1 |
dpavlin |
31 |
<?php |
2 |
|
|
class sessionClass { |
3 |
|
|
|
4 |
|
|
/********************************************************** |
5 |
|
|
sessionClass Properties |
6 |
|
|
Author: Paul Bramscher |
7 |
|
|
Last Modified: 10.29.2002 |
8 |
|
|
*********************************************************** |
9 |
|
|
Comments: |
10 |
|
|
For documentation, see separate Word-format .DOC file. |
11 |
|
|
**********************************************************/ |
12 |
|
|
var $con_session; |
13 |
|
|
var $result_session; |
14 |
|
|
var $user_ip; |
15 |
|
|
var $staff_account; |
16 |
|
|
var $session_id; |
17 |
|
|
var $valid; |
18 |
|
|
var $time_human; |
19 |
|
|
var $time_unix; |
20 |
|
|
var $time_expire; |
21 |
|
|
|
22 |
|
|
// Default session duration parameters |
23 |
|
|
var $default_duration = 120; |
24 |
|
|
var $max_duration = 43200; |
25 |
|
|
|
26 |
|
|
// Database variables |
27 |
dpavlin |
50 |
#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession'; |
28 |
|
|
var $session_dsn = 'pgsql://dpavlin@/libdata'; |
29 |
dpavlin |
31 |
|
30 |
|
|
|
31 |
|
|
/********************************************************** |
32 |
|
|
Constructor Method: sessionClass |
33 |
|
|
Author: Paul Bramscher |
34 |
|
|
Last Modified: 10.29.2002 |
35 |
|
|
*********************************************************** |
36 |
|
|
Comments: |
37 |
|
|
Generates a unique session ID, fetches the system time and |
38 |
|
|
writes it into a table. |
39 |
|
|
**********************************************************/ |
40 |
|
|
function sessionClass($duration, $session_id, $staff_account) { |
41 |
|
|
|
42 |
dpavlin |
50 |
// Set the database connection variables |
43 |
|
|
global $dsn_options; |
44 |
|
|
$this->con_session =& DB::connect($this->session_dsn, $dsn_options); |
45 |
|
|
if (DB::isError($db)) { |
46 |
|
|
# XXX remove this! |
47 |
|
|
print $db->getDebugInfo(); |
48 |
dpavlin |
31 |
|
49 |
dpavlin |
50 |
die($db->getMessage()); |
50 |
|
|
} |
51 |
|
|
|
52 |
dpavlin |
31 |
// Fetch user ip |
53 |
|
|
$user_ip = $GLOBALS["REMOTE_ADDR"]; |
54 |
|
|
|
55 |
|
|
// Determine whether to generate a new session |
56 |
|
|
If ($session_id == "" && strlen($staff_account) > 0) { |
57 |
|
|
|
58 |
|
|
// Generate a session ID and store it |
59 |
|
|
$this->session_id = $this->generateSessionID(); |
60 |
|
|
$session_id = $this->session_id; |
61 |
|
|
|
62 |
|
|
// Fetch a unix microsecond timestamp |
63 |
|
|
$time_unix = $this->getmicrotime(); |
64 |
|
|
|
65 |
|
|
// Attempt to use a non-default session duration |
66 |
|
|
if ( (float) $duration > 0) { |
67 |
|
|
if ( (float) $duration > $this->max_duration) $duration = $this->max_duration; |
68 |
|
|
$time_expire = (float) $duration + (float) $time_unix; |
69 |
|
|
} |
70 |
|
|
// Otherwise use the default duration |
71 |
|
|
else $time_expire = (float) $this->default_duration + (float) $time_unix; |
72 |
|
|
|
73 |
|
|
// Calculate human-readable and mySQL-friendly date-time format |
74 |
|
|
$time_convert = getdate($time_unix); |
75 |
|
|
$mon = $time_convert[mon]; |
76 |
|
|
$mday = $time_convert[mday]; |
77 |
|
|
$year = $time_convert[year]; |
78 |
|
|
$hours = $time_convert[hours]; |
79 |
|
|
$minutes = $time_convert[minutes]; |
80 |
|
|
$seconds = $time_convert[seconds]; |
81 |
|
|
|
82 |
|
|
// Back-fill in case we have single-digits. |
83 |
|
|
if (strlen($mday) < 2) $mday = "0" . $mday; |
