admin/include/sessionClass.php

<?php
class sessionClass {

/**********************************************************
sessionClass Properties
Author: Paul Bramscher
Last Modified: 10.29.2002
***********************************************************
Comments:
For documentation, see separate Word-format .DOC file.
**********************************************************/
var $con_session;
var $result_session;
var $user_ip;
var $staff_account;
var $session_id;
var $valid;
var $time_human;
var $time_unix;
var $time_expire;

// Default session duration parameters
var $default_duration = 120;
var $max_duration = 43200;

// Database variables
#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession';
var $session_dsn = 'pgsql://dpavlin@/libdata';


/**********************************************************
Constructor Method: sessionClass
Author: Paul Bramscher
Last Modified: 10.29.2002
***********************************************************
Comments:
Generates a unique session ID, fetches the system time and
writes it into a table.
**********************************************************/
function sessionClass($duration, $session_id, $staff_account) {

        // Set the database connection variables
        global $dsn_options;
        $this->con_session =& DB::connect($this->session_dsn, $dsn_options);
        if (DB::isError($db)) {
                # XXX remove this!
                print $db->getDebugInfo();
                
                die($db->getMessage());
        }
                
        // Fetch user ip
        $user_ip = $GLOBALS["REMOTE_ADDR"];

        // Determine whether to generate a new session
        If ($session_id == "" && strlen($staff_account) > 0) {

                // Generate a session ID and store it
                $this->session_id = $this->generateSessionID();
                $session_id = $this->session_id;
                
                // Fetch a unix microsecond timestamp
                $time_unix = $this->getmicrotime();
                
                // Attempt to use a non-default session duration
                if ( (float) $duration > 0) {
                        if ( (float) $duration > $this->max_duration) $duration = $this->max_duration;
                        $time_expire = (float) $duration + (float) $time_unix;
                }
                // Otherwise use the default duration
                else $time_expire = (float) $this->default_duration + (float) $time_unix;

                // Calculate human-readable and mySQL-friendly date-time format
                $time_convert = getdate($time_unix);
                $mon = $time_convert[mon];                          
                $mday = $time_convert[mday];                        
                $year = $time_convert[year];
                $hours = $time_convert[hours];                        
                $minutes = $time_convert[minutes];
                $seconds = $time_convert[seconds];
        
                // Back-fill in case we have single-digits.      
                if (strlen($mday) < 2) $mday = "0" . $mday;
                if (strlen($mon) < 2) $mon = "0" . $mon;
                if (strlen($hours) < 2) $hours = "0" . $hours;   
                if (strlen($minutes) < 2) $minutes = "0" . $minutes;
                if (strlen($seconds) < 2) $seconds = "0" . $seconds;
        
                // Generate a mySQL-friendly stamp
                $time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds;
                
                // Build the SQL line to insert it into the database
                $sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire)
                        VALUES (?, ?, ?, ?, ?, ?)";
                
                // xx_query ("LOCK TABLE session WRITE", $this->con_session);
                if (!xx_prepare_execute($sql,
                        $staff_account,
                        $user_ip,
                        $session_id,
                        $time_human,
                        $time_unix,
                        $time_expire)) {        
                        xx_query ("UNLOCK TABLES", $this->con_session);
                        $this->bailout();
                }
                else {
                        xx_query("UNLOCK TABLES", $this->con_session);
                }


                // Set the client libsession cookie.  Expiration equals expiration in the database
                setcookie ("libsession", $session_id, $time_expire);  /* expire in 1 hour */


        } // finished generating a new session
        

        // Whether or not this is a new session, set the object properties
        $this->setProperties($session_id, $user_ip);
}


/**********************************************************
Method: bailout
Author: Paul Bramscher
Last Modified: 10.04.2001
***********************************************************
Comments:
Attempt to gracefully finish out HTML in the event of a
severe mySQL database problem.
**********************************************************/
function bailout() {
        die ( "Bailing Out!<br>\n</body></html>\n" );
}


