From b5544b2f471ce4c93b08d19919ab062725545ce8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gae=CC=88tan=20Muller?= <m.gaetan89@gmail.com>
Date: Sat, 3 Jan 2015 11:39:29 +0100
Subject: [ticket/13450] Type-hint return value of $phpbb_container->get()

PHPBB3-13450
---
 phpBB/phpbb/session.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 0a6a18ffbe..5b9fb6d835 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -409,6 +409,7 @@ class session
 					$session_expired = false;
 
 					// Check whether the session is still valid if we have one
+					/* @var $provider_collection \phpbb\auth\provider_collection */
 					$provider_collection = $phpbb_container->get('auth.provider_collection');
 					$provider = $provider_collection->get_provider();
 
@@ -578,6 +579,7 @@ class session
 			}
 		}
 
+		/* @var $provider_collection \phpbb\auth\provider_collection */
 		$provider_collection = $phpbb_container->get('auth.provider_collection');
 		$provider = $provider_collection->get_provider();
 		$this->data = $provider->autologin();
@@ -910,6 +912,7 @@ class session
 		$db->sql_query($sql);
 
 		// Allow connecting logout with external auth method logout
+		/* @var $provider_collection \phpbb\auth\provider_collection */
 		$provider_collection = $phpbb_container->get('auth.provider_collection');
 		$provider = $provider_collection->get_provider();
 		$provider->logout($this->data, $new_session);
@@ -1036,6 +1039,7 @@ class session
 			}
 
 			// only called from CRON; should be a safe workaround until the infrastructure gets going
+			/* @var $captcha_factory \phpbb\captcha\factory */
 			$captcha_factory = $phpbb_container->get('captcha.factory');
 			$captcha_factory->garbage_collect($config['captcha_plugin']);
 
-- 
cgit v1.2.1


From 7fc586080bf5e7b6e90dcf44526200d7c9356d57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gae=CC=88tan=20Muller?= <m.gaetan89@gmail.com>
Date: Mon, 5 Jan 2015 22:21:31 +0100
Subject: [ticket/13468] Update calls to `add_log()`

PHPBB3-13468
---
 phpBB/phpbb/session.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 5b9fb6d835..114912b2aa 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -215,7 +215,7 @@ class session
 	function session_begin($update_session_page = true)
 	{
 		global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path;
-		global $request, $phpbb_container;
+		global $request, $phpbb_container, $user, $phpbb_log;
 
 		// Give us some basic information
 		$this->time_now				= time();
@@ -490,11 +490,18 @@ class session
 					{
 						if ($referer_valid)
 						{
-							add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for));
+							$phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_IP_BROWSER_FORWARDED_CHECK', false, array(
+								$u_ip,
+								$s_ip,
+								$u_browser,
+								$s_browser,
+								htmlspecialchars($u_forwarded_for),
+								htmlspecialchars($s_forwarded_for)
+							));
 						}
 						else
 						{
-							add_log('critical', 'LOG_REFERER_INVALID', $this->referer);
+							$phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_REFERER_INVALID', false, array($this->referer));
 						}
 					}
 				}
-- 
cgit v1.2.1


From 79d4ff553844fa80be4da9286239f62a45489072 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gae=CC=88tan=20Muller?= <m.gaetan89@gmail.com>
Date: Sun, 11 Jan 2015 17:32:31 +0100
Subject: [ticket/13494] Update calls to `set_config()`

PHPBB3-13494
---
 phpBB/phpbb/session.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 114912b2aa..6f68dbf203 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -345,8 +345,8 @@ class session
 			}
 			else
 			{
-				set_config('limit_load', '0');
-				set_config('limit_search_load', '0');
+				$config->set('limit_load', '0');
+				$config->set('limit_search_load', '0');
 			}
 		}
 
@@ -1036,7 +1036,7 @@ class session
 		{
 			// Less than 10 users, update gc timer ... else we want gc
 			// called again to delete other sessions
-			set_config('session_last_gc', $this->time_now, true);
+			$config->set('session_last_gc', $this->time_now, false);
 
 			if ($config['max_autologin_time'])
 			{
-- 
cgit v1.2.1


From f6e06da4c68917dafb057bf7fe19f884a3e148c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gae=CC=88tan=20Muller?= <m.gaetan89@gmail.com>
Date: Sun, 4 Jan 2015 20:41:04 +0100
Subject: [ticket/13455] Update calls to `request_var()`

