Mercurial > hg > fapweb

changeset 51:7bdf89601ba0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Work on session stuff.
author Matti Hamalainen <ccr@tnsp.org>
date Sat, 05 Oct 2013 06:55:58 +0300
parents 184a4188555c
children cba0b944da79
files admlogin.php admlogout.php index.php mconfig.inc.php.example msession.inc.php msite.inc.php usrlogout.php vote.inc.php
diffstat 8 files changed, 60 insertions(+), 45 deletions(-) [+]
line wrap: on
line diff
--- a/admlogin.php	Sat Oct 05 04:14:21 2013 +0300
+++ b/admlogin.php	Sat Oct 05 06:55:58 2013 +0300
@@ -9,7 +9,7 @@
 $password = stGetSetting("admPassword");
 if (stGetRequestItem("admpass", FALSE) == $password)
 {
-  if (!stSessionStart($password, "admTimeout"))
+  if (!stSessionStart(SESS_ADMIN, $password, "admTimeout"))
     error_log("Admin session AUTH LOGIN failed (session setup)");
 }
 else
--- a/admlogout.php	Sat Oct 05 04:14:21 2013 +0300
+++ b/admlogout.php	Sat Oct 05 06:55:58 2013 +0300
@@ -6,7 +6,7 @@
 
 stSetupCacheControl();
 
-stSessionEnd();
+stSessionEnd(SESS_ADMIN);
 
 header("Location: admin");
 ?>
\ No newline at end of file
--- a/index.php	Sat Oct 05 04:14:21 2013 +0300
+++ b/index.php	Sat Oct 05 06:55:58 2013 +0300
@@ -54,7 +54,7 @@
 if (stGetSetting("showResults"))
 echo "  <a href=\"results\">Results</a>\n";
 
-if (stGetSetting("showAdmin"))
+if (stGetSetting("showAdmin") || stAdmSessionAuth())
 echo "  <a href=\"admin\">Admin</a>\n";
 ?>
   <? echo stGetSetting("siteMenuFooter") ?>
--- a/mconfig.inc.php.example	Sat Oct 05 04:14:21 2013 +0300
+++ b/mconfig.inc.php.example	Sat Oct 05 06:55:58 2013 +0300
@@ -14,6 +14,7 @@
   "admTimeout"      => 15,
 );
 
+date_default_timezone_set("Europe/Helsinki");
 
 $securePages = array(
   "/fap2012/admin" => true,
--- a/msession.inc.php	Sat Oct 05 04:14:21 2013 +0300
+++ b/msession.inc.php	Sat Oct 05 06:55:58 2013 +0300
@@ -5,13 +5,26 @@
 // (C) Copyright 2012 Matti 'ccr' Hamalainen <ccr@tnsp.org>
 //
 
+function stDebug($msg)
+{
+  if (stGetSetting("debug"))
+    error_log($msg);
+}
+
+
+function stGetSpecSessionItem($stype, $name, $default = "")
+{
+  if (isset($stype))
+    return (isset($_SESSION[$stype]) && isset($_SESSION[$stype][$name])) ? $_SESSION[$stype][$name] : $default;
+  else
+    return $default;
+}
+
+
 function stGetSessionItem($name, $default = "")
 {
   global $sessionType;
-  if (isset($sessionType))
-    return (isset($_SESSION[$sessionType]) && isset($_SESSION[$sessionType][$name])) ? trim($_SESSION[$sessionType][$name]) : $default;
-  else
-    return isset($_SESSION[$name]) ? trim($_SESSION[$name]) : $default;
+  return stGetSpecSessionItem($sessionType, $name, $default);
 }
 
 
@@ -25,55 +38,52 @@
 }
 
 
-function stSessionExpire()
+function stSessionExpire($stype)
 {
-  global $sessionType;
-
   // Check for session expiration
-  if (!isset($_SESSION[$sessionType]) || !isset($_SESSION[$sessionType]["expires"]))
+  if (!isset($_SESSION[$stype]) || !isset($_SESSION[$stype]["expires"]))
   {
-    if (stGetSetting("debug")) error_log("Session ".$sessionType." expires due to expire time not set.");
-    stSessionEnd();
+    stDebug("Session ".$stype." expires due to expire time not set.");
+    stSessionEnd($stype);
     return FALSE;
   }
   
-  if ($_SESSION[$sessionType]["expires"] < time())
+  if ($_SESSION[$stype]["expires"] < time())
   {
-    if (stGetSetting("debug")) error_log("Session ".$sessionType." / ".session_id()." expires due to timeout ".$_SESSION[$sessionType]["expires"]." < ".time());
-    stSessionEnd();
+    stDebug("Session ".$stype." / ".session_id()." expires due to timeout ".$_SESSION[$stype]["expires"]." < ".time());
+    stSessionEnd($stype);
     return FALSE;
   }
 
   // Add more time to expiration
-  $timeout = stGetSetting($_SESSION[$sessionType]["timeout"], 0);
-  if (stGetSetting("debug")) error_log("Adding more time to ".$sessionType." session ".session_id()." :: ".$timeout);
-  $_SESSION[$sessionType]["expires"] = time() + $timeout * 60;
+  $timeout = stGetSetting($_SESSION[$stype]["timeout"], 0);
+  stDebug("Adding more time to ".$stype." session ".session_id()." :: ".$timeout);
+  $_SESSION[$stype]["expires"] = time() + $timeout * 60;
   return TRUE;
 }
 
