N°3985 - Performance checks on the back end - Use Session helper

application/loginwebpage.class.inc.php

@@ -24,6 +24,8 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+use Combodo\iTop\Application\Helper\Session;
+
 /**
  * Web page used for displaying the login form
  */
@@ -392,12 +394,14 @@ class LoginWebPage extends NiceWebPage
 	public static function ResetSession()
 	{
 		// Unset all of the session variables.
-		unset($_SESSION['auth_user']);
-		unset($_SESSION['login_state']);
-		unset($_SESSION['can_logoff']);
-		unset($_SESSION['archive_mode']);
-		unset($_SESSION['impersonate_user']);
+		Session::Start();
+		Session::Unset('auth_user');
+		Session::Unset('login_state');
+		Session::Unset('can_logoff');
+		Session::Unset('archive_mode');
+		Session::Unset('impersonate_user');
 		UserRights::_ResetSessionCache();
+		Session::WriteClose();
 		// If it's desired to kill the session, also delete the session cookie.
 		// Note: This will destroy the session, and not just the session data!
 	}
@@ -442,11 +446,11 @@ class LoginWebPage extends NiceWebPage
 		}
 		$bLoginDebug = MetaModel::GetConfig()->Get('login_debug');
 
-		if (!isset($_SESSION['login_state']) || ($_SESSION['login_state'] == self::LOGIN_STATE_ERROR))
+		if (Session::Get('login_state') == self::LOGIN_STATE_ERROR)
 		{
-			$_SESSION['login_state'] = self::LOGIN_STATE_START;
+			Session::Set('login_state', self::LOGIN_STATE_START);
 		}
-		$sLoginState = $_SESSION['login_state'];
+		$sLoginState = Session::Get('login_state');
 
 		$sSessionLog = '';
 		if ($bLoginDebug)
@@ -500,7 +504,7 @@ class LoginWebPage extends NiceWebPage
 
 				// Every plugin has nothing else to do in this state, go forward
 				$sLoginState = self::AdvanceLoginFSMState($sLoginState);
-				$_SESSION['login_state'] = $sLoginState;
+				Session::Set('login_state', $sLoginState);
 			}
 			catch (Exception $e)
 			{
@@ -526,7 +530,7 @@ class LoginWebPage extends NiceWebPage
 
 		if ($bFilterWithMode)
 		{
-			$sCurrentLoginMode = isset($_SESSION['login_mode']) ? $_SESSION['login_mode'] : '';
+			$sCurrentLoginMode = Session::Get('login_mode', '');
 		}
 		else
 		{
@@ -665,8 +669,10 @@ class LoginWebPage extends NiceWebPage
 			$oLog->DBInsertNoReload();
 		}
 
-		$_SESSION['auth_user'] = $sAuthUser;
-		$_SESSION['login_mode'] = $sLoginMode;
+		Session::Start();
+		Session::Set('auth_user', $sAuthUser);
+		Session::Set('login_mode', $sLoginMode);
+		Session::WriteClose();
 		UserRights::_InitSessionCache();
 	}
 
@@ -681,10 +687,10 @@ class LoginWebPage extends NiceWebPage
 	 */
 	public static function CheckLoggedUser(&$iErrorCode)
 	{
-		if (isset($_SESSION['auth_user']))
+		if (Session::IsSet('auth_user'))
 		{
 			// Already authenticated
-			$bRet = UserRights::Login($_SESSION['auth_user']); // Login & set the user's language
+			$bRet = UserRights::Login(Session::Get('auth_user')); // Login & set the user's language
 			if ($bRet)
 			{
 				$iErrorCode = self::EXIT_CODE_OK;
@@ -712,11 +718,11 @@ class LoginWebPage extends NiceWebPage
 
 	public static function SetLoginModeAndReload($sNewLoginMode)
 	{
-		if (isset($_SESSION['login_mode']) && ($_SESSION['login_mode'] == $sNewLoginMode))
+		if (Session::Get('login_mode') == $sNewLoginMode)
 		{
 			return;
 		}
-		$_SESSION['login_mode'] = $sNewLoginMode;
+		Session::Set('login_mode', $sNewLoginMode);
 		self::HTTPReload();
 	}
 
@@ -829,9 +835,9 @@ class LoginWebPage extends NiceWebPage
 		{
 			CMDBObject::SetTrackOrigin('custom-extension');
 			$sInfo = 'External User provisioning';
-			if (isset($_SESSION['login_mode']))
+			if (Session::IsSet('login_mode'))
 			{
-				$sInfo .= " ({$_SESSION['login_mode']})";
+				$sInfo .= " (".Session::Get('login_mode').")";
 			}
 			CMDBObject::SetTrackInfo($sInfo);
 
@@ -883,9 +889,9 @@ class LoginWebPage extends NiceWebPage
 		{
 			CMDBObject::SetTrackOrigin('custom-extension');
 			$sInfo = 'External User provisioning';
-			if (isset($_SESSION['login_mode']))
+			if (Session::IsSet('login_mode'))
 			{
-				$sInfo .= " ({$_SESSION['login_mode']})";
+				$sInfo .= " (".Session::Get('login_mode').")";
 			}
 			CMDBObject::SetTrackInfo($sInfo);
 
@@ -924,9 +930,9 @@ class LoginWebPage extends NiceWebPage
 
 			// Now synchronize the profiles
 			$sOrigin = 'External User provisioning';
-			if (isset($_SESSION['login_mode']))
+			if (Session::IsSet('login_mode'))
 			{
-				$sOrigin .= " ({$_SESSION['login_mode']})";
+				$sOrigin .= " (".Session::Get('login_mode').")";
 			}
 			$aExistingProfiles = self::SynchronizeProfiles($oUser, $aProfiles, $sOrigin);
 			if ($oUser->IsModified())
@@ -1091,11 +1097,11 @@ class LoginWebPage extends NiceWebPage
 		}
 		else if ($operation == 'change_pwd')
 		{
-			if (isset($_SESSION['auth_user']))
+			if (Session::IsSet('auth_user'))
 			{
-				$sAuthUser = $_SESSION['auth_user'];
-				$sIssue = $_SESSION['pwd_issue'] ?? null;
-				unset($_SESSION['pwd_issue']);
+				$sAuthUser = Session::Get('auth_user');
+				$sIssue = Session::Get('pwd_issue');
+				Session::Unset('pwd_issue');
 				$bFailedLogin = ($sIssue != null); // Force the "failed login" flag to display the "issue" message
 
 				UserRights::Login($sAuthUser); // Set the user's language
@@ -1107,7 +1113,7 @@ class LoginWebPage extends NiceWebPage
 		}
 		else if ($operation == 'check_pwd_policy')
 		{
-			$sAuthUser = $_SESSION['auth_user'];
+			$sAuthUser = Session::Get('auth_user');
 			UserRights::Login($sAuthUser); // Set the user's language
 
 			$aPwdMap = array();
@@ -1125,9 +1131,9 @@ class LoginWebPage extends NiceWebPage
 		}
 		if ($operation == 'do_change_pwd')
 		{
-			if (isset($_SESSION['auth_user']))
+			if (Session::IsSet('auth_user'))
 			{
-				$sAuthUser = $_SESSION['auth_user'];
+				$sAuthUser = Session::Get('auth_user');
 				UserRights::Login($sAuthUser); // Set the user's language
 				$sOldPwd = utils::ReadPostedParam('old_pwd', '', 'raw_data');
 				$sNewPwd = utils::ReadPostedParam('new_pwd', '', 'raw_data');