admin/include/sessionClass.php

<?php
class sessionClass {

/**********************************************************
sessionClass Properties
Author: Paul Bramscher
Last Modified: 10.29.2002
***********************************************************
Comments:
For documentation, see separate Word-format .DOC file.
**********************************************************/
var $con_session;
var $result_session;
var $user_ip;
var $staff_account;
var $session_id;
var $valid;
var $time_human;
var $time_unix;
var $time_expire;

// Default session duration parameters
var $default_duration = 120;
var $max_duration = 43200;

// Database variables
#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession';
var $session_dsn = 'pgsql://dpavlin@/libdata';


/**********************************************************
Constructor Method: sessionClass
Author: Paul Bramscher
Last Modified: 10.29.2002
***********************************************************
Comments:
Generates a unique session ID, fetches the system time and
writes it into a table.
**********************************************************/
function sessionClass($duration, $session_id, $staff_account) {

        // Set the database connection variables
        global $dsn_options;
        $this->con_session =& DB::connect($this->session_dsn, $dsn_options);
        if (DB::isError($db)) {
                # XXX remove this!
                print $db->getDebugInfo();
                
                die($db->getMessage());
        }
                
        // Fetch user ip
        $user_ip = $GLOBALS["REMOTE_ADDR"];

        // Determine whether to generate a new session
        If ($session_id == "" && strlen($staff_account) > 0) {

                // Generate a session ID and store it
                $this->session_id = $this->generateSessionID();
                $session_id = $this->session_id;
                
                // Fetch a unix microsecond timestamp
                $time_unix = $this->getmicrotime();
                
                // Attempt to use a non-default session duration
                if ( (float) $duration > 0) {
                        if ( (float) $duration > $this->max_duration) $duration = $this->max_duration;
                        $time_expire = (float) $duration + (float) $time_unix;
                }
                // Otherwise use the default duration
                else $time_expire = (float) $this->default_duration + (float) $time_unix;

                // Calculate human-readable and mySQL-friendly date-time format
                $time_convert = getdate($time_unix);
                $mon = $time_convert[mon];                          
                $mday = $time_convert[mday];                        
                $year = $time_convert[year];
                $hours = $time_convert[hours];                        
                $minutes = $time_convert[minutes];
                $seconds = $time_convert[seconds];
        
                // Back-fill in case we have single-digits.      
                if (strlen($mday) < 2) $mday = "0" . $mday;
                if (strlen($mon) < 2) $mon = "0" . $mon;
                if (strlen($hours) < 2) $hours = "0" . $hours;   
                if (strlen($minutes) < 2) $minutes = "0" . $minutes;
                if (strlen($seconds) < 2) $seconds = "0" . $seconds;
        
                // Generate a mySQL-friendly stamp
                $time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds;
                
                // Build the SQL line to insert it into the database
                $sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) VALUES ('"
                        . $staff_account
                        . "', '"
                        . $user_ip
                        . "', '"
                        . $session_id
                        . "', '"
                        . $time_human
                        . "', '"
                        . $time_unix
                        . "', '"
                        . $time_expire  
                        . "')";
                
                // xx_query ("LOCK TABLE session WRITE", $this->con_session);
                if (!xx_query($sql, $this->con_session)){
                        xx_query ("UNLOCK TABLES", $this->con_session);
                        $this->bailout();
                }
                else {
                        xx_query("UNLOCK TABLES", $this->con_session);
                }


                // Set the client libsession cookie.  Expiration equals expiration in the database
                setcookie ("libsession", $session_id, $time_expire);  /* expire in 1 hour */


        } // finished generating a new session
        

        // Whether or not this is a new session, set the object properties
        $this->setProperties($session_id, $user_ip);
}


/**********************************************************
Method: bailout
Author: Paul Bramscher
Last Modified: 10.04.2001
***********************************************************
Comments:
Attempt to gracefully finish out HTML in the event of a
severe mySQL database problem.
**********************************************************/
function bailout() {
        die ( "Bailing Out!<br>\n</body></html>\n" );
}


