admin/include/sessionClass.php

<?php
class sessionClass {

/**********************************************************
sessionClass Properties
Author: Paul Bramscher
Last Modified: 10.29.2002
***********************************************************
Comments:
For documentation, see separate Word-format .DOC file.
**********************************************************/
var $con_session;
var $result_session;
var $user_ip;
var $staff_account;
var $session_id;
var $valid;
var $time_human;
var $time_unix;
var $time_expire;

// Default session duration parameters
var $default_duration = 120;
var $max_duration = 43200;

// Database variables
#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession';
var $session_dsn = 'pgsql://dpavlin@/libdata';


/**********************************************************
Constructor Method: sessionClass
Author: Paul Bramscher
Last Modified: 10.29.2002
***********************************************************
Comments:
Generates a unique session ID, fetches the system time and
writes it into a table.
**********************************************************/
function sessionClass($duration, $session_id, $staff_account) {

        // Set the database connection variables
        global $dsn_options;
        $this->con_session =& DB::connect($this->session_dsn, $dsn_options);
        if (DB::isError($db)) {
                # XXX remove this!
                print $db->getDebugInfo();
                
                die($db->getMessage());
        }
                
        // Fetch user ip
        $user_ip = $GLOBALS["REMOTE_ADDR"];

        // Determine whether to generate a new session
        If ($session_id == "" && strlen($staff_account) > 0) {

                // Generate a session ID and store it
                $this->session_id = $this->generateSessionID();
                $session_id = $this->session_id;
                
                // Fetch a unix microsecond timestamp
                $time_unix = $this->getmicrotime();
                
                // Attempt to use a non-default session duration
                if ( (float) $duration > 0) {
                        if ( (float) $duration > $this->max_duration) $duration = $this->max_duration;
                        $time_expire = (float) $duration + (float) $time_unix;
                }
                // Otherwise use the default duration
                else $time_expire = (float) $this->default_duration + (float) $time_unix;

                // Calculate human-readable and mySQL-friendly date-time format
                $time_convert = getdate($time_unix);
                $mon = $time_convert[mon];                          
                $mday = $time_convert[mday];                        
                $year = $time_convert[year];
                $hours = $time_convert[hours];                        
                $minutes = $time_convert[minutes];
                $seconds = $time_convert[seconds];
        
                // Back-fill in case we have single-digits.      
                if (strlen($mday) < 2) $mday = "0" . $mday;
                if (strlen($mon) < 2) $mon = "0" . $mon;
                if (strlen($hours) < 2) $hours = "0" . $hours;   
                if (strlen($minutes) < 2) $minutes = "0" . $minutes;
                if (strlen($seconds) < 2) $seconds = "0" . $seconds;
        
                // Generate a mySQL-friendly stamp
                $time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds;
                
                // Build the SQL line to insert it into the database
                $sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire)
                        VALUES (?, ?, ?, ?, ?, ?)";
                
                // xx_query ("LOCK TABLE session WRITE", $this->con_session);
                if (!xx_prepare_execute($sql,
                        $staff_account,
                        $user_ip,
                        $session_id,
                        $time_human,
                        $time_unix,
                        $time_expire)) {        
                        xx_query ("UNLOCK TABLES", $this->con_session);
                        $this->bailout();
                }
                else {
                        xx_query("UNLOCK TABLES", $this->con_session);
                }


                // Set the client libsession cookie.  Expiration equals expiration in the database
                setcookie ("libsession", $session_id, $time_expire);  /* expire in 1 hour */


        } // finished generating a new session
        

        // Whether or not this is a new session, set the object properties
        $this->setProperties($session_id, $user_ip);
}


/**********************************************************
Method: bailout
Author: Paul Bramscher
Last Modified: 10.04.2001
***********************************************************
Comments:
Attempt to gracefully finish out HTML in the event of a
severe mySQL database problem.
**********************************************************/
function bailout() {
        die ( "Bailing Out!<br>\n</body></html>\n" );
}


