diff options
Diffstat (limited to 'public')
| -rw-r--r-- | public/activate_email.php | 124 | ||||
| -rw-r--r-- | public/datenschutz.php | 37 | ||||
| -rw-r--r-- | public/dispatch.php | 22 | ||||
| -rw-r--r-- | public/email_validation.php | 108 | ||||
| -rw-r--r-- | public/index.php | 9 | ||||
| -rw-r--r-- | public/jsonapi.php | 12 | ||||
| -rw-r--r-- | public/logout.php | 67 | ||||
| -rw-r--r-- | public/plugins.php | 103 | ||||
| -rw-r--r-- | public/seminar_main.php | 60 | ||||
| -rw-r--r-- | public/sendfile.php | 22 | ||||
| -rw-r--r-- | public/web_migrate.php | 13 |
11 files changed, 102 insertions, 475 deletions
diff --git a/public/activate_email.php b/public/activate_email.php deleted file mode 100644 index 25e70f3..0000000 --- a/public/activate_email.php +++ /dev/null @@ -1,124 +0,0 @@ -<?php -# Lifter007: TODO -# Lifter003: TODO -# Lifter010: TODO - -$_GET['cancel_login'] = '1'; - -require '../lib/bootstrap.php'; - -use Studip\Button, Studip\LinkButton; - -ob_start(); - -page_open(['sess' => 'Seminar_Session', 'auth' => 'Seminar_Default_Auth', 'perm' => 'Seminar_Perm', 'user' => 'Seminar_User']); - -function head($headline, $red=False) { - echo sprintf('<h1>%s</h1>', $headline); -} - -function footer() { -} - -function reenter_mail() { - echo '<br>'; - echo '<form action="' . URLHelper::getLink() . '" method="post" class="default">'; - echo '<fieldset>'; - echo '<legend>'._('Sollten Sie keine E-Mail erhalten haben, können Sie sich einen neuen Aktivierungsschlüssel zuschicken lassen. Geben Sie dazu Ihre gewünschte E-Mail-Adresse unten an') . '</legend>' - . CSRFProtection::tokenTag() - .'<input type="hidden" name="uid" value="'. htmlReady(Request::option('uid')) .'">' - .'<label>' . _('E-Mail') - .'<input type="email" name="email1" required>' - .'</label>' - .'<label>' . _('Wiederholung') - .'<input type="email" name="email2" required>' - .'</label>'; - echo '</fieldset>'; - echo '<footer>' . Button::createAccept() . '</footer>'; - echo '</form>'; -} - -function mail_explain() { - echo '<form action="' . URLHelper::getLink() . '" method="post" class="default">'; - echo '<fieldset>'; - echo '<legend>' . _('Sie haben Ihre E-Mail-Adresse geändert. - Um diese frei zu schalten müssen Sie den Ihnen an Ihre neue Adresse zugeschickten Aktivierungs Schlüssel im unten stehenden Eingabefeld eintragen.') . '</legend>'; - echo CSRFProtection::tokenTag(); - echo '<label>' . _('Aktivierungs Schlüssel') - .'<input type="text" name="key"><input name="uid" type="hidden" value="'.htmlReady(Request::option('uid')).'">'; - echo '</fieldset>'; - echo '<footer>' . Button::createAccept() . '</footer>'; - echo '</form>'; - -} - -if(!Request::option('uid')) - header("Location: index.php"); - -URLHelper::addLinkParam('cancel_login', 1); - -// set up user session -include 'lib/seminar_open.php'; - -// display header -PageLayout::setTitle(_('E-Mail Aktivierung')); - -$uid = Request::option('uid'); -if(Request::get('key') !