diff --git a/pages/account/profile().php b/pages/account/profile().php index 3cf895d..8d88886 100644 --- a/pages/account/profile().php +++ b/pages/account/profile().php @@ -1,13 +1,15 @@ all(); Guard::requireLogin(); -$user = $_SESSION['user'] ?? []; +$user = $session['user'] ?? []; $userId = (int) ($user['id'] ?? 0); $uuid = trim((string) ($user['uuid'] ?? '')); if ($uuid === '') { diff --git a/pages/address-book/data().php b/pages/address-book/data().php index 87225ce..8b30c9a 100644 --- a/pages/address-book/data().php +++ b/pages/address-book/data().php @@ -1,9 +1,11 @@ all(); Guard::requireLogin(); Guard::requireAbilityOrForbidden(OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW); gridRequireGetRequest(); @@ -19,7 +21,7 @@ foreach ($query as $rawKey => $rawValue) { $filters[$key] = $rawValue; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $addressBookService = (app(AddressBookServicesFactory::class))->createAddressBookService(); $result = $addressBookService->buildGridResult($currentUserId, $filters); gridJsonDataResult( diff --git a/pages/address-book/index().php b/pages/address-book/index().php index 5ff477f..66cce44 100644 --- a/pages/address-book/index().php +++ b/pages/address-book/index().php @@ -1,16 +1,18 @@ all(); Guard::requireLogin(); Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW); $filterSchema = require __DIR__ . '/filter-schema.php'; $query = requestInput()->queryAll(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $addressBookService = (app(AddressBookServicesFactory::class))->createAddressBookService(); $context = $addressBookService->buildIndexContext($currentUserId, $query); $activeTenants = $context['activeTenants'] ?? []; @@ -113,7 +115,7 @@ $filterChipMeta = [ ]; $csrfKey = Session::$csrfSessionKey; -$csrfToken = $_SESSION[$csrfKey] ?? ''; +$csrfToken = $session[$csrfKey] ?? ''; Buffer::set('title', t('Address book')); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); diff --git a/pages/address-book/saved-filter-delete().php b/pages/address-book/saved-filter-delete().php index 556996f..d7b8d72 100644 --- a/pages/address-book/saved-filter-delete().php +++ b/pages/address-book/saved-filter-delete().php @@ -1,11 +1,15 @@ all(); + Guard::requireLogin(); Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW); @@ -87,7 +91,7 @@ if (!Session::checkCsrfToken()) { return; } -$userId = (int) ($_SESSION['user']['id'] ?? 0); +$userId = (int) ($session['user']['id'] ?? 0); if ($userId <= 0) { Router::redirect('login'); return; @@ -102,7 +106,7 @@ if ($uuid === '') { $deleted = $userSavedFilterService->deleteAddressBookFilter($userId, $uuid); if ($deleted) { - $_SESSION['address_book_saved_filters'] = $userSavedFilterService->listForAddressBook($userId); + $sessionStore->set('address_book_saved_filters', $userSavedFilterService->listForAddressBook($userId)); Flash::success(t('Filter deleted'), 'address-book', 'address_book_saved_filter_deleted'); } diff --git a/pages/address-book/saved-filter-save().php b/pages/address-book/saved-filter-save().php index f1dda09..9f23e98 100644 --- a/pages/address-book/saved-filter-save().php +++ b/pages/address-book/saved-filter-save().php @@ -1,11 +1,15 @@ all(); + Guard::requireLogin(); Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW); @@ -87,7 +91,7 @@ if (!Session::checkCsrfToken()) { return; } -$userId = (int) ($_SESSION['user']['id'] ?? 0); +$userId = (int) ($session['user']['id'] ?? 0); if ($userId <= 0) { Router::redirect('login'); return; @@ -111,6 +115,6 @@ if (!($result['ok'] ?? false)) { return; } -$_SESSION['address_book_saved_filters'] = $userSavedFilterService->listForAddressBook($userId); +$sessionStore->set('address_book_saved_filters', $userSavedFilterService->listForAddressBook($userId)); Flash::success(t('Filter saved'), 'address-book', 'address_book_saved_filter_saved'); Router::redirect($redirect); diff --git a/pages/address-book/view($id).php b/pages/address-book/view($id).php index 6d40d35..37e4c84 100644 --- a/pages/address-book/view($id).php +++ b/pages/address-book/view($id).php @@ -1,14 +1,16 @@ all(); Guard::requireLogin(); Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $uuid = trim((string) ($id ?? '')); if ($uuid === '') { Router::redirect('address-book'); diff --git a/pages/admin/api-audit/index().php b/pages/admin/api-audit/index().php index c3eb410..61f272d 100644 --- a/pages/admin/api-audit/index().php +++ b/pages/admin/api-audit/index().php @@ -1,15 +1,17 @@ all(); Guard::requireLogin(); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_API_AUDIT_VIEW); $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( - (int) ($_SESSION['user']['id'] ?? 0), + (int) ($session['user']['id'] ?? 0), UiCapabilityMap::PAGE_AUDIT_PURGE ); diff --git a/pages/admin/departments/create().php b/pages/admin/departments/create().php index ce64d25..ee2678a 100644 --- a/pages/admin/departments/create().php +++ b/pages/admin/departments/create().php @@ -1,18 +1,20 @@ all(); Guard::requireLogin(); $request = requestInput(); $tenantService = app(\MintyPHP\Service\Tenant\TenantService::class); $directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class); $departmentService = app(\MintyPHP\Service\Org\DepartmentService::class); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_CREATE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/departments/data().php b/pages/admin/departments/data().php index 3ff39ed..9f7da88 100644 --- a/pages/admin/departments/data().php +++ b/pages/admin/departments/data().php @@ -1,12 +1,14 @@ all(); Guard::requireLogin(); gridRequireGetRequest(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = Guard::requireAbilityDecisionOrForbidden(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW); $capabilities = $decision->attribute('capabilities', []); $tenantIds = is_array($capabilities) ? array_values(array_unique(array_map('intval', (array) ($capabilities['allowed_tenant_ids'] ?? [])))) : []; diff --git a/pages/admin/departments/delete($id).php b/pages/admin/departments/delete($id).php index 9c63637..f824f96 100644 --- a/pages/admin/departments/delete($id).php +++ b/pages/admin/departments/delete($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); @@ -14,7 +16,7 @@ if ($uuid === '') { return; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $department = app(\MintyPHP\Service\Org\DepartmentService::class)->findByUuid($uuid); if (!