Merge pull request 'Prevent blank pages on session errors' (#20) from session-errors into master
Reviewed-on: #20
This commit is contained in:
commit
2885e24456
7
app.php
7
app.php
@ -16,16 +16,15 @@ require_once 'vendor/autoload.php';
|
|||||||
Registry::set('start', microtime(true));
|
Registry::set('start', microtime(true));
|
||||||
Registry::set('db', new Database(DB_SERVER, DB_USER, DB_PASS, DB_NAME));
|
Registry::set('db', new Database(DB_SERVER, DB_USER, DB_PASS, DB_NAME));
|
||||||
|
|
||||||
|
// Handle errors our own way.
|
||||||
|
ErrorHandler::enable();
|
||||||
|
|
||||||
// Do some authentication checks.
|
// Do some authentication checks.
|
||||||
Session::start();
|
Session::start();
|
||||||
$user = Authentication::isLoggedIn() ? Member::fromId($_SESSION['user_id']) : new Guest();
|
$user = Authentication::isLoggedIn() ? Member::fromId($_SESSION['user_id']) : new Guest();
|
||||||
$user->updateAccessTime();
|
$user->updateAccessTime();
|
||||||
Registry::set('user', $user);
|
Registry::set('user', $user);
|
||||||
|
|
||||||
// Handle errors our own way.
|
|
||||||
set_error_handler('ErrorHandler::handleError');
|
|
||||||
ini_set("display_errors", DEBUG ? "On" : "Off");
|
|
||||||
|
|
||||||
// The real magic starts here!
|
// The real magic starts here!
|
||||||
ob_start();
|
ob_start();
|
||||||
Dispatcher::dispatch();
|
Dispatcher::dispatch();
|
||||||
|
@ -114,10 +114,10 @@ class Dispatcher
|
|||||||
/**
|
/**
|
||||||
* Kicks a guest to a login form, redirecting them back to this page upon login.
|
* Kicks a guest to a login form, redirecting them back to this page upon login.
|
||||||
*/
|
*/
|
||||||
public static function kickGuest()
|
public static function kickGuest($title = null, $message = null)
|
||||||
{
|
{
|
||||||
$form = new LogInForm('Log in');
|
$form = new LogInForm('Log in');
|
||||||
$form->adopt(new Alert('', 'You need to be logged in to view this page.', 'error'));
|
$form->adopt(new Alert($title ?? '', $message ?? 'You need to be logged in to view this page.', 'error'));
|
||||||
$form->setRedirectUrl($_SERVER['REQUEST_URI']);
|
$form->setRedirectUrl($_SERVER['REQUEST_URI']);
|
||||||
|
|
||||||
$page = new MainTemplate('Login required');
|
$page = new MainTemplate('Login required');
|
||||||
|
@ -19,13 +19,13 @@ class Session
|
|||||||
if (!isset($_SERVER['HTTPS']) && isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] !== $_SERVER['REMOTE_ADDR'])
|
if (!isset($_SERVER['HTTPS']) && isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] !== $_SERVER['REMOTE_ADDR'])
|
||||||
{
|
{
|
||||||
$_SESSION = [];
|
$_SESSION = [];
|
||||||
throw new UserFacingException('Your session failed to validate: your IP address has changed. Please re-login and try again.');
|
Dispatcher::kickGuest('Your session failed to validate', 'Your IP address has changed. Please re-login and try again.');
|
||||||
}
|
}
|
||||||
// Either way, require re-login if the browser identifier has changed.
|
// Either way, require re-login if the browser identifier has changed.
|
||||||
elseif (isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT'])
|
elseif (isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT'])
|
||||||
{
|
{
|
||||||
$_SESSION = [];
|
$_SESSION = [];
|
||||||
throw new UserFacingException('Your session failed to validate: your browser identifier has changed. Please re-login and try again.');
|
Dispatcher::kickGuest('Your session failed to validate', 'Your browser identifier has changed. Please re-login and try again.');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
elseif (!isset($_SESSION['ip_address'], $_SESSION['user_agent']))
|
elseif (!isset($_SESSION['ip_address'], $_SESSION['user_agent']))
|
||||||
|
@ -437,6 +437,7 @@ textarea {
|
|||||||
width: 100%;
|
width: 100%;
|
||||||
}
|
}
|
||||||
#login div.alert {
|
#login div.alert {
|
||||||
|
line-height: normal;
|
||||||
margin: 15px 0;
|
margin: 15px 0;
|
||||||
}
|
}
|
||||||
#login div.buttonstrip {
|
#login div.buttonstrip {
|
||||||
|
Loading…
Reference in New Issue
Block a user