admin/include/sessionClass.php

<?php
class sessionClass {

/**********************************************************
sessionClass Properties
Author: Paul Bramscher
Last Modified: 10.29.2002
***********************************************************
Comments:
For documentation, see separate Word-format .DOC file.
**********************************************************/
var $con_session;
var $result_session;
var $user_ip;
var $staff_account;
var $session_id;
var $valid;
var $time_human;
var $time_unix;
var $time_expire;

// Default session duration parameters
var $default_duration = 120;
var $max_duration = 43200;

// Database variables
var $db_session = "libsession";
var $db_session_srv = "yourlibrary.edu";
var $db_session_usr = "libsession";
var $db_session_pwd = "ch4ngeME";


/**********************************************************
Constructor Method: sessionClass
Author: Paul Bramscher
Last Modified: 10.29.2002
***********************************************************
Comments:
Generates a unique session ID, fetches the system time and
writes it into a table.
**********************************************************/
function sessionClass($duration, $session_id, $staff_account) {

        // Set the database connection variables        
        $this->con_session = @mysql_connect ( $this->db_session_srv, $this->db_session_usr, $this->db_session_pwd )
                or die ( "ERROR: Could not connect to database server!" );
        $this->result_session = mysql_select_db ( $this->db_session, $this->con_session )
                or die ( "ERROR: Could not connect to database!" );
                
        // Fetch user ip
        $user_ip = $GLOBALS["REMOTE_ADDR"];

        // Determine whether to generate a new session
        If ($session_id == "" && strlen($staff_account) > 0) {

                // Generate a session ID and store it
                $this->session_id = $this->generateSessionID();
                $session_id = $this->session_id;
                
                // Fetch a unix microsecond timestamp
                $time_unix = $this->getmicrotime();
                
                // Attempt to use a non-default session duration
                if ( (float) $duration > 0) {
                        if ( (float) $duration > $this->max_duration) $duration = $this->max_duration;
                        $time_expire = (float) $duration + (float) $time_unix;
                }
                // Otherwise use the default duration
                else $time_expire = (float) $this->default_duration + (float) $time_unix;

                // Calculate human-readable and mySQL-friendly date-time format
                $time_convert = getdate($time_unix);
                $mon = $time_convert[mon];                          
                $mday = $time_convert[mday];                        
                $year = $time_convert[year];
                $hours = $time_convert[hours];                        
                $minutes = $time_convert[minutes];
                $seconds = $time_convert[seconds];
        
                // Back-fill in case we have single-digits.      
                if (strlen($mday) < 2) $mday = "0" . $mday;
                if (strlen($mon) < 2) $mon = "0" . $mon;
                if (strlen($hours) < 2) $hours = "0" . $hours;   
                if (strlen($minutes) < 2) $minutes = "0" . $minutes;
                if (strlen($seconds) < 2) $seconds = "0" . $seconds;
        
                // Generate a mySQL-friendly stamp
                $time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds;
                
                // Build the SQL line to insert it into the database
                $sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) VALUES ('"
                        . $staff_account
                        . "', '"
                        . $user_ip
                        . "', '"
                        . $session_id
                        . "', '"
                        . $time_human
                        . "', '"
                        . $time_unix
                        . "', '"
                        . $time_expire  
                        . "')";
                
                // mysql_query ("LOCK TABLE session WRITE", $this->con_session);
                if (!mysql_query($sql, $this->con_session)){
                        mysql_query ("UNLOCK TABLES", $this->con_session);
                        $this->bailout();
                }
                else {
                        mysql_query("UNLOCK TABLES", $this->con_session);
                }


                // Set the client libsession cookie.  Expiration equals expiration in the database
                setcookie ("libsession", $session_id, $time_expire);  /* expire in 1 hour */


        } // finished generating a new session
        

        // Whether or not this is a new session, set the object properties
        $this->setProperties($session_id, $user_ip);
}


/**********************************************************
Method: bailout
Author: Paul Bramscher
Last Modified: 10.04.2001
***********************************************************
Comments:
Attempt to gracefully finish out HTML in the event of a
severe mySQL database problem.
**********************************************************/
function bailout() {
        die ( "Bailing Out!<br>\n</body></html>\n" );
}


