[Mapbender-commits] r7137 - in trunk/mapbender: core http/frames

Tue Nov 16 08:05:35 EST 2010

Author: christoph
Date: 2010-11-16 05:05:35 -0800 (Tue, 16 Nov 2010)
New Revision: 7137

Modified:
   trunk/mapbender/core/globalSettings.php
   trunk/mapbender/core/system.php
   trunk/mapbender/http/frames/login.php
Log:
#720

Modified: trunk/mapbender/core/globalSettings.php
===================================================================

--- trunk/mapbender/core/globalSettings.php	2010-11-16 12:36:59 UTC (rev 7136)
+++ trunk/mapbender/core/globalSettings.php	2010-11-16 13:05:35 UTC (rev 7137)
@@ -29,20 +29,11 @@
 if (defined("SESSION_NAME") && is_string(SESSION_NAME)) {
 //	session_name(SESSION_NAME);
 }
-session_start();
-//
-// Add FirePHP for debugging only, supply a global $firephp
-//
-if (defined("LOG_PHP_WITH_FIREPHP") && LOG_PHP_WITH_FIREPHP === "on") {
-	require_once(dirname(__FILE__)."/../http/extensions/FirePHP-0.3/FirePHP.class.php");
-	
-	$firephp = FirePHP::getInstance(true);
-}
 
 //
 // Basic Mapbender classes, for session handling etc.
 //
-require_once(dirname(__FILE__)."/../lib/class_Mapbender.php");
+require_once dirname(__FILE__)."/../lib/class_Mapbender.php";
 
 //
 // define LC_MESSAGES if unknown (for Windows platforms)
@@ -50,87 +41,11 @@
 if (!defined("LC_MESSAGES")) define("LC_MESSAGES", LC_CTYPE);
 
 //
-// All data Mapbender handles internally are UTF-8
-//
-mb_internal_encoding("UTF-8");
-
-//
-// if magic quotes is on, automatically strip slashes
-// (non-recursive due to possible security hazard)
-//
-if (get_magic_quotes_gpc()) {
-	$in = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
-	
-	while (list($k, $v) = each($in)) {
-		foreach ($v as $key => $val) {
-			if (!is_array($val)) {
-				$in[$k][$key] = stripslashes($val);
-				continue;
-			}
-			$in[]= &$in[$k][$key];
-		}
-	}
-
-	unset($in);
-}
-
-
-//
-// configuration file
-//
-require_once(dirname(__FILE__)."/../conf/mapbender.conf");
-
-
-//
-// until we have decided how to implement a public user,
-// use this constant. In Geoportal.rlp.de it was used as ANONYMOUS_USER
-// 
-if (!defined("PUBLIC_USER")) define("PUBLIC_USER", "");
-
-if (!defined("LOAD_JQUERY_FROM_GOOGLE")) define("LOAD_JQUERY_FROM_GOOGLE", false);
-
-
-//
-// class for error handling
-//
-DEFINE("LOG_DIR", dirname(__FILE__) . "/../log/");		
-require_once(dirname(__FILE__)."/../http/classes/class_mb_exception.php");
-
-//
 // I18n wrapper function, gettext
 //
-require_once(dirname(__FILE__) . "/../core/i18n.php");
-require_once(dirname(__FILE__) . "/../http/classes/class_locale.php");
+require_once dirname(__FILE__) . "/../core/i18n.php";
+require_once dirname(__FILE__) . "/../http/classes/class_locale.php";
 $localeObj = new Mb_locale(Mapbender::session()->get("mb_lang"));
 
-//
-// Do not display PHP errors
-//
-ini_set("display_errors", "0");
 
-//
-// AJAX wrapper
-//
-require_once(dirname(__FILE__)."/../lib/ajax.php");
-
-//
-// get real ip address, can be improved, see
-// http://roshanbh.com.np/2007/12/getting-real-ip-address-in-php.html
-//
-function getRealIpAddr() {
-    if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
-    {
-      $ip=$_SERVER['HTTP_CLIENT_IP'];
-    }
-    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
-    {
-      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
-    }
-    else
-    {
-      $ip=$_SERVER['REMOTE_ADDR'];
-    }
-    return $ip;
-}
-
 ?>

Modified: trunk/mapbender/core/system.php
===================================================================
--- trunk/mapbender/core/system.php	2010-11-16 12:36:59 UTC (rev 7136)
+++ trunk/mapbender/core/system.php	2010-11-16 13:05:35 UTC (rev 7137)
@@ -19,6 +19,11 @@
 
