From fd836754658e1dfd51b8c4ab3a1ae504737d1959 Mon Sep 17 00:00:00 2001 From: phpnut Date: Thu, 27 Oct 2005 23:29:56 +0000 Subject: [PATCH] [1242] Author: phpnut Date: 6:19:00 PM, Thursday, October 27, 2005 Message: removing session directory [1241] Author: phpnut Date: 6:13:46 PM, Thursday, October 27, 2005 Message: added docblocks and temp error messages when trying to use the unimplemeted database for sessions [1239] Author: phpnut Date: 5:28:57 PM, Thursday, October 27, 2005 Message: More work on session. Added config settings to core.php updated model to allow models without a database table. [1237] Author: phpnut Date: 3:50:27 PM, Thursday, October 27, 2005 Message: adding directories for sessions [1235] Author: phpnut Date: 3:36:08 AM, Thursday, October 27, 2005 Message: Typo [1234] Author: phpnut Date: 3:34:07 AM, Thursday, October 27, 2005 Message: More work on the Session classes and adding the first methods the to Security class [1233] Author: phpnut Date: 3:05:46 AM, Thursday, October 27, 2005 Message: Start to core security class added. Moved paths.php to cake/config/ Refactoring Session classes [1232] Author: phpnut Date: 2:20:25 AM, Thursday, October 27, 2005 Message: More work on the core session class. Adding session component class. Added fix for errors messages not working with validation. Added possible fix for inflector now working on the word status. git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1243 3807eeeb-6ff5-0310-8944-8be069107fe0 --- app/config/core.php | 27 + app/webroot/index.php | 7 +- {app => cake}/config/paths.php | 0 cake/libs/controller/components/session.php | 121 +++++ cake/libs/inflector.php | 4 +- cake/libs/model/model.php | 10 +- cake/libs/security.php | 74 +++ cake/libs/session.php | 526 ++++++++++++++++++++ index.php | 2 +- 9 files changed, 764 insertions(+), 7 deletions(-) rename {app => cake}/config/paths.php (100%) create mode 100644 cake/libs/controller/components/session.php create mode 100644 cake/libs/security.php create mode 100644 cake/libs/session.php diff --git a/app/config/core.php b/app/config/core.php index 4e9048054..0280c5d08 100644 --- a/app/config/core.php +++ b/app/config/core.php @@ -53,8 +53,35 @@ * * In production, the "flash messages" redirect after a time interval. * With the other debug levels you get to click the "flash message" to continue. + * */ define('DEBUG', 1); +/** + * Set the name of session cookie + * + */ +define('CAKE_SESSION_COOKIE', 'CAKEPHP'); + +/** + * Set level of Cake security. + * + */ +define('CAKE_SECURITY', 'high'); + +/** + * CakePHP includes 3 types of session saves + * database or file. Set this to your preffered method. + * If you want to use your own save handeler place it in + * app/config/name.php DO NOT USE file or database as the name. + * and use just the name portion below. + * + * Setting this to cake will save files to /cakedistro/tmp directory + * Setting it to php will use the php default save path + * Setting it to database will use the database + * + * + */ +define('CAKE_SESSION_SAVE', 'php'); /** * Compress output CSS (removing comments, whitespace, repeating tags etc.) diff --git a/app/webroot/index.php b/app/webroot/index.php index e72d08fd8..085cd6a34 100644 --- a/app/webroot/index.php +++ b/app/webroot/index.php @@ -67,10 +67,12 @@ if (!defined('WEBROOT_DIR')) * Configuration, directory layout and standard libraries */ require_once ROOT.APP_DIR.DS.'config'.DS.'core.php'; -require_once ROOT.APP_DIR.DS.'config'.DS.'paths.php'; +require_once ROOT.'cake'.DS.'config'.DS.'paths.php'; require_once CAKE.'basics.php'; require_once LIBS.'log.php'; require_once LIBS.'object.php'; +require_once LIBS.'session.php'; +require_once LIBS.'security.php'; require_once LIBS.'neat_array.php'; require_once LIBS.'inflector.php'; @@ -129,7 +131,8 @@ require_once LIBS.'model'.DS.'dbo'.DS.'dbo_factory.php'; if(!defined('AUTO_SESSION') || AUTO_SESSION == true) { // Starts the session unless AUTO_SESSION is explicitly set to false in config/core - session_start(); + //session_start(); + $session =& CakeSession::getInstance(); } config('database'); diff --git a/app/config/paths.php b/cake/config/paths.php similarity index 100% rename from app/config/paths.php rename to cake/config/paths.php diff --git a/cake/libs/controller/components/session.php b/cake/libs/controller/components/session.php new file mode 100644 index 000000000..b02e883f2 --- /dev/null +++ b/cake/libs/controller/components/session.php @@ -0,0 +1,121 @@ + + * Copyright (c) 2005, CakePHP Authors/Developers + * + * Author(s): Larry E. Masters aka PhpNut + * + * Licensed under The MIT License + * Redistributions of files must retain the above copyright notice. + * + * @filesource + * @author CakePHP Authors/Developers + * @copyright Copyright (c) 2005, CakePHP Authors/Developers + * @link https://trac.cakephp.org/wiki/Authors Authors/Developers + * @package cake + * @subpackage cake.cake.libs.controller.components + * @since CakePHP v 0.10.0.1232 + * @version $Revision$ + * @modifiedby $LastChangedBy$ + * @lastmodified $Date$ + * @license http://www.opensource.org/licenses/mit-license.php The MIT License + */ + +/** + * Short description for file. + * + * Long description for file + * + * @package cake + * @subpackage cake.cake.libs.controller.components + * @since CakePHP v 0.10.0.1232 + * + */ +class Session extends Object +{ + +/** + * Enter description here... + * + */ + function __construct () + { + parent::__construct(); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @param unknown_type $value + * @return unknown + */ + function write($name, $value) + { + return CakeSession::writeSessionVar($name, $value); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function read($name) + { + return CakeSession::readSessionVar($name); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function del($name) + { + return CakeSession::delSessionVar($name); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function check($name) + { + return CakeSession::checkSessionVar($name); + } + +/** + * Enter description here... + * + * @return unknown + */ + function error() + { + return CakeSession::getLastError(); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function valid($name) + { + return CakeSession::isValid($name); + } + +} +?> \ No newline at end of file diff --git a/cake/libs/inflector.php b/cake/libs/inflector.php index e7672aa09..ccfcf87dc 100644 --- a/cake/libs/inflector.php +++ b/cake/libs/inflector.php @@ -63,11 +63,11 @@ class Inflector extends Object function pluralize ($word) { $plural_rules = array( + '/(s)tatus$/' => '\1\2tatuses', '/^(ox)$/' => '\1\2en', # ox '/([m|l])ouse$/' => '\1ice', # mouse, louse '/(matr|vert|ind)ix|ex$/' => '\1ices', # matrix, vertex, index '/(x|ch|ss|sh)$/' => '\1es', # search, switch, fix, box, process, address - //'/([^aeiouy]|qu)ies$/' => '\1y', '/([^aeiouy]|qu)y$/' => '\1ies', # query, ability, agency '/(hive)$/' => '\1s', # archive, hive '/(?:([^f])fe|([lr])f)$/' => '\1\2ves', # half, safe, wife @@ -105,6 +105,7 @@ class Inflector extends Object function singularize ($word) { $singular_rules = array( + '/(s)tatuses$/' => '\1\2tatus', '/(matr)ices$/' =>'\1ix', '/(vert|ind)ices$/' => '\1ex', '/^(ox)en/' => '\1', @@ -128,7 +129,6 @@ class Inflector extends Object '/([ti])a$/' => '\1um', '/(p)eople$/' => '\1\2erson', '/(m)en$/' => '\1an', - '/(s)tatuses$/' => '\1\2tatus', '/(c)hildren$/' => '\1\2hild', '/(n)ews$/' => '\1\2ews', '/s$/' => '' diff --git a/cake/libs/model/model.php b/cake/libs/model/model.php index a5f8433df..86593bd14 100644 --- a/cake/libs/model/model.php +++ b/cake/libs/model/model.php @@ -68,7 +68,7 @@ class Model extends Object * @var string * @access public */ - var $useTable = false; + var $useTable = null; /** * Enter description here... @@ -218,7 +218,8 @@ class Model extends Object { $this->id = $id; } - + if($this->useTable !