== null) { - - $db = DBManager::get(); - $sth = $db->prepare("SELECT validation_key FROM auth_user_md5 WHERE user_id=?"); - $sth->execute([$uid]); - $result = $sth->fetch(); - $key = $result['validation_key']; - - if(Request::get('key') == $key) { - $sth = $db->prepare("UPDATE auth_user_md5 SET validation_key='' WHERE user_id=?"); - $sth->execute([$uid]); - unset($_SESSION['semi_logged_in']); - head(PageLayout::getTitle()); - PageLayout::postSuccess(_('Ihre E-Mail-Adresse wurde erfolgreich geändert.')); - printf(' <a href="' . URLHelper::getLink('index.php') . '">%s</a>', _('Zum Login')); - } else if ($key == '') { - head(PageLayout::getTitle()); - PageLayout::postInfo(_('Ihre E-Mail-Adresse ist bereits geändert.')); - printf(' <a href="' . URLHelper::getLink('index.php') . '">%s</a>', _('Zum Login')); - } else { - if (Request::get('key')) { - PageLayout::postError(_("Falscher Bestätigungscode.")); - } - head(PageLayout::getTitle()); - mail_explain(); - if($_SESSION['semi_logged_in'] == Request::option('uid')) { - reenter_mail(); - } else { - printf(_('Sie können sich %seinloggen%s und sich den Bestätigungscode neu oder an eine andere E-Mail-Adresse schicken lassen.'), - '<a href="' . URLHelper::getLink('index.php?again=yes') . '">', '</a>'); - } - } - -// checking semi_logged_in is important to avoid abuse -} else if(Request::get('email1') && Request::get('email2') && $_SESSION['semi_logged_in'] == Request::option('uid')) { - if(Request::get('email1') == Request::get('email2')) { - // change mail - $tmp_user = User::find(Request::option('uid')); - if($tmp_user && $tmp_user->changeEmail(Request::get('email1'), true)) { - $_SESSION['semi_logged_in'] = False; - } - - } else { - PageLayout::postError(_('Die eingegebenen E-Mail-Adressen stimmen nicht überein. Bitte überprüfen Sie Ihre Eingabe.')); - } - mail_explain(); - reenter_mail(); -} else { - // this never happens unless someone manipulates urls (or the presented link within the mail is broken) - head(PageLayout::getTitle()); - mail_explain(); - reenter_mail(); -} - -$template = $GLOBALS['template_factory']->open('layouts/base.php'); -$template->content_for_layout = ob_get_clean(); -echo $template->render(); -page_close(); diff --git a/public/datenschutz.php b/public/datenschutz.php deleted file mode 100644 index 0eb134f..0000000 --- a/public/datenschutz.php +++ /dev/null @@ -1,37 +0,0 @@ -<?php -/** - * datenschutz.php - * - * privacy guidelines for Stud.IP - * - * PHP version 5 - * - * @author Elmar Ludwig - * @author Michael Riehemann <michael.riehemann@uni-oldenburg.de> - * @copyright 2009 Stud.IP - * @license http://www.gnu.org/licenses/gpl.html GPL Licence 3 - * @package studip_core - * @access public - */ - -require '../lib/bootstrap.php'; - -page_open([ - 'sess' => 'Seminar_Session', - 'auth' => 'Seminar_Default_Auth', - 'perm' => 'Seminar_Perm', - 'user' => 'Seminar_User' -]); - -// set up user session -include 'lib/seminar_open.php'; - -// this page must be accessible during visibility decision -Config::get()->USER_VISIBILITY_CHECK = false; - -PageLayout::setTitle(_('Erläuterungen zum Datenschutz')); - -$template = $template_factory->open('privacy'); -$template->set_layout('layouts/base.php'); - -echo $template->render(); diff --git a/public/dispatch.php b/public/dispatch.php index 77c5933..8bc346d 100644 --- a/public/dispatch.php +++ b/public/dispatch.php @@ -1,8 +1,6 @@ <?php -# Lifter002: TODO -# Lifter007: TODO -# Lifter003: TODO -# Lifter010: TODO +use Slim\App; +use Slim\Factory\AppFactory; /* * index.php - <short-description> @@ -21,5 +19,17 @@ require '../lib/bootstrap.php'; // prepare environment URLHelper::setBaseUrl($GLOBALS['ABSOLUTE_URI_STUDIP']); -$dispatcher = app(\Trails\Dispatcher::class); -$dispatcher->dispatch(Request::pathInfo()); +// Build PHP_DI Container +$container = app(); + +// Instantiate the app +AppFactory::setContainer($container); +$app = AppFactory::create(); +$container->set(App::class, $app); +$app->setBasePath($GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP'] . 