 //define("SESSION_NAME", "TRUNK_SESSID");
 #
+# configuration file
+#
+require_once dirname(__FILE__)."/../conf/mapbender.conf";
+
+#
 # mapbender version
 #
 define("MB_VERSION_NUMBER", "2.7");
@@ -105,15 +110,35 @@
 function security_patch_log($file,$line) {
     $h = fopen("../log/security_patch.log","a+");
     if($h) {
-	fwrite($h,date("Y.m.d H:i")." FILE : ".$file." | LINE : ".$line." | POST : ".implode(",",array_keys($_POST))." | GET : ".implode(",",array_keys($_GET))." | FILE : ".implode(",",array_keys($_FILE))." |\n");
-	fclose($h);
+		fwrite($h,date("Y.m.d H:i")." FILE : ".$file." | LINE : ".$line." | POST : ".implode(",",array_keys($_POST))." | GET : ".implode(",",array_keys($_GET))." | FILE : ".implode(",",array_keys($_FILE))." |\n");
+		fclose($h);
     }
 }
 
 //
+// get real ip address, can be improved, see
+// http://roshanbh.com.np/2007/12/getting-real-ip-address-in-php.html
+//
+function getRealIpAddr() {
+    if (!empty($_SERVER['HTTP_CLIENT_IP']))   //check ip from share internet
+    {
+      $ip=$_SERVER['HTTP_CLIENT_IP'];
+    }
+    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))   //to check ip is pass from proxy
+    {
+      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
+    }
+    else
+    {
+      $ip=$_SERVER['REMOTE_ADDR'];
+    }
+    return $ip;
+}
+
+//
 // database wrapper
 //
-require_once(dirname(__FILE__) . "/../lib/database-pgsql.php");
+require_once dirname(__FILE__) . "/../lib/database-pgsql.php";
 
 //
 // establish database connection
@@ -121,4 +146,65 @@
 $con = db_connect(DBSERVER, OWNER, PW);
 db_select_db(DB, $con);
 
+
+
+//
+// Add FirePHP for debugging only, supply a global $firephp
+//
+if (defined("LOG_PHP_WITH_FIREPHP") && LOG_PHP_WITH_FIREPHP === "on") {
+	require_once(dirname(__FILE__)."/../http/extensions/FirePHP-0.3/FirePHP.class.php");
+
+	$firephp = FirePHP::getInstance(true);
+}
+
+//
+// All data Mapbender handles internally are UTF-8
+//
+mb_internal_encoding("UTF-8");
+
+//
+// if magic quotes is on, automatically strip slashes
+// (non-recursive due to possible security hazard)
+//
+if (get_magic_quotes_gpc()) {
+	$in = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
+
+	while (list($k, $v) = each($in)) {
+		foreach ($v as $key => $val) {
+			if (!is_array($val)) {
+				$in[$k][$key] = stripslashes($val);
+				continue;
+			}
+			$in[]= &$in[$k][$key];
+		}
+	}
+
+	unset($in);
+}
+
+//
+// until we have decided how to implement a public user,
+// use this constant. In Geoportal.rlp.de it was used as ANONYMOUS_USER
+//
+if (!defined("PUBLIC_USER")) define("PUBLIC_USER", "");
+
+if (!defined("LOAD_JQUERY_FROM_GOOGLE")) define("LOAD_JQUERY_FROM_GOOGLE", false);
+
+//
+// class for error handling
+//
+DEFINE("LOG_DIR", dirname(__FILE__) . "/../log/");
+require_once dirname(__FILE__)."/../http/classes/class_mb_exception.php";
+
+//
+// Do not display PHP errors
+//
+ini_set("display_errors", "0");
+
+//
+// AJAX wrapper
+//
+require_once dirname(__FILE__)."/../lib/ajax.php";
+
+
 ?>

Modified: trunk/mapbender/http/frames/login.php
===================================================================
--- trunk/mapbender/http/frames/login.php	2010-11-16 12:36:59 UTC (rev 7136)
+++ trunk/mapbender/http/frames/login.php	2010-11-16 13:05:35 UTC (rev 7137)
@@ -159,8 +159,13 @@
 	
 	// if given user data is found in database, set session data (db_fetch_array returns false if no row is found)
 	if($row){
-		require_once dirname(__FILE__)."/../../core/globalSettings.php";
-		include(dirname(__FILE__)."/../../conf/session.conf");
+		require_once dirname(__FILE__) . "/../../core/globalSettings.php";
+		if (Mapbender::session()->get("mb_user_id") !== false && $row["mb_user_id"] !== Mapbender::session()->get("mb_user_id")) {
+			session_write_close();
+			session_id(sha1(mt_rand()));
+			session_start();
+		}
+		include(dirname(__FILE__) . "/../../conf/session.conf");
 	}
 	else {
 		redirectToLogin($name);

