Mercurial > hg > fapweb
annotate msession.inc.php @ 1114:51f24cb35fc8
s/SET_LEN_/SQL_LEN_/g
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 14 Oct 2019 10:31:39 +0300 |
parents | 4a95cd4fa341 |
children | b2bca5f6d0ff |
rev | line source |
---|---|
1074 | 1 <?php |
33 | 2 // |
571
ce11ea112a65
Change the header blurb a bit.
Matti Hamalainen <ccr@tnsp.org>
parents:
565
diff
changeset
|
3 // FAPWeb - Simple Web-based Demoparty Management System |
33 | 4 // Session management and authentication |
1072 | 5 // (C) Copyright 2012-2017 Tecnic Software productions (TNSP) |
33 | 6 // |
7 | |
176
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
8 define("SESS_USER", "user"); |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
9 define("SESS_ADMIN", "admin"); |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
10 |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
11 |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
12 if (function_exists("ini_set")) |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
13 { |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
14 // Use cookies to store the session ID on the client side |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
15 @ini_set("session.use_only_cookies", 1); |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
16 |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
17 // Disable transparent Session ID support |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
18 @ini_set("session.use_trans_sid", 0); |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
19 } |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
20 |
8f0d81f9c648
Move some session related code to its rightful place in session module.
Matti Hamalainen <ccr@tnsp.org>
parents:
173
diff
changeset
|
21 |
51 | 22 function stGetSpecSessionItem($stype, $name, $default = "") |
23 { | |
24 if (isset($stype)) | |
25 return (isset($_SESSION[$stype]) && isset($_SESSION[$stype][$name])) ? $_SESSION[$stype][$name] : $default; | |
26 else | |
27 return $default; | |
28 } | |
29 | |
30 | |
33 | 31 function stGetSessionItem($name, $default = "") |
32 { | |
33 global $sessionType; | |
51 | 34 return stGetSpecSessionItem($sessionType, $name, $default); |
33 | 35 } |
36 | |
37 | |
38 function stSetSessionItem($name, $value) | |
39 { | |
40 global $sessionType; | |
41 if (!isset($sessionType)) | |
42 die("Session type not set."); | |
43 | |
44 $_SESSION[$sessionType][$name] = $value; | |
45 } | |
46 | |
47 | |
687
a38eab6f2bd2
Improve session expiration handling.
Matti Hamalainen <ccr@tnsp.org>
parents:
571
diff
changeset
|
48 function stSessionExpire($stype, $silent = FALSE) |
33 | 49 { |
50 // Check for session expiration | |
51 | 51 if (!isset($_SESSION[$stype]) || !isset($_SESSION[$stype]["expires"])) |
33 | 52 { |
51 | 53 stDebug("Session ".$stype." expires due to expire time not set."); |
54 stSessionEnd($stype); | |
33 | 55 return FALSE; |
56 } | |
1086
4a95cd4fa341
Check for existence of "expires" field in session data.
Matti Hamalainen <ccr@tnsp.org>
parents:
1074
diff
changeset
|
57 |
51 | 58 if ($_SESSION[$stype]["expires"] < time()) |
33 | 59 { |
51 | 60 stDebug("Session ".$stype." / ".session_id()." expires due to timeout ".$_SESSION[$stype]["expires"]." < ".time()); |
61 stSessionEnd($stype); | |
33 | 62 return FALSE; |
63 } | |
64 | |
65 // Add more time to expiration | |
51 | 66 $timeout = stGetSetting($_SESSION[$stype]["timeout"], 0); |
687
a38eab6f2bd2
Improve session expiration handling.
Matti Hamalainen <ccr@tnsp.org>
parents:
571
diff
changeset
|
67 if (!$silent) stDebug("Adding more time to ".$stype." session ".session_id()." :: ".$timeout); |
51 | 68 $_SESSION[$stype]["expires"] = time() + $timeout * 60; |
33 | 69 return TRUE; |
70 } | |
71 | |
72 | |
51 | 73 function stSessionEnd($stype) |
33 | 74 { |
75 $result = FALSE; | |
76 | |
51 | 77 stDebug("Request END session ".$stype); |
33 | 78 |
79 if (@session_start() === TRUE && isset($_SESSION)) | |
80 { | |
81 // End current session type | |
51 | 82 if (isset($_SESSION[$stype])) |
33 | 83 { |
1086
4a95cd4fa341
Check for existence of "expires" field in session data.
Matti Hamalainen <ccr@tnsp.org>
parents:
1074
diff
changeset
|
84 stDebug("END session ".$stype." / ".(isset($_SESSION[$stype]["expires"]) ? $_SESSION[$stype]["expires"] : "?")); |
51 | 85 $_SESSION[$stype] = array(); |
86 unset($_SESSION[$stype]); | |
33 | 87 $result = TRUE; |
88 } | |
89 | |
90 // If all session types are ended, clear the cookies etc | |
51 | 91 if (!isset($_SESSION[SESS_USER]) && !isset($_SESSION[SESS_ADMIN])) |
33 | 92 { |
51 | 93 stDebug("Clearing all session data."); |
33 | 94 $_SESSION = array(); |
95 | |
96 if (ini_get("session.use_cookies")) | |
97 { | |
98 $params = session_get_cookie_params(); | |
99 setcookie(session_name(), "", time() - 242000, | |
100 $params["path"], $params["domain"], | |
101 $params["secure"], $params["httponly"] | |
102 ); | |
103 } | |
104 | |
105 @session_destroy(); | |
106 } | |
107 } | |
108 | |
109 return $result; | |
110 } | |
111 | |
112 | |
51 | 113 function stSessionStart($stype, $key, $timeout) |
33 | 114 { |
115 if (@session_start() === TRUE) | |
116 { | |
51 | 117 stDebug("START ".$stype." session OK."); |
118 $_SESSION[$stype] = array( | |
33 | 119 "key" => $key, |
120 "timeout" => $timeout, | |
121 "expires" => time() + stGetSetting($timeout) * 60, | |
122 "message" => "", | |
123 "status" => 0, | |
360
2af8458058ab
Implement CSRF token checks.
