Mercurial > hg > fapweb
view msession.inc.php @ 1096:bbc0a3d0b51e
Major renaming / refactor of site messages. Some that were previously
modifiable from admin interface are now "hardcoded" in the configuration
file. Having these settings made modifiable from there made no sense
and just took space in the UI.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Fri, 27 Jan 2017 22:15:06 +0200 |
parents | 4a95cd4fa341 |
children | b2bca5f6d0ff |
line wrap: on
line source
<?php // // FAPWeb - Simple Web-based Demoparty Management System // Session management and authentication // (C) Copyright 2012-2017 Tecnic Software productions (TNSP) // define("SESS_USER", "user"); define("SESS_ADMIN", "admin"); if (function_exists("ini_set")) { // Use cookies to store the session ID on the client side @ini_set("session.use_only_cookies", 1); // Disable transparent Session ID support @ini_set("session.use_trans_sid", 0); } function stGetSpecSessionItem($stype, $name, $default = "") { if (isset($stype)) return (isset($_SESSION[$stype]) && isset($_SESSION[$stype][$name])) ? $_SESSION[$stype][$name] : $default; else return $default; } function stGetSessionItem($name, $default = "") { global $sessionType; return stGetSpecSessionItem($sessionType, $name, $default); } function stSetSessionItem($name, $value) { global $sessionType; if (!isset($sessionType)) die("Session type not set."); $_SESSION[$sessionType][$name] = $value; } function stSessionExpire($stype, $silent = FALSE) { // Check for session expiration if (!isset($_SESSION[$stype]) || !isset($_SESSION[$stype]["expires"])) { stDebug("Session ".$stype." expires due to expire time not set."); stSessionEnd($stype); return FALSE; } if ($_SESSION[$stype]["expires"] < time()) { stDebug("Session ".$stype." / ".session_id()." expires due to timeout ".$_SESSION[$stype]["expires"]." < ".time()); stSessionEnd($stype); return FALSE; } // Add more time to expiration $timeout = stGetSetting($_SESSION[$stype]["timeout"], 0); if (!$silent) stDebug("Adding more time to ".$stype." session ".session_id()." :: ".$timeout); $_SESSION[$stype]["expires"] = time() + $timeout * 60; return TRUE; } function stSessionEnd($stype) { $result = FALSE; stDebug("Request END session ".$stype); if (@session_start() === TRUE && isset($_SESSION)) { // End current session type if (isset($_SESSION[$stype])) { stDebug("END session ".$stype." / ".(isset($_SESSION[$stype]["expires"]) ? $_SESSION[$stype]["expires"] : "?")); $_SESSION[$stype] = array(); unset($_SESSION[$stype]); $result = TRUE; } // If all session types are ended, clear the cookies etc if (!isset($_SESSION[SESS_USER]) && !isset($_SESSION[SESS_ADMIN])) { stDebug("Clearing all session data."); $_SESSION = array(); if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), "", time() - 242000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } @session_destroy(); } } return $result; } function stSessionStart($stype, $key, $timeout) { if (@session_start() === TRUE) { stDebug("START ".$stype." session OK."); $_SESSION[$stype] = array( "key" => $key, "timeout" => $timeout, "expires" => time() + stGetSetting($timeout) * 60, "message" => "", "status" => 0, "csrfID" => hash("sha512", mt_rand(0, mt_getrandmax())), ); return TRUE; } else { stDebug("START ".$stype." session --FAILED--"); return FALSE; } } function stCSRFCheck() { if (stGetSetting("debug")) return TRUE; $csrfID = stGetRequestItem("csrfID", FALSE); return ($csrfID !== FALSE && stGetSessionItem("csrfID", FALSE) == $csrfID); } function stAdmSessionAuth($silent = FALSE) { if (@session_start() === TRUE && stGetSpecSessionItem(SESS_ADMIN, "key", FALSE) == stGetSetting("admPassword")) { if (!$silent) stDebug("AUTH admin session OK."); return stSessionExpire(SESS_ADMIN, $silent); } else { if (!$silent) stDebug("AUTH admin session FAIL."); return FALSE; } } function stUserSessionAuth($silent = FALSE) { if (@session_start() === TRUE && stGetSpecSessionItem(SESS_USER, "key", FALSE) !== FALSE) { if (!$silent) stDebug("AUTH user session OK."); return stSessionExpire(SESS_USER, $silent); } else { if (!$silent) stDebug("AUTH user session FAIL."); return FALSE; } } ?>