1 |
<?php |
2 |
class sessionClass { |
3 |
|
4 |
/********************************************************** |
5 |
sessionClass Properties |
6 |
Author: Paul Bramscher |
7 |
Last Modified: 10.29.2002 |
8 |
*********************************************************** |
9 |
Comments: |
10 |
For documentation, see separate Word-format .DOC file. |
11 |
**********************************************************/ |
12 |
var $con_session; |
13 |
var $result_session; |
14 |
var $user_ip; |
15 |
var $staff_account; |
16 |
var $session_id; |
17 |
var $valid; |
18 |
var $time_human; |
19 |
var $time_unix; |
20 |
var $time_expire; |
21 |
|
22 |
// Default session duration parameters |
23 |
var $default_duration = 120; |
24 |
var $max_duration = 43200; |
25 |
|
26 |
// Database variables |
27 |
var $db_session = "libsession"; |
28 |
var $db_session_srv = "localhost"; |
29 |
var $db_session_usr = "libsession"; |
30 |
var $db_session_pwd = "libsessionpw"; |
31 |
|
32 |
|
33 |
/********************************************************** |
34 |
Constructor Method: sessionClass |
35 |
Author: Paul Bramscher |
36 |
Last Modified: 10.29.2002 |
37 |
*********************************************************** |
38 |
Comments: |
39 |
Generates a unique session ID, fetches the system time and |
40 |
writes it into a table. |
41 |
**********************************************************/ |
42 |
function sessionClass($duration, $session_id, $staff_account) { |
43 |
|
44 |
// Set the database connection variables |
45 |
$this->con_session = @xx_connect ( $this->db_session_srv, $this->db_session_usr, $this->db_session_pwd ) |
46 |
or die ( "ERROR: Could not connect to database server!" ); |
47 |
$this->result_session = xx_select_db ( $this->db_session, $this->con_session ) |
48 |
or die ( "ERROR: Could not connect to database!" ); |
49 |
|
50 |
// Fetch user ip |
51 |
$user_ip = $GLOBALS["REMOTE_ADDR"]; |
52 |
|
53 |
// Determine whether to generate a new session |
54 |
If ($session_id == "" && strlen($staff_account) > 0) { |
55 |
|
56 |
// Generate a session ID and store it |
57 |
$this->session_id = $this->generateSessionID(); |
58 |
$session_id = $this->session_id; |
59 |
|
60 |
// Fetch a unix microsecond timestamp |
61 |
$time_unix = $this->getmicrotime(); |
62 |
|
63 |
// Attempt to use a non-default session duration |
64 |
if ( (float) $duration > 0) { |
65 |
if ( (float) $duration > $this->max_duration) $duration = $this->max_duration; |
66 |
$time_expire = (float) $duration + (float) $time_unix; |
67 |
} |
68 |
// Otherwise use the default duration |
69 |
else $time_expire = (float) $this->default_duration + (float) $time_unix; |
70 |
|
71 |
// Calculate human-readable and mySQL-friendly date-time format |
72 |
$time_convert = getdate($time_unix); |
73 |
$mon = $time_convert[mon]; |
74 |
$mday = $time_convert[mday]; |
75 |
$year = $time_convert[year]; |
76 |
$hours = $time_convert[hours]; |
77 |
$minutes = $time_convert[minutes]; |
78 |
$seconds = $time_convert[seconds]; |
79 |
|
80 |
// Back-fill in case we have single-digits. |
81 |
if (strlen($mday) < 2) $mday = "0" . $mday; |
82 |
if (strlen($mon) < 2) $mon = "0" . $mon; |
83 |
if (strlen($hours) < 2) $hours = "0" . $hours; |
84 |
if (strlen($minutes) < 2) $minutes = "0" . $minutes; |
85 |
if (strlen($seconds) < 2) $seconds = "0" . $seconds; |
86 |
|
87 |
// Generate a mySQL-friendly stamp |
88 |
$time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds; |
89 |
|
90 |
// Build the SQL line to insert it into the database |
91 |
$sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) VALUES ('" |
92 |
. $staff_account |
93 |
. "', '" |
94 |
. $user_ip |
95 |
. "', '" |
96 |
. $session_id |
97 |
. "', '" |
98 |
. $time_human |
99 |
. "', '" |
100 |
. $time_unix |
101 |
. "', '" |
102 |
. $time_expire |
103 |
. "')"; |
104 |
|
105 |
// xx_query ("LOCK TABLE session WRITE", $this->con_session); |
106 |
if (!xx_query($sql, $this->con_session)){ |
107 |
xx_query ("UNLOCK TABLES", $this->con_session); |
108 |
$this->bailout(); |
109 |
} |
110 |
