Session.inc
5.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
/**
* $Id$
*
* This class is used for session management.
*
* @author owl sourceforge team
* @version $Revision$
* @package Owl
*/
class Session {
/**
* Creates a session.
*
* @param $userID
* user identifier
* @return $sessionID
* returns the generated sessionID
*/
function create($userID) {
global $default;
// create the session id from a md5 of the current time
$current = time();
//$random = $this->sessionID . $current;
$sessionID = md5($current);
$sql = new Owl_DB;
// retrieve client ip
if(getenv("HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
} elseif(getenv("HTTP_X_FORWARDED_FOR")) {
$forwardedip = getenv("HTTP_X_FORWARDED_FOR");
list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);
} else {
$ip = getenv("REMOTE_ADDR");
}
// insert session information into db
$result = $sql->query("insert into $default->owl_sessions_table values ('$sessionID', '$userID', '$current', '$ip')");
if(!'result') {
die("$lang_err_sess_write");
}
return $sessionID;
}
/**
* Removes the specified session from the application.
*
* @param sessionID
* the session to remove
*/
function remove($sessionID) {
$sql = new Owl_DB;
$sql->query("delete from $default->owl_sessions_table where sessid = '$sessionID'");
}
/**
* Removes any stale sessions for the specified userID
*
* @param userID
* the userID to remove stale sessions for
*/
function removeStateSessions($userID) {
$time = time() - $default->owl_timeout;
$sql = new Owl_DB;
$sql->query("delete from $default->owl_sessions_table where uid = '" . $userID . "' and lastused <= $time ");
}
/**
* Used to verify a users session
*
* @param $sessionID
* The session id to verify
* @return
* array containing the userID, groupID and session verifiction status
*/
function verify($sessionID) {
getprefs();
global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin;
$sess = ltrim($sessionID);
// initialise return status
$verified["status"] = 0;
// this should be an existing session, so check the db
$sql = new Owl_DB;
$sql->query("select * from $default->owl_sessions_table where sessid = '$sessionID'");
$numrows = $sql->num_rows($sql);
$time = time();
if ($numrows == "1") {
while($sql->next_record()) {
// get client ip
if(getenv("HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
} elseif(getenv("HTTP_X_FORWARDED_FOR")) {
$forwardedip = getenv("HTTP_X_FORWARDED_FOR");
list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);
} else {
$ip = getenv("REMOTE_ADDR");
}
// check that ip matches
if ($ip == $sql->f("ip")) {
// if timeout not exceeded
if(($time - $sql->f("lastused")) <= $default->owl_timeout) {
$verified["status"] = 1;
$verified["userID"] = $sql->f("uid");
$sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'");
while($sql->next_record()) {
$verified["groupID"] = $sql->f("groupid");
}
} else {
// TODO: don't want html here
// session time out status
$verified["status"] = 2;
/*
// Bozz Bug Fix begin
if (file_exists("./lib/header.inc")) {
include("./lib/header.inc");
} else {
include("../lib/header.inc");
}
// Bozz Bug Fix End
print("<BR><BR><CENTER>".$lang_sesstimeout);
if ($parent == "" || $fileid == "") {
print("<A HREF='$default->owl_root_url/index.php'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");
} else {
print("<A HREF='$default->owl_root_url/index.php?parent=$parent&fileid=$fileid'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");
}
exit();*/
}
} else {
// session in use status
$verified["status"] = 3;
/*
// Bozz Bug Fix begin
if (file_exists("./lib/header.inc")) {
include("./lib/header.inc");
} else {
include("../lib/header.inc");
}
// Bozz Bug Fix End
print("<BR><BR><CENTER>".$lang_sessinuse);
exit;
*/
}
}
}
return $verified;
}
}
?>