X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl.git;a=blobdiff_plain;f=session.php;h=bcf23578215b3401f2fe524af5dd4670db2774de;hp=295c421df7854d43b79a049c5b2463e34444699d;hb=15459c86d0996ab3037b1738a8be6efd378c1258;hpb=d33688ee9c43b2cbd63082ecdfd89d5e132a57de diff --git a/session.php b/session.php index 295c421..bcf2357 100644 --- a/session.php +++ b/session.php @@ -2,41 +2,31 @@ # Copyright (C) 2006 Jason Woofenden # -# This file is part of wfpl. -# -# wfpl is free software; you can redistribute it and/or modify it under the -# terms of the GNU Lesser General Public License as published by the Free -# Software Foundation; either version 2.1 of the License, or (at your option) -# any later version. -# -# wfpl is distributed in the hope that it will be useful, but WITHOUT ANY -# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for -# more details. -# -# You should have received a copy of the GNU Lesser General Public License -# along with wfpl; if not, write to the Free Software Foundation, Inc., 51 -# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - -# you'll need this file that calles db_connect() -if(!isset($GLOBALS['wfpl_db_handle'])) { - if(file_exists('db_connect.php') { - require_once('db_connect.php'); - } elseif(file_exists('code/db_connect.php') { - require_once('code/db_connect.php'); - } else { - die("session.php requires a file db_connect.php or that you call db_connect() first. See code/wfpl/db.php for more information."); - } -} - -# and these database tables: +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +# you'll need these database tables: # create table wfpl_sessions (id int unique auto_increment, session_key varchar(16), length int, expires int); # create table wfpl_session_data (id int unique auto_increment, session_id int, name varchar(100), value text); +# run this command to install/clear the tables: +# mysql DATABASE_NAME < inc/wfpl/examples/session.sql +# note: you may need these parameters for mysql: -u USERNAME -p # GLOSSARY # # session_key 16 digit string identifying the session -# session_id integer id of the record in the "sessions" table of the database +# session_id integer id of the record in the "wfpl_sessions" table of the database # UNTIL_CLOSE a constant passed as session length to indicate "until browser window closes" @@ -45,16 +35,16 @@ if(!isset($GLOBALS['wfpl_db_handle'])) { # generate a new random 16-character string function session_generate_key() { - $character_set = "abcdefghijklmnopqrstuvwqyzABCDEFGHIJKLMNOPQRSTUVWQYZ0123456789"; - $id = " "; + $character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + $id = " "; # PHP 4.2.0 and up seed the random number generator for you. # Lets hope that it seeds with something harder to guess than the clock. - for($i = 0; $i < 16; ++$i) { - $id{$i} = $character_set{mt_rand(0, 61)}; - } + for($i = 0; $i < 16; ++$i) { + $id{$i} = $character_set{mt_rand(0, 61)}; + } - return $id; + return $id; } # track this user with a session cookie (ie a cookie that goes away when the @@ -66,19 +56,20 @@ function session_new($length = 86400) { db_insert('wfpl_sessions', 'session_key,length', $session_key, $length); $GLOBALS['session_id'] = db_auto_id(); $GLOBALS['session_key'] = $session_key; - $_REQUEST['session_key'] = $session_key; #just in case someone calls session_exists() after session_new() + $_COOKIE['session_key'] = $session_key; #just in case someone calls session_exists() after session_new() session_touch($length); + return $GLOBALS['session_key']; } # call to renew the timeout for the session. -# assumes there's a session. call session_init() if you'd like one auto-create one if not found. +# assumes there's a session. call init_session() if you'd like one auto-create one if not found. function session_touch($length = false) { if(!$length) { $length = db_get_value('wfpl_sessions', 'length', 'where id=%i', $GLOBALS['session_id']); } $expires = time() + $length; - header('Set-Cookie: session_key=' . $GLOBALS['session_key']); + header('Set-Cookie: session_key=' . $GLOBALS['session_key'] . '; Path=/'); db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['session_id']); } @@ -100,7 +91,7 @@ function _kill_session($id) { # delete expired sessions from database function session_purge_old() { $now = time(); - $exired_sessions = db_get_column('wfpl_sessions', 'id', 'where expires < %i', $now); + $expired_sessions = db_get_column('wfpl_sessions', 'id', 'where expires < %i', $now); if($expired_sessions) foreach($expired_sessions as $expired_session) { _kill_session($expired_session); } @@ -108,11 +99,15 @@ function session_purge_old() { # return true if a session exists function session_exists() { - if(!isset($_REQUEST['session_key'])) { + if(!isset($_COOKIE['session_key'])) { return false; } - $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_REQUEST['session_key']); + if(isset($GLOBALS['session_id'])) { + return true; + } + + $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_COOKIE['session_key']); if(!strlen($session_key) == 16) { return false; @@ -130,8 +125,29 @@ function session_exists() { return true; } -# return username if a session exists and is authenticated +# depricated function session_exists_and_authed() { + return logged_in(); +} + + +# generate a random password using only letters and numbers that look +# particularly unique +function new_readable_password($length = 8) { + $character_set = "ABCDEFHJKLMNPQRTUVWXY34789"; + $code = ""; + + # PHP 4.2.0 and up seed the random number generator for you. + # Lets hope that it seeds with something harder to guess than the clock. + while($length--) { + $code .= $character_set{mt_rand(0, 25)}; # inclusive + } + + return $code; +} + +# return username if a session exists and is authenticated +function logged_in() { if(!session_exists()) { return false; } @@ -140,7 +156,21 @@ function session_exists_and_authed() { } -# find existing session, or make one + +# return true if a session exists and is authenticated +function logged_in_as_admin() { + if(!session_exists()) { + return false; + } + + if(session_get('auth_admin')) { + return true; + } + return false; +} + + +# find existing session, or make one (name "session_init" was taken) function init_session() { if(!session_exists()) { session_new(); @@ -149,12 +179,12 @@ function init_session() { # save a variable into the session function session_set($name, $value) { - session_unset($name); + session_clear($name); db_insert('wfpl_session_data', 'session_id,name,value', $GLOBALS['session_id'], $name, $value); } # remove variable from the session -function session_unset($name) { +function session_clear($name) { db_delete('wfpl_session_data', 'where session_id=%i && name=%"', $GLOBALS['session_id'], $name); }