kazhnuz/koblog
1
0
Fork 0
Code Issues 30 Pull requests Projects 3 Releases Packages Wiki Activity Actions

Bug fix in Session handler for multiples Bludit installation in the same root folder

Browse source
This commit is contained in:
Diego Najar 2021-11-25 20:17:38 +01:00
parent 9718e03590
commit 320f9a2f0c
4 changed files with 227 additions and 211 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bl-kernel/boot/admin.php
View file

@ -2,8 +2,8 @@
// Start the session // Start the session
// If the session is not started the admin area is not available // If the session is not started the admin area is not available
Session::start(); Session::start($site->urlPath(), $site->isHTTPS());
if (Session::started()===false) { if (!Session::started()) {
exit('Bludit CMS. Session initialization failed.'); exit('Bludit CMS. Session initialization failed.');
} }

36
bl-kernel/helpers/session.class.php
View file

@ -5,37 +5,33 @@ class Session {
private static $started = false; private static $started = false;
private static $sessionName = 'BLUDIT-KEY'; private static $sessionName = 'BLUDIT-KEY';
public static function start() public static function start($path, $secure)
{ {
// Try to set the session timeout on server side, 1 hour of timeout // Try to set the session timeout on server side, 1 hour of timeout
ini_set('session.gc_maxlifetime', SESSION_GC_MAXLIFETIME); ini_set('session.gc_maxlifetime', SESSION_GC_MAXLIFETIME);
// If TRUE cookie will only be sent over secure connections. // Gets current cookies parameters
$secure = false;
// If set to TRUE then PHP will attempt to send the httponly flag when setting the session cookie.
$httponly = true;
// Gets current cookies params.
$cookieParams = session_get_cookie_params(); $cookieParams = session_get_cookie_params();
session_set_cookie_params( if (empty($path)) {
SESSION_COOKIE_LIFE_TIME, $path = '/';
$cookieParams["path"], }
$cookieParams["domain"],
$secure,
$httponly
);
// Sets the session name to the one set above. session_set_cookie_params([
'lifetime' => $cookieParams["lifetime"],
'path' => $path,
'domain' => $cookieParams["domain"],
'secure' => $secure,
'httponly' => true,
'samesite' => 'Lax'
]);
// Sets the session name
session_name(self::$sessionName); session_name(self::$sessionName);
// Start session. // Start session
self::$started = session_start(); self::$started = session_start();
// Regenerated the session, delete the old one. There are problems with AJAX.
//session_regenerate_id(true);
if (!self::$started) { if (!self::$started) {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to start the session.'); Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to start the session.');
} }

9
bl-kernel/login.class.php
View file

@ -3,6 +3,7 @@
class Login { class Login {
protected $users; protected $users;
protected $site;
function __construct() function __construct()
{ {
@ -12,9 +13,15 @@ class Login {
$this->users = new Users(); $this->users = new Users();
} }
if (isset($GLOBALS['site'])) {
$this->site = $GLOBALS['site'];
} else {
$this->site = new Site();
}
// Start the Session // Start the Session
if (!Session::started()) { if (!Session::started()) {
Session::start(); Session::start($this->site->urlPath(), $this->site->isHTTPS());
} }
} }

13
bl-kernel/site.class.php
View file

@ -332,6 +332,19 @@ class Site extends dbJSON
return $this->getField('url'); return $this->getField('url');
} }
public function urlPath()
{
$url = $this->getField('url');
return parse_url($url, PHP_URL_PATH);
}
public function isHTTPS()
{
$url = $this->getField('url');
return parse_url($url, PHP_URL_SCHEME) === 'https';
}
// Returns the protocol and the domain, without the base url // Returns the protocol and the domain, without the base url
// For example, http://www.domain.com // For example, http://www.domain.com
public function domain() public function domain()