admin/include/sessionClass.php

<?php
class sessionClass {

/**********************************************************
sessionClass Properties
Author: Paul Bramscher
Last Modified: 10.29.2002
***********************************************************
Comments:
For documentation, see separate Word-format .DOC file.
**********************************************************/
var $con_session;
var $result_session;
var $user_ip;
var $staff_account;
var $session_id;
var $valid;
var $time_human;
var $time_unix;
var $time_expire;

// Default session duration parameters
var $default_duration = 120;
var $max_duration = 43200;

// Database variables
#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession';
var $session_dsn = 'pgsql://dpavlin@/libdata';


/**********************************************************
Constructor Method: sessionClass
Author: Paul Bramscher
Last Modified: 10.29.2002
***********************************************************
Comments:
Generates a unique session ID, fetches the system time and
writes it into a table.
**********************************************************/
function sessionClass($duration, $session_id, $staff_account) {

        // Set the database connection variables
        global $dsn_options;
        $this->con_session =& DB::connect($this->session_dsn, $dsn_options);
        if (DB::isError($db)) {
                # XXX remove this!
                print $db->getDebugInfo();
                
                die($db->getMessage());
        }
                
        // Fetch user ip
        $user_ip = $GLOBALS["REMOTE_ADDR"];

        // Determine whether to generate a new session
        If ($session_id == "" && strlen($staff_account) > 0) {

                // Generate a session ID and store it
                $this->session_id = $this->generateSessionID();
                $session_id = $this->session_id;
                
                // Fetch a unix microsecond timestamp
                $time_unix = $this->getmicrotime();
                
                // Attempt to use a non-default session duration
                if ( (float) $duration > 0) {
                        if ( (float) $duration > $this->max_duration) $duration = $this->max_duration;
                        $time_expire = (float) $duration + (float) $time_unix;
                }
                // Otherwise use the default duration
                else $time_expire = (float) $this->default_duration + (float) $time_unix;

                // Calculate human-readable and mySQL-friendly date-time format
                $time_convert = getdate($time_unix);
                $mon = $time_convert[mon];                          
                $mday = $time_convert[mday];                        
                $year = $time_convert[year];
                $hours = $time_convert[hours];                        
                $minutes = $time_convert[minutes];
                $seconds = $time_convert[seconds];
        
                // Back-fill in case we have single-digits.      
                if (strlen($mday) < 2) $mday = "0" . $mday;
                if (strlen($mon) < 2) $mon = "0" . $mon;
                if (strlen($hours) < 2) $hours = "0" . $hours;   
                if (strlen($minutes) < 2) $minutes = "0" . $minutes;
                if (strlen($seconds) < 2) $seconds = "0" . $seconds;
        
                // Generate a mySQL-friendly stamp
                $time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds;
                
                // Build the SQL line to insert it into the database
                $sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) VALUES ('"
                        . $staff_account
                        . "', '"
                        . $user_ip
                        . "', '"
                        . $session_id
                        . "', '"
                        . $time_human
                        . "', '"
                        . $time_unix
                        . "', '"
                        . $time_expire  
                        . "')";
                
                // xx_query ("LOCK TABLE session WRITE", $this->con_session);
                if (!xx_query($sql, $this->con_session)){
                        xx_query ("UNLOCK TABLES", $this->con_session);
                        $this->bailout();
                }
                else {
                        xx_query("UNLOCK TABLES", $this->con_session);
                }


                // Set the client libsession cookie.  Expiration equals expiration in the database
                setcookie ("libsession", $session_id, $time_expire);  /* expire in 1 hour */


        } // finished generating a new session
        

        // Whether or not this is a new session, set the object properties
        $this->setProperties($session_id, $user_ip);
}


/**********************************************************
Method: bailout
Author: Paul Bramscher
Last Modified: 10.04.2001
***********************************************************
Comments:
Attempt to gracefully finish out HTML in the event of a
severe mySQL database problem.
**********************************************************/
function bailout() {
        die ( "Bailing Out!<br>\n</body></html>\n" );
}