/**********************************************************
Method: getmicrotime
Author: http://www.php.net microtime example
Last Modified: 10.04.2001
***********************************************************
Comments:
Displays a Unix timestamp of the number of seconds
elapsed from 0:00:00 January 1, 1970 GMT
**********************************************************/
function getmicrotime(){ 
        list($usec, $sec) = explode(" ",microtime()); 
        return ((float)$usec + (float)$sec); 
} 


/**********************************************************
Method: secondsRemaining
Author: Paul Bramscher
Last Modified: 10.09.2001
***********************************************************
Comments:
Returns the number of seconds remaining for this
session before expiration.
**********************************************************/
function secondsRemaining(){ 
        return (float) $this->time_expire - (float) $this->getmicrotime();
} 

/**********************************************************
Method: generateSessionID
Author: Paul Bramscher
Last Modified: 10.04.2001
***********************************************************
Comments:
Seeds a random number generator with the system time
and generates a md5 hash value.  The value is confirmed
against the session table in the rare instance it
already exists.  If so, another attempt is made.
**********************************************************/
function generateSessionID() {
        $con_session = $this->con_session;

        // Seed with current time & generate the md5 hash
        mt_srand((double)microtime()*1000000);
        $hash = md5(mt_rand(0,9999));
        
        // Variable declarations
        $duplicate = 1;

        // The SQL
        $sql = "SELECT * FROM session where session_id = '" . $hash . "'";
        $rs = mysql_query($sql, $con_session);
        $duplicate = mysql_num_rows($rs);
        if ($duplicate > 0) {
                $duplicate = 1;
                $hash = "0";
        }
        
        return $hash;
}


/**********************************************************
Method: setProperties
Author: Paul Bramscher
Last Modified: 10.9.2001
***********************************************************
Comments:
This member function sets the $valid, $time_human,
$time_unix, and $500_id properties of an instantiation of the
sessionClass object.  It is called whenever the class is
instantiated, either immediately after creating a new
session, or testing an existing session ID.
**********************************************************/
function setProperties($session_id, $user_ip) {

        // Collect some important values
        $con_session = $this->con_session;
        
        // Pure all expired sessions
        $this->expireSessions();
        
        // Assume this is an invalid session
        $valid = 0;
        
        // Generate the SQL
        $sql = "SELECT * from session where session_id = '"
                . $session_id
                . "' AND user_ip = '"
                . $user_ip
                ."'";
        $rs = mysql_query($sql, $con_session);
        $valid = mysql_num_rows($rs);
        $row = mysql_fetch_array ($rs);
        $time_human = $row["time_human"];
        $time_unix = $row["time_unix"];
        $time_expire = $row["time_expire"];
        $session_id = $row["session_id"];
        $staff_account = $row["staff_account"];

        // Valid session, load all of the member properties.
        if ($valid > 0) {
                $this->valid = 1;
                $this->time_human = $time_human;
                $this->time_unix = $time_unix;
                $this->time_expire = $time_expire;
                $this->user_ip = $user_ip;
                $this->session_id = $session_id;
                $this->staff_account = $staff_account;
        }
        // Expired or invalid.  Reset all of the member properties.
        else {
                $this->valid = 0;
                $this->time_human = "";
                $this->time_unix = "";
                $this->time_expire = "";
                $this->staff_account = "";
                $this->user_ip = "";
                $this->session_id = "";
        }
}


/**********************************************************
Method: logoutSessionID
Author: Paul Bramscher
Last Modified: 10.09.2001
***********************************************************
Comments:
When a user decides to logout, the session ID is deleted
from the session table.
**********************************************************/
function logoutSessionID() {

        // Initialize
        $con_session = $this->con_session;

        // Fetch user ip
        $user_ip = $GLOBALS["REMOTE_ADDR"];

        // Continue only if the current IP matches the object IP, and the
        // session is currently valid.
        if ($user_ip == $this->user_ip && $this->valid == 1) {
        
                // Get the object's session_id
                $session_id = $this->session_id;

