1 |
<?php |
2 |
class sessionClass { |
3 |
|
4 |
/********************************************************** |
5 |
sessionClass Properties |
6 |
Author: Paul Bramscher |
7 |
Last Modified: 10.29.2002 |
8 |
*********************************************************** |
9 |
Comments: |
10 |
For documentation, see separate Word-format .DOC file. |
11 |
**********************************************************/ |
12 |
var $con_session; |
13 |
var $result_session; |
14 |
var $user_ip; |
15 |
var $staff_account; |
16 |
var $session_id; |
17 |
var $valid; |
18 |
var $time_human; |
19 |
var $time_unix; |
20 |
var $time_expire; |
21 |
|
22 |
// Default session duration parameters |
23 |
var $default_duration = 120; |
24 |
var $max_duration = 43200; |
25 |
|
26 |
// Database variables |
27 |
#var $session_dsn = 'mysql://libsession:libsessionpw@localhost/libsession'; |
28 |
var $session_dsn = 'pgsql://dpavlin@/libdata'; |
29 |
|
30 |
|
31 |
/********************************************************** |
32 |
Constructor Method: sessionClass |
33 |
Author: Paul Bramscher |
34 |
Last Modified: 10.29.2002 |
35 |
*********************************************************** |
36 |
Comments: |
37 |
Generates a unique session ID, fetches the system time and |
38 |
writes it into a table. |
39 |
**********************************************************/ |
40 |
function sessionClass($duration, $session_id, $staff_account) { |
41 |
|
42 |
// Set the database connection variables |
43 |
global $dsn_options; |
44 |
$this->con_session =& DB::connect($this->session_dsn, $dsn_options); |
45 |
if (DB::isError($db)) { |
46 |
# XXX remove this! |
47 |
print $db->getDebugInfo(); |
48 |
|
49 |
die($db->getMessage()); |
50 |
} |
51 |
|
52 |
// Fetch user ip |
53 |
$user_ip = $GLOBALS["REMOTE_ADDR"]; |
54 |
|
55 |
// Determine whether to generate a new session |
56 |
If ($session_id == "" && strlen($staff_account) > 0) { |
57 |
|
58 |
// Generate a session ID and store it |
59 |
$this->session_id = $this->generateSessionID(); |
60 |
$session_id = $this->session_id; |
61 |
|
62 |
// Fetch a unix microsecond timestamp |
63 |
$time_unix = $this->getmicrotime(); |
64 |
|
65 |
// Attempt to use a non-default session duration |
66 |
if ( (float) $duration > 0) { |
67 |
if ( (float) $duration > $this->max_duration) $duration = $this->max_duration; |
68 |
$time_expire = (float) $duration + (float) $time_unix; |
69 |
} |
70 |
// Otherwise use the default duration |
71 |
else $time_expire = (float) $this->default_duration + (float) $time_unix; |
72 |
|
73 |
// Calculate human-readable and mySQL-friendly date-time format |
74 |
$time_convert = getdate($time_unix); |
75 |
$mon = $time_convert[mon]; |
76 |
$mday = $time_convert[mday]; |
77 |
$year = $time_convert[year]; |
78 |
$hours = $time_convert[hours]; |
79 |
$minutes = $time_convert[minutes]; |
80 |
$seconds = $time_convert[seconds]; |
81 |
|
82 |
// Back-fill in case we have single-digits. |
83 |
if (strlen($mday) < 2) $mday = "0" . $mday; |
84 |
if (strlen($mon) < 2) $mon = "0" . $mon; |
85 |
if (strlen($hours) < 2) $hours = "0" . $hours; |
86 |
if (strlen($minutes) < 2) $minutes = "0" . $minutes; |
87 |
if (strlen($seconds) < 2) $seconds = "0" . $seconds; |
88 |
|
89 |
// Generate a mySQL-friendly stamp |
90 |
$time_human = $year . "-" . $mon . "-" . $mday . " " . $hours . ":" . $minutes . ":" . $seconds; |
91 |
|
92 |
// Build the SQL line to insert it into the database |
93 |
$sql = "INSERT INTO session (staff_account, user_ip, session_id, time_human, time_unix, time_expire) VALUES ('" |
94 |
. $staff_account |
95 |
. "', '" |
96 |
. $user_ip |
97 |
. "', '" |
98 |
. $session_id |
99 |
. "', '" |
100 |
. $time_human |
101 |
. "', '" |
102 |
. $time_unix |
103 |
. "', '" |
104 |
. $time_expire |
105 |
. "')"; |
106 |
|
107 |
// xx_query ("LOCK TABLE session WRITE", $this->con_session); |
108 |
if (!xx_query($sql, $this->con_session)){ |
109 |
xx_query ("UNLOCK TABLES", $this->con_session); |
110 |
$this->bailout(); |
111 |
} |
112 |
else { |
113 |
