diff --git a/main/inc/global.inc.php b/main/inc/global.inc.php index cccbc7352a..3f3e510a96 100755 --- a/main/inc/global.inc.php +++ b/main/inc/global.inc.php @@ -187,7 +187,7 @@ $charset = 'UTF-8'; \Patchwork\Utf8\Bootup::initAll(); // Start session after the internationalization library has been initialized. -ChamiloSession::start($alreadyInstalled); +//ChamiloSession::start($alreadyInstalled); // access_url == 1 is the default chamilo location if ($_configuration['access_url'] != 1) { diff --git a/main/inc/global_error_message.inc.php b/main/inc/global_error_message.inc.php index 7bd4d8b3bd..981f348241 100755 --- a/main/inc/global_error_message.inc.php +++ b/main/inc/global_error_message.inc.php @@ -59,8 +59,8 @@ if (is_int($global_error_code) && $global_error_code > 0) { $installation_guide_url = $root_rel.'documentation/installation_guide.html'; $css_path = 'app/Resources/public/css/'; - $css_web_assets = 'web/assets/'; - $css_web_path = 'web/css/'; + $css_web_assets = 'public/assets/'; + $css_web_path = 'public/css/'; $themePath = $css_path.'themes/'.$theme.'/default.css'; $bootstrap_file = $css_web_assets.'bootstrap/dist/css/bootstrap.min.css'; $css_base_file = $css_web_path.'base.css'; diff --git a/main/inc/lib/chamilo_session.class.php b/main/inc/lib/chamilo_session.class.php index 7bfd0fca97..3b95489f6f 100755 --- a/main/inc/lib/chamilo_session.class.php +++ b/main/inc/lib/chamilo_session.class.php @@ -1,144 +1,165 @@ ... - * session()->... - * - * @license see /license.txt - * @author Laurent Opprecht for the Univesity of Geneva - */ -/** - * @todo use session symfony component * @todo replace all $_SESSION calls with this class. - * @todo remove System\Session class - * ChamiloSession class definition */ -class ChamiloSession extends System\Session +class ChamiloSession implements \ArrayAccess { - const NAME = 'ch_sid'; - /** - * Generate new session instance - * @return ChamiloSession + * @param string $variable + * @param null $default + * @return mixed|null */ - public static function instance() + public static function read($variable, $default = null) { - static $result = null; + $session = Container::getSession(); + $result = null; + if (isset($session)) { + $result = $session->get($variable); + } + + // Check if the value exists in the $_SESSION array if (empty($result)) { - $result = new ChamiloSession(); + if (isset($_SESSION[$variable])) { + return $_SESSION[$variable]; + } + return $default; + } else { + return $result; } - return $result; } /** - * Returns the session lifetime - * @return int The session lifetime as defined in the config file, in seconds + * @param string $variable + * @param mixed $value */ - public static function session_lifetime() + public static function write($variable, $value) { - global $_configuration; - return $_configuration['session_lifetime']; + //$_SESSION[$variable] = $value; + $session = Container::getSession(); + // Writing the session in 2 instances because + $_SESSION[$variable] = $value; + $session->set($variable, $value); } /** - * Starts the Chamilo session. + * @param string $variable + */ + public static function erase($variable) + { + $variable = (string) $variable; + $session = Container::getSession(); + $session->remove($variable); + + if (isset($GLOBALS[$variable])) { + unset($GLOBALS[$variable]); + } + if (isset($_SESSION[$variable])) { + unset($_SESSION[$variable]); + } + } + + /** + * Returns true if session has variable set up, false otherwise. * - * The default lifetime for session is set here. It is not possible to have it - * as a database setting as it is used before the database connection has been made. - * It is taken from the configuration file, and if it doesn't exist there, it is set - * to 360000 seconds + * @param string $variable * - * @author Olivier Brouckaert - * @param string variable - the variable name to save into the session - * @return void + * @return bool */ - public static function start($already_installed = true) + public static function has($variable) { - /* - * Prevent Session fixation bug fixes - * See http://support.chamilo.org/issues/3600 - * http://php.net/manual/en/session.configuration.php - * @todo use session_set_cookie_params with some custom admin parameters - */ - - //session.cookie_lifetime - //the session ID is only accepted from a cookie - ini_set('session.use_only_cookies', 1); - - //HTTPS only if possible - //ini_set('session.cookie_secure', 1); - //session ID in the cookie is only readable by the server - ini_set('session.cookie_httponly', 1); - - //Use entropy file - //session.entropy_file - //ini_set('session.entropy_length', 128); - //Do not include the identifier in the URL, and not to read the URL for - // identifiers. - ini_set('session.use_trans_sid', 0); - - session_name(self::NAME); - session_start(); - $session = self::instance(); - if ($already_installed) { - if (!isset($session['checkChamiloURL'])) { - $session['checkChamiloURL'] = api_get_path(WEB_PATH); - } elseif ($session['checkChamiloURL'] != api_get_path(WEB_PATH)) { - self::clear(); - } - } + return isset($_SESSION[$variable]); + } - // If the session time has expired, refresh the starttime value, - // so we're starting to count down from a later time - if (self::has('starttime') && $session->is_expired()) { - self::destroy(); - } else { - //error_log('Time not expired, extend session for a bit more'); - self::write('starttime', time()); - } + /** + * Clear + */ + public static function clear() + { + $session = Container::getSession(); + $session->clear(); } /** - * Session start time: that is the last time the user loaded a page (before this time) - * @return int timestamp + * Destroy + */ + public static function destroy() + { + $session = Container::getSession(); + $session->invalidate(); + } + + /* + * ArrayAccess */ - public function start_time() + public function offsetExists($offset) { - return self::read('starttime'); + return isset($_SESSION[$offset]); } /** - * Session end time: when the session expires. This is made of the last page - * load time + a number of seconds - * @return int UNIX timestamp (server's timezone) + * It it exists returns the value stored at the specified offset. + * If offset does not exists returns null. Do not trigger a warning. + * + * @param string $offset + * @return any + */ + public function offsetGet($offset) + { + return self::read($offset); + } + + public function offsetSet($offset, $value) + { + self::write($offset, $value); + } + + public function offsetUnset($offset) + { + unset($_SESSION[$offset]); + } + + /** + * @param string $name + */ + public function __unset($name) + { + unset($_SESSION[$name]); + } + + /** + * @param string $name + * @return bool */ - public function end_time() + public function __isset($name) { - $start_time = $this->start_time(); - $lifetime = self::session_lifetime(); - return $start_time + $lifetime; + return self::has($name); } /** - * Returns whether the session is expired - * @return bool True if the session is expired, false if it is still valid + * It it exists returns the value stored at the specified offset. + * If offset does not exists returns null. Do not trigger a warning. + * + * @param string $name + * + * @return mixed + * + */ + public function __get($name) + { + return self::read($name); + } + + /** + * + * @param string $name + * @param mixed $value */ - public function is_expired() + public function __set($name, $value) { - return $this->end_time() < time(); + self::write($name, $value); } } diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index 08c537aa7f..20b9f86a32 100755 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -136,8 +136,8 @@ if (isset($_SESSION['conditional_login']['uid']) && $_SESSION['conditional_login } // parameters passed via