Mercurial > hg > fapweb

annotate msession.inc.php @ 33:5bf22431176c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Modularize.
author Matti Hamalainen <ccr@tnsp.org>
date Tue, 11 Dec 2012 11:46:47 +0200
parents
children 7bdf89601ba0
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
33
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
1 <?
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
2 //
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
3 // FAPWEB - Demo Party Website System System
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
4 // Session management and authentication
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
5 // (C) Copyright 2012 Matti 'ccr' Hamalainen <ccr@tnsp.org>
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
6 //
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
7
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
8 function stGetSessionItem($name, $default = "")
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
9 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
10 global $sessionType;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
11 if (isset($sessionType))
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
12 return (isset($_SESSION[$sessionType]) && isset($_SESSION[$sessionType][$name])) ? trim($_SESSION[$sessionType][$name]) : $default;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
13 else
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
14 return isset($_SESSION[$name]) ? trim($_SESSION[$name]) : $default;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
15 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
16
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
17
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
18 function stSetSessionItem($name, $value)
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
19 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
20 global $sessionType;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
21 if (!isset($sessionType))
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
22 die("Session type not set.");
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
23
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
24 $_SESSION[$sessionType][$name] = $value;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
25 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
26
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
27
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
28 function stSessionExpire()
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
29 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
30 global $sessionType;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
31
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
32 // Check for session expiration
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
33 if (!isset($_SESSION[$sessionType]) || !isset($_SESSION[$sessionType]["expires"]))
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
34 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
35 if (stGetSetting("debug")) error_log("Session ".$sessionType." expires due to expire time not set.");
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
36 stSessionEnd();
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
37 return FALSE;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
38 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
39
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
40 if ($_SESSION[$sessionType]["expires"] < time())
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
41 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
42 if (stGetSetting("debug")) error_log("Session ".$sessionType." / ".session_id()." expires due to timeout ".$_SESSION[$sessionType]["expires"]." < ".time());
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
43 stSessionEnd();
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
44 return FALSE;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
45 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
46
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
47 // Add more time to expiration
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
48 $timeout = stGetSetting($_SESSION[$sessionType]["timeout"], 0);
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
49 if (stGetSetting("debug")) error_log("Adding more time to ".$sessionType." session ".session_id()." :: ".$timeout);
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
50 $_SESSION[$sessionType]["expires"] = time() + $timeout * 60;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
51 return TRUE;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
52 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
53
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
54
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
55 function stSessionEnd()
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
56 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
57 global $sessionType;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
58 $result = FALSE;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
59
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
60 if (stGetSetting("debug")) error_log("Request END session ".$sessionType);
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
61
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
62 if (@session_start() === TRUE && isset($_SESSION))
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
63 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
64 // End current session type
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
65 if (isset($_SESSION[$sessionType]))
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
66 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
67 if (stGetSetting("debug")) error_log("END session ".$sessionType." / ".$_SESSION[$sessionType]["expires"]);
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
68 $_SESSION[$sessionType] = array();
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
69 unset($_SESSION[$sessionType]);
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
70 $result = TRUE;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
71 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
72
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
73 // If all session types are ended, clear the cookies etc
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
74 if (!isset($_SESSION["user"]) && !isset($_SESSION["admin"]))
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
75 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
76 if (stGetSetting("debug")) error_log("Clearing all session data.");
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
77 $_SESSION = array();
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
78
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
79 if (ini_get("session.use_cookies"))
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
80 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
81 $params = session_get_cookie_params();
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
82 setcookie(session_name(), "", time() - 242000,
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
83 $params["path"], $params["domain"],
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
84 $params["secure"], $params["httponly"]
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
85 );
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
86 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
87
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
88 @session_destroy();
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
89 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
90 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
91
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
92 return $result;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
93 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
94
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
95
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
96 function stSessionStart($key, $timeout)
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
97 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
98 global $sessionType;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
99
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
100 if (@session_start() === TRUE)
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
101 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
102 if (stGetSetting("debug")) error_log("START ".$sessionType." session OK.");
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
103 $_SESSION[$sessionType] = array(
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
104 "key" => $key,
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
105 "timeout" => $timeout,
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
106 "expires" => time() + stGetSetting($timeout) * 60,
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
107 "message" => "",
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
108 "status" => 0,
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
109 );
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
110 return TRUE;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
111 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
112 else
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
113 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
114 if (stGetSetting("debug")) error_log("START ".$sessionType." session --FAILED--");
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
115 return FALSE;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
116 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
117 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
118
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
119
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
120 function stAdmSessionAuth()
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
121 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
122 if (@session_start() === TRUE &&
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
123 stGetSessionItem("key", FALSE) == stGetSetting("admPassword"))
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
124 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
125 if (stGetSetting("debug")) error_log("AUTH admin session OK.");
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
126 return stSessionExpire();
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
127 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
128 else
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
129 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
130 if (stGetSetting("debug")) error_log("AUTH admin session FAIL.");
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
131 return FALSE;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
132 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
133 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
134
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
135
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
136 function stUserSessionAuth()
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
137 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
138 global $sessionType;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
139
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
140 if (@session_start() === TRUE &&
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
141 isset($_SESSION[$sessionType]) &&
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
142 isset($_SESSION[$sessionType]["key"]))
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
143 return stSessionExpire();
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
144 else
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
145 return FALSE;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
146 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
147
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
148
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
149 function stSetSessionStatus($status)
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
150 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
151 global $sessionType;
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
152 if (isset($_SESSION[$sessionType]) || session_start() === TRUE)
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
153 {
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
154 if ($status >= 0)
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
155 stSetSessionItem("prevstatus", stGetSessionItem("status", FALSE));
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
156
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
157 stSetSessionItem("status", $status);
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
158 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
159 }
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
160
5bf22431176c Modularize.
Matti Hamalainen <ccr@tnsp.org>
parents:
diff changeset
161 ?>