Commit bec1cb0b6e70e1fee9d9754d22066c48cb06dc83
1 parent
cda2eb97
almost finished session handling
refactored ip method git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@125 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
76 additions
and
70 deletions
lib/Session.inc
| ... | ... | @@ -24,30 +24,21 @@ class Session { |
| 24 | 24 | session_start(); |
| 25 | 25 | |
| 26 | 26 | // bind userID to session |
| 27 | - $_SESSION['userID'] = $userID; | |
| 27 | + $_SESSION["userID"] = $userID; | |
| 28 | 28 | |
| 29 | 29 | // lookup group id and add to session |
| 30 | - //$_SESSION['groupID'] = lookupGroupID($userID); | |
| 31 | - $_SESSION['groupID'] = owlusergroup($userID); | |
| 30 | + $_SESSION["groupID"] = owlusergroup($userID); | |
| 32 | 31 | |
| 33 | 32 | // use the PHP generated session id |
| 34 | 33 | $sessionID = session_id(); |
| 35 | 34 | |
| 36 | 35 | // retrieve client ip |
| 37 | - if(getenv("HTTP_CLIENT_IP")) { | |
| 38 | - $ip = getenv("HTTP_CLIENT_IP"); | |
| 39 | - } elseif(getenv("HTTP_X_FORWARDED_FOR")) { | |
| 40 | - $forwardedip = getenv("HTTP_X_FORWARDED_FOR"); | |
| 41 | - list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip); | |
| 42 | - } else { | |
| 43 | - $ip = getenv("REMOTE_ADDR"); | |
| 44 | - } | |
| 45 | - | |
| 46 | - $current = time(); | |
| 36 | + $ip = $this->getClientIP(); | |
| 47 | 37 | |
| 48 | 38 | // insert session information into db |
| 49 | 39 | $sql = new Owl_DB; |
| 50 | - $query = "insert into $default->owl_sessions_table (id, user_id, lastused, ip) values ('$sessionID', '$userID', '" . date("Y-m-d H:i:s",$current) . "', '$ip')"; | |
| 40 | + $query = "insert into $default->owl_sessions_table (session_id, user_id, lastused, ip) values ('$sessionID', '$userID', '" . date("Y-m-d H:i:s", time()) . "', '$ip')"; | |
| 41 | + //echo "query=$query<br>"; | |
| 51 | 42 | $result = $sql->query($query); |
| 52 | 43 | if(!$result) { |
| 53 | 44 | die("$lang_err_sess_write"); |
| ... | ... | @@ -65,7 +56,7 @@ class Session { |
| 65 | 56 | session_start(); |
| 66 | 57 | // remove the session information from the database |
| 67 | 58 | $sql = new Owl_DB; |
| 68 | - $query = "delete from $default->owl_sessions_table where id = '" . session_id() . "'"; | |
| 59 | + $query = "delete from $default->owl_sessions_table where session_id = '" . session_id() . "'"; | |
| 69 | 60 | $sql->query($query); |
| 70 | 61 | |
| 71 | 62 | // remove the php4 session |
| ... | ... | @@ -84,77 +75,92 @@ class Session { |
| 84 | 75 | // deletes any sessions for this userID where the default timeout has elapsed. |
| 85 | 76 | $time = time() - $default->owl_timeout; |
| 86 | 77 | $sql = new Owl_DB; |
| 87 | - $sql->query("delete from $default->owl_sessions_table where user_id = '" . $userID . "' and lastused <= $time "); | |
| 78 | + $sql->query("delete from $default->owl_sessions_table where user_id = '" . $userID . "' and lastused <= '" . date("Y-m-d H:i:s",$time) . "'"); | |
| 88 | 79 | } |
| 89 | - | |
| 80 | + | |
| 90 | 81 | /** |
| 91 | 82 | * Used to verify the current user's session. |
| 92 | 83 | * |
| 93 | 84 | * @return |
| 94 | 85 | * array containing the userID, groupID and session verification status |
| 95 | 86 | */ |
| 96 | - function verify() { | |
| 87 | + function verify() { | |
| 88 | + global $default, $lang_sesstimeout, $lang_sessinuse, $lang_err_sess_notvalid; | |
| 89 | + | |
| 97 | 90 | getprefs(); |
| 98 | - global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin; | |
| 99 | - session_start(); | |
| 100 | 91 | |
| 101 | 92 | $sessionID = session_id(); |
| 93 | + if (strlen($sessionID) > 0) { | |
| 102 | 94 | |
| 103 | - // initialise return status | |
| 104 | - $verified["status"] = 0; | |
| 105 | - | |
| 106 | - // this should be an existing session, so check the db | |
| 107 | - $sql = new Owl_DB; | |
| 108 | - $sql->query("select * from $default->owl_sessions_table where id = '$sessionID'"); | |
| 109 | - $numrows = $sql->num_rows($sql); | |
| 110 | - $time = time(); | |
| 111 | - | |
| 112 | - if ($numrows == "1") { | |
| 113 | - while($sql->next_record()) { | |
| 114 | - // get client ip | |
| 115 | - if(getenv("HTTP_CLIENT_IP")) { | |
| 116 | - $ip = getenv("HTTP_CLIENT_IP"); | |
| 117 | - } elseif(getenv("HTTP_X_FORWARDED_FOR")) { | |
| 118 | - $forwardedip = getenv("HTTP_X_FORWARDED_FOR"); | |
| 119 | - list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip); | |
| 120 | - } else { | |
| 121 | - $ip = getenv("REMOTE_ADDR"); | |
