From de1cdfdd40c8a4f026f0309ec2f76533db19e1dd Mon Sep 17 00:00:00 2001 From: Clemens Schwaighofer Date: Thu, 24 Feb 2022 10:31:17 +0900 Subject: [PATCH] _SESSION handling cleanup start Move all session_id and check calls function calls that we have to Session class In Login class use new false return for session set check Be sure all session set variables are unset, do extra unset call and destroy call on close session Login class does not set GLOBALS anymore (DEBUG_ALL, DB_DEBUG) Update Logging to check for DEBUG_ALL from SESSION and set DEBUG_ALL on and PRINT_ALL on. All logging setting vars are primary via options and only if not set there fallback to SESSION/GLOBALS and then defaults DB:IO code for debug flag check has been updated for primary check in config, then session/globals Debug update for logging tester for first step to remove Basic class call. NOTE: after basic php unit tests are written the clean up for no longer using Basic class has to start. Switch to logging class for logging only needs --- www/admin/class_test.debug.php | 12 +++-- www/lib/CoreLibs/ACL/Login.php | 84 +++++++++++++++++------------ www/lib/CoreLibs/Admin/Backend.php | 5 +- www/lib/CoreLibs/Create/Session.php | 57 ++++++++++++++++++-- www/lib/CoreLibs/DB/IO.php | 20 +++++-- www/lib/CoreLibs/Debug/Logging.php | 30 ++++++++--- 6 files changed, 154 insertions(+), 54 deletions(-) diff --git a/www/admin/class_test.debug.php b/www/admin/class_test.debug.php index 9ecbd919..340c2383 100644 --- a/www/admin/class_test.debug.php +++ b/www/admin/class_test.debug.php @@ -24,9 +24,7 @@ define('USE_DATABASE', false); // sample config require 'config.php'; // set session name -if (!defined('SET_SESSION_NAME')) { - define('SET_SESSION_NAME', EDIT_SESSION_NAME); -} +$GLOBALS['SET_SESSION_NAME'] = EDIT_SESSION_NAME; // define log file id $LOG_FILE_ID = 'classTest-debug'; ob_end_flush(); @@ -37,7 +35,13 @@ use CoreLibs\Debug\Support as DebugSupport; use CoreLibs\Debug\FileWriter; $basic = new CoreLibs\Basic(); -$debug = new CoreLibs\Debug\Logging(); +$debug = new CoreLibs\Debug\Logging([ + 'log_folder' => BASE . LOG, + 'file_id' => $LOG_FILE_ID, + 'debug_all' => $DEBUG_ALL, + 'print_all' => $PRINT_ALL, + 'echo_all' => $ECHO_ALL, +]); $debug_support_class = 'CoreLibs\Debug\Support'; $debug_logging_class = 'CoreLibs\Debug\Logging'; diff --git a/www/lib/CoreLibs/ACL/Login.php b/www/lib/CoreLibs/ACL/Login.php index 8e5fe10a..484758b5 100644 --- a/www/lib/CoreLibs/ACL/Login.php +++ b/www/lib/CoreLibs/ACL/Login.php @@ -69,6 +69,7 @@ declare(strict_types=1); namespace CoreLibs\ACL; use CoreLibs\Check\Password; +use CoreLibs\Create\Session; class Login extends \CoreLibs\DB\IO { @@ -184,12 +185,13 @@ class Login extends \CoreLibs\DB\IO } // initial the session if there is no session running already - // TODO: move that to outside - \CoreLibs\Create\Session::startSession(); - // check if session exists - if (!session_id()) { - echo 'Session not started!
Use \'session_start();\'.
'; - echo 'For less problems with other session, you can set a session name with \'session_name("name");\'.
'; + // check if session exists and could be created + // TODO: move session creation and check to outside? + if (Session::startSession() === false) { + echo 'Session not started or could not be started!
' + . 'Use \'\CoreLibs\Create\Session::startSession();\'.
' + . 'For less problems with other session, you can set a ' + . 'session name with \'\CoreLibs\Create\Session::startSession(\'name\');\'.
