phplib-commit Mailing List for PHPLIB (Page 5)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-commit — A list for automatically mailed CVS Commits
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(76) |
Sep
(7) |
Oct
(2) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(7) |
Feb
(7) |
Mar
(14) |
Apr
(27) |
May
(2) |
Jun
(2) |
Jul
(5) |
Aug
(6) |
Sep
(1) |
Oct
(9) |
Nov
(4) |
Dec
|
| 2003 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
|
Feb
(7) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2006 |
Jan
|
Feb
|
Mar
(1) |
Apr
(3) |
May
|
Jun
|
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
(6) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Layne W. <lay...@us...> - 2002-03-14 20:41:11
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv13825
Modified Files:
db_msql.inc db_mssql.inc db_odbc.inc db_pgsql.inc
db_sybase.inc
Log Message:
Added instance variable 'PConnect' to toggle between persistent and non-persistent database connections.
The default behavior is non-persistent.
Index: db_msql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/db_msql.inc,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** db_msql.inc 12 Jul 2000 18:22:34 -0000 1.3
--- db_msql.inc 14 Mar 2002 20:41:07 -0000 1.4
***************
*** 24,27 ****
--- 24,28 ----
var $Auto_Free = 0; ## Set this to 1 for automatic msql_free_result()
+ var $PConnect = 0; ## Set to 1 to use persistent database connections
/* public: constructor */
***************
*** 34,45 ****
if ( 0 == $this->Link_ID ) {
// Check for local connect
! $this->Link_ID = empty($this->Host)?
! $this->Link_ID=msql_pconnect():
! $this->Link_ID=msql_pconnect($this->Host);
}
// Still not connected? Raise error.
if ( 0 == $this->Link_ID ) {
! $this->halt("Link-ID == false, pconnect failed");
}
--- 35,52 ----
if ( 0 == $this->Link_ID ) {
// Check for local connect
! if(!$this->PConnect) {
! $this->Link_ID = empty($this->Host) ?
! $this->Link_ID = msql_connect() :
! $this->Link_ID = msql_connect($this->Host);
! } else {
! $this->Link_ID = empty($this->Host) ?
! $this->Link_ID = msql_pconnect() :
! $this->Link_ID = msql_pconnect($this->Host);
! }
}
// Still not connected? Raise error.
if ( 0 == $this->Link_ID ) {
! $this->halt("connect($this->Host) failed.");
}
Index: db_mssql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/db_mssql.inc,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** db_mssql.inc 17 May 2001 01:19:37 -0000 1.3
--- db_mssql.inc 14 Mar 2002 20:41:07 -0000 1.4
***************
*** 26,29 ****
--- 26,30 ----
var $Auto_Free = 0; ## set this to 1 to automatically free results
+ var $PConnect = 0; ## Set to 1 to persistent database connections
***************
*** 35,41 ****
function connect() {
if ( 0 == $this->Link_ID ) {
! $this->Link_ID=mssql_pconnect($this->Host, $this->User, $this->Password);
if (!$this->Link_ID)
! $this->halt("Link-ID == false, mssql_pconnect failed");
else
mssql_select_db($this->Database, $this->Link_ID);
--- 36,46 ----
function connect() {
if ( 0 == $this->Link_ID ) {
! if(!$this->PConnect) {
! $this->Link_ID = mssql_connect($this->Host, $this->User, $this->Password);
! } else {
! $this->Link_ID = mssql_pconnect($this->Host, $this->User, $this->Password);
! }
if (!$this->Link_ID)
! $this->halt("connect($this->Host, $this->User, \$Password) failed.");
else
mssql_select_db($this->Database, $this->Link_ID);
Index: db_odbc.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/db_odbc.inc,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** db_odbc.inc 12 Jul 2000 18:22:34 -0000 1.3
--- db_odbc.inc 14 Mar 2002 20:41:07 -0000 1.4
***************
*** 25,28 ****
--- 25,29 ----
var $Auto_Free = 0; ## set this to 1 to automatically free results
+ var $PConnect = 0; ## Set to 1 to use persistent database connections
/* public: constructor */
***************
*** 33,39 ****
function connect() {
if ( 0 == $this->Link_ID ) {
! $this->Link_ID=odbc_pconnect($this->Database, $this->User, $this->Password, $this->UseODBCCursor);
if (!$this->Link_ID) {
! $this->halt("Link-ID == false, odbc_pconnect failed");
}
}
--- 34,44 ----
function connect() {
if ( 0 == $this->Link_ID ) {
! if(!$this->PConnect) {
! $this->Link_ID = odbc_connect($this->Database, $this->User, $this->Password, $this->UseODBCCursor);
! } else {
! $this->Link_ID = odbc_pconnect($this->Database, $this->User, $this->Password, $this->UseODBCCursor);
! }
if (!$this->Link_ID) {
! $this->halt("connect($this->Database, $this->User, \$Password, $this->UseODBCCursor) failed.");
}
}
Index: db_pgsql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/db_pgsql.inc,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** db_pgsql.inc 13 Dec 2000 17:46:50 -0000 1.6
