1 |
<?php |
2 |
class sessionClass { |
3 |
|
4 |
/********************************************************** |
5 |
sessionClass Properties |
6 |
Author: Paul Bramscher |
7 |
Last Modified: 10.29.2002 |
8 |
*********************************************************** |
9 |
Comments: |
10 |
For documentation, see separate Word-format .DOC file. |
11 |
**********************************************************/ |
12 |
var $con_session; |
13 |
var $result_session; |
14 |
var $user_ip; |
15 |
var $staff_account; |
16 |
var $session_id; |
17 |
var $valid; |
18 |
var $time_human; |
19 |
var $time_unix; |
20 |
var $time_expire; |
21 |
|
22 |
// Default session duration parameters |
23 |
var $default_duration = 120; |
24 |
var $max_duration = 43200; |
25 |
|
26 |
// Database variables |
27 |
#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession'; |
28 |
var $session_dsn = 'pgsql://dpavlin@/libdata'; |
29 |
|
30 |
|
31 |
/********************************************************** |
32 |
Constructor Method: sessionClass |
33 |
Author: Paul Bramscher |
34 |
Last Modified: 10.29.2002 |
35 |
*********************************************************** |
36 |
Comments: |
37 |
Generates a unique session ID, fetches the system time and |
38 |
writes it into a table. |
39 |
**********************************************************/ |
40 |
function sessionClass($duration, $session_id, $staff_account) { |
41 |
|
42 |
// Set the database connection variables |
43 |
global $dsn_options; |
44 |
$this->con_session =& DB::connect($this->session_dsn, $dsn_options); |
45 |
if (DB::isError($db)) { |
46 |
# XXX remove this! |
47 |
print $db->getDebugInfo(); |
48 |
|
49 |
die($db->getMessage()); |
50 |
} |
51 |
|
52 |
// Fetch user ip |
53 |
$user_ip = $GLOBALS["REMOTE_ADDR"]; |
54 |
|
55 |
// Determine whether to generate a new session |
56 |
If ($session_id == "" && strlen($staff_account) > 0) { |
57 |
|
58 |
// Generate a session ID and store it |
59 |
$this->session_id = $this->generateSessionID(); |
60 |
$session_id = $this->session_id; |
61 |
|
62 |
// Fetch a unix microsecond timestamp |
63 |
$time_unix = $this->getmicrotime(); |
64 |
|
65 |
// Attempt to use a non-default session duration |
66 |
if ( (float) $duration > 0) { |
67 |
if ( (float) $duration > $this->max_duration) $duration = $this->max_duration; |
68 |
$time_expire = (float) $duration + (float) $time_unix; |
69 |
} |
70 |
// Otherwise use the default duration |
71 |
else $time_expire = (float) $this->default_duration + (float) $time_unix; |
72 |
|
73 |
// Calculate human-readable and mySQL-friendly date-time format |
74 |
$time_convert = getdate($time_unix); |
75 |
$mon = $time_convert[mon]; |
76 |
$mday = $time_convert[mday]; |
77 |
$year = $time_convert[year]; |
78 |
$hours = $time_convert[hours]; |
79 |
$minutes = $time_convert[minutes]; |
80 |
$seconds = $time_convert[seconds]; |
81 |
|
82 |
// Back-fill in case we have single-digits. |
83 |
if (strlen($mday) < 2) $mday = "0" . $mday; |
84 |
if (strlen($mon) < 2) $mon = "0" . $mon; |
85 |
if (strlen($hours) < 2) $hours = "0" . $hours; |
86 |
if (strlen($minutes) < 2) $minutes = "0" . $minutes; |
87 |
if (strlen($seconds) < 2) $seconds = "0" . $seconds; |
88 |
|
89 |
// Generate a mySQL-friendly stamp |
90 |
$time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds; |
91 |
|
92 |
// Build the SQL line to insert it into the database |
93 |
$sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) |
94 |
VALUES (?, ?, ?, ?, ?, ?)"; |
95 |
|
96 |
// xx_query ("LOCK TABLE session WRITE", $this->con_session); |
97 |
if (!xx_prepare_execute($sql, |
98 |
$staff_account, |
99 |
$user_ip, |
100 |
$session_id, |
101 |
$time_human, |
102 |
$time_unix, |
103 |
$time_expire)) { |
104 |
xx_query ("UNLOCK TABLES", $this->con_session); |
105 |
$this->bailout(); |
106 |
} |
107 |
else { |
108 |
xx_query("UNLOCK TABLES", $this->con_session); |
109 |
} |
110 |
|
111 |
|
112 |
// Set the client libsession cookie. Expiration equals expiration in the database |
