Mercurial > hg > fapweb
annotate msession.inc.php @ 77:70c0b21f0781
Support silent auth checks (no debug info).
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Thu, 17 Oct 2013 18:14:04 +0300 |
parents | 7bdf89601ba0 |
children | 1f34037a7cae |
rev | line source |
---|---|
33 | 1 <? |
2 // | |
3 // FAPWEB - Demo Party Website System System | |
4 // Session management and authentication | |
5 // (C) Copyright 2012 Matti 'ccr' Hamalainen <ccr@tnsp.org> | |
6 // | |
7 | |
51 | 8 function stDebug($msg) |
9 { | |
10 if (stGetSetting("debug")) | |
11 error_log($msg); | |
12 } | |
13 | |
14 | |
15 function stGetSpecSessionItem($stype, $name, $default = "") | |
16 { | |
17 if (isset($stype)) | |
18 return (isset($_SESSION[$stype]) && isset($_SESSION[$stype][$name])) ? $_SESSION[$stype][$name] : $default; | |
19 else | |
20 return $default; | |
21 } | |
22 | |
23 | |
33 | 24 function stGetSessionItem($name, $default = "") |
25 { | |
26 global $sessionType; | |
51 | 27 return stGetSpecSessionItem($sessionType, $name, $default); |
33 | 28 } |
29 | |
30 | |
31 function stSetSessionItem($name, $value) | |
32 { | |
33 global $sessionType; | |
34 if (!isset($sessionType)) | |
35 die("Session type not set."); | |
36 | |
37 $_SESSION[$sessionType][$name] = $value; | |
38 } | |
39 | |
40 | |
51 | 41 function stSessionExpire($stype) |
33 | 42 { |
43 // Check for session expiration | |
51 | 44 if (!isset($_SESSION[$stype]) || !isset($_SESSION[$stype]["expires"])) |
33 | 45 { |
51 | 46 stDebug("Session ".$stype." expires due to expire time not set."); |
47 stSessionEnd($stype); | |
33 | 48 return FALSE; |
49 } | |
50 | |
51 | 51 if ($_SESSION[$stype]["expires"] < time()) |
33 | 52 { |
51 | 53 stDebug("Session ".$stype." / ".session_id()." expires due to timeout ".$_SESSION[$stype]["expires"]." < ".time()); |
54 stSessionEnd($stype); | |
33 | 55 return FALSE; |
56 } | |
57 | |
58 // Add more time to expiration | |
51 | 59 $timeout = stGetSetting($_SESSION[$stype]["timeout"], 0); |
60 stDebug("Adding more time to ".$stype." session ".session_id()." :: ".$timeout); | |
61 $_SESSION[$stype]["expires"] = time() + $timeout * 60; | |
33 | 62 return TRUE; |
63 } | |
64 | |
65 | |
51 | 66 function stSessionEnd($stype) |
33 | 67 { |
68 $result = FALSE; | |
69 | |
51 | 70 stDebug("Request END session ".$stype); |
33 | 71 |
72 if (@session_start() === TRUE && isset($_SESSION)) | |
73 { | |
74 // End current session type | |
51 | 75 if (isset($_SESSION[$stype])) |
33 | 76 { |
51 | 77 stDebug("END session ".$stype." / ".$_SESSION[$stype]["expires"]); |
78 $_SESSION[$stype] = array(); | |
79 unset($_SESSION[$stype]); | |
33 | 80 $result = TRUE; |
81 } | |
82 | |
83 // If all session types are ended, clear the cookies etc | |
51 | 84 if (!isset($_SESSION[SESS_USER]) && !isset($_SESSION[SESS_ADMIN])) |
33 | 85 { |
51 | 86 stDebug("Clearing all session data."); |
33 | 87 $_SESSION = array(); |
88 | |
89 if (ini_get("session.use_cookies")) | |
90 { | |
91 $params = session_get_cookie_params(); | |
92 setcookie(session_name(), "", time() - 242000, | |
93 $params["path"], $params["domain"], | |
94 $params["secure"], $params["httponly"] | |
95 ); | |
96 } | |
97 | |
98 @session_destroy(); | |
99 } | |
100 } | |
101 | |
102 return $result; | |
103 } | |
104 | |
105 | |
51 | 106 function stSessionStart($stype, $key, $timeout) |
33 | 107 { |
108 if (@session_start() === TRUE) | |
109 { | |
51 | 110 stDebug("START ".$stype." session OK."); |
111 $_SESSION[$stype] = array( | |
33 | 112 "key" => $key, |
113 "timeout" => $timeout, | |
114 "expires" => time() + stGetSetting($timeout) * 60, | |
115 "message" => "", | |
116 "status" => 0, | |
117 ); | |
118 return TRUE; | |
119 } | |
120 else | |
121 { | |
51 | 122 stDebug("START ".$stype." session --FAILED--"); |
33 | 123 return FALSE; |
124 } | |
125 } | |
126 | |
127 | |
77
70c0b21f0781
Support silent auth checks (no debug info).
Matti Hamalainen <ccr@tnsp.org>
parents:
51
diff
changeset
|
128 function stAdmSessionAuth($silent) |
33 | 129 { |
130 if (@session_start() === TRUE && | |
51 | 131 stGetSpecSessionItem(SESS_ADMIN, "key", FALSE) == stGetSetting("admPassword")) |
33 | 132 { |
77
70c0b21f0781
Support silent auth checks (no debug info).
Matti Hamalainen <ccr@tnsp.org>
parents:
51
diff
changeset
|
133 if (!$silent) stDebug("AUTH admin session OK."); |
51 | 134 return stSessionExpire(SESS_ADMIN); |
33 | 135 } |
136 else | |
137 { | |
77
70c0b21f0781
Support silent auth checks (no debug info).
Matti Hamalainen <ccr@tnsp.org>
parents:
51
diff
changeset
|
138 if (!$silent) stDebug("AUTH admin session FAIL."); |
33 | 139 return FALSE; |
140 } | |
141 } | |
142 | |
143 | |
77
70c0b21f0781
Support silent auth checks (no debug info).
Matti Hamalainen <ccr@tnsp.org>
parents:
51
diff
changeset
|
144 function stUserSessionAuth($silent) |
33 | 145 { |
146 if (@session_start() === TRUE && | |
51 | 147 stGetSpecSessionItem(SESS_USER, "key", FALSE) !== FALSE) |
148 { | |
77
70c0b21f0781
Support silent auth checks (no debug info).
Matti Hamalainen <ccr@tnsp.org>
parents:
51
diff
changeset
|
149 if (!$silent) stDebug("AUTH user session OK."); |
51 | 150 return stSessionExpire(SESS_ADMIN); |
151 } | |
33 | 152 else |
51 | 153 { |
77
70c0b21f0781
Support silent auth checks (no debug info).
Matti Hamalainen <ccr@tnsp.org>
parents:
51
diff
changeset
|
154 if (!$silent) stDebug("AUTH user session FAIL."); |
33 | 155 return FALSE; |
51 | 156 } |
33 | 157 } |
158 | |
159 | |
160 function stSetSessionStatus($status) | |
161 { | |
162 global $sessionType; | |
163 if (isset($_SESSION[$sessionType]) || session_start() === TRUE) | |
164 { | |
165 if ($status >= 0) | |
166 stSetSessionItem("prevstatus", stGetSessionItem("status", FALSE)); | |
167 | |
168 stSetSessionItem("status", $status); | |
169 } | |
170 } | |
171 | |
172 ?> |