Help save net neutrality! Learn more.
Close

#1225 2.5.5: xoopsUserTheme is not regenerate in remember me

XOOPS_2.5.x
pending
5
2014-07-17
2012-08-22
irmtfan
No

if remember me is set to yes and the user select a theme other than default theme then:
XOOPS should regenarate a new session and destroy old session for xoopsUserTheme

in include/common.php i added this:

/**
 * Log user is and deal with Sessions and Cookies
 */
if (!empty($_SESSION['xoopsUserId'])) {
    $xoopsUser =& $member_handler->getUser($_SESSION['xoopsUserId']);
    if (!is_object($xoopsUser) || (isset($hash_login) && md5($xoopsUser-   >getVar('pass') . XOOPS_DB_NAME . XOOPS_DB_PASS . XOOPS_DB_PREFIX) != $hash_login))    {
        $xoopsUser = '';
        $_SESSION = array();
        session_destroy();
        setcookie($xoopsConfig['usercookie'], 0, - 1, '/');
    } else {
        if ((intval($xoopsUser->getVar('last_login')) + 60 * 5) < time()) {
            $sql = "UPDATE " . $xoopsDB->prefix('users')
                 . " SET last_login = '" . time()
                 . "' WHERE uid = " . $_SESSION['xoopsUserId'];
            @$xoopsDB->queryF($sql);
        }
        $sess_handler->update_cookie();
        if (isset($_SESSION['xoopsUserGroups'])) {
            $xoopsUser->setGroups($_SESSION['xoopsUserGroups']);
        } else {
            $_SESSION['xoopsUserGroups'] = $xoopsUser->getGroups();
        }
        // Start irmtfan to regenarate a new session and destroy old session for xoopsUserTheme
        $user_theme = $xoopsUser->getVar('theme');
        if ($user_theme != $xoopsConfig['theme_set'] && in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
            $_SESSION['xoopsUserTheme'] = $user_theme;
        }
        // End irmtfan to regenarate a new session and destroy old session for xoopsUserTheme
        $xoopsUserIsAdmin = $xoopsUser->isAdmin();
    }
}

I just think the above code would be the final solution but if anybody have better solution please let us know.

also please take a look at class/xoopskernel.php

/**
 * xos_kernel_Xoops2::themeSelect()
 *
 * @return
 */
function themeSelect()
{
    if (!empty($_POST['xoops_theme_select'] ) && in_array($_POST['xoops_theme_select'], xoops_getConfigOption('theme_set_allowed'))) {
        xoops_setConfigOption('theme_set', $_POST['xoops_theme_select']);
        $_SESSION['xoopsUserTheme'] = $_POST['xoops_theme_select'];
    } else if (!empty($_SESSION['xoopsUserTheme']) && in_array($_SESSION['xoopsUserTheme'], xoops_getConfigOption('theme_set_allowed'))) {
        xoops_setConfigOption('theme_set', $_SESSION['xoopsUserTheme']);
    }
}

also the function in modules/profile/edituser.php:

    $profile->setVar('profile_id', $edituser->getVar('uid'));
    $profile_handler->insert($profile);
    unset($_SESSION['xoopsUserTheme']);
    redirect_header(XOOPS_URL.'/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/userinfo.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);

I dont know why it is unsetted?

Discussion

  • irmtfan

    irmtfan - 2012-08-22
     
  • Richard Griffith

    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -2,44 +2,47 @@
     XOOPS should regenarate a new session and destroy old session for xoopsUserTheme
    
