From bcc271d260cdf64aecbbb2004f7e5abd8637a447 Mon Sep 17 00:00:00 2001 From: michael Date: Mon, 20 Jan 2003 10:24:00 +0000 Subject: [PATCH] moved session and control classes to lib/session --- lib/Session.inc | 171 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- lib/control.inc | 113 ----------------------------------------------------------------------------------------------------------------- lib/session/Session.inc | 171 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/session/control.inc | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 286 insertions(+), 284 deletions(-) delete mode 100644 lib/Session.inc delete mode 100644 lib/control.inc create mode 100644 lib/session/Session.inc create mode 100644 lib/session/control.inc diff --git a/lib/Session.inc b/lib/Session.inc deleted file mode 100644 index bb6a0b0..0000000 --- a/lib/Session.inc +++ /dev/null @@ -1,171 +0,0 @@ -, Jam Warehouse (Pty) Ltd, South Africa - * @version $Revision$ - * @package lib.session - */ -class Session { - - /** - * Creates a session. - * - * @param int the id of the user to create a session for - * @return string the generated sessionID - */ - function create($userID) { - global $default; - - session_start(); - - // bind user id to session - $_SESSION["userID"] = $userID; - - // use the PHP generated session id - $sessionID = session_id(); - - // retrieve client ip - $ip = $this->getClientIP(); - - $default->log->debug("Session::create() new session for $userID, from $ip, sessionID=$sessionID"); - - // insert session information into db - $sql = new Owl_DB; - $query = "INSERT INTO $default->owl_sessions_table (session_id, user_id, lastused, ip) VALUES ('$sessionID', '$userID', '" . date("Y-m-d H:i:s", time()) . "', '$ip')"; - - $result = $sql->query($query); - if(!$result) { - die("$lang_err_sess_write"); - } - - return $sessionID; - } - - /** - * Destroys the current session. - */ - function destroy() { - global $default; - - session_start(); - // remove the session information from the database - $sql = new Owl_DB; - $query = "DELETE FROM $default->owl_sessions_table WHERE session_id = '" . session_id() . "'"; - $sql->query($query); - - // remove the php4 session - session_unset(); - session_destroy(); - } - - /** - * Removes any stale sessions for the specified userID - * - * @param int the userID to remove stale sessions for - */ - function removeStaleSessions($userID) { - global $default; - // deletes any sessions for this userID where the default timeout has elapsed. - $time = time() - $default->owl_timeout; - $sql = new Owl_DB; - $sql->query("DELETE FROM $default->owl_sessions_table WHERE user_id = '" . $userID . "' AND lastused <= '" . formatDateTime($time) . "'"); - } - - /** - * Used to verify the current user's session. - * - * @return int session verification status - */ - function verify() { - global $default, $lang_sesstimeout, $lang_sessinuse, $lang_err_sess_notvalid; - - session_start(); - $sessionID = session_id(); - $default->log->debug("Session::verify() retrieved sessionID=$sessionID"); - if (strlen($sessionID) > 0) { - // initialise return status - $sessionStatus = 0; - - // this should be an existing session, so check the db - $sql = new Owl_DB; - $sql->query("SELECT * FROM $default->owl_sessions_table WHERE session_id = '$sessionID'"); - $numrows = $sql->num_rows($sql); - - // FIXME: if there aren't more rows that the max sessions for this user - if ($numrows >= 1) { - $userID = $sql->f("user_id"); - $default->log->debug("Session::verify() found session in db"); - while($sql->next_record()) { - $ip = $this->getClientIP(); - // check that ip matches - if ($ip == $sql->f("ip")) { - // now check if the timeout has been exceeded - $lastused = $sql->f("lastused"); - $default->log->debug("Session::verify() lastused=$lastused; str=" . strtotime($lastused)); - $default->log->debug("Session::verify() current time=" . time()); - $diff = time() - strtotime($lastused); - $default->log->debug("Session::verify() timeout = " . $default->owl_timeout . "; diff=$diff"); - if($diff <= $default->owl_timeout) { - // session has been verified, update status - $sessionStatus = 1; - // use userID to refresh user details and set on session - - // ??: will this change during a user session? - // only set the userID if its not in the array already - if (!