diff --git a/app/config/core.php b/app/config/core.php index 4e9048054..0280c5d08 100644 --- a/app/config/core.php +++ b/app/config/core.php @@ -53,8 +53,35 @@ * * In production, the "flash messages" redirect after a time interval. * With the other debug levels you get to click the "flash message" to continue. + * */ define('DEBUG', 1); +/** + * Set the name of session cookie + * + */ +define('CAKE_SESSION_COOKIE', 'CAKEPHP'); + +/** + * Set level of Cake security. + * + */ +define('CAKE_SECURITY', 'high'); + +/** + * CakePHP includes 3 types of session saves + * database or file. Set this to your preffered method. + * If you want to use your own save handeler place it in + * app/config/name.php DO NOT USE file or database as the name. + * and use just the name portion below. + * + * Setting this to cake will save files to /cakedistro/tmp directory + * Setting it to php will use the php default save path + * Setting it to database will use the database + * + * + */ +define('CAKE_SESSION_SAVE', 'php'); /** * Compress output CSS (removing comments, whitespace, repeating tags etc.) diff --git a/app/webroot/index.php b/app/webroot/index.php index e72d08fd8..085cd6a34 100644 --- a/app/webroot/index.php +++ b/app/webroot/index.php @@ -67,10 +67,12 @@ if (!defined('WEBROOT_DIR')) * Configuration, directory layout and standard libraries */ require_once ROOT.APP_DIR.DS.'config'.DS.'core.php'; -require_once ROOT.APP_DIR.DS.'config'.DS.'paths.php'; +require_once ROOT.'cake'.DS.'config'.DS.'paths.php'; require_once CAKE.'basics.php'; require_once LIBS.'log.php'; require_once LIBS.'object.php'; +require_once LIBS.'session.php'; +require_once LIBS.'security.php'; require_once LIBS.'neat_array.php'; require_once LIBS.'inflector.php'; @@ -129,7 +131,8 @@ require_once LIBS.'model'.DS.'dbo'.DS.'dbo_factory.php'; if(!defined('AUTO_SESSION') || AUTO_SESSION == true) { // Starts the session unless AUTO_SESSION is explicitly set to false in config/core - session_start(); + //session_start(); + $session =& CakeSession::getInstance(); } config('database'); diff --git a/app/config/paths.php b/cake/config/paths.php similarity index 100% rename from app/config/paths.php rename to cake/config/paths.php diff --git a/cake/libs/controller/components/session.php b/cake/libs/controller/components/session.php new file mode 100644 index 000000000..b02e883f2 --- /dev/null +++ b/cake/libs/controller/components/session.php @@ -0,0 +1,121 @@ + + * Copyright (c) 2005, CakePHP Authors/Developers + * + * Author(s): Larry E. Masters aka PhpNut + * + * Licensed under The MIT License + * Redistributions of files must retain the above copyright notice. + * + * @filesource + * @author CakePHP Authors/Developers + * @copyright Copyright (c) 2005, CakePHP Authors/Developers + * @link https://trac.cakephp.org/wiki/Authors Authors/Developers + * @package cake + * @subpackage cake.cake.libs.controller.components + * @since CakePHP v 0.10.0.1232 + * @version $Revision$ + * @modifiedby $LastChangedBy$ + * @lastmodified $Date$ + * @license http://www.opensource.org/licenses/mit-license.php The MIT License + */ + +/** + * Short description for file. + * + * Long description for file + * + * @package cake + * @subpackage cake.cake.libs.controller.components + * @since CakePHP v 0.10.0.1232 + * + */ +class Session extends Object +{ + +/** + * Enter description here... + * + */ + function __construct () + { + parent::__construct(); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @param unknown_type $value + * @return unknown + */ + function write($name, $value) + { + return CakeSession::writeSessionVar($name, $value); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function read($name) + { + return CakeSession::readSessionVar($name); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function del($name) + { + return CakeSession::delSessionVar($name); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function check($name) + { + return CakeSession::checkSessionVar($name); + } + +/** + * Enter description here... + * + * @return unknown + */ + function error() + { + return CakeSession::getLastError(); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function valid($name) + { + return CakeSession::isValid($name); + } + +} +?