diff --git a/system/engine/autoload.php b/system/engine/autoload.php index 571ca2a..cbbf3d2 100644 --- a/system/engine/autoload.php +++ b/system/engine/autoload.php @@ -97,9 +97,9 @@ spl_autoload_register(function ($class) { } } - $value = DIR_SYSTEM . $classNative.'/autoload.php'; + $value = DIR_SYSTEM . str_replace('\\', "/", $classNative) .'/autoload.php'; - if($namespace[0] == "Phacil" && in_array($value, $this->dirs)){ + if($namespace[0] == "Phacil" && file_exists($value)){ try { if(is_readable($value)) { require_once $value; @@ -114,6 +114,22 @@ spl_autoload_register(function ($class) { } } + $value = DIR_SYSTEM . str_replace('\\', "/", $classNative) . '.php'; + + if ($namespace[0] == "Phacil" && file_exists($value) ) { + try { + if (is_readable($value)) { + require_once $value; + return; + } else { + throw new \Exception("I can't load '$value' file! Please check system permissions."); + } + } catch (\Exception $e) { + $log = new \Phacil\Framework\Log("exception.log"); + $log->write($class . ' not loaded!'); + exit($e->getMessage()); + } + } if(file_exists($tryMagicOne = DIR_APP_MODULAR. implode("/", $namespace).".php")){ try { diff --git a/system/engine/controller.php b/system/engine/controller.php index 31a778f..53469b5 100644 --- a/system/engine/controller.php +++ b/system/engine/controller.php @@ -108,7 +108,16 @@ abstract class Controller { * @param \Phacil\Framework\Registry $registry * @return void */ - public function __construct(\Phacil\Framework\Registry $registry) { + public function __construct(\Phacil\Framework\Registry $registry = null) { + if (!$registry) { + + /** + * @global \Phacil\Framework\startEngineExacTI $engine + */ + global $engine; + + $registry = $engine->registry; + } $this->registry = $registry; } diff --git a/system/login/autoload.php b/system/login/autoload.php index 450bf10..fa79b38 100644 --- a/system/login/autoload.php +++ b/system/login/autoload.php @@ -1,5 +1,4 @@ MM_authorizedUsers = $authorizedUsers; - $this->request = new Request(); - $this->session = new Session(); + if(!$registry){ + global $engine; + $registry =& $engine->registry; + } + $this->engine =& $registry; } - // *** Restrict Access To Page: Grant or deny access to this page /** - * @param mixed $strUsers - * @param mixed $strGroups - * @param mixed $UserName - * @param mixed $UserGroup + * Restrict Access To Page: Grant or deny access to this page + * + * @param string $strUsers + * @param string $strGroups + * @param string $UserName + * @param string $UserGroup * @return bool */ public function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. - $isValid = False; + $isValid = false; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. - $arrUsers = Explode(",", $strUsers); - $arrGroups = Explode(",", $strGroups); + $arrUsers = explode(",", $strUsers); + $arrGroups = explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } @@ -74,27 +71,27 @@ class login { if (in_array($UserGroup, $arrGroups)) { $isValid = true; } - if (($strUsers == "") && false) { + /* if (($strUsers == "") && false) { $isValid = true; - } + } */ } return $isValid; } /** - * @param mixed $restrictGoTo + * @param string $restrictGoTo * @return void */ public function check($restrictGoTo) { $MM_restrictGoTo = $restrictGoTo; - if (!((isset($this->session->data['MM_Username'])) && ($this->isAuthorized("",$this->MM_authorizedUsers, $this->session->data['MM_Username'], $this->session->data['MM_UserGroup'])))) { + if (!((isset($this->engine->session->data['MM_Username'])) && ($this->isAuthorized("",$this->MM_authorizedUsers, $this->engine->session->data['MM_Username'], $this->engine->session->data['MM_UserGroup'])))) { $MM_qsChar = "?"; - $MM_referrer = $this->request->server['PHP_SELF']; + $MM_referrer = $this->engine->request->server['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; - if (isset($this->request->server['QUERY_STRING']) && strlen($this->request->server['QUERY_STRING']) > 0) - $MM_referrer .= "?" . $this->request->server['QUERY_STRING']; + if (isset($this->engine->request->server['QUERY_STRING']) && strlen($this->engine->request->server['QUERY_STRING']) > 0) + $MM_referrer .