diff --git a/html/index.php b/html/index.php
index 99afe636e0cd6f30dc76bc29e8195c53212487f3..c12614ca33ca222c9f5fc43df9af469e1e3a283c 100755
--- a/html/index.php
+++ b/html/index.php
@@ -98,7 +98,10 @@ if (!is_readable(CONFIG_DIR.'/'.CONFIG_FILE)) {
/* Parse configuration file */
$config = new config(CONFIG_DIR.'/'.CONFIG_FILE, $BASE_DIR);
+
session::set('config', $config);
+print_r($_SESSION);
+
session::set('DEBUGLEVEL', $config->get_cfg_value('DEBUGLEVEL'));
logging::debug(DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, 'config');
/* Configuration was reloaded, so plist needs to be as well */
diff --git a/html/main.php b/html/main.php
index 63bfb3ef7b829a3508a8803aba1fada28cdc53e0..3477c0419cfc12a7d23763992edf71275e4fca66 100755
--- a/html/main.php
+++ b/html/main.php
@@ -20,11 +20,11 @@
*/
/**
- * @var Smarty $smarty Defined in php_setup.inc
- * @var string $BASE_DIR Defined in php_setup.inc
- * @var string $ssl Defined in php_setup.inc
- * @var string $error_collector Defined in php_setup.inc
- * @var string $error_collector_mailto Defined in php_setup.inc
+ * @var Smarty $smarty Defined in php_setup.inc
+ * @var string $BASE_DIR Defined in php_setup.inc
+ * @var string $ssl Defined in php_setup.inc
+ * @var string $error_collector Defined in php_setup.inc
+ * @var string $error_collector_mailto Defined in php_setup.inc
*/
/* Basic setup, remove eventually registered sessions */
@@ -44,9 +44,11 @@ bindtextdomain($domain, LOCALE_DIR);
textdomain($domain);
/* Remember everything we did after the last click */
+
session::start();
reset_errors();
+
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
logging::debug(DEBUG_POST, __LINE__, __FUNCTION__, __FILE__, $_POST, '_POST');
}
@@ -120,10 +122,10 @@ $smarty->assign('hideMenus', FALSE);
/* check user expiration status */
$expired = $ui->expired_status();
if (($expired == POSIX_WARN_ABOUT_EXPIRATION) && !session::is_set('POSIX_WARN_ABOUT_EXPIRATION__DONE')) {
- logging::debug(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $expired, 'This user account ('.$ui->uid.') is about to expire');
+ logging::debug(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $expired, 'This user account (' . $ui->uid . ') is about to expire');
// The users password is about to expire soon, display a warning message.
- logging::log('security', 'fusiondirectory', '', [], 'password for user "'.$ui->uid.'" is about to expire');
+ logging::log('security', 'fusiondirectory', '', [], 'password for user "' . $ui->uid . '" is about to expire');
msg_dialog::display(_('Password change'), htmlescape(_('Your password is about to expire, please change your password!')), INFO_DIALOG);
session::set('POSIX_WARN_ABOUT_EXPIRATION__DONE', TRUE);
} elseif ($expired == POSIX_FORCE_PASSWORD_CHANGE) {
@@ -140,7 +142,7 @@ if (($expired == POSIX_WARN_ABOUT_EXPIRATION) && !session::is_set('POSIX_WARN_AB
if ($value == 'user') {
if (!isset($_GET['plug']) || ($_GET['plug'] != $key)) {
$_GET['plug'] = $key;
- $warning = new FusionDirectoryWarning(htmlescape(_('Your password has expired, please set a new one.')));
+ $warning = new FusionDirectoryWarning(htmlescape(_('Your password has expired, please set a new one.')));
$warning->display();
}
break;
@@ -161,8 +163,8 @@ session::set('plugin_index', $plugin_index);
- Remove all created locks if "reset" was posted.
- Remove all created locks if we switched to another plugin.
