summaryrefslogtreecommitdiff
path: root/devel-utf8/it_session.class
diff options
context:
space:
mode:
authorNathan Gass2012-03-22 18:19:43 +0000
committerNathan Gass2012-03-22 18:19:43 +0000
commit1336ce6ac3baacd1cecbf776cfafa81f8d025272 (patch)
tree3924b3e2e12a5d5ea3b40890477d5e070498543c /devel-utf8/it_session.class
parentd59a4921188753dbe4c0161081755a28112c3ef6 (diff)
downloaditools-1336ce6ac3baacd1cecbf776cfafa81f8d025272.tar.gz
itools-1336ce6ac3baacd1cecbf776cfafa81f8d025272.tar.bz2
itools-1336ce6ac3baacd1cecbf776cfafa81f8d025272.zip
Wrong branch itools/live/devel-utf8 removed
Diffstat (limited to 'devel-utf8/it_session.class')
-rw-r--r--devel-utf8/it_session.class247
1 files changed, 0 insertions, 247 deletions
diff --git a/devel-utf8/it_session.class b/devel-utf8/it_session.class
deleted file mode 100644
index ed99842..0000000
--- a/devel-utf8/it_session.class
+++ /dev/null
@@ -1,247 +0,0 @@
-<?php
-/*
-** $Id$
-**
-** Copyright (C) 1995-2007 by the ITools Authors.
-** This file is part of ITools - the Internet Tools Library
-**
-** ITools is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 3 of the License, or
-** (at your option) any later version.
-**
-** ITools is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/* Default values */
-define('_IT_SESSION_COOKIE', 'SESSION');
-define('_IT_SESSION_COOKIE_EXPIRY', 0);
-define('_IT_SESSION_LIFETIME', 3600);
-
-class it_session
-{
- /* PRIVATE */
- var $cookiename; /* Cookie to store session */
- var $cookie; /* Session identifier of this session */
- var $uid; /* Session user id */
- var $domain = ''; /* Session domain (e.g. ".relog.ch") */
- var $address = ''; /* Guessed IP address of client */
- var $ssl; /* Session using SSL? */
- var $lifetime; /* Session life-time in seconds */
- var $secret; /* Session secret to generate session ids */
- var $now; /* This session start time slot */
- var $prev; /* Previous session start time slot */
- var $hascookies; /* Do cookies work? Used by has_cookies() */
-
-/* Constructor */
-function it_session()
-{
- $this->cookiename = _IT_SESSION_COOKIE;
- $this->lifetime = _IT_SESSION_LIFETIME;
-/*
- * NOTE: Does not work with dynamic IPs (dialup with low timeout,
- * load balanced Proxies and maybe more weird stuff).
- * $this->address = $_SERVER['REMOTE_ADDR'] . '/' . $_SERVER['HTTP_X_FORWARDED_FOR'];
- */
- $this->ssl = !empty($_SERVER['HTTPS']);
-}
-
-
-function set_cookiename($cookiename)
-{
- if ($cookiename)
- $this->cookiename = $cookiename;
-}
-
-
-function get_uid()
-{
- return $this->uid;
-}
-
-
-function set_uid($uid)
-{
- $this->uid = $uid;
-}
-
-
-function set_domain($domain)
-{
- $this->domain = $domain;
-}
-
-
-function set_lifetime($lifetime)
-{
- $this->lifetime = $lifetime;
-}
-
-
-function set_secret($secret)
-{
- $this->secret = $secret;
-}
-
-
-function init()
-{
- if (empty($this->secret))
- it::fatal('it_session requires secret to be set');
-
- /* Got a cookie? */
- if ($this->hascookies = isset($_COOKIE[$this->cookiename]))
- $this->cookie = $_COOKIE[$this->cookiename];
- else
- $this->cookie = '';
- #debug("hascookies '$this->hascookies', '$this->cookie', " . $_COOKIE[$this->cookiename]);
-
- $now = time();
- /*
- * Valid time range is now - 1/2 lifetime to now + 1/2 lifetime
- * I.e. session has to be either from start or now
- */
- $this->now = $now - ($now % ($this->lifetime / 2));
- $this->prev = $this->now - ($this->lifetime / 2);
-
- /* Set user id from valid session */
- $this->uid = substr($this->cookie, 1, strlen($this->cookie) - 33);
-
- if (!$this->is_valid())
- $this->uid = "";
-
- #debug("it_session::new session=$this->cookie, user=$this->uid");
-}
-
-
-/* INTERNAL: Create session id from session data */
-function _mkcookie($uid, $timeslot)
-{
- return "A" . $uid . md5("$uid,$this->domain,$this->address,$this->secret,$timeslot");
-}
-
-
-/* Check if this session is valid */
-function is_valid()
-{
- $result = true;
-
- if ($this->_mkcookie($this->uid, $this->now) != $this->cookie)
- {
- /* Check if using id from previous time slot */
- if ($this->_mkcookie($this->uid, $this->prev) == $this->cookie)
- $this->set_valid(); /* Rejuvenate session */
- else
- $result = false;
- }
-
- return $result;
-}
-
-
-/*
- * Validate this session
- * @param $valid Should this session be validated or invalidated?
- * @param $login_identifier_required Does session validation require login magic?
- * @param $login_identifier Session validation magic cookie to be checked
- * @return true if successful
- */
-function set_valid($valid = true, $login_identifier_required = false, $login_identifier = "")
-{
- $result = false;
-
- if ($valid && (!$login_identifier_required || ($login_identifier == $this->_mkcookie("", $this->cookie))))
- {
- $this->cookie = $this->_mkcookie($this->uid, $this->now);
- $result = true;
- }
- else
- {
- $this->cookie = md5(uniqid(rand())); /* random garbage */
- $result = !$valid; /* Setting to invalid succeeded or setting to valid failed */
- }
-
- @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true);
- $_COOKIE[$this->cookiename] = $this->cookie;
-
- return $result;
-}
-
-
-function purge()
-{
- $this->cookie = "";
- $_COOKIE[$this->cookiename] = "";
- $this->uid = "";
-}
-
-
-/*
- * Create a login identifier and set session to login identifier 'secret' value
- * Returns a value to be put into the login <form> which has to be passed to
- * set_valid() to create a valid session
- */
-function create_login_identifier()
-{
- if (!$this->cookie)
- {
- $this->cookie = md5(uniqid(rand())); /* random garbage */
- @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true);
- }
-
- $login_identifier = $this->_mkcookie("", $this->cookie);
-
- return $login_identifier;
-}
-
-/*
- * Check if cookies are enabled.
- * NOTE: Only works if you used create_login_identifier() on previous page
- */
-function has_cookies()
-{
- return $this->hascookies;
-}
-
-
-/*
- * Sign string for current session
- * @param $text Text to be signed
- * @return Signature for $text
- */
-function _sign($text, $timeslot)
-{
- return "B" . md5("$text,$this->uid,$this->domain,$this->address,$this->secret,$timeslot");
-}
-
-/*
- * Sign string for current session
- * @param $text Text to be signed
- * @return Signature for $text
- */
-function create_signature($text)
-{
- return $this->_sign($text, $this->now);
-}
-
-/*
- * Check signature for string for current session
- * @param $text Text which was signed
- * @param $signature Signature to be checked
- * @return True if signature ok, false otherwise
- */
-function check_signature($text, $signature)
-{
- return (($this->_sign($text, $this->now) == $signature) ||
- ($this->_sign($text, $this->prev) == $signature));
-}
-
-} /* End class it_user */
-
-?>