|
From: Joe S. <joe...@us...> - 2002-10-01 16:22:05
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv22527/php-lib-stable/php
Modified Files:
session4.inc session4_custom.inc
Added Files:
prepend.php local4.inc
Log Message:
moved session4 require files to php directory
--- NEW FILE: prepend.php ---
<?php
/*
* Session Management for PHP3
*
* Copyright (c) 1998-2000 NetUSE AG
* Boris Erdmann, Kristian Koehntopp
*
* $Id: prepend.php,v 1.1 2002/10/01 16:22:03 joestewart Exp $
*
*/
$_PHPLIB = array();
# Can't control your include path?
# Point this to your PHPLIB base directory. Use a trailing "/"!
$_PHPLIB["libdir"] = "";
require($_PHPLIB["libdir"] . "db_mysql.inc"); /* Change this to match your database. */
require($_PHPLIB["libdir"] . "ct_sql.inc"); /* Change this to match your data storage container */
require($_PHPLIB["libdir"] . "session4.inc"); /* Required for everything below.*/
// require($_PHPLIB["libdir"] . "session4_custom.inc"); /* Required for using PHPLIB storage container for sessions. */
require($_PHPLIB["libdir"] . "auth.inc"); /* Disable this, if you are not using authentication. */
require($_PHPLIB["libdir"] . "perm.inc"); /* Disable this, if you are not using permission checks. */
require($_PHPLIB["libdir"] . "user4.inc"); /* Disable this, if you are not using per-user variables. */
/* Additional require statements go below this line */
# require($_PHPLIB["libdir"] . "menu.inc"); /* Enable to use Menu */
/* Additional require statements go before this line */
require($_PHPLIB["libdir"] . "local.inc"); /* Required, contains your local configuration. */
require($_PHPLIB["libdir"] . "page.inc"); /* Required, contains the page management functions. */
?>
--- NEW FILE: local4.inc ---
<?php
/*
* Session Management for PHP3
*
* Copyright (c) 1998-2000 NetUSE AG
* Boris Erdmann, Kristian Koehntopp
*
* $Id: local4.inc,v 1.1 2002/10/01 16:22:03 joestewart Exp $
*
* All functions in this file are example classes, which can be used
* by your application to get you going. Once you get the hang of it,
* you should backup this file and start over with a clean local.inc
* which contains only your own classes and only the classes you need.
*/
class DB_Example extends DB_Sql {
var $Host = "localhost";
var $Database = "test";
var $User = "kk";
var $Password = "";
}
##
## Session needs to use a storage container (ct).
## Select exactly one of the following and set $that_class
## in Example_Session appropriately.
##
class Example_CT_Sql extends CT_Sql {
var $database_class = "DB_Example"; ## Which database to connect...
var $database_table = "active_sessions"; ## and find our session data in this table.