$department) { Flash::error('Department not found', 'admin/departments', 'department_not_found'); diff --git a/pages/admin/departments/edit($id).php b/pages/admin/departments/edit($id).php index 027a025..c9626fd 100644 --- a/pages/admin/departments/edit($id).php +++ b/pages/admin/departments/edit($id).php @@ -1,16 +1,18 @@ all(); Guard::requireLogin(); $request = requestInput(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); if ($currentUserId > 0) { app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId); } diff --git a/pages/admin/departments/index().php b/pages/admin/departments/index().php index bacc965..5847a12 100644 --- a/pages/admin/departments/index().php +++ b/pages/admin/departments/index().php @@ -1,13 +1,15 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW, [ 'actor_user_id' => $currentUserId, @@ -42,7 +44,7 @@ usort($tenants, static function ($a, $b) { Buffer::set('title', t('Departments')); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); $csrfKey = Session::$csrfSessionKey; -$csrfToken = $_SESSION[$csrfKey] ?? ''; +$csrfToken = $session[$csrfKey] ?? ''; Buffer::set( 'grid_csrf', json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) diff --git a/pages/admin/import-audit/index().php b/pages/admin/import-audit/index().php index 66a86cc..36b7395 100644 --- a/pages/admin/import-audit/index().php +++ b/pages/admin/import-audit/index().php @@ -1,15 +1,17 @@ all(); Guard::requireLogin(); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_AUDIT_VIEW); $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( - (int) ($_SESSION['user']['id'] ?? 0), + (int) ($session['user']['id'] ?? 0), UiCapabilityMap::PAGE_AUDIT_PURGE ); diff --git a/pages/admin/imports/index().php b/pages/admin/imports/index().php index 541159c..c6bbb5d 100644 --- a/pages/admin/imports/index().php +++ b/pages/admin/imports/index().php @@ -1,15 +1,17 @@ all(); Guard::requireLogin(); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_VIEW); $request = requestInput(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $importService = app(ImportService::class); $profileOptions = []; @@ -46,7 +48,7 @@ $preview = null; $result = null; $csrfKey = Session::$csrfSessionKey; -$csrfToken = $_SESSION[$csrfKey] ?? ''; +$csrfToken = $session[$csrfKey] ?? ''; $hasImportPermission = static function (string $type) use ($currentUserId, $importService): bool { $permission = $importService->requiredPermissionForType($type); diff --git a/pages/admin/imports/sample($type).php b/pages/admin/imports/sample($type).php index b0e75b0..1caa799 100644 --- a/pages/admin/imports/sample($type).php +++ b/pages/admin/imports/sample($type).php @@ -1,7 +1,9 @@ all(); define('MINTY_ALLOW_OUTPUT', true); Guard::requireLogin(); @@ -16,7 +18,7 @@ if (!$profile) { return; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $ability = match ($type) { 'users' => \MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_TYPE_USERS, 'departments' => \MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_TYPE_DEPARTMENTS, diff --git a/pages/admin/index().php b/pages/admin/index().php index c909b02..565160c 100644 --- a/pages/admin/index().php +++ b/pages/admin/index().php @@ -1,11 +1,13 @@ all(); Guard::requireLogin(); -$user = $_SESSION['user'] ?? null; +$user = $session['user'] ?? null; $first_name = $user['first_name'] ?? ''; Buffer::set('title', t('Admin')); diff --git a/pages/admin/mail-log/index().php b/pages/admin/mail-log/index().php index 9bc6b5b..b35a369 100644 --- a/pages/admin/mail-log/index().php +++ b/pages/admin/mail-log/index().php @@ -1,9 +1,11 @@ all(); Guard::requireLogin(); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_MAIL_LOG_VIEW); $filterSchema = require __DIR__ . '/filter-schema.php'; @@ -41,7 +43,7 @@ $searchConfig = $listFilterContext['searchConfig']; Buffer::set('title', t('Mail logs')); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); $csrfKey = Session::$csrfSessionKey; -$csrfToken = $_SESSION[$csrfKey] ?? ''; +$csrfToken = $session[$csrfKey] ?? ''; Buffer::set( 'grid_csrf', json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) diff --git a/pages/admin/permissions/create().php b/pages/admin/permissions/create().php index b729e6c..1eba5f3 100644 --- a/pages/admin/permissions/create().php +++ b/pages/admin/permissions/create().php @@ -1,15 +1,17 @@ all(); Guard::requireLogin(); $request = requestInput(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_CREATE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/permissions/delete($id).php b/pages/admin/permissions/delete($id).php index 43f4305..d2fc1aa 100644 --- a/pages/admin/permissions/delete($id).php +++ b/pages/admin/permissions/delete($id).php @@ -1,14 +1,16 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_DELETE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/permissions/edit($id).php b/pages/admin/permissions/edit($id).php index 27360ea..7cc86d3 100644 --- a/pages/admin/permissions/edit($id).php +++ b/pages/admin/permissions/edit($id).php @@ -1,16 +1,18 @@ all(); Guard::requireLogin(); $request = requestInput(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $id = (int) ($id ?? 0); diff --git a/pages/admin/permissions/index().php b/pages/admin/permissions/index().php index bed28e4..a45efef 100644 --- a/pages/admin/permissions/index().php +++ b/pages/admin/permissions/index().php @@ -1,13 +1,15 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_VIEW, [ 'actor_user_id' => $currentUserId, @@ -49,7 +51,7 @@ $searchConfig = $listFilterContext['searchConfig']; Buffer::set('title', t('Permissions')); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); $csrfKey = Session::$csrfSessionKey; -$csrfToken = $_SESSION[$csrfKey] ?? ''; +$csrfToken = $session[$csrfKey] ?? ''; Buffer::set( 'grid_csrf', json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) diff --git a/pages/admin/roles/create().php b/pages/admin/roles/create().php index cb059cb..42b1ac4 100644 --- a/pages/admin/roles/create().php +++ b/pages/admin/roles/create().php @@ -1,15 +1,17 @@ all(); Guard::requireLogin(); $request = requestInput(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_CREATE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/roles/delete($id).php b/pages/admin/roles/delete($id).php index a1c59bc..19ff917 100644 --- a/pages/admin/roles/delete($id).php +++ b/pages/admin/roles/delete($id).php @@ -1,13 +1,15 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_DELETE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/roles/edit($id).php b/pages/admin/roles/edit($id).php index 73da34d..221c936 100644 --- a/pages/admin/roles/edit($id).php +++ b/pages/admin/roles/edit($id).php @@ -1,15 +1,17 @@ all(); Guard::requireLogin(); $request = requestInput(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $permissionRepository = app(\MintyPHP\Repository\Access\PermissionRepository::class); $rolePermissionRepository = app(\MintyPHP\Repository\Access\RolePermissionRepository::class); diff --git a/pages/admin/roles/index().php b/pages/admin/roles/index().php index ab0fc34..a9d4c22 100644 --- a/pages/admin/roles/index().php +++ b/pages/admin/roles/index().php @@ -1,13 +1,15 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_VIEW, [ 'actor_user_id' => $currentUserId, @@ -49,7 +51,7 @@ $searchConfig = $listFilterContext['searchConfig']; Buffer::set('title', t('Roles')); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); $csrfKey = Session::$csrfSessionKey; -$csrfToken = $_SESSION[$csrfKey] ?? ''; +$csrfToken = $session[$csrfKey] ?? ''; Buffer::set( 'grid_csrf', json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) diff --git a/pages/admin/scheduled-jobs/edit($id).php b/pages/admin/scheduled-jobs/edit($id).php index 3a31989..2fdf478 100644 --- a/pages/admin/scheduled-jobs/edit($id).php +++ b/pages/admin/scheduled-jobs/edit($id).php @@ -1,11 +1,13 @@ all(); Guard::requireLogin(); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW); @@ -18,7 +20,7 @@ if (!