/**********************************************************
Method: getmicrotime
Author: http://www.php.net microtime example
Last Modified: 10.04.2001
***********************************************************
Comments:
Displays a Unix timestamp of the number of seconds
elapsed from 0:00:00 January 1, 1970 GMT
**********************************************************/
function getmicrotime(){ 
        list($usec, $sec) = explode(" ",microtime()); 
        return ((float)$usec + (float)$sec); 
} 


/**********************************************************
Method: secondsRemaining
Author: Paul Bramscher
Last Modified: 10.09.2001
***********************************************************
Comments:
Returns the number of seconds remaining for this
session before expiration.
**********************************************************/
function secondsRemaining(){ 
        return (float) $this->time_expire - (float) $this->getmicrotime();
} 

/**********************************************************
Method: generateSessionID
Author: Paul Bramscher
Last Modified: 10.04.2001
***********************************************************
Comments:
Seeds a random number generator with the system time
and generates a md5 hash value.  The value is confirmed
against the session table in the rare instance it
already exists.  If so, another attempt is made.
**********************************************************/
function generateSessionID() {
        $con_session = $this->con_session;

        // Seed with current time & generate the md5 hash
        mt_srand((double)microtime()*1000000);
        $hash = md5(mt_rand(0,9999));
        
        // Variable declarations
        $duplicate = 1;

        // The SQL
        $sql = "SELECT * FROM session where session_id = '" . $hash . "'";
        $rs = xx_query($sql, $con_session);
        $duplicate = xx_num_rows($rs);
        if ($duplicate > 0) {
                $duplicate = 1;
                $hash = "0";
        }
        
        return $hash;
}


/**********************************************************
Method: setProperties
Author: Paul Bramscher
Last Modified: 10.9.2001
***********************************************************
Comments:
This member function sets the $valid, $time_human,
$time_unix, and $500_id properties of an instantiation of the
sessionClass object.  It is called whenever the class is
instantiated, either immediately after creating a new
session, or testing an existing session ID.
**********************************************************/
function setProperties($session_id, $user_ip) {

        // Collect some important values
        $con_session = $this->con_session;
        
        // Pure all expired sessions
        $this->expireSessions();
        
        // Assume this is an invalid session
        $valid = 0;
        
        // Generate the SQL
        $sql = "SELECT * from session where session_id = '"
                . $session_id
                . "' AND user_ip = '"
                . $user_ip
                ."'";
        $rs = xx_query($sql, $con_session);
        $valid = xx_num_rows($rs);
        $row = xx_fetch_array ($rs);
        $time_human = $row["time_human"];
        $time_unix = $row["time_unix"];
        $time_expire = $row["time_expire"];
        $session_id = $row["session_id"];
        $staff_account = $row["staff_account"];

        // Valid session, load all of the member properties.
        if ($valid > 0) {
                $this->valid = 1;
                $this->time_human = $time_human;
                $this->time_unix = $time_unix;
                $this->time_expire = $time_expire;
                $this->user_ip = $user_ip;
                $this->session_id = $session_id;
                $this->staff_account = $staff_account;
        }
        // Expired or invalid.  Reset all of the member properties.
        else {
                $this->valid = 0;
                $this->time_human = "";
                $this->time_unix = "";
                $this->time_expire = "";
                $this->staff_account = "";
                $this->user_ip = "";
                $this->session_id = "";
        }
}


/**********************************************************
Method: logoutSessionID
Author: Paul Bramscher
Last Modified: 10.09.2001
***********************************************************
Comments:
When a user decides to logout, the session ID is deleted
from the session table.
**********************************************************/
function logoutSessionID() {

        // Initialize
        $con_session = $this->con_session;

        // Fetch user ip
        $user_ip = $GLOBALS["REMOTE_ADDR"];

        // Continue only if the current IP matches the object IP, and the
        // session is currently valid.
        if ($user_ip == $this->user_ip && $this->valid == 1) {
        
                // Get the object's session_id
                $session_id = $this->session_id;

                // Build the SQL line to delete
                $sql = "DELETE FROM session WHERE session_id = '"
                        . $session_id
                        . "' AND user_ip = '"
                        . $user_ip
                        . "'";

