diff --git a/lib/WebGUI.pm b/lib/WebGUI.pm index 126fec946..a1843ebc7 100644 --- a/lib/WebGUI.pm +++ b/lib/WebGUI.pm @@ -17,6 +17,7 @@ use Tie::CPHash; use WebGUI::Affiliate; use WebGUI::Asset; use WebGUI::Cache; +use WebGUI::Config; use WebGUI::ErrorHandler; use WebGUI::Grouping; use WebGUI::HTTP; @@ -24,6 +25,7 @@ use WebGUI::International; use WebGUI::Operation; use WebGUI::Privilege; use WebGUI::Session; +use WebGUI::Setting; use WebGUI::SQL; use WebGUI::Style; use WebGUI::URL; @@ -32,13 +34,13 @@ use WebGUI::PassiveProfiling; use Apache2::Request; use Apache2::RequestRec (); use Apache2::RequestIO (); -use Apache2::Const -compile => qw(OK DECLINED); +use Apache2::Const -compile => qw(OK DECLINED NOT_FOUND); use Apache2::ServerUtil (); #------------------------------------------------------------------- sub handler { - my $r = shift; - my $s = Apache2::ServerUtil->server; + my $r = shift; + my $s = Apache2::ServerUtil->server; my $config = WebGUI::Config::getConfig($s->dir_config('WebguiRoot'),$r->dir_config('WebguiConfig')); foreach my $url ($config->{extrasURL}, @{$config->{passthruUrls}}) { return Apache2::Const::DECLINED if ($r->uri =~ m/^$url/); @@ -46,24 +48,42 @@ sub handler { my $uploads = $config->{uploadsURL}; if ($r->uri =~ m/^$uploads/) { $r->handler('perl-script'); - $r->set_handlers(PerlAccessHandler => \&uploadsHandler); + $r->set_handlers(PerlAccessHandler => \&uploadsHandler); } else { - $r->handler('perl-script'); - $r->set_handlers(PerlResponseHandler => \&contentHandler); - $r->set_handlers(PerlTransHandler => sub { return Apache2::Const::OK }); + $r->handler('perl-script'); + $r->set_handlers(PerlResponseHandler => \&contentHandler); + $r->set_handlers(PerlTransHandler => sub { return Apache2::Const::OK }); } - return Apache2::Const::DECLINED; + return Apache2::Const::DECLINED; } #------------------------------------------------------------------- sub contentHandler { + + ### The following items must be in precisely the following order + # because each line depends on something from the previous line. + + ### inherit Apache request. my $r = shift; - my $s = Apache2::ServerUtil->server; - WebGUI::HTTP::getCookies(); - WebGUI::Session::open($s->dir_config('WebguiRoot'),$r->dir_config('WebguiConfig'),$r); + ### Instantiate the API for this httpd instance. + my $s = Apache2::ServerUtil->server; + ### Open new or existing user session based on user-agent's cookie. + WebGUI::Session::open($s->dir_config('WebguiRoot'),$r->dir_config('WebguiConfig'),0); ### Apache2::Request object - $session{req} = Apache2::Request->new($r, POST_MAX => 1024 * $session{setting}{maxAttachmentSize}); + $session{req} = Apache2::Request->new($r, POST_MAX => 1024 * $session{setting}{maxAttachmentSize}); + ### Sets $session{cookie} as a hashref of the cookies. + WebGUI::HTTP::getCookies(); + ### Change current user to user specified in wgSession cookie. + if ($session{cookie}{wgSession} eq "") { + WebGUI::Session::start(1); #setting up a visitor session + } else { + WebGUI::Session::setupSessionVars($session{cookie}{wgSession}); + } + ### current user's account and profile information (from users and userProfileData tables) + WebGUI::Session::setupUserInfo($session{var}{userId}); + ### Add wgSession cookie to header iff it's not already on the client. + WebGUI::HTTP::setCookie("wgSession",$session{var}{sessionId}) unless ($session{var}{sessionId} eq $session{cookie}{wgSession}); ### Add Apache Request stuff to Session $session{wguri} = $r->uri; ### check to see if client is proxied and adjust remote_addr as necessary @@ -85,13 +105,13 @@ sub contentHandler { my $output = page(); WebGUI::Affiliate::grabReferral(); # process affilliate tracking request if (WebGUI::HTTP::isRedirect()) { - $output = WebGUI::HTTP::getHeader(); - } else { - $output = WebGUI::HTTP::getHeader().