Merge pull request 'Prevent blank pages on session errors' (#20) from session-errors into master

Reviewed-on: Public/pics#20
2020-12-30 20:05:27 +01:00 · 2020-12-30 20:05:27 +01:00 · 2885e24456
commit 2885e24456
parent 909d50efa8 31f4edc996
4 changed files with 8 additions and 8 deletions
--- a/app.php
+++ b/app.php
@ -16,16 +16,15 @@ require_once 'vendor/autoload.php';
 Registry::set('start', microtime(true));
 Registry::set('db', new Database(DB_SERVER, DB_USER, DB_PASS, DB_NAME));

+// Handle errors our own way.
+ErrorHandler::enable();
+
 // Do some authentication checks.
 Session::start();
 $user = Authentication::isLoggedIn() ? Member::fromId($_SESSION['user_id']) : new Guest();
 $user->updateAccessTime();
 Registry::set('user', $user);

-// Handle errors our own way.
-set_error_handler('ErrorHandler::handleError');
-ini_set("display_errors", DEBUG ? "On" : "Off");
-
 // The real magic starts here!
 ob_start();
 Dispatcher::dispatch();
--- a/models/Dispatcher.php
+++ b/models/Dispatcher.php
@ -114,10 +114,10 @@ class Dispatcher
 	/**
 	 * Kicks a guest to a login form, redirecting them back to this page upon login.
 	 */
-	public static function kickGuest()
+	public static function kickGuest($title = null, $message = null)
 	{
 		$form = new LogInForm('Log in');
-		$form->adopt(new Alert('', 'You need to be logged in to view this page.', 'error'));
+		$form->adopt(new Alert($title ?? '', $message ?? 'You need to be logged in to view this page.', 'error'));
 		$form->setRedirectUrl($_SERVER['REQUEST_URI']);

 		$page = new MainTemplate('Login required');
--- a/models/Session.php
+++ b/models/Session.php
@ -19,13 +19,13 @@ class Session
 			if (!isset($_SERVER['HTTPS']) && isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] !== $_SERVER['REMOTE_ADDR'])
 			{
 				$_SESSION = [];
-				throw new UserFacingException('Your session failed to validate: your IP address has changed. Please re-login and try again.');
+				Dispatcher::kickGuest('Your session failed to validate', 'Your IP address has changed. Please re-login and try again.');
 			}
 			// Either way, require re-login if the browser identifier has changed.
 			elseif (isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT'])
 			{
 				$_SESSION = [];
-				throw new UserFacingException('Your session failed to validate: your browser identifier has changed. Please re-login and try again.');
+				Dispatcher::kickGuest('Your session failed to validate', 'Your browser identifier has changed. Please re-login and try again.');
 			}
 		}
 		elseif (!isset($_SESSION['ip_address'], $_SESSION['user_agent']))
--- a/public/css/default.css
+++ b/public/css/default.css
@ -437,6 +437,7 @@ textarea {
 	width: 100%;
 }
 #login div.alert {
+	line-height: normal;
 	margin: 15px 0;
 }
 #login div.buttonstrip {