookie_skin_width_value = '1140px';
}
}
}
// This is the main template; it may be used to display very different things.
// Do inits depending on current $disp:
skin_init($disp);
// -------------------------- HTML HEADER INCLUDED HERE --------------------------
skin_include('_html_header.inc.php', array());
// -------------------------------- END OF HEADER --------------------------------
// ---------------------------- SITE HEADER INCLUDED HERE ----------------------------
// If site headers are enabled, they will be included here:
siteskin_include('_site_body_header.inc.php');
/**
* Constructor
*
* If valid session cookie received: pull session from DB
* Otherwise, INSERT a session into DB
*/
function Session()
{
global $DB, $Debuglog, $current_User, $localtimenow, $Messages, $Settings, $UserSettings;
global $Hit;
global $cookie_session, $cookie_expires, $cookie_path, $cookie_domain;
$Debuglog->add('Session: cookie_domain=' . $cookie_domain, 'request');
$Debuglog->add('Session: cookie_path=' . $cookie_path, 'request');
$session_cookie = param_cookie($cookie_session, 'string', '');
if (empty($session_cookie)) {
$Debuglog->add('Session: No session cookie received.', 'request');
} else {
// session ID sent by cookie
if (!preg_match('~^(\\d+)_(\\w+)$~', $session_cookie, $match)) {
$Debuglog->add('Session: Invalid session cookie format!', 'request');
} else {
// We have a valid session cookie:
$session_id_by_cookie = $match[1];
$session_key_by_cookie = $match[2];
$Debuglog->add('Session: Session ID received from cookie: ' . $session_id_by_cookie, 'request');
$timeout_sessions = NULL;
if ($this->user_ID != NULL) {
// User is not anonymous, get custom session timeout (may return NULL):
$timeout_sessions = $UserSettings->get('timeout_sessions', $this->user_ID);
}
if (empty($timeout_sessions)) {
// User is anonymous or has no custom session timeout. So, we use default session timeout:
$timeout_sessions = $Settings->get('timeout_sessions');
}
$row = $DB->get_row('
SELECT sess_ID, sess_key, sess_data, sess_user_ID, sess_start_ts, sess_lastseen_ts, sess_device
FROM T_sessions
WHERE sess_ID = ' . $DB->quote($session_id_by_cookie) . '
AND sess_key = ' . $DB->quote($session_key_by_cookie) . '
AND UNIX_TIMESTAMP(sess_lastseen_ts) > ' . ($localtimenow - $timeout_sessions));
if (empty($row)) {
$Debuglog->add('Session: Session ID/key combination is invalid!', 'request');
} else {
// ID + key are valid: load data
$Debuglog->add('Session: Session ID is valid.', 'request');
$this->ID = $row->sess_ID;
$this->key = $row->sess_key;
$this->user_ID = $row->sess_user_ID;
$this->start_ts = mysql2timestamp($row->sess_start_ts);
$this->lastseen_ts = mysql2timestamp($row->sess_lastseen_ts);
$this->is_validated = true;
$this->sess_device = $row->sess_device;
$Debuglog->add('Session: Session user_ID: ' . var_export($this->user_ID, true), 'request');
if (empty($row->sess_data)) {
$Debuglog->add('Session: No session data available.', 'request');
$this->_data = array();
} else {
// Some session data has been previsouly stored:
// Unserialize session data (using an own callback that should provide class definitions):
$old_callback = ini_set('unserialize_callback_func', 'session_unserialize_callback');
if ($old_callback === false || is_null($old_callback)) {
// NULL if ini_set has been disabled for security reasons
// Brutally load all classes that we might need:
session_unserialize_load_all_classes();
}
// TODO: dh> This can fail, if there are special chars in sess_data:
// It will be encoded in $evo_charset _after_ "SET NAMES", but
// get retrieved here, _before_ any "SET NAMES" (if $db_config['connection_charset'] is not set (default))!
