From 8223d271933beb79be52a6fce60d01ef4e10f4f8 Mon Sep 17 00:00:00 2001 From: martin Date: Tue, 6 Aug 2002 17:23:45 +0000 Subject: [PATCH] Widespread changes throughout Moodle to make sure it works on servers that have register_globals turned off (this is the default setting on newer version of PHP). In fact it's partly a hack that globalises all GET, POST, FILES AND COOKIE variables. Unfortunately though the SESSION and USER global session variables are only available as $_SESSION["USER"] and $_SESSION["SESSION"], which is cumbersome to use. So, for every request I now make a copy of these two session variables into $USER and $SESSION. Whenever I update them thoughout Moodle I now have to call save_session("USER") which copies them back to the session variable. This seems to be working well now. Because I'm using $_SESSION etc now this will raise the required minimum version of PHP to 4.1.0 --- admin/user.php | 3 ++- course/enrol.php | 4 ++++ course/loginas.php | 2 ++ course/mod.php | 2 ++ course/social.php | 3 ++- course/topics.php | 1 + course/unenrol.php | 1 + course/view.php | 2 ++ course/weeks.php | 1 + doc/install.html | 10 +++++++--- index.php | 1 + lib/moodlelib.php | 14 +++++++++++++- lib/setup.php | 20 +++++++++++++++----- login/change_password.php | 2 +- login/confirm.php | 8 ++++++-- login/index.php | 9 +++++++-- login/logout.php | 1 + mod/forum/discuss.php | 1 + mod/forum/index.php | 1 + mod/forum/lib.php | 4 ++++ mod/forum/post.php | 1 + mod/forum/rate.php | 2 -- mod/forum/search.php | 12 +++++++++--- mod/forum/subscribers.php | 1 + mod/forum/view.php | 1 + user/edit.php | 9 +++++---- user/lib.php | 9 +++++++++ 27 files changed, 100 insertions(+), 25 deletions(-) diff --git a/admin/user.php b/admin/user.php index 64b42bc636..2f31ce983e 100644 --- a/admin/user.php +++ b/admin/user.php @@ -44,7 +44,7 @@ $USER->loggedin = true; $USER->admin = true; $USER->teacher["$course->id"] = true; - + save_session("USER"); } require_login(); @@ -158,6 +158,7 @@ if ($usernew->id == $USER->id) { // Reload admin $USER = get_user_info_from_db("id", $usernew->id); $USER->loggedin = true; + save_session("USER"); set_moodle_cookie($USER->username); } redirect("index.php", "Changes saved"); diff --git a/course/enrol.php b/course/enrol.php index 6455e25d0c..68c8870ca2 100644 --- a/course/enrol.php +++ b/course/enrol.php @@ -35,10 +35,12 @@ } $USER->student["$id"] = true; + save_session("USER"); if ($SESSION->wantsurl) { $destination = $SESSION->wantsurl; unset($SESSION->wantsurl); + save_session("SESSION"); } else { $destination = "$CFG->wwwroot/course/view.php?id=$id"; } @@ -68,10 +70,12 @@ } $USER->student["$id"] = true; + save_session("USER"); if ($SESSION->wantsurl) { $destination = $SESSION->wantsurl; unset($SESSION->wantsurl); + save_session("SESSION"); } else { $destination = "$CFG->wwwroot/course/view.php?id=$id"; } diff --git a/course/loginas.php b/course/loginas.php index febaf7f866..c011b19f0d 100644 --- a/course/loginas.php +++ b/course/loginas.php @@ -36,4 +36,6 @@ notice("You are now logged in as $student_name", "$CFG->wwwroot/course/view.php?id=$course->id"); + save_session("USER"); + ?