= "?" . $this->engine->request->server['QUERY_STRING']; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; @@ -103,24 +100,27 @@ class login { /** @return bool */ public function isLogged () { - $lgged = $this->isAuthorized("",$this->MM_authorizedUsers, $this->session->data['MM_Username'], $this->session->data['MM_UserGroup']); + $lgged = $this->isAuthorized("",$this->MM_authorizedUsers, $this->engine->session->data['MM_Username'], $this->engine->session->data['MM_UserGroup']); return($lgged); } /** @return void */ public function logout() { - unset($this->session->data['user_id']); - - $this->user_id = ''; - $this->username = ''; + unset($this->engine->session->data['MM_Username']); + unset($this->engine->session->data['MM_UserGroup']); session_destroy(); } /** @return string */ public function getUserName() { - return $this->session->data['MM_Username']; + return $this->engine->session->data['MM_Username']; + } + + /** @return string */ + public function getUserGroup() { + return $this->engine->session->data['MM_UserGroup']; } } \ No newline at end of file diff --git a/system/login/interfaces/login.php b/system/login/interfaces/login.php new file mode 100644 index 0000000..c6a3681 --- /dev/null +++ b/system/login/interfaces/login.php @@ -0,0 +1,24 @@ +name = ((defined('SESSION_PREFIX')) ? SESSION_PREFIX : 'SESS').(isset($_SERVER['REMOTE_ADDR']) ? md5($_SERVER['REMOTE_ADDR']) : md5(date("dmY"))); + $this->name = ((defined('SESSION_PREFIX')) ? SESSION_PREFIX : 'SESS') . (isset($_SERVER['REMOTE_ADDR']) ? md5($_SERVER['REMOTE_ADDR']) : md5(date("dmY"))); if (!session_id()) { $this->openSession(); @@ -79,13 +80,12 @@ final class Session { $this->redis($redis, $redisDSN, $redisPort, $redisPass, $redis_expire, $redis_prefix); - if(session_name() === $this->name) { + if (session_name() === $this->name) { $this->data =& $_SESSION; - }else { + } else { $this->openSession(); $this->data =& $_SESSION; } - } /** @@ -93,21 +93,21 @@ final class Session { * * @return void */ - private function openSession() { + private function openSession() + { $this->closeSession(); ini_set('session.use_cookies', 'On'); ini_set('session.use_trans_sid', 'Off'); ini_set('session.cookie_httponly', 1); - if($this->isSecure()) + if ($this->isSecure()) ini_set('session.cookie_secure', 1); session_set_cookie_params(0, '/'); //session_id(md5()); session_name($this->name); session_start(); - } /** @@ -123,14 +123,15 @@ final class Session { * @since 2.0.0 * @return false|Credis */ - private function redis($redis = false, $redisDSN = null, $redisPort = null, $redisPass = null, $redis_expire = null, $redis_prefix = 'phacil_'){ + private function redis($redis = false, $redisDSN = null, $redisPort = null, $redisPass = null, $redis_expire = null, $redis_prefix = 'phacil_') + { - if(!$redis) + if (!$redis) return false; - - $this->redisExpire = ($redis_expire) ?: session_cache_expire()*60; + + $this->redisExpire = ($redis_expire) ?: session_cache_expire() * 60; $this->redisPrefix = ($redis_prefix) ?: 'phacil_'; - $this->redisKey = $this->redisPrefix.session_name().session_id(); + $this->generateRedisKey(); /** * Instanciate the Credis object @@ -144,18 +145,32 @@ final class Session { return $this->redis; } + /** + * Generate the Redis Session KEY + * + * @return void + */ + private function generateRedisKey() + { + if (session_id()) + $this->redisKey = $this->redisPrefix . session_name() . session_id(); + + return $this->redisKey; + } + /** * Close sessions * * @param bool $force * @return void */ - private function closeSession($force = false) { + private function closeSession($force = false) + { if (session_status() == PHP_SESSION_ACTIVE || $force) { session_unset(); session_destroy(); } - if($this->redis && $force){ + if ($this->redis && $force) { $this->redis->close(); unset($this->redis); } @@ -165,7 +180,8 @@ final class Session { * Check if is secure (SSL) connection * @return bool */ - private function isSecure() { + private function isSecure() + { return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443; } @@ -176,9 +192,11 @@ final class Session { */ public function __destruct() { - if($this->redis){ + if ($this->redis) { + $this->generateRedisKey(); + $this->redis->set($this->redisKey, serialize($_SESSION)); - + $this->redis->expire($this->redisKey, ($this->redisExpire)); } } @@ -188,10 +206,37 @@ final class Session { * @return void * @since 2.0.0 */ - public function flushAll(){ - if($this->redis){ + public function flushAll() + { + $this->data = []; + if ($this->redis) { ($this->redis->flushAll()); } $this->closeSession(true); } + + /** + * Flush current session data + * @return void + * @since 2.0.0 + */ + public function flush() + { + $this->data = []; + if ($this->redis) { + ($this->redis->del($this->generateRedisKey())); + } + $this->closeSession(true); + } + + /** + * Return the current session ID + * + * @since 2.0.0 + * @return string|false + */ + public function getSessionId() + { + return session_id(); + } }