From a5a19fd672bc0b8113d620669b557f17dccd343a Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Thu, 26 Oct 2006 13:35:12 +0000 Subject: Moved itools to live branch --- session.class | 231 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 231 insertions(+) create mode 100644 session.class (limited to 'session.class') diff --git a/session.class b/session.class new file mode 100644 index 0000000..afc5a38 --- /dev/null +++ b/session.class @@ -0,0 +1,231 @@ +cookiename = _IT_SESSION_COOKIE; + $this->lifetime = _IT_SESSION_LIFETIME; + $this->secret = _IT_SESSION_SECRET; +/* + * NOTE: Does not work with dynamic IPs (dialup with low timeout, + * load balanced Proxies and maybe more weird stuff). + * $this->address = $_SERVER['REMOTE_ADDR'] . '/' . $_SERVER['HTTP_X_FORWARDED_FOR']; + */ + $this->ssl = !empty($_SERVER['HTTPS']); +} + + +function set_cookiename($cookiename) +{ + if ($cookiename) + $this->cookiename = $cookiename; +} + + +function get_uid() +{ + return $this->uid; +} + + +function set_uid($uid) +{ + $this->uid = $uid; +} + + +function set_domain($domain) +{ + $this->domain = $domain; +} + + +function set_lifetime($lifetime) +{ + $this->lifetime = $lifetime; +} + + +function set_secret($secret) +{ + $this->secret = $secret; +} + + +function init() +{ + /* Got a cookie? */ + if ($this->hascookies = isset($_COOKIE[$this->cookiename])) + $this->cookie = $_COOKIE[$this->cookiename]; + else + $this->cookie = ''; + #debug("hascookies '$this->hascookies', '$this->cookie', " . $_COOKIE[$this->cookiename]); + + $now = time(); + /* + * Valid time range is now - 1/2 lifetime to now + 1/2 lifetime + * I.e. session has to be either from start or now + */ + $this->now = $now - ($now % ($this->lifetime / 2)); + $this->prev = $this->now - ($this->lifetime / 2); + + /* Set user id from valid session */ + $this->uid = substr($this->cookie, 1, strlen($this->cookie) - 33); + + if (!$this->is_valid()) + $this->uid = ""; + + #debug("it_session::new session=$this->cookie, user=$this->uid"); +} + + +/* INTERNAL: Create session id from session data */ +function _mkcookie($uid, $timeslot) +{ + return "A" . $uid . md5("$uid,$this->domain,$this->address,$this->secret,$timeslot"); +} + + +/* Check if this session is valid */ +function is_valid() +{ + $result = true; + + if ($this->_mkcookie($this->uid, $this->now) != $this->cookie) + { + /* Check if using id from previous time slot */ + if ($this->_mkcookie($this->uid, $this->prev) == $this->cookie) + $this->set_valid(); /* Rejuvenate session */ + else + $result = false; + } + + return $result; +} + + +/* + * Validate this session + * @param $valid Should this session be validated or invalidated? + * @param $login_identifier_required Does session validation require login magic? + * @param $login_identifier Session validation magic cookie to be checked + * @return true if successful + */ +function set_valid($valid = true, $login_identifier_required = false, $login_identifier = "") +{ + $result = false; + + if ($valid && (!$login_identifier_required || ($login_identifier == $this->_mkcookie("", $this->cookie)))) + { + $this->cookie = $this->_mkcookie($this->uid, $this->now); + $result = true; + } + else + { + $this->cookie = md5(uniqid(rand())); /* random garbage */ + $result = !$valid; /* Setting to invalid succeeded or setting to valid failed */ + } + + @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl); + $_COOKIE[$this->cookiename] = $this->cookie; + + return $result; +} + + +function purge() +{ + $this->cookie = ""; + $_COOKIE[$this->cookiename] = ""; + $this->uid = ""; +} + + +/* + * Create a login identifier and set session to login identifier 'secret' value + * Returns a value to be put into the login