1 |
dpavlin |
31 |
<?php |
2 |
|
|
class sessionClass { |
3 |
|
|
|
4 |
|
|
/********************************************************** |
5 |
|
|
sessionClass Properties |
6 |
|
|
Author: Paul Bramscher |
7 |
|
|
Last Modified: 10.29.2002 |
8 |
|
|
*********************************************************** |
9 |
|
|
Comments: |
10 |
|
|
For documentation, see separate Word-format .DOC file. |
11 |
|
|
**********************************************************/ |
12 |
|
|
var $con_session; |
13 |
|
|
var $result_session; |
14 |
|
|
var $user_ip; |
15 |
|
|
var $staff_account; |
16 |
|
|
var $session_id; |
17 |
|
|
var $valid; |
18 |
|
|
var $time_human; |
19 |
|
|
var $time_unix; |
20 |
|
|
var $time_expire; |
21 |
|
|
|
22 |
|
|
// Default session duration parameters |
23 |
|
|
var $default_duration = 120; |
24 |
|
|
var $max_duration = 43200; |
25 |
|
|
|
26 |
|
|
// Database variables |
27 |
|
|
var $db_session = "libsession"; |
28 |
|
|
var $db_session_srv = "localhost"; |
29 |
|
|
var $db_session_usr = "libsession"; |
30 |
|
|
var $db_session_pwd = "libsessionpw"; |
31 |
|
|
|
32 |
|
|
|
33 |
|
|
/********************************************************** |
34 |
|
|
Constructor Method: sessionClass |
35 |
|
|
Author: Paul Bramscher |
36 |
|
|
Last Modified: 10.29.2002 |
37 |
|
|
*********************************************************** |
38 |
|
|
Comments: |
39 |
|
|
Generates a unique session ID, fetches the system time and |
40 |
|
|
writes it into a table. |
41 |
|
|
**********************************************************/ |
42 |
|
|
function sessionClass($duration, $session_id, $staff_account) { |
43 |
|
|
|
44 |
|
|
// Set the database connection variables |
45 |
|
|
$this->con_session = @mysql_connect ( $this->db_session_srv, $this->db_session_usr, $this->db_session_pwd ) |
46 |
|
|
or die ( "ERROR: Could not connect to database server!" ); |
47 |
|
|
$this->result_session = mysql_select_db ( $this->db_session, $this->con_session ) |
48 |
|
|
or die ( "ERROR: Could not connect to database!" ); |
49 |
|
|
|
50 |
|
|
// Fetch user ip |
51 |
|
|
$user_ip = $GLOBALS["REMOTE_ADDR"]; |
52 |
|
|
|
53 |
|
|
// Determine whether to generate a new session |
54 |
|
|
If ($session_id == "" && strlen($staff_account) > 0) { |
55 |
|
|
|
56 |
|
|
// Generate a session ID and store it |
57 |
|
|
$this->session_id = $this->generateSessionID(); |
58 |
|
|
$session_id = $this->session_id; |
59 |
|
|
|
60 |
|
|
// Fetch a unix microsecond timestamp |
61 |
|
|
$time_unix = $this->getmicrotime(); |
62 |
|
|
|
63 |
|
|
// Attempt to use a non-default session duration |
64 |
|
|
if ( (float) $duration > 0) { |
65 |
|
|
if ( (float) $duration > $this->max_duration) $duration = $this->max_duration; |
66 |
|
|
$time_expire = (float) $duration + (float) $time_unix; |
67 |
|
|
} |
68 |
|
|
// Otherwise use the default duration |
69 |
|
|
else $time_expire = (float) $this->default_duration + (float) $time_unix; |
70 |
|
|
|
71 |
|
|
// Calculate human-readable and mySQL-friendly date-time format |
72 |
|
|
$time_convert = getdate($time_unix); |
73 |
|
|
$mon = $time_convert[mon]; |
74 |
|
|
$mday = $time_convert[mday]; |
75 |
|
|
$year = $time_convert[year]; |
76 |
|
|
$hours = $time_convert[hours]; |
77 |
|
|
$minutes = $time_convert[minutes]; |
78 |
|
|
$seconds = $time_convert[seconds]; |
79 |
|
|
|
80 |
|
|
// Back-fill in case we have single-digits. |