> \ No newline at end of file diff --git a/cake/libs/inflector.php b/cake/libs/inflector.php index e7672aa09..ccfcf87dc 100644 --- a/cake/libs/inflector.php +++ b/cake/libs/inflector.php @@ -63,11 +63,11 @@ class Inflector extends Object function pluralize ($word) { $plural_rules = array( + '/(s)tatus$/' => '\1\2tatuses', '/^(ox)$/' => '\1\2en', # ox '/([m|l])ouse$/' => '\1ice', # mouse, louse '/(matr|vert|ind)ix|ex$/' => '\1ices', # matrix, vertex, index '/(x|ch|ss|sh)$/' => '\1es', # search, switch, fix, box, process, address - //'/([^aeiouy]|qu)ies$/' => '\1y', '/([^aeiouy]|qu)y$/' => '\1ies', # query, ability, agency '/(hive)$/' => '\1s', # archive, hive '/(?:([^f])fe|([lr])f)$/' => '\1\2ves', # half, safe, wife @@ -105,6 +105,7 @@ class Inflector extends Object function singularize ($word) { $singular_rules = array( + '/(s)tatuses$/' => '\1\2tatus', '/(matr)ices$/' =>'\1ix', '/(vert|ind)ices$/' => '\1ex', '/^(ox)en/' => '\1', @@ -128,7 +129,6 @@ class Inflector extends Object '/([ti])a$/' => '\1um', '/(p)eople$/' => '\1\2erson', '/(m)en$/' => '\1an', - '/(s)tatuses$/' => '\1\2tatus', '/(c)hildren$/' => '\1\2hild', '/(n)ews$/' => '\1\2ews', '/s$/' => '' diff --git a/cake/libs/model/model.php b/cake/libs/model/model.php index a5f8433df..86593bd14 100644 --- a/cake/libs/model/model.php +++ b/cake/libs/model/model.php @@ -68,7 +68,7 @@ class Model extends Object * @var string * @access public */ - var $useTable = false; + var $useTable = null; /** * Enter description here... @@ -218,7 +218,8 @@ class Model extends Object { $this->id = $id; } - + if($this->useTable !== false) + { $tableName = $table? $table: ($this->useTable? $this->useTable: Inflector::tableize($this->name)); if (in_array('settableprefix', get_class_methods($this->name))) @@ -230,6 +231,11 @@ class Model extends Object parent::__construct(); $this->createLinks(); + } + else + { + parent::__construct(); + } } /** diff --git a/cake/libs/security.php b/cake/libs/security.php new file mode 100644 index 000000000..d933da6a8 --- /dev/null +++ b/cake/libs/security.php @@ -0,0 +1,74 @@ + + * Copyright (c) 2005, CakePHP Authors/Developers + * + * Author(s): Larry E. Masters aka PhpNut + * + * Licensed under The MIT License + * Redistributions of files must retain the above copyright notice. + * + * @filesource + * @author CakePHP Authors/Developers + * @copyright Copyright (c) 2005, CakePHP Authors/Developers + * @link https://trac.cakephp.org/wiki/Authors Authors/Developers + * @package cake + * @subpackage cake.cake.libs + * @since CakePHP v .0.10.0.1233 + * @version $Revision$ + * @modifiedby $LastChangedBy$ + * @lastmodified $Date$ + * @license http://www.opensource.org/licenses/mit-license.php The MIT License + */ + +/** + * Short description for file. + * + * Long description for file + * + * @package cake + * @subpackage cake.cake.1233 + * @since CakePHP v .0.10.0.1222 + */ +class Security extends Object +{ + + function &getInstance() + { + static $instance = array(); + + if (!$instance) + { + $instance[0] =& new Security; + } + return $instance[0]; + } + + function inactiveMins() + { + //$security = Security::getInstance(); + switch (CAKE_SECURITY) + { + case 'high': + return; + break; + case 'medium': + return; + break; + case 'low': + default : + return; + break; + } + } +} + +?> \ No newline at end of file diff --git a/cake/libs/session.php b/cake/libs/session.php new file mode 100644 index 000000000..43fd129cf --- /dev/null +++ b/cake/libs/session.php @@ -0,0 +1,526 @@ + + * Copyright (c) 2005, CakePHP Authors/Developers + * + * Author(s): Larry E. Masters aka PhpNut + * + * Licensed under The MIT License + * Redistributions of files must retain the above copyright notice. + * + * @filesource + * @author CakePHP Authors/Developers + * @copyright Copyright (c) 2005, CakePHP Authors/Developers + * @link https://trac.cakephp.org/wiki/Authors Authors/Developers + * @package cake + * @subpackage cake.cake.libs + * @since CakePHP v .0.10.0.1222 + * @version $Revision$ + * @modifiedby $LastChangedBy$ + * @lastmodified $Date$ + * @license http://www.opensource.org/licenses/mit-license.php The MIT License + */ + +/** + * Short description for file. + * + * Long description for file + * + * @package cake + * @subpackage cake.cake.libs + * @since CakePHP v .0.10.0.1222 + */ +class CakeSession extends Object +{ +/** + * Enter description here... + * + * @var unknown_type + */ + var $valid = false; +/** + * Enter description here... + * + * @var unknown_type + */ + var $error = false; +/** + * Enter description here... + * + * @var unknown_type + */ + var $ip = false; +/** + * Enter description here... + * + * @var unknown_type + */ + var $userAgent = false; +/** + * Enter description here... + * + * @var unknown_type + */ + var $path = false; +/** + * Enter description here... + * + * @var unknown_type + */ + var $lastError = null; +/** + * Enter description here... + * + * @var unknown_type + */ + var $sessionId = null; + +/** + * Enter description here... + * + * @return unknown + */ + function &getInstance() + { + static $instance = array(); + + if (!