$this->_data = @unserialize($row->sess_data);
if ($old_callback !== false) {
// Restore the old callback if we changed it:
ini_set('unserialize_callback_func', $old_callback);
}
if (!is_array($this->_data)) {
$Debuglog->add('Session: Session data corrupted!<br />
connection_charset: ' . var_export($DB->connection_charset, true) . '<br />
Serialized data was: --[' . var_export($row->sess_data, true) . ']--', array('session', 'error'));
$this->_data = array();
} else {
$Debuglog->add('Session: Session data loaded.', 'request');
// Load a Messages object from session data, if available:
if (($sess_Messages = $this->get('Messages')) && is_a($sess_Messages, 'Messages')) {
// dh> TODO: "old" messages should rather get prepended to any existing ones from the current request, rather than appended
$Messages->add_messages($sess_Messages);
$Debuglog->add('Session: Added Messages from session data.', 'request');
$this->delete('Messages');
}
}
}
}
}
}
if ($this->ID) {
// there was a valid session before
if ($this->lastseen_ts < $localtimenow - 60) {
// lastseen timestamp is older then a minute, it needs to be updated at page exit
$this->session_needs_save(true);
}
} else {
// create a new session! :
$this->key = generate_random_key(32);
// Detect user device
global $user_devices;
$this->sess_device = '';
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
foreach ($user_devices as $device_name => $device_regexp) {
if (preg_match('~' . $device_regexp . '~i', $_SERVER['HTTP_USER_AGENT'])) {
$this->sess_device = $device_name;
break;
}
}
}
// We need to INSERT now because we need an ID now! (for the cookie)
$DB->query("\n\t\t\t\tINSERT INTO T_sessions( sess_key, sess_start_ts, sess_lastseen_ts, sess_ipaddress, sess_device )\n\t\t\t\tVALUES (\n\t\t\t\t\t'" . $this->key . "',\n\t\t\t\t\t'" . date('Y-m-d H:i:s', $localtimenow) . "',\n\t\t\t\t\t'" . date('Y-m-d H:i:s', $localtimenow) . "',\n\t\t\t\t\t" . $DB->quote($Hit->IP) . ",\n\t\t\t\t\t" . $DB->quote($this->sess_device) . "\n\t\t\t\t)");
$this->ID = $DB->insert_id;
// Set a cookie valid for ~ 10 years:
setcookie($cookie_session, $this->ID . '_' . $this->key, time() + 315360000, $cookie_path, $cookie_domain);
$Debuglog->add('Session: ID (generated): ' . $this->ID, 'request');
$Debuglog->add('Session: Cookie sent.', 'request');
}
}
/**
* Constructor
*/
function Session()
{
global $DB, $Debuglog, $current_User, $localtimenow, $Messages, $Settings;
global $Hit;
global $cookie_session, $cookie_expires, $cookie_path, $cookie_domain;
$Debuglog->add('cookie_domain=' . $cookie_domain, 'session');
$Debuglog->add('cookie_path=' . $cookie_path, 'session');
$session_cookie = param_cookie($cookie_session, 'string', '');
if (empty($session_cookie)) {
$Debuglog->add('No session cookie received.', 'session');
} else {
// session ID sent by cookie
if (!preg_match('~^(\\d+)_(\\w+)$~', $session_cookie, $match)) {
$Debuglog->add('Invalid session cookie format!', 'session');
} else {
// We have a valid session cookie:
$session_id_by_cookie = $match[1];
$session_key_by_cookie = $match[2];
$Debuglog->add('Session ID received from cookie: ' . $session_id_by_cookie, 'session');
$row = $DB->get_row('
SELECT sess_ID, sess_key, sess_data, sess_user_ID
FROM T_sessions
WHERE sess_ID = ' . $DB->quote($session_id_by_cookie) . '
AND sess_key = ' . $DB->quote($session_key_by_cookie) . '
AND UNIX_TIMESTAMP(sess_lastseen) > ' . ($localtimenow - $Settings->get('timeout_sessions')));
if (empty($row)) {
$Debuglog->add('Session ID/key combination is invalid!', 'session');
} else {
// ID + key are valid: load data
$Debuglog->add('Session ID is valid.', 'session');
$this->ID = $row->sess_ID;
$this->key = $row->sess_key;
$this->user_ID = $row->sess_user_ID;
$this->is_validated = true;
$Debuglog->add('Session user_ID: ' . var_export($this->user_ID, true), 'session');
if (empty($row->sess_data)) {
$Debuglog->add('No session data available.', 'session');
$this->_data = array();
} else {
// Some session data has been previsouly stored:
// Unserialize session data (using an own callback that should provide class definitions):
$old_callback = ini_set('unserialize_callback_func', 'session_unserialize_callback');
if ($old_callback === false) {
// this can fail, if "ini_set" has been disabled for security reasons.. :/
// Brutally load add classes that we might need:
session_unserialize_load_all_classes();
}
// TODO: dh> This can fail, if there are special chars in sess_data:
// It will be encoded in $evo_charset _after_ "SET NAMES", but
// get retrieved here, _before_ any "SET NAMES" (if $db_config['connection_charset'] is not set (default))!
$this->_data = @unserialize($row->sess_data);
if ($old_callback !== false) {
// Restore the old callback if we changed it:
ini_set('unserialize_callback_func', $old_callback);
}
if (!is_array($this->_data)) {
$Debuglog->add('Session data corrupted!<br />
connection_charset: ' . var_export($DB->connection_charset, true) . '<br />
Serialized data was: --[' . var_export($row->sess_data, true) . ']--', array('session', 'error'));
$this->_data = array();
} else {
$Debuglog->add('Session data loaded.', 'session');
// Load a Messages object from session data, if available:
if (($sess_Messages = $this->get('Messages')) && is_a($sess_Messages, 'log')) {
// dh> TODO: "old" messages should rather get prepended to any existing ones from the current request, rather than appended
$Messages->add_messages($sess_Messages->messages);
$Debuglog->add('Added Messages from session data.', 'session');
$this->delete('Messages');
}
}
}
}
}
}
if ($this->ID) {
// there was a valid session before; update data (lastseen)
$this->_session_needs_save = true;
} else {
// create a new session
$this->key = generate_random_key(32);
// We need to INSERT now because we need an ID now! (for the cookie)
$DB->query("\r\n\t\t\t\tINSERT INTO T_sessions( sess_key, sess_lastseen, sess_ipaddress )\r\n\t\t\t\tVALUES (\r\n\t\t\t\t\t'" . $this->key . "',\r\n\t\t\t\t\t'" . date('Y-m-d H:i:s', $localtimenow) . "',\r\n\t\t\t\t\t'" . $Hit->IP . "'\r\n\t\t\t\t)");
$this->ID = $DB->insert_id;
// Set a cookie valid for ~ 10 years:
setcookie($cookie_session, $this->ID . '_' . $this->key, time() + 315360000, $cookie_path, $cookie_domain);
$Debuglog->add('ID (generated): ' . $this->ID, 'session');
$Debuglog->add('Cookie sent.', 'session');
}
register_shutdown_function(array(&$this, 'dbsave'));
}