81 |
|
|
if (strlen($mday) < 2) $mday = "0" . $mday; |
82 |
|
|
if (strlen($mon) < 2) $mon = "0" . $mon; |
83 |
|
|
if (strlen($hours) < 2) $hours = "0" . $hours; |
84 |
|
|
if (strlen($minutes) < 2) $minutes = "0" . $minutes; |
85 |
|
|
if (strlen($seconds) < 2) $seconds = "0" . $seconds; |
86 |
|
|
|
87 |
|
|
// Generate a mySQL-friendly stamp |
88 |
|
|
$time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds; |
89 |
|
|
|
90 |
|
|
// Build the SQL line to insert it into the database |
91 |
|
|
$sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) VALUES ('" |
92 |
|
|
. $staff_account |
93 |
|
|
. "', '" |
94 |
|
|
. $user_ip |
95 |
|
|
. "', '" |
96 |
|
|
. $session_id |
97 |
|
|
. "', '" |
98 |
|
|
. $time_human |
99 |
|
|
. "', '" |
100 |
|
|
. $time_unix |
101 |
|
|
. "', '" |
102 |
|
|
. $time_expire |
103 |
|
|
. "')"; |
104 |
|
|
|
105 |
|
|
// mysql_query ("LOCK TABLE session WRITE", $this->con_session); |
106 |
|
|
if (!mysql_query($sql, $this->con_session)){ |
107 |
|
|
mysql_query ("UNLOCK TABLES", $this->con_session); |
108 |
|
|
$this->bailout(); |
109 |
|
|
} |
110 |
|
|
else { |
111 |
|
|
mysql_query("UNLOCK TABLES", $this->con_session); |
112 |
|
|
} |
113 |
|
|
|
114 |
|
|
|
115 |
|
|
// Set the client libsession cookie. Expiration equals expiration in the database |
116 |
|
|
setcookie ("libsession", $session_id, $time_expire); /* expire in 1 hour */ |
117 |
|
|
|
118 |
|
|
|
119 |
|
|
} // finished generating a new session |
120 |
|
|
|
121 |
|
|
|
122 |
|
|
// Whether or not this is a new session, set the object properties |
123 |
|
|
$this->setProperties($session_id, $user_ip); |
124 |
|
|
} |
125 |
|
|
|
126 |
|
|
|
127 |
|
|
/********************************************************** |
128 |
|
|
Method: bailout |
129 |
|
|
Author: Paul Bramscher |
130 |
|
|
Last Modified: 10.04.2001 |
131 |
|
|
*********************************************************** |
132 |
|
|
Comments: |
133 |
|
|
Attempt to gracefully finish out HTML in the event of a |
134 |
|
|
severe mySQL database problem. |
135 |
|
|
**********************************************************/ |
136 |
|
|
function bailout() { |
137 |
|
|
die ( "Bailing Out!<br>\n</body></html>\n" ); |
138 |
|
|
} |
139 |
|
|
|
140 |
|
|
|
141 |
|
|
/********************************************************** |
142 |
|
|
Method: getmicrotime |
143 |
|
|
Author: http://www.php.net microtime example |
144 |
|
|
Last Modified: 10.04.2001 |
145 |
|
|
*********************************************************** |
146 |
|
|
Comments: |
147 |
|
|
Displays a Unix timestamp of the number of seconds |
148 |
|
|
elapsed from 0:00:00 January 1, 1970 GMT |
149 |
|
|
**********************************************************/ |
150 |
|
|
function getmicrotime(){ |
151 |
|
|
list($usec, $sec) = explode(" ",microtime()); |
152 |
|
|
return ((float)$usec + (float)$sec); |
153 |
|
|
} |
154 |
|
|
|
155 |
|
|
|
156 |
|
|
/********************************************************** |
157 |
|
|
Method: secondsRemaining |
158 |
|
|
Author: Paul Bramscher |
159 |
|
|
Last Modified: 10.09.2001 |
160 |
|
|
*********************************************************** |
161 |
|
|
Comments: |
162 |
|
|
Returns the number of seconds remaining for this |
163 |
|
|
session before expiration. |
164 |
|
|
**********************************************************/ |
165 |
|
|