                //xx_query ("LOCK TABLE session WRITE", $con_session);
                if (!xx_query($sql, $con_session)){
                        xx_query ("UNLOCK TABLES", $con_session);
                        $this->bailout();
                }
                else {
                        xx_query("UNLOCK TABLES", $con_session);
                        $this->setProperties($session_id, $user_ip);
                }
                
                
                // Kill the client-side cookie, set expiration equal to an hour ago.
                setcookie ("libsession", "", time() - 3600);
                
        }
        
}


/**********************************************************
Method: expireSessions
Author: Paul Bramscher
Last Modified: 10.9.2001
***********************************************************
Comments:
This function is called periodically to cull expired
sessions from the table.  It ought to be called in tandem
with any 
**********************************************************/
function expireSessions() {
        $con_session = $this->con_session;

        // Fetch current microtime
        $time_unix = $this->getmicrotime();

        $sql = "DELETE FROM session where time_expire < " . $time_unix;
        
        if (!xx_query($sql, $con_session)){
                sql_err($con_session);
                xx_query ("UNLOCK TABLES", $con_session);
                bailout();
        }
        else {          
                xx_query("UNLOCK TABLES", $con_session);
        }
} // end of function
} // end of class
?>
1	dpavlin	31	<?php
2			class sessionClass {
3
4			/**********************************************************
5			sessionClass Properties
6			Author: Paul Bramscher
7			Last Modified: 10.29.2002
8			***********************************************************
9			Comments:
10			For documentation, see separate Word-format .DOC file.
11			**********************************************************/
12			var $con_session;
13			var $result_session;
14			var $user_ip;
15			var $staff_account;
16			var $session_id;
17			var $valid;
18			var $time_human;
19			var $time_unix;
20			var $time_expire;
21
22			// Default session duration parameters
23			var $default_duration = 120;
24			var $max_duration = 43200;
25
26			// Database variables
27	dpavlin	50	#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession';
28			var $session_dsn = 'pgsql://dpavlin@/libdata';
29	dpavlin	31
30
31			/**********************************************************
32			Constructor Method: sessionClass
33			Author: Paul Bramscher
34			Last Modified: 10.29.2002
35			***********************************************************
36			Comments:
37			Generates a unique session ID, fetches the system time and
38			writes it into a table.
39			**********************************************************/
40			function sessionClass($duration, $session_id, $staff_account) {
41
42	dpavlin	50	// Set the database connection variables
43			global $dsn_options;
44			$this->con_session =& DB::connect($this->session_dsn, $dsn_options);
45			if (DB::isError($db)) {
46			# XXX remove this!
47			print $db->getDebugInfo();
48	dpavlin	31
49	dpavlin	50	die($db->getMessage());
50			}
51
52	dpavlin	31	// Fetch user ip
53			$user_ip = $GLOBALS["REMOTE_ADDR"];
54
55			// Determine whether to generate a new session
56			If ($session_id == "" && strlen($staff_account) > 0) {
57
58			// Generate a session ID and store it
59			$this->session_id = $this->generateSessionID();
60			$session_id = $this->session_id;
61
62			// Fetch a unix microsecond timestamp
63			$time_unix = $this->getmicrotime();
64
65			// Attempt to use a non-default session duration
66			if ( (float) $duration > 0) {
67			if ( (float) $duration > $this->max_duration) $duration = $this->max_duration;
68			$time_expire = (float) $duration + (float) $time_unix;
69			}
70			// Otherwise use the default duration
71			else $time_expire = (float) $this->default_duration + (float) $time_unix;
72
73			// Calculate human-readable and mySQL-friendly date-time format
74			$time_convert = getdate($time_unix);
75			$mon = $time_convert[mon];
76			$mday = $time_convert[mday];
77			$year = $time_convert[year];
78			$hours = $time_convert[hours];
79			$minutes = $time_convert[minutes];
80			$seconds = $time_convert[seconds];