xx_query("UNLOCK TABLES", $this->con_session); |
114 |
} |
115 |
|
116 |
|
117 |
// Set the client libsession cookie. Expiration equals expiration in the database |
118 |
setcookie ("libsession", $session_id, $time_expire); /* expire in 1 hour */ |
119 |
|
120 |
|
121 |
} // finished generating a new session |
122 |
|
123 |
|
124 |
// Whether or not this is a new session, set the object properties |
125 |
$this->setProperties($session_id, $user_ip); |
126 |
} |
127 |
|
128 |
|
129 |
/********************************************************** |
130 |
Method: bailout |
131 |
Author: Paul Bramscher |
132 |
Last Modified: 10.04.2001 |
133 |
*********************************************************** |
134 |
Comments: |
135 |
Attempt to gracefully finish out HTML in the event of a |
136 |
severe mySQL database problem. |
137 |
**********************************************************/ |
138 |
function bailout() { |
139 |
die ( "Bailing Out!<br>\n</body></html>\n" ); |
140 |
} |
141 |
|
142 |
|
143 |
/********************************************************** |
144 |
Method: getmicrotime |
145 |
Author: http://www.php.net microtime example |
146 |
Last Modified: 10.04.2001 |
147 |
*********************************************************** |
148 |
Comments: |
149 |
Displays a Unix timestamp of the number of seconds |
150 |
elapsed from 0:00:00 January 1, 1970 GMT |
151 |
**********************************************************/ |
152 |
function getmicrotime(){ |
153 |
list($usec, $sec) = explode(" ",microtime()); |
154 |
return ((float)$usec + (float)$sec); |
155 |
} |
156 |
|
157 |
|
158 |
/********************************************************** |
159 |
Method: secondsRemaining |
160 |
Author: Paul Bramscher |
161 |
Last Modified: 10.09.2001 |
162 |
*********************************************************** |
163 |
Comments: |
164 |
Returns the number of seconds remaining for this |
165 |
session before expiration. |
166 |
**********************************************************/ |
167 |
function secondsRemaining(){ |
168 |
return (float) $this->time_expire - (float) $this->getmicrotime(); |
169 |
} |
170 |
|
171 |
/********************************************************** |
172 |
Method: generateSessionID |
173 |
Author: Paul Bramscher |
174 |
Last Modified: 10.04.2001 |
175 |
*********************************************************** |
176 |
Comments: |
177 |
Seeds a random number generator with the system time |
178 |
and generates a md5 hash value. The value is confirmed |
179 |
against the session table in the rare instance it |
180 |
already exists. If so, another attempt is made. |
181 |
**********************************************************/ |
182 |
function generateSessionID() { |
183 |
$con_session = $this->con_session; |
184 |
|
185 |
// Seed with current time & generate the md5 hash |
186 |
mt_srand((double)microtime()*1000000); |
187 |
$hash = md5(mt_rand(0,9999)); |
188 |
|
189 |
// Variable declarations |
190 |
$duplicate = 1; |
191 |
|
192 |
// The SQL |
193 |
$sql = "SELECT * FROM session where session_id = '" . $hash . "'"; |
194 |
$rs = xx_query($sql, $con_session); |
195 |
$duplicate = xx_num_rows($rs); |
196 |
if ($duplicate > 0) { |
197 |
$duplicate = 1; |
198 |
$hash = "0"; |
199 |
} |
200 |
|
201 |
return $hash; |
202 |
} |
203 |
|
204 |
|
205 |
/********************************************************** |
206 |
Method: setProperties |
207 |
Author: Paul Bramscher |
208 |
Last Modified: 10.9.2001 |
209 |
*********************************************************** |
210 |
Comments: |
211 |
This member function sets the $valid, $time_human, |
212 |
$time_unix, and $500_id properties of an instantiation of the |
213 |
sessionClass object. It is called whenever the class is |
214 |
instantiated, either immediately after creating a new |
215 |
session, or testing an existing session ID. |
216 |
**********************************************************/ |
217 |
function setProperties($session_id, $user_ip) { |
218 |
|
219 |
