Prevent blank pages on session errors #20

Merged
Aaron merged 2 commits from session-errors into master 2020-12-30 20:05:29 +01:00
4 changed files with 8 additions and 8 deletions

View File

@ -16,16 +16,15 @@ require_once 'vendor/autoload.php';
Registry::set('start', microtime(true)); Registry::set('start', microtime(true));
Registry::set('db', new Database(DB_SERVER, DB_USER, DB_PASS, DB_NAME)); Registry::set('db', new Database(DB_SERVER, DB_USER, DB_PASS, DB_NAME));
// Handle errors our own way.
ErrorHandler::enable();
// Do some authentication checks. // Do some authentication checks.
Session::start(); Session::start();
$user = Authentication::isLoggedIn() ? Member::fromId($_SESSION['user_id']) : new Guest(); $user = Authentication::isLoggedIn() ? Member::fromId($_SESSION['user_id']) : new Guest();
$user->updateAccessTime(); $user->updateAccessTime();
Registry::set('user', $user); Registry::set('user', $user);
// Handle errors our own way.
set_error_handler('ErrorHandler::handleError');
ini_set("display_errors", DEBUG ? "On" : "Off");
// The real magic starts here! // The real magic starts here!
ob_start(); ob_start();
Dispatcher::dispatch(); Dispatcher::dispatch();

View File

@ -114,10 +114,10 @@ class Dispatcher
/** /**
* Kicks a guest to a login form, redirecting them back to this page upon login. * Kicks a guest to a login form, redirecting them back to this page upon login.
*/ */
public static function kickGuest() public static function kickGuest($title = null, $message = null)
{ {
$form = new LogInForm('Log in'); $form = new LogInForm('Log in');
$form->adopt(new Alert('', 'You need to be logged in to view this page.', 'error')); $form->adopt(new Alert($title ?? '', $message ?? 'You need to be logged in to view this page.', 'error'));
$form->setRedirectUrl($_SERVER['REQUEST_URI']); $form->setRedirectUrl($_SERVER['REQUEST_URI']);
$page = new MainTemplate('Login required'); $page = new MainTemplate('Login required');

View File

@ -19,13 +19,13 @@ class Session
if (!isset($_SERVER['HTTPS']) && isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] !== $_SERVER['REMOTE_ADDR']) if (!isset($_SERVER['HTTPS']) && isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] !== $_SERVER['REMOTE_ADDR'])
{ {
$_SESSION = []; $_SESSION = [];
throw new UserFacingException('Your session failed to validate: your IP address has changed. Please re-login and try again.'); Dispatcher::kickGuest('Your session failed to validate', 'Your IP address has changed. Please re-login and try again.');
} }
// Either way, require re-login if the browser identifier has changed. // Either way, require re-login if the browser identifier has changed.
elseif (isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT']) elseif (isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT'])
{ {
$_SESSION = []; $_SESSION = [];
throw new UserFacingException('Your session failed to validate: your browser identifier has changed. Please re-login and try again.'); Dispatcher::kickGuest('Your session failed to validate', 'Your browser identifier has changed. Please re-login and try again.');
} }
} }
elseif (!isset($_SESSION['ip_address'], $_SESSION['user_agent'])) elseif (!isset($_SESSION['ip_address'], $_SESSION['user_agent']))

View File

@ -437,6 +437,7 @@ textarea {
width: 100%; width: 100%;
} }
#login div.alert { #login div.alert {
line-height: normal;
margin: 15px 0; margin: 15px 0;
} }
#login div.buttonstrip { #login div.buttonstrip {