--- db_pgsql.inc 14 Mar 2002 20:41:07 -0000 1.7
***************
*** 29,32 ****
--- 29,33 ----
var $Auto_Free = 0; # Set this to 1 for automatic pg_freeresult on
# last record.
+ var $PConnect = 0; ## Set to 1 to use persistent database connections
function ifadd($add, $me) {
***************
*** 40,54 ****
function connect() {
! if ( 0 == $this->Link_ID ) {
! $cstr = "dbname=".$this->Database.
! $this->ifadd($this->Host, "host=").
! $this->ifadd($this->Port, "port=").
! $this->ifadd($this->User, "user=").
! $this->ifadd($this->Password, "password=");
! $this->Link_ID=pg_pconnect($cstr);
! if (!$this->Link_ID) {
! $this->halt("Link-ID == false, pconnect failed");
! }
! }
}
--- 41,59 ----
function connect() {
! if ( 0 == $this->Link_ID ) {
! $cstr = "dbname=".$this->Database.
! $this->ifadd($this->Host, "host=").
! $this->ifadd($this->Port, "port=").
! $this->ifadd($this->User, "user=").
! $this->ifadd($this->Password, "password=");
! if(!$this->PConnect) {
! $this->Link_ID = pg_connect($cstr);
! } else {
! $this->Link_ID = pg_pconnect($cstr);
! }
! if (!$this->Link_ID) {
! $this->halt("connect() failed.");
! }
! }
}
Index: db_sybase.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/db_sybase.inc,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** db_sybase.inc 12 Jul 2000 18:22:34 -0000 1.3
--- db_sybase.inc 14 Mar 2002 20:41:07 -0000 1.4
***************
*** 26,29 ****
--- 26,30 ----
var $Auto_Free = 0; ## Set this to 1 for automatic sybase_free_result()
+ var $PConnect = 0; ## Set to 1 to use persistent database connections
/* public: constructor */
***************
*** 34,42 ****
function connect() {
if ( 0 == $this->Link_ID ) {
! $this->Link_ID=sybase_pconnect($this->Host,$this->User,$this->Password);
if (!$this->Link_ID) {
! $this->halt("Link-ID == false, pconnect failed");
}
! if(!sybase_select_db($this->Database, $this->Link_ID)) {
$this->halt("cannot use database ".$this->Database);
}
--- 35,47 ----
function connect() {
if ( 0 == $this->Link_ID ) {
! if(!$this->PConnect) {
! $this->Link_ID = sybase_connect($this->Host, $this->User, $this->Password);
! } else {
! $this->Link_ID = sybase_pconnect($this->Host, $this->User, $this->Password);
! }
if (!$this->Link_ID) {
! $this->halt("connect($this->Host, $this->User, \$Password) failed.");
}
! if(!sybase_select_db($this->Database, $this->Link_ID)) {
$this->halt("cannot use database ".$this->Database);
}
|
|
From: Layne W. <lay...@us...> - 2002-03-14 20:36:48
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv13054/php
Modified Files:
db_mysql.inc
Log Message:
Modified lock() to allow list of table names.
Modified lock() and unlock() to remove unnecessary variable for testing query.
Added instance variable 'PConnect' to toggle between persistent and non-persistent database connections.
Updated documentation to reflect above changes.