$job) { Router::redirect('admin/scheduled-jobs'); } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $canManage = $authorizationService->authorize(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_MANAGE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/scheduled-jobs/index().php b/pages/admin/scheduled-jobs/index().php index dd26823..23eb868 100644 --- a/pages/admin/scheduled-jobs/index().php +++ b/pages/admin/scheduled-jobs/index().php @@ -1,14 +1,16 @@ all(); Guard::requireLogin(); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW); $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( - (int) ($_SESSION['user']['id'] ?? 0), + (int) ($session['user']['id'] ?? 0), UiCapabilityMap::PAGE_AUDIT_PURGE ); $filterSchema = require __DIR__ . '/filter-schema.php'; diff --git a/pages/admin/scheduled-jobs/run($id).php b/pages/admin/scheduled-jobs/run($id).php index 0b2dabb..8fcc5e0 100644 --- a/pages/admin/scheduled-jobs/run($id).php +++ b/pages/admin/scheduled-jobs/run($id).php @@ -2,11 +2,13 @@ use MintyPHP\Domain\Taxonomy\ScheduledJobRunStatus; use MintyPHP\Domain\Taxonomy\SchedulerRuntimeResult; +use MintyPHP\Http\SessionStoreInterface; use MintyPHP\Router; use MintyPHP\Session; use MintyPHP\Support\Flash; use MintyPHP\Support\Guard; +$session = app(SessionStoreInterface::class)->all(); Guard::requireLogin(); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_RUN_NOW); @@ -21,7 +23,7 @@ if (!Session::checkCsrfToken()) { Router::redirect("admin/scheduled-jobs/edit/$jobId"); } -$result = app(\MintyPHP\Service\Scheduler\SchedulerRunService::class)->runJobNow($jobId, (int) ($_SESSION['user']['id'] ?? 0)); +$result = app(\MintyPHP\Service\Scheduler\SchedulerRunService::class)->runJobNow($jobId, (int) ($session['user']['id'] ?? 0)); if (!($result['ok'] ?? false)) { $error = (string) ($result['error'] ?? ''); if ($error === SchedulerRuntimeResult::LockNotAcquired->value) { diff --git a/pages/admin/search/data().php b/pages/admin/search/data().php index 472a92a..3054a7d 100644 --- a/pages/admin/search/data().php +++ b/pages/admin/search/data().php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); gridRequireGetRequest(); @@ -14,7 +16,7 @@ if ($filters['q'] === '') { Router::json([]); } -$userId = (int) ($_SESSION['user']['id'] ?? 0); +$userId = (int) ($session['user']['id'] ?? 0); $locale = I18n::$locale ?? (I18n::$defaultLocale ?? 'de'); $result = app(SearchDataService::class)->buildPreviewData($userId, $filters['q'], $locale, 5); diff --git a/pages/admin/settings/expire-remember-tokens().php b/pages/admin/settings/expire-remember-tokens().php index 4befb5c..19b1f28 100644 --- a/pages/admin/settings/expire-remember-tokens().php +++ b/pages/admin/settings/expire-remember-tokens().php @@ -1,14 +1,16 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/settings/favicon().php b/pages/admin/settings/favicon().php index a3baa8e..894a014 100644 --- a/pages/admin/settings/favicon().php +++ b/pages/admin/settings/favicon().php @@ -1,13 +1,15 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/settings/favicon-delete().php b/pages/admin/settings/favicon-delete().php index 8ba2d48..b3882cd 100644 --- a/pages/admin/settings/favicon-delete().php +++ b/pages/admin/settings/favicon-delete().php @@ -1,14 +1,16 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/settings/index().php b/pages/admin/settings/index().php index 67e2027..baa854b 100644 --- a/pages/admin/settings/index().php +++ b/pages/admin/settings/index().php @@ -1,16 +1,18 @@ all(); Guard::requireLogin(); $request = requestInput(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/settings/logo().php b/pages/admin/settings/logo().php index 7e30d21..f466b82 100644 --- a/pages/admin/settings/logo().php +++ b/pages/admin/settings/logo().php @@ -1,13 +1,15 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/settings/logo-delete().php b/pages/admin/settings/logo-delete().php index 91bd169..60269ef 100644 --- a/pages/admin/settings/logo-delete().php +++ b/pages/admin/settings/logo-delete().php @@ -1,14 +1,16 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/settings/revoke-api-tokens().php b/pages/admin/settings/revoke-api-tokens().php index 6acc359..d5b7ba2 100644 --- a/pages/admin/settings/revoke-api-tokens().php +++ b/pages/admin/settings/revoke-api-tokens().php @@ -1,14 +1,16 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/settings/run-user-lifecycle().php b/pages/admin/settings/run-user-lifecycle().php index d0f842a..0aa7a92 100644 --- a/pages/admin/settings/run-user-lifecycle().php +++ b/pages/admin/settings/run-user-lifecycle().php @@ -1,13 +1,15 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_USER_LIFECYCLE_RUN, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/stats/index().php b/pages/admin/stats/index().php index 068f261..c5f5a3f 100644 --- a/pages/admin/stats/index().php +++ b/pages/admin/stats/index().php @@ -1,17 +1,19 @@ all(); Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_STATS_VIEW); $viewData = app(\MintyPHP\Service\Stats\AdminStatsViewDataService::class)->build(); if ($viewData) { extract($viewData, EXTR_SKIP); } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities($currentUserId, UiCapabilityMap::PAGE_STATS_INDEX); Buffer::set('title', t('Statistics')); diff --git a/pages/admin/system-audit/index().php b/pages/admin/system-audit/index().php index cf7aea1..e1f0f1a 100644 --- a/pages/admin/system-audit/index().php +++ b/pages/admin/system-audit/index().php @@ -1,17 +1,19 @@ all(); Guard::requireLogin(); Guard::requireAbility(OperationsAuthorizationPolicy::ABILITY_ADMIN_SYSTEM_AUDIT_VIEW); $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( - (int) ($_SESSION['user']['id'] ?? 0), + (int) ($session['user']['id'] ?? 0), UiCapabilityMap::PAGE_SYSTEM_AUDIT ); diff --git a/pages/admin/tenants/avatar($id).php b/pages/admin/tenants/avatar($id).php index 3c1b4b0..09c5197 100644 --- a/pages/admin/tenants/avatar($id).php +++ b/pages/admin/tenants/avatar($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $tenantAvatarService = app(\MintyPHP\Service\Tenant\TenantAvatarService::class); @@ -25,7 +27,7 @@ if (!$tenantAvatarService->isValidUuid($uuid)) { $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenantId = (int) ($tenant['id'] ?? 0); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, diff --git a/pages/admin/tenants/avatar-delete($id).php b/pages/admin/tenants/avatar-delete($id).php index d34b66f..b2aebb3 100644 --- a/pages/admin/tenants/avatar-delete($id).php +++ b/pages/admin/tenants/avatar-delete($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $tenantAvatarService = app(\MintyPHP\Service\Tenant\TenantAvatarService::class); @@ -25,7 +27,7 @@ if (!$tenantAvatarService->isValidUuid($uuid)) { $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenantId = (int) ($tenant['id'] ?? 0); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, diff --git a/pages/admin/tenants/avatar-file().php b/pages/admin/tenants/avatar-file().php index 7e53d93..da2e7a5 100644 --- a/pages/admin/tenants/avatar-file().php +++ b/pages/admin/tenants/avatar-file().php @@ -1,8 +1,10 @@ all(); define('MINTY_ALLOW_OUTPUT', true); Guard::requireLogin(); @@ -18,7 +20,7 @@ if (!$tenantAvatarService->isValidUuid($uuid)) { $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenantId = (int) ($tenant['id'] ?? 0); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); if ($tenantId <= 0) { http_response_code(404); return; diff --git a/pages/admin/tenants/create().php b/pages/admin/tenants/create().php index a0d32bb..cbd230e 100644 --- a/pages/admin/tenants/create().php +++ b/pages/admin/tenants/create().php @@ -1,15 +1,17 @@ all(); Guard::requireLogin(); $request = requestInput(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CREATE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/tenants/custom-field-create($id).php b/pages/admin/tenants/custom-field-create($id).php index 20bc584..78b2cee 100644 --- a/pages/admin/tenants/custom-field-create($id).php +++ b/pages/admin/tenants/custom-field-create($id).php @@ -1,5 +1,6 @@ all(); Guard::requireLogin(); $request = requestInput(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); @@ -21,7 +23,7 @@ if (!$tenant) { } $tenantId = (int) ($tenant['id'] ?? 0); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, diff --git a/pages/admin/tenants/custom-field-delete($id).php b/pages/admin/tenants/custom-field-delete($id).php index 41fc6f3..a78ae29 100644 --- a/pages/admin/tenants/custom-field-delete($id).php +++ b/pages/admin/tenants/custom-field-delete($id).php @@ -1,5 +1,6 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $tenantCustomFieldService = app(TenantCustomFieldService::class); @@ -21,7 +23,7 @@ if ($tenantId <= 0) { return; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, diff --git a/pages/admin/tenants/custom-field-update($id).php b/pages/admin/tenants/custom-field-update($id).php index 759d3f3..5aec3aa 100644 --- a/pages/admin/tenants/custom-field-update($id).php +++ b/pages/admin/tenants/custom-field-update($id).php @@ -1,5 +1,6 @@ all(); Guard::requireLogin(); $request = requestInput(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); @@ -20,7 +22,7 @@ if ($tenantId <= 0) { return; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, diff --git a/pages/admin/tenants/delete($id).php b/pages/admin/tenants/delete($id).php index d0cf901..91f6dbd 100644 --- a/pages/admin/tenants/delete($id).php +++ b/pages/admin/tenants/delete($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); @@ -21,7 +23,7 @@ if (!$tenant) { return; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $tenantId = (int) ($tenant['id'] ?? 0); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_DELETE, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/tenants/edit($id).php b/pages/admin/tenants/edit($id).php index 9f54c72..4841b6e 100644 --- a/pages/admin/tenants/edit($id).php +++ b/pages/admin/tenants/edit($id).php @@ -1,16 +1,18 @@ all(); Guard::requireLogin(); $request = requestInput(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); if ($currentUserId > 0) { app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId); } diff --git a/pages/admin/tenants/favicon($id).php b/pages/admin/tenants/favicon($id).php index 8411f1c..d7b7b05 100644 --- a/pages/admin/tenants/favicon($id).php +++ b/pages/admin/tenants/favicon($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $tenantFaviconService = app(\MintyPHP\Service\Tenant\TenantFaviconService::class); @@ -25,7 +27,7 @@ if (!$tenantFaviconService->isValidUuid($uuid)) { $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenantId = (int) ($tenant['id'] ?? 0); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, diff --git a/pages/admin/tenants/favicon-delete($id).php b/pages/admin/tenants/favicon-delete($id).php index 56aed12..9af91ce 100644 --- a/pages/admin/tenants/favicon-delete($id).php +++ b/pages/admin/tenants/favicon-delete($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $tenantFaviconService = app(\MintyPHP\Service\Tenant\TenantFaviconService::class); @@ -25,7 +27,7 @@ if (!$tenantFaviconService->isValidUuid($uuid)) { $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenantId = (int) ($tenant['id'] ?? 0); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, diff --git a/pages/admin/tenants/index().php b/pages/admin/tenants/index().php index 416764a..3f8fb23 100644 --- a/pages/admin/tenants/index().php +++ b/pages/admin/tenants/index().php @@ -1,13 +1,15 @@ all(); Guard::requireLogin(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_VIEW, [ 'actor_user_id' => $currentUserId, @@ -46,7 +48,7 @@ $searchConfig = $listFilterContext['searchConfig']; Buffer::set('title', t('Tenants')); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); $csrfKey = Session::$csrfSessionKey; -$csrfToken = $_SESSION[$csrfKey] ?? ''; +$csrfToken = $session[$csrfKey] ?? ''; Buffer::set( 'grid_csrf', json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) diff --git a/pages/admin/user-lifecycle-audit/index().php b/pages/admin/user-lifecycle-audit/index().php index 9a928b5..751bdd7 100644 --- a/pages/admin/user-lifecycle-audit/index().php +++ b/pages/admin/user-lifecycle-audit/index().php @@ -4,15 +4,17 @@ use MintyPHP\Buffer; use MintyPHP\Domain\Taxonomy\UserLifecycleAction; use MintyPHP\Domain\Taxonomy\UserLifecycleStatus; use MintyPHP\Domain\Taxonomy\UserLifecycleTriggerType; +use MintyPHP\Http\SessionStoreInterface; use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiCapabilityMap; use MintyPHP\Service\Audit\UserLifecycleAuditService; use MintyPHP\Support\Guard; +$session = app(SessionStoreInterface::class)->all(); Guard::requireLogin(); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USER_LIFECYCLE_AUDIT_VIEW); $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( - (int) ($_SESSION['user']['id'] ?? 0), + (int) ($session['user']['id'] ?? 0), UiCapabilityMap::PAGE_AUDIT_PURGE ); diff --git a/pages/admin/user-lifecycle-audit/restore($id).php b/pages/admin/user-lifecycle-audit/restore($id).php index a15a87b..f972c30 100644 --- a/pages/admin/user-lifecycle-audit/restore($id).php +++ b/pages/admin/user-lifecycle-audit/restore($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USERS_LIFECYCLE_RESTORE); @@ -22,7 +24,7 @@ if (!Session::checkCsrfToken()) { $result = app(\MintyPHP\Service\User\UserLifecycleRestoreService::class)->restoreFromLifecycleAudit( $auditId, - (int) ($_SESSION['user']['id'] ?? 0) + (int) ($session['user']['id'] ?? 0) ); if (!($result['ok'] ?? false)) { diff --git a/pages/admin/user-lifecycle-audit/view($id).php b/pages/admin/user-lifecycle-audit/view($id).php index 7787754..d11b879 100644 --- a/pages/admin/user-lifecycle-audit/view($id).php +++ b/pages/admin/user-lifecycle-audit/view($id).php @@ -2,12 +2,14 @@ use MintyPHP\Buffer; use MintyPHP\Domain\Taxonomy\UserLifecycleAction; +use MintyPHP\Http\SessionStoreInterface; use MintyPHP\Router; use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiCapabilityMap; use MintyPHP\Support\Flash; use MintyPHP\Support\Guard; +$session = app(SessionStoreInterface::class)->all(); Guard::requireLogin(); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USER_LIFECYCLE_AUDIT_VIEW); @@ -24,7 +26,7 @@ if ((string) ($auditLog['action'] ?? '') === UserLifecycleAction::Delete->value) $snapshot = $auditService->decryptSnapshot($auditLog); } $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( - (int) ($_SESSION['user']['id'] ?? 