113 |
setcookie ("libsession", $session_id, $time_expire); /* expire in 1 hour */ |
114 |
|
115 |
|
116 |
} // finished generating a new session |
117 |
|
118 |
|
119 |
// Whether or not this is a new session, set the object properties |
120 |
$this->setProperties($session_id, $user_ip); |
121 |
} |
122 |
|
123 |
|
124 |
/********************************************************** |
125 |
Method: bailout |
126 |
Author: Paul Bramscher |
127 |
Last Modified: 10.04.2001 |
128 |
*********************************************************** |
129 |
Comments: |
130 |
Attempt to gracefully finish out HTML in the event of a |
131 |
severe mySQL database problem. |
132 |
**********************************************************/ |
133 |
function bailout() { |
134 |
die ( "Bailing Out!<br>\n</body></html>\n" ); |
135 |
} |
136 |
|
137 |
|
138 |
/********************************************************** |
139 |
Method: getmicrotime |
140 |
Author: http://www.php.net microtime example |
141 |
Last Modified: 10.04.2001 |
142 |
*********************************************************** |
143 |
Comments: |
144 |
Displays a Unix timestamp of the number of seconds |
145 |
elapsed from 0:00:00 January 1, 1970 GMT |
146 |
**********************************************************/ |
147 |
function getmicrotime(){ |
148 |
list($usec, $sec) = explode(" ",microtime()); |
149 |
return ((float)$usec + (float)$sec); |
150 |
} |
151 |
|
152 |
|
153 |
/********************************************************** |
154 |
Method: secondsRemaining |
155 |
Author: Paul Bramscher |
156 |
Last Modified: 10.09.2001 |
157 |
*********************************************************** |
158 |
Comments: |
159 |
Returns the number of seconds remaining for this |
160 |
session before expiration. |
161 |
**********************************************************/ |
162 |
function secondsRemaining(){ |
163 |
return (float) $this->time_expire - (float) $this->getmicrotime(); |
164 |
} |
165 |
|
166 |
/********************************************************** |
167 |
Method: generateSessionID |
168 |
Author: Paul Bramscher |
169 |
Last Modified: 10.04.2001 |
170 |
*********************************************************** |
171 |
Comments: |
172 |
Seeds a random number generator with the system time |
173 |
and generates a md5 hash value. The value is confirmed |
174 |
against the session table in the rare instance it |
175 |
already exists. If so, another attempt is made. |
176 |
**********************************************************/ |
177 |
function generateSessionID() { |
178 |
$con_session = $this->con_session; |
179 |
|
180 |
// Seed with current time & generate the md5 hash |
181 |
mt_srand((double)microtime()*1000000); |
182 |
$hash = md5(mt_rand(0,9999)); |
183 |
|
184 |
// Variable declarations |
185 |
$duplicate = 1; |
186 |
|
187 |
// The SQL |
188 |
$sql = "SELECT * FROM session where session_id = '" . $hash . "'"; |
189 |
$rs = xx_query($sql, $con_session); |
190 |
$duplicate = xx_num_rows($rs); |
191 |
if ($duplicate > 0) { |
192 |
$duplicate = 1; |
193 |
$hash = "0"; |
194 |
} |
195 |
|
196 |
return $hash; |
197 |
} |
198 |
|
199 |
|
200 |
/********************************************************** |
201 |
Method: setProperties |
202 |
Author: Paul Bramscher |
203 |
Last Modified: 10.9.2001 |
204 |
*********************************************************** |
205 |
Comments: |
206 |
This member function sets the $valid, $time_human, |
207 |
$time_unix, and $500_id properties of an instantiation of the |
208 |
sessionClass object. It is called whenever the class is |
209 |
instantiated, either immediately after creating a new |
210 |
session, or testing an existing session ID. |
211 |
**********************************************************/ |
212 |
function setProperties($session_id, $user_ip) { |
213 |
|
214 |
// Collect some important values |
215 |
$con_session = $this->con_session; |