Index: db_mysql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/db_mysql.inc,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** db_mysql.inc 12 Oct 2001 16:16:16 -0000 1.8
--- db_mysql.inc 14 Mar 2002 20:36:43 -0000 1.9
***************
*** 22,25 ****
--- 22,26 ----
var $Debug = 0; ## Set to 1 for debugging messages.
var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning)
+ var $PConnect = 0; ## Set to 1 to use persistent database connections
var $Seq_Table = "db_sequence";
***************
*** 41,45 ****
-
/* public: constructor */
function DB_Sql($query = "") {
--- 42,45 ----
***************
*** 71,77 ****
if ( 0 == $this->Link_ID ) {
! $this->Link_ID=mysql_pconnect($Host, $User, $Password);
if (!$this->Link_ID) {
! $this->halt("pconnect($Host, $User, \$Password) failed.");
return 0;
}
--- 71,81 ----
if ( 0 == $this->Link_ID ) {
! if(!$this->PConnect) {
! $this->Link_ID = mysql_connect($Host, $User, $Password);
! } else {
! $this->Link_ID = mysql_pconnect($Host, $User, $Password);
! }
if (!$this->Link_ID) {
! $this->halt("connect($Host, $User, \$Password) failed.");
return 0;
}
***************
*** 168,198 ****
function lock($table, $mode = "write") {
$query = "lock tables ";
! if (is_array($table)) {
! while (list($key,$value) = each($table)) {
! if (!is_int($key)) {
! // texts key are "read", "read local", "write", "low priority write"
! $query .= "$value $key, ";
} else {
! $query .= "$value $mode, ";
}
}
! $query = substr($query,0,-2);
} else {
$query .= "$table $mode";
}
! $res = $this->query($query);
! if (!$res) {
$this->halt("lock() failed.");
! return 0;
}
! return $res;
}
function unlock() {
! $res = $this->query("unlock tables");
! if (!$res) {
$this->halt("unlock() failed.");
}
! return $res;
}
--- 172,204 ----
function lock($table, $mode = "write") {
$query = "lock tables ";
! if(is_array($table)) {
! while(list($key,$value) = each($table)) {
! // text keys are "read", "read local", "write", "low priority write"
! if(is_int($key)) $key = $mode;
! if(strpos($value, ",")) {
! $query .= str_replace(",", " $key, ", $value) . " $key, ";
} else {
! $query .= "$value $key, ";
}
}
! $query = substr($query, 0, -2);
! } elseif(strpos($table, ",")) {
! $query .= str_replace(",", " $mode, ", $table) . " $mode";
} else {
$query .= "$table $mode";
}
! if(!$this->query($query)) {
$this->halt("lock() failed.");
! return false;
}
! return true;
}
function unlock() {
! if(!$this->query("unlock tables")) {
$this->halt("unlock() failed.");
+ return false;
}
! return true;
}
|
|
From: Layne W. <lay...@us...> - 2002-03-14 20:36:48
|
Update of /cvsroot/phplib/php-lib-stable/doc/sgml In directory usw-pr-cvs1:/tmp/cvs-serv13054/doc/sgml Modified Files: 03-db_sql.sgml Log Message: Modified lock() to allow list of table names. Modified lock() and unlock() to remove unnecessary variable for testing query. Added instance variable 'PConnect' to toggle between persistent and non-persistent database connections. Updated documentation to reflect above changes. Index: 03-db_sql.sgml =================================================================== RCS file: /cvsroot/phplib/php-lib-stable/doc/sgml/03-db_sql.sgml,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** 03-db_sql.sgml 13 Aug 2001 12:30:06 -0000 1.2 --- 03-db_sql.sgml 14 Mar 2002 20:36:43 -0000 1.3 *************** *** 160,163 **** --- 160,173 ---- environments. + <tag>lock($table, $mode = "write")</tag> + <p> + In some DB interfaces locks one or more tables using the mode(s) + specified. <tt/$table/ can be a single table, a comma separated + list of tables, or an array of mode/table (or table list) pairs. + + <tag>unlock()</tag> + <p> + In some DB interfaces releases all table locks. + <tag>link_id()</tag> <p> *************** *** 301,322 **** all PHPLIB tables as part of your application. ! Some databases (for example Oracle) have very expensive ! connect() operations. For these databases, performance is ! dramatically improved if you switch from CGI PHP to mod_php. ! This is, because PHPLIB uses the "*_pconnect()" method to ! connect to your database. In mod_php, the database connection is ! kept around by the web server process after the page has been ! processed and is reused if a further connect requires a ! connection with the same Host/Username/Password pattern. This means that there