Invoke Dispatcher::kickGuest from Session for invalid sessions.
Previously, a NotAllowedException would be thrown if an invalid session was encountered. However, these exceptions were not caught, and hence would yield a fatal uncaught exception error. At this point in Kabuki, the ErrorHandler class has not been registered yet for error handling purposes. This error is therefore not visible if the PHP ini directive 'display_errors' is set to 'Off'. As this is the default production value, the script would fail with a blank page in such cases.
This commit is contained in:
parent
909d50efa8
commit
a208c0482f
@ -114,10 +114,10 @@ class Dispatcher
|
|||||||
/**
|
/**
|
||||||
* Kicks a guest to a login form, redirecting them back to this page upon login.
|
* Kicks a guest to a login form, redirecting them back to this page upon login.
|
||||||
*/
|
*/
|
||||||
public static function kickGuest()
|
public static function kickGuest($title = null, $message = null)
|
||||||
{
|
{
|
||||||
$form = new LogInForm('Log in');
|
$form = new LogInForm('Log in');
|
||||||
$form->adopt(new Alert('', 'You need to be logged in to view this page.', 'error'));
|
$form->adopt(new Alert($title ?? '', $message ?? 'You need to be logged in to view this page.', 'error'));
|
||||||
$form->setRedirectUrl($_SERVER['REQUEST_URI']);
|
$form->setRedirectUrl($_SERVER['REQUEST_URI']);
|
||||||
|
|
||||||
$page = new MainTemplate('Login required');
|
$page = new MainTemplate('Login required');
|
||||||
|
@ -19,13 +19,13 @@ class Session
|
|||||||
if (!isset($_SERVER['HTTPS']) && isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] !== $_SERVER['REMOTE_ADDR'])
|
if (!isset($_SERVER['HTTPS']) && isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] !== $_SERVER['REMOTE_ADDR'])
|
||||||
{
|
{
|
||||||
$_SESSION = [];
|
$_SESSION = [];
|
||||||
throw new UserFacingException('Your session failed to validate: your IP address has changed. Please re-login and try again.');
|
Dispatcher::kickGuest('Your session failed to validate', 'Your IP address has changed. Please re-login and try again.');
|
||||||
}
|
}
|
||||||
// Either way, require re-login if the browser identifier has changed.
|
// Either way, require re-login if the browser identifier has changed.
|
||||||
elseif (isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT'])
|
elseif (isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT'])
|
||||||
{
|
{
|
||||||
$_SESSION = [];
|
$_SESSION = [];
|
||||||
throw new UserFacingException('Your session failed to validate: your browser identifier has changed. Please re-login and try again.');
|
Dispatcher::kickGuest('Your session failed to validate', 'Your browser identifier has changed. Please re-login and try again.');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
elseif (!isset($_SESSION['ip_address'], $_SESSION['user_agent']))
|
elseif (!isset($_SESSION['ip_address'], $_SESSION['user_agent']))
|
||||||
|
@ -437,6 +437,7 @@ textarea {
|
|||||||
width: 100%;
|
width: 100%;
|
||||||
}
|
}
|
||||||
#login div.alert {
|
#login div.alert {
|
||||||
|
line-height: normal;
|
||||||
margin: 15px 0;
|
margin: 15px 0;
|
||||||
}
|
}
|
||||||
#login div.buttonstrip {
|
#login div.buttonstrip {
|
||||||
|
Loading…
Reference in New Issue
Block a user