$_SESSION["userID"]) { - $_SESSION["userID"] = $sql->f("user_id"); - } - - // update last used timestamp - $sql->query("UPDATE $default->owl_sessions_table SET lastused = '" . getCurrentDateTime() ."' " . - "WHERE user_id = " . $_SESSION["userID"] . " AND session_id = '$sessionID'"); - // add the array to the session - $_SESSION["sessionStatus"] = $sessionStatus; - } else { - // session timed out status - $sessionStatus = 2; - // destroy this session - $this->destroy(); - // remove old sessions - Session::removeStaleSessions($userID); - $_SESSION["errorMessage"] = $lang_sesstimeout; - } - } else { - // session in use status - $sessionStatus = 3; - $_SESSION["errorMessage"] = $lang_sessinuse; - } - } - } - } else { - $default->log->error("verify() session not in db"); - // there is no session - return false; - } - // return the array - $default->log->debug("Session::verify() returning sessionStatus[\"status\"]=" . $sessionStatus); - return $sessionStatus; - } - - /** - * Retrieves and returns the IP address of the current user - */ - function getClientIP() { - // get client ip - if(getenv("HTTP_CLIENT_IP")) { - $ip = getenv("HTTP_CLIENT_IP"); - } elseif(getenv("HTTP_X_FORWARDED_FOR")) { - $forwardedip = getenv("HTTP_X_FORWARDED_FOR"); - list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip); - } else { - $ip = getenv("REMOTE_ADDR"); - } - return $ip; - } -} -?> diff --git a/lib/control.inc b/lib/control.inc deleted file mode 100644 index e9f5104..0000000 --- a/lib/control.inc +++ /dev/null @@ -1,113 +0,0 @@ -, Jam Warehouse (Pty) Ltd, South Africa - * @package lib.session - */ - -/** - * Redirects to the specified URL - * - * @param string the URL to forward to - */ -function redirect($url) { - // everything is relative to the root url - $url = $default->owl_root_url . $url; - header("Location: $url"); -} - -/** - * Performs a redirect through the controller. - * Takes a controller action and queryString and builds url. - * - * @param string the controller action - * @param string additional querystring vars - */ -function controllerRedirect($action, $queryString) { - // generate url - $ctlUrl = generateControllerUrl($action); - // append the rest of the url - $url = $ctlUrl . "&$queryString"; - // now redirect - redirect($url); -} - -/** - * Returns a controller url. - * - * @param string the controller action to generate a url for - * @return string the controller url - */ -function generateControllerUrl($action) { - return "/control.php?action=$action"; -} - -/** - * Generates a link via the control page, with the passed action - * - * @param string the controller action to generate a link for - * @return string the generated href - */ -function generateLink($action) { - return ""; -} - -/** - * Checks the current session and redirects to the login page - * if the redirect parameter is true. - * - * @param boolean whether to automatically redirect to the login page on session verification failure - */ -function checkSessionAndRedirect($bRedirect) { - global $default; - - $session = new Session(); - $sessionStatus = $session->verify(); - - if ($sessionStatus != 1) { - if ($bRedirect) { - // verification failed, redirect to login with error message - $default->log->debug("checkSession:: session check failed"); - $url = $default->owl_root_url . "/login.php?loginAction=loginForm"; - - $redirect = $_SERVER[PHP_SELF]; - if ((strlen($redirect) > 1) && ($redirect != "/control.php")) { - $default->log->debug("checkSession:: redirect url=$redirect"); - // this session verification failure represents either the first visit to - // the site OR a session timeout etc. (in which case we still want to bounce - // the user to the login page, and then back to whatever page they're on now) - $url = $url . "&redirect=" . $redirect; - } - $default->log->debug("checkSession:: about to redirect to $url"); - redirect($url); - } else { - return false; - } - } else { - $default->log->debug("checkSession:: returning true"); - return true; - } -} - -/** - * Verifies the current session - * Automatically redirects to the login page on session verification failure - */ -function