81
82			// Back-fill in case we have single-digits.
83			if (strlen($mday) < 2) $mday = "0" . $mday;
84			if (strlen($mon) < 2) $mon = "0" . $mon;
85			if (strlen($hours) < 2) $hours = "0" . $hours;
86			if (strlen($minutes) < 2) $minutes = "0" . $minutes;
87			if (strlen($seconds) < 2) $seconds = "0" . $seconds;
88
89			// Generate a mySQL-friendly stamp
90			$time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds;
91
92			// Build the SQL line to insert it into the database
93	dpavlin	53	$sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire)
94			VALUES (?, ?, ?, ?, ?, ?)";
95	dpavlin	31
96	dpavlin	50	// xx_query ("LOCK TABLE session WRITE", $this->con_session);
97	dpavlin	53	if (!xx_prepare_execute($sql,
98			$staff_account,
99			$user_ip,
100			$session_id,
101			$time_human,
102			$time_unix,
103			$time_expire)) {
104	dpavlin	50	xx_query ("UNLOCK TABLES", $this->con_session);
105	dpavlin	31	$this->bailout();
106			}
107			else {
108	dpavlin	50	xx_query("UNLOCK TABLES", $this->con_session);
109	dpavlin	31	}
110
111
112			// Set the client libsession cookie. Expiration equals expiration in the database
113			setcookie ("libsession", $session_id, $time_expire); /* expire in 1 hour */
114
115
116			} // finished generating a new session
117
118
119			// Whether or not this is a new session, set the object properties
120			$this->setProperties($session_id, $user_ip);
121			}
122
123
124			/**********************************************************
125			Method: bailout
126			Author: Paul Bramscher
127			Last Modified: 10.04.2001
128			***********************************************************
129			Comments:
130			Attempt to gracefully finish out HTML in the event of a
131			severe mySQL database problem.
132			**********************************************************/
133			function bailout() {
134			die ( "Bailing Out!<br>\n</body></html>\n" );
135			}
136
137
138			/**********************************************************
139			Method: getmicrotime
140			Author: http://www.php.net microtime example
141			Last Modified: 10.04.2001
142			***********************************************************
143			Comments:
144			Displays a Unix timestamp of the number of seconds
145			elapsed from 0:00:00 January 1, 1970 GMT
146			**********************************************************/
147			function getmicrotime(){
148			list($usec, $sec) = explode(" ",microtime());
149			return ((float)$usec + (float)$sec);
150			}
151
152
153			/**********************************************************
154			Method: secondsRemaining
155			Author: Paul Bramscher
156			Last Modified: 10.09.2001
157			***********************************************************
158			Comments:
159			Returns the number of seconds remaining for this
160			session before expiration.
161			**********************************************************/
162			function secondsRemaining(){
163			return (float) $this->time_expire - (float) $this->getmicrotime();
164			}
165
166			/**********************************************************
167			Method: generateSessionID
168			Author: Paul Bramscher
169			Last Modified: 10.04.2001
170			***********************************************************
171			Comments:
172			Seeds a random number generator with the system time
173			and generates a md5 hash value. The value is confirmed
174			against the session table in the rare instance it
175			already exists. If so, another attempt is made.
176			**********************************************************/
177			function generateSessionID() {
178			$con_session = $this->con_session;
179
180			// Seed with current time & generate the md5 hash
181			mt_srand((double)microtime()*1000000);
182			$hash = md5(mt_rand(0,9999));
183
184			// Variable declarations
185			$duplicate = 1;
186
187			// The SQL
188			$sql = "SELECT * FROM session where session_id = '" . $hash . "'";
189	dpavlin	50	$rs = xx_query($sql, $con_session);
190			$duplicate = xx_num_rows($rs);
191	dpavlin	31	if ($duplicate > 0) {
192			$duplicate = 1;
193			$hash = "0";
194			}
195
196			return $hash;
197			}
198
199
200			/**********************************************************
201			Method: setProperties
202			Author: Paul Bramscher
203			Last Modified: 10.9.2001
204			***********************************************************
