diff --git a/PHPCI/Application.php b/PHPCI/Application.php index 3e15686e..646645af 100644 --- a/PHPCI/Application.php +++ b/PHPCI/Application.php @@ -29,15 +29,15 @@ class Application extends b8\Application // Inlined as a closure to fix "using $this when not in object context" on 5.3 $validateSession = function () { - if (!empty($_SESSION['user_id'])) { - $user = b8\Store\Factory::getStore('User')->getByPrimaryKey($_SESSION['user_id']); + if (!empty($_SESSION['phpci_user_id'])) { + $user = b8\Store\Factory::getStore('User')->getByPrimaryKey($_SESSION['phpci_user_id']); if ($user) { - $_SESSION['user'] = $user; + $_SESSION['phpci_user'] = $user; return true; } - unset($_SESSION['user_id']); + unset($_SESSION['phpci_user_id']); } return false; @@ -52,7 +52,7 @@ class Application extends b8\Application $response->setResponseCode(401); $response->setContent(''); } else { - $_SESSION['login_redirect'] = substr($request->getPath(), 1); + $_SESSION['phpci_login_redirect'] = substr($request->getPath(), 1); $response = new RedirectResponse($response); $response->setHeader('Location', PHPCI_URL.'session/login'); } diff --git a/PHPCI/Controller.php b/PHPCI/Controller.php index 1cc2633c..69be68ee 100644 --- a/PHPCI/Controller.php +++ b/PHPCI/Controller.php @@ -74,7 +74,7 @@ class Controller extends \b8\Controller protected function requireAdmin() { - if (!$_SESSION['user']->getIsAdmin()) { + if (!$_SESSION['phpci_user']->getIsAdmin()) { throw new ForbiddenException('You do not have permission to do that.'); } } diff --git a/PHPCI/Controller/BuildController.php b/PHPCI/Controller/BuildController.php index fb9957cb..79e9eb94 100644 --- a/PHPCI/Controller/BuildController.php +++ b/PHPCI/Controller/BuildController.php @@ -141,7 +141,7 @@ class BuildController extends \PHPCI\Controller */ public function delete($buildId) { - if (empty($_SESSION['user']) || !$_SESSION['user']->getIsAdmin()) { + if (empty($_SESSION['phpci_user']) || !$_SESSION['phpci_user']->getIsAdmin()) { throw new \Exception('You do not have permission to do that.'); } diff --git a/PHPCI/Controller/PluginController.php b/PHPCI/Controller/PluginController.php index 46cba7b5..5cbb662d 100644 --- a/PHPCI/Controller/PluginController.php +++ b/PHPCI/Controller/PluginController.php @@ -39,7 +39,7 @@ class PluginController extends \PHPCI\Controller public function index() { - if (!$_SESSION['user']->getIsAdmin()) { + if (!$_SESSION['phpci_user']->getIsAdmin()) { throw new \Exception('You do not have permission to do that.'); } @@ -67,7 +67,7 @@ class PluginController extends \PHPCI\Controller public function remove() { - if (!$_SESSION['user']->getIsAdmin()) { + if (!$_SESSION['phpci_user']->getIsAdmin()) { throw new \Exception('You do not have permission to do that.'); } @@ -88,7 +88,7 @@ class PluginController extends \PHPCI\Controller public function install() { - if (!$_SESSION['user']->getIsAdmin()) { + if (!$_SESSION['phpci_user']->getIsAdmin()) { throw new \Exception('You do not have permission to do that.'); } diff --git a/PHPCI/Controller/ProjectController.php b/PHPCI/Controller/ProjectController.php index c4f15890..1e2c68d1 100644 --- a/PHPCI/Controller/ProjectController.php +++ b/PHPCI/Controller/ProjectController.php @@ -108,7 +108,8 @@ class ProjectController extends \PHPCI\Controller throw new NotFoundException('Project with id: ' . $projectId . ' not found'); } - $build = $this->buildService->createBuild($project, null, urldecode($branch), $_SESSION['user']->getEmail()); + $email = $_SESSION['phpci_user']->getEmail(); + $build = $this->buildService->createBuild($project, null, urldecode($branch), $email); header('Location: '.PHPCI_URL.'build/view/' . $build->getId()); exit; @@ -119,7 +120,7 @@ class ProjectController extends \PHPCI\Controller */ public function delete($projectId) { - if (!