                // Build the SQL line to delete
                $sql = "DELETE FROM session WHERE session_id = '"
                        . $session_id
                        . "' AND user_ip = '"
                        . $user_ip
                        . "'";

                //mysql_query ("LOCK TABLE session WRITE", $con_session);
                if (!mysql_query($sql, $con_session)){
                        mysql_query ("UNLOCK TABLES", $con_session);
                        $this->bailout();
                }
                else {
                        mysql_query("UNLOCK TABLES", $con_session);
                        $this->setProperties($session_id, $user_ip);
                }
                
                
                // Kill the client-side cookie, set expiration equal to an hour ago.
                setcookie ("libsession", "", time() - 3600);
                
        }
        
}


/**********************************************************
Method: expireSessions
Author: Paul Bramscher
Last Modified: 10.9.2001
***********************************************************
Comments:
This function is called periodically to cull expired
sessions from the table.  It ought to be called in tandem
with any 
**********************************************************/
function expireSessions() {
        $con_session = $this->con_session;

        // Fetch current microtime
        $time_unix = $this->getmicrotime();

        $sql = "DELETE FROM session where time_expire < " . $time_unix;
        
        if (!mysql_query($sql, $con_session)){
                sql_err($con_session);
                mysql_query ("UNLOCK TABLES", $con_session);
                bailout();
        }
        else {          
                mysql_query("UNLOCK TABLES", $con_session);
        }
} // end of function
} // end of class
?>
1	dpavlin	31	<?php
2			class sessionClass {
3
4			/**********************************************************
5			sessionClass Properties
6			Author: Paul Bramscher
7			Last Modified: 10.29.2002
8			***********************************************************
9			Comments:
10			For documentation, see separate Word-format .DOC file.
11			**********************************************************/
12			var $con_session;
13			var $result_session;
14			var $user_ip;
15			var $staff_account;
16			var $session_id;
17			var $valid;
18			var $time_human;
19			var $time_unix;
20			var $time_expire;
21
22			// Default session duration parameters
23			var $default_duration = 120;
24			var $max_duration = 43200;
25
26			// Database variables
27			var $db_session = "libsession";
28	dpavlin	67	var $db_session_srv = "yourlibrary.edu";
29	dpavlin	31	var $db_session_usr = "libsession";
30	dpavlin	67	var $db_session_pwd = "ch4ngeME";
31	dpavlin	31
32
33			/**********************************************************
34			Constructor Method: sessionClass
35			Author: Paul Bramscher
36			Last Modified: 10.29.2002
37			***********************************************************
38			Comments:
39			Generates a unique session ID, fetches the system time and
40			writes it into a table.
41			**********************************************************/
42			function sessionClass($duration, $session_id, $staff_account) {
43
44			// Set the database connection variables
45			$this->con_session = @mysql_connect ( $this->db_session_srv, $this->db_session_usr, $this->db_session_pwd )
46			or die ( "ERROR: Could not connect to database server!" );
47			$this->result_session = mysql_select_db ( $this->db_session, $this->con_session )
48			or die ( "ERROR: Could not connect to database!" );
49
50			// Fetch user ip
51			$user_ip = $GLOBALS["REMOTE_ADDR"];
52
53			// Determine whether to generate a new session
54			If ($session_id == "" && strlen($staff_account) > 0) {
55
56			// Generate a session ID and store it
57			$this->session_id = $this->generateSessionID();
58			$session_id = $this->session_id;
59
60			// Fetch a unix microsecond timestamp
61			$time_unix = $this->getmicrotime();
62
63			// Attempt to use a non-default session duration
64			if ( (float) $duration > 0) {
65			if ( (float) $duration > $this->max_duration) $duration = $this->max_duration;
66			$time_expire = (float) $duration + (float) $time_unix;
67			}
68			// Otherwise use the default duration
69			else $time_expire = (float) $this->default_duration + (float) $time_unix;
70