will be at most "number of web server processes" times "number of Host/Username/Password-combinations" ! many simultaneous connections to your database server. Keep that ! in mind when planning licenses and server load. Using CGI PHP ! will probably reduce the number of concurrent connects to your ! database server at the expense of connection setup time. For ! database servers where connection setup time is negligible ! (MySQL for example) this is a viable solution (don't try it with ! Oracle) though. <sect2>Using <tt/nextid()/ --- 311,347 ---- all PHPLIB tables as part of your application. ! Some databases (for example Oracle) have very expensive connect() ! operations. For these databases, performance is dramatically improved ! if you switch from CGI PHP to mod_php. This is because, for ! these database, PHPLIB uses the persistent connection methods (e.g. ! *plogon() or *_pconnect()) to connect to your database. In ! mod_php, the database connection is kept around by the web ! server process after the page has been processed and is reused if a ! further connect requires a connection with the same ! Host/Username/Password pattern. This means that there will be at most "number of web server processes" times "number of Host/Username/Password-combinations" ! many simultaneous connections to your database server. Keep that in ! mind when planning licenses and server load. Using CGI PHP and/or ! non-persistent connections will probably reduce the number of ! concurrent connects to your database server at the expense of ! connection setup time. For database servers where connection setup ! time is negligible (MySQL for example) this is the default solution; ! just don't try it with Oracle. ! ! <em/Note:/ PHPLib now uses (as of 7.4) non-persistent connections by ! default in the non-Oracle db interfaces. The majority of PHPLib users ! are operating in a virtual hosting environment where persistent ! connections eat up memory at a horrifying rate. For web servers that ! only connect to one Host/Username/Password, the persistent connections ! can be enabled by setting the <tt/$PConnect/ variable in local.inc's ! database extension class. ! ! <em/Note:/ When using persistent connections with MySQL, the ! <tt/wait_timeout/ value should be lowered in the MySQL server ! (safe_mysqld). A recommended value of 120 and 180 seconds is ! much better suited to use with PHP than MySQL's default value of ! 28800 seconds (8 hours). <sect2>Using <tt/nextid()/ |
|
From: Richard A. <ric...@us...> - 2002-02-26 08:14:40
|
Update of /cvsroot/phplib/php-lib
In directory usw-pr-cvs1:/tmp/cvs-serv13209
Modified Files:
CHANGES
Log Message:
Fixed [ #513935 ] local.inc inconsistencies
Index: CHANGES
===================================================================
RCS file: /cvsroot/phplib/php-lib/CHANGES,v
retrieving revision 1.190
retrieving revision 1.191
diff -C2 -d -r1.190 -r1.191
*** CHANGES 26 Feb 2002 07:54:41 -0000 1.190
--- CHANGES 26 Feb 2002 08:14:37 -0000 1.191
***************
*** 4,8 ****
- Fixed [ #517150 ] prepend.php3 needs ct_cookie mods
Added cookie.inc requires to prepend.php3, and a warning to local.inc.
!
04-Sep-2001 richardarcher
--- 4,9 ----
- Fixed [ #517150 ] prepend.php3 needs ct_cookie mods
Added cookie.inc requires to prepend.php3, and a warning to local.inc.
! - Fixed [ #513935 ] local.inc inconsistencies
! Merged changes from local.inc to local4.inc and edited comments
04-Sep-2001 richardarcher
|
|
From: Richard A. <ric...@us...> - 2002-02-26 08:13:27
|
Update of /cvsroot/phplib/php-lib/php
In directory usw-pr-cvs1:/tmp/cvs-serv8449
Modified Files:
local.inc local4.inc
Log Message:
Fixed [ #513935 ] local.inc inconsistencies
Index: local.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/local.inc,v
retrieving revision 1.37
retrieving revision 1.38
diff -C2 -d -r1.37 -r1.38
*** local.inc 26 Feb 2002 07:52:52 -0000 1.37
--- local.inc 26 Feb 2002 08:13:25 -0000 1.38
***************
*** 173,177 ****
if(isset($username)) {
! $this->auth["uname"]=$username; ## This provides access for "loginform.ihtml"
}
$this->db->query(sprintf("select p_user_id,p_perms,p_password ".
--- 173,177 ----
if(isset($username)) {
! $this->auth["uname"]=$username; ## This provides access for "crloginform.ihtml"
}
$this->db->query(sprintf("select p_user_id,p_perms,p_password ".