PHPBB3-13455
---
 phpBB/phpbb/session.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 6f68dbf203..6aeb8a91de 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -139,7 +139,7 @@ class session
 			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
 
 			'page'				=> $page,
-			'forum'				=> request_var('f', 0),
+			'forum'				=> $request->variable('f', 0),
 		);
 
 		return $page_array;
@@ -253,23 +253,23 @@ class session
 
 		if ($request->is_set($config['cookie_name'] . '_sid', \phpbb\request\request_interface::COOKIE) || $request->is_set($config['cookie_name'] . '_u', \phpbb\request\request_interface::COOKIE))
 		{
-			$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
-			$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
-			$this->session_id 		= request_var($config['cookie_name'] . '_sid', '', false, true);
+			$this->cookie_data['u'] = $request->variable($config['cookie_name'] . '_u', 0, false, \phpbb\request\request_interface::COOKIE);
+			$this->cookie_data['k'] = $request->variable($config['cookie_name'] . '_k', '', false, \phpbb\request\request_interface::COOKIE);
+			$this->session_id 		= $request->variable($config['cookie_name'] . '_sid', '', false, \phpbb\request\request_interface::COOKIE);
 
 			$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
 			$_SID = (defined('NEED_SID')) ? $this->session_id : '';
 
 			if (empty($this->session_id))
 			{
-				$this->session_id = $_SID = request_var('sid', '');
+				$this->session_id = $_SID = $request->variable('sid', '');
 				$SID = '?sid=' . $this->session_id;
 				$this->cookie_data = array('u' => 0, 'k' => '');
 			}
 		}
 		else
 		{
-			$this->session_id = $_SID = request_var('sid', '');
+			$this->session_id = $_SID = $request->variable('sid', '');
 			$SID = '?sid=' . $this->session_id;
 		}
 
-- 
cgit v1.2.1


From 4bdef6fd21a5dcab455b0cd1ee2652de606929c3 Mon Sep 17 00:00:00 2001
From: MateBartus <mate.bartus@gmail.com>
Date: Thu, 12 Mar 2015 00:25:00 +0100
Subject: [ticket/13697] Moving filesystem related functions to filesystem
 service

 * Moving filesystem service to \phpbb\filesystem namespace
 * Wraping Symfony's Filesystem component
 * Moving filesystem related functions from includes/functions.php
   into \phpbb\filesystem\filesystem
   Functions moved (and deprecated):
     - phpbb_chmod
     - phpbb_is_writable
     - phpbb_is_absolute
     - phpbb_own_realpath
     - phpbb_realpath
 * Adding interface for filesystem service

PHPBB3-13697
---
 phpBB/phpbb/session.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index d49f88b676..6154f384f3 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -92,8 +92,8 @@ class session
 		}
 
 		// current directory within the phpBB root (for example: adm)
-		$root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path)));
-		$page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./')));
+		$root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path)));
+		$page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./')));
 		$intersection = array_intersect_assoc($root_dirs, $page_dirs);
 
 		$root_dirs = array_diff_assoc($root_dirs, $intersection);
-- 
cgit v1.2.1


From fbd5929606169d3f780f0a59760c171b20bd906d Mon Sep 17 00:00:00 2001
From: Mate Bartus <mate.bartus@gmail.com>
Date: Thu, 23 Jul 2015 20:50:33 +0200
Subject: [ticket/13740] Login admin when install finished

PHPBB3-13740
---
 phpBB/phpbb/session.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 6154f384f3..91b657262c 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -1076,6 +1076,12 @@ class session
 	{
 		global $config;
 
+		// If headers are already set, we just return
+		if (headers_sent())
+		{
+			return;
+		}
+
 		$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
 		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
 		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];
-- 
cgit v1.2.1


From 266576c6a4224f4b803040c678020e825a1510b5 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Fri, 4 Dec 2015 11:50:39 +0100
Subject: [ticket/13454] Remove unused variables

Part 4

PHPBB3-13454
---
 phpBB/phpbb/session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 5575c22846..ce51483aee 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -494,7 +494,7 @@ class session
 	*/
 	function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)
 	{
-		global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx, $phpbb_container, $phpbb_dispatcher;
+		global $SID, $_SID, $db, $config, $cache, $phpbb_container, $phpbb_dispatcher;
 
 		$this->data = array();
 
-- 
cgit v1.2.1


From 7a6a16e3a52128179a4f518958f22e773dd94084 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sat, 5 Dec 2015 13:45:16 +0100
Subject: [ticket/13454] Remove unused variables

This is part 5 and there is more to come.