*/
-$cleanup = FALSE;
-$remove_lock = FALSE;
+$cleanup = FALSE;
+$remove_lock = FALSE;
/* Check if we have changed the selected plugin */
if (!empty($old_plugin_index) && ($old_plugin_index != $plugin_index)) {
@@ -184,8 +186,8 @@ if (memory_get_usage() > (to_byte(ini_get('memory_limit')) - 2048000)) {
/* show web frontend */
$smarty->assign("date", date("l, dS F Y H:i:s O"));
$lang = session::get('lang');
-$smarty->assign('lang', preg_replace('/_.*$/', '', $lang));
-$smarty->assign('rtl', Language::isRTL($lang));
+$smarty->assign('lang', preg_replace('/_.*$/', '', $lang));
+$smarty->assign('rtl', Language::isRTL($lang));
if (isset($plugin_index)) {
$plug = "?plug=$plugin_index";
} else {
@@ -193,7 +195,7 @@ if (isset($plugin_index)) {
}
if ($ui->ignore_acl_for_current_user()) {
- $smarty->assign('username', '<div style="color:#FF0000;">'._('User ACL checks disabled').'</div> '.$ui->uid);
+ $smarty->assign('username', '<div style="color:#FF0000;">' . _('User ACL checks disabled') . '</div> ' . $ui->uid);
} else {
$smarty->assign('username', $ui->uid);
}
@@ -204,12 +206,12 @@ $smarty->assign("usePrototype", "false");
/* React on clicks */
if (($_SERVER['REQUEST_METHOD'] == 'POST')
- && (isset($_POST['delete_lock']) || isset($_POST['open_readonly']))) {
+ && (isset($_POST['delete_lock']) || isset($_POST['open_readonly']))) {
/* Set old Post data */
if (session::is_set('LOCK_VARS_USED_GET')) {
foreach (session::get('LOCK_VARS_USED_GET') as $name => $value) {
- $_GET[$name] = $value;
+ $_GET[$name] = $value;
}
}
if (session::is_set('LOCK_VARS_USED_POST')) {
@@ -244,7 +246,7 @@ if (count($_POST) && !isset($_POST['php_c_check'])) {
/* Assign errors to smarty */
if ($error_collector != "") {
- $smarty->assign("php_errors", preg_replace("/%BUGBODY%/", $error_collector_mailto, $error_collector)."</div>");
+ $smarty->assign("php_errors", preg_replace("/%BUGBODY%/", $error_collector_mailto, $error_collector) . "</div>");
} else {
$smarty->assign("php_errors", "");
}
@@ -252,8 +254,8 @@ if ($error_collector != "") {
$focus = '<script>';
$focus .= 'next_msg_dialog();';
$focus .= '</script>';
-$smarty->assign('focus', $focus);
-$smarty->assign('CSRFtoken', CSRFProtection::getToken());
+$smarty->assign('focus', $focus);
+$smarty->assign('CSRFtoken', CSRFProtection::getToken());
if (class_available('Game')) {
$smarty->assign('game_screen', Game::run());
@@ -261,8 +263,8 @@ if (class_available('Game')) {
$smarty->assign('game_screen', '');
}
-$display = $smarty->fetch(get_template_path('headers.tpl')).
- $smarty->fetch(get_template_path('framework.tpl'));
+$display = $smarty->fetch(get_template_path('headers.tpl')) .