Matti Hamalainen <ccr@tnsp.org>
parents:
176
diff
changeset
|
124 "csrfID" => hash("sha512", mt_rand(0, mt_getrandmax())), |
33 | 125 ); |
126 return TRUE; | |
127 } | |
128 else | |
129 { | |
51 | 130 stDebug("START ".$stype." session --FAILED--"); |
33 | 131 return FALSE; |
132 } | |
133 } | |
134 | |
135 | |
360
2af8458058ab
Implement CSRF token checks.
Matti Hamalainen <ccr@tnsp.org>
parents:
176
diff
changeset
|
136 function stCSRFCheck() |
2af8458058ab
Implement CSRF token checks.
Matti Hamalainen <ccr@tnsp.org>
parents:
176
diff
changeset
|
137 { |
369
a3caded43f6d
Add possibility of always using GET requests when debug mode is enabled.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
138 if (stGetSetting("debug")) |
a3caded43f6d
Add possibility of always using GET requests when debug mode is enabled.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
139 return TRUE; |
a3caded43f6d
Add possibility of always using GET requests when debug mode is enabled.
Matti Hamalainen <ccr@tnsp.org>
parents:
360
diff
changeset
|
140 |
360
2af8458058ab
Implement CSRF token checks.
Matti Hamalainen <ccr@tnsp.org>
parents:
176
diff
changeset
|
141 $csrfID = stGetRequestItem("csrfID", FALSE); |
2af8458058ab
Implement CSRF token checks.
Matti Hamalainen <ccr@tnsp.org>
parents:
176
diff
changeset
|
142 return ($csrfID !== FALSE && stGetSessionItem("csrfID", FALSE) == $csrfID); |
2af8458058ab
Implement CSRF token checks.
Matti Hamalainen <ccr@tnsp.org>
parents:
176
diff
changeset
|
143 } |
2af8458058ab
Implement CSRF token checks.
Matti Hamalainen <ccr@tnsp.org>
parents:
176
diff
changeset
|
144 |
2af8458058ab
Implement CSRF token checks.
Matti Hamalainen <ccr@tnsp.org>
parents:
176
diff
changeset
|
145 |
84
1f34037a7cae
Set some default parameters.
Matti Hamalainen <ccr@tnsp.org>
parents:
77
diff
changeset
|
146 function stAdmSessionAuth($silent = FALSE) |
33 | 147 { |
148 if (@session_start() === TRUE && | |
51 | 149 stGetSpecSessionItem(SESS_ADMIN, "key", FALSE) == stGetSetting("admPassword")) |
33 | 150 { |
77
70c0b21f0781
Support silent auth checks (no debug info).
Matti Hamalainen <ccr@tnsp.org>
parents:
51
diff
changeset
|
151 if (!$silent) stDebug("AUTH admin session OK."); |
687
a38eab6f2bd2
Improve session expiration handling.
Matti Hamalainen <ccr@tnsp.org>
parents:
571
diff
changeset
|
152 return stSessionExpire(SESS_ADMIN, $silent); |
33 | 153 } |
154 else | |
155 { | |
77
70c0b21f0781
Support silent auth checks (no debug info).
Matti Hamalainen <ccr@tnsp.org>
parents:
51
diff
changeset
|
156 if (!$silent) stDebug("AUTH admin session FAIL."); |
33 | 157 return FALSE; |
158 } | |
159 } | |
160 | |
161 | |
84
1f34037a7cae
Set some default parameters.
Matti Hamalainen <ccr@tnsp.org>
parents:
77
diff
changeset
|
162 function stUserSessionAuth($silent = FALSE) |
33 | 163 { |
164 if (@session_start() === TRUE && | |
51 | 165 stGetSpecSessionItem(SESS_USER, "key", FALSE) !== FALSE) |
166 { | |
77
70c0b21f0781
Support silent auth checks (no debug info).
Matti Hamalainen <ccr@tnsp.org>
parents:
51
diff
changeset
|
167 if (!$silent) stDebug("AUTH user session OK."); |
687
a38eab6f2bd2
Improve session expiration handling.
Matti Hamalainen <ccr@tnsp.org>
parents:
571
diff
changeset
|
168 return stSessionExpire(SESS_USER, $silent); |
51 | 169 } |
33 | 170 else |
51 | 171 { |
77
70c0b21f0781
Support silent auth checks (no debug info).
Matti Hamalainen <ccr@tnsp.org>
parents:
51
diff
changeset
|
172 if (!$silent) stDebug("AUTH user session FAIL."); |
33 | 173 return FALSE; |
51 | 174 } |
33 | 175 } |
176 | |
177 | |
178 ?> |