84 |
|
|
if (strlen($mon) < 2) $mon = "0" . $mon; |
85 |
|
|
if (strlen($hours) < 2) $hours = "0" . $hours; |
86 |
|
|
if (strlen($minutes) < 2) $minutes = "0" . $minutes; |
87 |
|
|
if (strlen($seconds) < 2) $seconds = "0" . $seconds; |
88 |
|
|
|
89 |
|
|
// Generate a mySQL-friendly stamp |
90 |
|
|
$time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds; |
91 |
|
|
|
92 |
|
|
// Build the SQL line to insert it into the database |
93 |
dpavlin |
53 |
$sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) |
94 |
|
|
VALUES (?, ?, ?, ?, ?, ?)"; |
95 |
dpavlin |
31 |
|
96 |
dpavlin |
50 |
// xx_query ("LOCK TABLE session WRITE", $this->con_session); |
97 |
dpavlin |
53 |
if (!xx_prepare_execute($sql, |
98 |
|
|
$staff_account, |
99 |
|
|
$user_ip, |
100 |
|
|
$session_id, |
101 |
|
|
$time_human, |
102 |
|
|
$time_unix, |
103 |
|
|
$time_expire)) { |
104 |
dpavlin |
50 |
xx_query ("UNLOCK TABLES", $this->con_session); |
105 |
dpavlin |
31 |
$this->bailout(); |
106 |
|
|
} |
107 |
|
|
else { |
108 |
dpavlin |
50 |
xx_query("UNLOCK TABLES", $this->con_session); |
109 |
dpavlin |
31 |
} |
110 |
|
|
|
111 |
|
|
|
112 |
|
|
// Set the client libsession cookie. Expiration equals expiration in the database |
113 |
|
|
setcookie ("libsession", $session_id, $time_expire); /* expire in 1 hour */ |
114 |
|
|
|
115 |
|
|
|
116 |
|
|
} // finished generating a new session |
117 |
|
|
|
118 |
|
|
|
119 |
|
|
// Whether or not this is a new session, set the object properties |
120 |
|
|
$this->setProperties($session_id, $user_ip); |
121 |
|
|
} |
122 |
|
|
|
123 |
|
|
|
124 |
|
|
/********************************************************** |
125 |
|
|
Method: bailout |
126 |
|
|
Author: Paul Bramscher |
127 |
|
|
Last Modified: 10.04.2001 |
128 |
|
|
*********************************************************** |
129 |
|
|
Comments: |
130 |
|
|
Attempt to gracefully finish out HTML in the event of a |
131 |
|
|
severe mySQL database problem. |
132 |
|
|
**********************************************************/ |
133 |
|
|
function bailout() { |
134 |
|
|
die ( "Bailing Out!<br>\n</body></html>\n" ); |
135 |
|
|
} |
136 |
|
|
|
137 |
|
|
|
138 |
|
|
/********************************************************** |
139 |
|
|
Method: getmicrotime |
140 |
|
|
Author: http://www.php.net microtime example |
141 |
|
|
Last Modified: 10.04.2001 |
142 |
|
|
*********************************************************** |
143 |
|
|
Comments: |
144 |
|
|
Displays a Unix timestamp of the number of seconds |
145 |
|
|
elapsed from 0:00:00 January 1, 1970 GMT |
146 |
|
|
**********************************************************/ |
147 |
|
|
function getmicrotime(){ |
148 |
|
|
list($usec, $sec) = explode(" ",microtime()); |
149 |
|
|
return ((float)$usec + (float)$sec); |
150 |
|
|
} |
151 |
|
|
|
152 |
|
|
|
153 |
|
|
/********************************************************** |
154 |
|
|
Method: secondsRemaining |
155 |
|
|
Author: Paul Bramscher |
156 |
|
|
Last Modified: 10.09.2001 |
157 |
|
|
*********************************************************** |
158 |
|
|
Comments: |
159 |
|
|
Returns the number of seconds remaining for this |
160 |
|
|
session before expiration. |
161 |
|
|
**********************************************************/ |
162 |
|
|
function secondsRemaining(){ |
163 |
|
|
return (float) $this->time_expire - (float) $this->getmicrotime(); |