/**********************************************************
Method: getmicrotime
Author: http://www.php.net microtime example
Last Modified: 10.04.2001
***********************************************************
Comments:
Displays a Unix timestamp of the number of seconds
elapsed from 0:00:00 January 1, 1970 GMT
**********************************************************/
function getmicrotime(){ 
        list($usec, $sec) = explode(" ",microtime()); 
        return ((float)$usec + (float)$sec); 
} 


/**********************************************************
Method: secondsRemaining
Author: Paul Bramscher
Last Modified: 10.09.2001
***********************************************************
Comments:
Returns the number of seconds remaining for this
session before expiration.
**********************************************************/
function secondsRemaining(){ 
        return (float) $this->time_expire - (float) $this->getmicrotime();
} 

/**********************************************************
Method: generateSessionID
Author: Paul Bramscher
Last Modified: 10.04.2001
***********************************************************
Comments:
Seeds a random number generator with the system time
and generates a md5 hash value.  The value is confirmed
against the session table in the rare instance it
already exists.  If so, another attempt is made.
**********************************************************/
function generateSessionID() {
        $con_session = $this->con_session;

        // Seed with current time & generate the md5 hash
        mt_srand((double)microtime()*1000000);
        $hash = md5(mt_rand(0,9999));
        
        // Variable declarations
        $duplicate = 1;

        // The SQL
        $sql = "SELECT * FROM session where session_id = '" . $hash . "'";
        $rs = xx_query($sql, $con_session);
        $duplicate = xx_num_rows($rs);
        if ($duplicate > 0) {
                $duplicate = 1;
                $hash = "0";
        }
        
        return $hash;
}


/**********************************************************
Method: setProperties
Author: Paul Bramscher
Last Modified: 10.9.2001
***********************************************************
Comments:
This member function sets the $valid, $time_human,
$time_unix, and $500_id properties of an instantiation of the
sessionClass object.  It is called whenever the class is
instantiated, either immediately after creating a new
session, or testing an existing session ID.
**********************************************************/
function setProperties($session_id, $user_ip) {

        // Collect some important values
        $con_session = $this->con_session;
        
        // Pure all expired sessions
        $this->expireSessions();
        
        // Assume this is an invalid session
        $valid = 0;
        
        // Generate the SQL
        $sql = "SELECT * from session where session_id = '"
                . $session_id
                . "' AND user_ip = '"
                . $user_ip
                ."'";
        $rs = xx_query($sql, $con_session);
        $valid = xx_num_rows($rs);
        $row = xx_fetch_array ($rs);
        $time_human = $row["time_human"];
        $time_unix = $row["time_unix"];
        $time_expire = $row["time_expire"];
        $session_id = $row["session_id"];
        $staff_account = $row["staff_account"];

        // Valid session, load all of the member properties.
        if ($valid > 0) {
                $this->valid = 1;
                $this->time_human = $time_human;
                $this->time_unix = $time_unix;
                $this->time_expire = $time_expire;
                $this->user_ip = $user_ip;
                $this->session_id = $session_id;
                $this->staff_account = $staff_account;
        }
        // Expired or invalid.  Reset all of the member properties.
        else {
                $this->valid = 0;
                $this->time_human = "";
                $this->time_unix = "";
                $this->time_expire = "";
                $this->staff_account = "";
                $this->user_ip = "";
                $this->session_id = "";
        }
}


/**********************************************************
Method: logoutSessionID
Author: Paul Bramscher
Last Modified: 10.09.2001
***********************************************************
Comments:
When a user decides to logout, the session ID is deleted
from the session table.
**********************************************************/
function logoutSessionID() {

        // Initialize
        $con_session = $this->con_session;

        // Fetch user ip
        $user_ip = $GLOBALS["REMOTE_ADDR"];

        // Continue only if the current IP matches the object IP, and the
        // session is currently valid.
        if ($user_ip == $this->user_ip && $this->valid == 1) {
        
