diff options
Diffstat (limited to 'devel-utf8/it_session.class')
| -rw-r--r-- | devel-utf8/it_session.class | 247 |
1 files changed, 0 insertions, 247 deletions
diff --git a/devel-utf8/it_session.class b/devel-utf8/it_session.class deleted file mode 100644 index ed99842..0000000 --- a/devel-utf8/it_session.class +++ /dev/null @@ -1,247 +0,0 @@ -<?php -/* -** $Id$ -** -** Copyright (C) 1995-2007 by the ITools Authors. -** This file is part of ITools - the Internet Tools Library -** -** ITools is free software; you can redistribute it and/or modify -** it under the terms of the GNU General Public License as published by -** the Free Software Foundation; either version 3 of the License, or -** (at your option) any later version. -** -** ITools is distributed in the hope that it will be useful, -** but WITHOUT ANY WARRANTY; without even the implied warranty of -** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -** GNU General Public License for more details. -** -** You should have received a copy of the GNU General Public License -** along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -/* Default values */ -define('_IT_SESSION_COOKIE', 'SESSION'); -define('_IT_SESSION_COOKIE_EXPIRY', 0); -define('_IT_SESSION_LIFETIME', 3600); - -class it_session -{ - /* PRIVATE */ - var $cookiename; /* Cookie to store session */ - var $cookie; /* Session identifier of this session */ - var $uid; /* Session user id */ - var $domain = ''; /* Session domain (e.g. ".relog.ch") */ - var $address = ''; /* Guessed IP address of client */ - var $ssl; /* Session using SSL? */ - var $lifetime; /* Session life-time in seconds */ - var $secret; /* Session secret to generate session ids */ - var $now; /* This session start time slot */ - var $prev; /* Previous session start time slot */ - var $hascookies; /* Do cookies work? Used by has_cookies() */ - -/* Constructor */ -function it_session() -{ - $this->cookiename = _IT_SESSION_COOKIE; - $this->lifetime = _IT_SESSION_LIFETIME; -/* - * NOTE: Does not work with dynamic IPs (dialup with low timeout, - * load balanced Proxies and maybe more weird stuff). - * $this->address = $_SERVER['REMOTE_ADDR'] . '/' . $_SERVER['HTTP_X_FORWARDED_FOR']; - */ - $this->ssl = !empty($_SERVER['HTTPS']); -} - - -function set_cookiename($cookiename) -{ - if ($cookiename) - $this->cookiename = $cookiename; -} - - -function get_uid() -{ - return $this->uid; -} - - -function set_uid($uid) -{ - $this->uid = $uid; -} - - -function set_domain($domain) -{ - $this->domain = $domain; -} - - -function set_lifetime($lifetime) -{ - $this->lifetime = $lifetime; -} - - -function set_secret($secret) -{ - $this->secret = $secret; -} - - -function init() -{ - if (empty($this->secret)) - it::fatal('it_session requires secret to be set'); - - /* Got a cookie? */ - if ($this->hascookies = isset($_COOKIE[$this->cookiename])) - $this->cookie = $_COOKIE[$this->cookiename]; - else - $this->cookie = ''; - #debug("hascookies '$this->hascookies', '$this->cookie', " . $_COOKIE[$this->cookiename]); - - $now = time(); - /* - * Valid time range is now - 1/2 lifetime to now + 1/2 lifetime - * I.e. session has to be either from start or now - */ - $this->now = $now - ($now % ($this->lifetime / 2)); - $this->prev = $this->now - ($this->lifetime / 2); - - /* Set user id from valid session */ - $this->uid = substr($this->cookie, 1, strlen($this->cookie) - 33); - - if (!$this->is_valid()) - $this->uid = ""; - - #debug("it_session::new session=$this->cookie, user=$this->uid"); -} - - -/* INTERNAL: Create session id from session data */ -function _mkcookie($uid, $timeslot) -{ - return "A" . $uid . md5("$uid,$this->domain,$this->address,$this->secret,$timeslot"); -} - - -/* Check if this session is valid */ -function is_valid() -{ - $result = true; - - if ($this->_mkcookie($this->uid, $this->now) != $this->cookie) - { - /* Check if using id from previous time slot */ - if ($this->_mkcookie($this->uid, $this->prev) == $this->cookie) - $this->set_valid(); /* Rejuvenate session */ - else - $result = false; - } - - return $result; -} - - -/* - * Validate this session - * @param $valid Should this session be validated or invalidated? - * @param $login_identifier_required Does session validation require login magic? - * @param $login_identifier Session validation magic cookie to be checked - * @return true if successful - */ -function set_valid($valid = true, $login_identifier_required = false, $login_identifier = "") -{ - $result = false; - - if ($valid && (!$login_identifier_required || ($login_identifier == $this->_mkcookie("", $this->cookie)))) - { - $this->cookie = $this->_mkcookie($this->uid, $this->now); - $result = true; - } - else - { - $this->cookie = md5(uniqid(rand())); /* random garbage */ - $result = !$valid; /* Setting to invalid succeeded or setting to valid failed */ - } - - @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); - $_COOKIE[$this->cookiename] = $this->cookie; - - return $result; -} - - -function purge() -{ - $this->cookie = ""; - $_COOKIE[$this->cookiename] = ""; - $this->uid = ""; -} - - -/* - * Create a login identifier and set session to login identifier 'secret' value - * Returns a value to be put into the login <form> which has to be passed to - * set_valid() to create a valid session - */ -function create_login_identifier() -{ - if (!$this->cookie) - { - $this->cookie = md5(uniqid(rand())); /* random garbage */ - @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); - } - - $login_identifier = $this->_mkcookie("", $this->cookie); - - return $login_identifier; -} - -/* - * Check if cookies are enabled. - * NOTE: Only works if you used create_login_identifier() on previous page - */ -function has_cookies() -{ - return $this->hascookies; -} - - -/* - * Sign string for current session - * @param $text Text to be signed - * @return Signature for $text - */ -function _sign($text, $timeslot) -{ - return "B" . md5("$text,$this->uid,$this->domain,$this->address,$this->secret,$timeslot"); -} - -/* - * Sign string for current session - * @param $text Text to be signed - * @return Signature for $text - */ -function create_signature($text) -{ - return $this->_sign($text, $this->now); -} - -/* - * Check signature for string for current session - * @param $text Text which was signed - * @param $signature Signature to be checked - * @return True if signature ok, false otherwise - */ -function check_signature($text, $signature) -{ - return (($this->_sign($text, $this->now) == $signature) || - ($this->_sign($text, $this->prev) == $signature)); -} - -} /* End class it_user */ - -?> |