'dispatch.php'); + +$studip_dispatcher = app(\Trails\Dispatcher::class); +$route_callable = $studip_dispatcher->getRouteCallable(Request::pathInfo()); +$app->any(Request::pathInfo(), $route_callable); +NotificationCenter::postNotification('SLIM_BEFORE_RUN', $app); +$app->run(); diff --git a/public/email_validation.php b/public/email_validation.php deleted file mode 100644 index f877aee..0000000 --- a/public/email_validation.php +++ /dev/null @@ -1,108 +0,0 @@ -<?php -# Lifter002: TEST -# Lifter003: TEST -# Lifter007: TEST -# Lifter010: DONE - not applicable -/* -email_validation.php - Hochstufung eines user auf Status autor, wenn erfolgreich per Mail zurueckgemeldet -Copyright (C) 2001 Stefan Suchi <suchi@gmx.de> - -This program is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License -as published by the Free Software Foundation; either version 2 -of the License, or (at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ - -require '../lib/bootstrap.php'; - -page_open([ - 'sess' => 'Seminar_Session', - 'auth' => 'Seminar_Auth', - 'perm' => 'Seminar_Perm', - 'user' => 'Seminar_User' -]); -$auth->login_if($auth->auth['uid'] == 'nobody'); -$perm->check('user'); -// nobody hat hier nix zu suchen... - -include 'lib/seminar_open.php'; // initialise Stud.IP-Session - -// hier wird noch mal berechnet, welches secret in der Bestaetigungsmail uebergeben wurde -$secret = Request::option('secret'); -PageLayout::setHelpKeyword('Basis.AnmeldungMail'); -PageLayout::setTitle(_('Bestätigung der E-Mail-Adresse')); - -//user bereits vorhanden -if ($perm->have_perm('autor')) { - $info = sprintf(_('Sie haben schon den Status <b>%s</b> im System. - Eine Aktivierung des Accounts ist nicht mehr nötig, um Schreibrechte zu bekommen'), $auth->auth['perm']); - $details = []; - $details[] = sprintf('<a href="%s">%s</a>', URLHelper::getLink('index.php'), _('zurück zur Startseite')); - $message = MessageBox::info($info, $details); -} - -// So, wer bis hier hin gekommen ist gehoert zur Zielgruppe... -// Volltrottel (oder abuse) -else if (empty($secret)) { - $message = MessageBox::error(_('Sie müssen den vollständigen Link aus der Bestätigungsmail in die Adresszeile Ihres Browsers kopieren.')); -} - -// abuse (oder Volltrottel) -else if (!Seminar_Register_Auth::validateSecret($secret, $user->id)) { - $error = _('Der übergebene <em>Secret-Code</em> ist nicht korrekt.'); - $details = []; - $details[] = _('Sie müssen unter dem Benutzernamen eingeloggt sein, für den Sie die Bestätigungsmail erhalten haben.'); - $details[] = _('Und Sie müssen den vollständigen Link aus der Bestätigungsmail in die Adresszeile Ihres Browsers kopieren.'); - $message = MessageBox::error($error, $details); - - // Mail an abuse - $REMOTE_ADDR=getenv("REMOTE_ADDR"); - $Zeit=date("H:i:s, d.m.Y",time()); - $username = $auth->auth["uname"]; - StudipMail::sendAbuseMessage("Validation", "Secret falsch\n\nUser: $username\n\nIP: $REMOTE_ADDR\nZeit: $Zeit\n"); -} - -// alles paletti, Status ändern -else { - $studip_user = User::findCurrent(); - $studip_user->perms = 'autor'; - if (!$studip_user->store()) { - $error = _('Fehler! Bitte wenden Sie sich an den Systemadministrator.'); - $details = [$query]; - $message = MessageBox::error($error, $details); - } else { - $success = _('Ihr Status wurde erfolgreich auf <em>autor</em> gesetzt.