> diff --git a/course/mod.php b/course/mod.php index adcf63d8bb..2b5512a350 100644 --- a/course/mod.php +++ b/course/mod.php @@ -70,6 +70,7 @@ if ($SESSION->returnpage) { $return = $SESSION->returnpage; unset($SESSION->returnpage); + save_session("SESSION"); redirect($return); } else { redirect("view.php?id=$mod->course"); @@ -79,6 +80,7 @@ if (isset($return)) { $SESSION->returnpage = $HTTP_REFERER; + save_session("SESSION"); } if (isset($move)) { diff --git a/course/social.php b/course/social.php index a034d47a3e..979036a98b 100644 --- a/course/social.php +++ b/course/social.php @@ -48,7 +48,7 @@ echo ""; // Print Admin links for teachers and admin. - if (isteacher($USER->id) || isadmin()) { + if (isteacher($course->id) || isadmin()) { print_simple_box("Admin", $align="CENTER", $width="100%", $color="$THEME->cellheading"); $adminicon[]="\"Edit\""; if (isediting($course->id)) { @@ -82,6 +82,7 @@ forum_print_latest_discussions($social->id, 10, "plain", "DESC", false); $SESSION->fromdiscussion = "$CFG->wwwroot/course/view.php?id=$course->id"; + save_session("SESSION"); } else { notify("Could not find or create a social forum here"); diff --git a/course/topics.php b/course/topics.php index ae18b93136..0728aea501 100644 --- a/course/topics.php +++ b/course/topics.php @@ -23,6 +23,7 @@ } else { $USER->topic = $topic; } + save_session("USER"); } if (isteacher($course->id) and isset($marker)) { diff --git a/course/unenrol.php b/course/unenrol.php index 36f3102743..ab538c702e 100644 --- a/course/unenrol.php +++ b/course/unenrol.php @@ -37,6 +37,7 @@ if ($user->id == $USER->id) { unset($USER->student["$id"]); + save_session("USER"); redirect("$CFG->wwwroot"); } diff --git a/course/view.php b/course/view.php index 6cbe7bf6bd..44f778f070 100644 --- a/course/view.php +++ b/course/view.php @@ -39,6 +39,8 @@ $USER->help = false; } + save_session("USER"); + if (! $course->category) { // This course is not a real course. redirect("$CFG->wwwroot"); } diff --git a/course/weeks.php b/course/weeks.php index d4d0e89785..fa3f6b7a73 100644 --- a/course/weeks.php +++ b/course/weeks.php @@ -19,6 +19,7 @@ } else { $USER->section = $week; } + save_session("USER"); } diff --git a/doc/install.html b/doc/install.html index 2729865505..e4c61ee95c 100755 --- a/doc/install.html +++ b/doc/install.html @@ -26,7 +26,8 @@ @@ -56,6 +57,7 @@
  • course/ - code to display and manage courses
  • doc/ - help documentation for Moodle (eg this page)
  • files/ - code to display and manage uploaded files
    • +
  • lang/ - texts in different languages, one directory per language
  • lib/ - libraries of core Moodle code
  • login/ - code to handle login and account creation
  • mod/ - all Moodle course modules
    • @@ -122,8 +124,10 @@

    If you don't see this, then there must have been some problem with the database - or the configuration settings you defined in config.php. Check these and try - this page again.

    + or the configuration settings you defined in config.php. Check also that your + PHP installation has "register_globals" turned on (recent versions have this + off by default). You can check PHP variables by creating a little file containing + <? phpinfo ?> and looking at it through a browser. Check all these and try this page again.

    Press the "Continue" link at the bottom of the page.