/**********************************************************
Method: getmicrotime
Author: http://www.php.net microtime example
Last Modified: 10.04.2001
***********************************************************
Comments:
Displays a Unix timestamp of the number of seconds
elapsed from 0:00:00 January 1, 1970 GMT
**********************************************************/
function getmicrotime(){ 
        list($usec, $sec) = explode(" ",microtime()); 
        return ((float)$usec + (float)$sec); 
} 


/**********************************************************
Method: secondsRemaining
Author: Paul Bramscher
Last Modified: 10.09.2001
***********************************************************
Comments:
Returns the number of seconds remaining for this
session before expiration.
**********************************************************/
function secondsRemaining(){ 
        return (float) $this->time_expire - (float) $this->getmicrotime();
} 

/**********************************************************
Method: generateSessionID
Author: Paul Bramscher
Last Modified: 10.04.2001
***********************************************************
Comments:
Seeds a random number generator with the system time
and generates a md5 hash value.  The value is confirmed
against the session table in the rare instance it
already exists.  If so, another attempt is made.
**********************************************************/
function generateSessionID() {
        $con_session = $this->con_session;

        // Seed with current time & generate the md5 hash
        mt_srand((double)microtime()*1000000);
        $hash = md5(mt_rand(0,9999));
        
        // Variable declarations
        $duplicate = 1;

        // The SQL
        $sql = "SELECT * FROM session where session_id = '" . $hash . "'";
        $rs = xx_query($sql, $con_session);
        $duplicate = xx_num_rows($rs);
        if ($duplicate > 0) {
                $duplicate = 1;
                $hash = "0";
        }
        
        return $hash;
}


/**********************************************************
Method: setProperties
Author: Paul Bramscher
Last Modified: 10.9.2001
***********************************************************
Comments:
This member function sets the $valid, $time_human,
$time_unix, and $500_id properties of an instantiation of the
sessionClass object.  It is called whenever the class is
instantiated, either immediately after creating a new
session, or testing an existing session ID.
**********************************************************/
function setProperties($session_id, $user_ip) {

        // Collect some important values
        $con_session = $this->con_session;
        
        // Pure all expired sessions
        $this->expireSessions();
        
        // Assume this is an invalid session
        $valid = 0;
        
        // Generate the SQL
        $sql = "SELECT * from session where session_id = '"
                . $session_id
                . "' AND user_ip = '"
                . $user_ip
                ."'";
        $rs = xx_query($sql, $con_session);
        $valid = xx_num_rows($rs);
        $row = xx_fetch_array ($rs);
        $time_human = $row["time_human"];
        $time_unix = $row["time_unix"];
        $time_expire = $row["time_expire"];
        $session_id = $row["session_id"];
        $staff_account = $row["staff_account"];

        // Valid session, load all of the member properties.
        if ($valid > 0) {
                $this->valid = 1;
                $this->time_human = $time_human;
                $this->time_unix = $time_unix;
                $this->time_expire = $time_expire;
                $this->user_ip = $user_ip;
                $this->session_id = $session_id;
                $this->staff_account = $staff_account;
        }
        // Expired or invalid.  Reset all of the member properties.
        else {
                $this->valid = 0;
                $this->time_human = "";
                $this->time_unix = "";
                $this->time_expire = "";
                $this->staff_account = "";
                $this->user_ip = "";
                $this->session_id = "";
        }
}


/**********************************************************
Method: logoutSessionID
Author: Paul Bramscher
Last Modified: 10.09.2001
***********************************************************
Comments:
When a user decides to logout, the session ID is deleted
from the session table.
**********************************************************/
function logoutSessionID() {

        // Initialize
        $con_session = $this->con_session;

        // Fetch user ip
        $user_ip = $GLOBALS["REMOTE_ADDR"];

        // Continue only if the current IP matches the object IP, and the
        // session is currently valid.
        if ($user_ip == $this->user_ip && $this->valid == 1) {
        
                // Get the object's session_id
                $session_id = $this->session_id;