function secondsRemaining(){ |
166 |
|
|
return (float) $this->time_expire - (float) $this->getmicrotime(); |
167 |
|
|
} |
168 |
|
|
|
169 |
|
|
/********************************************************** |
170 |
|
|
Method: generateSessionID |
171 |
|
|
Author: Paul Bramscher |
172 |
|
|
Last Modified: 10.04.2001 |
173 |
|
|
*********************************************************** |
174 |
|
|
Comments: |
175 |
|
|
Seeds a random number generator with the system time |
176 |
|
|
and generates a md5 hash value. The value is confirmed |
177 |
|
|
against the session table in the rare instance it |
178 |
|
|
already exists. If so, another attempt is made. |
179 |
|
|
**********************************************************/ |
180 |
|
|
function generateSessionID() { |
181 |
|
|
$con_session = $this->con_session; |
182 |
|
|
|
183 |
|
|
// Seed with current time & generate the md5 hash |
184 |
|
|
mt_srand((double)microtime()*1000000); |
185 |
|
|
$hash = md5(mt_rand(0,9999)); |
186 |
|
|
|
187 |
|
|
// Variable declarations |
188 |
|
|
$duplicate = 1; |
189 |
|
|
|
190 |
|
|
// The SQL |
191 |
|
|
$sql = "SELECT * FROM session where session_id = '" . $hash . "'"; |
192 |
|
|
$rs = mysql_query($sql, $con_session); |
193 |
|
|
$duplicate = mysql_num_rows($rs); |
194 |
|
|
if ($duplicate > 0) { |
195 |
|
|
$duplicate = 1; |
196 |
|
|
$hash = "0"; |
197 |
|
|
} |
198 |
|
|
|
199 |
|
|
return $hash; |
200 |
|
|
} |
201 |
|
|
|
202 |
|
|
|
203 |
|
|
/********************************************************** |
204 |
|
|
Method: setProperties |
205 |
|
|
Author: Paul Bramscher |
206 |
|
|
Last Modified: 10.9.2001 |
207 |
|
|
*********************************************************** |
208 |
|
|
Comments: |
209 |
|
|
This member function sets the $valid, $time_human, |
210 |
|
|
$time_unix, and $500_id properties of an instantiation of the |
211 |
|
|
sessionClass object. It is called whenever the class is |
212 |
|
|
instantiated, either immediately after creating a new |
213 |
|
|
session, or testing an existing session ID. |
214 |
|
|
**********************************************************/ |
215 |
|
|
function setProperties($session_id, $user_ip) { |
216 |
|
|
|
217 |
|
|
// Collect some important values |
218 |
|
|
$con_session = $this->con_session; |
219 |
|
|
|
220 |
|
|
// Pure all expired sessions |
221 |
|
|
$this->expireSessions(); |
222 |
|
|
|
223 |
|
|
// Assume this is an invalid session |
224 |
|
|
$valid = 0; |
225 |
|
|
|
226 |
|
|
// Generate the SQL |
227 |
|
|
$sql = "SELECT * from session where session_id = '" |
228 |
|
|
. $session_id |
229 |
|
|
. "' AND user_ip = '" |
230 |
|
|
. $user_ip |
231 |
|
|
."'"; |
232 |
|
|
$rs = mysql_query($sql, $con_session); |
233 |
|
|
$valid = mysql_num_rows($rs); |
234 |
|
|
$row = mysql_fetch_array ($rs); |
235 |
|
|
$time_human = $row["time_human"]; |
236 |
|
|
$time_unix = $row["time_unix"]; |
237 |
|
|
$time_expire = $row["time_expire"]; |
238 |
|
|
$session_id = $row["session_id"]; |
239 |
|
|
$staff_account = $row["staff_account"]; |
240 |
|
|
|
241 |
|
|
// Valid session, load all of the member properties. |
242 |
|
|
if ($valid > 0) { |
243 |
|
|
$this->valid = 1; |
244 |
|
|
$this->time_human = $time_human; |
245 |
|
|
$this->time_unix = $time_unix; |
246 |
|
|
$this->time_expire = $time_expire; |
247 |
|
|
$this->user_ip = $user_ip; |
248 |
|
|
$this->session_id = $session_id; |
