Mercurial > hg > fapweb
changeset 33:5bf22431176c
Modularize.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Tue, 11 Dec 2012 11:46:47 +0200 |
parents | 36392d1d6b5f |
children | 8ecf7c04a837 |
files | admin.inc.php admlogin.php admlogout.php ajax.php index.php msession.inc.php msite.inc.php |
diffstat | 7 files changed, 167 insertions(+), 160 deletions(-) [+] |
line wrap: on
line diff
--- a/admin.inc.php Mon Dec 10 11:14:05 2012 +0200 +++ b/admin.inc.php Tue Dec 11 11:46:47 2012 +0200 @@ -50,7 +50,6 @@ "<p>Please use illegal telepathy over HTTP to provide a password to enter the party administration systembolaget.</p>\n". stGetFormStart("admlogin", "admlogin.php"). stGetFormHiddenInput("mode", "check")."\n". - stGetFormHiddenInput("goto", "admin")."\n". stGetFormPasswordInput("admpass", "", "")."\n". stGetFormSubmitInput("submit", "Login"). "</form>\n";
--- a/admlogin.php Mon Dec 10 11:14:05 2012 +0200 +++ b/admlogin.php Tue Dec 11 11:46:47 2012 +0200 @@ -2,13 +2,10 @@ $sessionType = "admin"; require "mconfig.inc.php"; require "msite.inc.php"; +require "msession.inc.php"; stSetupCacheControl(); -$target = stGetRequestItem("goto", FALSE); -if (!stCheckHTTPS() || $target === FALSE || $target == "" || strpos($target, "login.php") !== FALSE) - exit; - $password = stGetSetting("admPassword"); if (stGetRequestItem("admpass", FALSE) == $password) { @@ -20,5 +17,5 @@ error_log("Admin session AUTH LOGIN failed (password)"); } -header("Location: ".$target); +header("Location: admin"); ?> \ No newline at end of file
--- a/admlogout.php Mon Dec 10 11:14:05 2012 +0200 +++ b/admlogout.php Tue Dec 11 11:46:47 2012 +0200 @@ -2,6 +2,7 @@ $sessionType = "admin"; require "mconfig.inc.php"; require "msite.inc.php"; +require "msession.inc.php"; stSetupCacheControl();
--- a/ajax.php Mon Dec 10 11:14:05 2012 +0200 +++ b/ajax.php Tue Dec 11 11:46:47 2012 +0200 @@ -2,6 +2,7 @@ $sessionType = "admin"; require "mconfig.inc.php"; require "msite.inc.php"; +require "msession.inc.php"; // Check if we are allowed to execute if (!stCheckHTTPS() || !stAdmSessionAuth())
--- a/index.php Mon Dec 10 11:14:05 2012 +0200 +++ b/index.php Tue Dec 11 11:46:47 2012 +0200 @@ -2,6 +2,7 @@ require "mconfig.inc.php"; require "msite.inc.php"; require "mcommon.inc.php"; +require "msession.inc.php"; // Switch to https first, if needed
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/msession.inc.php Tue Dec 11 11:46:47 2012 +0200 @@ -0,0 +1,161 @@ +<? +// +// FAPWEB - Demo Party Website System System +// Session management and authentication +// (C) Copyright 2012 Matti 'ccr' Hamalainen <ccr@tnsp.org> +// + +function stGetSessionItem($name, $default = "") +{ + global $sessionType; + if (isset($sessionType)) + return (isset($_SESSION[$sessionType]) && isset($_SESSION[$sessionType][$name])) ? trim($_SESSION[$sessionType][$name]) : $default; + else + return isset($_SESSION[$name]) ? trim($_SESSION[$name]) : $default; +} + + +function stSetSessionItem($name, $value) +{ + global $sessionType; + if (!isset($sessionType)) + die("Session type not set."); + + $_SESSION[$sessionType][$name] = $value; +} + + +function stSessionExpire() +{ + global $sessionType; + + // Check for session expiration + if (!isset($_SESSION[$sessionType]) || !isset($_SESSION[$sessionType]["expires"])) + { + if (stGetSetting("debug")) error_log("Session ".$sessionType." expires due to expire time not set."); + stSessionEnd(); + return FALSE; + } + + if ($_SESSION[$sessionType]["expires"] < time()) + { + if (stGetSetting("debug")) error_log("Session ".