205			Comments:
206			This member function sets the $valid, $time_human,
207			$time_unix, and $500_id properties of an instantiation of the
208			sessionClass object. It is called whenever the class is
209			instantiated, either immediately after creating a new
210			session, or testing an existing session ID.
211			**********************************************************/
212			function setProperties($session_id, $user_ip) {
213
214			// Collect some important values
215			$con_session = $this->con_session;
216
217			// Pure all expired sessions
218			$this->expireSessions();
219
220			// Assume this is an invalid session
221			$valid = 0;
222
223			// Generate the SQL
224			$sql = "SELECT * from session where session_id = '"
225			. $session_id
226			. "' AND user_ip = '"
227			. $user_ip
228			."'";
229	dpavlin	50	$rs = xx_query($sql, $con_session);
230			$valid = xx_num_rows($rs);
231			$row = xx_fetch_array ($rs);
232	dpavlin	31	$time_human = $row["time_human"];
233			$time_unix = $row["time_unix"];
234			$time_expire = $row["time_expire"];
235			$session_id = $row["session_id"];
236			$staff_account = $row["staff_account"];
237
238			// Valid session, load all of the member properties.
239			if ($valid > 0) {
240			$this->valid = 1;
241			$this->time_human = $time_human;
242			$this->time_unix = $time_unix;
243			$this->time_expire = $time_expire;
244			$this->user_ip = $user_ip;
245			$this->session_id = $session_id;
246			$this->staff_account = $staff_account;
247			}
248			// Expired or invalid. Reset all of the member properties.
249			else {
250			$this->valid = 0;
251			$this->time_human = "";
252			$this->time_unix = "";
253			$this->time_expire = "";
254			$this->staff_account = "";
255			$this->user_ip = "";
256			$this->session_id = "";
257			}
258			}
259
260
261			/**********************************************************
262			Method: logoutSessionID
263			Author: Paul Bramscher
264			Last Modified: 10.09.2001
265			***********************************************************
266			Comments:
267			When a user decides to logout, the session ID is deleted
268			from the session table.
269			**********************************************************/
270			function logoutSessionID() {
271
272			// Initialize
273			$con_session = $this->con_session;
274
275			// Fetch user ip
276			$user_ip = $GLOBALS["REMOTE_ADDR"];
277
278			// Continue only if the current IP matches the object IP, and the
279			// session is currently valid.
280			if ($user_ip == $this->user_ip && $this->valid == 1) {
281
282			// Get the object's session_id
283			$session_id = $this->session_id;
284
285			// Build the SQL line to delete
286			$sql = "DELETE FROM session WHERE session_id = '"
287			. $session_id
288			. "' AND user_ip = '"
289			. $user_ip
290			. "'";
291
292	dpavlin	50	//xx_query ("LOCK TABLE session WRITE", $con_session);
293			if (!xx_query($sql, $con_session)){
294			xx_query ("UNLOCK TABLES", $con_session);
295	dpavlin	31	$this->bailout();
296			}
297			else {
298	dpavlin	50	xx_query("UNLOCK TABLES", $con_session);
299	dpavlin	31	$this->setProperties($session_id, $user_ip);
300			}
301
302
303			// Kill the client-side cookie, set expiration equal to an hour ago.
304			setcookie ("libsession", "", time() - 3600);
305
306			}
307
308			}
309
310
311			/**********************************************************
312			Method: expireSessions
313			Author: Paul Bramscher
314			Last Modified: 10.9.2001
315			***********************************************************
316			Comments:
317			This function is called periodically to cull expired
318			sessions from the table. It ought to be called in tandem
319			with any
320			**********************************************************/
321			function expireSessions() {
322			$con_session = $this->con_session;
323
324			// Fetch current microtime
325			$time_unix = $this->getmicrotime();
326
327			$sql = "DELETE FROM session where time_expire < " . $time_unix;
328
329	dpavlin	50	if (!xx_query($sql, $con_session)){
330	dpavlin	31	sql_err($con_session);
331	dpavlin	50	xx_query ("UNLOCK TABLES", $con_session);
332	dpavlin	31	bailout();
333			}
334			else {
335	dpavlin	50	xx_query("UNLOCK TABLES", $con_session);
336	dpavlin	31	}
337			} // end of function
338			} // end of class
339			?>