PHP session changes; Docker compose updates

- Updates the PHP session to use a name distinct to the install directory. This should allow for multiple webcalendar installs on the same server without causing login session conflicts. - Updates to the docker-compose yaml files to show how to use environment variables instead of settings.php.
craigk5n · Dec 4, 2023 · 1ad524c · 1ad524c
1 parent 78bcd84
commit 1ad524c
Show file tree

Hide file tree

Showing 10 changed files with 63 additions and 18 deletions.
diff --git a/admin.php b/admin.php
@@ -107,7 +107,6 @@ function save_pref ( $prefs, $src ) {
   $select = translate ( 'Select' ) . '...';
 
   // Allow css_cache of webcal_config values.
-  @session_start();
   $_SESSION['webcal_tmp_login'] = 'blahblahblah';
 
   $editStr = '<button name="" type="button" '

diff --git a/adminhome.php b/adminhome.php
@@ -147,7 +147,6 @@
   }
 }
 
-@session_start();
 $_SESSION['webcal_tmp_login'] = 'SheIsA1Fine!';
 
 print_header( '',

diff --git a/css_cacher.php b/css_cacher.php
@@ -14,6 +14,7 @@
 require_once 'includes/validate.php';
 
 load_global_settings();
+session_name(getSessionName());
 @session_start();
 $empTmp = ( ! empty( $_SESSION['webcal_tmp_login'] ) );
 

diff --git a/docker/docker-compose-php8-dev.yml b/docker/docker-compose-php8-dev.yml
@@ -44,6 +44,22 @@ services:
       - 8080:80
     volumes:
       - ..:/var/www/html/
+    # You can use env vars instead of putting the details in includes/settings.php.  If WebCalendar
+    # sees WEBCALENDAR_USE_ENV is set to true, it will use these env vars and ignore settings.php.
+    # The install password below is "Webcalendar.1" (and you should change it).
+    # Use the following to generate your password hash (replace "Webcalendar.1" with your password):
+    # php -r "echo md5('Webcalendar.1');"
+    environment:
+      - WEBCALENDAR_USE_ENV=true
+      - WEBCALENDAR_INSTALL_PASSWORD=da1437a2c74ee0b35eed71e27d00c618
+      - WEBCALENDAR_DB_TYPE=mysqli
+      - WEBCALENDAR_DB_DATABASE=webcalendar_php8
+      - WEBCALENDAR_DB_LOGIN=webcalendar
+      - WEBCALENDAR_DB_PASSWORD=Webcalendar.1
+      - WEBCALENDAR_DB_HOST=db
+      - WEBCALENDAR_DB_PERSISTENT=true
+      - WEBCALENDAR_USER_INC=user.php
+      - WEBCALENDAR_MODE=dev
 
 volumes:
   mysql-data:
diff --git a/docker/docker-compose-php8.yml b/docker/docker-compose-php8.yml
@@ -40,6 +40,22 @@ services:
       - db
     ports:
       - 8080:80
+   # You can use env vars instead of putting the details in includes/settings.php.  If WebCalendar
+    # sees WEBCALENDAR_USE_ENV is set to true, it will use these env vars and ignore settings.php.
+    # The install password below is "Webcalendar.1" (and you should change it).
+    # Use the following to generate your password hash (replace "Webcalendar.1" with your password):
+    # php -r "echo md5('Webcalendar.1');"
+    #environment:
+    #  - WEBCALENDAR_USE_ENV=true
+    #  - WEBCALENDAR_INSTALL_PASSWORD=da1437a2c74ee0b35eed71e27d00c618
+    #  - WEBCALENDAR_DB_TYPE=mysqli
+    #  - WEBCALENDAR_DB_DATABASE=webcalendar_php8
+    #  - WEBCALENDAR_DB_LOGIN=webcalendar
+    #  - WEBCALENDAR_DB_PASSWORD=Webcalendar.1
+    #  - WEBCALENDAR_DB_HOST=db
+    #  - WEBCALENDAR_DB_PERSISTENT=true
+    #  - WEBCALENDAR_USER_INC=user.php
+    #  - WEBCALENDAR_MODE=dev
 
 volumes:
   mysql-data:
diff --git a/includes/classes/WebCalendar.php b/includes/classes/WebCalendar.php
@@ -479,6 +479,10 @@ function _initValidate() {
     $SCRIPT, $session_not_found, $settings, $single_user, $single_user_login,
     $user_inc, $use_http_auth, $validate_redirect, $webcalendar_session;
 
