3 # Copyright (C) 2006 Jason Woofenden
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 # you'll need these database tables:
20 # create table wfpl_sessions (id int unique auto_increment, session_key varchar(16), length int, expires int);
21 # create table wfpl_session_data (id int unique auto_increment, session_id int, name varchar(100), value text);
22 # run this command to install/clear the tables:
23 # mysql DATABASE_NAME < code/wfpl/examples/session.sql
24 # note: you may need these parameters for mysql: -u USERNAME -p
28 # session_key 16 digit string identifying the session
29 # session_id integer id of the record in the "wfpl_sessions" table of the database
30 # UNTIL_CLOSE a constant passed as session length to indicate "until browser window closes"
33 # session_id is kept in $GLOBALS
34 # session_key is sent as a cookie, and thus appears in $_REQUEST. The clean version is in $GLOBALS
36 # generate a new random 16-character string
37 function session_generate_key() {
38 $character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
41 # PHP 4.2.0 and up seed the random number generator for you.
42 # Lets hope that it seeds with something harder to guess than the clock.
43 for($i = 0; $i < 16; ++$i) {
44 $id{$i} = $character_set{mt_rand(0, 61)};
50 # track this user with a session cookie (ie a cookie that goes away when the
51 # user closes the browser). The timestamp is how long to track the session in
52 # the database. Defaults to one day.
53 function session_new($length = 86400) {
54 $session_key = session_generate_key();
56 db_insert('wfpl_sessions', 'session_key,length', $session_key, $length);
57 $GLOBALS['session_id'] = db_auto_id();
58 $GLOBALS['session_key'] = $session_key;
59 $_REQUEST['session_key'] = $session_key; #just in case someone calls session_exists() after session_new()
60 session_touch($length);
61 return $GLOBALS['session_key'];
64 # call to renew the timeout for the session.
65 # assumes there's a session. call init_session() if you'd like one auto-create one if not found.
66 function session_touch($length = false) {
68 $length = db_get_value('wfpl_sessions', 'length', 'where id=%i', $GLOBALS['session_id']);
70 $expires = time() + $length;
72 header('Set-Cookie: session_key=' . $GLOBALS['session_key']);
74 db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['session_id']);
77 # delete the current session
78 function kill_session() {
79 if(!session_exists()) {
82 _kill_session($GLOBALS['session_id']);
85 # for internal use. use kill_session() above
86 function _kill_session($id) {
87 db_delete('wfpl_session_data', 'where session_id=%i', $id);
88 db_delete('wfpl_sessions', 'where id=%i', $id);
91 # delete expired sessions from database
92 function session_purge_old() {
94 $expired_sessions = db_get_column('wfpl_sessions', 'id', 'where expires < %i', $now);
95 if($expired_sessions) foreach($expired_sessions as $expired_session) {
96 _kill_session($expired_session);
100 # return true if a session exists
101 function session_exists() {
102 if(!isset($_REQUEST['session_key'])) {
106 if(isset($GLOBALS['session_id'])) {
110 $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_REQUEST['session_key']);
112 if(!strlen($session_key) == 16) {
116 $GLOBALS['session_key'] = $session_key;
119 $id = db_get_value('wfpl_sessions', 'id', 'where session_key=%"', $session_key);
124 $GLOBALS['session_id'] = $id;
129 function session_exists_and_authed() {
134 # generate a random password using only letters and numbers that look
135 # particularly unique
136 function new_readable_password($length = 8) {
137 $character_set = "ABCDEFHJKLMNPQRTUVWXY34789";
140 # PHP 4.2.0 and up seed the random number generator for you.
141 # Lets hope that it seeds with something harder to guess than the clock.
143 $code .= $character_set{mt_rand(0, 25)}; # inclusive
149 # return username if a session exists and is authenticated
150 function logged_in() {
151 if(!session_exists()) {
155 return session_get('auth_username');
160 # return username if a session exists and is authenticated
161 function logged_in_as_admin() {
162 if(!session_exists()) {
166 if(session_get('auth_admin')) {
173 # find existing session, or make one
174 function init_session() {
175 if(!session_exists()) {
180 # save a variable into the session
181 function session_set($name, $value) {
182 session_clear($name);
183 db_insert('wfpl_session_data', 'session_id,name,value', $GLOBALS['session_id'], $name, $value);
186 # remove variable from the session
187 function session_clear($name) {
188 db_delete('wfpl_session_data', 'where session_id=%i && name=%"', $GLOBALS['session_id'], $name);
191 # get a variable into the session
192 function session_get($name) {
193 return db_get_value('wfpl_session_data', 'value', 'where session_id=%i && name=%"', $GLOBALS['session_id'], $name);