                // Build the SQL line to delete
                $sql = "DELETE FROM session WHERE session_id = '"
                        . $session_id
                        . "' AND user_ip = '"
                        . $user_ip
                        . "'";

                //xx_query ("LOCK TABLE session WRITE", $con_session);
                if (!xx_query($sql, $con_session)){
                        xx_query ("UNLOCK TABLES", $con_session);
                        $this->bailout();
                }
                else {
                        xx_query("UNLOCK TABLES", $con_session);
                        $this->setProperties($session_id, $user_ip);
                }
                
                
                // Kill the client-side cookie, set expiration equal to an hour ago.
                setcookie ("libsession", "", time() - 3600);
                
        }
        
}


/**********************************************************
Method: expireSessions
Author: Paul Bramscher
Last Modified: 10.9.2001
***********************************************************
Comments:
This function is called periodically to cull expired
sessions from the table.  It ought to be called in tandem
with any 
**********************************************************/
function expireSessions() {
        $con_session = $this->con_session;

        // Fetch current microtime
        $time_unix = $this->getmicrotime();

        $sql = "DELETE FROM session where time_expire < " . $time_unix;
        
        if (!xx_query($sql, $con_session)){
                sql_err($con_session);
                xx_query ("UNLOCK TABLES", $con_session);
                bailout();
        }
        else {          
                xx_query("UNLOCK TABLES", $con_session);
        }
} // end of function
} // end of class
?>
1	<?php
2	class sessionClass {
3
4	/**********************************************************
5	sessionClass Properties
6	Author: Paul Bramscher
7	Last Modified: 10.29.2002
8	***********************************************************
9	Comments:
10	For documentation, see separate Word-format .DOC file.
11	**********************************************************/
12	var $con_session;
13	var $result_session;
14	var $user_ip;
15	var $staff_account;
16	var $session_id;
17	var $valid;
18	var $time_human;
19	var $time_unix;
20	var $time_expire;
21
22	// Default session duration parameters
23	var $default_duration = 120;
24	var $max_duration = 43200;
25
26	// Database variables
27	#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession';
28	var $session_dsn = 'pgsql://dpavlin@/libdata';
29
30
31	/**********************************************************
32	Constructor Method: sessionClass
33	Author: Paul Bramscher
34	Last Modified: 10.29.2002
35	***********************************************************
36	Comments:
37	Generates a unique session ID, fetches the system time and
38	writes it into a table.
39	**********************************************************/
40	function sessionClass($duration, $session_id, $staff_account) {
41
42	// Set the database connection variables
43	global $dsn_options;
44	$this->con_session =& DB::connect($this->session_dsn, $dsn_options);
45	if (DB::isError($db)) {
46	# XXX remove this!
47	print $db->getDebugInfo();
48
49	die($db->getMessage());
50	}
51
52	// Fetch user ip
53	$user_ip = $GLOBALS["REMOTE_ADDR"];
54
55	// Determine whether to generate a new session
56	If ($session_id == "" && strlen($staff_account) > 0) {
57
58	// Generate a session ID and store it
59	$this->session_id = $this->generateSessionID();
60	$session_id = $this->session_id;
61
62	// Fetch a unix microsecond timestamp
63	$time_unix = $this->getmicrotime();
64
65	// Attempt to use a non-default session duration
66	if ( (float) $duration > 0) {
67	if ( (float) $duration > $this->max_duration) $duration = $this->max_duration;
68	$time_expire = (float) $duration + (float) $time_unix;
69	}
70	// Otherwise use the default duration
71	else $time_expire = (float) $this->default_duration + (float) $time_unix;
72
73	// Calculate human-readable and mySQL-friendly date-time format