 
-function stSessionEnd()
+function stSessionEnd($stype)
 {
-  global $sessionType;
   $result = FALSE;
 
-  if (stGetSetting("debug")) error_log("Request END session ".$sessionType);
+  stDebug("Request END session ".$stype);
 
   if (@session_start() === TRUE && isset($_SESSION))
   {
     // End current session type
-    if (isset($_SESSION[$sessionType]))
+    if (isset($_SESSION[$stype]))
     {
-      if (stGetSetting("debug")) error_log("END session ".$sessionType." / ".$_SESSION[$sessionType]["expires"]);
-      $_SESSION[$sessionType] = array();
-      unset($_SESSION[$sessionType]);
+      stDebug("END session ".$stype." / ".$_SESSION[$stype]["expires"]);
+      $_SESSION[$stype] = array();
+      unset($_SESSION[$stype]);
       $result = TRUE;
     }
 
     // If all session types are ended, clear the cookies etc
-    if (!isset($_SESSION["user"]) && !isset($_SESSION["admin"]))
+    if (!isset($_SESSION[SESS_USER]) && !isset($_SESSION[SESS_ADMIN]))
     {
-      if (stGetSetting("debug")) error_log("Clearing all session data.");
+      stDebug("Clearing all session data.");
       $_SESSION = array();
 
       if (ini_get("session.use_cookies"))
@@ -93,14 +103,12 @@
 }
 
 
-function stSessionStart($key, $timeout)
+function stSessionStart($stype, $key, $timeout)
 {
-  global $sessionType;
-
   if (@session_start() === TRUE)
   {
-    if (stGetSetting("debug")) error_log("START ".$sessionType." session OK.");
-    $_SESSION[$sessionType] = array(
+    stDebug("START ".$stype." session OK.");
+    $_SESSION[$stype] = array(
       "key" => $key,
       "timeout" => $timeout,
       "expires" => time() + stGetSetting($timeout) * 60,
@@ -111,7 +119,7 @@
   }
   else
   {
-    if (stGetSetting("debug")) error_log("START ".$sessionType." session --FAILED--");
+    stDebug("START ".$stype." session --FAILED--");
     return FALSE;
   }
 }
@@ -120,14 +128,14 @@
 function stAdmSessionAuth()
 {
   if (@session_start() === TRUE &&
-    stGetSessionItem("key", FALSE) == stGetSetting("admPassword"))
+    stGetSpecSessionItem(SESS_ADMIN, "key", FALSE) == stGetSetting("admPassword"))
   {
-    if (stGetSetting("debug")) error_log("AUTH admin session OK.");
-    return stSessionExpire();
+    stDebug("AUTH admin session OK.");
+    return stSessionExpire(SESS_ADMIN);
   }
   else
   {
-    if (stGetSetting("debug")) error_log("AUTH admin session FAIL.");
+    stDebug("AUTH admin session FAIL.");
     return FALSE;
   }
 }
@@ -135,14 +143,17 @@
 
 function stUserSessionAuth()
 {
-  global $sessionType;
-
   if (@session_start() === TRUE &&
-    isset($_SESSION[$sessionType]) &&
-    isset($_SESSION[$sessionType]["key"]))
-    return stSessionExpire();
+    stGetSpecSessionItem(SESS_USER, "key", FALSE) !== FALSE)
+  {
+    stDebug("AUTH user session OK.");
+    return stSessionExpire(SESS_ADMIN);
+  }
   else
+  {
+    stDebug("AUTH user session FAIL.");
     return FALSE;
+  }
 }
 
 
--- a/msite.inc.php	Sat Oct 05 04:14:21 2013 +0300
+++ b/msite.inc.php	Sat Oct 05 06:55:58 2013 +0300
@@ -14,6 +14,9 @@
 define("VT_BOOL", 3);
 define("VT_TEXT", 4);
 
+define("SESS_USER", "user");
+define("SESS_ADMIN", "admin");
+
 
 if (function_exists("ini_set"))
 {
--- a/usrlogout.php	Sat Oct 05 04:14:21 2013 +0300
+++ b/usrlogout.php	Sat Oct 05 06:55:58 2013 +0300
@@ -5,7 +5,7 @@
 
 stSetupCacheControl();
 
-stSessionEnd();
+stSessionEnd(SESS_USER);
 
 header("Location: vote");
 ?>
\ No newline at end of file
--- a/vote.inc.php	Sat Oct 05 04:14:21 2013 +0300
+++ b/vote.inc.php	Sat Oct 05 06:55:58 2013 +0300
@@ -107,7 +107,7 @@
   {
     echo "<h1>Yay, you have voted!</h1>\n".
     "<p>Now go FAP some more! And make a demo about it.</p>";
-    stSessionEnd(TRUE);
+    stSessionEnd(SESS_USER);
   }
 }
 ?>
\ No newline at end of file