checkSession() { - if (checkSessionAndRedirect(true)) { - // the session is cool, now check if we access to this page - if ($_SESSION["pageAccess"][basename($_SERVER['SCRIPT_FILENAME'])]) { - return true; - } else { - return false; - } - } - // if the check session fails, we'll be redirected to the login page -} diff --git a/lib/session/Session.inc b/lib/session/Session.inc new file mode 100644 index 0000000..bb6a0b0 --- /dev/null +++ b/lib/session/Session.inc @@ -0,0 +1,171 @@ +, Jam Warehouse (Pty) Ltd, South Africa + * @version $Revision$ + * @package lib.session + */ +class Session { + + /** + * Creates a session. + * + * @param int the id of the user to create a session for + * @return string the generated sessionID + */ + function create($userID) { + global $default; + + session_start(); + + // bind user id to session + $_SESSION["userID"] = $userID; + + // use the PHP generated session id + $sessionID = session_id(); + + // retrieve client ip + $ip = $this->getClientIP(); + + $default->log->debug("Session::create() new session for $userID, from $ip, sessionID=$sessionID"); + + // insert session information into db + $sql = new Owl_DB; + $query = "INSERT INTO $default->owl_sessions_table (session_id, user_id, lastused, ip) VALUES ('$sessionID', '$userID', '" . date("Y-m-d H:i:s", time()) . "', '$ip')"; + + $result = $sql->query($query); + if(!$result) { + die("$lang_err_sess_write"); + } + + return $sessionID; + } + + /** + * Destroys the current session. + */ + function destroy() { + global $default; + + session_start(); + // remove the session information from the database + $sql = new Owl_DB; + $query = "DELETE FROM $default->owl_sessions_table WHERE session_id = '" . session_id() . "'"; + $sql->query($query); + + // remove the php4 session + session_unset(); + session_destroy(); + } + + /** + * Removes any stale sessions for the specified userID + * + * @param int the userID to remove stale sessions for + */ + function removeStaleSessions($userID) { + global $default; + // deletes any sessions for this userID where the default timeout has elapsed. + $time = time() - $default->owl_timeout; + $sql = new Owl_DB; + $sql->query("DELETE FROM $default->owl_sessions_table WHERE user_id = '" . $userID . "' AND lastused <= '" . formatDateTime($time) . "'"); + } + + /** + * Used to verify the current user's session. + * + * @return int session verification status + */ + function verify() { + global $default, $lang_sesstimeout, $lang_sessinuse, $lang_err_sess_notvalid; + + session_start(); + $sessionID = session_id(); + $default->log->debug("Session::verify() retrieved sessionID=$sessionID"); + if (strlen($sessionID) > 0) { + // initialise return status + $sessionStatus = 0; + + // this should be an existing session, so check the db + $sql = new Owl_DB; + $sql->query("SELECT * FROM $default->owl_sessions_table WHERE session_id = '$sessionID'"); + $numrows = $sql->num_rows($sql); + + // FIXME: if there aren't more rows that the max sessions for this user + if ($numrows >= 1) { + $userID = $sql->f("user_id"); + $default->log->debug("Session::verify() found session in db"); + while($sql->next_record()) { + $ip = $this->getClientIP(); + // check that ip matches + if ($ip == $sql->f("ip")) { + // now check if the timeout has been exceeded + $lastused = $sql->f("lastused"); + $default->log->debug("Session::verify() lastused=$lastused; str=" . strtotime($lastused)); + $default->log->debug("Session::verify() current time=" . time()); + $diff = time() - strtotime($lastused); + $default->log->debug("Session::verify() timeout = " . $default->owl_timeout . "; diff=$diff"); + if($diff <= $default->owl_timeout) { + // session has been verified, update status + $sessionStatus = 1; + // use userID to refresh user details and set on session + + // ??: will this change during a user session? + // only set the userID if its not in the array already + if (!