Peter M. Groen / knowledgetree

Commit bec1cb0b6e70e1fee9d9754d22066c48cb06dc83

Authored by michael
1 parent cda2eb97

almost finished session handling 

refactored ip method


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@125 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 76 additions and 70 deletions
lib/Session.inc
  View file @bec1cb0
@@ -24,30 +24,21 @@ class Session { @@ -24,30 +24,21 @@ class Session {
24 session_start(); 24 session_start();
25 25
26 // bind userID to session 26 // bind userID to session
27 - $_SESSION['userID'] = $userID; 27 + $_SESSION["userID"] = $userID;
28 28
29 // lookup group id and add to session 29 // lookup group id and add to session
30 - //$_SESSION['groupID'] = lookupGroupID($userID);  
31 - $_SESSION['groupID'] = owlusergroup($userID); 30 + $_SESSION["groupID"] = owlusergroup($userID);
32 31
33 // use the PHP generated session id 32 // use the PHP generated session id
34 $sessionID = session_id(); 33 $sessionID = session_id();
35 34
36 // retrieve client ip 35 // retrieve client ip
37 - if(getenv("HTTP_CLIENT_IP")) {  
38 - $ip = getenv("HTTP_CLIENT_IP");  
39 - } elseif(getenv("HTTP_X_FORWARDED_FOR")) {  
40 - $forwardedip = getenv("HTTP_X_FORWARDED_FOR");  
41 - list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);  
42 - } else {  
43 - $ip = getenv("REMOTE_ADDR");  
44 - }  
45 -  
46 - $current = time(); 36 + $ip = $this->getClientIP();
47 37
48 // insert session information into db 38 // insert session information into db
49 $sql = new Owl_DB; 39 $sql = new Owl_DB;
50 - $query = "insert into $default->owl_sessions_table (id, user_id, lastused, ip) values ('$sessionID', '$userID', '" . date("Y-m-d H:i:s",$current) . "', '$ip')"; 40 + $query = "insert into $default->owl_sessions_table (session_id, user_id, lastused, ip) values ('$sessionID', '$userID', '" . date("Y-m-d H:i:s", time()) . "', '$ip')";
  41 + //echo "query=$query<br>";
51 $result = $sql->query($query); 42 $result = $sql->query($query);
52 if(!$result) { 43 if(!$result) {
53 die("$lang_err_sess_write"); 44 die("$lang_err_sess_write");
@@ -65,7 +56,7 @@ class Session { @@ -65,7 +56,7 @@ class Session {
65 session_start(); 56 session_start();
66 // remove the session information from the database 57 // remove the session information from the database
67 $sql = new Owl_DB; 58 $sql = new Owl_DB;
68 - $query = "delete from $default->owl_sessions_table where id = '" . session_id() . "'"; 59 + $query = "delete from $default->owl_sessions_table where session_id = '" . session_id() . "'";
69 $sql->query($query); 60 $sql->query($query);
70 61
71 // remove the php4 session 62 // remove the php4 session
@@ -84,77 +75,92 @@ class Session { @@ -84,77 +75,92 @@ class Session {
84 // deletes any sessions for this userID where the default timeout has elapsed. 75 // deletes any sessions for this userID where the default timeout has elapsed.
85 $time = time() - $default->owl_timeout; 76 $time = time() - $default->owl_timeout;
86 $sql = new Owl_DB; 77 $sql = new Owl_DB;
87 - $sql->query("delete from $default->owl_sessions_table where user_id = '" . $userID . "' and lastused <= $time "); 78 + $sql->query("delete from $default->owl_sessions_table where user_id = '" . $userID . "' and lastused <= '" . date("Y-m-d H:i:s",$time) . "'");
88 } 79 }
89 - 80 +
90 /** 81 /**
91 * Used to verify the current user's session. 82 * Used to verify the current user's session.
92 * 83 *
93 * @return 84 * @return
94 * array containing the userID, groupID and session verification status 85 * array containing the userID, groupID and session verification status
95 */ 86 */
96 - function verify() { 87 + function verify() {
  88 + global $default, $lang_sesstimeout, $lang_sessinuse, $lang_err_sess_notvalid;
  89 +
97 getprefs(); 90 getprefs();
98 - global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin;  
99 - session_start();  
100 91
101 $sessionID = session_id(); 92 $sessionID = session_id();
  93 + if (strlen($sessionID) > 0) {
102 94
103 - // initialise return status  
104 - $verified["status"] = 0;  
105 -  
106 - // this should be an existing session, so check the db  
107 - $sql = new Owl_DB;  
108 - $sql->query("select * from $default->owl_sessions_table where id = '$sessionID'");  