                // Get the object's session_id
                $session_id = $this->session_id;

                // Build the SQL line to delete
                $sql = "DELETE FROM session WHERE session_id = '"
                        . $session_id
                        . "' AND user_ip = '"
                        . $user_ip
                        . "'";

                //xx_query ("LOCK TABLE session WRITE", $con_session);
                if (!xx_query($sql, $con_session)){
                        xx_query ("UNLOCK TABLES", $con_session);
                        $this->bailout();
                }
                else {
                        xx_query("UNLOCK TABLES", $con_session);
                        $this->setProperties($session_id, $user_ip);
                }
                
                
                // Kill the client-side cookie, set expiration equal to an hour ago.
                setcookie ("libsession", "", time() - 3600);
                
        }
        
}


/**********************************************************
Method: expireSessions
Author: Paul Bramscher
Last Modified: 10.9.2001
***********************************************************
Comments:
This function is called periodically to cull expired
sessions from the table.  It ought to be called in tandem
with any 
**********************************************************/
function expireSessions() {
        $con_session = $this->con_session;

        // Fetch current microtime
        $time_unix = $this->getmicrotime();

        $sql = "DELETE FROM session where time_expire < " . $time_unix;
        
        if (!xx_query($sql, $con_session)){
                sql_err($con_session);
                xx_query ("UNLOCK TABLES", $con_session);
                bailout();
        }
        else {          
                xx_query("UNLOCK TABLES", $con_session);
        }
} // end of function
} // end of class
?>
1	<?php
2	class sessionClass {
3
4	/**********************************************************
5	sessionClass Properties
6	Author: Paul Bramscher
7	Last Modified: 10.29.2002
8	***********************************************************
9	Comments:
10	For documentation, see separate Word-format .DOC file.
11	**********************************************************/
12	var $con_session;
13	var $result_session;
14	var $user_ip;
15	var $staff_account;
16	var $session_id;
17	var $valid;
18	var $time_human;
19	var $time_unix;
20	var $time_expire;
21
22	// Default session duration parameters
23	var $default_duration = 120;
24	var $max_duration = 43200;
25
26	// Database variables
27	#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession';
28	var $session_dsn = 'pgsql://dpavlin@/libdata';
29
30
31	/**********************************************************
32	Constructor Method: sessionClass
33	Author: Paul Bramscher
34	Last Modified: 10.29.2002
35	***********************************************************
36	Comments:
37	Generates a unique session ID, fetches the system time and
38	writes it into a table.
39	**********************************************************/
40	function sessionClass($duration, $session_id, $staff_account) {
41
42	// Set the database connection variables
43	global $dsn_options;
44	$this->con_session =& DB::connect($this->session_dsn, $dsn_options);
45	if (DB::isError($db)) {
46	# XXX remove this!
47	print $db->getDebugInfo();
48
49	die($db->getMessage());
50	}
51
52	// Fetch user ip
53	$user_ip = $GLOBALS["REMOTE_ADDR"];
54
55	// Determine whether to generate a new session
56	If ($session_id == "" && strlen($staff_account) > 0) {
57
58	// Generate a session ID and store it
59	$this->session_id = $this->generateSessionID();
60	$session_id = $this->session_id;
61
62	// Fetch a unix microsecond timestamp
63	$time_unix = $this->getmicrotime();
64
65	// Attempt to use a non-default session duration
66	if ( (float) $duration > 0) {
67	if ( (float) $duration > $this->max_duration) $duration = $this->max_duration;
68	$time_expire = (float) $duration + (float) $time_unix;
69	}
70	// Otherwise use the default duration
71	else $time_expire = (float) $this->default_duration + (float) $time_unix;
72
