Peter M. Groen / knowledgetree

Commit 27daf46d4e2fdaec8ff06097d0e4add622100710

Authored by michael
1 parent 9d970cb7

added modified Owl_Session class 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@42 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 157 additions and 0 deletions
lib/Session.inc 0 → 100644
  View file @27daf46
  1 +<?php
  2 +/**
  3 + * $Id$
  4 + *
  5 + * This class is used for session management.
  6 + *
  7 + * @author owl sourceforge team
  8 + * @version $Revision$
  9 + * @package Owl
  10 + */
  11 +class Session {
  12 +
  13 + /**
  14 + * Creates a session.
  15 + *
  16 + * @param $userID
  17 + * user identifier
  18 + * @return $sessionID
  19 + * returns the generated sessionID
  20 + */
  21 + function create($userID) {
  22 + global $default;
  23 +
  24 + // create the session id from a md5 of the current time
  25 + $current = time();
  26 + //$random = $this->sessionID . $current;
  27 + $sessionID = md5($current);
  28 + $sql = new Owl_DB;
  29 +
  30 + // retrieve client ip
  31 + if(getenv("HTTP_CLIENT_IP")) {
  32 + $ip = getenv("HTTP_CLIENT_IP");
  33 + } elseif(getenv("HTTP_X_FORWARDED_FOR")) {
  34 + $forwardedip = getenv("HTTP_X_FORWARDED_FOR");
  35 + list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);
  36 + } else {
  37 + $ip = getenv("REMOTE_ADDR");
  38 + }
  39 +
  40 + // insert session information into db
  41 + $result = $sql->query("insert into $default->owl_sessions_table values ('$sessionID', '$userID', '$current', '$ip')");
  42 +
  43 + if(!'result') {
  44 + die("$lang_err_sess_write");
  45 + }
  46 +
  47 + return $sessionID;
  48 + }
  49 +
  50 + /**
  51 + * Removes the specified session from the application.
  52 + *
  53 + * @param sessionID
  54 + * the session to remove
  55 + */
  56 + function remove($sessionID) {
  57 + $sql = new Owl_DB;
  58 + $sql->query("delete from $default->owl_sessions_table where sessid = '$sessionID'");
  59 + }
  60 +
  61 + /**
  62 + * Removes any stale sessions for the specified userID
  63 + *
  64 + * @param userID
  65 + * the userID to remove stale sessions for
  66 + */
  67 + function removeStateSessions($userID) {
  68 + $time = time() - $default->owl_timeout;
  69 + $sql = new Owl_DB;
  70 + $sql->query("delete from $default->owl_sessions_table where uid = '" . $userID . "' and lastused <= $time ");
  71 + }
  72 +
  73 + /**
  74 + * Used to verify a users session
  75 + *
  76 + * @param $sessionID
  77 + * The session id to verify
  78 + * @return
  79 + * array containing the userID, groupID and session verifiction status
  80 + */
  81 + function verify($sessionID) {
  82 +
  83 + getprefs();
  84 + global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin;
  85 + $sess = ltrim($sessionID);
  86 + // initialise return status
  87 + $verified["status"] = 0;
  88 +
  89 + // this should be an existing session, so check the db
  90 + $sql = new Owl_DB;
  91 + $sql->query("select * from $default->owl_sessions_table where sessid = '$sessionID'");
  92 + $numrows = $sql->num_rows($sql);
  93 + $time = time();
  94 +
  95 + if ($numrows == "1") {
  96 + while($sql->next_record()) {
  97 + // get client ip
  98 + if(getenv("HTTP_CLIENT_IP")) {
  99 + $ip = getenv("HTTP_CLIENT_IP");
  100 + } elseif(getenv("HTTP_X_FORWARDED_FOR")) {
  101 + $forwardedip = getenv("HTTP_X_FORWARDED_FOR");
  102 + list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);
  103 + } else {
  104 + $ip = getenv("REMOTE_ADDR");
  105 + }
  106 +
  107 + // check that ip matches
  108 + if ($ip == $sql->f("ip")) {
  109 + // if timeout not exceeded
  110 + if(($time - $sql->f("lastused")) <= $default->owl_timeout) {
  111 + $verified["status"] = 1;
  112 + $verified["userID"] = $sql->f("uid");
  113 + $sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'");
  114 + while($sql->next_record()) {
  115 + $verified["groupID"] = $sql->f("groupid");
  116 + }
  117 + } else {
  118 + // TODO: don't want html here
  119 + // session time out status
  120 + $verified["status"] = 2;
  121 + /*
  122 + // Bozz Bug Fix begin
  123 + if (file_exists("./lib/header.inc")) {
  124 + include("./lib/header.inc");
  125 + } else {
  126 + include("../lib/header.inc");
  127 + }
  128 + // Bozz Bug Fix End
  129 + print("<BR><BR><CENTER>".$lang_sesstimeout);
  130 + if ($parent == "" || $fileid == "") {
  131 + print("<A HREF='$default->owl_root_url/index.php'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");
  132 + } else {
  133 + print("<A HREF='$default->owl_root_url/index.php?parent=$parent&fileid=$fileid'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");
  134 + }
  135 + exit();*/
  136 + }
  137 + } else {
  138 + // session in use status
  139 + $verified["status"] = 3;
  140 + /*
  141 + // Bozz Bug Fix begin
  142 + if (file_exists("./lib/header.inc")) {
  143 + include("./lib/header.inc");
  144 + } else {
  145 + include("../lib/header.inc");
  146 + }
  147 + // Bozz Bug Fix End
  148 + print("<BR><BR><CENTER>".$lang_sessinuse);
  149 + exit;
  150 + */
  151 + }
  152 + }
  153 + }
  154 + return $verified;
  155 + }
  156 +}
  157 +?>
... ...