+    // Give the PHP session a name unique to this install, allowing multiple WebCalendar installs
+    // on the same server.
+    $sessionName = 'WebCalendar-' . __DIR__;
+
     /* If WebCalendar is configured to use http authentication, then we can
      * use _initValidate(). If we are not using http auth, icalclient.php will
      * create its own http auth since an iCal client cannot login via a
@@ -553,6 +557,7 @@ function _initValidate() {
         if ( ! $login = user_logged_in() )
           $session_not_found = true;
       } else {
+        session_name(getSessionName());
         @session_start();
         if ( ! empty ( $_SESSION['webcal_login'] ) )
           $login = $_SESSION['webcal_login'];

diff --git a/includes/config.php b/includes/config.php
@@ -84,6 +84,15 @@ function die_miserable_death($error, $anchor = '')
   exit;
 }
 
+/**
+ * Give the PHP session a name unique to this install, allowing multiple WebCalendar installs
+ * on the same server.
+ */
+function getSessionName()
+{
+  return 'WebCalendar-' . __DIR__;
+}
+
 function db_error($doExit = false, $sql = '')
 {
   global $settings;

diff --git a/install/index.php b/install/index.php
@@ -40,16 +40,17 @@
 
 $debugInstaller = false; // Set to true to get more details on the installer pages (but breaks redirects)
 $includeLogoutButton = false; // Can be helpful testing installer
+$sessionName = 'WebCalendar-Install-' . __DIR__;
 
 if ($debugInstaller && isset($_GET['action']) && $_GET['action'] == 'logout') {
-    session_name('WebCalendar-Install-' . __DIR__);
+    session_name($sessionName);
     session_start();
     session_destroy();
 }
 
 do_config(true);
 ini_set('session.cookie_lifetime', 3600);  // 3600 seconds = 1 hour
-session_name('WebCalendar-Install-' . __DIR__);
+session_name($sessionName);
 session_start();
 if (empty($_SESSION['initialized'])) {
     // New session.  Load the current settings found in either env vars or includes/settings.php

diff --git a/login.php b/login.php
@@ -1,17 +1,4 @@
 <?php
-@session_start();
-foreach ( $_SESSION as $key => $value ) {
-  $dummy[$key] = $value; // Copy to a dummy array.
-}
-if ( ! empty ( $dummy ) ) {
-  foreach ( $dummy as $key => $value ) {
-    if ( substr ( $key, 0, 6 ) == 'webcal' )
-      unset ( $_SESSION[$key] );
-  }
-}
-// PHP 4.1.0 may have issues with the above code.
-unset ( $_SESSION['webcal_login'] );
-unset ( $_SESSION['webcalendar_session'] );
 
 require_once 'includes/translate.php';
 require_once 'includes/classes/WebCalendar.php';
@@ -23,6 +10,19 @@
 require_once 'includes/formvars.php';
 require_once 'includes/functions.php';
 
+session_name(getSessionName());
+@session_start();
+
+foreach ( $_SESSION as $key => $value ) {
+  $dummy[$key] = $value; // Copy to a dummy array.
+}
+if ( ! empty ( $dummy ) ) {
+  foreach ( $dummy as $key => $value ) {
+    if ( substr ( $key, 0, 6 ) == 'webcal' )
+      unset ( $_SESSION[$key] );
+  }
+}
+
 $WebCalendar->initializeFirstPhase();
 
 require_once "includes/$user_inc";

diff --git a/pref.php b/pref.php
@@ -169,7 +169,6 @@ function save_pref( $prefs, $src) {
 $minutesStr = translate ( 'minutes' );
 
 //allow css_cache to display public or NUC values
-@session_start();
 $_SESSION['webcal_tmp_login'] = $prefuser;
 //Prh ... add user to edit_template to get/set correct template
 $openStr ="\"window.open( 'edit_template.php?type=%s&user=%s','cal_template','dependent,menubar,scrollbars,height=500,width=500,outerHeight=520,outerWidth=520' );\"";
-Original file line number
+Diff line change
@@ Expand Up / @@ -147,7 +147,6 @@ @@
       }
     }
-    @session_start();
     $_SESSION['webcal_tmp_login'] = 'SheIsA1Fine!';
     print_header( '',
@@ Expand Down @@