73	// Calculate human-readable and mySQL-friendly date-time format
74	$time_convert = getdate($time_unix);
75	$mon = $time_convert[mon];
76	$mday = $time_convert[mday];
77	$year = $time_convert[year];
78	$hours = $time_convert[hours];
79	$minutes = $time_convert[minutes];
80	$seconds = $time_convert[seconds];
81
82	// Back-fill in case we have single-digits.
83	if (strlen($mday) < 2) $mday = "0" . $mday;
84	if (strlen($mon) < 2) $mon = "0" . $mon;
85	if (strlen($hours) < 2) $hours = "0" . $hours;
86	if (strlen($minutes) < 2) $minutes = "0" . $minutes;
87	if (strlen($seconds) < 2) $seconds = "0" . $seconds;
88
89	// Generate a mySQL-friendly stamp
90	$time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds;
91
92	// Build the SQL line to insert it into the database
93	$sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) VALUES ('"
94	. $staff_account
95	. "', '"
96	. $user_ip
97	. "', '"
98	. $session_id
99	. "', '"
100	. $time_human
101	. "', '"
102	. $time_unix
103	. "', '"
104	. $time_expire
105	. "')";
106
107	// xx_query ("LOCK TABLE session WRITE", $this->con_session);
108	if (!xx_query($sql, $this->con_session)){
109	xx_query ("UNLOCK TABLES", $this->con_session);
110	$this->bailout();
111	}
112	else {
113	xx_query("UNLOCK TABLES", $this->con_session);
114	}
115
116
117	// Set the client libsession cookie. Expiration equals expiration in the database
118	setcookie ("libsession", $session_id, $time_expire); /* expire in 1 hour */
119
120
121	} // finished generating a new session
122
123
124	// Whether or not this is a new session, set the object properties
125	$this->setProperties($session_id, $user_ip);
126	}
127
128
129	/**********************************************************
130	Method: bailout
131	Author: Paul Bramscher
132	Last Modified: 10.04.2001
133	***********************************************************
134	Comments:
135	Attempt to gracefully finish out HTML in the event of a
136	severe mySQL database problem.
137	**********************************************************/
138	function bailout() {
139	die ( "Bailing Out!<br>\n</body></html>\n" );
140	}
141
142
143	/**********************************************************
144	Method: getmicrotime
145	Author: http://www.php.net microtime example
146	Last Modified: 10.04.2001
147	***********************************************************
148	Comments:
149	Displays a Unix timestamp of the number of seconds
150	elapsed from 0:00:00 January 1, 1970 GMT
151	**********************************************************/
152	function getmicrotime(){
153	list($usec, $sec) = explode(" ",microtime());
154	return ((float)$usec + (float)$sec);
155	}
156
157
158	/**********************************************************
159	Method: secondsRemaining
160	Author: Paul Bramscher
161	Last Modified: 10.09.2001
162	***********************************************************
163	Comments:
164	Returns the number of seconds remaining for this
165	session before expiration.
166	**********************************************************/
167	function secondsRemaining(){
168	return (float) $this->time_expire - (float) $this->getmicrotime();
169	}
170
171	/**********************************************************
172	Method: generateSessionID
173	Author: Paul Bramscher
174	Last Modified: 10.04.2001
175	***********************************************************
176	Comments:
177	Seeds a random number generator with the system time
178	and generates a md5 hash value. The value is confirmed
179	against the session table in the rare instance it
180	already exists. If so, another attempt is made.
181	**********************************************************/
182	function generateSessionID() {
183	$con_session = $this->con_session;
184
185	// Seed with current time & generate the md5 hash
186	mt_srand((double)microtime()*1000000);
187	$hash = md5(mt_rand(0,9999));
188
189	// Variable declarations
190	$duplicate = 1;
191
192	// The SQL
193	$sql = "SELECT * FROM session where session_id = '" . $hash . "'";
194	$rs = xx_query($sql, $con_session);
195	$duplicate = xx_num_rows($rs);
196	if ($duplicate > 0) {
197	$duplicate = 1;
198	$hash = "0";
199	}
200
201	return $hash;
202	}
