X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;f=session.php;h=9dc3f4e855b76fcb81fc11f0727edadc00259d93;hb=608ecf965408645758cdca1e5f01ff5ac3eff166;hp=93b374f9e8060736993204a4d2b36710b9795393;hpb=6efe0372c5d3b2db723ada811917b6a52f13130b;p=wfpl.git diff --git a/session.php b/session.php index 93b374f..9dc3f4e 100644 --- a/session.php +++ b/session.php @@ -1,11 +1,27 @@ . + + +# you'll need these database tables: +# create table wfpl_sessions (id int unique auto_increment, session_key varchar(16), length int, expires int); +# create table wfpl_session_data (id int unique auto_increment, session_id int, name varchar(100), value text); +# run this command to install/clear the tables: +# mysql DATABASE_NAME < code/wfpl/examples/session.sql +# note: you may need these parameters for mysql: -u USERNAME -p # GLOSSARY # @@ -19,7 +35,7 @@ require_once('db_connect.php'); # generate a new random 16-character string function session_generate_key() { - $character_set = "abcdefghijklmnopqrstuvwqyzABCDEFGHIJKLMNOPQRSTUVWQYZ0123456789"; + $character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $id = " "; # PHP 4.2.0 and up seed the random number generator for you. @@ -37,35 +53,47 @@ function session_generate_key() { function session_new($length = 86400) { $session_key = session_generate_key(); - db_insert('sessions', 'session_key,length', $session_key, $length); + db_insert('wfpl_sessions', 'session_key,length', $session_key, $length); $GLOBALS['session_id'] = db_auto_id(); $GLOBALS['session_key'] = $session_key; $_REQUEST['session_key'] = $session_key; #just in case someone calls session_exists() after session_new() session_touch($length); + return $GLOBALS['session_key']; } # call to renew the timeout for the session. -# assumes there's a session. call session_init() if you'd like one auto-create one if not found. +# assumes there's a session. call init_session() if you'd like one auto-create one if not found. function session_touch($length = false) { if(!$length) { - $length = db_get_value('sessions', 'length', 'id = %i', $GLOBALS['session_id']); + $length = db_get_value('wfpl_sessions', 'length', 'where id=%i', $GLOBALS['session_id']); } $expires = time() + $length; header('Set-Cookie: session_key=' . $GLOBALS['session_key']); - db_update('sessions', 'expires', $expires, 'id = %i', $GLOBALS['session_id']); + db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['session_id']); +} + +# delete the current session +function kill_session() { + if(!session_exists()) { + return; + } + _kill_session($GLOBALS['session_id']); +} + +# for internal use. use kill_session() above +function _kill_session($id) { + db_delete('wfpl_session_data', 'where session_id=%i', $id); + db_delete('wfpl_sessions', 'where id=%i', $id); } # delete expired sessions from database function session_purge_old() { $now = time(); - $exired_sessions = db_get_column('sessions', 'id', 'expires < %i', $now); - db_delete('sessions', 'expires < %i', $now); - if($expired_sessions) { - foreach($expired_sessions as $expired_session) { - db_delete('session_data', 'session_id=%i', $expired_session); - } + $expired_sessions = db_get_column('wfpl_sessions', 'id', 'where expires < %i', $now); + if($expired_sessions) foreach($expired_sessions as $expired_session) { + _kill_session($expired_session); } } @@ -75,6 +103,10 @@ function session_exists() { return false; } + if(isset($GLOBALS['session_id'])) { + return true; + } + $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_REQUEST['session_key']); if(!strlen($session_key) == 16) { @@ -84,7 +116,7 @@ function session_exists() { $GLOBALS['session_key'] = $session_key; session_purge_old(); - $id = db_get_value('sessions', 'id', 'session_key = %"', $session_key); + $id = db_get_value('wfpl_sessions', 'id', 'where session_key=%"', $session_key); if($id === false) { return false; } @@ -93,8 +125,13 @@ function session_exists() { return true; } -# return username if a session exists and is authenticated +# depricated function session_exists_and_authed() { + return logged_in(); +} + +# return username if a session exists and is authenticated +function logged_in() { if(!session_exists()) { return false; } @@ -103,6 +140,20 @@ function session_exists_and_authed() { } + +# return username if a session exists and is authenticated +function logged_in_as_admin() { + if(!session_exists()) { + return false; + } + + if(session_get('auth_admin')) { + return true; + } + return false; +} + + # find existing session, or make one function init_session() { if(!session_exists()) { @@ -112,12 +163,18 @@ function init_session() { # save a variable into the session function session_set($name, $value) { - db_replace('session_data', 'name,value', $name, $value); + session_clear($name); + db_insert('wfpl_session_data', 'session_id,name,value', $GLOBALS['session_id'], $name, $value); +} + +# remove variable from the session +function session_clear($name) { + db_delete('wfpl_session_data', 'where session_id=%i && name=%"', $GLOBALS['session_id'], $name); } # get a variable into the session function session_get($name) { - return db_get_value('session_data', 'value', 'name=%"', $name); + return db_get_value('wfpl_session_data', 'value', 'where session_id=%i && name=%"', $GLOBALS['session_id'], $name); } ?>