== false) + { $tableName = $table? $table: ($this->useTable? $this->useTable: Inflector::tableize($this->name)); if (in_array('settableprefix', get_class_methods($this->name))) @@ -230,6 +231,11 @@ class Model extends Object parent::__construct(); $this->createLinks(); + } + else + { + parent::__construct(); + } } /** diff --git a/cake/libs/security.php b/cake/libs/security.php new file mode 100644 index 000000000..d933da6a8 --- /dev/null +++ b/cake/libs/security.php @@ -0,0 +1,74 @@ + + * Copyright (c) 2005, CakePHP Authors/Developers + * + * Author(s): Larry E. Masters aka PhpNut + * + * Licensed under The MIT License + * Redistributions of files must retain the above copyright notice. + * + * @filesource + * @author CakePHP Authors/Developers + * @copyright Copyright (c) 2005, CakePHP Authors/Developers + * @link https://trac.cakephp.org/wiki/Authors Authors/Developers + * @package cake + * @subpackage cake.cake.libs + * @since CakePHP v .0.10.0.1233 + * @version $Revision$ + * @modifiedby $LastChangedBy$ + * @lastmodified $Date$ + * @license http://www.opensource.org/licenses/mit-license.php The MIT License + */ + +/** + * Short description for file. + * + * Long description for file + * + * @package cake + * @subpackage cake.cake.1233 + * @since CakePHP v .0.10.0.1222 + */ +class Security extends Object +{ + + function &getInstance() + { + static $instance = array(); + + if (!$instance) + { + $instance[0] =& new Security; + } + return $instance[0]; + } + + function inactiveMins() + { + //$security = Security::getInstance(); + switch (CAKE_SECURITY) + { + case 'high': + return; + break; + case 'medium': + return; + break; + case 'low': + default : + return; + break; + } + } +} + +?> \ No newline at end of file diff --git a/cake/libs/session.php b/cake/libs/session.php new file mode 100644 index 000000000..43fd129cf --- /dev/null +++ b/cake/libs/session.php @@ -0,0 +1,526 @@ + + * Copyright (c) 2005, CakePHP Authors/Developers + * + * Author(s): Larry E. Masters aka PhpNut + * + * Licensed under The MIT License + * Redistributions of files must retain the above copyright notice. + * + * @filesource + * @author CakePHP Authors/Developers + * @copyright Copyright (c) 2005, CakePHP Authors/Developers + * @link https://trac.cakephp.org/wiki/Authors Authors/Developers + * @package cake + * @subpackage cake.cake.libs + * @since CakePHP v .0.10.0.1222 + * @version $Revision$ + * @modifiedby $LastChangedBy$ + * @lastmodified $Date$ + * @license http://www.opensource.org/licenses/mit-license.php The MIT License + */ + +/** + * Short description for file. + * + * Long description for file + * + * @package cake + * @subpackage cake.cake.libs + * @since CakePHP v .0.10.0.1222 + */ +class CakeSession extends Object +{ +/** + * Enter description here... + * + * @var unknown_type + */ + var $valid = false; +/** + * Enter description here... + * + * @var unknown_type + */ + var $error = false; +/** + * Enter description here... + * + * @var unknown_type + */ + var $ip = false; +/** + * Enter description here... + * + * @var unknown_type + */ + var $userAgent = false; +/** + * Enter description here... + * + * @var unknown_type + */ + var $path = false; +/** + * Enter description here... + * + * @var unknown_type + */ + var $lastError = null; +/** + * Enter description here... + * + * @var unknown_type + */ + var $sessionId = null; + +/** + * Enter description here... + * + * @return unknown + */ + function &getInstance() + { + static $instance = array(); + + if (!$instance) + { + $instance[0] =& new CakeSession; + $instance[0]->host = $_SERVER['HTTP_HOST']; + if (strpos($instance[0]->host, ':') !== false) + { + $instance[0]->host = substr($instance[0]->host,0, strpos($instance[0]->host, ':')); + } + $instance[0]->path = setUri(); + if (empty($instance[0]->path)) + { + $instance[0]->path = '/'; + } + $instance[0]->ip = $_SERVER['REMOTE_ADDR']; + $instance[0]->userAgent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ""; + + $instance[0]->_initSession(); + } + return $instance[0]; + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function checkSessionVar($name) + { + $cakeSession =& CakeSession::getInstance(); + $expression = "return isset(".