/**********************************************************
Method: getmicrotime
Author: http://www.php.net microtime example
Last Modified: 10.04.2001
***********************************************************
Comments:
Displays a Unix timestamp of the number of seconds
elapsed from 0:00:00 January 1, 1970 GMT
**********************************************************/
function getmicrotime(){ 
        list($usec, $sec) = explode(" ",microtime()); 
        return ((float)$usec + (float)$sec); 
} 


/**********************************************************
Method: secondsRemaining
Author: Paul Bramscher
Last Modified: 10.09.2001
***********************************************************
Comments:
Returns the number of seconds remaining for this
session before expiration.
**********************************************************/
function secondsRemaining(){ 
        return (float) $this->time_expire - (float) $this->getmicrotime();
} 

/**********************************************************
Method: generateSessionID
Author: Paul Bramscher
Last Modified: 10.04.2001
***********************************************************
Comments:
Seeds a random number generator with the system time
and generates a md5 hash value.  The value is confirmed
against the session table in the rare instance it
already exists.  If so, another attempt is made.
**********************************************************/
function generateSessionID() {
        $con_session = $this->con_session;

        // Seed with current time & generate the md5 hash
        mt_srand((double)microtime()*1000000);
        $hash = md5(mt_rand(0,9999));
        
        // Variable declarations
        $duplicate = 1;

        // The SQL
        $sql = "SELECT * FROM session where session_id = '" . $hash . "'";
        $rs = xx_query($sql, $con_session);
        $duplicate = xx_num_rows($rs);
        if ($duplicate > 0) {
                $duplicate = 1;
                $hash = "0";
        }
        
        return $hash;
}


/**********************************************************
Method: setProperties
Author: Paul Bramscher
Last Modified: 10.9.2001
***********************************************************
Comments:
This member function sets the $valid, $time_human,
$time_unix, and $500_id properties of an instantiation of the
sessionClass object.  It is called whenever the class is
instantiated, either immediately after creating a new
session, or testing an existing session ID.
**********************************************************/
function setProperties($session_id, $user_ip) {

        // Collect some important values
        $con_session = $this->con_session;
        
        // Pure all expired sessions
        $this->expireSessions();
        
        // Assume this is an invalid session
        $valid = 0;
        
        // Generate the SQL
        $sql = "SELECT * from session where session_id = '"
                . $session_id
                . "' AND user_ip = '"
                . $user_ip
                ."'";
        $rs = xx_query($sql, $con_session);
        $valid = xx_num_rows($rs);
        $row = xx_fetch_array ($rs);
        $time_human = $row["time_human"];
        $time_unix = $row["time_unix"];
        $time_expire = $row["time_expire"];
        $session_id = $row["session_id"];
        $staff_account = $row["staff_account"];

        // Valid session, load all of the member properties.
        if ($valid > 0) {
                $this->valid = 1;
                $this->time_human = $time_human;
                $this->time_unix = $time_unix;
                $this->time_expire = $time_expire;
                $this->user_ip = $user_ip;
                $this->session_id = $session_id;
                $this->staff_account = $staff_account;
        }
        // Expired or invalid.  Reset all of the member properties.
        else {
                $this->valid = 0;
                $this->time_human = "";
                $this->time_unix = "";
                $this->time_expire = "";
                $this->staff_account = "";
                $this->user_ip = "";
                $this->session_id = "";
        }
}


/**********************************************************
Method: logoutSessionID
Author: Paul Bramscher
Last Modified: 10.09.2001
***********************************************************
Comments:
When a user decides to logout, the session ID is deleted
from the session table.
**********************************************************/
function logoutSessionID() {

        // Initialize
        $con_session = $this->con_session;

        // Fetch user ip
        $user_ip = $GLOBALS["REMOTE_ADDR"];

        // Continue only if the current IP matches the object IP, and the
        // session is currently valid.
        if ($user_ip == $this->user_ip && $this->valid == 1) {
        
                // Get the object's session_id
                $session_id = $this->session_id;

                // Build the SQL line to delete
                $sql = "DELETE FROM session WHERE session_id = '"
                        . $session_id
                        . "' AND user_ip = '"
                        . $user_ip
                        . "'";

