From ea724e95fef2574e1641d8f231926e29f948dd9a Mon Sep 17 00:00:00 2001 From: Michael Janssen Date: Thu, 23 Aug 2012 15:33:53 -0500 Subject: [PATCH] Shouldn't use _SESSION except in "special" places. --- event.php | 6 +++--- login.php | 2 +- models/Player.php | 6 +++++- player.php | 6 +++--- profile.php | 12 ++++++------ 5 files changed, 18 insertions(+), 14 deletions(-) diff --git a/event.php b/event.php index 1d843f9..d5d769e 100644 --- a/event.php +++ b/event.php @@ -751,7 +751,7 @@ function matchList($event) { } function standingsList($event) { - Standings::printEventStandings($event->name,$_SESSION['username']); + Standings::printEventStandings($event->name, Player::loginName()); } function medalList($event) { @@ -911,8 +911,8 @@ function insertEvent() { $event->save(); - if (strcmp($_POST['host'], $_SESSION['username']) != 0) { - $event->addSteward($_SESSION['username']); + if (strcmp($_POST['host'], Player::loginName()) != 0) { + $event->addSteward(Player::loginName()); } return $event; diff --git a/login.php b/login.php index 805a596..8147491 100644 --- a/login.php +++ b/login.php @@ -42,7 +42,7 @@ function testLogin() { $success = 0; if(isset($_POST['username']) && isset($_POST['password'])) { $auth = Player::checkPassword($_POST['username'], $_POST['password']); - if ($auth || $_SESSION['username'] == 'jamuraa') { + if ($auth) { session_start(); header("Cache-control: private"); $_SESSION['username'] = $_POST['username']; diff --git a/models/Player.php b/models/Player.php index bd991be..18aee65 100644 --- a/models/Player.php +++ b/models/Player.php @@ -12,7 +12,11 @@ static function isLoggedIn() { } static function loginName() { - return $_SESSION['username']; + if (Player::isLoggedIn()) { + return $_SESSION['username']; + } else { + return false; + } } static function getSessionPlayer() { diff --git a/player.php b/player.php index e4877ce..620b922 100644 --- a/player.php +++ b/player.php @@ -65,7 +65,7 @@ print_allContainer(); } elseif ($dispmode == 'allratings') { if(!isset($_GET['format'])) {$_GET['format'] = "Composite";} - print_ratingsTable($_SESSION['username']); + print_ratingsTable(Player::loginName()); echo "

"; print_ratingHistoryForm($_GET['format']); echo "
"; @@ -83,7 +83,7 @@ } elseif ($dispmode == 'verify_result') { print_verify_resultForm($_POST['report'], $_POST['match_id'],$_POST['player']); } elseif ($dispmode == 'standings') { - Standings::printEventStandings($_GET['event'],$_SESSION['username']); + Standings::printEventStandings($_GET['event'],Player::loginName()); } elseif ($dispmode == 'verifymtgo') { // print_verifyMtgoForm($player, $result); print_manualverifyMtgoForm(); @@ -260,7 +260,7 @@ function setPlayerIgnores() { } function print_mainPlayerCP($player) { - $upper = strtoupper($_SESSION['username']); + $upper = strtoupper(Player::loginName()); echo "
\n"; echo "
\n"; print_conditionalAllDecks(); diff --git a/profile.php b/profile.php index a566900..6e5a426 100644 --- a/profile.php +++ b/profile.php @@ -3,11 +3,11 @@ print_header("Player Profile"); -$playername = ""; -if(isset($_SESSION['username'])) {$playername = $_SESSION['username'];} -if(isset($_GET['player'])) {$playername = $_GET['player'];} -if(isset($_POST['player'])) {$playername = $_POST['player'];} - searchForm($playername); +$playername = Player::loginName(); +if (!$playername) { $playername = ""; } +if (isset($_GET['player'])) {$playername = $_GET['player'];} +if (isset($_POST['player'])) {$playername = $_POST['player'];} +searchForm($playername); ?>
@@ -36,7 +36,7 @@ function content() { } else { echo "
\n"; echo "Please log in to see"; - echo " your profile. You may also use the search below without"; + echo " your profile. You may also use the search without"; echo " logging in.\n"; echo "
\n"; }