164 |
|
|
} |
165 |
|
|
|
166 |
|
|
/********************************************************** |
167 |
|
|
Method: generateSessionID |
168 |
|
|
Author: Paul Bramscher |
169 |
|
|
Last Modified: 10.04.2001 |
170 |
|
|
*********************************************************** |
171 |
|
|
Comments: |
172 |
|
|
Seeds a random number generator with the system time |
173 |
|
|
and generates a md5 hash value. The value is confirmed |
174 |
|
|
against the session table in the rare instance it |
175 |
|
|
already exists. If so, another attempt is made. |
176 |
|
|
**********************************************************/ |
177 |
|
|
function generateSessionID() { |
178 |
|
|
$con_session = $this->con_session; |
179 |
|
|
|
180 |
|
|
// Seed with current time & generate the md5 hash |
181 |
|
|
mt_srand((double)microtime()*1000000); |
182 |
|
|
$hash = md5(mt_rand(0,9999)); |
183 |
|
|
|
184 |
|
|
// Variable declarations |
185 |
|
|
$duplicate = 1; |
186 |
|
|
|
187 |
|
|
// The SQL |
188 |
|
|
$sql = "SELECT * FROM session where session_id = '" . $hash . "'"; |
189 |
dpavlin |
50 |
$rs = xx_query($sql, $con_session); |
190 |
|
|
$duplicate = xx_num_rows($rs); |
191 |
dpavlin |
31 |
if ($duplicate > 0) { |
192 |
|
|
$duplicate = 1; |
193 |
|
|
$hash = "0"; |
194 |
|
|
} |
195 |
|
|
|
196 |
|
|
return $hash; |
197 |
|
|
} |
198 |
|
|
|
199 |
|
|
|
200 |
|
|
/********************************************************** |
201 |
|
|
Method: setProperties |
202 |
|
|
Author: Paul Bramscher |
203 |
|
|
Last Modified: 10.9.2001 |
204 |
|
|
*********************************************************** |
205 |
|
|
Comments: |
206 |
|
|
This member function sets the $valid, $time_human, |
207 |
|
|
$time_unix, and $500_id properties of an instantiation of the |
208 |
|
|
sessionClass object. It is called whenever the class is |
209 |
|
|
instantiated, either immediately after creating a new |
210 |
|
|
session, or testing an existing session ID. |
211 |
|
|
**********************************************************/ |
212 |
|
|
function setProperties($session_id, $user_ip) { |
213 |
|
|
|
214 |
|
|
// Collect some important values |
215 |
|
|
$con_session = $this->con_session; |
216 |
|
|
|
217 |
|
|
// Pure all expired sessions |
218 |
|
|
$this->expireSessions(); |
219 |
|
|
|
220 |
|
|
// Assume this is an invalid session |
221 |
|
|
$valid = 0; |
222 |
|
|
|
223 |
|
|
// Generate the SQL |
224 |
|
|
$sql = "SELECT * from session where session_id = '" |
225 |
|
|
. $session_id |
226 |
|
|
. "' AND user_ip = '" |
227 |
|
|
. $user_ip |
228 |
|
|
."'"; |
229 |
dpavlin |
50 |
$rs = xx_query($sql, $con_session); |
230 |
|
|
$valid = xx_num_rows($rs); |
231 |
|
|
$row = xx_fetch_array ($rs); |
232 |
dpavlin |
31 |
$time_human = $row["time_human"]; |
233 |
|
|
$time_unix = $row["time_unix"]; |
234 |
|
|
$time_expire = $row["time_expire"]; |
235 |
|
|
$session_id = $row["session_id"]; |
236 |
|
|
$staff_account = $row["staff_account"]; |
237 |
|
|
|
238 |
|
|
// Valid session, load all of the member properties. |
239 |
|
|
if ($valid > 0) { |
240 |
|
|
$this->valid = 1; |
241 |
|
|
$this->time_human = $time_human; |
242 |
|
|
$this->time_unix = $time_unix; |
243 |
|
|
$this->time_expire = $time_expire; |
244 |
|
|
$this->user_ip = $user_ip; |
245 |
|
|
$this->session_id = $session_id; |
246 |
|
|
$this->staff_account = $staff_account; |
247 |
|
|
} |
248 |
|
|