     in include/common.php i added this:
    -[code]
    -/**
    - * Log user is and deal with Sessions and Cookies
    - */
    -if (!empty($_SESSION['xoopsUserId'])) {
    -    $xoopsUser =& $member_handler->getUser($_SESSION['xoopsUserId']);
    -    if (!is_object($xoopsUser) || (isset($hash_login) && md5($xoopsUser->getVar('pass') . XOOPS_DB_NAME . XOOPS_DB_PASS . XOOPS_DB_PREFIX) != $hash_login)) {
    -        $xoopsUser = '';
    -        $_SESSION = array();
    -        session_destroy();
    -        setcookie($xoopsConfig['usercookie'], 0, - 1, '/');
    -    } else {
    -        if ((intval($xoopsUser->getVar('last_login')) + 60 * 5) < time()) {
    -            $sql = "UPDATE " . $xoopsDB->prefix('users')
    -                 . " SET last_login = '" . time()
    -                 . "' WHERE uid = " . $_SESSION['xoopsUserId'];
    -            @$xoopsDB->queryF($sql);
    +
    +    :::PHP
    +    /**
    +     * Log user is and deal with Sessions and Cookies
    +     */
    +    if (!empty($_SESSION['xoopsUserId'])) {
    +        $xoopsUser =& $member_handler->getUser($_SESSION['xoopsUserId']);
    +        if (!is_object($xoopsUser) || (isset($hash_login) && md5($xoopsUser-   >getVar('pass') . XOOPS_DB_NAME . XOOPS_DB_PASS . XOOPS_DB_PREFIX) != $hash_login))    {
    +            $xoopsUser = '';
    +            $_SESSION = array();
    +            session_destroy();
    +            setcookie($xoopsConfig['usercookie'], 0, - 1, '/');
    +        } else {
    +            if ((intval($xoopsUser->getVar('last_login')) + 60 * 5) < time()) {
    +                $sql = "UPDATE " . $xoopsDB->prefix('users')
    +                     . " SET last_login = '" . time()
    +                     . "' WHERE uid = " . $_SESSION['xoopsUserId'];
    +                @$xoopsDB->queryF($sql);
    +            }
    +            $sess_handler->update_cookie();
    +            if (isset($_SESSION['xoopsUserGroups'])) {
    +                $xoopsUser->setGroups($_SESSION['xoopsUserGroups']);
    +            } else {
    +                $_SESSION['xoopsUserGroups'] = $xoopsUser->getGroups();
    +            }
    +            // Start irmtfan to regenarate a new session and destroy old session for xoopsUserTheme
    +            $user_theme = $xoopsUser->getVar('theme');
    +            if ($user_theme != $xoopsConfig['theme_set'] && in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
    +               $_SESSION['xoopsUserTheme'] = $user_theme;
    +            }
    +            // End irmtfan to regenarate a new session and destroy old session for xoopsUserTheme
    +            $xoopsUserIsAdmin = $xoopsUser->isAdmin();
             }
    -        $sess_handler->update_cookie();
    -        if (isset($_SESSION['xoopsUserGroups'])) {
    -            $xoopsUser->setGroups($_SESSION['xoopsUserGroups']);
    -        } else {
    -            $_SESSION['xoopsUserGroups'] = $xoopsUser->getGroups();
    -        }
    -        // Start irmtfan to regenarate a new session and destroy old session for xoopsUserTheme
    -        $user_theme = $xoopsUser->getVar('theme');
    -        if ($user_theme != $xoopsConfig['theme_set'] && in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
    -           $_SESSION['xoopsUserTheme'] = $user_theme;
    -        }
    -        // End irmtfan to regenarate a new session and destroy old session for xoopsUserTheme
    -        $xoopsUserIsAdmin = $xoopsUser->isAdmin();
         }
    -}
    -[/code]
    +
    +
     I just think the above code would be the final solution but if anybody have better solution please let us know.
    
     also please take a look at class/xoopskernel.php
    -[code]
    +
    +    :::php
         /**
          * xos_kernel_Xoops2::themeSelect()
          *
    @@ -54,14 +57,15 @@
                 xoops_setConfigOption('theme_set', $_SESSION['xoopsUserTheme']);
             }
         }
    -[/code]
    +
    
     also the function in    modules/profile/edituser.php:
    -[code]
    -            $profile->setVar('profile_id', $edituser->getVar('uid'));
    -            $profile_handler->insert($profile);
    -            unset($_SESSION['xoopsUserTheme']);
    -            redirect_header(XOOPS_URL.'/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/userinfo.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);
    -[/code]
    +
    +    :::php
    +        $profile->setVar('profile_id', $edituser->getVar('uid'));
    +        $profile_handler->insert($profile);
    +        unset($_SESSION['xoopsUserTheme']);
    +        redirect_header(XOOPS_URL.'/modules/' . $GLOBALS['xoopsModule']->getVar('dirname', 'n') . '/userinfo.php?uid=' . $edituser->getVar('uid'), 2, _US_PROFUPDATED);
    +
    
     I dont know why it is unsetted?
    
    • status: open --> pending
    • assigned_to: Richard Griffith
     
  • Richard Griffith

    I added a check to make sure that the patch was only executed when we are regenerating a session for "remember me." Otherwise incorporated irmtfan's patch as shown.

    It makes sense that it was not set. The xoopsUserTheme is only set in the session during login process. With the remember me option we are regenerating a minimal session without actually going thru the login.

     

Log in to post a comment.