. # The functions in this file assume that you have this database table: # drop table if exists wfpl_sessions; # create table wfpl_sessions ( # id int unique auto_increment, # session_key varchar(16), # idle_timeout int, # expires int, # expires_max int, # value text # ) CHARSET=utf8; # You'll want to use these: # # session_exists() # session_new('timeout', 'max_len') # session_set('key', 'value') # session_sets(['key': 'value', 'key2': 'val2']) # session_get('key') # session_clear() # removes all set() values # session_clear('key') # session_kill() # # All session data is cached in globals, so: # 1. don't set large amonuts of data # 2. session_get() is very fast (no db access) # generate a new random 16-character string function session_generate_key() { $character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $id = " "; # PHP 4.2.0 and up seed the random number generator for you. # Lets hope that it seeds with something harder to guess than the clock. for($i = 0; $i < 16; ++$i) { $id{$i} = $character_set{mt_rand(0, 61)}; } return $id; } # start a new session. # by default it'll expire in 24 hours regardless of activity. # pass both args for a session that lasts longer if active. # sessions are tracked with a "session cookie" (dies on browser close) function session_new($idle_timeout = 86400, $max_timeout = 'same_as_idle') { if ($max_timeout === 'same_as_idle') { $max_timeout = $idle_timeout; } kill_session(); $session_key = session_generate_key(); $now = time(); $row = array( 'session_key' => $session_key, 'idle_timeout' => $idle_timeout, 'expires' => $now + $idle_timeout, 'expires_max' => $now + $max_timeout, 'value' => '' ); db_insert_assoc('wfpl_sessions', $row); $session_id = db_auto_id(); $GLOBALS['wfpl_session'] = array( 'exists' => true, 'id' => $session_id, 'key' => $session_key, 'idle_timeout' => $row['idle_timeout'], 'expires' => $row['expires'], 'expires_max' => $row['expires_max'], 'value' => array() ); session_set_cookie(); return $session_key; } function session_set_cookie() { if (session_exists()) { if (!isset($GLOBALS['wfpl_session']['cookie_set'])) { $GLOBALS['wfpl_session']['cookie_set'] = true; header('Set-Cookie: session_key=' . $GLOBALS['wfpl_session']['key'] . '; Path=/'); } } } # this is a helper function. See session_new() function session_touch() { if(!session_exists()) { return; } # is the session extendable? if ($GLOBALS['wfpl_session']['expires'] < $GLOBALS['wfpl_session']['expires_max']) { # would this extend the session by at least 10%? $now = time(); $session_start = $GLOBALS['wfpl_session']['expires'] - $GLOBALS['wfpl_session']['idle_timeout']; if ($now > $session_start + ceil(0.1 * $GLOBALS['wfpl_session']['idle_timeout'])) { $expires = max( $GLOBALS['wfpl_session']['expires_max'], $now + $GLOBALS['wfpl_session']['idle_timeout'] ); db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['wfpl_session']['id']); } } } # delete the current session function kill_session() { if(!session_exists()) { return; } db_delete('wfpl_sessions', 'where id=%i', $GLOBALS['wfpl_session']['id']); $GLOBALS['wfpl_session'] = array('exists' => false); } # delete expired sessions from database function session_purge_old() { db_delete('wfpl_sessions', 'where expires < %i', time()); } # return true if a session exists function session_exists() { if (isset($GLOBALS['wfpl_session'])) { return $GLOBALS['wfpl_session']['exists']; } $GLOBALS['wfpl_session'] = array('exists' => false); if(!isset($_COOKIE['session_key'])) { return false; } $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_COOKIE['session_key']); if(!strlen($session_key) == 16) { return false; } session_purge_old(); $row = db_get_assoc('wfpl_sessions', 'id,idle_timeout,expires,expires_max,value', 'where session_key=%"', $session_key); if($row === false) { return false; } $GLOBALS['wfpl_session']['exists'] = true; $GLOBALS['wfpl_session']['id'] = $row['id']; $GLOBALS['wfpl_session']['idle_timeout'] = $row['idle_timeout']; $GLOBALS['wfpl_session']['expires'] = $row['expires']; $GLOBALS['wfpl_session']['expires_max'] = $row['expires_max']; $GLOBALS['wfpl_session']['key'] = $session_key; if (strlen($row['value']) && is_array($parsed = json_decode($row['value'], true))) { $GLOBALS['wfpl_session']['value'] = $parsed; } else { $GLOBALS['wfpl_session']['value'] = array(); } # mark session as not idle session_touch(); return true; } # generate a random password using only letters and numbers that look # particularly unique function new_readable_password($length = 8) { $character_set = "ABCDEFHJKLMNPQRTUWXY34789"; $code = ""; # PHP 4.2.0 and up seed the random number generator for you. # Lets hope that it seeds with something harder to guess than the clock. while($length--) { $code .= $character_set{mt_rand(0, 24)}; # inclusive } return $code; } # depricated # return username if a session exists and is authenticated function logged_in() { if(!session_exists()) { return false; } return session_get('auth_username'); } # depricated function session_exists_and_authed() { return logged_in(); } # depricated # return true if a session exists and is authenticated function logged_in_as_admin() { if(!session_exists()) { return false; } if(session_get('auth_admin')) { return true; } return false; } # find existing session, or make one (name "session_init" was taken) function init_session() { if(!session_exists()) { session_new(); } } # internal use only (write session cache to db) function _sync_session() { if (count($GLOBALS['wfpl_session']['value']) > 0) { $value = json_encode($GLOBALS['wfpl_session']['value']); } else { $value = ''; } db_update('wfpl_sessions', 'value', $value, 'where id=%i', $GLOBALS['wfpl_session']['id']); } # save data into the session # $value can be anything json_encode()able function session_set($name, $value) { init_session(); if (isset($GLOBALS['wfpl_session']['value'][$name])) { if ($GLOBALS['wfpl_session']['value'][$name] === $value) { return; } } $GLOBALS['wfpl_session']['value'][$name] = $value; _sync_session(); } # save data into the session # values can be anything json_encode()able function session_sets($assoc) { init_session(); $dirty = false; foreach ($assoc as $name => &$value) { if (isset($GLOBALS['wfpl_session']['value'][$name])) { if ($GLOBALS['wfpl_session']['value'][$name] === $value) { continue; } } $GLOBALS['wfpl_session']['value'][$name] = $value; $dirty = true; } if ($dirty) { _sync_session(); } } # remove variable from the session # with no args: clear all function session_clear($name = -1) { if(!session_exists()) { return; } if ($name === -1) { if (count($GLOBALS['wfpl_session']['value']) > 0) { $GLOBALS['wfpl_session']['value'] = array(); _sync_session(); } } elseif (isset($GLOBALS['wfpl_session']['value'][$name])) { unset($GLOBALS['wfpl_session']['value'][$name]); _sync_session(); } } # get a variable into the session function session_get($name) { if(!session_exists()) { return false; } if (isset($GLOBALS['wfpl_session']['value'][$name])) { return $GLOBALS['wfpl_session']['value'][$name]; } else { return false; } }