+ $smarty->fetch(get_template_path('framework.tpl'));
/* Show page... */
echo $display;
diff --git a/include/class_session.inc b/include/class_session.inc
index f87466c96c0c6d3c594d563f0171b7f98c7e0d71..55f62efdcb73a5691d8c9835d1db084837d2ceaa 100755
--- a/include/class_session.inc
+++ b/include/class_session.inc
@@ -56,6 +56,9 @@ class session
*/
public static function set ($name, $value)
{
+ if ($name === 'config') {
+ $value = json_encode($value);
+ }
$_SESSION[$name] = $value;
}
@@ -74,7 +77,10 @@ class session
*/
public static function get ($name)
{
- if (isset($_SESSION[$name])) {
+ if ($name === 'config') {
+ return json_decode($_SESSION[$name]);
+ }
+ else if (isset($_SESSION[$name])) {
return $_SESSION[$name];
} else {
return NULL;
diff --git a/include/login/class_LoginMethod.inc b/include/login/class_LoginMethod.inc
index 9e144d94840356c9864455784977223cabb65f2f..a4e1b3b0f5a59fc85f9ddff716318a55307cd6c7 100755
--- a/include/login/class_LoginMethod.inc
+++ b/include/login/class_LoginMethod.inc
@@ -152,59 +152,6 @@ class LoginMethod
return TRUE;
}
- // ################################ Below Quick dirty fix for php8.2 for non-serializable items ######################
-// static function backupSessionToVariable()
-// {
-// $backupData = $_SESSION;
-//
-// // Remove non-serializable data for XMLParser
-// if (isset($backupData['config']->parser)) {
-// unset($backupData['config']->parser);
-// }
-//
-// return $backupData;
-// }
-
-// static function restoreSessionFromVariable($backupData)
-// {
-// $_SESSION = $backupData;
-//
-// // Reinitialize non-serializable objects
-// if (isset($_SESSION['config'])) {
-// $_SESSION['config']->parser = new XMLParser();
-// }
-// }
-
- static function removeResourcesRecursive(array $data): array {
- foreach ($data as $key => $value) {
- if (is_resource($value)) {
- // Log before removal (optional)
- error_log("Removing resource at key: $key");
- unset($data[$key]); // Remove resource
- } elseif (is_array($value)) {
- $data[$key] = LoginMethod::removeResourcesRecursive($value); // Recurse into sub-array
- } elseif (is_object($value)) {
-
- // Extract object properties and check for resources
- $properties = get_object_vars($value);
- foreach ($properties as $propKey => $propValue) {
- if (is_resource($propValue)) {
- error_log("Removing resource property: $propKey");
- unset($properties[$propKey]);
- }
- }
-
- // Recurse into object properties (if necessary)
- $data[$key] = LoginMethod::removeResourcesRecursive($properties);
- }
- }
- return $data;
- }
-
-
-
- // ################################# Above Quick dirty fix for php8.2 for non-serializable items ######################
-
/*! \brief Connect user */
static function connect ()
{
@@ -212,22 +159,9 @@ class LoginMethod
$ui = session::get('ui');
- // #### QUICK AND DIRTY FIX FOR PHP 8.2
- // Backup session to a variable
- //$sessionBackup = LoginMethod::backupSessionToVariable();
-
-
-
- // dirty work to remove resource from session
- error_log(print_r($_SESSION, true)); // Log session data for debugging
- LoginMethod::removeResourcesRecursive($_SESSION);
// Create new session ID in order to have session_fixation security issues after success login
- session_regenerate_id();
- error_log(print_r($_SESSION, true)); // Verify that resources have been removed
-
-
- // #### QUICK AND DIRTY FIX FOR PHP 8.2
- //LoginMethod::restoreSessionFromVariable($sessionBackup);
+ echo 'before_refreshing_id';
+ //session_regenerate_id();
/* Not account expired or password forced change go to main page */
logging::log('security', 'login', $ui->uid, [], 'Logged in successfully');
diff --git a/include/login/class_LoginPost.inc b/include/login/class_LoginPost.inc
index 87c6c071187aba6eb6685cee3e30a70ea08b45a3..bc18fe38d9bf818d1ea320bc146d22b621e0d171 100755
--- a/include/login/class_LoginPost.inc
+++ b/include/login/class_LoginPost.inc
@@ -78,8 +78,8 @@ class LoginPost extends LoginMethod
if ($secondFactor) {
static::redirectSecondFactorPage();
}
-
/* Everything went well, redirect to main.php */
+ echo 'redirecting';
static::redirect();
}
}