// Collect some important values |
220 |
$con_session = $this->con_session; |
221 |
|
222 |
// Pure all expired sessions |
223 |
$this->expireSessions(); |
224 |
|
225 |
// Assume this is an invalid session |
226 |
$valid = 0; |
227 |
|
228 |
// Generate the SQL |
229 |
$sql = "SELECT * from session where session_id = '" |
230 |
. $session_id |
231 |
. "' AND user_ip = '" |
232 |
. $user_ip |
233 |
."'"; |
234 |
$rs = xx_query($sql, $con_session); |
235 |
$valid = xx_num_rows($rs); |
236 |
$row = xx_fetch_array ($rs); |
237 |
$time_human = $row["time_human"]; |
238 |
$time_unix = $row["time_unix"]; |
239 |
$time_expire = $row["time_expire"]; |
240 |
$session_id = $row["session_id"]; |
241 |
$staff_account = $row["staff_account"]; |
242 |
|
243 |
// Valid session, load all of the member properties. |
244 |
if ($valid > 0) { |
245 |
$this->valid = 1; |
246 |
$this->time_human = $time_human; |
247 |
$this->time_unix = $time_unix; |
248 |
$this->time_expire = $time_expire; |
249 |
$this->user_ip = $user_ip; |
250 |
$this->session_id = $session_id; |
251 |
$this->staff_account = $staff_account; |
252 |
} |
253 |
// Expired or invalid. Reset all of the member properties. |
254 |
else { |
255 |
$this->valid = 0; |
256 |
$this->time_human = ""; |
257 |
$this->time_unix = ""; |
258 |
$this->time_expire = ""; |
259 |
$this->staff_account = ""; |
260 |
$this->user_ip = ""; |
261 |
$this->session_id = ""; |
262 |
} |
263 |
} |
264 |
|
265 |
|
266 |
/********************************************************** |
267 |
Method: logoutSessionID |
268 |
Author: Paul Bramscher |
269 |
Last Modified: 10.09.2001 |
270 |
*********************************************************** |
271 |
Comments: |
272 |
When a user decides to logout, the session ID is deleted |
273 |
from the session table. |
274 |
**********************************************************/ |
275 |
function logoutSessionID() { |
276 |
|
277 |
// Initialize |
278 |
$con_session = $this->con_session; |
279 |
|
280 |
// Fetch user ip |
281 |
$user_ip = $GLOBALS["REMOTE_ADDR"]; |
282 |
|
283 |
// Continue only if the current IP matches the object IP, and the |
284 |
// session is currently valid. |
285 |
if ($user_ip == $this->user_ip && $this->valid == 1) { |
286 |
|
287 |
// Get the object's session_id |
288 |
$session_id = $this->session_id; |
289 |
|
290 |
// Build the SQL line to delete |
291 |
$sql = "DELETE FROM session WHERE session_id = '" |
292 |
. $session_id |
293 |
. "' AND user_ip = '" |
294 |
. $user_ip |
295 |
. "'"; |
296 |
|
297 |
//xx_query ("LOCK TABLE session WRITE", $con_session); |
298 |
if (!xx_query($sql, $con_session)){ |
299 |
xx_query ("UNLOCK TABLES", $con_session); |
300 |
$this->bailout(); |
301 |
} |
302 |
else { |
303 |
xx_query("UNLOCK TABLES", $con_session); |
304 |
$this->setProperties($session_id, $user_ip); |
305 |
} |
306 |
|
307 |
|
308 |
// Kill the client-side cookie, set expiration equal to an hour ago. |
309 |
setcookie ("libsession", "", time() - 3600); |
310 |
|
311 |
} |
312 |
|
313 |
} |
314 |
|
315 |
|
316 |
/********************************************************** |
317 |
Method: expireSessions |
318 |
Author: Paul Bramscher |
319 |
Last Modified: 10.9.2001 |
320 |
*********************************************************** |
321 |
Comments: |
322 |
This function is called periodically to cull expired |
323 |
sessions from the table. It ought to be called in tandem |
324 |
with any |
325 |
**********************************************************/ |
326 |
function expireSessions() { |
327 |
$con_session = $this->con_session; |
328 |
|
329 |
// Fetch current microtime |
330 |
$time_unix = $this->getmicrotime(); |
331 |
|
332 |
$sql = "DELETE FROM session where time_expire < " . $time_unix; |
333 |
|
334 |
if (!xx_query($sql, $con_session)){ |
335 |
sql_err($con_session); |
336 |
xx_query ("UNLOCK TABLES", $con_session); |
337 |
bailout(); |
338 |
} |
339 |
else { |
340 |
xx_query("UNLOCK TABLES", $con_session); |
341 |
} |
342 |
} // end of function |
343 |
} // end of class |
344 |
?> |