203
204
205	/**********************************************************
206	Method: setProperties
207	Author: Paul Bramscher
208	Last Modified: 10.9.2001
209	***********************************************************
210	Comments:
211	This member function sets the $valid, $time_human,
212	$time_unix, and $500_id properties of an instantiation of the
213	sessionClass object. It is called whenever the class is
214	instantiated, either immediately after creating a new
215	session, or testing an existing session ID.
216	**********************************************************/
217	function setProperties($session_id, $user_ip) {
218
219	// Collect some important values
220	$con_session = $this->con_session;
221
222	// Pure all expired sessions
223	$this->expireSessions();
224
225	// Assume this is an invalid session
226	$valid = 0;
227
228	// Generate the SQL
229	$sql = "SELECT * from session where session_id = '"
230	. $session_id
231	. "' AND user_ip = '"
232	. $user_ip
233	."'";
234	$rs = xx_query($sql, $con_session);
235	$valid = xx_num_rows($rs);
236	$row = xx_fetch_array ($rs);
237	$time_human = $row["time_human"];
238	$time_unix = $row["time_unix"];
239	$time_expire = $row["time_expire"];
240	$session_id = $row["session_id"];
241	$staff_account = $row["staff_account"];
242
243	// Valid session, load all of the member properties.
244	if ($valid > 0) {
245	$this->valid = 1;
246	$this->time_human = $time_human;
247	$this->time_unix = $time_unix;
248	$this->time_expire = $time_expire;
249	$this->user_ip = $user_ip;
250	$this->session_id = $session_id;
251	$this->staff_account = $staff_account;
252	}
253	// Expired or invalid. Reset all of the member properties.
254	else {
255	$this->valid = 0;
256	$this->time_human = "";
257	$this->time_unix = "";
258	$this->time_expire = "";
259	$this->staff_account = "";
260	$this->user_ip = "";
261	$this->session_id = "";
262	}
263	}
264
265
266	/**********************************************************
267	Method: logoutSessionID
268	Author: Paul Bramscher
269	Last Modified: 10.09.2001
270	***********************************************************
271	Comments:
272	When a user decides to logout, the session ID is deleted
273	from the session table.
274	**********************************************************/
275	function logoutSessionID() {
276
277	// Initialize
278	$con_session = $this->con_session;
279
280	// Fetch user ip
281	$user_ip = $GLOBALS["REMOTE_ADDR"];
282
283	// Continue only if the current IP matches the object IP, and the
284	// session is currently valid.
285	if ($user_ip == $this->user_ip && $this->valid == 1) {
286
287	// Get the object's session_id
288	$session_id = $this->session_id;
289
290	// Build the SQL line to delete
291	$sql = "DELETE FROM session WHERE session_id = '"
292	. $session_id
293	. "' AND user_ip = '"
294	. $user_ip
295	. "'";
296
297	//xx_query ("LOCK TABLE session WRITE", $con_session);
298	if (!xx_query($sql, $con_session)){
299	xx_query ("UNLOCK TABLES", $con_session);
300	$this->bailout();
301	}
302	else {
303	xx_query("UNLOCK TABLES", $con_session);
304	$this->setProperties($session_id, $user_ip);
305	}
306
307
308	// Kill the client-side cookie, set expiration equal to an hour ago.
309	setcookie ("libsession", "", time() - 3600);
310
311	}
312
313	}
314
315
316	/**********************************************************
317	Method: expireSessions
318	Author: Paul Bramscher
319	Last Modified: 10.9.2001
320	***********************************************************
321	Comments:
322	This function is called periodically to cull expired
323	sessions from the table. It ought to be called in tandem
324	with any
325	**********************************************************/
326	function expireSessions() {
327	$con_session = $this->con_session;
328
329	// Fetch current microtime
330	$time_unix = $this->getmicrotime();
331
332	$sql = "DELETE FROM session where time_expire < " . $time_unix;
333
334	if (!xx_query($sql, $con_session)){
335	sql_err($con_session);
336	xx_query ("UNLOCK TABLES", $con_session);
337	bailout();
338	}
339	else {
340	xx_query("UNLOCK TABLES", $con_session);
341	}
342	} // end of function
343	} // end of class
344	?>