    Next you will see a similar page that sets up all the tables required by each Moodle module. As before, they should all be green, otherwise you may be a problem diff --git a/index.php b/index.php index 1a69752989..47afd3e69e 100644 --- a/index.php +++ b/index.php @@ -91,6 +91,7 @@ if (isset($USER->id)) { $SESSION->fromdiscussion = "$CFG->wwwroot"; + save_session($SESSION); if (forum_is_subscribed($USER->id, $newsforum->id)) { $subtext = get_string("unsubscribe", "forum"); } else { diff --git a/lib/moodlelib.php b/lib/moodlelib.php index e67d3a34ee..3c501466d6 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -393,6 +393,7 @@ function error ($message, $link="") { if ( !empty($SESSION->fromurl) ) { $link = "$SESSION->fromurl"; unset($SESSION->fromurl); + save_session("SESSION"); } else { $link = "$CFG->wwwroot"; } @@ -455,7 +456,6 @@ function notice_yesno ($message, $linkyes, $linkno) { function redirect($url, $message="", $delay=0) { // Uses META tags to redirect the user, after printing a notice - global $THEME; echo ""; @@ -895,6 +895,7 @@ function require_login($courseid=0) { if (! (isset( $USER->loggedin ) && $USER->confirmed) ) { $SESSION->wantsurl = $FULLME; $SESSION->fromurl = $HTTP_REFERER; + save_session("SESSION"); if ($PHPSESSID) { // Cookies not enabled. redirect("$CFG->wwwroot/login/?PHPSESSID=$PHPSESSID"); } else { @@ -920,6 +921,7 @@ function require_login($courseid=0) { // Not allowed in the course, so see if they want to enrol $SESSION->wantsurl = $FULLME; + save_session("SESSION"); redirect("$CFG->wwwroot/course/enrol.php?id=$courseid"); die; } @@ -937,9 +939,11 @@ function update_login_count() { } else { $SESSION->logincount++; } + save_session("SESSION"); if ($SESSION->logincount > $max_logins) { unset($SESSION->wantsurl); + save_session("SESSION"); error("Sorry, you have exceeded the allowed number of login attempts. Restart your browser."); } } @@ -1004,6 +1008,7 @@ function reset_login_count() { global $SESSION; $SESSION->logincount = 0; + save_session("SESSION"); } @@ -1023,6 +1028,13 @@ function get_moodle_cookie() { } +function save_session($VAR) { +// Copies temporary session variable to permanent sesson variable +// eg $_SESSION["USER"] = $USER; + global $$VAR; + $_SESSION[$VAR] = $$VAR; +} + function verify_login($username, $password) { diff --git a/lib/setup.php b/lib/setup.php index c3a0641908..90af95571c 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -38,6 +38,17 @@ setlocale ("LC_TIME", $CFG->lang); } +// The following is a big hack to get around the problem of PHP installations +// that have "register_globals" turned off (default since PHP 4.1.0). +// Eventually I'll go through and upgrade all the code to make this unnecessary + + if (isset($_REQUEST)) { + extract($_REQUEST); + } + if (isset($_SERVER)) { + extract($_SERVER); + } + // Load up theme variables (colours etc) require("$CFG->dirroot/theme/$CFG->theme/config.php"); @@ -49,16 +60,16 @@ require("$CFG->libdir/adodb/adodb.inc.php"); // Database access functions require("$CFG->libdir/adodb/tohtml.inc.php");// Database display functions require("$CFG->libdir/moodlelib.php"); // Various Moodle functions + // Load up global environment variables class object {}; session_start(); - session_register("SESSION"); // Current session info - session_register("USER"); // Current user info - if (! isset($SESSION)) $SESSION = new object; - if (! isset($USER)) $USER = new object; + if (! isset($_SESSION["SESSION"])) { $_SESSION["SESSION"] = new object; } + if (! isset($_SESSION["USER"])) { $_SESSION["USER"] = new object; } + extract($_SESSION); // Makes $SESSION and $USER available for read-only access $FULLME = qualified_me(); $ME = strip_querystring($FULLME); @@ -70,5 +81,4 @@ $db->PConnect($CFG->dbhost,$CFG->dbuser,$CFG->dbpass,$CFG->dbname); - ?