Peter M. Groen / knowledgetree

Session.inc 5.19 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 
<?php
/**
 * $Id$
 *
 * This class is used for session management.
 *
 * @author owl sourceforge team
 * @version $Revision$
 * @package Owl
 */
class Session {

    /**
     * Creates a session.
     *
     * @param $userID
     *	      user identifier
     * @return $sessionID
     * 	      returns the generated sessionID
     */
	function create($userID) {
        global $default;
        
        session_start();
        
        // bind userID to session
        $_SESSION['userID'] = $userID;
        // lookup user class and add to session
        //$_SESSION['userClass'] = lookupUserClass($userID);
        
        // lookup group id and add to session
        //$_SESSION['groupID'] = lookupGroupID($userID);
        $_SESSION['groupID'] = owlusergroup($userID);
        
        // use the PHP generated session id
        $sessionID = session_id();
        

        // retrieve client ip
        if(getenv("HTTP_CLIENT_IP")) {
            $ip = getenv("HTTP_CLIENT_IP");
        } elseif(getenv("HTTP_X_FORWARDED_FOR")) {
            $forwardedip = getenv("HTTP_X_FORWARDED_FOR");
            list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);
        } else {
            $ip = getenv("REMOTE_ADDR");
        }
        
        $current = time();
        // insert session information into db
        $sql = new Owl_DB;
        $result = $sql->query("insert into $default->owl_sessions_table (id, user_id, lastused, ip) values ('$sessionID', '$userID', '$current', '$ip')");        
        if(!'result') {
            die("$lang_err_sess_write");
        }

		return $sessionID;
	}
    
    /**
     * Destroys the current session.
     */
    function destroy() {
        global $default;

        session_start();
        // remove the session information from the database
        $sql = new Owl_DB;
        $query = "delete from $default->owl_sessions_table where id = '" . session_id() . "'";
        $sql->query($query);

        // remove the php4 session
        session_unset();
        session_destroy();
    }
    
    /**
     * Removes any stale sessions for the specified userID
     *
     * @param userID
     *        the userID to remove stale sessions for
     */
    function removeStaleSessions($userID) {
        global $default;
        // deletes any sessions for this userID where the default timeout has elapsed.
        $time = time() -  $default->owl_timeout;
        $sql = new Owl_DB;
        $sql->query("delete from $default->owl_sessions_table where user_id = '" . $userID . "' and lastused <= $time ");
    }
    
    /**
     * Used to verify the current user's session.
     *
     * @return 
     *        array containing the userID, groupID and session verification status
     */
    function verify() {       
        getprefs();
        global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin;
        session_start();
        
        $sessionID = session_id();
        
        // initialise return status
        $verified["status"] = 0;
        
        // this should be an existing session, so check the db
        $sql = new Owl_DB; 
        $sql->query("select * from $default->owl_sessions_table where id = '$sessionID'");
        $numrows = $sql->num_rows($sql);
        $time = time();
        
        if ($numrows == "1") {
            while($sql->next_record()) {
                // get client ip 
                if(getenv("HTTP_CLIENT_IP")) {
                    $ip = getenv("HTTP_CLIENT_IP");
                } elseif(getenv("HTTP_X_FORWARDED_FOR")) {
                    $forwardedip = getenv("HTTP_X_FORWARDED_FOR");
                    list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);
                } else {
                    $ip = getenv("REMOTE_ADDR");
                }
                
                // check that ip matches
                if ($ip == $sql->f("ip")) {
                    // if timeout not exceeded
                    if(($time - $sql->f("lastused")) <= $default->owl_timeout) {
                        // set verified status
                        $verified["status"] = 1;
                        // update userID? this should be the same value on the session
                        $verified["userID"] = $sql->f("uid");
                        $sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'");
                        while($sql->next_record()) {
                            $verified["groupID"] = $sql->f("groupid");
                        }
                        // session verified, so update last user time
                        $lastused = time();
                        $userID = $sessionStatus["userID"];
                        $sql->query("update $default->owl_sessions_table set lastused = '$lastused' where user_id = '$userID'");

                    } else {
                        // session time out status
                        $verified["status"] = 2;
                        $verified["errorMessage"] = $lang_sesstimeout;
                    }
                } else {
                    // session in use status
                    $verified["status"] = 3;
                    $verified["errorMessage"] = $lang_sessinuse;
                }
            }
        }
        return $verified;
    }    
}
?>