Mercurial > hg > fapweb
changeset 51:7bdf89601ba0
Work on session stuff.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Sat, 05 Oct 2013 06:55:58 +0300 |
parents | 184a4188555c |
children | cba0b944da79 |
files | admlogin.php admlogout.php index.php mconfig.inc.php.example msession.inc.php msite.inc.php usrlogout.php vote.inc.php |
diffstat | 8 files changed, 60 insertions(+), 45 deletions(-) [+] |
line wrap: on
line diff
--- a/admlogin.php Sat Oct 05 04:14:21 2013 +0300 +++ b/admlogin.php Sat Oct 05 06:55:58 2013 +0300 @@ -9,7 +9,7 @@ $password = stGetSetting("admPassword"); if (stGetRequestItem("admpass", FALSE) == $password) { - if (!stSessionStart($password, "admTimeout")) + if (!stSessionStart(SESS_ADMIN, $password, "admTimeout")) error_log("Admin session AUTH LOGIN failed (session setup)"); } else
--- a/admlogout.php Sat Oct 05 04:14:21 2013 +0300 +++ b/admlogout.php Sat Oct 05 06:55:58 2013 +0300 @@ -6,7 +6,7 @@ stSetupCacheControl(); -stSessionEnd(); +stSessionEnd(SESS_ADMIN); header("Location: admin"); ?> \ No newline at end of file
--- a/index.php Sat Oct 05 04:14:21 2013 +0300 +++ b/index.php Sat Oct 05 06:55:58 2013 +0300 @@ -54,7 +54,7 @@ if (stGetSetting("showResults")) echo " <a href=\"results\">Results</a>\n"; -if (stGetSetting("showAdmin")) +if (stGetSetting("showAdmin") || stAdmSessionAuth()) echo " <a href=\"admin\">Admin</a>\n"; ?> <? echo stGetSetting("siteMenuFooter") ?>
--- a/mconfig.inc.php.example Sat Oct 05 04:14:21 2013 +0300 +++ b/mconfig.inc.php.example Sat Oct 05 06:55:58 2013 +0300 @@ -14,6 +14,7 @@ "admTimeout" => 15, ); +date_default_timezone_set("Europe/Helsinki"); $securePages = array( "/fap2012/admin" => true,
--- a/msession.inc.php Sat Oct 05 04:14:21 2013 +0300 +++ b/msession.inc.php Sat Oct 05 06:55:58 2013 +0300 @@ -5,13 +5,26 @@ // (C) Copyright 2012 Matti 'ccr' Hamalainen <ccr@tnsp.org> // +function stDebug($msg) +{ + if (stGetSetting("debug")) + error_log($msg); +} + + +function stGetSpecSessionItem($stype, $name, $default = "") +{ + if (isset($stype)) + return (isset($_SESSION[$stype]) && isset($_SESSION[$stype][$name])) ? $_SESSION[$stype][$name] : $default; + else + return $default; +} + + function stGetSessionItem($name, $default = "") { global $sessionType; - if (isset($sessionType)) - return (isset($_SESSION[$sessionType]) && isset($_SESSION[$sessionType][$name])) ? trim($_SESSION[$sessionType][$name]) : $default; - else - return isset($_SESSION[$name]) ? trim($_SESSION[$name]) : $default; + return stGetSpecSessionItem($sessionType, $name, $default); } @@ -25,55 +38,52 @@ } -function stSessionExpire() +function stSessionExpire($stype) { - global $sessionType; - // Check for session expiration - if (!isset($_SESSION[$sessionType]) || !isset($_SESSION[$sessionType]["expires"])) + if (!isset($_SESSION[$stype]) || !isset($_SESSION[$stype]["expires"])) { - if (stGetSetting("debug")) error_log("Session ".$sessionType." expires due to expire time not set."); - stSessionEnd(); + stDebug("Session ".$stype." expires due to expire time not set."); + stSessionEnd($stype); return FALSE; } - if ($_SESSION[$sessionType]["expires"] < time()) + if ($_SESSION[$stype]["expires"] < time()) { - if (stGetSetting("debug")) error_log("Session ".$sessionType." / ".session_id()." expires due to timeout ".$_SESSION[$sessionType]["expires"]." < ".time()); - stSessionEnd(); + stDebug("Session ".$stype." / ".session_id()." expires due to timeout ".$_SESSION[$stype]["expires"]." < ".time()); + stSessionEnd($stype); return FALSE; } // Add more time to expiration - $timeout = stGetSetting($_SESSION[$sessionType]["timeout"], 0); - if (stGetSetting("debug")) error_log("Adding more time to ".$sessionType." session ".session_id()." :: ".