| 122 | - } | |
| 123 | - | |
| 124 | - // check that ip matches | |
| 125 | - if ($ip == $sql->f("ip")) { | |
| 126 | - // if timeout not exceeded | |
| 127 | - if(($time - strtotime($sql->f("lastused"))) <= $default->owl_timeout) { | |
| 128 | - // set verified status | |
| 129 | - $verified["status"] = 1; | |
| 130 | - // update userID? this should be the same value on the session | |
| 131 | - $verified["userID"] = $sql->f("user_id"); | |
| 132 | - $sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'"); | |
| 133 | - while($sql->next_record()) { | |
| 134 | - $verified["groupID"] = $sql->f("groupid"); | |
| 95 | + // initialise return status | |
| 96 | + $sessionStatus["status"] = 0; | |
| 97 | + | |
| 98 | + // this should be an existing session, so check the db | |
| 99 | + $sql = new Owl_DB; | |
| 100 | + $sql->query("select * from $default->owl_sessions_table where session_id = '$sessionID'"); | |
| 101 | + $numrows = $sql->num_rows($sql); | |
| 102 | + $time = time(); | |
| 103 | + | |
| 104 | + // found one match | |
| 105 | + if ($numrows == "1") { | |
| 106 | + while($sql->next_record()) { | |
| 107 | + $ip = $this->getClientIP(); | |
| 108 | + // check that ip matches | |
| 109 | + if ($ip == $sql->f("ip")) { | |
| 110 | + // now check if the timeout has been exceeded | |
| 111 | + if(($time - strtotime($sql->f("lastused"))) <= $default->owl_timeout) { | |
| 112 | + // session has been verified, update status | |
| 113 | + $sessionStatus["status"] = 1; | |
| 114 | + // only set the userID if its not in the array already | |
| 115 | + if (!$sessionStatus["userID"]) { | |
| 116 | + $sessionStatus["userID"] = $sql->f("user_id"); | |
| 117 | + } | |
| 118 | + // lookup the user | |
| 119 | + $sql->query("select * from $default->owl_users_table where id = '".$sessionStatus["userid"]."'"); | |
| 120 | + while($sql->next_record()) { | |
| 121 | + // only set the groupID if its not in the array already | |
| 122 | + if (!$sessionStatus["groupID"]) { | |
| 123 | + $sessionStatus["groupID"] = $sql->f("group_id"); | |
| 124 | + } | |
| 125 | + } | |
| 126 | + // update last used timestamps | |
| 127 | + $sql->query("update $default->owl_sessions_table set lastused = '" . date("Y-m-d H:i:s",time()) ."' where user_id = '" . $sessionStatus["userID"] . "'"); | |
| 128 | + // add the array to the session | |
| 129 | + $_SESSION["sessionStatus"] = $sessionStatus; | |
| 130 | + } else { | |
| 131 | + // session timed out status | |
| 132 | + $sessionStatus["status"] = 2; | |
| 133 | + $default->errorMessage = $lang_sesstimeout; | |
| 135 | 134 | } |
| 136 | - // session verified, so update last user time | |
| 137 | - $lastused = time(); | |
| 138 | - $userID = $sessionStatus["userID"]; | |
| 139 | - $sql->query("update $default->owl_sessions_table set lastused = '$lastused' where user_id = '$userID'"); | |
| 140 | - | |
| 141 | 135 | } else { |
| 142 | - // session timed out status | |
| 143 | - $verified["status"] = 2; | |
| 144 | - $default->errorMessage = $lang_sesstimeout; | |
| 136 | + // session in use status | |
| 137 | + $sessionStatus["status"] = 3; | |
| 138 | + $default->errorMessage = $lang_sessinuse; | |
| 145 | 139 | } |
| 146 | - } else { | |
| 147 | - // session in use status | |
| 148 | - $verified["status"] = 3; | |
| 149 | - $default->errorMessage = $lang_sessinuse; | |
| 150 | 140 | } |
| 151 | - } | |
| 141 | + } | |
| 142 | + } else { | |
| 143 | + // there is no session | |
| 144 | + return false; | |
| 152 | 145 | } |
| 153 | - // add this array to the session | |
| 154 | - session_register($sessionStatus); | |
| 155 | - | |
| 156 | - // also return the array for good measure | |
| 157 | - return $verified; | |
| 146 | + // return the array | |
| 147 | + return $sessionStatus; | |
| 148 | + } | |
| 149 | + | |
| 150 | + /** | |
| 151 | + * Retrieves and returns the IP address of the current user | |
| 152 | + */ | |
| 153 | + function getClientIP() { | |
| 154 | + // get client ip | |
| 155 | + if(getenv("HTTP_CLIENT_IP")) { | |
| 156 | + $ip = getenv("HTTP_CLIENT_IP"); | |
| 157 | + } elseif(getenv("HTTP_X_FORWARDED_FOR")) { | |
| 158 | + $forwardedip = getenv("HTTP_X_FORWARDED_FOR"); | |
| 159 | + list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip); | |
| 160 | + } else { | |
| 161 | + $ip = getenv("REMOTE_ADDR"); | |
| 162 | + } | |
| 163 | + return $ip; | |
| 158 | 164 | } |
| 159 | 165 | } |
| 160 | 166 | ?> | ... | ... |