109 - $numrows = $sql->num_rows($sql);  
110 - $time = time();  
111 -  
112 - if ($numrows == "1") {  
113 - while($sql->next_record()) {  
114 - // get client ip  
115 - if(getenv("HTTP_CLIENT_IP")) {  
116 - $ip = getenv("HTTP_CLIENT_IP");  
117 - } elseif(getenv("HTTP_X_FORWARDED_FOR")) {  
118 - $forwardedip = getenv("HTTP_X_FORWARDED_FOR");  
119 - list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);  
120 - } else {  
121 - $ip = getenv("REMOTE_ADDR");  
122 - }  
123 -  
124 - // check that ip matches  
125 - if ($ip == $sql->f("ip")) {  
126 - // if timeout not exceeded  
127 - if(($time - strtotime($sql->f("lastused"))) <= $default->owl_timeout) {  
128 - // set verified status  
129 - $verified["status"] = 1;  
130 - // update userID? this should be the same value on the session  
131 - $verified["userID"] = $sql->f("user_id");  
132 - $sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'");  
133 - while($sql->next_record()) {  
134 - $verified["groupID"] = $sql->f("groupid"); 95 + // initialise return status
  96 + $sessionStatus["status"] = 0;
  97 +
  98 + // this should be an existing session, so check the db
  99 + $sql = new Owl_DB;
  100 + $sql->query("select * from $default->owl_sessions_table where session_id = '$sessionID'");
  101 + $numrows = $sql->num_rows($sql);
  102 + $time = time();
  103 +
  104 + // found one match
  105 + if ($numrows == "1") {
  106 + while($sql->next_record()) {
  107 + $ip = $this->getClientIP();
  108 + // check that ip matches
  109 + if ($ip == $sql->f("ip")) {
  110 + // now check if the timeout has been exceeded
  111 + if(($time - strtotime($sql->f("lastused"))) <= $default->owl_timeout) {
  112 + // session has been verified, update status
  113 + $sessionStatus["status"] = 1;
  114 + // only set the userID if its not in the array already
  115 + if (!$sessionStatus["userID"]) {
  116 + $sessionStatus["userID"] = $sql->f("user_id");
  117 + }
  118 + // lookup the user
  119 + $sql->query("select * from $default->owl_users_table where id = '".$sessionStatus["userid"]."'");
  120 + while($sql->next_record()) {
  121 + // only set the groupID if its not in the array already
  122 + if (!$sessionStatus["groupID"]) {
  123 + $sessionStatus["groupID"] = $sql->f("group_id");
  124 + }
  125 + }
  126 + // update last used timestamps
  127 + $sql->query("update $default->owl_sessions_table set lastused = '" . date("Y-m-d H:i:s",time()) ."' where user_id = '" . $sessionStatus["userID"] . "'");
  128 + // add the array to the session
  129 + $_SESSION["sessionStatus"] = $sessionStatus;
  130 + } else {
  131 + // session timed out status
  132 + $sessionStatus["status"] = 2;
  133 + $default->errorMessage = $lang_sesstimeout;
135 } 134 }
136 - // session verified, so update last user time  
137 - $lastused = time();  
138 - $userID = $sessionStatus["userID"];  
139 - $sql->query("update $default->owl_sessions_table set lastused = '$lastused' where user_id = '$userID'");  
140 -  
141 } else { 135 } else {
142 - // session timed out status  
143 - $verified["status"] = 2;  
144 - $default->errorMessage = $lang_sesstimeout; 136 + // session in use status
  137 + $sessionStatus["status"] = 3;
  138 + $default->errorMessage = $lang_sessinuse;
145 } 139 }
146 - } else {  
147 - // session in use status  
148 - $verified["status"] = 3;  
149 - $default->errorMessage = $lang_sessinuse;  
150 } 140 }
151 - } 141 + }
  142 + } else {
  143 + // there is no session
  144 + return false;
152 } 145 }
153 - // add this array to the session  
154 - session_register($sessionStatus);  
155 -  
156 - // also return the array for good measure  
157 - return $verified; 146 + // return the array
  147 + return $sessionStatus;
  148 + }
  149 +
  150 + /**
  151 + * Retrieves and returns the IP address of the current user
  152 + */
  153 + function getClientIP() {
  154 + // get client ip
  155 + if(getenv("HTTP_CLIENT_IP")) {
  156 + $ip = getenv("HTTP_CLIENT_IP");
  157 + } elseif(getenv("HTTP_X_FORWARDED_FOR")) {
  158 + $forwardedip = getenv("HTTP_X_FORWARDED_FOR");
  159 + list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);
  160 + } else {
  161 + $ip = getenv("REMOTE_ADDR");
  162 + }
  163 + return $ip;
158 } 164 }
159 } 165 }
160 ?> 166 ?>