<br> - Damit dürfen Sie in den meisten Veranstaltungen schreiben, für die Sie sich anmelden.'); - $details = []; - $details[] = _('Einige Veranstaltungen erfordern allerdings bei der Anmeldung die Eingabe eines Passwortes. - Dieses Passwort erfahren Sie von den Lehrenden der Veranstaltung.'); - $message = MessageBox::success($success, $details); - - // Auto-Inserts - AutoInsert::instance()->saveUser($user->id, "autor"); - - $auth->logout(); // einen Logout durchführen, um erneuten Login zu erzwingen - - $info = sprintf(_('Die Statusänderung wird erst nach einem erneuten %sLogin%s wirksam!<br> - Deshalb wurden Sie jetzt automatisch ausgeloggt.'), - '<a href="index.php?again=yes"><em>', - '</em></a>'); - $message .= MessageBox::info($info); - } -} - -$template = $GLOBALS['template_factory']->open('email-validation'); -$template->set_layout($GLOBALS['template_factory']->open('layouts/base.php')); -$template->message = $message; -echo $template->render(); - -page_close(); diff --git a/public/index.php b/public/index.php index abba901..1977233 100644 --- a/public/index.php +++ b/public/index.php @@ -19,12 +19,5 @@ require '../lib/bootstrap.php'; -page_open(['sess' => 'Seminar_Session', 'auth' => 'Seminar_Default_Auth', 'perm' => 'Seminar_Perm', 'user' => 'Seminar_User']); +header('Location: ' . URLHelper::getURL('dispatch.php/start')); -$auth->login_if($user->id === 'nobody'); -include 'lib/seminar_open.php'; // initialise Stud.IP-Session - -// if new start page is in use, redirect there (if logged in) -if ($auth->is_authenticated() && $user->id != 'nobody') { - header('Location: ' . URLHelper::getURL('dispatch.php/start')); -} diff --git a/public/jsonapi.php b/public/jsonapi.php index 4b2ba4b..8d69b51 100644 --- a/public/jsonapi.php +++ b/public/jsonapi.php @@ -9,13 +9,6 @@ require '../lib/bootstrap.php'; // Set base url for URLHelper class URLHelper::setBaseUrl($GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP']); -page_open([ - 'sess' => 'Seminar_Session', - 'auth' => 'Seminar_Default_Auth', - 'perm' => 'Seminar_Perm', - 'user' => 'Seminar_User', -]); - // Instantiate the app $container = app(); AppFactory::setContainer($container); @@ -29,6 +22,11 @@ $app->setBasePath($GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP'] . 'jsonapi.php'); $middleware = require 'lib/classes/JsonApi/middleware.php'; $middleware($app); +//register stud.ip session/auth middleware +$app->add(app(Studip\Middleware\AuthenticationMiddleware::class)); +auth()->setNobody(true); +$app->add(app(Studip\Middleware\SessionMiddleware::class)); + // Register routes $routes = require 'lib/classes/JsonApi/routes.php'; $routes($app); diff --git a/public/logout.php b/public/logout.php index 6f94194..aee2701 100644 --- a/public/logout.php +++ b/public/logout.php @@ -25,69 +25,4 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. require '../lib/bootstrap.php'; -page_open(["sess" => "Seminar_Session", "auth" => "Seminar_Default_Auth", "perm" => "Seminar_Perm", "user" => "Seminar_User"]); - -require_once 'lib/messaging.inc.php'; - -// Redirect to index page if request is not a post request or logout ticket is -// missing -if ( - !Request::isPost() - && !( - isset($_SESSION['logout_ticket']) - && check_ticket($_SESSION['logout_ticket']) - ) -) { - header('Location: ' . URLHelper::getURL('index.php')); - page_close(); - die; -} - -//nur wenn wir angemeldet sind sollten wir dies tun! -if ($auth->auth['uid'] !