$cakeSession->_sessionVarNames($name).");"; + return eval($expression); + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function delSessionVar($name) + { + $cakeSession =& CakeSession::getInstance(); + if($cakeSession->check($name)) + { + $var = $cakeSession->_sessionVarNames($name); + eval("unset($var);"); + return true; + } + $this->_setError(2, "$name doesn't exist"); + return false; + } + +/** + * Enter description here... + * + * @param unknown_type $errorNumber + * @return unknown + */ + function getError($errorNumber) + { + if(!is_array($this->error) || !array_key_exists($errorNumber, $this->error)) + { + return false; + } + else + { + return $this->error[$errorNumber]; + } + } + +/** + * Enter description here... + * + * @return unknown + */ + function getLastError() + { + if($this->lastError) + { + return $this->getError($this->lastError); + } + else + { + return false; + } + } + +/** + * Enter description here... + * + * @return unknown + */ + function isValid() + { + return $this->valid; + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + */ + function readSessionVar($name) + { + $cakeSession =& CakeSession::getInstance(); + if($cakeSession->checkSessionVar($name)) + { + $result = eval("return ".$cakeSession->_sessionVarNames($name).";"); + return $result; + } + $this->_setError(2, "$name doesn't exist"); + return false; + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @param unknown_type $value + */ + function writeSessionVar($name, $value) + { + $cakeSession =& CakeSession::getInstance(); + $expression = $cakeSession->_sessionVarNames($name); + $expression .= " = \$value;"; + eval($expression); + } + +/** + * Enter description here... + * + * @access private + */ + function _begin() + { + $cakeSession =& CakeSession::getInstance(); + session_cache_limiter("must-revalidate"); + session_start(); + header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); + $cakeSession->sessionId = session_id(); + + if($cakeSession->_isActiveSession() == false) + { + $cakeSession->_new(); + } + else + { + $cakeSession->_renew(); + } + } + +/** + * Enter description here... + * + * @access private + */ + function _close() + { + echo "
";
+        echo "CakeSession::_close() Not Implemented Yet";
+        echo "
"; + die(); + } + +/** + * Enter description here... + * + * @access private + */ + function _destroy() + { + echo "
";
+        echo "CakeSession::_destroy() Not Implemented Yet";
+        echo "
"; + die(); + } + +/** + * Enter description here... + * + * @access private + */ + function _gc() + { + echo "
";
+        echo "CakeSession::_gc() Not Implemented Yet";
+        echo "
"; + die(); + } + +/** + * Enter description here... + * + * @access private + */ + function _initSession() + { + $cakeSession =& CakeSession::getInstance(); + switch (CAKE_SECURITY) + { + case 'high': + $cookieLifeTime = 0; + ini_set('session.referer_check', $cakeSession->host); + break; + case 'medium': + $cookieLifeTime = 7 * 86400; + break; + case 'low': + default : + $cookieLifeTime = 788940000; + break; + } + + switch (CAKE_SESSION_SAVE) + { + case 'cake': + ini_set('session.use_trans_sid', 0); + ini_set('url_rewriter.tags', ''); + ini_set('session.serialize_handler', 'php'); + ini_set('session.use_cookies', 1); + ini_set('session.name', CAKE_SESSION_COOKIE); + ini_set('session.cookie_lifetime', $cookieLifeTime); + ini_set('session.cookie_path', $cakeSession->path); + ini_set('session.gc_probability', 1); + ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60); + ini_set('session.auto_start', 0); + ini_set('session.save_path', TMP.'sessions'); + break; + case 'database': + ini_set('session.use_trans_sid', 0); + ini_set('url_rewriter.tags', ''); + ini_set('session.save_handler', 'user'); + ini_set('session.serialize_handler', 'php'); + ini_set('session.use_cookies', 1); + ini_set('session.name', CAKE_SESSION_COOKIE); + ini_set('session.cookie_lifetime', $cookieLifeTime); + ini_set('session.cookie_path', $cakeSession->path); + ini_set('session.gc_probability', 1); + ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60); + ini_set('session.auto_start', 0); + session_set_save_handler(array('CakeSession', '_open'), + array('CakeSession', '_close'), + array('CakeSession', '_read'), + array('CakeSession', '_write'), + array('CakeSession', '_destroy'), + array('CakeSession', '_gc')); + break; + case 'php': + ini_set('session.name', CAKE_SESSION_COOKIE); + ini_set('session.cookie_lifetime', $cookieLifeTime); + ini_set('session.cookie_path', $cakeSession->path); + ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60); + break; + default : + $config = CONFIGS.CAKE_SESSION_SAVE.'