$output; - if (WebGUI::ErrorHandler::canShowDebug()) { + $output = WebGUI::HTTP::getHeader(); + } else { + $output = WebGUI::HTTP::getHeader().$output; + if (WebGUI::ErrorHandler::canShowDebug()) { $output .= WebGUI::ErrorHandler::showDebug(); - } - } + } + } $r->print($output); } WebGUI::Session::close(); @@ -134,14 +154,14 @@ sub page { } -#------------------------------------------------------------------- +#------------------------------------------------------------------- sub processOperations { my ($cmd, $output); my $op = $session{form}{op}; my $opNumber = shift || 1; - if ($op) { + if ($op) { $output = WebGUI::Operation::execute($op); - } + } $opNumber++; if ($output eq "" && exists $session{form}{"op".$opNumber}) { my $urlString = WebGUI::URL::unescape($session{form}{"op".$opNumber}); @@ -162,47 +182,51 @@ sub processOperations { sub setup { require WebGUI::Operation::WebGUI; my $output = WebGUI::Operation::WebGUI::www_setup(); - return WebGUI::HTTP::getHeader().$output; + return WebGUI::HTTP::getHeader().$output; } #------------------------------------------------------------------- sub uploadsHandler { my $r = shift; - my $s = Apache2::ServerUtil->server; + my $s = Apache2::ServerUtil->server; my $ok = Apache2::Const::OK(); - my $notfound = Apache2::Const::NOT_FOUND(); - if (-e $r->filename) { - my $path = $r->filename; - $path =~ s/^(\/.*\/).*$/$1/; - if (-e $path.".wgaccess") { - my $fileContents; - open(FILE,"<".$path.".wgaccess"); - while () { - $fileContents .= $_; - } - close(FILE); - my @privs = split("\n",$fileContents); - unless ($privs[1] eq "7" || $privs[1] eq "1") { - WebGUI::HTTP::getCookies(); - WebGUI::Session::open($s->dir_config('WebguiRoot'),$r->dir_config('WebguiConfig'),$r); - ### Apache2::Request object - $session{req} = $r; - WebGUI::Session::refreshSessionVars($session{cookie}{wgSession}); - my $hasPrivs = ($session{user}{userId} eq $privs[0] || WebGUI::Grouping::isInGroup($privs[1]) || WebGUI::Grouping::isInGroup($privs[2])); - WebGUI::Session::close(); + my $notfound = Apache2::Const::NOT_FOUND(); + if (-e $r->filename) { + my $path = $r->filename; + $path =~ s/^(\/.*\/).*$/$1/; + if (-e $path.".wgaccess") { + my $fileContents; + open(FILE,"<".$path.".wgaccess"); + while () { + $fileContents .= $_; + } + close(FILE); + my @privs = split("\n",$fileContents); + unless ($privs[1] eq "7" || $privs[1] eq "1") { + ### Apache2::Request object + $session{req} = Apache2::Request->new($r);; + WebGUI::HTTP::getCookies(); + WebGUI::Session::open($s->dir_config('WebguiRoot'),$r->dir_config('WebguiConfig'),0); + if ($session{cookie}{wgSession} eq "") { + WebGUI::Session::start(1); #setting up a visitor session + } else { + WebGUI::Session::setupSessionVars($session{cookie}{wgSession}); + } + $session{req}->user($session{var}{username}) if $session{req}; + my $hasPrivs = ($session{var}{userId} eq $privs[0] || WebGUI::Grouping::isInGroup($privs[1]) || WebGUI::Grouping::isInGroup($privs[2])); + WebGUI::Session::close(); if ($hasPrivs) { return $ok; } else { return 401; } - } - } - return $ok; - } else { - return $notfound; - } - + } + } + return $ok; + } else { + return $notfound; + } } diff --git a/lib/WebGUI/Asset/File.pm b/lib/WebGUI/Asset/File.pm index c2c72ec5a..307f01a6a 100644 --- a/lib/WebGUI/Asset/File.pm +++ b/lib/WebGUI/Asset/File.pm @@ -197,7 +197,7 @@ sub processPropertiesFromFormPost { $self->SUPER::processPropertiesFromFormPost; delete $self->{_storageLocation}; my $storage = $self->getStorageLocation; - my $filename = $storage->addFileFromFormPost("file"); + my $filename = $storage->addFileFromFormPost("file",1); if (defined $filename) { my %data; $data{filename} = $filename; diff --git a/lib/WebGUI/Asset/FilePile.pm b/lib/WebGUI/Asset/FilePile.pm index 4a32324b0..7e5820486 100644 --- a/lib/WebGUI/Asset/FilePile.pm +++ b/lib/WebGUI/Asset/FilePile.pm @@ -173,7 +173,7 @@ sub editSave { $data{storageId} = $storage->getId; $data{filename} = $data{title} = $data{menuTitle} = $filename; $data{templateId} = 'PBtmpl0000000000000024'; - $data{templateId} = 'PBtmpl0000000000000088' if ($className eq "WebGUI::Asset::File::Image"); + $data{templateId} = 'PBtmpl0000000000000088' if ($className eq "WebGUI::Asset::File::Image"); $data{url} = $class->getParent->getUrl.'/'.$filename; my $newAsset = $class->getParent->addChild(\%data); delete $newAsset->{_storageLocation}; diff --git a/lib/WebGUI/Session.pm b/lib/WebGUI/Session.pm index 1d942ea2a..2c514118d 100644 --- a/lib/WebGUI/Session.pm +++ b/lib/WebGUI/Session.pm @@ -44,7 +44,7 @@ This package is the heart and lifeblood of WebGUI. Without it WebGUI could not e B It is important to distinguish the difference between a WebGUI session and a user session. A user session is attached to a WebGUI session. A WebGUI session is all of the basic data the WebGUI needs to operate. -TIP: The $session variable is a case-insensitive hash. The contents of the has vary, but can be seen by adding debug=1 to the end of any WebGUI URL while logged in as an admin user. +TIP: The $session variable is a case-insensitive hash. The contents of the hash vary, but can be seen by enabling debug output in the Settings. =head1 SYNOPSIS @@ -70,7 +70,7 @@ These subroutines are available from this package: #------------------------------------------------------------------- -sub _setupSessionVars { +sub setupSessionVars { my (%vars, $uid); tie %vars, 'Tie::CPHash'; if ($_[0] ne "") { @@ -81,21 +81,21 @@ sub _setupSessionVars { } if ($vars{sessionId} ne "") { $session{scratch} = WebGUI::SQL->buildHashRef("select name,value from userSessionScratch - where sessionId=".quote($_[0])); - WebGUI::SQL->write("update userSession set lastPageView=".time().", lastIP='$session{env}{REMOTE_ADDR}', + where sessionId=".quote($_[0])); + WebGUI::SQL->write("update userSession set lastPageView=".time().", lastIP='$session{env}{REMOTE_ADDR}', expires=".