GET -$logout = isset($_GET["logout"]) ? $_GET["logout"] : ''; -$gidReq = isset($_GET["gidReq"]) ? intval($_GET["gidReq"]) : ''; +$logout = isset($_GET['logout']) ? $_GET['logout'] : ''; +$gidReq = isset($_GET['gidReq']) ? (int) $_GET['gidReq'] : ''; // Keep a trace of the course and session from which we are getting out, to // enable proper course logout tracking in courseLogout() diff --git a/public/legacy.php b/public/legacy.php index 4062b4ac19..c01f7d0cae 100644 --- a/public/legacy.php +++ b/public/legacy.php @@ -1,7 +1,7 @@ checker->isGranted('ROLE_STUDENT') && !empty($pageAfterLogin)) { switch ($pageAfterLogin) { case 'index.php': - $url = $this->router->generate('home'); + //$url = $this->router->generate('home'); + $url = $this->router->generate('home').'/../index.php'; break; case 'user_portal.php': - $url = $this->router->generate('userportal'); + //$url = $this->router->generate('userportal'); + $url = $this->router->generate('home').'/../user_portal.php'; break; case 'main/auth/courses.php': $url = api_get_path(WEB_PUBLIC_PATH).$pageAfterLogin; @@ -87,11 +89,15 @@ class LoginSuccessHandler implements AuthenticationSuccessHandlerInterface } } - $url = $this->router->generate('userportal'); + Session::write('_uid', $user->getId()); + Session::write('_user', $userInfo); + Session::write('is_platformAdmin', (bool) \UserManager::is_admin($userId)); + Session::write('is_allowedCreateCourse', (bool) ($userInfo['status'] == 1)); + + //$url = $this->router->generate('userportal'); // Redirecting to a course or a session. if (api_get_setting('course.go_to_course_after_login') == 'true') { - // Get the courses list $personal_course_list = \UserManager::get_personal_session_course_list($userId); @@ -109,7 +115,6 @@ class LoginSuccessHandler implements AuthenticationSuccessHandlerInterface } $count_of_sessions = count($my_session_list); - if ($count_of_sessions == 1 && $count_of_courses_no_sessions == 0) { $key = array_keys($personal_course_list); $course_info = $personal_course_list[$key[0]]['course_info']; diff --git a/src/CoreBundle/Framework/PageController.php b/src/CoreBundle/Framework/PageController.php index 1ca4f180fd..f78f5c2c68 100644 --- a/src/CoreBundle/Framework/PageController.php +++ b/src/CoreBundle/Framework/PageController.php @@ -691,7 +691,7 @@ class PageController $loadDirs = api_get_setting('document.show_documents_preview') == 'true' ? true : false; $start = ($page - 1) * $this->maxPerPage; - + return ; $nbResults = CourseManager::displayCourses( $user_id, $filter, diff --git a/src/CoreBundle/Resources/config/services.yml b/src/CoreBundle/Resources/config/services.yml index e7de24ef72..9a9f33cb78 100644 --- a/src/CoreBundle/Resources/config/services.yml +++ b/src/CoreBundle/Resources/config/services.yml @@ -48,7 +48,10 @@ services: # Session voter checks if a user has permissions to do actions in a session chamilo_core.security.authorization.voter.session_voter: class: Chamilo\CoreBundle\Security\Authorization\Voter\SessionVoter - arguments: ['@doctrine.orm.entity_manager', '@chamilo_core.entity.manager.course_manager', '@service_container'] + arguments: + - '@doctrine.orm.entity_manager' + - '@chamilo_core.entity.manager.course_manager' + - '@service_container' public: false tags: - {name: security.voter} @@ -136,6 +139,12 @@ services: - {name: kernel.event_listener, event: kernel.request, method: onKernelRequest} - {name: kernel.event_listener, event: kernel.controller, method: onKernelController, priority: 9} +# chamilo_core.listener.legacy_login_listener: +# class: Chamilo\CoreBundle\EventListener\LegacyLoginListener +# arguments: ["@service_container", '@security.token_storage'] +# tags: +# - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest } + # Locale listener chamilo_core.listener.locale: class: Chamilo\CoreBundle\EventListener\LocaleListener diff --git a/src/CoreBundle/Security/Authorization/Voter/CourseVoter.php