> diff --git a/login/change_password.php b/login/change_password.php index 9f8a5ec78a..ccd5a9b9da 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -27,9 +27,9 @@ error("Could not set the new password"); } - unset($USER); $USER = $user; $USER->loggedin = true; + save_session("USER"); set_moodle_cookie($USER->username); diff --git a/login/confirm.php b/login/confirm.php index 235887ad56..45fa7b193f 100644 --- a/login/confirm.php +++ b/login/confirm.php @@ -34,8 +34,12 @@ $USER->loggedin = true; $USER->confirmed = 1; - if ( ! empty($SESSION["wantsurl"]) ) { - $goto = $SESSION["wantsurl"]; + save_session("USER"); + + if ( ! empty($SESSION->wantsurl) ) { + $goto = $SESSION->wantsurl; + unset($SESSION->wantsurl); + save_session("SESSION"); redirect("$goto"); } diff --git a/login/index.php b/login/index.php index 0319c998e1..3bb4499c7f 100644 --- a/login/index.php +++ b/login/index.php @@ -36,6 +36,7 @@ $USER = $user; $USER->loggedin = true; + save_session("USER"); if (!update_user_in_db()) { error("Weird error: User not found"); @@ -44,7 +45,7 @@ if (!update_user_login_times()) { error("Wierd error: could not update login records"); } - + set_moodle_cookie($USER->username); @@ -53,6 +54,7 @@ } else { header("Location: $SESSION->wantsurl"); unset($SESSION->wantsurl); + save_session("SESSION"); } reset_login_count(); @@ -63,9 +65,11 @@ $errormsg = get_string("invalidlogin"); } } + if (empty($SESSION->wantsurl)) { - $SESSION->wantsurl = $HTTP_REFERER; + $SESSION->wantsurl = $HTTP_REFERER; + save_session("SESSION"); } if (!$frm->username) @@ -92,6 +96,7 @@ function update_user_login_times() { $USER->lastlogin = $USER->currentlogin; $USER->currentlogin = time(); + save_session("USER"); return $db->Execute("UPDATE user SET lastlogin='$USER->lastlogin', currentlogin='$USER->currentlogin' diff --git a/login/logout.php b/login/logout.php index 3f0aadcafc..c0fda928eb 100644 --- a/login/logout.php +++ b/login/logout.php @@ -4,6 +4,7 @@ require("../config.php"); $USER = NULL; + save_session("USER"); redirect($HTTP_REFERER); exit; diff --git a/mod/forum/discuss.php b/mod/forum/discuss.php index b6090c46ce..520d13a9fa 100644 --- a/mod/forum/discuss.php +++ b/mod/forum/discuss.php @@ -29,6 +29,7 @@ add_to_log($course->id, "forum", "view discussion", "discuss.php?".$_SERVER["QUERY_STRING"], "$discussion->id"); unset($SESSION->fromdiscussion); + save_session("SESSION"); forum_set_display_mode($mode); diff --git a/mod/forum/index.php b/mod/forum/index.php index aadf4ff08a..b5a4df3412 100644 --- a/mod/forum/index.php +++ b/mod/forum/index.php @@ -20,6 +20,7 @@ } unset($SESSION->fromdiscussion); + save_session("SESSION"); add_to_log($course->id, "forum", "view forums", "index.php?id=$course->id"); diff --git a/mod/forum/lib.php b/mod/forum/lib.php index 06040877b9..76dffb553d 100644 --- a/mod/forum/lib.php +++ b/mod/forum/lib.php @@ -348,6 +348,7 @@ function forum_set_return() { if (! $SESSION->fromdiscussion) { $SESSION->fromdiscussion = $HTTP_REFERER; + save_session("SESSION"); } } @@ -358,6 +359,7 @@ function forum_go_back_to($default) { if ($SESSION->fromdiscussion) { $returnto = $SESSION->fromdiscussion; unset($SESSION->fromdiscussion); + save_session("SESSION"); return $returnto; } else { return $default; @@ -1026,8 +1028,10 @@ function forum_set_display_mode($mode=0) { if ($mode) { $USER->mode = $mode; + save_session("USER"); } else if (!