249 |
|
|
$this->staff_account = $staff_account; |
250 |
|
|
} |
251 |
|
|
// Expired or invalid. Reset all of the member properties. |
252 |
|
|
else { |
253 |
|
|
$this->valid = 0; |
254 |
|
|
$this->time_human = ""; |
255 |
|
|
$this->time_unix = ""; |
256 |
|
|
$this->time_expire = ""; |
257 |
|
|
$this->staff_account = ""; |
258 |
|
|
$this->user_ip = ""; |
259 |
|
|
$this->session_id = ""; |
260 |
|
|
} |
261 |
|
|
} |
262 |
|
|
|
263 |
|
|
|
264 |
|
|
/********************************************************** |
265 |
|
|
Method: logoutSessionID |
266 |
|
|
Author: Paul Bramscher |
267 |
|
|
Last Modified: 10.09.2001 |
268 |
|
|
*********************************************************** |
269 |
|
|
Comments: |
270 |
|
|
When a user decides to logout, the session ID is deleted |
271 |
|
|
from the session table. |
272 |
|
|
**********************************************************/ |
273 |
|
|
function logoutSessionID() { |
274 |
|
|
|
275 |
|
|
// Initialize |
276 |
|
|
$con_session = $this->con_session; |
277 |
|
|
|
278 |
|
|
// Fetch user ip |
279 |
|
|
$user_ip = $GLOBALS["REMOTE_ADDR"]; |
280 |
|
|
|
281 |
|
|
// Continue only if the current IP matches the object IP, and the |
282 |
|
|
// session is currently valid. |
283 |
|
|
if ($user_ip == $this->user_ip && $this->valid == 1) { |
284 |
|
|
|
285 |
|
|
// Get the object's session_id |
286 |
|
|
$session_id = $this->session_id; |
287 |
|
|
|
288 |
|
|
// Build the SQL line to delete |
289 |
|
|
$sql = "DELETE FROM session WHERE session_id = '" |
290 |
|
|
. $session_id |
291 |
|
|
. "' AND user_ip = '" |
292 |
|
|
. $user_ip |
293 |
|
|
. "'"; |
294 |
|
|
|
295 |
|
|
//mysql_query ("LOCK TABLE session WRITE", $con_session); |
296 |
|
|
if (!mysql_query($sql, $con_session)){ |
297 |
|
|
mysql_query ("UNLOCK TABLES", $con_session); |
298 |
|
|
$this->bailout(); |
299 |
|
|
} |
300 |
|
|
else { |
301 |
|
|
mysql_query("UNLOCK TABLES", $con_session); |
302 |
|
|
$this->setProperties($session_id, $user_ip); |
303 |
|
|
} |
304 |
|
|
|
305 |
|
|
|
306 |
|
|
// Kill the client-side cookie, set expiration equal to an hour ago. |
307 |
|
|
setcookie ("libsession", "", time() - 3600); |
308 |
|
|
|
309 |
|
|
} |
310 |
|
|
|
311 |
|
|
} |
312 |
|
|
|
313 |
|
|
|
314 |
|
|
/********************************************************** |
315 |
|
|
Method: expireSessions |
316 |
|
|
Author: Paul Bramscher |
317 |
|
|
Last Modified: 10.9.2001 |
318 |
|
|
*********************************************************** |
319 |
|
|
Comments: |
320 |
|
|
This function is called periodically to cull expired |
321 |
|
|
sessions from the table. It ought to be called in tandem |
322 |
|
|
with any |
323 |
|
|
**********************************************************/ |
324 |
|
|
function expireSessions() { |
325 |
|
|
$con_session = $this->con_session; |
326 |
|
|
|
327 |
|
|
// Fetch current microtime |
328 |
|
|
$time_unix = $this->getmicrotime(); |
329 |
|
|
|
330 |
|
|
$sql = "DELETE FROM session where time_expire < " . $time_unix; |
331 |
|
|
|
332 |
|
|
if (!mysql_query($sql, $con_session)){ |
333 |
|
|
sql_err($con_session); |
334 |
|
|
mysql_query ("UNLOCK TABLES", $con_session); |
335 |
|
|
bailout(); |
336 |
|
|
} |
337 |
|
|
else { |
338 |
|
|
mysql_query("UNLOCK TABLES", $con_session); |
339 |
|
|
} |
340 |
|
|
} // end of function |
341 |
|
|
} // end of class |
342 |
|
|
?> |