}
##
## An example of Split_Sql container usage
## You may need it if you expect significant amount of session-registered
## data and there are restrictions on tuple size in your database
## engine (e.g. like in Postgres)
##
## NB: session table name is different only for illustrative purposes,
## so you wouldn't absent-mindedly confuse split session data and non-split
## table structure is the same - if you are sure you won;t be switching
## back and forth between containers, just use active_sessions
#class Example_CT_Split_Sql extends CT_Split_Sql {
# var $database_class = "DB_Example"; ## Which database to connect...
# var $database_table = "active_sessions_split"; ## and find our session data in this table.
# var $split_length = 4096; ## Split rows every 4096 bytes
#}
#class Example_CT_Shm extends CT_Shm {
# var $max_sessions = 500; ## number of maximum sessions
# var $shm_key = 0x123754; ## unique shm identifier
# var $shm_size = 64000; ## size of segment
#}
#class Example_CT_Ldap extends CT_Ldap {
# var $ldap_host = "localhost";
# var $ldap_port = 389;
# var $basedn = "dc=your-domain, dc=com";
# var $rootdn = "cn=root, dc=your-domain, dc=com";
# var $rootpw = "secret";
# var $objclass = "phplibdata";
#}
#class Example_CT_Dbm extends CT_DBM {
# var $dbm_file = "must_exist.dbm";
#}
class Example_Session extends Session {
var $classname = "Example_Session";
var $cookiename = ""; ## defaults to classname
var $magic = "Hocuspocus"; ## ID seed
var $mode = "cookie"; ## We propagate session IDs with cookies
var $fallback_mode = "get";
var $lifetime = 0; ## 0 = do session cookies, else minutes
var $that_class = "Example_CT_Sql"; ## name of data storage container class
var $gc_probability = 5;
var $allowcache = "no"; ## "public", "private", or "no"
}
/*
class Example_Session_Custom extends Session_Custom {
var $classname = "Example_Session";
var $cookiename = ""; ## defaults to classname
var $magic = "Hocuspocus"; ## ID seed
var $mode = "cookie"; ## We propagate session IDs with cook
ies
var $fallback_mode = "get";
var $lifetime = 0; ## 0 = do session cookies, else minut
es
var $that_class = "Example_CT_Sql"; ## name of data storage container class
var $gc_probability = 5;
var $allowcache = "no"; ## "public", "private", or "no"
// var $module = "files"; ## user, files or mm
}
*/
class Example_User extends User {
var $classname = "Example_User";
var $magic = "Abracadabra"; ## ID seed
var $that_class = "Example_CT_Sql"; ## name of data storage container class
}
class Example_Auth extends Auth {
var $classname = "Example_Auth";
var $lifetime = 15;
var $database_class = "DB_Example";
var $database_table = "auth_user";
function auth_loginform() {
global $sess;
global $_PHPLIB;
include($_PHPLIB["libdir"] . "loginform.ihtml");
}
function auth_validatelogin() {
global $HTTP_POST_VARS;
if(isset($HTTP_POST_VARS["username"])) {
$this->auth["uname"] = $HTTP_POST_VARS["username"]; ## This provides access for "loginform.ihtml"
}
$uid = false;
$this->db->query(sprintf("select user_id, perms ".
" from %s ".
" where username = '%s' ".
" and password = '%s'",
$this->database_table,
addslashes($HTTP_POST_VARS["username"]),
addslashes($HTTP_POST_VARS["password"])));
while($this->db->next_record()) {
$uid = $this->db->f("user_id");
$this->auth["perm"] = $this->db->f("perms");
}
return $uid;
}
}
class Example_Default_Auth extends Example_Auth {
var $classname = "Example_Default_Auth";
var $nobody = true;
}
# A variation of Example_Auth which uses a Challenge-Response
# Authentication. The password never crosses the net in clear,
# if the remote system supports JavaScript. Please read the
# Documentation section about CR Authentication to understand
# what is going on.
class Example_Challenge_Auth extends Auth {
var $classname = "Example_Challenge_Auth";
var $lifetime = 1;
var $magic = "Simsalabim"; ## Challenge seed
var $database_class = "DB_Example";
var $database_table = "auth_user";
function auth_loginform() {
global $sess;
global $challenge;
global $_PHPLIB;
$challenge = md5(uniqid($this->magic));
$sess->register("challenge");
include($_PHPLIB["libdir"] . "crloginform.ihtml");
}
function auth_validatelogin() {
global $HTTP_POST_VARS, $challenge;
if(isset($HTTP_POST_VARS["username"])) {
$this->auth["uname"] = $HTTP_POST_VARS["username"]; ## This provides access for "loginform.ihtml"
}
$this->db->query(sprintf("select user_id, perms, password ".
"from %s where username = '%s'",
$this->database_table,
addslashes($HTTP_POST_VARS["username"])));
if ($this->db->num_rows() == 0) {
return false;
}
while($this->db->next_record()) {
$uid = $this->db->f("user_id");
$perm = $this->db->f("perms");
$pass = $this->db->f("password");
}
$expected_response = md5("$HTTP_POST_VARS[username]:$pass:$challenge");
## True when JS is disabled
if ($HTTP_POST_VARS["response"] == "") {
if ($HTTP_POST_VARS["password"] != $pass) {
return false;
} else {
$this->auth["perm"] = $perm;
return $uid;
}
}
## Response is set, JS is enabled
if ($expected_response != $HTTP_POST_VARS["response"]) {
return false;
} else {
$this->auth["perm"] = $perm;
return $uid;
}
}
}
##
## Another variation of Challenge-Response authentication,
## done slightly differently. This one does not keep cleartext
## passwords in your database table.
##
## Example_Challenge_Crypt_Auth: Keep passwords in md5 hashes rather
## than cleartext in database
## Author: Jim Zajkowski <ji...@ji...>
class Example_Challenge_Crypt_Auth extends Auth {
var $classname = "Example_Challenge_Crypt_Auth";
var $lifetime = 1;
var $magic = "Frobozzica"; ## Challenge seed
var $database_class = "DB_Example";
var $database_table = "auth_user_md5";
function auth_loginform() {
global $sess;
global $challenge;
global $_PHPLIB;
$challenge = md5(uniqid($this->magic));
$sess->register("challenge");
include($_PHPLIB["libdir"] . "crcloginform.ihtml");
}
function auth_validatelogin() {
global $HTTP_POST_VARS, $challenge;
$this->auth["uname"] = $HTTP_POST_VARS["username"]; ## This provides access for "loginform.ihtml"
$this->db->query(sprintf("select user_id, perms, password ".