.php.'; + if(is_file($config)) + { + require_once($config); + } + else + { + ini_set('session.name', CAKE_SESSION_COOKIE); + ini_set('session.cookie_lifetime', $cookieLifeTime); + ini_set('session.cookie_path', $cakeSession->path); + ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60); + } + break; + } + + $cakeSession->_begin(); + } + +/** + * Enter description here... + * + * @access private + * @return unknown + */ + function _isActiveSession() + { + return false; + } + +/** + * Enter description here... + * + * @access private + * + */ + function _new() + { + $cakeSession =& CakeSession::getInstance(); + + if(!ereg("proxy\.aol\.com$", gethostbyaddr($cakeSession->ip))) + { + if($cakeSession->readSessionVar("Config")) + { + if($cakeSession->ip == $cakeSession->readSessionVar("Config.ip") && $cakeSession->userAgent == $cakeSession->readSessionVar("Config.userAgent")) + { + $cakeSession->valid = true; + } + else + { + $cakeSession->valid = false; + $cakeSession->_setError(1, "Session Highjacking Attempted !!!"); + } + } + else + { + srand((double)microtime() * 1000000); + $cakeSession->writeSessionVar('Config.rand', rand()); + $cakeSession->writeSessionVar("Config.ip", $cakeSession->ip); + $cakeSession->writeSessionVar("Config.userAgent", $cakeSession->userAgent); + $cakeSession->valid = true; + } + } + else + { + if(!$cakeSession->readSessionVar("Config")) + { + srand((double)microtime() * 1000000); + $cakeSession->writeSessionVar('Config.rand', rand()); + $cakeSession->writeSessionVar("Config.ip", $cakeSession->ip); + $cakeSession->writeSessionVar("Config.userAgent", $cakeSession->userAgent); + } + $cakeSession->valid = true; + } + } + +/** + * Enter description here... + * + * @access private + * + */ + function _open() + { + echo "
";
+        echo "CakeSession::_open() Not Implemented Yet";
+        echo "
"; + die(); + } + +/** + * Enter description here... + * + * @access private + * + */ + function _read() + { + echo "
";
+        echo "CakeSession::_read() Not Implemented Yet";
+        echo "
"; + die(); + } + +/** + * Enter description here... + * + * @access private + * + */ + function _renew() + { + return true; + } + +/** + * Enter description here... + * + * @param unknown_type $name + * @return unknown + * @access private + */ + function _sessionVarNames($name) + { + if(is_string($name)) + { + if(strpos($name, ".")) + { + $names = explode(".", $name); + } + else + { + $names = array($name); + } + $expression = $expression = "\$_SESSION"; + + foreach($names as $item) + { + $expression .= is_numeric($item) ? "[$item]" : "['$item']"; + } + return $expression; + } + return false; + } + +/** + * Enter description here... + * + * @param unknown_type $errorNumber + * @param unknown_type $errorMessage + * @access private + */ + function _setError($errorNumber, $errorMessage) + { + if($this->error === false) + { + $this->error = array(); + } + + $this->error[$errorNumber] = $errorMessage; + $this->lastError = $errorNumber; + } + +/** + * Enter description here... + * + * @access private + */ + function _write() + { + echo "
";
+        echo "CakeSession::_write() Not Implemented Yet";
+        echo "
"; + die(); + } +} +?> \ No newline at end of file diff --git a/index.php b/index.php index b25537cca..2b8fbb9db 100644 --- a/index.php +++ b/index.php @@ -40,7 +40,7 @@ define ('DS', DIRECTORY_SEPARATOR); define ('ROOT', dirname(__FILE__).DS); require_once ROOT.APP_DIR.DS.'config'.DS.'core.php'; -require_once ROOT.APP_DIR.DS.'config'.DS.'paths.php'; +require_once ROOT.'cake'.DS.'config'.DS.'paths.php'; require_once CAKE.'basics.php';