216 |
|
217 |
// Pure all expired sessions |
218 |
$this->expireSessions(); |
219 |
|
220 |
// Assume this is an invalid session |
221 |
$valid = 0; |
222 |
|
223 |
// Generate the SQL |
224 |
$sql = "SELECT * from session where session_id = '" |
225 |
. $session_id |
226 |
. "' AND user_ip = '" |
227 |
. $user_ip |
228 |
."'"; |
229 |
$rs = xx_query($sql, $con_session); |
230 |
$valid = xx_num_rows($rs); |
231 |
$row = xx_fetch_array ($rs); |
232 |
$time_human = $row["time_human"]; |
233 |
$time_unix = $row["time_unix"]; |
234 |
$time_expire = $row["time_expire"]; |
235 |
$session_id = $row["session_id"]; |
236 |
$staff_account = $row["staff_account"]; |
237 |
|
238 |
// Valid session, load all of the member properties. |
239 |
if ($valid > 0) { |
240 |
$this->valid = 1; |
241 |
$this->time_human = $time_human; |
242 |
$this->time_unix = $time_unix; |
243 |
$this->time_expire = $time_expire; |
244 |
$this->user_ip = $user_ip; |
245 |
$this->session_id = $session_id; |
246 |
$this->staff_account = $staff_account; |
247 |
} |
248 |
// Expired or invalid. Reset all of the member properties. |
249 |
else { |
250 |
$this->valid = 0; |
251 |
$this->time_human = ""; |
252 |
$this->time_unix = ""; |
253 |
$this->time_expire = ""; |
254 |
$this->staff_account = ""; |
255 |
$this->user_ip = ""; |
256 |
$this->session_id = ""; |
257 |
} |
258 |
} |
259 |
|
260 |
|
261 |
/********************************************************** |
262 |
Method: logoutSessionID |
263 |
Author: Paul Bramscher |
264 |
Last Modified: 10.09.2001 |
265 |
*********************************************************** |
266 |
Comments: |
267 |
When a user decides to logout, the session ID is deleted |
268 |
from the session table. |
269 |
**********************************************************/ |
270 |
function logoutSessionID() { |
271 |
|
272 |
// Initialize |
273 |
$con_session = $this->con_session; |
274 |
|
275 |
// Fetch user ip |
276 |
$user_ip = $GLOBALS["REMOTE_ADDR"]; |
277 |
|
278 |
// Continue only if the current IP matches the object IP, and the |
279 |
// session is currently valid. |
280 |
if ($user_ip == $this->user_ip && $this->valid == 1) { |
281 |
|
282 |
// Get the object's session_id |
283 |
$session_id = $this->session_id; |
284 |
|
285 |
// Build the SQL line to delete |
286 |
$sql = "DELETE FROM session WHERE session_id = '" |
287 |
. $session_id |
288 |
. "' AND user_ip = '" |
289 |
. $user_ip |
290 |
. "'"; |
291 |
|
292 |
//xx_query ("LOCK TABLE session WRITE", $con_session); |
293 |
if (!xx_query($sql, $con_session)){ |
294 |
xx_query ("UNLOCK TABLES", $con_session); |
295 |
$this->bailout(); |
296 |
} |
297 |
else { |
298 |
xx_query("UNLOCK TABLES", $con_session); |
299 |
$this->setProperties($session_id, $user_ip); |
300 |
} |
301 |
|
302 |
|
303 |
// Kill the client-side cookie, set expiration equal to an hour ago. |
304 |
setcookie ("libsession", "", time() - 3600); |
305 |
|
306 |
} |
307 |
|
308 |
} |
309 |
|
310 |
|
311 |
/********************************************************** |
312 |
Method: expireSessions |
313 |
Author: Paul Bramscher |
314 |
Last Modified: 10.9.2001 |
315 |
*********************************************************** |
316 |
Comments: |
317 |
This function is called periodically to cull expired |
318 |
sessions from the table. It ought to be called in tandem |
319 |
with any |
320 |
**********************************************************/ |
321 |
function expireSessions() { |
322 |
$con_session = $this->con_session; |
323 |
|
324 |
// Fetch current microtime |
325 |
$time_unix = $this->getmicrotime(); |
326 |
|
327 |
$sql = "DELETE FROM session where time_expire < " . $time_unix; |
328 |
|
329 |
if (!xx_query($sql, $con_session)){ |
330 |
sql_err($con_session); |
331 |
xx_query ("UNLOCK TABLES", $con_session); |
332 |
bailout(); |
333 |
} |
334 |
else { |
335 |
xx_query("UNLOCK TABLES", $con_session); |
336 |
} |
337 |
} // end of function |
338 |
} // end of class |
339 |
?> |