Mercurial > hg > fapweb
view msession.inc.php @ 1086:4a95cd4fa341
Check for existence of "expires" field in session data.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Thu, 26 Jan 2017 00:30:58 +0200 |
| parents | 48e16e856646 |
| children | b2bca5f6d0ff |
line wrap: on
line source
<?php // // FAPWeb - Simple Web-based Demoparty Management System // Session management and authentication // (C) Copyright 2012-2017 Tecnic Software productions (TNSP) // define("SESS_USER", "user"); define("SESS_ADMIN", "admin"); if (function_exists("ini_set")) { // Use cookies to store the session ID on the client side @ini_set("session.use_only_cookies", 1); // Disable transparent Session ID support @ini_set("session.use_trans_sid", 0); } function stGetSpecSessionItem($stype, $name, $default = "") { if (isset($stype)) return (isset($_SESSION[$stype]) && isset($_SESSION[$stype][$name])) ? $_SESSION[$stype][$name] : $default; else return $default; } function stGetSessionItem($name, $default = "") { global $sessionType; return stGetSpecSessionItem($sessionType, $name, $default); } function stSetSessionItem($name, $value) { global $sessionType; if (!isset($sessionType)) die("Session type not set."); $_SESSION[$sessionType][$name] = $value; } function stSessionExpire($stype, $silent = FALSE) { // Check for session expiration if (!isset($_SESSION[$stype]) || !isset($_SESSION[$stype]["expires"])) { stDebug("Session ".$stype." expires due to expire time not set."); stSessionEnd($stype); return FALSE; } if ($_SESSION[$stype]["expires"] < time()) { stDebug("Session ".$stype." / ".session_id()." expires due to timeout ".$_SESSION[$stype]["expires"]." < ".time()); stSessionEnd($stype); return FALSE; } // Add more time to expiration $timeout = stGetSetting($_SESSION[$stype]["timeout"], 0); if (!$silent) stDebug("Adding more time to ".$stype." session ".session_id()." :: ".$timeout); $_SESSION[$stype]["expires"] = time() + $timeout * 60; return TRUE; } function stSessionEnd($stype) { $result = FALSE; stDebug("Request END session ".$stype); if (@session_start() === TRUE && isset($_SESSION)) { // End current session type if (isset($_SESSION[$stype])) { stDebug("END session ".$stype." / ".(isset($_SESSION[$stype]["expires"]) ? $_SESSION[$stype]["expires"] : "?")); $_SESSION[$stype] = array(); unset($_SESSION[$stype]); $result = TRUE; } // If all session types are ended, clear the cookies etc if (!isset($_SESSION[SESS_USER]) && !isset($_SESSION[SESS_ADMIN])) { stDebug("Clearing all session data."); $_SESSION = array(); if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), "", time() - 242000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } @session_destroy(); } } return $result; } function stSessionStart($stype, $key, $timeout) { if (@session_start() === TRUE) { stDebug("START ".$stype." session OK."); $_SESSION[$stype] = array( "key" => $key, "timeout" => $timeout, "expires" => time() + stGetSetting($timeout) * 60, "message" => "", "status" => 0, "csrfID" => hash("sha512", mt_rand(0, mt_getrandmax())), ); return TRUE; } else { stDebug("START ".$stype." session --FAILED--"); return FALSE; } } function stCSRFCheck() { if (stGetSetting("debug")) return TRUE; $csrfID = stGetRequestItem("csrfID", FALSE); return ($csrfID !== FALSE && stGetSessionItem("csrfID", FALSE) == $csrfID); } function stAdmSessionAuth($silent = FALSE) { if (@session_start() === TRUE && stGetSpecSessionItem(SESS_ADMIN, "key", FALSE) == stGetSetting("admPassword")) { if (!$silent) stDebug("AUTH admin session OK."); return stSessionExpire(SESS_ADMIN, $silent); } else { if (!$silent) stDebug("AUTH admin session FAIL."); return FALSE; } } function stUserSessionAuth($silent = FALSE) { if (@session_start() === TRUE && stGetSpecSessionItem(SESS_USER, "key", FALSE) !== FALSE) { if (!$silent) stDebug("AUTH user session OK."); return stSessionExpire(SESS_USER, $silent); } else { if (!$silent) stDebug("AUTH user session FAIL."); return FALSE; } } ?>