$USER->mode) { $USER->mode = $FORUM_DEFAULT_DISPLAY_MODE; + save_session("USER"); } } diff --git a/mod/forum/post.php b/mod/forum/post.php index 9ddaf22848..c01470ea03 100644 --- a/mod/forum/post.php +++ b/mod/forum/post.php @@ -61,6 +61,7 @@ if (isset($forum)) { // User is starting a new discussion in a forum $SESSION->fromurl = $HTTP_REFERER; + save_session("SESSION"); if (! $forum = get_record("forum", "id", $forum)) { error("The forum number was incorrect ($forum)"); diff --git a/mod/forum/rate.php b/mod/forum/rate.php index 740c63c72a..e2540b2f4e 100644 --- a/mod/forum/rate.php +++ b/mod/forum/rate.php @@ -1,8 +1,6 @@ forum")) { error("Could not find forum $discussion->forum"); } - $post->subject = "id&forum=$forum->id\">$forum->name -> ". - "id\">$discussion->name -> ". - "discussion&parent=$post->id\">$post->subject"; + $fullsubject = "id\">$forum->name"; + if ($forum->type != "single") { + $fullsubject .= " -> id\">$discussion->name"; + if ($post->parent != 0) { + $fullsubject .= " -> discussion&parent=$post->id\">$post->subject"; + } + } + + $post->subject = $fullsubject; $post->message = highlight("$search", $post->message); $fulllink = "

    discussion&parent=$post->id\">See this post in context

    "; diff --git a/mod/forum/subscribers.php b/mod/forum/subscribers.php index 955e956b53..3617a2018c 100644 --- a/mod/forum/subscribers.php +++ b/mod/forum/subscribers.php @@ -20,6 +20,7 @@ } unset($SESSION->fromdiscussion); + save_session("SESSION"); add_to_log($course->id, "forum", "view subscribers", "subscribers.php?id=$forum->id", ""); diff --git a/mod/forum/view.php b/mod/forum/view.php index b21c6c6e27..87ce370914 100644 --- a/mod/forum/view.php +++ b/mod/forum/view.php @@ -58,6 +58,7 @@ if ($USER) { $SESSION->fromdiscussion = "$FULLME"; + save_session("SESSION"); if (forum_is_forcesubscribed($forum->id)) { $subtext = "Everyone is subscribed to this forum"; if (isteacher($course->id)) { diff --git a/user/edit.php b/user/edit.php index ad93d579f8..57686b2108 100644 --- a/user/edit.php +++ b/user/edit.php @@ -36,15 +36,15 @@ $timenow = time(); - if ($imagefile && $imagefile!="none") { - $imageinfo = GetImageSize($imagefile); + if ($filename = valid_uploaded_file($imagefile)) { + $imageinfo = GetImageSize($filename); $image->width = $imageinfo[0]; $image->height = $imageinfo[1]; $image->type = $imageinfo[2]; switch ($image->type) { - case 2: $im = ImageCreateFromJPEG($imagefile); break; - case 3: $im = ImageCreateFromPNG($imagefile); break; + case 2: $im = ImageCreateFromJPEG($filename); break; + case 3: $im = ImageCreateFromPNG($filename); break; default: error("Image must be in JPG or PNG format"); } if (function_exists("ImageCreateTrueColor") and $CFG->gdversion >= 2) { @@ -114,6 +114,7 @@ foreach ($usernew as $variable => $value) { $USER->$variable = $value; } + save_session("USER"); redirect("view.php?id=$user->id&course=$course->id", "Changes saved"); } else { error("Could not update the user record ($user->id)"); diff --git a/user/lib.php b/user/lib.php index a6efe6a7c1..42c0c00557 100644 --- a/user/lib.php +++ b/user/lib.php @@ -84,4 +84,13 @@ function print_user($user, $course, $string) { echo ""; } +function valid_uploaded_file($newfile) { +// Returns current name of file on disk if true + if (is_uploaded_file($newfile['tmp_name']) and $newfile['size'] > 0) { + return $newfile['tmp_name']; + } else { + return ""; + } +} + ?> -- 2.39.5