// Expired or invalid. Reset all of the member properties. |
249 |
|
|
else { |
250 |
|
|
$this->valid = 0; |
251 |
|
|
$this->time_human = ""; |
252 |
|
|
$this->time_unix = ""; |
253 |
|
|
$this->time_expire = ""; |
254 |
|
|
$this->staff_account = ""; |
255 |
|
|
$this->user_ip = ""; |
256 |
|
|
$this->session_id = ""; |
257 |
|
|
} |
258 |
|
|
} |
259 |
|
|
|
260 |
|
|
|
261 |
|
|
/********************************************************** |
262 |
|
|
Method: logoutSessionID |
263 |
|
|
Author: Paul Bramscher |
264 |
|
|
Last Modified: 10.09.2001 |
265 |
|
|
*********************************************************** |
266 |
|
|
Comments: |
267 |
|
|
When a user decides to logout, the session ID is deleted |
268 |
|
|
from the session table. |
269 |
|
|
**********************************************************/ |
270 |
|
|
function logoutSessionID() { |
271 |
|
|
|
272 |
|
|
// Initialize |
273 |
|
|
$con_session = $this->con_session; |
274 |
|
|
|
275 |
|
|
// Fetch user ip |
276 |
|
|
$user_ip = $GLOBALS["REMOTE_ADDR"]; |
277 |
|
|
|
278 |
|
|
// Continue only if the current IP matches the object IP, and the |
279 |
|
|
// session is currently valid. |
280 |
|
|
if ($user_ip == $this->user_ip && $this->valid == 1) { |
281 |
|
|
|
282 |
|
|
// Get the object's session_id |
283 |
|
|
$session_id = $this->session_id; |
284 |
|
|
|
285 |
|
|
// Build the SQL line to delete |
286 |
|
|
$sql = "DELETE FROM session WHERE session_id = '" |
287 |
|
|
. $session_id |
288 |
|
|
. "' AND user_ip = '" |
289 |
|
|
. $user_ip |
290 |
|
|
. "'"; |
291 |
|
|
|
292 |
dpavlin |
50 |
//xx_query ("LOCK TABLE session WRITE", $con_session); |
293 |
|
|
if (!xx_query($sql, $con_session)){ |
294 |
|
|
xx_query ("UNLOCK TABLES", $con_session); |
295 |
dpavlin |
31 |
$this->bailout(); |
296 |
|
|
} |
297 |
|
|
else { |
298 |
dpavlin |
50 |
xx_query("UNLOCK TABLES", $con_session); |
299 |
dpavlin |
31 |
$this->setProperties($session_id, $user_ip); |
300 |
|
|
} |
301 |
|
|
|
302 |
|
|
|
303 |
|
|
// Kill the client-side cookie, set expiration equal to an hour ago. |
304 |
|
|
setcookie ("libsession", "", time() - 3600); |
305 |
|
|
|
306 |
|
|
} |
307 |
|
|
|
308 |
|
|
} |
309 |
|
|
|
310 |
|
|
|
311 |
|
|
/********************************************************** |
312 |
|
|
Method: expireSessions |
313 |
|
|
Author: Paul Bramscher |
314 |
|
|
Last Modified: 10.9.2001 |
315 |
|
|
*********************************************************** |
316 |
|
|
Comments: |
317 |
|
|
This function is called periodically to cull expired |
318 |
|
|
sessions from the table. It ought to be called in tandem |
319 |
|
|
with any |
320 |
|
|
**********************************************************/ |
321 |
|
|
function expireSessions() { |
322 |
|
|
$con_session = $this->con_session; |
323 |
|
|
|
324 |
|
|
// Fetch current microtime |
325 |
|
|
$time_unix = $this->getmicrotime(); |
326 |
|
|
|
327 |
|
|
$sql = "DELETE FROM session where time_expire < " . $time_unix; |
328 |
|
|
|
329 |
dpavlin |
50 |
if (!xx_query($sql, $con_session)){ |
330 |
dpavlin |
31 |
sql_err($con_session); |
331 |
dpavlin |
50 |
xx_query ("UNLOCK TABLES", $con_session); |
332 |
dpavlin |
31 |
bailout(); |
333 |
|
|
} |
334 |
|
|
else { |
335 |
dpavlin |
50 |
xx_query("UNLOCK TABLES", $con_session); |
336 |
dpavlin |
31 |
} |
337 |
|
|
} // end of function |
338 |
|
|
} // end of class |
339 |
|
|
?> |