$instance) + { + $instance[0] =& new CakeSession; + $instance[0]->host = $_SERVER['HTTP_HOST']; + if (strpos($instance[0]->host, ':') !== false) + { + $instance[0]->host = substr($instance[0]->host,0, strpos($instance[0]->host, ':')); + } + $instance[0]->path = setUri(); + if (empty($instance[0]->path)) + { + $instance[0]->path = '/'; + } + $instance[0]->ip = $_SERVER['REMOTE_ADDR']; + $instance[0]->userAgent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ""; + + $instance[0]->_initSession(); + } + return $instance[0]; + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function checkSessionVar($name) + { + $cakeSession =& CakeSession::getInstance(); + $expression = "return isset(".$cakeSession->_sessionVarNames($name).");"; + return eval($expression); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function delSessionVar($name) + { + $cakeSession =& CakeSession::getInstance(); + if($cakeSession->check($name)) + { + $var = $cakeSession->_sessionVarNames($name); + eval("unset($var);"); + return true; + } + $this->_setError(2, "$name doesn't exist"); + return false; + } + +/** + * Enter description here... + * + * @param unknown_type $errorNumber + * @return unknown + */ + function getError($errorNumber) + { + if(!is_array($this->error) || !array_key_exists($errorNumber, $this->error)) + { + return false; + } + else + { + return $this->error[$errorNumber]; + } + } + +/** + * Enter description here... + * + * @return unknown + */ + function getLastError() + { + if($this->lastError) + { + return $this->getError($this->lastError); + } + else + { + return false; + } + } + +/** + * Enter description here... + * + * @return unknown + */ + function isValid() + { + return $this->valid; + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function readSessionVar($name) + { + $cakeSession =& CakeSession::getInstance(); + if($cakeSession->checkSessionVar($name)) + { + $result = eval("return ".$cakeSession->_sessionVarNames($name).";"); + return $result; + } + $this->_setError(2, "$name doesn't exist"); + return false; + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @param unknown_type $value + */ + function writeSessionVar($name, $value) + { + $cakeSession =& CakeSession::getInstance(); + $expression = $cakeSession->_sessionVarNames($name); + $expression .= " = \$value;"; + eval($expression); + } + +/** + * Enter description here... + * + * @access private + */ + function _begin() + { + $cakeSession =& CakeSession::getInstance(); + session_cache_limiter("must-revalidate"); + session_start(); + header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); + $cakeSession->sessionId = session_id(); + + if($cakeSession->_isActiveSession() == false) + { + $cakeSession->_new(); + } + else + { + $cakeSession->_renew(); + } + } + +/** + * Enter description here... + * + * @access private + */ + function _close() + { + echo "
";
+        echo "CakeSession::_close() Not Implemented Yet";
+        echo "
"; + die(); + } + +/** + * Enter description here... + * + * @access private + */ + function _destroy() + { + echo "
";
+        echo "CakeSession::_destroy() Not Implemented Yet";
+        echo "
"; + die(); + } + +/** + * Enter description here... + * + * @access private + */ + function _gc() + { + echo "
";
+        echo "CakeSession::_gc() Not Implemented Yet";
+        echo "
"; + die(); + } + +/** + * Enter description here... + * + * @access private + */ + function _initSession() + { + $cakeSession =& CakeSession::getInstance(); + switch (CAKE_SECURITY) + { + case 'high': + $cookieLifeTime = 0; + ini_set('session.referer_check', $cakeSession->host); + break; + case 'medium': + $cookieLifeTime = 7 * 86400; + break; + case 'low': + default : + $cookieLifeTime = 788940000; + break; + } + + switch (CAKE_SESSION_SAVE) + { + case 'cake': + ini_set('session.use_trans_sid', 0); + ini_set('url_rewriter.tags', ''); + ini_set('session.serialize_handler', 'php'); + ini_set('session.use_cookies', 1); + ini_set('session.name', CAKE_SESSION_COOKIE); + ini_set('session.cookie_lifetime', $cookieLifeTime); + ini_set('session.cookie_path', $cakeSession->path); + ini_set('session.gc_probability', 1); + ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60); + ini_set('session.auto_start', 0); + ini_set('session.save_path', TMP.'sessions'); + break; + case 'database': + ini_set('session.use_trans_sid', 