From 8eee10ead8906df04255d275b460a78cc90c4e12 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 14 Oct 2015 16:57:54 +0200 Subject: Fix session handling, support staff-affiliation as being detected as tutor --- inc/session.inc.php | 12 +++++++----- inc/user.inc.php | 23 +++++++++++++++++++---- 2 files changed, 26 insertions(+), 9 deletions(-) (limited to 'inc') diff --git a/inc/session.inc.php b/inc/session.inc.php index 891a465..93c33e5 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -9,7 +9,8 @@ class Session private static function generateSessionId() { - if (self::$sid !== false) Util::traceError('Error: Asked to generate session id when already set.'); + if (self::$sid !== false) + Util::traceError('Error: Asked to generate session id when already set.'); self::$sid = sha1( mt_rand(0, 65535) . $_SERVER['REMOTE_ADDR'] @@ -47,9 +48,9 @@ class Session public static function setUid($value) { - if (!is_numeric($value) || $value < 1) + if (strlen($value) < 5) Util::traceError('Invalid user id: ' . $value); - self::set('uid', (int)$value); + self::set('uid', $value); } public static function get($key) @@ -72,7 +73,7 @@ class Session private static function loadSessionId() { if (self::$sid !== false) - die('Error: Asked to load session id when already set.'); + Util::traceError('Error: Asked to load session id when already set.'); if (empty($_COOKIE['sid'])) return false; $id = preg_replace('/[^a-zA-Z0-9]/', '', $_COOKIE['sid']); @@ -112,8 +113,9 @@ class Session if (self::$sid === false || self::$data !== false) Util::traceError('Tried to readSessionData on an active session!'); $data = Database::queryFirst('SELECT dateline, data FROM websession WHERE sid = :sid LIMIT 1', array('sid' => self::$sid)); - if ($data === false) + if ($data === false) { return false; + } if ($data['dateline'] + CONFIG_SESSION_TIMEOUT < time()) { self::delete(); return false; diff --git a/inc/user.inc.php b/inc/user.inc.php index 28a1fd5..16ec77d 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -81,7 +81,7 @@ class User public static function isTutor() { - return isset(self::$user['role']) && self::$user['role'] === 'tutor'; + return isset(self::$user['role']) && self::$user['role'] === 'TUTOR'; } public static function isAdmin() @@ -158,18 +158,30 @@ class User . ' aber der IdP Ihrer Einrichtung scheint die benötigten Metadaten nicht' . ' an den bwLehrpool-SP zu übermitteln. Bitte wenden Sie sich an den Support.'); } + Session::delete(); return false; } // Try user from local DB self::$user = Database::queryFirst('SELECT userid, shibid, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid())); self::$isInDb = self::$user !== false; + if (!self::$isInDb) { + Session::delete(); + } return self::$isInDb; } // Try bwIDM etc. if (!$hasSession) { + // Make sure cookies are enabled + if (!empty($_SERVER['Shib-Session-ID'])) { + if (isset($_GET['force-cookie'])) + die('Bitte aktivieren Sie Cookies und Javascript!'); + + } Session::create(); Session::set('token', md5(mt_rand() . $_SERVER['REMOTE_ADDR'] . microtime(true) . $_SERVER['persistent-id'] . mt_rand())); Session::save(); + if (!empty($_SERVER['Shib-Session-ID'])) + Util::redirect('?do=Main&force-cookie=true.dat'); } self::$isShib = true; if (!isset($_SERVER['sn'])) @@ -187,10 +199,13 @@ class User 'email' => $_SERVER['mail'], ); // Figure out whether the user should be considered a tutor - if (isset($_SERVER['affiliation']) && preg_match('/(^|;)employee@/', $_SERVER['affiliation'])) - self::$user['role'] = 'tutor'; + if (isset($_SERVER['affiliation']) && (strpos(";{$_SERVER['affiliation']}", ';employee@') !== false + || strpos(";{$_SERVER['affiliation']}", ';staff@') !== false)) + self::$user['role'] = 'TUTOR'; elseif (isset($_SERVER['entitlement']) && strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) - self::$user['role'] = 'tutor'; + self::$user['role'] = 'TUTOR'; + else + self::$user['role'] = 'STUDENT'; // Try to figure out organization if (isset($_SERVER['affiliation']) && preg_match('/@([a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out)) self::$user['organization'] = $out[1]; -- cgit v1.2.3-55-g7522