$timeout); - $_SESSION[$sessionType]["expires"] = time() + $timeout * 60; + $timeout = stGetSetting($_SESSION[$stype]["timeout"], 0); + stDebug("Adding more time to ".$stype." session ".session_id()." :: ".$timeout); + $_SESSION[$stype]["expires"] = time() + $timeout * 60; return TRUE; } -function stSessionEnd() +function stSessionEnd($stype) { - global $sessionType; $result = FALSE; - if (stGetSetting("debug")) error_log("Request END session ".$sessionType); + stDebug("Request END session ".$stype); if (@session_start() === TRUE && isset($_SESSION)) { // End current session type - if (isset($_SESSION[$sessionType])) + if (isset($_SESSION[$stype])) { - if (stGetSetting("debug")) error_log("END session ".$sessionType." / ".$_SESSION[$sessionType]["expires"]); - $_SESSION[$sessionType] = array(); - unset($_SESSION[$sessionType]); + stDebug("END session ".$stype." / ".$_SESSION[$stype]["expires"]); + $_SESSION[$stype] = array(); + unset($_SESSION[$stype]); $result = TRUE; } // If all session types are ended, clear the cookies etc - if (!isset($_SESSION["user"]) && !isset($_SESSION["admin"])) + if (!isset($_SESSION[SESS_USER]) && !isset($_SESSION[SESS_ADMIN])) { - if (stGetSetting("debug")) error_log("Clearing all session data."); + stDebug("Clearing all session data."); $_SESSION = array(); if (ini_get("session.use_cookies")) @@ -93,14 +103,12 @@ } -function stSessionStart($key, $timeout) +function stSessionStart($stype, $key, $timeout) { - global $sessionType; - if (@session_start() === TRUE) { - if (stGetSetting("debug")) error_log("START ".$sessionType." session OK."); - $_SESSION[$sessionType] = array( + stDebug("START ".$stype." session OK."); + $_SESSION[$stype] = array( "key" => $key, "timeout" => $timeout, "expires" => time() + stGetSetting($timeout) * 60, @@ -111,7 +119,7 @@ } else { - if (stGetSetting("debug")) error_log("START ".$sessionType." session --FAILED--"); + stDebug("START ".$stype." session --FAILED--"); return FALSE; } } @@ -120,14 +128,14 @@ function stAdmSessionAuth() { if (@session_start() === TRUE && - stGetSessionItem("key", FALSE) == stGetSetting("admPassword")) + stGetSpecSessionItem(SESS_ADMIN, "key", FALSE) == stGetSetting("admPassword")) { - if (stGetSetting("debug")) error_log("AUTH admin session OK."); - return stSessionExpire(); + stDebug("AUTH admin session OK."); + return stSessionExpire(SESS_ADMIN); } else { - if (stGetSetting("debug")) error_log("AUTH admin session FAIL."); + stDebug("AUTH admin session FAIL."); return FALSE; } } @@ -135,14 +143,17 @@ function stUserSessionAuth() { - global $sessionType; - if (@session_start() === TRUE && - isset($_SESSION[$sessionType]) && - isset($_SESSION[$sessionType]["key"])) - return stSessionExpire(); + stGetSpecSessionItem(SESS_USER, "key", FALSE) !== FALSE) + { + stDebug("AUTH user session OK."); + return stSessionExpire(SESS_ADMIN); + } else + { + stDebug("AUTH user session FAIL."); return FALSE; + } }
--- a/msite.inc.php Sat Oct 05 04:14:21 2013 +0300 +++ b/msite.inc.php Sat Oct 05 06:55:58 2013 +0300 @@ -14,6 +14,9 @@ define("VT_BOOL", 3); define("VT_TEXT", 4); +define("SESS_USER", "user"); +define("SESS_ADMIN", "admin"); + if (function_exists("ini_set")) {
--- a/usrlogout.php Sat Oct 05 04:14:21 2013 +0300 +++ b/usrlogout.php Sat Oct 05 06:55:58 2013 +0300 @@ -5,7 +5,7 @@ stSetupCacheControl(); -stSessionEnd(); +stSessionEnd(SESS_USER); header("Location: vote"); ?> \ No newline at end of file
--- a/vote.inc.php Sat Oct 05 04:14:21 2013 +0300 +++ b/vote.inc.php Sat Oct 05 06:55:58 2013 +0300 @@ -107,7 +107,7 @@ { echo "<h1>Yay, you have voted!</h1>\n". "<p>Now go FAP some more! And make a demo about it.</p>"; - stSessionEnd(TRUE); + stSessionEnd(SESS_USER); } } ?> \ No newline at end of file