74	$time_convert = getdate($time_unix);
75	$mon = $time_convert[mon];
76	$mday = $time_convert[mday];
77	$year = $time_convert[year];
78	$hours = $time_convert[hours];
79	$minutes = $time_convert[minutes];
80	$seconds = $time_convert[seconds];
81
82	// Back-fill in case we have single-digits.
83	if (strlen($mday) < 2) $mday = "0" . $mday;
84	if (strlen($mon) < 2) $mon = "0" . $mon;
85	if (strlen($hours) < 2) $hours = "0" . $hours;
86	if (strlen($minutes) < 2) $minutes = "0" . $minutes;
87	if (strlen($seconds) < 2) $seconds = "0" . $seconds;
88
89	// Generate a mySQL-friendly stamp
90	$time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds;
91
92	// Build the SQL line to insert it into the database
93	$sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire)
94	VALUES (?, ?, ?, ?, ?, ?)";
95
96	// xx_query ("LOCK TABLE session WRITE", $this->con_session);
97	if (!xx_prepare_execute($sql,
98	$staff_account,
99	$user_ip,
100	$session_id,
101	$time_human,
102	$time_unix,
103	$time_expire)) {
104	xx_query ("UNLOCK TABLES", $this->con_session);
105	$this->bailout();
106	}
107	else {
108	xx_query("UNLOCK TABLES", $this->con_session);
109	}
110
111
112	// Set the client libsession cookie. Expiration equals expiration in the database
113	setcookie ("libsession", $session_id, $time_expire); /* expire in 1 hour */
114
115
116	} // finished generating a new session
117
118
119	// Whether or not this is a new session, set the object properties
120	$this->setProperties($session_id, $user_ip);
121	}
122
123
124	/**********************************************************
125	Method: bailout
126	Author: Paul Bramscher
127	Last Modified: 10.04.2001
128	***********************************************************
129	Comments:
130	Attempt to gracefully finish out HTML in the event of a
131	severe mySQL database problem.
132	**********************************************************/
133	function bailout() {
134	die ( "Bailing Out!<br>\n</body></html>\n" );
135	}
136
137
138	/**********************************************************
139	Method: getmicrotime
140	Author: http://www.php.net microtime example
141	Last Modified: 10.04.2001
142	***********************************************************
143	Comments:
144	Displays a Unix timestamp of the number of seconds
145	elapsed from 0:00:00 January 1, 1970 GMT
146	**********************************************************/
147	function getmicrotime(){
148	list($usec, $sec) = explode(" ",microtime());
149	return ((float)$usec + (float)$sec);
150	}
151
152
153	/**********************************************************
154	Method: secondsRemaining
155	Author: Paul Bramscher
156	Last Modified: 10.09.2001
157	***********************************************************
158	Comments:
159	Returns the number of seconds remaining for this
160	session before expiration.
161	**********************************************************/
162	function secondsRemaining(){
163	return (float) $this->time_expire - (float) $this->getmicrotime();
164	}
165
166	/**********************************************************
167	Method: generateSessionID
168	Author: Paul Bramscher
169	Last Modified: 10.04.2001
170	***********************************************************
171	Comments:
172	Seeds a random number generator with the system time
173	and generates a md5 hash value. The value is confirmed
174	against the session table in the rare instance it
175	already exists. If so, another attempt is made.
176	**********************************************************/
177	function generateSessionID() {
178	$con_session = $this->con_session;
179
180	// Seed with current time & generate the md5 hash
181	mt_srand((double)microtime()*1000000);
182	$hash = md5(mt_rand(0,9999));
183
184	// Variable declarations
185	$duplicate = 1;
186
187	// The SQL
188	$sql = "SELECT * FROM session where session_id = '" . $hash . "'";
189	$rs = xx_query($sql, $con_session);
190	$duplicate = xx_num_rows($rs);
191	if ($duplicate > 0) {
192	$duplicate = 1;
193	$hash = "0";
194	}
195
196	return $hash;
197	}
198
199
200	/**********************************************************