'; exit; } @@ -209,7 +211,7 @@ class Login extends \CoreLibs\DB\IO $this->login_is_ajax_page = isset($GLOBALS['AJAX_PAGE']) && $GLOBALS['AJAX_PAGE'] ? true : false; // set the default lang $lang = 'en_utf8'; - if (session_id() !== false && !empty($_SESSION['DEFAULT_LANG'])) { + if (Session::getSessionId() !== false && !empty($_SESSION['DEFAULT_LANG'])) { $lang = $_SESSION['DEFAULT_LANG']; } else { $lang = defined('SITE_LANG') ? SITE_LANG : DEFAULT_LANG; @@ -408,11 +410,12 @@ class Login extends \CoreLibs\DB\IO $this->login_error = 102; } else { // we have to get the themes in here too - $q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, " + $q = "SELECT eu.edit_user_id, eu.username, eu.password, " + . "eu.edit_group_id, " . "eg.name AS edit_group_name, admin, " . "eu.login_error_count, eu.login_error_date_last, " . "eu.login_error_date_first, eu.strict, eu.locked, " - . "debug, db_debug, " + . "eu.debug, eu.db_debug, " . "eareu.level AS user_level, eareu.type AS user_type, " . "eareg.level AS group_level, eareg.type AS group_type, " . "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, " @@ -477,8 +480,9 @@ class Login extends \CoreLibs\DB\IO $this->loginCheckPermissions(); if ($this->login_error == 0) { // now set all session vars and read page permissions - $GLOBALS['DEBUG_ALL'] = $_SESSION['DEBUG_ALL'] = $res['debug']; - $GLOBALS['DB_DEBUG'] = $_SESSION['DB_DEBUG'] = $res['db_debug']; + $_SESSION['DEBUG_ALL'] = $this->dbBoolean($res['debug']); + $_SESSION['DB_DEBUG'] = $this->dbBoolean($res['db_debug']); + // general info for user logged in $_SESSION['USER_NAME'] = $res['username']; $_SESSION['ADMIN'] = $res['admin']; $_SESSION['GROUP_NAME'] = $res['edit_group_name']; @@ -687,14 +691,6 @@ class Login extends \CoreLibs\DB\IO $this->permission_okay = false; return $this->permission_okay; } - // unset mem limit if debug is set to 1 - // if ( - // ($GLOBALS["DEBUG_ALL"] || $GLOBALS["DB_DEBUG"] || - // $_SESSION["DEBUG_ALL"] || $_SESSION["DB_DEBUG"]) && - // ini_get('memory_limit') != -1 - // ) { - // ini_set('memory_limit', '-1'); - // } if (isset($res['filename']) && $res['filename'] == $this->page_name) { $this->permission_okay = true; } else { @@ -714,21 +710,39 @@ class Login extends \CoreLibs\DB\IO { if ($this->logout || $this->login_error) { // unregister and destroy session vars - unset($_SESSION['EUID']); - unset($_SESSION['GROUP_ACL_LEVEL']); - unset($_SESSION['USER_ACL_LEVEL']); - unset($_SESSION['PAGES']); - unset($_SESSION['USER_NAME']); - unset($_SESSION['UNIT']); - unset($_SESSION['DEBUG_ALL']); - unset($_SESSION['DB_DEBUG']); - unset($GLOBALS['DEBUG_ALL']); - unset($GLOBALS['DB_DEBUG']); - unset($_SESSION['LANG']); - unset($_SESSION['DEFAULT_CHARSET']); - unset($_SESSION['DEFAULT_LANG']); - unset($_SESSION['GROUP_NAME']); - unset($_SESSION['HEADER_COLOR']); + foreach ( + // TODO move this into some global array for easier update + [ + 'ADMIN', + 'BASE_ACL_LEVEL', + 'DB_DEBUG', + 'DEBUG_ALL', + 'DEFAULT_ACL_LIST', + 'DEFAULT_CHARSET', + 'DEFAULT_LANG', + 'EAID', + 'EUID', + 'GROUP_ACL_LEVEL', + 'GROUP_ACL_TYPE', + 'GROUP_NAME', + 'HEADER_COLOR', + 'LANG', + 'PAGES_ACL_LEVEL', + 'PAGES', + 'TEMPLATE', + 'UNIT_ACL_LEVEL', + 'UNIT_DEFAULT', + 'UNIT', + 'USER_ACL_LEVEL', + 'USER_ACL_TYPE', + 'USER_NAME', + ] as $session_var + ) { + unset($_SESSION[$session_var]); + } + // final unset all + session_unset(); + // final destroy session session_destroy(); // then prints the login screen again $this->permission_okay = false; @@ -1384,7 +1398,7 @@ EOM; $q .= "NULL, "; } } - $q .= "'" . session_id() . "', "; + $q .= "'" . Session::getSessionId() . "', "; $q .= "'" . $this->dbEscapeString($this->action) . "', "; $q .= "'" . $this->dbEscapeString($this->username) . "', "; $q .