0), + (int) ($session['user']['id'] ?? 0), UiCapabilityMap::PAGE_USER_LIFECYCLE_VIEW ); diff --git a/pages/admin/users/access-pdf($id).php b/pages/admin/users/access-pdf($id).php index e990d27..8750050 100644 --- a/pages/admin/users/access-pdf($id).php +++ b/pages/admin/users/access-pdf($id).php @@ -1,11 +1,13 @@ all(); define('MINTY_ALLOW_OUTPUT', true); // Hard gate: user must be logged in and explicitly allowed to generate access PDFs. @@ -38,7 +40,7 @@ if (!$user) { return; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $userId = (int) ($user['id'] ?? 0); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/users/access-pdf-bulk().php b/pages/admin/users/access-pdf-bulk().php index b1ab713..3d82915 100644 --- a/pages/admin/users/access-pdf-bulk().php +++ b/pages/admin/users/access-pdf-bulk().php @@ -1,17 +1,19 @@ all(); define('MINTY_ALLOW_OUTPUT', true); // Hard gate: user must be logged in and explicitly allowed to generate access PDFs. Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF_BULK, [ - 'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0), + 'actor_user_id' => (int) ($session['user']['id'] ?? 0), ]); if (!$decision->isAllowed()) { Router::redirect('error/forbidden'); @@ -49,7 +51,7 @@ if (count($uuids) > 100) { return; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $users = []; foreach ($uuids as $uuid) { $user = $userAccountService->findByUuid($uuid); diff --git a/pages/admin/users/activate($id).php b/pages/admin/users/activate($id).php index 1a4410e..288ba25 100644 --- a/pages/admin/users/activate($id).php +++ b/pages/admin/users/activate($id).php @@ -1,11 +1,13 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); @@ -29,7 +31,7 @@ if (!Session::checkCsrfToken()) { } $uuid = trim((string) ($id ?? '')); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $userId = (int) ($user['id'] ?? 0); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACTIVATE, [ diff --git a/pages/admin/users/api-token-create($id).php b/pages/admin/users/api-token-create($id).php index 4e822b9..8924227 100644 --- a/pages/admin/users/api-token-create($id).php +++ b/pages/admin/users/api-token-create($id).php @@ -1,10 +1,14 @@ all(); + Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); @@ -17,7 +21,7 @@ if (!$user) { } $userId = (int) ($user['id'] ?? 0); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE, [ 'actor_user_id' => $currentUserId, 'target_user_id' => $userId, @@ -37,7 +41,7 @@ if ($name === '') { $result = $apiTokenService->create($userId, $name, null, null, $currentUserId); if ($result['ok'] ?? false) { - $_SESSION['api_token_created'] = ['token' => $result['token'], 'uuid' => $uuid]; + $sessionStore->set('api_token_created', ['token' => $result['token'], 'uuid' => $uuid]); Flash::success(t('API token created. Copy it now — it will not be shown again.'), "admin/users/edit/{$uuid}", 'api_token_created'); } else { $error = $result['error'] ?? 'create_failed'; diff --git a/pages/admin/users/api-token-revoke($id).php b/pages/admin/users/api-token-revoke($id).php index a0aef24..f049353 100644 --- a/pages/admin/users/api-token-revoke($id).php +++ b/pages/admin/users/api-token-revoke($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); @@ -17,7 +19,7 @@ if (!$user) { } $userId = (int) ($user['id'] ?? 0); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE, [ 'actor_user_id' => $currentUserId, 'target_user_id' => $userId, diff --git a/pages/admin/users/avatar($id).php b/pages/admin/users/avatar($id).php index c15c916..e733c1f 100644 --- a/pages/admin/users/avatar($id).php +++ b/pages/admin/users/avatar($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); @@ -24,7 +26,7 @@ if (!$userAvatarService->isValidUuid($uuid)) { return; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $userId = (int) ($user['id'] ?? 0); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_UPLOAD, [ diff --git a/pages/admin/users/avatar-delete($id).php b/pages/admin/users/avatar-delete($id).php index f1df48f..b9c870b 100644 --- a/pages/admin/users/avatar-delete($id).php +++ b/pages/admin/users/avatar-delete($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); @@ -24,7 +26,7 @@ if (!$userAvatarService->isValidUuid($uuid)) { return; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $userId = (int) ($user['id'] ?? 0); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_DELETE, [ diff --git a/pages/admin/users/avatar-file().php b/pages/admin/users/avatar-file().php index ba40efa..81867e3 100644 --- a/pages/admin/users/avatar-file().php +++ b/pages/admin/users/avatar-file().php @@ -1,8 +1,10 @@ all(); define('MINTY_ALLOW_OUTPUT', true); Guard::requireLogin(); @@ -17,7 +19,7 @@ if (!$userAvatarService->isValidUuid($uuid)) { return; } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $userId = (int) ($user['id'] ?? 0); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_VIEW, [ diff --git a/pages/admin/users/bulk($action).php b/pages/admin/users/bulk($action).php index 0261bae..3275923 100644 --- a/pages/admin/users/bulk($action).php +++ b/pages/admin/users/bulk($action).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $action = strtolower(trim((string) ($action ?? ''))); @@ -25,7 +27,7 @@ if (!$uuids) { Router::json(['ok' => false, 'error' => 'no_selection']); } -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_BULK, [ 'actor_user_id' => $currentUserId, diff --git a/pages/admin/users/create().php b/pages/admin/users/create().php index 043e22f..e8e51b5 100644 --- a/pages/admin/users/create().php +++ b/pages/admin/users/create().php @@ -2,6 +2,7 @@ use MintyPHP\Buffer; use MintyPHP\Http\Request; +use MintyPHP\Http\SessionStoreInterface; use MintyPHP\I18n; use MintyPHP\Router; use MintyPHP\Service\Access\UiAccessService; @@ -11,11 +12,12 @@ use MintyPHP\Service\CustomField\UserCustomFieldValueService; use MintyPHP\Support\Flash; use MintyPHP\Support\Guard; +$session = app(SessionStoreInterface::class)->all(); Guard::requireLogin(); $request = requestInput(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_CREATE, [ - 'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0), + 'actor_user_id' => (int) ($session['user']['id'] ?? 0), ]); if (!