(time()+$session{setting}{sessionTimeout})." where sessionId='$_[0]'"); } else { $vars{sessionId} = start(1,$_[0]); - } + } } $session{var} = \%vars; } #------------------------------------------------------------------- -sub _setupUserInfo { +sub setupUserInfo { my $u = WebGUI::User->new(shift); %{$session{user}} = (%{$u->{_profile}}, %{$u->{_user}}); - # $session{req}->user($session{user}{username}); + $session{req}->user($session{user}{username}) if $session{req}; $session{user}{alias} = $session{user}{username} if ($session{user}{alias} =~ /^\W+$/ || $session{user}{alias} eq ""); } @@ -253,7 +253,7 @@ sub isAdminOn { #------------------------------------------------------------------- -=head2 open ( webguiRoot, configFile [ , fastcgi ] ) +=head2 open ( webguiRoot, configFile [, instantiateUser ] ) Opens a closed ( or new ) WebGUI session. @@ -265,16 +265,22 @@ The path to the WebGUI files. The filename of the config file that WebGUI should operate from. -=head3 fastcgi +=head4 instantiateUser -A pointer to a Fast CGI object. +Whether or not this session should instantiate the user. Defaults to yes. +Is set to "no" (0) by WebGUI::contentHandler(). =cut sub open { my $webguiRoot = shift; my $configFile = shift; - my ($key); + my $instantiateUser = shift || 1; + + ###---------------------------- + ### config variables + $session{config} = WebGUI::Config::getConfig($webguiRoot,$configFile); + ###---------------------------- ### operating system specific things $session{os}{name} = $^O; @@ -286,10 +292,8 @@ sub open { $session{os}{slash} = "/"; } ###---------------------------- - ### config variables - $session{config} = WebGUI::Config::getConfig($webguiRoot,$configFile); - ###---------------------------- ### default database handler object + # use of Apache::DBI is recommended, but is not guaranteed here. $session{dbh} = DBI->connect($session{config}{dsn},$session{config}{dbuser},$session{config}{dbpass},{ RaiseError=>0,AutoCommit=>1 }); if ( $session{config}{dsn} =~ /Oracle/ ) { # Set Oracle specific attributes $session{dbh}->{LongReadLen} = 512 * 1024; @@ -301,22 +305,25 @@ sub open { } } ###---------------------------- - ### evironment variables from web server + ### environment variables from web server $session{env} = \%ENV; + ###---------------------------- ### global system settings (from settings table) $session{setting} = WebGUI::Setting::get(); + return 1 unless $instantiateUser; + ###---------------------------- ### session variables if ($session{cookie}{wgSession} eq "") { start(1); #setting up a visitor session } else { - _setupSessionVars($session{cookie}{wgSession}); + setupSessionVars($session{cookie}{wgSession}); } ###---------------------------- ### current user's account and profile information (from users and userProfileData tables) - _setupUserInfo($session{var}{userId}); + setupUserInfo($session{var}{userId}); } #------------------------------------------------------------------- @@ -351,7 +358,7 @@ The session id to update. =cut sub refreshSessionVars { - _setupSessionVars($_[0]); + setupSessionVars($_[0]); refreshUserInfo($session{var}{userId}); } @@ -370,7 +377,7 @@ Refreshes the user's information from the database into this user session. sub refreshUserInfo { my $userId = shift; WebGUI::Cache->new(["user",$userId])->delete; - _setupUserInfo($userId); + setupUserInfo($userId); $session{isInGroup} = (); } diff --git a/lib/WebGUI/Storage.pm b/lib/WebGUI/Storage.pm index 9753ae88a..dcb8afafc 100644 --- a/lib/WebGUI/Storage.pm +++ b/lib/WebGUI/Storage.pm @@ -202,7 +202,7 @@ sub addFileFromFormPost { my $filename; my $attachmentCount = 1; foreach my $upload ($session{req}->upload($formVariableName)) { - last if $attachmentCount > $attachmentLimit; + return $filename if $attachmentCount > $attachmentLimit; my $tempPath = $upload->tempname(); $filename = $upload->filename(); next unless $filename;