3 # Copyright (C) 2006 Jason Woofenden
5 # This file is part of wfpl.
7 # wfpl is free software; you can redistribute it and/or modify it under the
8 # terms of the GNU Lesser General Public License as published by the Free
9 # Software Foundation; either version 2.1 of the License, or (at your option)
12 # wfpl is distributed in the hope that it will be useful, but WITHOUT ANY
13 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
14 # FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
17 # You should have received a copy of the GNU Lesser General Public License
18 # along with wfpl; if not, write to the Free Software Foundation, Inc., 51
19 # Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 # you'll need these database tables:
23 # create table wfpl_sessions (id int unique auto_increment, session_key varchar(16), length int, expires int);
24 # create table wfpl_session_data (id int unique auto_increment, session_id int, name varchar(100), value text);
25 # run this command to install/clear the tables:
26 # mysql DATABASE_NAME < code/wfpl/examples/session.sql
27 # note: you may need these parameters for mysql: -u USERNAME -p
31 # session_key 16 digit string identifying the session
32 # session_id integer id of the record in the "sessions" table of the database
33 # UNTIL_CLOSE a constant passed as session length to indicate "until browser window closes"
36 # session_id is kept in $GLOBALS
37 # session_key is sent as a cookie, and thus appears in $_REQUEST. The clean version is in $GLOBALS
39 # generate a new random 16-character string
40 function session_generate_key() {
41 $character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
44 # PHP 4.2.0 and up seed the random number generator for you.
45 # Lets hope that it seeds with something harder to guess than the clock.
46 for($i = 0; $i < 16; ++$i) {
47 $id{$i} = $character_set{mt_rand(0, 61)};
53 # track this user with a session cookie (ie a cookie that goes away when the
54 # user closes the browser). The timestamp is how long to track the session in
55 # the database. Defaults to one day.
56 function session_new($length = 86400) {
57 $session_key = session_generate_key();
59 db_insert('wfpl_sessions', 'session_key,length', $session_key, $length);
60 $GLOBALS['session_id'] = db_auto_id();
61 $GLOBALS['session_key'] = $session_key;
62 $_REQUEST['session_key'] = $session_key; #just in case someone calls session_exists() after session_new()
63 session_touch($length);
64 return $GLOBALS['session_key'];
67 # call to renew the timeout for the session.
68 # assumes there's a session. call init_session() if you'd like one auto-create one if not found.
69 function session_touch($length = false) {
71 $length = db_get_value('wfpl_sessions', 'length', 'where id=%i', $GLOBALS['session_id']);
73 $expires = time() + $length;
75 header('Set-Cookie: session_key=' . $GLOBALS['session_key']);
77 db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['session_id']);
80 # delete the current session
81 function kill_session() {
82 if(!session_exists()) {
85 _kill_session($GLOBALS['session_id']);
88 # for internal use. use kill_session() above
89 function _kill_session($id) {
90 db_delete('wfpl_session_data', 'where session_id=%i', $id);
91 db_delete('wfpl_sessions', 'where id=%i', $id);
94 # delete expired sessions from database
95 function session_purge_old() {
97 $expired_sessions = db_get_column('wfpl_sessions', 'id', 'where expires < %i', $now);
98 if($expired_sessions) foreach($expired_sessions as $expired_session) {
99 _kill_session($expired_session);
103 # return true if a session exists
104 function session_exists() {
105 if(!isset($_REQUEST['session_key'])) {
109 if(isset($GLOBALS['session_id'])) {
113 $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_REQUEST['session_key']);
115 if(!strlen($session_key) == 16) {
119 $GLOBALS['session_key'] = $session_key;
122 $id = db_get_value('wfpl_sessions', 'id', 'where session_key=%"', $session_key);
127 $GLOBALS['session_id'] = $id;
131 # return username if a session exists and is authenticated
132 function session_exists_and_authed() {
133 if(!session_exists()) {
137 return session_get('auth_username');
141 # find existing session, or make one
142 function init_session() {
143 if(!session_exists()) {
148 # save a variable into the session
149 function session_set($name, $value) {
150 session_clear($name);
151 db_insert('wfpl_session_data', 'session_id,name,value', $GLOBALS['session_id'], $name, $value);
154 # remove variable from the session
155 function session_clear($name) {
156 db_delete('wfpl_session_data', 'where session_id=%i && name=%"', $GLOBALS['session_id'], $name);
159 # get a variable into the session
160 function session_get($name) {
161 return db_get_value('wfpl_session_data', 'value', 'where session_id=%i && name=%"', $GLOBALS['session_id'], $name);