We heavily rely on PHP's session management. This discusses the standard ways of using session variables in moregroupware and introduces you to some predefined variables and objects.
![[Important]](images/admonitions/important.png) | Important |
|---|---|
Since we want more.groupware to work with register_globals being set to off, always use $_SESSION to access session variables! | |
![[Note]](images/admonitions/note.png) | Note |
|---|---|
When using $_SESSION (as we do), the use of functions like session_register() or session_is_registered() is forbidden (see PHP manual). Instead one should assign values to the $_SESSION array directly, and use isset() instead of session_is_registered(). | |
There are a few things always available in the $_SESSION array for use in your module. One of those things is $_SESSION['MGW'], which is an instance of the MGW class, and holds information about the current user (e.g. $_SESSION['MGW']->userid) and some more interesting things. There is $_SESSION['MGW']->settings, which holds all of the user settings, there are the users rights, and more.
| Note |
|---|---|
You do not need to worry about starting the session usually. If you work on a regular module, the session will be started by the more.groupware code for you. | |
Example 21.5. Checking for the ID and rights of the current user.
Here we do two things together. We check for the ID of the current user and access the user rights information.Be aware that those will hopefully change ASAP!
if(($_SESSION["MGW"]->rights["contact"]->modify and $row["owner"] == $_SESSION["MGW"]->userid)
OR ($_SESSION["MGW"]->rights["contact"]->modify_others and $row["owner"] <> $_SESSION["MGW"]->userid)) {
$editlink = "<a href=\"".$_SERVER['PHP_SELF']."?mod=contact&obj=person&view=editform&id=$myid&act=$action&searchterm=$searchterm&list=$list&npage=$curr_page&".SID."\" class=\"edit\">".$icons["edit"]."</a>";
}
else {
$editlink = "";
}
Example 21.6. Checking for user settings.
Note the third line, there we check the use_webmail setting.
function linkEmail($email){
if($email!=""){
if($_SESSION["MGW"]->settings["use_webmail"] == 1) $email="<a href=\"../webmail2/index.php?rightframe=".rawurlencode("sendmail.php?to=".$email)."&".SID."\">".$email."</a>";
else $email = "<a href=\"mailto:".$email."\">".$email."</a>";
}
return $email;
}
There was a problem with conflicting session names, caused relying on the default session name provided by PHP (see bug #550122 and feature request #564819) when using more than one application using sessions simultaneously.
So we want this to be something other then PHPSESSID, it defaults to MGWSESSID, and is configurable in config.inc.php. To make this work, a few things are needed:
Before every session_start(), a call to session_name() has to be done. There are only a few places where this is needed. If you are writing a module there should be no need to worry about this.
The must not use $PHPSESSID (or $MGWSESSID). If this is used, links will stop to work after changing the session name. Use the constant SID instead!
Templates must use {$SESSION} when creating links directly, and use {$SESSIONNAME} and {$SESSIONID} when creating hidden input fields in forms.
There are three Smarty assignments in appconfig.inc, these populate the variables explained in above.
The following examples show typical uses of the variables explained above. The first shows how to create a hidden form field for passing the session. The second show a line from a template creating a simple link. The third shows how to create HTML links in PHP.
Example 21.7. Creating a hidden form field for session passing.
<form name="f1" action="{$phpself}" method="POST">
<input type="hidden" name="{$SESSIONNAME}" value="{$SESSIONID}" />
...
</form>
Example 21.8. Creating a regular link for session passing.
<a href="index.php?mod=todo&obj=item&view=newform&{$SESSION}" class="new">{$new}</a>
Note the use of the predefined (uppercase) variables in Smarty. Those get defined in appconfig.inc. The following example uses the standard PHP constant SID.
Example 21.9. Creating a regular link for session passing in PHP.
// build action urls
$detlink = "<a href=\"".$_SERVER['PHP_SELF']."?mod=todo&obj=item&view=details&id=$myid&ty=dto&".SID."\" CLASS=\"edit\">".$icons["details"]."</a>";
$editlink = "<a href=\"".$_SERVER['PHP_SELF']."?mod=todo&obj=item&view=editform&id=$myid&".SID."\" CLASS=\"edit\">".$icons["edit"]."</a>";
The todo module uses $_SESSION["todo"][...] to store the state of viewing (current items/archive) and the searchterm used in searching. This makes those persistent, without having to worry about each and every link, and whether it adds those to the URL, or not. Other modules might store more, e.g. the current page being viewed, if paged result sets are used.
Just use the name of your module as the first array index, to avoid name clashes and overwriting other information.