$decision->isAllowed()) { if (Request::wantsJson()) { @@ -38,7 +40,7 @@ $tenantService = app(\MintyPHP\Service\Tenant\TenantService::class); $roleService = app(\MintyPHP\Service\Access\RoleService::class); $departmentService = app(\MintyPHP\Service\Org\DepartmentService::class); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $uiAccessService = app(UiAccessService::class); $viewAuth['page'] = $uiAccessService->pageCapabilities($currentUserId, UiCapabilityMap::PAGE_USERS_CREATE); $pageAuth = is_array($viewAuth['page'] ?? null) ? $viewAuth['page'] : []; diff --git a/pages/admin/users/data().php b/pages/admin/users/data().php index f11faf7..afb73e7 100644 --- a/pages/admin/users/data().php +++ b/pages/admin/users/data().php @@ -1,8 +1,10 @@ all(); Guard::requireLogin(); Guard::requireAbilityOrForbidden(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW); @@ -11,7 +13,7 @@ gridRequireGetRequest(); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAvatarService = app(\MintyPHP\Service\User\UserAvatarService::class); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $filters = gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php'); diff --git a/pages/admin/users/deactivate($id).php b/pages/admin/users/deactivate($id).php index c147d38..2308d3a 100644 --- a/pages/admin/users/deactivate($id).php +++ b/pages/admin/users/deactivate($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); @@ -15,7 +17,7 @@ if ((requestInput()->method()) !== 'POST') { } $uuid = trim((string) ($id ?? '')); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $userId = (int) ($user['id'] ?? 0); $errorBag = formErrors(); diff --git a/pages/admin/users/delete($id).php b/pages/admin/users/delete($id).php index c21bf8e..881bd79 100644 --- a/pages/admin/users/delete($id).php +++ b/pages/admin/users/delete($id).php @@ -1,11 +1,13 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); @@ -16,7 +18,7 @@ if ((requestInput()->method()) !== 'POST') { } $uuid = trim((string) ($id ?? '')); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $userId = (int) ($user['id'] ?? 0); $errorBag = formErrors(); diff --git a/pages/admin/users/edit($id).php b/pages/admin/users/edit($id).php index 5bded68..8a864fc 100644 --- a/pages/admin/users/edit($id).php +++ b/pages/admin/users/edit($id).php @@ -1,6 +1,7 @@ all(); + Guard::requireLogin(); $request = requestInput(); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); @@ -31,7 +35,7 @@ $departmentService = app(\MintyPHP\Service\Org\DepartmentService::class); $passwordMinLength = $userPasswordPolicyService->minLength(); $passwordHints = $userPasswordPolicyService->hints(); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $uuid = trim((string) ($id ?? '')); $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; if (!$user) { @@ -269,10 +273,18 @@ if ($request->hasBody('email')) { if ($currentUserId === $userId && isset($form['theme'])) { $themes = appThemes(); $themeValue = strtolower(trim((string) ($form['theme'] ?? ''))); - $_SESSION['user']['theme'] = isset($themes[$themeValue]) ? $themeValue : appDefaultTheme(); + $userSession = $sessionStore->get('user', []); + if (is_array($userSession)) { + $userSession['theme'] = isset($themes[$themeValue]) ? $themeValue : appDefaultTheme(); + $sessionStore->set('user', $userSession); + } } if ($currentUserId === $userId && isset($form['locale'])) { - $_SESSION['user']['locale'] = $form['locale']; + $userSession = $sessionStore->get('user', []); + if (is_array($userSession)) { + $userSession['locale'] = $form['locale']; + $sessionStore->set('user', $userSession); + } I18n::$locale = $form['locale']; } if (!$errorBag->hasAny()) { diff --git a/pages/admin/users/export().php b/pages/admin/users/export().php index 9949af9..cb1ceb0 100644 --- a/pages/admin/users/export().php +++ b/pages/admin/users/export().php @@ -1,14 +1,16 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [ - 'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0), + 'actor_user_id' => (int) ($session['user']['id'] ?? 0), ]); if (!$decision->isAllowed()) { if (Request::wantsJson()) { @@ -21,7 +23,7 @@ if (!$decision->isAllowed()) { } $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $search = trim((string) (requestInput()->queryAll()['search'] ?? '')); $order = (string) (requestInput()->queryAll()['order'] ?? 'id'); diff --git a/pages/admin/users/forget-tokens($id).php b/pages/admin/users/forget-tokens($id).php index a546d4a..d5eaec5 100644 --- a/pages/admin/users/forget-tokens($id).php +++ b/pages/admin/users/forget-tokens($id).php @@ -1,10 +1,12 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); @@ -18,7 +20,7 @@ if (!$user) { } $userId = (int) ($user['id'] ?? 0); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_FORGET_TOKENS, [ 'actor_user_id' => $currentUserId, 'target_user_id' => $userId, diff --git a/pages/admin/users/index().php b/pages/admin/users/index().php index 881146b..3c49fa3 100644 --- a/pages/admin/users/index().php +++ b/pages/admin/users/index().php @@ -2,6 +2,7 @@ use MintyPHP\Buffer; use MintyPHP\Http\Request; +use MintyPHP\Http\SessionStoreInterface; use MintyPHP\Router; use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiCapabilityMap; @@ -9,10 +10,11 @@ use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Session; use MintyPHP\Support\Guard; +$session = app(SessionStoreInterface::class)->all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [ - 'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0), + 'actor_user_id' => (int) ($session['user']['id'] ?? 0), ]); if (!$decision->isAllowed()) { if (Request::wantsJson()) { @@ -38,7 +40,7 @@ $filterState = gridParseFilters($query, [ 'search' => ['type' => 'string'], ]); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $allowedTenantIds = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->getUserTenantIds($currentUserId); $uiAccessService = app(UiAccessService::class); $selfEditDecision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT, [ @@ -56,7 +58,7 @@ $viewAuth['page'] = [ Buffer::set('title', t('Users')); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); $csrfKey = Session::$csrfSessionKey; -$csrfToken = $_SESSION[$csrfKey] ?? ''; +$csrfToken = $session[$csrfKey] ?? ''; Buffer::set( 'grid_csrf', json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) diff --git a/pages/admin/users/send-access($id).php b/pages/admin/users/send-access($id).php index f1ad8bb..d86a246 100644 --- a/pages/admin/users/send-access($id).php +++ b/pages/admin/users/send-access($id).php @@ -1,11 +1,13 @@ all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); @@ -20,7 +22,7 @@ if (!$user) { } $userId = (int) ($user['id'] ?? 0); -$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); +$currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_SEND_ACCESS, [ 'actor_user_id' => $currentUserId, 'target_user_id' => $userId, diff --git a/pages/admin/users/switch-tenant().php b/pages/admin/users/switch-tenant().php index 7ca7909..c35ccf0 100644 --- a/pages/admin/users/switch-tenant().php +++ b/pages/admin/users/switch-tenant().php @@ -1,10 +1,14 @@ all(); + Guard::requireLogin(); $userTenantContextService = app(\MintyPHP\Service\User\UserTenantContextService::class); $errorBag = formErrors(); @@ -26,7 +30,7 @@ if (!Session::checkCsrfToken()) { return; } -$userId = (int) ($_SESSION['user']['id'] ?? 0); +$userId = (int) ($session['user']['id'] ?? 0); if ($userId <= 0) { http_response_code(401); if (Request::wantsJson()) { @@ -67,16 +71,18 @@ if (!