"from %s where username = '%s'",
$this->database_table,
addslashes($HTTP_POST_VARS["username"])));
if ($this->db->num_rows() == 0) {
return false;
}
while($this->db->next_record()) {
$uid = $this->db->f("user_id");
$perm = $this->db->f("perms");
$pass = $this->db->f("password"); ## Password is stored as a md5 hash
}
$expected_response = md5("$HTTP_POST_VARS[username]:$pass:$challenge");
## True when JS is disabled
if ($HTTP_POST_VARS["response"] == "") {
if (md5($HTTP_POST_VARS["password"]) != $pass) { ## md5 hash for non-JavaScript browsers
return false;
} else {
$this->auth["perm"] = $perm;
return $uid;
}
}
## Response is set, JS is enabled
if ($expected_response != $HTTP_POST_VARS["response"]) {
return false;
} else {
$this->auth["perm"] = $perm;
return $uid;
}
}
}
## An example implementation of a Perm subclass, implementing
## a few atomic permissions. You want to read up on Permission
## schemata design in the documentation.
class Example_Perm extends Perm {
var $classname = "Example_Perm";
var $permissions = array(
"user" => 1,
"author" => 2,
"editor" => 4,
"supervisor" => 8,
"admin" => 16
);
function perm_invalid($does_have, $must_have) {
global $perm, $auth, $sess;
global $_PHPLIB;
include($_PHPLIB["libdir"] . "perminvalid.ihtml");
}
}
##
## Example_Menu may extend Menu.
## Remember that in PHP 3 a class's constructor function must have the
## same name as the class. To make it easier to extend this class we
## have a real constructor function called setup(). When you create an
## extension of this class, create your constructor function which only
## needs to call setup().
##
## To use this, you must enable the require statement for
## menu.inc in prepend.php3.
##
## See /pages/menu for an example application of Example_Menu.
##
# class Example_Menu extends Menu {
# var $classname = "Example_Menu";
#
# # Map of PHP_SELF URL strings to menu positions
# var $urlmap = array(
# "/menu/index.php3" => "",
# "/menu/item1.php3" => "/1",
# "/menu/item11.php3" => "/1/1",
# "/menu/item12.php3" => "/1/2",
# "/menu/item13.php3" => "/1/3",
# "/menu/item2.php3" => "/2",
# "/menu/item21.php3" => "/2/1",
# "/menu/item22.php3" => "/2/2",
# "/menu/item221.php3" => "/2/2/1",
# "/menu/item222.php3" => "/2/2/2",
# "/menu/item23.php3" => "/2/3",
# "/menu/item24.php3" => "/2/4"
# );
#
# # Information about each menu item
# var $item = array(
# "" => array("title" => "Main"),
# "/1" => array("title" => "Text 1"),
# "/1/1" => array("title" => "Text 1.1"),
# "/1/2" => array("title" => "Text 1.2"),
# "/1/3" => array("title" => "Text 1.3"),
# "/2" => array("title" => "Text 2"),
# "/2/1" => array("title" => "Text 2.1"),
# "/2/2" => array("title" => "Text 2.2", "pseudo" => true),
# "/2/2/1"=> array("title" => "Text 2.2.1"),
# "/2/2/2"=> array("title" => "Text 2.2.2"),
# "/2/3" => array("title" => "Text 2.3"),
# "/2/4" => array("title" => "Text 2.4")
# );
#
# function Example_Menu() {
# $this->setup();
# }
# }
?>
Index: session4.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/session4.inc,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** session4.inc 1 Oct 2002 16:13:56 -0000 1.1
--- session4.inc 1 Oct 2002 16:22:03 -0000 1.2
***************
*** 95,103 ****
/**
*
* @var string
* @deprec $Id$
*/
! var $fallback_mode;
--- 95,120 ----
/**
+ * Propagation mode is by default set to cookie
+ * The other parameter, fallback_mode, decides wether
+ * we accept ONLY cookies, or cookies and eventually get params
+ * in php4 parlance, these variables cause a setting of either
+ * the php.ini directive session.use_cookie or session.use_only_cookie
+ * The session.use_only_cookie possibility was introdiced in PHP 4.2.2, and
+ * has no effect on previous versions
*
* @var string
* @deprec $Id$
*/
! var $mode = "cookie"; ## We propagate session IDs with cookies
!
