示例#1
0
 public function __construct()
 {
     global $CFG;
     if (!defined('NO_MOODLE_COOKIES')) {
         if (empty($CFG->version) or $CFG->version < 2009011900) {
             // no session before sessions table gets greated
             define('NO_MOODLE_COOKIES', true);
         } else {
             if (CLI_SCRIPT) {
                 // CLI scripts can not have session
                 define('NO_MOODLE_COOKIES', true);
             } else {
                 define('NO_MOODLE_COOKIES', false);
             }
         }
     }
     if (NO_MOODLE_COOKIES) {
         // session not used at all
         $CFG->usesid = 0;
         $_SESSION = array();
         $_SESSION['SESSION'] = new object();
         $_SESSION['USER'] = new object();
     } else {
         $this->prepare_cookies();
         $this->init_session_storage();
         $newsession = empty($_COOKIE['MoodleSession' . $CFG->sessioncookie]);
         if (!empty($CFG->usesid) && $newsession) {
             sid_start_ob();
         } else {
             $CFG->usesid = 0;
             ini_set('session.use_trans_sid', '0');
         }
         session_name('MoodleSession' . $CFG->sessioncookie);
         session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
         session_start();
         if (!isset($_SESSION['SESSION'])) {
             $_SESSION['SESSION'] = new object();
             if (!$newsession and !$this->justloggedout) {
                 $_SESSION['SESSION']->has_timed_out = true;
             }
         }
         if (!isset($_SESSION['USER'])) {
             $_SESSION['USER'] = new object();
         }
     }
     $this->check_user_initialised();
     $this->check_security();
 }
示例#2
0
文件: setup.php 项目: r007/PMoodle
//this session fixation prevention can not be used in cookieless mode
if (empty($CFG->usesid) && !defined('MOODLE_SANE_INPUT')) {
    unset(${'MoodleSession' . $CFG->sessioncookie});
    unset($_GET['MoodleSession' . $CFG->sessioncookie]);
    unset($_POST['MoodleSession' . $CFG->sessioncookie]);
}
//compatibility hack for Moodle Cron, cookies not deleted, but set to "deleted" - should not be needed with $nomoodlecookie in cron.php now
if (!empty($_COOKIE['MoodleSession' . $CFG->sessioncookie]) && $_COOKIE['MoodleSession' . $CFG->sessioncookie] == "deleted") {
    unset($_COOKIE['MoodleSession' . $CFG->sessioncookie]);
}
if (!empty($_COOKIE['MoodleSessionTest' . $CFG->sessioncookie]) && $_COOKIE['MoodleSessionTest' . $CFG->sessioncookie] == "deleted") {
    unset($_COOKIE['MoodleSessionTest' . $CFG->sessioncookie]);
}
if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession' . $CFG->sessioncookie])) {
    require_once "{$CFG->dirroot}/lib/cookieless.php";
    sid_start_ob();
}
if (empty($nomoodlecookie)) {
    session_name('MoodleSession' . $CFG->sessioncookie);
    if (check_php_version('5.2.0')) {
        session_set_cookie_params(0, $CFG->sessioncookiepath, '', $CFG->cookiesecure, $CFG->cookiehttponly);
    } else {
        session_set_cookie_params(0, $CFG->sessioncookiepath, '', $CFG->cookiesecure);
    }
    @session_start();
    if (!isset($_SESSION['SESSION'])) {
        $_SESSION['SESSION'] = new object();
        $_SESSION['SESSION']->session_test = random_string(10);
        if (!empty($_COOKIE['MoodleSessionTest' . $CFG->sessioncookie])) {
            $_SESSION['SESSION']->has_timed_out = true;
        }
 public function __construct()
 {
     global $CFG;
     if (NO_MOODLE_COOKIES) {
         // session not used at all
         $CFG->usesid = 0;
         $_SESSION = array();
         $_SESSION['SESSION'] = new stdClass();
         $_SESSION['USER'] = new stdClass();
     } else {
         $this->prepare_cookies();
         $this->init_session_storage();
         $newsession = empty($_COOKIE['MoodleSession' . $CFG->sessioncookie]);
         if (!empty($CFG->usesid) && $newsession) {
             sid_start_ob();
         } else {
             $CFG->usesid = 0;
             ini_set('session.use_trans_sid', '0');
         }
         session_name('MoodleSession' . $CFG->sessioncookie);
         session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
         session_start();
         if (!isset($_SESSION['SESSION'])) {
             $_SESSION['SESSION'] = new stdClass();
             if (!$newsession and !$this->justloggedout) {
                 $_SESSION['SESSION']->has_timed_out = true;
             }
         }
         if (!isset($_SESSION['USER'])) {
             $_SESSION['USER'] = new stdClass();
         }
     }
     $this->check_user_initialised();
     $this->check_security();
 }