($result['ok'] ?? false)) { } // Update session with new current tenant -if (isset($_SESSION['user'])) { - $_SESSION['user']['current_tenant_id'] = $tenantId; +if (isset($session['user']) && is_array($session['user'])) { + $userSession = $session['user']; + $userSession['current_tenant_id'] = $tenantId; + $sessionStore->set('user', $userSession); } // Update session with full tenant data -$_SESSION['current_tenant'] = $result['tenant'] ?? null; +$sessionStore->set('current_tenant', $result['tenant'] ?? null); // Reload available tenants and departments -$_SESSION['available_tenants'] = $userTenantContextService->getAvailableTenants($userId); -$_SESSION['available_departments_by_tenant'] = $userTenantContextService->getAvailableDepartmentsByTenant($userId); +$sessionStore->set('available_tenants', $userTenantContextService->getAvailableTenants($userId)); +$sessionStore->set('available_departments_by_tenant', $userTenantContextService->getAvailableDepartmentsByTenant($userId)); if (Request::wantsJson()) { Router::json([ diff --git a/pages/admin/users/theme().php b/pages/admin/users/theme().php index c1127ec..81a4d03 100644 --- a/pages/admin/users/theme().php +++ b/pages/admin/users/theme().php @@ -1,10 +1,14 @@ all(); + Guard::requireLogin(); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $errorBag = formErrors(); @@ -24,7 +28,7 @@ if (!Session::checkCsrfToken()) { return; } -$userId = (int) ($_SESSION['user']['id'] ?? 0); +$userId = (int) ($session['user']['id'] ?? 0); if ($userId <= 0) { http_response_code(401); if (Request::wantsJson()) { @@ -70,7 +74,11 @@ if (!$updated) { return; } -$_SESSION['user']['theme'] = $theme; +$userSession = $sessionStore->get('user', []); +if (is_array($userSession)) { + $userSession['theme'] = $theme; + $sessionStore->set('user', $userSession); +} if (Request::wantsJson()) { Router::json(['ok' => true, 'theme' => $theme]); diff --git a/pages/api/v1/auth/login().php b/pages/api/v1/auth/login().php index 422dd24..923e640 100644 --- a/pages/api/v1/auth/login().php +++ b/pages/api/v1/auth/login().php @@ -2,11 +2,14 @@ use MintyPHP\Http\ApiBootstrap; use MintyPHP\Http\ApiResponse; +use MintyPHP\Http\RequestRuntimeInterface; use MintyPHP\Service\Auth\ApiTokenEndpointService; use MintyPHP\Service\Auth\AuthServicesFactory; use MintyPHP\Service\Security\SecurityServicesFactory; use MintyPHP\Service\User\UserServicesFactory; +$requestRuntime = app(RequestRuntimeInterface::class); + ApiBootstrap::init(false); ApiResponse::requireMethod('POST'); @@ -16,7 +19,7 @@ $apiTokenEndpointService = app(ApiTokenEndpointService::class); // ---- Login-specific rate limits (stricter than the general API rate limit in ApiBootstrap) ---- $rateLimiter = (app(SecurityServicesFactory::class))->createRateLimiterService(); -$ip = $_SERVER['REMOTE_ADDR'] ?? ''; +$ip = $requestRuntime->ip(); $ipResult = $rateLimiter->isBlocked('api.auth.login.ip', $ip); if (!($ipResult['allowed'] ?? true)) { diff --git a/pages/auth/forgot().php b/pages/auth/forgot().php index 6fcd50b..25884b2 100644 --- a/pages/auth/forgot().php +++ b/pages/auth/forgot().php @@ -1,11 +1,14 @@ isMethod('POST')) { $errorBag->addGlobal(t('Please enter a valid email address')); } else { $passwordResetService->requestReset($email); - $_SESSION['password_reset_email'] = $email; + $sessionStore->set('password_reset_email', $email); Flash::success( t('If the email exists, a verification code has been sent.'), 'password/verify', diff --git a/pages/auth/login().php b/pages/auth/login().php index a57b5ee..7f6d545 100644 --- a/pages/auth/login().php +++ b/pages/auth/login().php @@ -1,5 +1,7 @@ all(); + +if (!empty($session['user']['id'])) { if (Flash::has()) { Flash::keep(); } @@ -146,7 +152,7 @@ if (requestInput()->method() === 'POST') { } else { $postedStage = trim((string) (requestInput()->bodyAll()['stage'] ?? 'resolve_email')); $email = trim((string) (requestInput()->bodyAll()['email'] ?? '')); - $clientIp = trim((string) ($_SERVER['REMOTE_ADDR'] ?? '')); + $clientIp = trim((string) ($requestRuntime->ip())); if ($clientIp === '') { $clientIp = 'unknown'; } @@ -253,7 +259,7 @@ if (requestInput()->method() === 'POST') { $result = $authService->login($email, $password); if (!($result['ok'] ?? false)) { if (!empty($result['needs_verification'])) { - $_SESSION['email_verification_email'] = $result['email'] ?? $email; + $sessionStore->set('email_verification_email', $result['email'] ?? $email); Flash::error(t('Please verify your email first'), 'verify-email', 'login_not_verified'); Router::redirect('verify-email'); return; @@ -270,7 +276,8 @@ if (requestInput()->method() === 'POST') { $setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock)); } } else { - $userId = (int) ($_SESSION['user']['id'] ?? 0); + $authenticatedUser = $sessionStore->get('user', []); + $userId = (int) (is_array($authenticatedUser) ? ($authenticatedUser['id'] ?? 0) : 0); if ($userId <= 0 || !$authService->canLoginToTenant($userId, $selectedTenantId)) { $authService->logout(); $setLoginWarning(t('No access to this tenant')); diff --git a/pages/auth/register().php b/pages/auth/register().php index da64e2d..35b0220 100644 --- a/pages/auth/register().php +++ b/pages/auth/register().php @@ -1,10 +1,13 @@ hasBody('email')) { $error = $result['error'] ?? t('User can not be registered'); } else { // Store email in session for verify-email page - $_SESSION['email_verification_email'] = $result['email'] ?? $email; + $sessionStore->set('email_verification_email', $result['email'] ?? $email); Flash::success(t('Registration successful! Please check your email for the verification code.'), 'verify-email', 'registration_success'); Router::redirect('verify-email'); } diff --git a/pages/auth/reset().php b/pages/auth/reset().php index 269e092..14ca961 100644 --- a/pages/auth/reset().php +++ b/pages/auth/reset().php @@ -1,12 +1,16 @@ all(); + $request = requestInput(); $errorBag = formErrors(); $errors = []; @@ -14,7 +18,7 @@ $password = (string) $request->body('password', ''); $password2 = (string) $request->body('password2', ''); $passwordResetService = (app(AuthServicesFactory::class))->createPasswordResetService(); -$resetId = (int) ($_SESSION['password_reset_id'] ?? 0); +$resetId = (int) ($session['password_reset_id'] ?? 