== 'nobody') { - $my_messaging_settings = $GLOBALS['user']->cfg->MESSAGING_SETTINGS; - - //Wenn Option dafuer gewaehlt, alle ungelsesenen Nachrichten als gelesen speichern - if ($my_messaging_settings["logout_markreaded"]) { - Message::markAllAs(); - } - - $logout_user = $user->id; - $_language = $_SESSION['_language']; - $contrast = UserConfig::get($GLOBALS['user']->id)->USER_HIGH_CONTRAST; - - // Get auth plugin of user before logging out since the $auth object will - // be modified by the logout - $auth_plugin = StudipAuthAbstract::getInstance($auth->auth['auth_plugin']); - - //Logout aus dem Sessionmanagement - $auth->logout(); - $sess->delete(); - - page_close(); - - //Session changed zuruecksetzen - $timeout=(time()-(15 * 60)); - $user->set_last_action($timeout); - - $sess->start(); - $_SESSION['_language'] = $_language; - if ($contrast) { - $_SESSION['contrast'] = $contrast; - } - - PageLayout::postSuccess( - _('Sie sind nun aus dem System abgemeldet.'), - array_filter([$GLOBALS['UNI_LOGOUT_ADD']]) - ); - - // Perform logout from auth plugin (if possible) - if ($auth_plugin instanceof StudipAuthSSO) { - $auth_plugin->logout(); - } -} else { - $sess->delete(); - page_close(); -} - -header('Location: ' . URLHelper::getURL('index.php?logout=1')); +header('Location: ' . URLHelper::getURL('dispatch.php/logout')); diff --git a/public/plugins.php b/public/plugins.php index 99373a0..176ccfa 100644 --- a/public/plugins.php +++ b/public/plugins.php @@ -1,6 +1,4 @@ <?php -# Lifter007: TEST - /* * Copyright (C) 2007 - Marcus Lunzenauer <mlunzena@uos.de> * @@ -10,61 +8,74 @@ * the License, or (at your option) any later version. */ +use Psr\Http\Message\ResponseFactoryInterface; +use Psr\Http\Message\ServerRequestInterface; +use Slim\App; +use Slim\Factory\AppFactory; +use Psr\Http\Server\RequestHandlerInterface; + require '../lib/bootstrap.php'; -// set base url for URLHelper class -URLHelper::setBaseUrl($GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP']); +// prepare environment +URLHelper::setBaseUrl($GLOBALS['ABSOLUTE_URI_STUDIP']); -// initialize Stud.IP-Session -page_open([ - 'sess' => 'Seminar_Session', - 'auth' => 'Seminar_Default_Auth', - 'perm' => 'Seminar_Perm', - 'user' => 'Seminar_User', -]); +// Build PHP_DI Container +$container = app(); -try { - require_once 'lib/seminar_open.php'; +// Instantiate the app +AppFactory::setContainer($container); +$app = AppFactory::create(); +$container->set(App::class, $app); +$app->setBasePath($GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP'] . 'plugins.php'); +$plugin_dispatch = function (ServerRequestInterface $request, RequestHandlerInterface $handler) use ($app) { + $responseFactory = app(ResponseFactoryInterface::class); + try { + // get plugin class from request + $dispatch_to = Request::pathInfo(); + list($plugin_class, $unconsumed) = PluginEngine::routeRequest($dispatch_to); - // get plugin class from request - $dispatch_to = Request::pathInfo(); - list($plugin_class, $unconsumed) = PluginEngine::routeRequest($dispatch_to); + // handle legacy forum plugin URLs + if ($plugin_class === 'coreforum') { + $response = $responseFactory->createResponse(302); + return $response->withHeader('Location', URLHelper::getURL('dispatch.php/course/forum/' . $unconsumed)); + } - // handle legacy forum plugin URLs - if ($plugin_class === 'coreforum') { - header('Location: ' . URLHelper::getURL('dispatch.php/course/forum/' . $unconsumed)); - die(); - } + // retrieve corresponding plugin info + $plugin_manager = PluginManager::getInstance(); + $plugin_info = $plugin_manager->getPluginInfo($plugin_class); - // retrieve corresponding plugin info - $plugin_manager = PluginManager::getInstance(); - $plugin_info = $plugin_manager->getPluginInfo($plugin_class); + // create an instance of the queried plugin + $plugin = PluginEngine::getPlugin($plugin_class); - // create an instance of the queried plugin - $plugin = PluginEngine::getPlugin($plugin_class); + // user is not permitted, show login screen + if (is_null($plugin)) { + // TODO (mlunzena) should not getPlugin throw this exception? + throw new AccessDeniedException(_('Sie besitzen keine Rechte zum Aufruf dieses Plugins.')); + } - // user is not permitted, show login screen - if (is_null($plugin)) { - // TODO (mlunzena) should not getPlugin throw this exception? - throw new AccessDeniedException(_('Sie besitzen keine Rechte zum Aufruf dieses Plugins.')); - } + // set default page title + PageLayout::setTitle($plugin->getPluginName()); - // set default page title - PageLayout::setTitle($plugin->getPluginName()); + // deprecated, the plugin should override perform() instead + if (is_callable([$plugin, 'initialize'])) { + $plugin->initialize(); + } - // deprecated, the plugin should override perform() instead - if (is_callable([$plugin, 'initialize'])) { - $plugin->initialize(); + $route_callable = $plugin->getRouteCallable($unconsumed); + $app->any(Request::pathInfo(), $route_callable); + } catch (AccessDeniedException $ade) { + $_SESSION['redirect_after_login'] = Request::url(); + $response = $responseFactory->createResponse(302); + return $response->withHeader('Location', URLHelper::getURL('dispatch.php/login')); } + return $handler->handle($request); +}; - // let the show begin - $plugin->perform($unconsumed); -} catch (AccessDeniedException $ade) { - global $auth; - - $auth->login_if($auth->auth['uid'] == 'nobody'); - throw $ade; -} +$app->add($plugin_dispatch); +$app->add(app(Studip\Middleware\SeminarOpenMiddleware::class)); +$app->add(app(Studip\Middleware\AuthenticationMiddleware::class)); +auth()->setNobody(true); +$app->add(app(Studip\Middleware\SessionMiddleware::class)); -// close the page -page_close(); +NotificationCenter::postNotification('SLIM_BEFORE_RUN', $app); +$app->run(); diff --git a/public/seminar_main.php b/public/seminar_main.php index 831f1b4..a4ac2fe 100644 --- a/public/seminar_main.php +++ b/public/seminar_main.php @@ -23,63 +23,5 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - require '../lib/bootstrap.php'; - -ob_start(); -page_open(["sess" => "Seminar_Session", "auth" => "Seminar_Default_Auth", "perm" => "Seminar_Perm", "user" => "Seminar_User"]); -$auth->login_if(Request::get('again') && ($auth->auth["uid"] == "nobody")); - -if (Request::option('auswahl')) { - Request::set('cid', Request::option('auswahl')); -} - -include ('lib/seminar_open.php'); // initialise Stud.IP-Session - -// -- here you have to put initialisations for the current page - -$course_id = Context::getId(); - -if (!$course_id && Request::get('cid')) { - $archive_id = Request::get('cid'); - $archived = ArchivedCourse::find($archive_id); - if ($archived) { - header('Location: ' . URLHelper::getURL('dispatch.php/search/archive', [ - 'criteria' => $archived->name, - ])); - die; - } -} - -if (!