                //xx_query ("LOCK TABLE session WRITE", $con_session);
                if (!xx_query($sql, $con_session)){
                        xx_query ("UNLOCK TABLES", $con_session);
                        $this->bailout();
                }
                else {
                        xx_query("UNLOCK TABLES", $con_session);
                        $this->setProperties($session_id, $user_ip);
                }
                
                
                // Kill the client-side cookie, set expiration equal to an hour ago.
                setcookie ("libsession", "", time() - 3600);
                
        }
        
}


/**********************************************************
Method: expireSessions
Author: Paul Bramscher
Last Modified: 10.9.2001
***********************************************************
Comments:
This function is called periodically to cull expired
sessions from the table.  It ought to be called in tandem
with any 
**********************************************************/
function expireSessions() {
        $con_session = $this->con_session;

        // Fetch current microtime
        $time_unix = $this->getmicrotime();

        $sql = "DELETE FROM session where time_expire < " . $time_unix;
        
        if (!xx_query($sql, $con_session)){
                sql_err($con_session);
                xx_query ("UNLOCK TABLES", $con_session);
                bailout();
        }
        else {          
                xx_query("UNLOCK TABLES", $con_session);
        }
} // end of function
} // end of class
?>
1	dpavlin	31	<?php
2			class sessionClass {
3
4			/**********************************************************
5			sessionClass Properties
6			Author: Paul Bramscher
7			Last Modified: 10.29.2002
8			***********************************************************
9			Comments:
10			For documentation, see separate Word-format .DOC file.
11			**********************************************************/
12			var $con_session;
13			var $result_session;
14			var $user_ip;
15			var $staff_account;
16			var $session_id;
17			var $valid;
18			var $time_human;
19			var $time_unix;
20			var $time_expire;
21
22			// Default session duration parameters
23			var $default_duration = 120;
24			var $max_duration = 43200;
25
26			// Database variables
27	dpavlin	50	#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession';
28			var $session_dsn = 'pgsql://dpavlin@/libdata';
29	dpavlin	31
30
31			/**********************************************************
32			Constructor Method: sessionClass
33			Author: Paul Bramscher
34			Last Modified: 10.29.2002
35			***********************************************************
36			Comments:
37			Generates a unique session ID, fetches the system time and
38			writes it into a table.
39			**********************************************************/
40			function sessionClass($duration, $session_id, $staff_account) {
41
42	dpavlin	50	// Set the database connection variables
43			global $dsn_options;
44			$this->con_session =& DB::connect($this->session_dsn, $dsn_options);
45			if (DB::isError($db)) {
46			# XXX remove this!
47			print $db->getDebugInfo();
48	dpavlin	31
49	dpavlin	50	die($db->getMessage());
50			}
51
52	dpavlin	31	// Fetch user ip
53			$user_ip = $GLOBALS["REMOTE_ADDR"];
54
55			// Determine whether to generate a new session
56			If ($session_id == "" && strlen($staff_account) > 0) {
57
58			// Generate a session ID and store it
59			$this->session_id = $this->generateSessionID();
60			$session_id = $this->session_id;
61
62			// Fetch a unix microsecond timestamp
63			$time_unix = $this->getmicrotime();
64
65			// Attempt to use a non-default session duration
66			if ( (float) $duration > 0) {
67			if ( (float) $duration > $this->max_duration) $duration = $this->max_duration;
68			$time_expire = (float) $duration + (float) $time_unix;
69			}
70			// Otherwise use the default duration
71			else $time_expire = (float) $this->default_duration + (float) $time_unix;
72
73			// Calculate human-readable and mySQL-friendly date-time format
74			$time_convert = getdate($time_unix);
75			$mon = $time_convert[mon];
76			$mday = $time_convert[mday];
77			$year = $time_convert[year];
78			$hours = $time_convert[hours];
79			$minutes = $time_convert[minutes];
80			$seconds = $time_convert[seconds];
81
