/session.php

http://forceworkbench.googlecode.com/ · PHP · 105 lines · 75 code · 18 blank · 12 comment · 37 complexity · ed14ef5b6e57afec7e7ca01d969b8c69 MD5 · raw file

  1. <?php
  2. require_once 'shared.php';
  3. require_once 'context/WorkbenchContext.php';
  4. ini_set("session.cookie_httponly", "1");
  5. session_start();
  6. //load default config values and then any custom overrides.
  7. require_once 'config.php';
  8. if(is_file('configOverrides.php')) require_once 'configOverrides.php';
  9. foreach ($config as $configKey => $configValue) {
  10. // skip headers
  11. if (isset($configValue['isHeader'])) {
  12. continue;
  13. }
  14. // does the user have an override?
  15. else if (isset($_COOKIE[$configKey])) {
  16. // override the session value with that of the cookie
  17. if ($configValue['overrideable']) {
  18. $_SESSION['config'][$configKey] = $_COOKIE[$configKey];
  19. }
  20. // remove the override if not actually overridable and set to default
  21. else {
  22. setcookie($configKey,NULL,time()-3600);
  23. $_SESSION['config'][$configKey] = $configValue['default'];
  24. }
  25. }
  26. // otherwise, just use the default
  27. else {
  28. $_SESSION['config'][$configKey] = $configValue['default'];
  29. }
  30. }
  31. if ($config["callOptions_client"]["default"] == "WORKBENCH_DEFAULT" && !isset($_COOKIE["callOptions_client"])) {
  32. $_SESSION['config']['callOptions_client'] = getWorkbenchUserAgent();
  33. }
  34. // must come after configs are loaded...lets hope there's not a problem above
  35. set_exception_handler('handleAllExceptions');
  36. set_error_handler('handleAllErrors');
  37. workbenchLog(LOG_INFO, "U");
  38. if (WorkbenchContext::isEstablished()) {
  39. WorkbenchContext::get()->beginRequestHook();
  40. }
  41. //clear ResultsWithData and retrievedZips from session unless downloading them
  42. if (isset($_SESSION['resultsWithData']) && basename($_SERVER['PHP_SELF']) != 'downloadResultsWithData.php') {
  43. unset($_SESSION['resultsWithData']);
  44. }
  45. if (isset($_SESSION['retrievedZips']) && basename($_SERVER['PHP_SELF']) != 'metadataStatus.php') {
  46. unset($_SESSION['retrievedZips']);
  47. }
  48. if (WorkbenchContext::isEstablished() && isset($_REQUEST['clearCache'])) {
  49. WorkbenchContext::get()->clearCache();
  50. $cacheCleared = true;
  51. }
  52. // PATH_INFO can include malicious scripts and never used purposely in Workbench.
  53. if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] != "") {
  54. httpError("400 Bad Request", "Path info trailing script name in URI not allowed.");
  55. }
  56. if (getConfig("requireSSL") && !usingSSL()) {
  57. if (WorkbenchContext::isEstablished()) {
  58. WorkbenchContext::get()->release();
  59. }
  60. httpError("403.4 SSL Required", "Secure connection to Workbench and Salesforce required"); //TODO: what do we want to do here?
  61. }
  62. //kick user back to login page for any page that requires a session and one isn't established
  63. $myPage = getMyPage();
  64. if (!isLoggedIn() && $myPage->requiresSfdcSession) {
  65. session_unset();
  66. session_destroy();
  67. header('Location: login.php');
  68. exit;
  69. }
  70. if (!$myPage->isReadOnly && isReadOnlyMode()) {
  71. throw new WorkbenchHandledException("This page is not accessible in read-only mode");
  72. }
  73. if (WorkbenchContext::isEstablished() && !$myPage->isReadOnly && $_SERVER['REQUEST_METHOD'] == 'POST') {
  74. validateCsrfToken();
  75. }
  76. if (isLoggedIn()) {
  77. // todo: should this be in the ctx?
  78. if (!in_array(basename($_SERVER['PHP_SELF'], ".php"), array("login", "logout")) && isset($_SESSION['lastRequestTime'])) {
  79. $idleTime = microtime(true) - $_SESSION['lastRequestTime'];
  80. if ($idleTime > (getConfig("sessionIdleMinutes") * 60)) {
  81. // ping SFDC to check if session is still alive
  82. WorkbenchContext::get()->getPartnerConnection()->getServerTimestamp();
  83. }
  84. }
  85. $_SESSION['lastRequestTime'] = microtime(true);
  86. }
  87. ?>