MDL-43785 lib: Improve session timeout warnings

moodle · Jul 27, 2015 · 462104b · 462104b
1 parent 7fa7357
commit 462104b
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 8 deletions.
diff --git a/lib/ajax/getsiteadminbranch.php b/lib/ajax/getsiteadminbranch.php
@@ -29,14 +29,12 @@
 require_once(dirname(__FILE__) . '/../../config.php');
 
 // This should be accessed by only valid logged in user.
-if (!isloggedin() or isguestuser()) {
-    die('Invalid access.');
-}
+require_login(null, false);
 
 // This identifies the type of the branch we want to get. Make sure it's SITE_ADMIN.
 $branchtype = required_param('type', PARAM_INT);
 if ($branchtype !== navigation_node::TYPE_SITE_ADMIN) {
-    die('Wrong node type passed.');
+    throw new coding_exception('Incorrect node type passed');
 }
 
 // Start capturing output in case of broken plugins.

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -2485,6 +2485,11 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
         $preventredirect = true;
     }
 
+    if (AJAX_SCRIPT) {
+        // We cannot redirect for AJAX scripts either.
+        $preventredirect = true;
+    }
+
     // Setup global $COURSE, themes, language and locale.
     if (!empty($courseorid)) {
         if (is_object($courseorid)) {
@@ -2524,11 +2529,15 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
     }
 
     // Redirect to the login page if session has expired, only with dbsessions enabled (MDL-35029) to maintain current behaviour.
-    if ((!isloggedin() or isguestuser()) && !empty($SESSION->has_timed_out) && !$preventredirect && !empty($CFG->dbsessions)) {
-        if ($setwantsurltome) {
-            $SESSION->wantsurl = qualified_me();
+    if ((!isloggedin() or isguestuser()) && !empty($SESSION->has_timed_out) && !empty($CFG->dbsessions)) {
+        if ($preventredirect) {
+            throw new require_login_session_timeout_exception();
+        } else {
+            if ($setwantsurltome) {
+                $SESSION->wantsurl = qualified_me();
+            }
+            redirect(get_login_url());
         }
-        redirect(get_login_url());
     }
 
     // If the user is not even logged in yet then make sure they are.

diff --git a/lib/setuplib.php b/lib/setuplib.php
@@ -164,6 +164,24 @@ function __construct($debuginfo) {
     }
 }
 
+/**
+ * Session timeout exception.
+ *
+ * This exception is thrown from require_login()
+ *
+ * @package    core_access
+ * @copyright  2015 Andrew Nicols <andrew@nicols.co.uk>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class require_login_session_timeout_exception extends require_login_exception {
+    /**
+     * Constructor
+     */
+    public function __construct() {
+        moodle_exception::__construct('sessionerroruser', 'error');
+    }
+}
+
 /**
  * Web service parameter exception class
  * @deprecated since Moodle 2.2 - use moodle exception instead