modified ILIAS cookie handling

- cookies are set with the current path and the current domain
- new method for setting cookies in class ilUtil provided

git-svn-id: http://svn.ilias.de/svn/ilias/trunk@18497 21b2c9ec-7c21-0410-8b45-9bfb8ed2bfc5

Services/Init/classes/class.ilInitialisation.php

@@ -240,7 +240,7 @@ function initIliasIniFile()
 				define("IL_VIRUS_SCANNER", "None");
 				break;
 		}
-
+		
 		//$this->buildHTTPPath();
 	}
 
@@ -314,15 +314,13 @@ function determineClient()
 		// set to default client if empty
 		if ($_GET["client_id"] != "")
 		{
-			setcookie("ilClientId", $_GET["client_id"]);
-			$_COOKIE["ilClientId"] = $_GET["client_id"];
+			ilUtil::setCookie("ilClientId", $_GET["client_id"]);
 		}
 		else if (!$_COOKIE["ilClientId"])
 		{
 			// to do: ilias ini raus nehmen
 			$client_id = $ilIliasIniFile->readVariable("clients","default");
-			setcookie("ilClientId", $client_id);
-			$_COOKIE["ilClientId"] = $client_id;
+			ilUtil::setCookie("ilClientId", $client_id);
 //echo "set cookie";
 		}
 //echo "-".$_COOKIE["ilClientId"]."-";
@@ -473,6 +471,23 @@ function setSessionHandler()
 		}
 
 	}
+	/**
+	* set session cookie params for path, domain, etc.
+	*/
+	function setCookieParams()
+	{
+		$cookie_domain = $_SERVER['SERVER_NAME'];
+		$cookie_path = dirname( $_SERVER['PHP_SELF'] ).'/';
+
+		define('IL_COOKIE_EXPIRE',0);
+		define('IL_COOKIE_PATH',$cookie_path);
+		define('IL_COOKIE_DOMAIN',$cookie_domain);
+		define('IL_COOKIE_SECURE',false); // Default Value
+		define('IL_COOKIE_HTTPONLY',false); // Default Value
+
+		session_set_cookie_params(IL_COOKIE_EXPIRE,IL_COOKIE_PATH,IL_COOKIE_DOMAIN,
+												IL_COOKIE_SECURE,IL_COOKIE_HTTPONLY);
+	}
 
 	/**
 	* initialise $ilSettings object and define constants
@@ -864,7 +879,9 @@ function initILIAS($context = "web")
 
 		// prepare file access to work with safe mode (has been done in class ilias before)
 		umask(0117);
-
+
+		// set cookie params
+		$this->setCookieParams();
 
 		// $ilIliasIniFile initialisation
 		$this->initIliasIniFile();
@@ -880,8 +897,7 @@ function initILIAS($context = "web")
 		if (!$this->initClientIniFile())
 		{
 			$c = $_COOKIE["ilClientId"];
-			setcookie("ilClientId", $ilIliasIniFile->readVariable("clients","default"));
-			$_COOKIE["ilClientId"] = $ilIliasIniFile->readVariable("clients","default");
+			ilUtil::setCookie("ilClientId", $ilIliasIniFile->readVariable("clients","default"));
 			if (CLIENT_ID != "" && CLIENT_ID != $ilIliasIniFile->readVariable("clients","default"))
 			{
 				ilUtil::redirect("index.php?client_id=".$ilIliasIniFile->readVariable("clients","default"));
@@ -1334,8 +1350,7 @@ function initFeed()
 		if (!$this->initClientIniFile())
 		{
 			$c = $_COOKIE["ilClientId"];
-			setcookie("ilClientId", $ilIliasIniFile->readVariable("clients","default"));
-			$_COOKIE["ilClientId"] = $ilIliasIniFile->readVariable("clients","default");
+			ilUtil::setCookie("ilClientId", $ilIliasIniFile->readVariable("clients","default"));
 			echo ("Client $c does not exist. Please reload this page to return to the default client.");
 			exit;
 		}

Services/Init/classes/class.ilStartUpGUI.php

@@ -122,7 +122,7 @@ function showLogin()
 		{
 			if (empty($_GET['cookies']))
 			{
-				setcookie("iltest","cookie");
+				ilUtil::setCookie("iltest","cookie",false);
 				//header('Location: '.$_SERVER['PHP_SELF']."?target=".$_GET["target"]."&soap_pw=".$_GET["soap_pw"]."&ext_uid=".$_GET["ext_uid"]."&cookies=nocookies&client_id=".$_GET['client_id']."&lang=".$_GET['lang']);
 				header("Location: login.php?target=".$_GET["target"]."&soap_pw=".$_GET["soap_pw"]."&ext_uid=".$_GET["ext_uid"]."&cookies=nocookies&client_id=".rawurlencode(CLIENT_ID)."&lang=".$_GET['lang']);
 			}
@@ -625,8 +625,7 @@ function showLogout()
 
 		// reset cookie
 		$client_id = $_COOKIE["ilClientId"];
-		setcookie("ilClientId","");
-		$_COOKIE["ilClientId"] = "";
+		ilUtil::setCookie("ilClientId","");
 
