MDL-23726 fixed phpdocs - credit goes to Henning Bostelmann

[moodle.git] / lib / cookieless.php

<?php  // $Id$
/**
* Enable cookieless sessions by including $CFG->usesid=true;
* in config.php.
* Based on code from php manual by Richard at postamble.co.uk
* Attempts to use cookies if cookies not present then uses session ids attached to all urls and forms to pass session id from page to page.
* If site is open to google, google is given guest access as usual and there are no sessions. No session ids will be attached to urls for googlebot.
* This doesn't require trans_sid to be turned on but this is recommended for better performance
* you should put :
* session.use_trans_sid = 1 
* in your php.ini file and make sure that you don't have a line like this in your php.ini
* session.use_only_cookies = 1
* @author Richard at postamble.co.uk and Jamie Pratt
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
*/
class cookieless_sid {
        
        /**
         * @var string Using this variable to store $CFG->wwwroot. Found that in some versions of php the $CFG global was null in 
         * the callback functions used by the output buffer.
         */
        var $httproot = null;
        /**
         * @var string Using this variable to store $CFG->httpswwwroot.
         */
        var $httpsroot = null;
        
        /**
         * @var boolean Using this variable to store $CFG->usesid.
         */
        var $usesid = false;
        
        /**
        * You won't call this function directly. This function is used to process 
        * text buffered by php in an output buffer. All output is run through this function 
        * before it is ouput.
        * @param string $buffer is the output sent from php
        * @return string the output sent to the browser
        */
        function ob_rewrite($buffer){
            $replacements = array(
                '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")([^"]*)(")/i',
                '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')([^\']*)(\')/i');
         
            $buffer = preg_replace_callback($replacements, array($this, "rewrite_link_tag"), $buffer);
            $buffer = preg_replace('/<form\s[^>]*>/i',
                '\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
            
              return $buffer;
        }
        /**
        * You won't call this function directly. This function is used to process 
        * text buffered by php in an output buffer. All output is run through this function 
        * before it is ouput.
        * This function only processes absolute urls, it is used when we decide that 
        * php is processing other urls itself but needs some help with internal absolute urls still.
        * @param string $buffer is the output sent from php
        * @return string the output sent to the browser
        */
        function ob_rewrite_absolute($buffer){
            $replacements = array(
                '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")((?:http|https)[^"]*)(")/i',
                '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')((?:http|https)[^\']*)(\')/i');
         
            $buffer = preg_replace_callback($replacements, array($this, "rewrite_link_tag"), $buffer);
            $buffer = preg_replace('/<form\s[^>]*>/i',
                '\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
            return $buffer;
        }
        /**
        * A function to process link, a and script tags found 
        * by preg_replace_callback in ob_rewrite($buffer).
        */
        function rewrite_link_tag($matches){
                $url = $matches[4];
            $url= $this->process_url($url);
            return $matches[1]. $url.$matches[5];
        }
        /**
        * You can call this function directly. This function is used to process 
        * urls to add a moodle session id to the url for internal links.
        * @param string $url is a url
        * @return string the processed url
        */
        function process_url($url) {
                if ((preg_match('/^(http|https):/i', $url)) // absolute url
                &&  ((stripos($url, $this->httproot)!==0) && stripos($url, $this->httpsroot)!==0)) { // and not local one
                        //error_log("non local url : $url ; \$CFG->wwwroot : ".$this->httproot);
                        return $url; //don't attach sessid to non local urls
            }
            if ($url[0]=='#' || (stripos($url, 'javascript:')===0)) {
                //error_log("anchor : $url");
                return $url; //don't attach sessid to anchors
            }
            if (strpos($url, session_name())!==FALSE)
            {
                //error_log("already has one sessid : $url");
                return $url; //don't attach sessid to url that already has one sessid
            }
            if (strpos($url, "?")===FALSE){
                $append="?".strip_tags(session_name() . '=' . session_id() );
            }    else {
                $append="&amp;".strip_tags(session_name() . '=' . session_id() );
            }
            //put sessid before any anchor
            $p = strpos($url, "#");
            if($p!==FALSE){
                $anch = substr($url, $p);
                $url = substr($url, 0, $p).$append.$anch ;
            } else  {
                $url .= $append ;
            }
            //error_log("added sid : $url");
            return $url;    
        }
        
        
        
        /**
        * Call this function before there has been any output to the browser to
        * buffer output and add session ids to all internal links.
        */
        function start_ob(){
            global $CFG;
            
            $this->httproot = $CFG->wwwroot;
            $this->httpsroot = $CFG->httpswwwroot;
            $this->usesid = !empty($CFG->usesid);
            
            //don't attach sess id for bots
        
            if (!empty($_SERVER['HTTP_USER_AGENT'])) {
                if (!empty($CFG->opentogoogle)) {
                    if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
                        @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
                        $CFG->usesid=false;
                        return;
                    }
                    if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) {
                        @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
                        $CFG->usesid=false;
                        return;
                    }
                }
                if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false ) {
                    @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
                    $CFG->usesid=false;
                    return;
                }
            }
            @ini_set('session.use_trans_sid', '1'); // try and turn on trans_sid
            if (ini_get('session.use_trans_sid')!=0 ){ 
                // use trans sid as its available
                ini_set('url_rewriter.tags', 'a=href,area=href,script=src,link=href,' 
                    . 'frame=src,form=fakeentry');
                ob_start(array($this, 'ob_rewrite_absolute'));
            }else{
                //rewrite all links ourselves
                ob_start(array($this, 'ob_rewrite'));
            }
        }
}

$url_processor_for_cookieless_sessions = new cookieless_sid();
$url_processor_for_cookieless_sessions->start_ob();
/**
* You can call this function directly. This function is used to process 
* urls to add a moodle session id to the url for internal links.
* Still using this function as a facade to access the instantiated object,
* that actually does the processing, to preserve the old api.
* @param string $url is a url
* @return string the processed url
*/
function sid_process_url($url) {
    global $url_processor_for_cookieless_sessions;
    return $url_processor_for_cookieless_sessions->process_url($url);
}
?>