else { |
111 |
xx_query("UNLOCK TABLES", $this->con_session); |
112 |
} |
113 |
|
114 |
|
115 |
// Set the client libsession cookie. Expiration equals expiration in the database |
116 |
setcookie ("libsession", $session_id, $time_expire); /* expire in 1 hour */ |
117 |
|
118 |
|
119 |
} // finished generating a new session |
120 |
|
121 |
|
122 |
// Whether or not this is a new session, set the object properties |
123 |
$this->setProperties($session_id, $user_ip); |
124 |
} |
125 |
|
126 |
|
127 |
/********************************************************** |
128 |
Method: bailout |
129 |
Author: Paul Bramscher |
130 |
Last Modified: 10.04.2001 |
131 |
*********************************************************** |
132 |
Comments: |
133 |
Attempt to gracefully finish out HTML in the event of a |
134 |
severe mySQL database problem. |
135 |
**********************************************************/ |
136 |
function bailout() { |
137 |
die ( "Bailing Out!<br>\n</body></html>\n" ); |
138 |
} |
139 |
|
140 |
|
141 |
/********************************************************** |
142 |
Method: getmicrotime |
143 |
Author: http://www.php.net microtime example |
144 |
Last Modified: 10.04.2001 |
145 |
*********************************************************** |
146 |
Comments: |
147 |
Displays a Unix timestamp of the number of seconds |
148 |
elapsed from 0:00:00 January 1, 1970 GMT |
149 |
**********************************************************/ |
150 |
function getmicrotime(){ |
151 |
list($usec, $sec) = explode(" ",microtime()); |
152 |
return ((float)$usec + (float)$sec); |
153 |
} |
154 |
|
155 |
|
156 |
/********************************************************** |
157 |
Method: secondsRemaining |
158 |
Author: Paul Bramscher |
159 |
Last Modified: 10.09.2001 |
160 |
*********************************************************** |
161 |
Comments: |
162 |
Returns the number of seconds remaining for this |
163 |
session before expiration. |
164 |
**********************************************************/ |
165 |
function secondsRemaining(){ |
166 |
return (float) $this->time_expire - (float) $this->getmicrotime(); |
167 |
} |
168 |
|
169 |
/********************************************************** |
170 |
Method: generateSessionID |
171 |
Author: Paul Bramscher |
172 |
Last Modified: 10.04.2001 |
173 |
*********************************************************** |
174 |
Comments: |
175 |
Seeds a random number generator with the system time |
176 |
and generates a md5 hash value. The value is confirmed |
177 |
against the session table in the rare instance it |
178 |
already exists. If so, another attempt is made. |
179 |
**********************************************************/ |
180 |
function generateSessionID() { |
181 |
$con_session = $this->con_session; |
182 |
|
183 |
// Seed with current time & generate the md5 hash |
184 |
mt_srand((double)microtime()*1000000); |
185 |
$hash = md5(mt_rand(0,9999)); |
186 |
|
187 |
// Variable declarations |
188 |
$duplicate = 1; |
189 |
|
190 |
// The SQL |
191 |
$sql = "SELECT * FROM session where session_id = '" . $hash . "'"; |
192 |
$rs = xx_query($sql, $con_session); |
193 |
$duplicate = xx_num_rows($rs); |
194 |
if ($duplicate > 0) { |
195 |
$duplicate = 1; |
196 |
$hash = "0"; |
197 |
} |
198 |
|
199 |
return $hash; |
200 |
} |
201 |
|
202 |
|
203 |
/********************************************************** |
204 |
Method: setProperties |
205 |
Author: Paul Bramscher |
206 |
Last Modified: 10.9.2001 |
207 |
*********************************************************** |
208 |
Comments: |
209 |
This member function sets the $valid, $time_human, |
210 |
$time_unix, and $500_id properties of an instantiation of the |
211 |
sessionClass object. It is called whenever the class is |
212 |
instantiated, either immediately after creating a new |
213 |
session, or testing an existing session ID. |
214 |
**********************************************************/ |
215 |
function setProperties($session_id, $user_ip) { |
216 |
|
217 |