b/src/CoreBundle/Security/Authorization/Voter/CourseVoter.php index e2b6de7664..6d35c53fab 100644 --- a/src/CoreBundle/Security/Authorization/Voter/CourseVoter.php +++ b/src/CoreBundle/Security/Authorization/Voter/CourseVoter.php @@ -9,14 +9,15 @@ use Chamilo\UserBundle\Entity\User; use Doctrine\ORM\EntityManager; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Core\Authorization\Voter\Voter as AbstractVoter; +use Symfony\Component\Security\Core\Authorization\Voter\Voter; + use Symfony\Component\Security\Core\User\UserInterface; /** * Class CourseVoter * @package Chamilo\CoreBundle\Security\Authorization\Voter */ -class CourseVoter extends AbstractVoter +class CourseVoter extends Voter { const VIEW = 'VIEW'; const EDIT = 'EDIT'; diff --git a/src/CoreBundle/Security/Authorization/Voter/GroupVoter.php b/src/CoreBundle/Security/Authorization/Voter/GroupVoter.php index 3953be3f72..48f2bf9efb 100644 --- a/src/CoreBundle/Security/Authorization/Voter/GroupVoter.php +++ b/src/CoreBundle/Security/Authorization/Voter/GroupVoter.php @@ -12,14 +12,14 @@ use Chamilo\UserBundle\Entity\User; use Doctrine\ORM\EntityManager; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Core\Authorization\Voter\Voter as AbstractVoter; +use Symfony\Component\Security\Core\Authorization\Voter\Voter; use Symfony\Component\Security\Core\User\UserInterface; /** * Class GroupVoter * @package Chamilo\CoreBundle\Security\Authorization\Voter */ -class GroupVoter extends AbstractVoter +class GroupVoter extends Voter { const VIEW = 'VIEW'; const EDIT = 'EDIT'; diff --git a/src/CoreBundle/Security/Authorization/Voter/ResourceNodeVoter.php b/src/CoreBundle/Security/Authorization/Voter/ResourceNodeVoter.php index 57715f2443..2f8a43c647 100644 --- a/src/CoreBundle/Security/Authorization/Voter/ResourceNodeVoter.php +++ b/src/CoreBundle/Security/Authorization/Voter/ResourceNodeVoter.php @@ -13,7 +13,6 @@ use Doctrine\Common\Collections\ArrayCollection; use Sonata\AdminBundle\Security\Acl\Permission\AdminPermissionMap; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity; -//use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\User\UserInterface; use Zend\Permissions\Acl\Acl; @@ -21,7 +20,7 @@ use Zend\Permissions\Acl\Role\GenericRole as Role; //use Zend\Permissions\Acl\Resource\GenericResource as Resource; use Symfony\Component\Security\Acl\Permission\MaskBuilder; -use Symfony\Component\Security\Core\Authorization\Voter\Voter as AbstractVoter; +use Symfony\Component\Security\Core\Authorization\Voter\Voter; //use Sonata\AdminBundle\Security\Acl\Permission\MaskBuilder; @@ -29,7 +28,7 @@ use Symfony\Component\Security\Core\Authorization\Voter\Voter as AbstractVoter; * Class ResourceNodeVoter * @package Chamilo\CoreBundle\Security\Authorization\Voter */ -class ResourceNodeVoter extends AbstractVoter +class ResourceNodeVoter extends Voter { private $container; diff --git a/src/CourseBundle/Resources/config/services.yml b/src/CourseBundle/Resources/config/services.yml index e22d620eed..779eea5e8d 100644 --- a/src/CourseBundle/Resources/config/services.yml +++ b/src/CourseBundle/Resources/config/services.yml @@ -16,11 +16,12 @@ services: # Event Listeners chamilo_course.listener.course: class: Chamilo\CourseBundle\EventListener\CourseListener - arguments: ['@service_container'] + calls: + - [setContainer, ['@service_container']] tags: - - {name: kernel.event_listener, event: kernel.request, method: onKernelRequest} + - {name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 200} - {name: kernel.event_listener, event: kernel.response, method: onKernelResponse} - - {name: kernel.event_listener, event: kernel.controller, method: onKernelController, priority: 10} + - {name: kernel.event_listener, event: kernel.controller, method: onKernelController} # Sets the user access in a course listener chamilo_course.listener.course_access: