Index: kernel/user/module.php =================================================================== --- kernel/user/module.php (revision 23151) +++ kernel/user/module.php (working copy) @@ -104,7 +104,7 @@ $ViewList['register'] = array( 'functions' => array( 'register' ), 'script' => 'register.php', - 'params' => array( ), + 'params' => array( 'redirect_number' ), 'ui_context' => 'edit', 'default_navigation_part' => 'ezmynavigationpart', 'single_post_actions' => array( 'PublishButton' => 'Publish', Index: kernel/user/register.php =================================================================== --- kernel/user/register.php (revision 23151) +++ kernel/user/register.php (working copy) @@ -28,6 +28,7 @@ $http = eZHTTPTool::instance(); $Module = $Params['Module']; +$redirectNumber = $Params['redirect_number']; if ( isset( $Params['UserParameters'] ) ) { @@ -57,6 +58,34 @@ // Create new user object if user is not logged in if ( !$http->hasSessionVariable( "RegisterUserID" ) ) { + // flag for user client that supports cookies and session validates + $userClientValidates = true; + $doValidationRedirect = false; + if ( !eZSession::userHasSessionCookie() ) + { + if ( $redirectNumber == '2' ) + $userClientValidates = false; + else + $doValidationRedirect = true; + } + else if ( !eZSession::userSessionIsValid() ) + { + if ( $redirectNumber == '2' ) + $userClientValidates = false; + else + $doValidationRedirect = true; + } + + if ( $doValidationRedirect ) + { + return $Module->redirectTo( '/user/register/2' ); + } + else if ( !$userClientValidates ) + { + return $Module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' ); + } + // else create user object + $ini = eZINI::instance(); $errMsg = ''; $checkErrNodeId = false; @@ -94,7 +123,7 @@ 'is_main' => 1 ) ); $nodeAssignment->store(); } -else if ( $http->hasSessionVariable( "RegisterUserID" ) ) +else { $userID = $http->sessionVariable( "RegisterUserID" ); } Index: lib/ezutils/classes/ezsession.php =================================================================== --- lib/ezutils/classes/ezsession.php (revision 23151) +++ lib/ezutils/classes/ezsession.php (working copy) @@ -104,9 +104,16 @@ * * @access protected */ - static protected $hasSessionCookie = false; + static protected $hasSessionCookie = null; /** + * Flag if user session validated when reading data from session, set in {@link eZSession::internalRead()}. + * + * @access protected + */ + static protected $userSessionIsValid = null; + + /** * User session hash (ip + ua string), set in {@link eZSession::registerFunctions()}. * * @access protected @@ -187,8 +194,13 @@ eZDebug::writeNotice( 'User ('. $sessionRes[0]['user_id'] .') hash did not match, regenerating session id for the user to avoid potentially hijack session attempt.', 'eZSession::internalRead' ); self::regenerate( false ); self::$userID = 0; + self::$userSessionIsValid = false; return false; } + else if ( self::$userSessionIsValid === null ) + { + self::$userSessionIsValid = true; + } self::$userID = $sessionRes[0]['user_id']; } $ini = eZINI::instance(); @@ -586,6 +598,33 @@ } /** + * Returns if user had session cookie at start of request or not. + * + * @return bool|null returns null if session is not started yet. + */ + static public function userHasSessionCookie() + { + return self::$hasSessionCookie; + } + + /** + * Returns if user session validated against stored data in db + * or if it was invalidated during the current request. + * + * @return bool|null returns null if user is not validated yet. + */ + static public function userSessionIsValid() + { + // force a session read if session has started but not yet used + if ( self::$userSessionIsValid === null && + self::$hasSessionCookie === true ) + { + $tempSession = $_SESSION; + } + return self::$userSessionIsValid; + } + + /** * Adds a callback function, to be triggered by {@link eZSession::triggerCallback()} * when a certan session event occurs. * Use: eZSession::addCallback('gc_pre', myCustomGarabageFunction );