// Collect some important values |
218 |
$con_session = $this->con_session; |
219 |
|
220 |
// Pure all expired sessions |
221 |
$this->expireSessions(); |
222 |
|
223 |
// Assume this is an invalid session |
224 |
$valid = 0; |
225 |
|
226 |
// Generate the SQL |
227 |
$sql = "SELECT * from session where session_id = '" |
228 |
. $session_id |
229 |
. "' AND user_ip = '" |
230 |
. $user_ip |
231 |
."'"; |
232 |
$rs = xx_query($sql, $con_session); |
233 |
$valid = xx_num_rows($rs); |
234 |
$row = xx_fetch_array ($rs); |
235 |
$time_human = $row["time_human"]; |
236 |
$time_unix = $row["time_unix"]; |
237 |
$time_expire = $row["time_expire"]; |
238 |
$session_id = $row["session_id"]; |
239 |
$staff_account = $row["staff_account"]; |
240 |
|
241 |
// Valid session, load all of the member properties. |
242 |
if ($valid > 0) { |
243 |
$this->valid = 1; |
244 |
$this->time_human = $time_human; |
245 |
$this->time_unix = $time_unix; |
246 |
$this->time_expire = $time_expire; |
247 |
$this->user_ip = $user_ip; |
248 |
$this->session_id = $session_id; |
249 |
$this->staff_account = $staff_account; |
250 |
} |
251 |
// Expired or invalid. Reset all of the member properties. |
252 |
else { |
253 |
$this->valid = 0; |
254 |
$this->time_human = ""; |
255 |
$this->time_unix = ""; |
256 |
$this->time_expire = ""; |
257 |
$this->staff_account = ""; |
258 |
$this->user_ip = ""; |
259 |
$this->session_id = ""; |
260 |
} |
261 |
} |
262 |
|
263 |
|
264 |
/********************************************************** |
265 |
Method: logoutSessionID |
266 |
Author: Paul Bramscher |
267 |
Last Modified: 10.09.2001 |
268 |
*********************************************************** |
269 |
Comments: |
270 |
When a user decides to logout, the session ID is deleted |
271 |
from the session table. |
272 |
**********************************************************/ |
273 |
function logoutSessionID() { |
274 |
|
275 |
// Initialize |
276 |
$con_session = $this->con_session; |
277 |
|
278 |
// Fetch user ip |
279 |
$user_ip = $GLOBALS["REMOTE_ADDR"]; |
280 |
|
281 |
// Continue only if the current IP matches the object IP, and the |
282 |
// session is currently valid. |
283 |
if ($user_ip == $this->user_ip && $this->valid == 1) { |
284 |
|
285 |
// Get the object's session_id |
286 |
$session_id = $this->session_id; |
287 |
|
288 |
// Build the SQL line to delete |
289 |
$sql = "DELETE FROM session WHERE session_id = '" |
290 |
. $session_id |
291 |
. "' AND user_ip = '" |
292 |
. $user_ip |
293 |
. "'"; |
294 |
|
295 |
//xx_query ("LOCK TABLE session WRITE", $con_session); |
296 |
if (!xx_query($sql, $con_session)){ |
297 |
xx_query ("UNLOCK TABLES", $con_session); |
298 |
$this->bailout(); |
299 |
} |
300 |
else { |
301 |
xx_query("UNLOCK TABLES", $con_session); |
302 |
$this->setProperties($session_id, $user_ip); |
303 |
} |
304 |
|
305 |
|
306 |
// Kill the client-side cookie, set expiration equal to an hour ago. |
307 |
setcookie ("libsession", "", time() - 3600); |
308 |
|
309 |
} |
310 |
|
311 |
} |
312 |
|
313 |
|
314 |
/********************************************************** |
315 |
Method: expireSessions |
316 |
Author: Paul Bramscher |
317 |
Last Modified: 10.9.2001 |
318 |
*********************************************************** |
319 |
Comments: |
320 |
This function is called periodically to cull expired |
321 |
sessions from the table. It ought to be called in tandem |
322 |
with any |
323 |
**********************************************************/ |
324 |
function expireSessions() { |
325 |
$con_session = $this->con_session; |
326 |
|
327 |
// Fetch current microtime |
328 |
$time_unix = $this->getmicrotime(); |
329 |
|
330 |
$sql = "DELETE FROM session where time_expire < " . $time_unix; |
331 |
|
332 |
if (!xx_query($sql, $con_session)){ |
333 |
sql_err($con_session); |
334 |
xx_query ("UNLOCK TABLES", $con_session); |
335 |
bailout(); |
336 |
} |
337 |
else { |
338 |
xx_query("UNLOCK TABLES", $con_session); |
339 |
} |
340 |
} // end of function |
341 |
} // end of class |
342 |
?> |