 		//instantiate logout template
 		$tpl->addBlockFile("CONTENT", "content", "tpl.logout.html");
@@ -965,7 +964,7 @@ function processIndexPHP()
 
 			// reset cookie
 			$client_id = $_COOKIE["ilClientId"];
-			setcookie("ilClientId","");
+			setcookie ("ilClientId","");
 			$_COOKIE["ilClientId"] = "";
 
 			$_GET["client_id"] = $client_id;

Services/Utilities/classes/class.ilUtil.php

@@ -4362,6 +4362,17 @@ function randomhash()
 	{
 		return md5(rand(1,9999999) + str_replace(" ", "", (string) microtime()));
 	}
+
+	public static function setCookie($a_cookie_name,$a_cookie_value = '', $a_also_set_super_global = true, $a_set_cookie_invalid = false)
+	{
+		if(!(bool)$a_set_cookie_invalid) $expire = IL_COOKIE_EXPIRE;
+		else $expire = time() - (365*24*60*60);
+
+		setcookie($a_cookie_name,$a_cookie_value,$expire,
+					IL_COOKIE_PATH,IL_COOKIE_DOMAIN,IL_COOKIE_SECURE,IL_COOKIE_HTTPONLY);
+
+		if((bool)$a_also_set_super_global) $_COOKIE[$a_cookie_name] = $a_cookie_value;
+	}
 
 } // END class.ilUtil
 

feed.php

@@ -33,7 +33,11 @@
 // client
 if (isset($_GET["client_id"]))
 {
-	setcookie("ilClientId",$_GET["client_id"]);
+	$cookie_domain = $_SERVER['SERVER_NAME'];
+	$cookie_path = dirname( $_SERVER['PHP_SELF'] ).'/';
+
+	setcookie("ilClientId", $_GET["client_id"], 0, $cookie_path, $cookie_domain);
+
 	$_COOKIE["ilClientId"] = $_GET["client_id"];
 }
 

goto.php

@@ -40,7 +40,11 @@
 // client
 if (isset($_GET["client_id"]))
 {
-	setcookie("ilClientId",$_GET["client_id"]);
+	$cookie_domain = $_SERVER['SERVER_NAME'];
+	$cookie_path = dirname( $_SERVER['PHP_SELF'] ).'/';
+
+	setcookie("ilClientId", $_GET["client_id"], 0, $cookie_path, $cookie_domain);
+
 	$_COOKIE["ilClientId"] = $_GET["client_id"];
 }
 

index.php

@@ -64,7 +64,11 @@
 // if no client_id is given, default client is loaded (in class.ilias.php)
 if (isset($_GET["client_id"]))
 {
-	setcookie("ilClientId",$_GET["client_id"]);
+	$cookie_domain = $_SERVER['SERVER_NAME'];
+	$cookie_path = dirname( $_SERVER['PHP_SELF'] ).'/';
+
+	setcookie("ilClientId", $_GET["client_id"], 0, $cookie_path, $cookie_domain);
+
 	$_COOKIE["ilClientId"] = $_GET["client_id"];
 }
 

login.php

@@ -44,7 +44,11 @@
 // if no client_id is given, default client is loaded (in class.ilias.php)
 if (isset($_GET["client_id"]))
 {
-	setcookie("ilClientId",$_GET["client_id"]);
+	$cookie_domain = $_SERVER['SERVER_NAME'];
+	$cookie_path = dirname( $_SERVER['PHP_SELF'] ).'/';
+
+	setcookie("ilClientId", $_GET["client_id"], 0, $cookie_path, $cookie_domain);
+
 	$_COOKIE["ilClientId"] = $_GET["client_id"];
 }
 

privfeed.php

@@ -32,7 +32,11 @@
 // client
 if (isset($_GET["client_id"]))
 {
-	setcookie("ilClientId",$_GET["client_id"]);
+	$cookie_domain = $_SERVER['SERVER_NAME'];
+	$cookie_path = dirname( $_SERVER['PHP_SELF'] ).'/';
+
+	setcookie("ilClientId", $_GET["client_id"], 0, $cookie_path, $cookie_domain);
+
 	$_COOKIE["ilClientId"] = $_GET["client_id"];
 }
 

studip_referrer.php

@@ -97,18 +97,23 @@
 	unset($jump_to);
 }
 
+
+$session_name = session_name();
+$cookie_domain = $_SERVER['SERVER_NAME'];
+$cookie_path = dirname( $_SERVER['PHP_SELF'] ).'/';
+
 if (isset($_GET['sess_id']))
 {	
-	setcookie('PHPSESSID',$_GET['sess_id']);
-	$_COOKIE['PHPSESSID'] = $_GET['sess_id'];
+	setcookie($session_name,$_GET['sess_id'], 0, $cookie_path, $cookie_domain);
+	$_COOKIE[$session_name] = $_GET['sess_id'];
 } else {
 	unset($jump_to);
 }
 
 if (isset($_GET['client_id']))
 {	
-	setcookie('ilClientId',$_GET['client_id']);
-	$_COOKIE['ilClientId'] = $_GET['client_id'];
+	setcookie("ilClientId", $_GET["client_id"], 0, $cookie_path, $cookie_domain);
+	$_COOKIE["ilClientId"] = $_GET["client_id"];
 } else {
 	unset($jump_to);
 }