$sessionType." / ".session_id()." expires due to timeout ".$_SESSION[$sessionType]["expires"]." < ".time()); + stSessionEnd(); + return FALSE; + } + + // Add more time to expiration + $timeout = stGetSetting($_SESSION[$sessionType]["timeout"], 0); + if (stGetSetting("debug")) error_log("Adding more time to ".$sessionType." session ".session_id()." :: ".$timeout); + $_SESSION[$sessionType]["expires"] = time() + $timeout * 60; + return TRUE; +} + + +function stSessionEnd() +{ + global $sessionType; + $result = FALSE; + + if (stGetSetting("debug")) error_log("Request END session ".$sessionType); + + if (@session_start() === TRUE && isset($_SESSION)) + { + // End current session type + if (isset($_SESSION[$sessionType])) + { + if (stGetSetting("debug")) error_log("END session ".$sessionType." / ".$_SESSION[$sessionType]["expires"]); + $_SESSION[$sessionType] = array(); + unset($_SESSION[$sessionType]); + $result = TRUE; + } + + // If all session types are ended, clear the cookies etc + if (!isset($_SESSION["user"]) && !isset($_SESSION["admin"])) + { + if (stGetSetting("debug")) error_log("Clearing all session data."); + $_SESSION = array(); + + if (ini_get("session.use_cookies")) + { + $params = session_get_cookie_params(); + setcookie(session_name(), "", time() - 242000, + $params["path"], $params["domain"], + $params["secure"], $params["httponly"] + ); + } + + @session_destroy(); + } + } + + return $result; +} + + +function stSessionStart($key, $timeout) +{ + global $sessionType; + + if (@session_start() === TRUE) + { + if (stGetSetting("debug")) error_log("START ".$sessionType." session OK."); + $_SESSION[$sessionType] = array( + "key" => $key, + "timeout" => $timeout, + "expires" => time() + stGetSetting($timeout) * 60, + "message" => "", + "status" => 0, + ); + return TRUE; + } + else + { + if (stGetSetting("debug")) error_log("START ".$sessionType." session --FAILED--"); + return FALSE; + } +} + + +function stAdmSessionAuth() +{ + if (@session_start() === TRUE && + stGetSessionItem("key", FALSE) == stGetSetting("admPassword")) + { + if (stGetSetting("debug")) error_log("AUTH admin session OK."); + return stSessionExpire(); + } + else + { + if (stGetSetting("debug")) error_log("AUTH admin session FAIL."); + return FALSE; + } +} + + +function stUserSessionAuth() +{ + global $sessionType; + + if (@session_start() === TRUE && + isset($_SESSION[$sessionType]) && + isset($_SESSION[$sessionType]["key"])) + return stSessionExpire(); + else + return FALSE; +} + + +function stSetSessionStatus($status) +{ + global $sessionType; + if (isset($_SESSION[$sessionType]) || session_start() === TRUE) + { + if ($status >= 0) + stSetSessionItem("prevstatus", stGetSessionItem("status", FALSE)); + + stSetSessionItem("status", $status); + } +} + +?> \ No newline at end of file
--- a/msite.inc.php Mon Dec 10 11:14:05 2012 +0200 +++ b/msite.inc.php Tue Dec 11 11:46:47 2012 +0200 @@ -1,6 +1,7 @@ <? // // FAPWEB - Demo Party Website System System +// Generic and miscellaneous site support code // (C) Copyright 2012 Matti 'ccr' Hamalainen <ccr@tnsp.org> // @@ -45,140 +46,6 @@ } -function stSessionExpire() -{ - global $sessionType; - - // Check for session expiration - if (!isset($_SESSION[$sessionType]) || !isset($_SESSION[$sessionType]["expires"])) - { - if (stGetSetting("debug")) error_log("Session ".$sessionType." expires due to expire time not set."); - stSessionEnd(); - return FALSE; - } - - if ($_SESSION[$sessionType]["expires"] < time()) - { - if (stGetSetting("debug")) error_log("Session ".