$course_id) { - throw new CheckObjectException(_('Sie haben kein Objekt gewählt.')); -} - -//set visitdate for course, when coming from my_courses -if (Request::get('auswahl')) { - object_set_visit($course_id, 0); -} - - -// gibt es eine Anweisung zur Umleitung? -$redirect_to = Request::get('redirect_to'); -if ($redirect_to) { - if (!is_internal_url($redirect_to)) { - throw new Exception('Invalid redirection'); - } - - header('Location: '.URLHelper::getURL($redirect_to, ['cid' => $course_id])); - die; -} - -// der Nutzer zum ersten -//Reiter der Veranstaltung weiter geleitet. -if (Navigation::hasItem("/course")) { - foreach (Navigation::getItem("/course")->getSubNavigation() as $index => $navigation) { - if ($index !== 'admin') { - header('Location: ' . URLHelper::getURL($navigation->getURL())); - die; - } - } -} - +header('Location: ' . URLHelper::getURL('dispatch.php/course/go', $_GET)); diff --git a/public/sendfile.php b/public/sendfile.php index 571713e..6c5d120 100644 --- a/public/sendfile.php +++ b/public/sendfile.php @@ -39,10 +39,10 @@ ob_start(); require '../lib/bootstrap.php'; -page_open(["sess" => "Seminar_Session", - "auth" => "Seminar_Default_Auth", - "perm" => "Seminar_Perm", - "user" => "Seminar_User"]); +$sess = sess(); +$auth = auth(); +$auth->setNobody(true); +$sess->start(); //Load plugins, unless they are disabled via an URL parameter. if (Request::int('disable_plugins') !== null && ($GLOBALS['user']->id === 'nobody' || $GLOBALS['perm']->have_perm('root'))) { @@ -113,8 +113,14 @@ if ($file_missing) { //if download not allowed throw exception to terminate script if ($no_access) { // redirect to login page if user is not logged in - $GLOBALS['auth']->login_if($GLOBALS['auth']->auth['uid'] === 'nobody'); - throw new AccessDeniedException(_("Sie haben keine Zugriffsberechtigung für diesen Download!")); + if ($GLOBALS['user']->id === 'nobody') { + $_SESSION['redirect_after_login'] = Request::url(); + $sess->save(); + header('Location: ' . URLHelper::getURL('dispatch.php/login')); + die(); + } else { + throw new AccessDeniedException(_("Sie haben keine Zugriffsberechtigung für diesen Download!")); + } } //replace bad charakters to avoid problems when saving the file @@ -171,7 +177,7 @@ if (isset($file)) { } // close session, download will mostly be a parallel action -page_close(); +$sess->save(); // output_buffering may be explicitly or implicitly enabled while (ob_get_level()) { @@ -209,7 +215,7 @@ if ($filesize && !parse_url($path_file, PHP_URL_SCHEME)) { if (isset($_SERVER['HTTP_RANGE'])) { $c_start = $start; $c_end = $end; - list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2); + [, $range] = explode('=', $_SERVER['HTTP_RANGE'], 2); if (mb_strpos($range, ',') !== false) { header('HTTP/1.1 416 Requested Range Not Satisfiable'); header("Content-Range: bytes $start-$end/$filesize"); diff --git a/public/web_migrate.php b/public/web_migrate.php index 0ee4de5..4f2102a 100644 --- a/public/web_migrate.php +++ b/public/web_migrate.php @@ -16,12 +16,13 @@ require __DIR__ . '/../lib/bootstrap.php'; -page_open([ - 'sess' => 'Seminar_Session', - 'auth' => 'Seminar_Auth', - 'perm' => 'Seminar_Perm', - 'user' => 'Seminar_User', -]); +sess()->start(); +if (!auth()->start()) { + $_SESSION['redirect_after_login'] = Request::url(); + sess()->save(); + header('Location: ' . URLHelper::getURL('dispatch.php/login')); + die(); +} URLHelper::setBaseUrl($GLOBALS['ABSOLUTE_URI_STUDIP']); |