82			// Back-fill in case we have single-digits.
83			if (strlen($mday) < 2) $mday = "0" . $mday;
84			if (strlen($mon) < 2) $mon = "0" . $mon;
85			if (strlen($hours) < 2) $hours = "0" . $hours;
86			if (strlen($minutes) < 2) $minutes = "0" . $minutes;
87			if (strlen($seconds) < 2) $seconds = "0" . $seconds;
88
89			// Generate a mySQL-friendly stamp
90			$time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds;
91
92			// Build the SQL line to insert it into the database
93			$sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) VALUES ('"
94			. $staff_account
95			. "', '"
96			. $user_ip
97			. "', '"
98			. $session_id
99			. "', '"
100			. $time_human
101			. "', '"
102			. $time_unix
103			. "', '"
104			. $time_expire
105			. "')";
106
107	dpavlin	50	// xx_query ("LOCK TABLE session WRITE", $this->con_session);
108			if (!xx_query($sql, $this->con_session)){
109			xx_query ("UNLOCK TABLES", $this->con_session);
110	dpavlin	31	$this->bailout();
111			}
112			else {
113	dpavlin	50	xx_query("UNLOCK TABLES", $this->con_session);
114	dpavlin	31	}
115
116
117			// Set the client libsession cookie. Expiration equals expiration in the database
118			setcookie ("libsession", $session_id, $time_expire); /* expire in 1 hour */
119
120
121			} // finished generating a new session
122
123
124			// Whether or not this is a new session, set the object properties
125			$this->setProperties($session_id, $user_ip);
126			}
127
128
129			/**********************************************************
130			Method: bailout
131			Author: Paul Bramscher
132			Last Modified: 10.04.2001
133			***********************************************************
134			Comments:
135			Attempt to gracefully finish out HTML in the event of a
136			severe mySQL database problem.
137			**********************************************************/
138			function bailout() {
139			die ( "Bailing Out!<br>\n</body></html>\n" );
140			}
141
142
143			/**********************************************************
144			Method: getmicrotime
145			Author: http://www.php.net microtime example
146			Last Modified: 10.04.2001
147			***********************************************************
148			Comments:
149			Displays a Unix timestamp of the number of seconds
150			elapsed from 0:00:00 January 1, 1970 GMT
151			**********************************************************/
152			function getmicrotime(){
153			list($usec, $sec) = explode(" ",microtime());
154			return ((float)$usec + (float)$sec);
155			}
156
157
158			/**********************************************************
159			Method: secondsRemaining
160			Author: Paul Bramscher
161			Last Modified: 10.09.2001
162			***********************************************************
163			Comments:
164			Returns the number of seconds remaining for this
165			session before expiration.
166			**********************************************************/
167			function secondsRemaining(){
168			return (float) $this->time_expire - (float) $this->getmicrotime();
169			}
170
171			/**********************************************************
172			Method: generateSessionID
173			Author: Paul Bramscher
174			Last Modified: 10.04.2001
175			***********************************************************
176			Comments:
177			Seeds a random number generator with the system time
178			and generates a md5 hash value. The value is confirmed
179			against the session table in the rare instance it
180			already exists. If so, another attempt is made.
181			**********************************************************/
182			function generateSessionID() {
183			$con_session = $this->con_session;
184
185			// Seed with current time & generate the md5 hash
186			mt_srand((double)microtime()*1000000);
187			$hash = md5(mt_rand(0,9999));
188
189			// Variable declarations
190			$duplicate = 1;
191
192			// The SQL
193			$sql = "SELECT * FROM session where session_id = '" . $hash . "'";
194	dpavlin	50	$rs = xx_query($sql, $con_session);
195			$duplicate = xx_num_rows($rs);
196	dpavlin	31	if ($duplicate > 0) {
197			$duplicate = 1;
198			$hash = "0";
199			}
200
201			return $hash;
202			}
203
204
205			/**********************************************************
206			Method: setProperties
207			Author: Paul Bramscher
208			Last Modified: 10.9.2001
209			***********************************************************