PHPBB3-13454
---
 phpBB/phpbb/session.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index ce51483aee..b8784a2f42 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -883,7 +883,7 @@ class session
 	*/
 	function session_kill($new_session = true)
 	{
-		global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx, $phpbb_container, $phpbb_dispatcher;
+		global $SID, $_SID, $db, $phpbb_container, $phpbb_dispatcher;
 
 		$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
 			WHERE session_id = '" . $db->sql_escape($this->session_id) . "'
@@ -975,7 +975,7 @@ class session
 	*/
 	function session_gc()
 	{
-		global $db, $config, $phpbb_root_path, $phpEx, $phpbb_container, $phpbb_dispatcher;
+		global $db, $config, $phpbb_container, $phpbb_dispatcher;
 
 		$batch_size = 10;
 
@@ -1226,7 +1226,7 @@ class session
 
 		if ($banned && !$return)
 		{
-			global $template, $phpbb_root_path, $phpEx;
+			global $phpbb_root_path, $phpEx;
 
 			// If the session is empty we need to create a valid one...
 			if (empty($this->session_id))
-- 
cgit v1.2.1


From 73900d1857a9a59eff82b224537a79110466ce7e Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sat, 5 Dec 2015 16:07:14 +0100
Subject: [ticket/13454] Remove more unused variables

This should be the last part. Off to checking if the changes were correct.

PHPBB3-13454
---
 phpBB/phpbb/session.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index b8784a2f42..65fab3551a 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -1403,7 +1403,7 @@ class session
 	*/
 	function set_login_key($user_id = false, $key = false, $user_ip = false)
 	{
-		global $config, $db;
+		global $db;
 
 		$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
 		$user_ip = ($user_ip === false) ? $this->ip : $user_ip;
@@ -1413,7 +1413,7 @@ class session
 
 		$sql_ary = array(
 			'key_id'		=> (string) md5($key_id),
-			'last_ip'		=> (string) $this->ip,
+			'last_ip'		=> (string) $user_id,
 			'last_login'	=> (int) time()
 		);
 
@@ -1450,7 +1450,7 @@ class session
 	*/
 	function reset_login_keys($user_id = false)
 	{
-		global $config, $db;
+		global $db;
 
 		$user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id;
 
-- 
cgit v1.2.1


From 3f44f368172f744499055c482dcaccb0108660ab Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Thu, 24 Dec 2015 15:44:55 +0100
Subject: [ticket/13454] Add excessively removed code back

PHPBB3-13454
---
 phpBB/phpbb/session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 65fab3551a..6155745c37 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -1413,7 +1413,7 @@ class session
 
 		$sql_ary = array(
 			'key_id'		=> (string) md5($key_id),
-			'last_ip'		=> (string) $user_id,
+			'last_ip'		=> (string) $user_ip,
 			'last_login'	=> (int) time()
 		);
 
-- 
cgit v1.2.1


From c6746ab3cd02b4c8a05895c334a3f812a5a5c5b1 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Wed, 4 Jan 2017 21:40:46 +0100
Subject: [ticket/14946] Make sure to pass integers to max()

PHPBB3-14946
---
 phpBB/phpbb/session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/phpbb/session.php')

diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index cbe2f02851..cc200b1adc 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -838,7 +838,7 @@ class session
 			$sql = 'SELECT COUNT(session_id) AS sessions
 					FROM ' . SESSIONS_TABLE . '
 					WHERE session_user_id = ' . (int) $this->data['user_id'] . '
-					AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime'])));
+					AND session_time >= ' . (int) ($this->time_now - (max((int) $config['session_length'], (int) $config['form_token_lifetime'])));
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
-- 
cgit v1.2.1