0); + ini_set('url_rewriter.tags', ''); + ini_set('session.save_handler', 'user'); + ini_set('session.serialize_handler', 'php'); + ini_set('session.use_cookies', 1); + ini_set('session.name', CAKE_SESSION_COOKIE); + ini_set('session.cookie_lifetime', $cookieLifeTime); + ini_set('session.cookie_path', $cakeSession->path); + ini_set('session.gc_probability', 1); + ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60); + ini_set('session.auto_start', 0); + session_set_save_handler(array('CakeSession', '_open'), + array('CakeSession', '_close'), + array('CakeSession', '_read'), + array('CakeSession', '_write'), + array('CakeSession', '_destroy'), + array('CakeSession', '_gc')); + break; + case 'php': + ini_set('session.name', CAKE_SESSION_COOKIE); + ini_set('session.cookie_lifetime', $cookieLifeTime); + ini_set('session.cookie_path', $cakeSession->path); + ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60); + break; + default : + $config = CONFIGS.CAKE_SESSION_SAVE.'.php.'; + if(is_file($config)) + { + require_once($config); + } + else + { + ini_set('session.name', CAKE_SESSION_COOKIE); + ini_set('session.cookie_lifetime', $cookieLifeTime); + ini_set('session.cookie_path', $cakeSession->path); + ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60); + } + break; + } + + $cakeSession->_begin(); + } + +/** + * Enter description here... + * + * @access private + * @return unknown + */ + function _isActiveSession() + { + return false; + } + +/** + * Enter description here... + * + * @access private + * + */ + function _new() + { + $cakeSession =& CakeSession::getInstance(); + + if(!ereg("proxy\.aol\.com$", gethostbyaddr($cakeSession->ip))) + { + if($cakeSession->readSessionVar("Config")) + { + if($cakeSession->ip == $cakeSession->readSessionVar("Config.ip") && $cakeSession->userAgent == $cakeSession->readSessionVar("Config.userAgent")) + { + $cakeSession->valid = true; + } + else + { + $cakeSession->valid = false; + $cakeSession->_setError(1, "Session Highjacking Attempted !!!"); + } + } + else + { + srand((double)microtime() * 1000000); + $cakeSession->writeSessionVar('Config.rand', rand()); + $cakeSession->writeSessionVar("Config.ip", $cakeSession->ip); + $cakeSession->writeSessionVar("Config.userAgent", $cakeSession->userAgent); + $cakeSession->valid = true; + } + } + else + { + if(!$cakeSession->readSessionVar("Config")) + { + srand((double)microtime() * 1000000); + $cakeSession->writeSessionVar('Config.rand', rand()); + $cakeSession->writeSessionVar("Config.ip", $cakeSession->ip); + $cakeSession->writeSessionVar("Config.userAgent", $cakeSession->userAgent); + } + $cakeSession->valid = true; + } + } + +/** + * Enter description here... + * + * @access private + * + */ + function _open() + { + echo "
";
+        echo "CakeSession::_open() Not Implemented Yet";
+        echo "
"; + die(); + } + +/** + * Enter description here... + * + * @access private + * + */ + function _read() + { + echo "
";
+        echo "CakeSession::_read() Not Implemented Yet";
+        echo "
"; + die(); + } + +/** + * Enter description here... + * + * @access private + * + */ + function _renew() + { + return true; + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + * @access private + */ + function _sessionVarNames($name) + { + if(is_string($name)) + { + if(strpos($name, ".")) + { + $names = explode(".", $name); + } + else + { + $names = array($name); + } + $expression = $expression = "\$_SESSION"; + + foreach($names as $item) + { + $expression .= is_numeric($item) ? "[$item]" : "['$item']"; + } + return $expression; + } + return false; + } + +/** + * Enter description here... + * + * @param unknown_type $errorNumber + * @param unknown_type $errorMessage + * @access private + */ + function _setError($errorNumber, $errorMessage) + { + if($this->error === false) + { + $this->error = array(); + } + + $this->error[$errorNumber] = $errorMessage; + $this->lastError = $errorNumber; + } + +/** + * Enter description here... + * + * @access private + */ + function _write() + { + echo "
";
+        echo "CakeSession::_write() Not Implemented Yet";
+        echo "
"; + die(); + } +} +?> \ No newline at end of file diff --git a/index.php b/index.php index b25537cca..2b8fbb9db 100644 --- a/index.php +++ b/index.php @@ -40,7 +40,7 @@ define ('DS', DIRECTORY_SEPARATOR); define ('ROOT', dirname(__FILE__).DS); require_once ROOT.APP_DIR.DS.'config'.DS.'core.php'; -require_once ROOT.APP_DIR.DS.'config'.DS.'paths.php'; +require_once ROOT.'cake'.DS.'config'.DS.'paths.php'; require_once CAKE.'basics.php';