Mercurial > hg > fapweb

view msession.inc.php @ 1096:bbc0a3d0b51e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Major renaming / refactor of site messages. Some that were previously modifiable from admin interface are now "hardcoded" in the configuration file. Having these settings made modifiable from there made no sense and just took space in the UI.
author Matti Hamalainen <ccr@tnsp.org>
date Fri, 27 Jan 2017 22:15:06 +0200
parents 4a95cd4fa341
children b2bca5f6d0ff
line wrap: on
line source

<?php
//
// FAPWeb - Simple Web-based Demoparty Management System
// Session management and authentication
// (C) Copyright 2012-2017 Tecnic Software productions (TNSP)
//

define("SESS_USER", "user");
define("SESS_ADMIN", "admin");


if (function_exists("ini_set"))
{
  // Use cookies to store the session ID on the client side
  @ini_set("session.use_only_cookies", 1);
      
  // Disable transparent Session ID support
  @ini_set("session.use_trans_sid", 0);
}


function stGetSpecSessionItem($stype, $name, $default = "")
{
  if (isset($stype))
    return (isset($_SESSION[$stype]) && isset($_SESSION[$stype][$name])) ? $_SESSION[$stype][$name] : $default;
  else
    return $default;
}


function stGetSessionItem($name, $default = "")
{
  global $sessionType;
  return stGetSpecSessionItem($sessionType, $name, $default);
}


function stSetSessionItem($name, $value)
{
  global $sessionType;
  if (!isset($sessionType))
    die("Session type not set.");
  
  $_SESSION[$sessionType][$name] = $value;
}


function stSessionExpire($stype, $silent = FALSE)
{
  // Check for session expiration
  if (!isset($_SESSION[$stype]) || !isset($_SESSION[$stype]["expires"]))
  {
    stDebug("Session ".$stype." expires due to expire time not set.");
    stSessionEnd($stype);
    return FALSE;
  }

  if ($_SESSION[$stype]["expires"] < time())
  {
    stDebug("Session ".$stype." / ".session_id()." expires due to timeout ".$_SESSION[$stype]["expires"]." < ".time());
    stSessionEnd($stype);
    return FALSE;
  }

  // Add more time to expiration
  $timeout = stGetSetting($_SESSION[$stype]["timeout"], 0);
  if (!$silent) stDebug("Adding more time to ".$stype." session ".session_id()." :: ".$timeout);
  $_SESSION[$stype]["expires"] = time() + $timeout * 60;
  return TRUE;
}


function stSessionEnd($stype)
{
  $result = FALSE;

  stDebug("Request END session ".$stype);

  if (@session_start() === TRUE && isset($_SESSION))
  {
    // End current session type
    if (isset($_SESSION[$stype]))
    {
      stDebug("END session ".$stype." / ".(isset($_SESSION[$stype]["expires"]) ? $_SESSION[$stype]["expires"] : "?"));
      $_SESSION[$stype] = array();
      unset($_SESSION[$stype]);
      $result = TRUE;
    }

    // If all session types are ended, clear the cookies etc
    if (!isset($_SESSION[SESS_USER]) && !isset($_SESSION[SESS_ADMIN]))
    {
      stDebug("Clearing all session data.");
      $_SESSION = array();

      if (ini_get("session.use_cookies"))
      {
        $params = session_get_cookie_params();
        setcookie(session_name(), "", time() - 242000,
          $params["path"], $params["domain"],
          $params["secure"], $params["httponly"]
        );
      }

      @session_destroy();
    }
  }

  return $result;
}


function stSessionStart($stype, $key, $timeout)
{
  if (@session_start() === TRUE)
  {
    stDebug("START ".$stype." session OK.");
    $_SESSION[$stype] = array(
      "key" => $key,
      "timeout" => $timeout,
      "expires" => time() + stGetSetting($timeout) * 60,
      "message" => "",
      "status" => 0,
      "csrfID" => hash("sha512", mt_rand(0, mt_getrandmax())),
    );
    return TRUE;
  }
  else
  {
    stDebug("START ".$stype." session --FAILED--");
    return FALSE;
  }
}


function stCSRFCheck()
{
  if (stGetSetting("debug"))
    return TRUE;

  $csrfID = stGetRequestItem("csrfID", FALSE);
  return ($csrfID !== FALSE && stGetSessionItem("csrfID", FALSE) == $csrfID);
}


function stAdmSessionAuth($silent = FALSE)
{
  if (@session_start() === TRUE &&
    stGetSpecSessionItem(SESS_ADMIN, "key", FALSE) == stGetSetting("admPassword"))
  {
    if (!$silent) stDebug("AUTH admin session OK.");
    return stSessionExpire(SESS_ADMIN, $silent);
  }
  else
  {
    if (!$silent) stDebug("AUTH admin session FAIL.");
    return FALSE;
  }
}


function stUserSessionAuth($silent = FALSE)
{
  if (@session_start() === TRUE &&
    stGetSpecSessionItem(SESS_USER, "key", FALSE) !== FALSE)
  {
    if (!$silent) stDebug("AUTH user session OK.");
    return stSessionExpire(SESS_USER, $silent);
  }
  else
  {
    if (!$silent) stDebug("AUTH user session FAIL.");
    return FALSE;
  }
}


?>