search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixes for restoreSession logic. (#4378)
[openemr.git] / library / restoreSession.php
blob260902db12454f1d293868e6efd9846e97a68e9c
1 <?php
2
3 /**
4 * restoreSession.php
5 *
6 * @package OpenEMR
7 * @link https://www.open-emr.org
8 * @author Rod Roark <rod@sunsetsystems.com>
9 * @author ophthal <magauran@ophthal.org>
10 * @author JP-DEV\sjpad <sjpadgett@gmail.com>
11 * @author Brady Miller <brady.g.miller@gmail.com>
12 * @copyright Copyright (c) 2007-2015 Rod Roark <rod@sunsetsystems.com>
13 * @copyright Copyright (c) 2016 ophthal <magauran@ophthal.org>
14 * @copyright Copyright (c) 2017 JP-DEV\sjpad <sjpadgett@gmail.com>
15 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
16 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
17 */
18
19 use OpenEMR\Common\Csrf\CsrfUtils;
20
21 $scparams = session_get_cookie_params();
22 ?>
23 // login.php makes sure the session ID captured here is different for each
24 // new login. We maintain it here because most browsers do not have separate
25 // cookie storage for different top-level windows. This function should be
26 // called just prior to invoking any server script that requires correct
27 // session data. onclick="top.restoreSession()" usually does the job.
28 //
29 var oemr_session_name = <?php echo json_encode(urlencode(session_name())); ?>;
30 var oemr_session_id = <?php echo json_encode(urlencode(session_id())); ?>;
31 var oemr_dialog_close_msg = <?php echo (function_exists('xlj')) ? xlj("OK to close this other popup window?") : json_encode("OK to close this other popup window?"); ?>;
32
33 var oemr_scp_lifetime = <?php echo js_escape($scparams['lifetime']); ?>;
34 var oemr_scp_path = <?php echo js_escape($scparams['path']); ?>;
35 var oemr_scp_domain = <?php echo js_escape($scparams['domain']); ?>;
36 var oemr_scp_secure = <?php echo js_escape($scparams['secure']); ?>;
37 var oemr_scp_samesite = <?php echo empty($scparams['samesite']) ? '' : js_escape($scparams['samesite']); ?>;
38 var oemr_cookie = '';
39 var oemr_change_count = 0; // debugging
40
41 function restoreSession() {
42 <?php if (!empty($GLOBALS['restore_sessions'])) { ?>
43 var ca = document.cookie.split('; ');
44 for (var i = 0; i < ca.length; ++i) {
45 var c = ca[i].split('=');
46 if (c[0] == oemr_session_name && c[1] != oemr_session_id) {
47 <?php if ($GLOBALS['restore_sessions'] == 2) { ?>
48 alert('Changing session ID from\n"' + c[1] + '" to\n"' + oemr_session_id + '"');
49 <?php } ?>
50 // It's important that the cookie parameters duplicate what PHP assigned.
51 oemr_cookie = oemr_session_name + '=' + oemr_session_id +
52 '; path=' + oemr_scp_path +
53 '; domain=' + oemr_scp_domain;
54 if (oemr_scp_lifetime) {
55 var d = new Date();
56 d.setTime(d.getTime() + (oemr_scp_lifetime * 1000));
57 oemr_cookie += '; expires=' + d.toUTCString();
58 }
59 if (oemr_scp_samesite) {
60 oemr_cookie += '; SameSite=' + oemr_scp_samesite;
61 }
62 document.cookie = oemr_cookie;
63 ++oemr_change_count; // debugging
64 }
65 }
66 <?php } ?>
67 return true;
68 }
69
70 // Debugging support. Call this from an onclick handler somewhere for some
71 // insight into the state of the PHP session cookie.
72 //
73 function restoreSessionInfo() {
74 alert(
75 'session_id = ' + oemr_session_id + '\n' +
76 'cookie = ' + document.cookie + '\n' +
77 'lifetime = ' + oemr_scp_lifetime + '\n' +
78 'path = ' + oemr_scp_path + '\n' +
79 'domain = ' + oemr_scp_domain + '\n' +
80 'secure = ' + oemr_scp_secure + '\n' +
81 'samesite = ' + oemr_scp_samesite + '\n' +
82 'count = ' + oemr_change_count
83 );
84 }
85
86 // Pages that have a Print button or link should call this to initialize it for logging.
87 // This is done at page load time in case we want to hide or disable the element.
88 // The second argument, if present, specifies a log message to be used instead of logging
89 // the entire document and will always prevent hiding of the button or link.
90 //
91 function printLogSetup(elem, logdata) {
92 if (elem == null) return;
93 var doc = elem.ownerDocument;
94 var win = doc.defaultView || doc.parentWindow;
95 if (typeof(logdata) == 'undefined') logdata = null;
96 <?php if ($GLOBALS['gbl_print_log_option'] == 1) { ?>
97 if (logdata == null) {
98 elem.style.display = 'none';
99 return;
100 }
101 <?php } ?>
102 win.printlogdata = logdata;
103 elem.onclick = function () {
104 // This is a function definition and variables here will be evaluated when the function executes.
105 top.printLogPrint(this);
106 }
107 }
108
109 // Pages that would otherwise call window.print() at load time should call this instead
110 // to support print logging. In this case the passed argument is normally the window,
111 // and data to log, if specified, should be in the caller's window.printlogdata.
112 // If no log data is specified and the global option to hide the print feature is set,
113 // then no printing is done and the function returns false.
114 //
115 function printLogPrint(elem) {
116 var win = elem;
117 if (elem.ownerDocument) {
118 var doc = elem.ownerDocument;
119 win = doc.defaultView || doc.parentWindow;
120 }
121 <?php if ($GLOBALS['gbl_print_log_option'] == 1) { ?>
122 // Returning false means we didn't print.
123 if (!win.printlogdata) return false;
124 <?php } ?>
125 if (win.printlog_before_print) win.printlog_before_print();
126 win.print();
127 <?php if (!empty($GLOBALS['gbl_print_log_option'])) { ?>
128 comments = win.printlogdata || win.document.body.innerHTML;
129 top.restoreSession();
130 $.post("<?php echo $GLOBALS['webroot']; ?>/library/ajax/log_print_action_ajax.php",
131 {
132 comments: comments,
133 csrf_token_form: <?php echo json_encode(CsrfUtils::collectCsrfToken()); ?>
134 }
135 );
136 <?php } ?>
137 return true;
138 }
Mirror of official OpenEMR Sourceforge repository