***************
*** 263,267 ****
if(isset($username)) {
! $this->auth["uname"]=$username; ## This provides access for "loginform.ihtml"
}
--- 263,267 ----
if(isset($username)) {
! $this->auth["uname"]=$username; ## This provides access for "crcloginform.ihtml"
}
Index: local4.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/local4.inc,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** local4.inc 1 Sep 2001 07:09:42 -0000 1.3
--- local4.inc 26 Feb 2002 08:13:25 -0000 1.4
***************
*** 29,33 ****
class Example_CT_Sql extends CT_Sql {
var $database_class = "DB_Example"; ## Which database to connect...
! var $database_table = "active_sessions"; ## and find our session data in this table.
}
--- 29,33 ----
class Example_CT_Sql extends CT_Sql {
var $database_class = "DB_Example"; ## Which database to connect...
! var $database_table = "active_sessions"; ## and find our session data in this table.
}
***************
*** 70,74 ****
## This class stores session data in cookies. You will also need to extend
## the Session class so that the only acceptable $mode is "cookie".
! ## A demo of this class is in pages/ct_cookie.php3
class Example_CT_Cookie extends CT_Cookie {
var $lifetime = 40;
--- 70,77 ----
## This class stores session data in cookies. You will also need to extend
## the Session class so that the only acceptable $mode is "cookie".
! ## A demo of this class is in pages/ct_cookie.php3.
! ## Because cookies are *required* for this storage method, it is not
! ## recommended for production systems. If a user refuses cookies, this
! ## storage method will not work at all.
class Example_CT_Cookie extends CT_Cookie {
var $lifetime = 40;
***************
*** 113,116 ****
--- 116,120 ----
var $classname = "Example_User";
+ var $magic = "Abracadabra"; ## ID seed
var $that_class = "Example_CT_Sql"; ## name of data storage container class
}
***************
*** 153,157 ****
var $classname = "Example_Challenge_Auth";
! var $lifetime = 15;
var $magic = "Simsalabim"; ## Challenge seed
--- 157,161 ----
var $classname = "Example_Challenge_Auth";
! var $lifetime = 15;
var $magic = "Simsalabim"; ## Challenge seed
***************
*** 174,178 ****
if(isset($username)) {
! $this->auth["uname"]=$username; ## This provides access for "loginform.ihtml"
}
$this->db->query(sprintf("select p_user_id,p_perms,p_password ".
--- 178,182 ----
if(isset($username)) {
! $this->auth["uname"]=$username; ## This provides access for "crloginform.ihtml"
}
$this->db->query(sprintf("select p_user_id,p_perms,p_password ".
***************
*** 181,184 ****
--- 185,192 ----
addslashes($username)));
+ if ($this->db->num_rows() == 0) {
+ return false;
+ }
+
while($this->db->next_record()) {
$uid = $this->db->f("p_user_id");
***************
*** 260,264 ****
if(isset($username)) {
! $this->auth["uname"]=$username; ## This provides access for "loginform.ihtml"
}
--- 268,272 ----
if(isset($username)) {
! $this->auth["uname"]=$username; ## This provides access for "crcloginform.ihtml"
}
***************
*** 270,273 ****
--- 278,285 ----
$this->database_table,
addslashes($username)));
+
+ if ($this->db->num_rows() == 0) {
+ return false;
+ }
while($this->db->next_record()) {
|
|
From: Richard A. <ric...@us...> - 2002-02-26 07:54:44
|
Update of /cvsroot/phplib/php-lib
In directory usw-pr-cvs1:/tmp/cvs-serv8275
Modified Files:
CHANGES
Log Message:
Fixed [ #517150 ] prepend.php3 needs ct_cookie mods
Index: CHANGES
===================================================================
RCS file: /cvsroot/phplib/php-lib/CHANGES,v
retrieving revision 1.189
retrieving revision 1.190
diff -C2 -d -r1.189 -r1.190
*** CHANGES 4 Sep 2001 00:21:19 -0000 1.189
--- CHANGES 26 Feb 2002 07:54:41 -0000 1.190
***************
*** 1,4 ****
--- 1,9 ----
$Id$
+ 26-Feb-2002 richardarcher
+ - Fixed [ #517150 ] prepend.php3 needs ct_cookie mods
+ Added cookie.inc requires to prepend.php3, and a warning to local.inc.