201	Method: setProperties
202	Author: Paul Bramscher
203	Last Modified: 10.9.2001
204	***********************************************************
205	Comments:
206	This member function sets the $valid, $time_human,
207	$time_unix, and $500_id properties of an instantiation of the
208	sessionClass object. It is called whenever the class is
209	instantiated, either immediately after creating a new
210	session, or testing an existing session ID.
211	**********************************************************/
212	function setProperties($session_id, $user_ip) {
213
214	// Collect some important values
215	$con_session = $this->con_session;
216
217	// Pure all expired sessions
218	$this->expireSessions();
219
220	// Assume this is an invalid session
221	$valid = 0;
222
223	// Generate the SQL
224	$sql = "SELECT * from session where session_id = '"
225	. $session_id
226	. "' AND user_ip = '"
227	. $user_ip
228	."'";
229	$rs = xx_query($sql, $con_session);
230	$valid = xx_num_rows($rs);
231	$row = xx_fetch_array ($rs);
232	$time_human = $row["time_human"];
233	$time_unix = $row["time_unix"];
234	$time_expire = $row["time_expire"];
235	$session_id = $row["session_id"];
236	$staff_account = $row["staff_account"];
237
238	// Valid session, load all of the member properties.
239	if ($valid > 0) {
240	$this->valid = 1;
241	$this->time_human = $time_human;
242	$this->time_unix = $time_unix;
243	$this->time_expire = $time_expire;
244	$this->user_ip = $user_ip;
245	$this->session_id = $session_id;
246	$this->staff_account = $staff_account;
247	}
248	// Expired or invalid. Reset all of the member properties.
249	else {
250	$this->valid = 0;
251	$this->time_human = "";
252	$this->time_unix = "";
253	$this->time_expire = "";
254	$this->staff_account = "";
255	$this->user_ip = "";
256	$this->session_id = "";
257	}
258	}
259
260
261	/**********************************************************
262	Method: logoutSessionID
263	Author: Paul Bramscher
264	Last Modified: 10.09.2001
265	***********************************************************
266	Comments:
267	When a user decides to logout, the session ID is deleted
268	from the session table.
269	**********************************************************/
270	function logoutSessionID() {
271
272	// Initialize
273	$con_session = $this->con_session;
274
275	// Fetch user ip
276	$user_ip = $GLOBALS["REMOTE_ADDR"];
277
278	// Continue only if the current IP matches the object IP, and the
279	// session is currently valid.
280	if ($user_ip == $this->user_ip && $this->valid == 1) {
281
282	// Get the object's session_id
283	$session_id = $this->session_id;
284
285	// Build the SQL line to delete
286	$sql = "DELETE FROM session WHERE session_id = '"
287	. $session_id
288	. "' AND user_ip = '"
289	. $user_ip
290	. "'";
291
292	//xx_query ("LOCK TABLE session WRITE", $con_session);
293	if (!xx_query($sql, $con_session)){
294	xx_query ("UNLOCK TABLES", $con_session);
295	$this->bailout();
296	}
297	else {
298	xx_query("UNLOCK TABLES", $con_session);
299	$this->setProperties($session_id, $user_ip);
300	}
301
302
303	// Kill the client-side cookie, set expiration equal to an hour ago.
304	setcookie ("libsession", "", time() - 3600);
305
306	}
307
308	}
309
310
311	/**********************************************************
312	Method: expireSessions
313	Author: Paul Bramscher
314	Last Modified: 10.9.2001
315	***********************************************************
316	Comments:
317	This function is called periodically to cull expired
318	sessions from the table. It ought to be called in tandem
319	with any
320	**********************************************************/
321	function expireSessions() {
322	$con_session = $this->con_session;
323
324	// Fetch current microtime
325	$time_unix = $this->getmicrotime();
326
327	$sql = "DELETE FROM session where time_expire < " . $time_unix;
328
329	if (!xx_query($sql, $con_session)){
330	sql_err($con_session);
331	xx_query ("UNLOCK TABLES", $con_session);
332	bailout();
333	}
334	else {
335	xx_query("UNLOCK TABLES", $con_session);
336	}
337	} // end of function
338	} // end of class
339	?>