71			// Calculate human-readable and mySQL-friendly date-time format
72			$time_convert = getdate($time_unix);
73			$mon = $time_convert[mon];
74			$mday = $time_convert[mday];
75			$year = $time_convert[year];
76			$hours = $time_convert[hours];
77			$minutes = $time_convert[minutes];
78			$seconds = $time_convert[seconds];
79
80			// Back-fill in case we have single-digits.
81			if (strlen($mday) < 2) $mday = "0" . $mday;
82			if (strlen($mon) < 2) $mon = "0" . $mon;
83			if (strlen($hours) < 2) $hours = "0" . $hours;
84			if (strlen($minutes) < 2) $minutes = "0" . $minutes;
85			if (strlen($seconds) < 2) $seconds = "0" . $seconds;
86
87			// Generate a mySQL-friendly stamp
88			$time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds;
89
90			// Build the SQL line to insert it into the database
91			$sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) VALUES ('"
92			. $staff_account
93			. "', '"
94			. $user_ip
95			. "', '"
96			. $session_id
97			. "', '"
98			. $time_human
99			. "', '"
100			. $time_unix
101			. "', '"
102			. $time_expire
103			. "')";
104
105			// mysql_query ("LOCK TABLE session WRITE", $this->con_session);
106			if (!mysql_query($sql, $this->con_session)){
107			mysql_query ("UNLOCK TABLES", $this->con_session);
108			$this->bailout();
109			}
110			else {
111			mysql_query("UNLOCK TABLES", $this->con_session);
112			}
113
114
115			// Set the client libsession cookie. Expiration equals expiration in the database
116			setcookie ("libsession", $session_id, $time_expire); /* expire in 1 hour */
117
118
119			} // finished generating a new session
120
121
122			// Whether or not this is a new session, set the object properties
123			$this->setProperties($session_id, $user_ip);
124			}
125
126
127			/**********************************************************
128			Method: bailout
129			Author: Paul Bramscher
130			Last Modified: 10.04.2001
131			***********************************************************
132			Comments:
133			Attempt to gracefully finish out HTML in the event of a
134			severe mySQL database problem.
135			**********************************************************/
136			function bailout() {
137			die ( "Bailing Out!<br>\n</body></html>\n" );
138			}
139
140
141			/**********************************************************
142			Method: getmicrotime
143			Author: http://www.php.net microtime example
144			Last Modified: 10.04.2001
145			***********************************************************
146			Comments:
147			Displays a Unix timestamp of the number of seconds
148			elapsed from 0:00:00 January 1, 1970 GMT
149			**********************************************************/
150			function getmicrotime(){
151			list($usec, $sec) = explode(" ",microtime());
152			return ((float)$usec + (float)$sec);
153			}
154
155
156			/**********************************************************
157			Method: secondsRemaining
158			Author: Paul Bramscher
159			Last Modified: 10.09.2001
160			***********************************************************
161			Comments:
162			Returns the number of seconds remaining for this
163			session before expiration.
164			**********************************************************/
165			function secondsRemaining(){
166			return (float) $this->time_expire - (float) $this->getmicrotime();
167			}
168
169			/**********************************************************
170			Method: generateSessionID
171			Author: Paul Bramscher
172			Last Modified: 10.04.2001
173			***********************************************************
174			Comments:
175			Seeds a random number generator with the system time
176			and generates a md5 hash value. The value is confirmed
177			against the session table in the rare instance it
178			already exists. If so, another attempt is made.
179			**********************************************************/
180			function generateSessionID() {
181			$con_session = $this->con_session;
182
183			// Seed with current time & generate the md5 hash
184			mt_srand((double)microtime()*1000000);
185			$hash = md5(mt_rand(0,9999));
186
187			// Variable declarations
188			$duplicate = 1;
189
190			// The SQL
191			$sql = "SELECT * FROM session where session_id = '" . $hash . "'";
192			$rs = mysql_query($sql, $con_session);
193			$duplicate = mysql_num_rows($rs);
194			if ($duplicate > 0) {
195			$duplicate = 1;
196			$hash = "0";
197			}
198
199			return $hash;
200			}
201
202