+
+
04-Sep-2001 richardarcher
- Add ct_cookie.inc, a container class that stores data in cookies.
|
|
From: Richard A. <ric...@us...> - 2002-02-26 07:53:42
|
Update of /cvsroot/phplib/php-lib/php In directory usw-pr-cvs1:/tmp/cvs-serv7958 Modified Files: prepend.php3 Log Message: Fixed [ #517150 ] prepend.php3 needs ct_cookie mods Index: prepend.php3 =================================================================== RCS file: /cvsroot/phplib/php-lib/php/prepend.php3,v retrieving revision 1.21 retrieving revision 1.22 diff -C2 -d -r1.21 -r1.22 *** prepend.php3 21 Aug 2001 12:56:22 -0000 1.21 --- prepend.php3 26 Feb 2002 07:53:39 -0000 1.22 *************** *** 40,43 **** --- 40,47 ---- . ".inc"); + # Load CT_Cookie classes + require($_PHPLIB["libdir"] . "ct_cookie.inc"); + require($_PHPLIB["libdir"] . "ct_cookie_rc4.inc"); + # Load authentication management classes require($_PHPLIB["libdir"] . "auth/auth" |
|
From: Richard A. <ric...@us...> - 2002-02-26 07:52:54
|
Update of /cvsroot/phplib/php-lib/php
In directory usw-pr-cvs1:/tmp/cvs-serv13961
Modified Files:
local.inc
Log Message:
Fixed [ #517150 ] prepend.php3 needs ct_cookie mods
Index: local.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/local.inc,v
retrieving revision 1.36
retrieving revision 1.37
diff -C2 -d -r1.36 -r1.37
*** local.inc 1 Sep 2001 07:09:42 -0000 1.36
--- local.inc 26 Feb 2002 07:52:52 -0000 1.37
***************
*** 70,74 ****
## This class stores session data in cookies. You will also need to extend
## the Session class so that the only acceptable $mode is "cookie".
! ## A demo of this class is in pages/ct_cookie.php3
class Example_CT_Cookie extends CT_Cookie {
var $lifetime = 40;
--- 70,77 ----
## This class stores session data in cookies. You will also need to extend
## the Session class so that the only acceptable $mode is "cookie".
! ## A demo of this class is in pages/ct_cookie.php3.
! ## Because cookies are *required* for this storage method, it is not
! ## recommended for production systems. If a user refuses cookies, this
! ## storage method will not work at all.
class Example_CT_Cookie extends CT_Cookie {
var $lifetime = 40;
|
|
From: Richard A. <ric...@us...> - 2002-02-26 06:26:15
|
Update of /cvsroot/phplib/php-lib-stable
In directory usw-pr-cvs1:/tmp/cvs-serv13291
Modified Files:
CHANGES
Log Message:
fixed [ #480851 ] "call by reference" warning in user.inc
Index: CHANGES
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/CHANGES,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** CHANGES 6 Jan 2002 15:10:46 -0000 1.12
--- CHANGES 26 Feb 2002 06:26:11 -0000 1.13
***************
*** 1,4 ****
--- 1,7 ----
$Id$
+ 26-Feb-2002 richardarcher
+ - fixed [ #480851 ] "call by reference" warning in user.inc
+
06 JAN 2002 9:58AM EST nathan r. hruby <na...@ds...>
- Fixed wrong year in my last serveral CHANGES entries :)
|
|
From: Richard A. <ric...@us...> - 2002-02-26 06:26:15
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv13291/php
Modified Files:
user.inc
Log Message:
fixed [ #480851 ] "call by reference" warning in user.inc
Index: user.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/user.inc,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** user.inc 27 Aug 2001 01:07:22 -0000 1.3
--- user.inc 26 Feb 2002 06:26:11 -0000 1.4
***************
*** 63,68 ****
$str="";
! $this->serialize("this->in",&$str);
! $this->serialize("this->pt",&$str);
reset($this->pt);
--- 63,68 ----
$str="";
! $this->serialize("this->in", $str);
! $this->serialize("this->pt", $str);
reset($this->pt);
***************
*** 70,74 ****
$thing=trim($thing);
if ( $thing ) {
! $this->serialize("GLOBALS['".$thing."']",&$str);
}
}
--- 70,74 ----
$thing=trim($thing);
if ( $thing ) {
! $this->serialize("GLOBALS['".$thing."']", $str);
}
}
|
|
From: nathan h. <nh...@us...> - 2002-01-06 15:10:49
|
Update of /cvsroot/phplib/php-lib-stable
In directory usw-pr-cvs1:/tmp/cvs-serv13085
Modified Files:
CHANGES
Log Message:
fix sf bug [ #500160 ] Invalid use of (php)header function
Index: CHANGES
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/CHANGES,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -d -r1.11 -r1.12
*** CHANGES 2002/01/05 16:15:12 1.11
--- CHANGES 2002/01/06 15:10:46 1.12
***************
*** 1,8 ****
$Id$
! 05 JAN 2001 11;06AM EST nathan r. hruby <na...@ds...>
- Fixed wrong pathname in prepend.php3
! 05 JAN 2001 10:30AM EST nathan r. hruby <na...@ds...>
- Added Max's php4 native session stuff to unsup/ for a twirl :)
- Upped version to 7.4-pre1, packaged and released as such
--- 1,14 ----
$Id$
! 06 JAN 2002 9:58AM EST nathan r. hruby <na...@ds...>
! - Fixed wrong year in my last serveral CHANGES entries :)
! - Fixed [ #500160 ] Invalid use of (php)header function
! - By adding "false" flag to header() calls that send the same header.
