Shouldn't use _SESSION except in "special" places.

jamuraa · Aug 23, 2012 · ea724e9 · ea724e9
1 parent 0a7e9d5
commit ea724e9
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 14 deletions.
diff --git a/event.php b/event.php
@@ -751,7 +751,7 @@ function matchList($event) {
 }
 
 function standingsList($event) {
-  Standings::printEventStandings($event->name,$_SESSION['username']);
+  Standings::printEventStandings($event->name, Player::loginName());
 }
 
 function medalList($event) {
@@ -911,8 +911,8 @@ function insertEvent() {
 
   $event->save();
 
-  if (strcmp($_POST['host'], $_SESSION['username']) != 0) {
-    $event->addSteward($_SESSION['username']);
+  if (strcmp($_POST['host'], Player::loginName()) != 0) {
+    $event->addSteward(Player::loginName());
   }
 
   return $event;

diff --git a/login.php b/login.php
@@ -42,7 +42,7 @@ function testLogin() {
   $success = 0;
   if(isset($_POST['username']) && isset($_POST['password'])) {
     $auth = Player::checkPassword($_POST['username'], $_POST['password']);
-    if ($auth || $_SESSION['username'] == 'jamuraa') {
+    if ($auth) {
       session_start();
       header("Cache-control: private");
       $_SESSION['username'] = $_POST['username'];

diff --git a/models/Player.php b/models/Player.php
@@ -12,7 +12,11 @@ static function isLoggedIn() {
   }
 
   static function loginName() {
-    return $_SESSION['username'];
+    if (Player::isLoggedIn()) {
+      return $_SESSION['username'];
+    } else {
+      return false;
+    }
   }
 
   static function getSessionPlayer() {

diff --git a/player.php b/player.php
@@ -65,7 +65,7 @@
     print_allContainer();
   } elseif ($dispmode == 'allratings') {
     if(!isset($_GET['format'])) {$_GET['format'] = "Composite";}
-    print_ratingsTable($_SESSION['username']);
+    print_ratingsTable(Player::loginName());
     echo "<br /><br />";
     print_ratingHistoryForm($_GET['format']);
     echo "<br />";
@@ -83,7 +83,7 @@
   } elseif ($dispmode == 'verify_result') {
     print_verify_resultForm($_POST['report'], $_POST['match_id'],$_POST['player']);
   } elseif ($dispmode == 'standings') {
-    Standings::printEventStandings($_GET['event'],$_SESSION['username']);
+    Standings::printEventStandings($_GET['event'],Player::loginName());
   } elseif ($dispmode == 'verifymtgo') {
     // print_verifyMtgoForm($player, $result);
     print_manualverifyMtgoForm();
@@ -260,7 +260,7 @@ function setPlayerIgnores() {
 }
 
 function print_mainPlayerCP($player) {
-  $upper = strtoupper($_SESSION['username']);
+  $upper = strtoupper(Player::loginName());
   echo "<div class=\"alpha grid_5\">\n";
   echo "<div id=\"gatherling_lefthalf\">\n";
   print_conditionalAllDecks();

diff --git a/profile.php b/profile.php
@@ -3,11 +3,11 @@
 
 print_header("Player Profile");
 
-$playername = "";
-if(isset($_SESSION['username'])) {$playername = $_SESSION['username'];}
-if(isset($_GET['player'])) {$playername = $_GET['player'];}
-if(isset($_POST['player'])) {$playername = $_POST['player'];}
-  searchForm($playername);
+$playername = Player::loginName();
+if (!$playername) { $playername = ""; }
+if (isset($_GET['player'])) {$playername = $_GET['player'];}
+if (isset($_POST['player'])) {$playername = $_POST['player'];}
+searchForm($playername);
 ?>
 <div class="grid_10 suffix_1 prefix_1">
 <div id="gatherling_main" class="box">
@@ -36,7 +36,7 @@ function content() {
   } else {
     echo "<center>\n";
         echo "Please <a href=\"login.php\">log in</a> to see";
-        echo " your profile. You may also use the search below without";
+        echo " your profile. You may also use the search without";
         echo " logging in.\n";
         echo "</center>\n";
     }