! /**
! * If fallback_mode is set to 'cookie', php4 will impose a cookie-only
! * propagation policy, which is a safer propagation method that get mode
! *
! * @var string
! * @deprec $Id$
! */
! var $fallback_mode; ## if fallback_mode is also 'ccokie'
! ## we enforce session.use_only_cookie
***************
*** 143,146 ****
--- 160,168 ----
*/
function start() {
+
+ if ( $this->mode=="cookie"
+ && $this->fallback_mode=="cookie") {
+ ini_set ("session.use_only_cookie","1");
+ }
$this->set_tokenname();
***************
*** 149,153 ****
$ok = session_start();
$this->id = session_id();
!
return $ok;
} // end func start
--- 171,185 ----
$ok = session_start();
$this->id = session_id();
!
! // If register_globals is off -> restore session variables to global scope
! if(!(bool) ini_get('register_globals')) {
! if(is_array($_SESSION)) {
! foreach ($_SESSION as $key => $value) {
! global $$key;
! $$key=$value;
! }
! }
! }
!
return $ok;
} // end func start
***************
*** 222,238 ****
* @param mixed String with the name of one or more variables seperated by comma
* or a list of variables names: "foo"/"foo,bar,baz"/{"foo","bar","baz"}
- * @return boolean false if registration failed, true on success.
* @access public
*/
function register ($var_names) {
if (!is_array($var_names)) {
-
// spaces spoil everything
$var_names = trim($var_names);
! return session_register( preg_split('/\s*,\s*/', $var_names) );
!
}
! return session_register($var_names);
} // end func register
--- 254,278 ----
* @param mixed String with the name of one or more variables seperated by comma
* or a list of variables names: "foo"/"foo,bar,baz"/{"foo","bar","baz"}
* @access public
*/
function register ($var_names) {
if (!is_array($var_names)) {
// spaces spoil everything
$var_names = trim($var_names);
! $var_names=explode(",", $var_names);
}
! // If register_globals is off -> store session variables values
! if(!(bool) ini_get('register_globals')) {
! foreach ($var_names as $key => $value ) {
! global $$value;
! if (!isset($_SESSION[$value])){
! $_SESSION[$value]= $$value;
! }
! }
! }
! else {
! return session_register($var_names);
! }
} // end func register
***************
*** 245,252 ****
*/
function is_registered ($var_name) {
! $var_name = trim($var_name); // to be sure
! return session_is_registered($var_name);
} // end func is_registered
/**
--- 285,297 ----
*/
function is_registered ($var_name) {
! $var_name = trim($var_name); // to be sure
! if(!(bool) ini_get('register_globals')) {
! return isset($_SESSION[$var_name]);
! } else {
! return session_is_registered($var_name);
! }
} // end func is_registered
+
/**
***************
*** 255,266 ****
* @param mixed String with the name of one or more variables seperated by comma
* or a list of variables names: "foo"/"foo,bar,baz"/{"foo","bar","baz"}
- * @return boolean false if any error, true on success.
* @access public
*/
function unregister ($var_names) {
$ok = true;
foreach (explode (',', $var_names) as $var_name) {
! $ok = $ok && session_unregister ( trim($var_name) );
}
--- 300,317 ----
* @param mixed String with the name of one or more variables seperated by comma
* or a list of variables names: "foo"/"foo,bar,baz"/{"foo","bar","baz"}
* @access public
*/
+
function unregister ($var_names) {
$ok = true;
+
foreach (explode (',', $var_names) as $var_name) {
! $var_name=trim($var_name);
! if(!(bool) ini_get('register_globals')) {
! unset($_SESSION[$var_name]); ## unset is no more a function in php4
! } else {
! $ok = $ok && session_unregister ($var_name);
! }
}
***************
*** 478,481 ****
--- 529,550 ----
return session_decode($data_string);
} // end func deserialize
+
+ /**
+ * freezes all registered things ( scalar variables, arrays, objects )
+ * by saving all registered things to $_SESSION.
+ *
+ * @access public
+ *
+ *
+ */
+ function freeze() {
+ // If register_globals is off -> store session variables values
+ if(!(bool) ini_get('register_globals')) {
+ foreach ($_SESSION as $key => $value) {
+ global $$key;
+ eval("\$_SESSION[\$key]= \$$key;");
+ }
+ }
+ }
/**
Index: session4_custom.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/session4_custom.inc,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** session4_custom.inc 1 Oct 2002 16:13:56 -0000 1.1
--- session4_custom.inc 1 Oct 2002 16:22:03 -0000 1.2
***************
*** 1,4 ****
<?php
! require_once($_PHPLIB["libdir"]."session/session4.inc");
/**
* PHPLib Sessions using PHP 4 build-in sessions and PHPLib storage container
--- 1,4 ----
<?php
! // require_once($_PHPLIB["libdir"]."session/session4.inc");
/**
* PHPLib Sessions using PHP 4 build-in sessions and PHPLib storage container
***************
*** 127,130 ****
--- 127,131 ----
}
+ return Session::freeze();
} // end func freeze
|