! - Thanks to Huib Kleinhout <kn...@us...>
!
! 05 JAN 2002 11:06AM EST nathan r. hruby <na...@ds...>
- Fixed wrong pathname in prepend.php3
! 05 JAN 2002 10:30AM EST nathan r. hruby <na...@ds...>
- Added Max's php4 native session stuff to unsup/ for a twirl :)
- Upped version to 7.4-pre1, packaged and released as such
|
|
From: nathan h. <nh...@us...> - 2002-01-06 15:10:49
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv13085/php
Modified Files:
session.inc
Log Message:
fix sf bug [ #500160 ] Invalid use of (php)header function
Index: session.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/session.inc,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** session.inc 2001/08/29 07:30:21 1.12
--- session.inc 2002/01/06 15:10:46 1.13
***************
*** 447,451 ****
header("Last-Modified: " . $mod_gmt);
header("Cache-Control: public");
! header("Cache-Control: max-age=" . $this->allowcache_expire * 60);
break;
--- 447,451 ----
header("Last-Modified: " . $mod_gmt);
header("Cache-Control: public");
! header("Cache-Control: max-age=" . $this->allowcache_expire * 60, false);
break;
***************
*** 455,460 ****
header("Last-Modified: " . $mod_gmt);
header("Cache-Control: private");
! header("Cache-Control: max-age=" . $this->allowcache_expire * 60);
! header("Cache-Control: pre-check=" . $this->allowcache_expire * 60);
break;
--- 455,460 ----
header("Last-Modified: " . $mod_gmt);
header("Cache-Control: private");
! header("Cache-Control: max-age=" . $this->allowcache_expire * 60, false);
! header("Cache-Control: pre-check=" . $this->allowcache_expire * 60, false);
break;
***************
*** 463,467 ****
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache");
! header("Cache-Control: post-check=0, pre-check=0");
header("Pragma: no-cache");
break;
--- 463,467 ----
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache");
! header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
break;
|
|
From: nathan h. <nh...@us...> - 2002-01-05 16:15:15
|
Update of /cvsroot/phplib/php-lib-stable
In directory usw-pr-cvs1:/tmp/cvs-serv18348
Modified Files:
CHANGES Makefile
Log Message:
Fixed pathname in prepend.php3
Index: CHANGES
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/CHANGES,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** CHANGES 2002/01/05 15:47:37 1.10
--- CHANGES 2002/01/05 16:15:12 1.11
***************
*** 1,4 ****
--- 1,7 ----
$Id$
+ 05 JAN 2001 11;06AM EST nathan r. hruby <na...@ds...>
+ - Fixed wrong pathname in prepend.php3
+
05 JAN 2001 10:30AM EST nathan r. hruby <na...@ds...>
- Added Max's php4 native session stuff to unsup/ for a twirl :)
Index: Makefile
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** Makefile 2000/07/12 18:22:31 1.2
--- Makefile 2002/01/05 16:15:12 1.3
***************
*** 48,54 ****
tar cvf ${BSF}.tar ${DISTDIR} > /dev/null
gzip -c9 ${BSF}.tar > ${BSF}.tar.gz
! bzip2 -c9 ${BSF}.tar > ${BSF}.tar.bz2
! zip -r9 ${BSF}.zip ${DISTDIR} &> /dev/null
! shar -z ${DISTDIR} > ${BSF}.shar 2>/dev/null
rm ${BSF}.tar
rm -rf ${DISTDIR}
--- 48,54 ----
tar cvf ${BSF}.tar ${DISTDIR} > /dev/null
gzip -c9 ${BSF}.tar > ${BSF}.tar.gz
! #bzip2 -c9 ${BSF}.tar > ${BSF}.tar.bz2
! #zip -r9 ${BSF}.zip ${DISTDIR} &> /dev/null
! #shar -z ${DISTDIR} > ${BSF}.shar 2>/dev/null
rm ${BSF}.tar
rm -rf ${DISTDIR}
|
|
From: nathan h. <nh...@us...> - 2002-01-05 16:15:15
|