$sessionType." / ".session_id()." expires due to timeout ".$_SESSION[$sessionType]["expires"]." < ".time()); - stSessionEnd(); - return FALSE; - } - - // Add more time to expiration - $timeout = stGetSetting($_SESSION[$sessionType]["timeout"], 0); - if (stGetSetting("debug")) error_log("Adding more time to ".$sessionType." session ".session_id()." :: ".$timeout); - $_SESSION[$sessionType]["expires"] = time() + $timeout * 60; - return TRUE; -} - - -function stSessionEnd() -{ - global $sessionType; - $result = FALSE; - - if (stGetSetting("debug")) error_log("Request END session ".$sessionType); - - if (@session_start() === TRUE && isset($_SESSION)) - { - // End current session type - if (isset($_SESSION[$sessionType])) - { - if (stGetSetting("debug")) error_log("END session ".$sessionType." / ".$_SESSION[$sessionType]["expires"]); - $_SESSION[$sessionType] = array(); - unset($_SESSION[$sessionType]); - $result = TRUE; - } - - // If all session types are ended, clear the cookies etc - if (!isset($_SESSION["user"]) && !isset($_SESSION["admin"])) - { - if (stGetSetting("debug")) error_log("Clearing all session data."); - $_SESSION = array(); - - if (ini_get("session.use_cookies")) - { - $params = session_get_cookie_params(); - setcookie(session_name(), "", time() - 242000, - $params["path"], $params["domain"], - $params["secure"], $params["httponly"] - ); - } - - @session_destroy(); - } - } - - return $result; -} - - -function stSessionStart($key, $timeout) -{ - global $sessionType; - - if (@session_start() === TRUE) - { - if (stGetSetting("debug")) error_log("START ".$sessionType." session OK."); - $_SESSION[$sessionType] = array( - "key" => $key, - "timeout" => $timeout, - "expires" => time() + stGetSetting($timeout) * 60, - "message" => "", - "status" => 0, - ); - return TRUE; - } - else - { - if (stGetSetting("debug")) error_log("START ".$sessionType." session --FAILED--"); - return FALSE; - } -} - - -function stAdmSessionAuth() -{ - if (@session_start() === TRUE && - stGetSessionItem("key", FALSE) == stGetSetting("admPassword")) - { - if (stGetSetting("debug")) error_log("AUTH admin session OK."); - return stSessionExpire(); - } - else - { - if (stGetSetting("debug")) error_log("AUTH admin session FAIL."); - return FALSE; - } -} - - -function stUserSessionAuth() -{ - global $sessionType; - - if (@session_start() === TRUE && - isset($_SESSION[$sessionType]) && - isset($_SESSION[$sessionType]["key"])) - return stSessionExpire(); - else - return FALSE; -} - - -function stSetSessionStatus($status) -{ - global $sessionType; - if (isset($_SESSION[$sessionType]) || session_start() === TRUE) - { - if ($status >= 0) - stSetSessionItem("prevstatus", stGetSessionItem("status", FALSE)); - - stSetSessionItem("status", $status); - } -} - - function stReloadSettings() { global $siteSettings; @@ -420,26 +287,6 @@ } -function stGetSessionItem($name, $default = "") -{ - global $sessionType; - if (isset($sessionType)) - return (isset($_SESSION[$sessionType]) && isset($_SESSION[$sessionType][$name])) ? trim($_SESSION[$sessionType][$name]) : $default; - else - return isset($_SESSION[$name]) ? trim($_SESSION[$name]) : $default; -} - - -function stSetSessionItem($name, $value) -{ - global $sessionType; - if (!isset($sessionType)) - die("Session type not set."); - - $_SESSION[$sessionType][$name] = $value; -} - - function stLogSQLError($sql) { global $db;