210			Comments:
211			This member function sets the $valid, $time_human,
212			$time_unix, and $500_id properties of an instantiation of the
213			sessionClass object. It is called whenever the class is
214			instantiated, either immediately after creating a new
215			session, or testing an existing session ID.
216			**********************************************************/
217			function setProperties($session_id, $user_ip) {
218
219			// Collect some important values
220			$con_session = $this->con_session;
221
222			// Pure all expired sessions
223			$this->expireSessions();
224
225			// Assume this is an invalid session
226			$valid = 0;
227
228			// Generate the SQL
229			$sql = "SELECT * from session where session_id = '"
230			. $session_id
231			. "' AND user_ip = '"
232			. $user_ip
233			."'";
234	dpavlin	50	$rs = xx_query($sql, $con_session);
235			$valid = xx_num_rows($rs);
236			$row = xx_fetch_array ($rs);
237	dpavlin	31	$time_human = $row["time_human"];
238			$time_unix = $row["time_unix"];
239			$time_expire = $row["time_expire"];
240			$session_id = $row["session_id"];
241			$staff_account = $row["staff_account"];
242
243			// Valid session, load all of the member properties.
244			if ($valid > 0) {
245			$this->valid = 1;
246			$this->time_human = $time_human;
247			$this->time_unix = $time_unix;
248			$this->time_expire = $time_expire;
249			$this->user_ip = $user_ip;
250			$this->session_id = $session_id;
251			$this->staff_account = $staff_account;
252			}
253			// Expired or invalid. Reset all of the member properties.
254			else {
255			$this->valid = 0;
256			$this->time_human = "";
257			$this->time_unix = "";
258			$this->time_expire = "";
259			$this->staff_account = "";
260			$this->user_ip = "";
261			$this->session_id = "";
262			}
263			}
264
265
266			/**********************************************************
267			Method: logoutSessionID
268			Author: Paul Bramscher
269			Last Modified: 10.09.2001
270			***********************************************************
271			Comments:
272			When a user decides to logout, the session ID is deleted
273			from the session table.
274			**********************************************************/
275			function logoutSessionID() {
276
277			// Initialize
278			$con_session = $this->con_session;
279
280			// Fetch user ip
281			$user_ip = $GLOBALS["REMOTE_ADDR"];
282
283			// Continue only if the current IP matches the object IP, and the
284			// session is currently valid.
285			if ($user_ip == $this->user_ip && $this->valid == 1) {
286
287			// Get the object's session_id
288			$session_id = $this->session_id;
289
290			// Build the SQL line to delete
291			$sql = "DELETE FROM session WHERE session_id = '"
292			. $session_id
293			. "' AND user_ip = '"
294			. $user_ip
295			. "'";
296
297	dpavlin	50	//xx_query ("LOCK TABLE session WRITE", $con_session);
298			if (!xx_query($sql, $con_session)){
299			xx_query ("UNLOCK TABLES", $con_session);
300	dpavlin	31	$this->bailout();
301			}
302			else {
303	dpavlin	50	xx_query("UNLOCK TABLES", $con_session);
304	dpavlin	31	$this->setProperties($session_id, $user_ip);
305			}
306
307
308			// Kill the client-side cookie, set expiration equal to an hour ago.
309			setcookie ("libsession", "", time() - 3600);
310
311			}
312
313			}
314
315
316			/**********************************************************
317			Method: expireSessions
318			Author: Paul Bramscher
319			Last Modified: 10.9.2001
320			***********************************************************
321			Comments:
322			This function is called periodically to cull expired
323			sessions from the table. It ought to be called in tandem
324			with any
325			**********************************************************/
326			function expireSessions() {
327			$con_session = $this->con_session;
328
329			// Fetch current microtime
330			$time_unix = $this->getmicrotime();
331
332			$sql = "DELETE FROM session where time_expire < " . $time_unix;
333
334	dpavlin	50	if (!xx_query($sql, $con_session)){
335	dpavlin	31	sql_err($con_session);
336	dpavlin	50	xx_query ("UNLOCK TABLES", $con_session);
337	dpavlin	31	bailout();
338			}
339			else {
340	dpavlin	50	xx_query("UNLOCK TABLES", $con_session);
341	dpavlin	31	}
342			} // end of function
343			} // end of class
344			?>