$_SESSION["userID"]) { + $_SESSION["userID"] = $sql->f("user_id"); + } + + // update last used timestamp + $sql->query("UPDATE $default->owl_sessions_table SET lastused = '" . getCurrentDateTime() ."' " . + "WHERE user_id = " . $_SESSION["userID"] . " AND session_id = '$sessionID'"); + // add the array to the session + $_SESSION["sessionStatus"] = $sessionStatus; + } else { + // session timed out status + $sessionStatus = 2; + // destroy this session + $this->destroy(); + // remove old sessions + Session::removeStaleSessions($userID); + $_SESSION["errorMessage"] = $lang_sesstimeout; + } + } else { + // session in use status + $sessionStatus = 3; + $_SESSION["errorMessage"] = $lang_sessinuse; + } + } + } + } else { + $default->log->error("verify() session not in db"); + // there is no session + return false; + } + // return the array + $default->log->debug("Session::verify() returning sessionStatus[\"status\"]=" . $sessionStatus); + return $sessionStatus; + } + + /** + * Retrieves and returns the IP address of the current user + */ + function getClientIP() { + // get client ip + if(getenv("HTTP_CLIENT_IP")) { + $ip = getenv("HTTP_CLIENT_IP"); + } elseif(getenv("HTTP_X_FORWARDED_FOR")) { + $forwardedip = getenv("HTTP_X_FORWARDED_FOR"); + list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip); + } else { + $ip = getenv("REMOTE_ADDR"); + } + return $ip; + } +} +?> diff --git a/lib/session/control.inc b/lib/session/control.inc new file mode 100644 index 0000000..513761e --- /dev/null +++ b/lib/session/control.inc @@ -0,0 +1,115 @@ +, Jam Warehouse (Pty) Ltd, South Africa + * @package lib.session + */ + +/** + * Redirects to the specified URL + * + * @param string the URL to forward to + */ +function redirect($url) { + // everything is relative to the root url + $url = $default->owl_root_url . $url; + header("Location: $url"); +} + +/** + * Performs a redirect through the controller. + * Takes a controller action and queryString and builds url. + * + * @param string the controller action + * @param string additional querystring vars + */ +function controllerRedirect($action, $queryString) { + // generate url + $ctlUrl = generateControllerUrl($action); + // append the rest of the url + $url = $ctlUrl . "&$queryString"; + // now redirect + redirect($url); +} + +/** + * Returns a controller url. + * + * @param string the controller action to generate a url for + * @return string the controller url + */ +function generateControllerUrl($action) { + return "/control.php?action=$action"; +} + +/** + * Generates a link via the control page, with the passed action + * + * @param string the controller action to generate a link for + * @return string the generated href + */ +function generateLink($action) { + return ""; +} + +/** + * Checks the current session and redirects to the login page + * if the redirect parameter is true. + * + * @param boolean whether to automatically redirect to the login page on session verification failure + */ +function checkSessionAndRedirect($bRedirect) { + global $default; + + $session = new Session(); + $sessionStatus = $session->verify(); + + if ($sessionStatus != 1) { + if ($bRedirect) { + // verification failed, redirect to login with error message + $default->log->debug("checkSession:: session check failed"); + $url = $default->owl_root_url . "/login.php?loginAction=loginForm"; + + $redirect = $_SERVER[PHP_SELF]; + if ((strlen($redirect) > 1) && ($redirect != "/control.php")) { + $default->log->debug("checkSession:: redirect url=$redirect"); + // this session verification failure represents either the first visit to + // the site OR a session timeout etc. (in which case we still want to bounce + // the user to the login page, and then back to whatever page they're on now) + $url = $url . "&redirect=" . $redirect; + } + $default->log->debug("checkSession:: about to redirect to $url"); + redirect($url); + } else { + return false; + } + } else { + $default->log->debug("checkSession:: returning true"); + return true; + } +} + +/** + * Verifies the current session + * Automatically redirects to the login page on session verification failure + */ +function checkSession() { + global $default; + if (checkSessionAndRedirect(true)) { + // the session is cool, now check if we access to this page + $default->log->debug("control.inc page=" . $_SERVER['PHP_SELF']); + if ($_SESSION["pageAccess"][$_SERVER['PHP_SELF']]) { + return true; + } else { + return false; + } + } + // if the check session fails, we'll be redirected to the login page +} -- libgit2 0.21.4