203			/**********************************************************
204			Method: setProperties
205			Author: Paul Bramscher
206			Last Modified: 10.9.2001
207			***********************************************************
208			Comments:
209			This member function sets the $valid, $time_human,
210			$time_unix, and $500_id properties of an instantiation of the
211			sessionClass object. It is called whenever the class is
212			instantiated, either immediately after creating a new
213			session, or testing an existing session ID.
214			**********************************************************/
215			function setProperties($session_id, $user_ip) {
216
217			// Collect some important values
218			$con_session = $this->con_session;
219
220			// Pure all expired sessions
221			$this->expireSessions();
222
223			// Assume this is an invalid session
224			$valid = 0;
225
226			// Generate the SQL
227			$sql = "SELECT * from session where session_id = '"
228			. $session_id
229			. "' AND user_ip = '"
230			. $user_ip
231			."'";
232			$rs = mysql_query($sql, $con_session);
233			$valid = mysql_num_rows($rs);
234			$row = mysql_fetch_array ($rs);
235			$time_human = $row["time_human"];
236			$time_unix = $row["time_unix"];
237			$time_expire = $row["time_expire"];
238			$session_id = $row["session_id"];
239			$staff_account = $row["staff_account"];
240
241			// Valid session, load all of the member properties.
242			if ($valid > 0) {
243			$this->valid = 1;
244			$this->time_human = $time_human;
245			$this->time_unix = $time_unix;
246			$this->time_expire = $time_expire;
247			$this->user_ip = $user_ip;
248			$this->session_id = $session_id;
249			$this->staff_account = $staff_account;
250			}
251			// Expired or invalid. Reset all of the member properties.
252			else {
253			$this->valid = 0;
254			$this->time_human = "";
255			$this->time_unix = "";
256			$this->time_expire = "";
257			$this->staff_account = "";
258			$this->user_ip = "";
259			$this->session_id = "";
260			}
261			}
262
263
264			/**********************************************************
265			Method: logoutSessionID
266			Author: Paul Bramscher
267			Last Modified: 10.09.2001
268			***********************************************************
269			Comments:
270			When a user decides to logout, the session ID is deleted
271			from the session table.
272			**********************************************************/
273			function logoutSessionID() {
274
275			// Initialize
276			$con_session = $this->con_session;
277
278			// Fetch user ip
279			$user_ip = $GLOBALS["REMOTE_ADDR"];
280
281			// Continue only if the current IP matches the object IP, and the
282			// session is currently valid.
283			if ($user_ip == $this->user_ip && $this->valid == 1) {
284
285			// Get the object's session_id
286			$session_id = $this->session_id;
287
288			// Build the SQL line to delete
289			$sql = "DELETE FROM session WHERE session_id = '"
290			. $session_id
291			. "' AND user_ip = '"
292			. $user_ip
293			. "'";
294
295			//mysql_query ("LOCK TABLE session WRITE", $con_session);
296			if (!mysql_query($sql, $con_session)){
297			mysql_query ("UNLOCK TABLES", $con_session);
298			$this->bailout();
299			}
300			else {
301			mysql_query("UNLOCK TABLES", $con_session);
302			$this->setProperties($session_id, $user_ip);
303			}
304
305
306			// Kill the client-side cookie, set expiration equal to an hour ago.
307			setcookie ("libsession", "", time() - 3600);
308
309			}
310
311			}
312
313
314			/**********************************************************
315			Method: expireSessions
316			Author: Paul Bramscher
317			Last Modified: 10.9.2001
318			***********************************************************
319			Comments:
320			This function is called periodically to cull expired
321			sessions from the table. It ought to be called in tandem
322			with any
323			**********************************************************/
324			function expireSessions() {
325			$con_session = $this->con_session;
326
327			// Fetch current microtime
328			$time_unix = $this->getmicrotime();
329
330			$sql = "DELETE FROM session where time_expire < " . $time_unix;
331
332			if (!mysql_query($sql, $con_session)){
333			sql_err($con_session);
334			mysql_query ("UNLOCK TABLES", $con_session);
335			bailout();
336			}
337			else {
338			mysql_query("UNLOCK TABLES", $con_session);
339			}
340			} // end of function
341			} // end of class
342			?>