0); if ($resetId <= 0) { Router::redirect('password/forgot'); } @@ -25,8 +29,8 @@ if ($request->isMethod('POST')) { } else { $result = $passwordResetService->resetPassword($resetId, $password, $password2); if ($result['ok'] ?? false) { - unset($_SESSION['password_reset_id']); - unset($_SESSION['password_reset_email']); + $sessionStore->remove('password_reset_id'); + $sessionStore->remove('password_reset_email'); Flash::success(t('Password updated'), 'login', 'password_updated'); Router::redirect('login'); } else { diff --git a/pages/auth/verify().php b/pages/auth/verify().php index d89ff0a..9e28d0a 100644 --- a/pages/auth/verify().php +++ b/pages/auth/verify().php @@ -1,15 +1,19 @@ all(); + $request = requestInput(); $errorBag = formErrors(); $errors = []; -$email = trim((string) $request->body('email', $_SESSION['password_reset_email'] ?? '')); +$email = trim((string) $request->body('email', $session['password_reset_email'] ?? '')); $code = trim((string) $request->body('code', '')); $passwordResetService = (app(AuthServicesFactory::class))->createPasswordResetService(); @@ -23,8 +27,8 @@ if ($request->isMethod('POST')) { } else { $result = $passwordResetService->verifyCode($email, $code); if ($result['ok'] ?? false) { - $_SESSION['password_reset_id'] = (int) $result['reset_id']; - unset($_SESSION['password_reset_email']); + $sessionStore->set('password_reset_id', (int) $result['reset_id']); + $sessionStore->remove('password_reset_email'); Flash::success(t('Code verified'), 'password/reset', 'reset_verified'); Router::redirect('password/reset'); } else { diff --git a/pages/auth/verify-email().php b/pages/auth/verify-email().php index 226183b..74df16d 100644 --- a/pages/auth/verify-email().php +++ b/pages/auth/verify-email().php @@ -1,15 +1,19 @@ all(); + $request = requestInput(); $errorBag = formErrors(); $errors = []; -$email = trim((string) $request->body('email', $_SESSION['email_verification_email'] ?? '')); +$email = trim((string) $request->body('email', $session['email_verification_email'] ?? '')); $code = trim((string) $request->body('code', '')); $emailVerificationService = (app(AuthServicesFactory::class))->createEmailVerificationService(); @@ -42,7 +46,7 @@ if ($request->isMethod('POST')) { } else { $result = $emailVerificationService->verifyCode($email, $code); if ($result['ok'] ?? false) { - unset($_SESSION['email_verification_email']); + $sessionStore->remove('email_verification_email'); Flash::success(t('Email verified successfully! Please login.'), 'login', 'email_verified'); Router::redirect('login'); diff --git a/pages/index().php b/pages/index().php index 536715a..4ba6856 100644 --- a/pages/index().php +++ b/pages/index().php @@ -1,8 +1,10 @@ all(); +if (isset($session['user'])) { Router::redirect('admin'); } else { Router::redirect('login'); diff --git a/pages/lang().php b/pages/lang().php index 3ad49e0..2da6cdb 100644 --- a/pages/lang().php +++ b/pages/lang().php @@ -1,11 +1,15 @@ all(); + $request = requestInput(); $rawLocale = (string) $request->body( 'locale', @@ -23,11 +27,15 @@ if ($locale === '' || !in_array($locale, $locales, true)) { } I18n::$locale = $locale; -if (isset($_SESSION['user']['id'])) { - $userId = (int) ($_SESSION['user']['id'] ?? 0); +if (isset($session['user']['id'])) { + $userId = (int) ($session['user']['id'] ?? 0); if ($userId) { (app(UserServicesFactory::class))->createUserAccountService()->setLocale($userId, $locale); - $_SESSION['user']['locale'] = $locale; + $userSession = $sessionStore->get('user', []); + if (is_array($userSession)) { + $userSession['locale'] = $locale; + $sessionStore->set('user', $userSession); + } } } else { setcookie('locale', $locale, time() + 31536000, '/', '', false, true); diff --git a/pages/page/copy-language().php b/pages/page/copy-language().php index 3d383d2..e99f282 100644 --- a/pages/page/copy-language().php +++ b/pages/page/copy-language().php @@ -1,13 +1,17 @@ all(); + +$user = $session['user'] ?? []; $currentUserId = (int) ($user['id'] ?? 0); if ($currentUserId <= 0) { Flash::error(t('Login required'), Request::safeReturnTarget((string) (requestInput()->bodyAll()['return'] ?? '')), 'login_required'); @@ -37,6 +41,12 @@ if (!($result['ok'] ?? false)) { Router::redirect($return); } -$_SESSION['page_edit_mode'][$slug] = 1; +$pageEditMode = $sessionStore->get('page_edit_mode', []); +if (!is_array($pageEditMode)) { + $pageEditMode = []; +} +$pageEditMode[$slug] = 1; +$sessionStore->set('page_edit_mode', $pageEditMode); + Flash::success(t('Content copied'), $return, 'page_copy_ok'); Router::redirect($return); diff --git a/pages/page/index($slug).php b/pages/page/index($slug).php index 4ac5a95..2869c06 100644 --- a/pages/page/index($slug).php +++ b/pages/page/index($slug).php @@ -2,12 +2,16 @@ use MintyPHP\Buffer; use MintyPHP\Http\Request; +use MintyPHP\Http\SessionStoreInterface; use MintyPHP\I18n; use MintyPHP\Router; use MintyPHP\Service\Content\PageService; use MintyPHP\Session; use MintyPHP\Support\Flash; +$sessionStore = app(SessionStoreInterface::class); +$session = $sessionStore->all(); + $slug = trim((string) ($slug ?? '')); if ($slug === '') { Router::redirect(''); @@ -22,7 +26,7 @@ if ($notFound) { Buffer::set('title', t('Page not found')); } -$user = $_SESSION['user'] ?? []; +$user = $session['user'] ?? []; $currentUserId = (int) ($user['id'] ?? 0); $canEdit = $currentUserId > 0; $returnPath = Request::path(); @@ -35,11 +39,22 @@ if ($requestedReturn !== '') { } $formAction = '/' . ltrim($returnPath, '/'); $wantsJson = Request::wantsJson(); +$markEditMode = static function (string $pageSlug) use ($sessionStore): void { + $pageEditMode = $sessionStore->get('page_edit_mode', []); + if (!is_array($pageEditMode)) { + $pageEditMode = []; + } + + $pageEditMode[$pageSlug] = 1; + $sessionStore->set('page_edit_mode', $pageEditMode); +}; $sessionEdit = false; -if (!empty($_SESSION['page_edit_mode']) && is_array($_SESSION['page_edit_mode'])) { - $sessionEdit = !empty($_SESSION['page_edit_mode'][$slug]); - unset($_SESSION['page_edit_mode'][$slug]); +if (!empty($session['page_edit_mode']) && is_array($session['page_edit_mode'])) { + $sessionEdit = !empty($session['page_edit_mode'][$slug]); + $pageEditMode = $session['page_edit_mode']; + unset($pageEditMode[$slug]); + $sessionStore->set('page_edit_mode', $pageEditMode); } if (requestInput()->method() === 'POST') { @@ -68,19 +83,19 @@ if (requestInput()->method() === 'POST') { $firstError = (string) ($errors[0] ?? t('Page can not be updated')); Flash::error($firstError, $returnPath, 'page_update_failed'); if ($wantsJson) { - $_SESSION['page_edit_mode'][$slug] = 1; + $markEditMode($slug); Router::json(['ok' => false, 'error' => 'invalid', 'redirect' => $returnPath]); } - $_SESSION['page_edit_mode'][$slug] = 1; + $markEditMode($slug); Router::redirect($returnPath); } Flash::success(t('Page updated'), $returnPath, 'page_updated'); if ($wantsJson) { - $_SESSION['page_edit_mode'][$slug] = 1; + $markEditMode($slug); Router::json(['ok' => true, 'redirect' => $returnPath]); } - $_SESSION['page_edit_mode'][$slug] = 1; + $markEditMode($slug); Router::redirect($returnPath); } diff --git a/pages/search/data().php b/pages/search/data().php index d6e7077..1079ca8 100644 --- a/pages/search/data().php +++ b/pages/search/data().php @@ -1,13 +1,15 @@ all(); Guard::requireLogin(); gridRequireGetRequest(); -$userId = (int) ($_SESSION['user']['id'] ?? 0); +$userId = (int) ($session['user']['id'] ?? 0); $filters = gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php'); if ($filters['search'] === '') { diff --git a/pages/search/index().php b/pages/search/index().php index f7bc287..b84fe1f 100644 --- a/pages/search/index().php +++ b/pages/search/index().php @@ -1,9 +1,11 @@ all(); Guard::requireLogin(); $filterSchema = require __DIR__ . '/filter-schema.php'; @@ -24,7 +26,7 @@ $clientFilterSchema = $listFilterContext['clientFilterSchema']; $searchConfig = $listFilterContext['searchConfig']; $csrfKey = Session::$csrfSessionKey; -$csrfToken = $_SESSION[$csrfKey] ?? ''; +$csrfToken = $session[$csrfKey] ?? ''; Buffer::set('title', t('Search results')); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));