$_SESSION['user']->getIsAdmin()) { + if (!$_SESSION['phpci_user']->getIsAdmin()) { throw new ForbiddenException('You do not have permission to do that.'); } @@ -223,7 +224,7 @@ class ProjectController extends \PHPCI\Controller */ public function edit($projectId) { - if (!$_SESSION['user']->getIsAdmin()) { + if (!$_SESSION['phpci_user']->getIsAdmin()) { throw new ForbiddenException('You do not have permission to do that.'); } diff --git a/PHPCI/Controller/SessionController.php b/PHPCI/Controller/SessionController.php index 4b4f4fc9..a9b60333 100644 --- a/PHPCI/Controller/SessionController.php +++ b/PHPCI/Controller/SessionController.php @@ -42,7 +42,7 @@ class SessionController extends \PHPCI\Controller $user = $this->userStore->getByEmail($this->getParam('email')); if ($user && password_verify($this->getParam('password', ''), $user->getHash())) { - $_SESSION['user_id'] = $user->getId(); + $_SESSION['phpci_user_id'] = $user->getId(); header('Location: ' . $this->getLoginRedirect()); die; } else { @@ -84,7 +84,9 @@ class SessionController extends \PHPCI\Controller */ public function logout() { - $_SESSION = array(); + unset($_SESSION['phpci_user']); + unset($_SESSION['phpci_user_id']); + session_destroy(); header('Location: ' . PHPCI_URL); die; @@ -147,8 +149,8 @@ MSG; $hash = password_hash($this->getParam('password'), PASSWORD_DEFAULT); $user->setHash($hash); - $_SESSION['user'] = $this->userStore->save($user); - $_SESSION['user_id'] = $user->getId(); + $_SESSION['phpci_user'] = $this->userStore->save($user); + $_SESSION['phpci_user_id'] = $user->getId(); header('Location: ' . PHPCI_URL); die; @@ -164,9 +166,9 @@ MSG; { $rtn = PHPCI_URL; - if (!empty($_SESSION['login_redirect'])) { - $rtn .= $_SESSION['login_redirect']; - $_SESSION['login_redirect'] = null; + if (!empty($_SESSION['phpci_login_redirect'])) { + $rtn .= $_SESSION['phpci_login_redirect']; + $_SESSION['phpci_login_redirect'] = null; } return $rtn; diff --git a/PHPCI/Controller/UserController.php b/PHPCI/Controller/UserController.php index c54ee3e8..b6a5300a 100644 --- a/PHPCI/Controller/UserController.php +++ b/PHPCI/Controller/UserController.php @@ -56,7 +56,7 @@ class UserController extends Controller public function profile() { - $user = $_SESSION['user']; + $user = $_SESSION['phpci_user']; $values = $user->getDataArray(); if ($this->request->getMethod() == 'POST') { @@ -64,7 +64,7 @@ class UserController extends Controller $email = $this->getParam('email', null); $password = $this->getParam('password', null); - $_SESSION['user'] = $this->userService->updateUser($user, $name, $email, $password); + $_SESSION['phpci_user'] = $this->userService->updateUser($user, $name, $email, $password); } $form = new Form(); @@ -109,7 +109,7 @@ class UserController extends Controller */ public function add() { - if (!$_SESSION['user']->getIsAdmin()) { + if (!$_SESSION['phpci_user']->getIsAdmin()) { throw new ForbiddenException('You do not have permission to do that.'); } @@ -151,7 +151,7 @@ class UserController extends Controller */ public function edit($userId) { - if (!$_SESSION['user']->getIsAdmin()) { + if (!$_SESSION['phpci_user']->getIsAdmin()) { throw new ForbiddenException('You do not have permission to do that.'); } @@ -244,7 +244,7 @@ class UserController extends Controller */ public function delete($userId) { - if (!$_SESSION['user']->getIsAdmin()) { + if (!$_SESSION['phpci_user']->getIsAdmin()) { throw new ForbiddenException('You do not have permission to do that.'); } diff --git a/PHPCI/Helper/User.php b/PHPCI/Helper/User.php index 065deacf..51f3de42 100644 --- a/PHPCI/Helper/User.php +++ b/PHPCI/Helper/User.php @@ -19,7 +19,7 @@ class User { public function __call($method, $params = array()) { - $user = $_SESSION['user']; + $user = $_SESSION['phpci_user']; if (!is_object($user)) { return null;