= "NULL, "; diff --git a/www/lib/CoreLibs/Admin/Backend.php b/www/lib/CoreLibs/Admin/Backend.php index ad0649c8..0a176f4a 100644 --- a/www/lib/CoreLibs/Admin/Backend.php +++ b/www/lib/CoreLibs/Admin/Backend.php @@ -252,7 +252,10 @@ class Backend extends \CoreLibs\DB\IO . "'" . $this->dbEscapeString($_SERVER['HTTP_ACCEPT'] ?? '') . "', " . "'" . $this->dbEscapeString($_SERVER['HTTP_ACCEPT_CHARSET'] ?? '') . "', " . "'" . $this->dbEscapeString($_SERVER['HTTP_ACCEPT_ENCODING'] ?? '') . "', " - . "'" . session_id() . "', " + . (\CoreLibs\Create\Session::getSessionId() === false ? + "NULL" : + "'" . \CoreLibs\Create\Session::getSessionId() . "'") + . ", " . "'" . $this->dbEscapeString($this->action) . "', " . "'" . $this->dbEscapeString($this->action_id) . "', " . "'" . $this->dbEscapeString($this->action_yes) . "', " diff --git a/www/lib/CoreLibs/Create/Session.php b/www/lib/CoreLibs/Create/Session.php index 2318b4a9..5cebe210 100644 --- a/www/lib/CoreLibs/Create/Session.php +++ b/www/lib/CoreLibs/Create/Session.php @@ -1,10 +1,15 @@ db_type = $db_config['db_type'] ?? ''; $this->db_ssl = !empty($db_config['db_ssl']) ? $db_config['db_ssl'] : 'allow'; // set debug, either via global var, or from config, else set to false - $this->dbSetDebug($GLOBALS['DB_DEBUG'] ?? $db_config['db_debug'] ?? false); + $this->dbSetDebug( + $db_config['db_debug'] ?? + // should be handled from outside + $_SESSION['DB_DEBUG'] ?? + // globals should be deprecated + $GLOBALS['DB_DEBUG'] ?? + false + ); // set the target encoding to the DEFAULT_ENCODING if it is one of them: EUC, Shift_JIS, UTF-8 // @ the moment set only from outside @@ -2040,10 +2047,13 @@ class IO } /** - * if the input is a single char 't' or 'f' it will return the boolean value instead - * @param string|bool $string 't' / 'f' or any string, or bool true/false - * @param boolean $rev do reverse (bool to string) - * @return bool|string correct php boolean true/false or postgresql 't'/'f' + * if the input is a single char 't' or 'f + * it will return the boolean value instead + * also converts smallint 1/0 to true false + * @param string|bool|int $string 't' / 'f' or any string, or bool true/false + * @param boolean $rev do reverse (bool to string) + * @return bool|string correct php boolean true/false + * or postgresql 't'/'f' */ public function dbBoolean($string, $rev = false) { diff --git a/www/lib/CoreLibs/Debug/Logging.php b/www/lib/CoreLibs/Debug/Logging.php index e4be8498..786ba37d 100644 --- a/www/lib/CoreLibs/Debug/Logging.php +++ b/www/lib/CoreLibs/Debug/Logging.php @@ -177,9 +177,19 @@ class Logging } elseif (!empty($GLOBALS['LOG_FILE_ID'])) { // legacy flow, should be removed and only set via options $this->setLogId($GLOBALS['LOG_FILE_ID']); + // TODO trigger deprecation error + // trigger_error( + // 'Debug\Logging: Do not use globals LOG_FILE_ID to set log id for Logging', + // E_USER_DEPRECATED + // ); } elseif (defined('LOG_FILE_ID')) { // legacy flow, should be removed and only set via options $this->setLogId(LOG_FILE_ID); + // trigger deprecation error + // trigger_error( + // 'Debug\Logging: Do not use constant LOG_FILE_ID to set log id for Logging', + // E_USER_DEPRECATED + // ); } // init the log levels @@ -214,37 +224,45 @@ class Logging isset($GLOBALS[$up_type]) && is_array($GLOBALS[$up_type]) ) { + // TODO trigger deprecation error $this->setLogLevel($type, $flag, $GLOBALS[$up_type]); } } } + // TODO remove all $GLOBALS call and only use options // all overrule $this->setLogLevelAll( 'debug', $this->options['debug_all'] ?? + // for user login, should be handled outside like globals + $_SESSION['DEBUG_ALL'] ?? $GLOBALS['DEBUG_ALL'] ?? false ); + $this->setLogLevelAll( + 'print', + $this->options['print_all'] ?? + // for user login, should be handled outside like globals + $_SESSION['DEBUG_ALL'] ?? + $GLOBALS['PRINT_ALL'] ?? + false + ); $this->setLogLevelAll( 'echo', $this->options['echo_all'] ?? $GLOBALS['ECHO_ALL'] ?? false ); - $this->setLogLevelAll( - 'print', - $this->options['print_all'] ?? - $GLOBALS['PRINT_ALL'] ?? - false - ); // GLOBAL rules for log writing + // add file date is default on $this->setGetLogPrintFileDate( $this->options['print_file_date'] ?? $GLOBALS['LOG_PRINT_FILE_DATE'] ?? true ); + // all other logging file name flags are off $this->setLogPer( 'level', $this->options['per_level'] ??