Update of /cvsroot/phplib/php-lib-stable/php In directory usw-pr-cvs1:/tmp/cvs-serv18348/php Modified Files: prepend.php3 Log Message: Fixed pathname in prepend.php3 Index: prepend.php3 =================================================================== RCS file: /cvsroot/phplib/php-lib-stable/php/prepend.php3,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** prepend.php3 2002/01/05 15:47:37 1.6 --- prepend.php3 2002/01/05 16:15:12 1.7 *************** *** 14,18 **** # Can't control your include path? # Point this to your PHPLIB base directory. Use a trailing "/"! ! $_PHPLIB["libdir"] = "/home/nathan/webDevel/php-lib-stable/php/"; require($_PHPLIB["libdir"] . "db_mysql.inc"); /* Change this to match your database. */ --- 14,18 ---- # Can't control your include path? # Point this to your PHPLIB base directory. Use a trailing "/"! ! $_PHPLIB["libdir"] = ""; require($_PHPLIB["libdir"] . "db_mysql.inc"); /* Change this to match your database. */ |
|
From: nathan h. <nh...@us...> - 2002-01-05 15:47:40
|
Update of /cvsroot/phplib/php-lib-stable/unsup
In directory usw-pr-cvs1:/tmp/cvs-serv12678/unsup
Added Files:
README_session4_custom session4_custom.inc user4.inc
Log Message:
Added Max's sessions and user php4 stuff
Upped VERSION to 7.4-pre1 for release
--- NEW FILE: README_session4_custom ---
$Id: README_session4_custom,v 1.1 2002/01/05 15:47:37 nhruby Exp $
session4_custom.inc installation an use.
The session4_custom.inc file contains the implementation of PHPLIB
Session class using native PHP4 sessions engine. This README covers
differencies between old Session and the new one, installation and use
of the Session class from session4_custom.inc through version 1.6.
Preface. Why the damn thing is happened.
Many people say that we do not need PHPLib session interface anymore
since session support is now built in PHP4.
I have some objections.
The first is that many many applications was written using PHPLib, so
the rewrite should be done.
The second is that the Session class is really very convenient way to
manage sessions. And it, of course, could be used as a framework for
session management, while using new PHP4 session API, that, of course,
is much more fast than the old PHPLib Session API.
Moreover, there is a lot of stuff in the PHP session module that could
be tweaked. You can tweak it using php.ini directives. You can also tweak
it using session api functions. There are many of them. I doubt that it is
convenient to call them explicitly on every page. PHPLib Session class can
do it for you using user-supplied values, and one $sess->start() call can do
all custom tweaking and start the session with the parameters you want.
The third is that PHPlib has always had session data storage abstraction. Native
PHP4 session module gives you a choice to use either files or shared memory as
the storage for session data. If you want to store the data anywhere else, you
should supply your custom functions. PHPLib has had this functions for years -
they are in CT_* classes. Why not use them as our custom storage containers?
So, given this arguments, we could talk about something that I call the
'session abstraction', similar to the DB abstraction. Using this class you can
tweak almost every session parameter - cookie headers, cache management, session
name, storage mechanism, url rewriting .... from one place - your
custom Session subclass declaration. Of course, there would be some overhead
compared to using PHP4 session functions explicitly. But I estimate that overhead
as negligible, while the benefits are too lucrative :).
1. How it works.
The new Session object is written as a wrapper over native PHP4 session
handling functions. It was written with compatibility in mind, while some
of the compatibility somewhere was sacrificed in favor of performance.
The class can use either native PHP4 session storage (currently 'files'
and 'mm' modules) or PHPLib custom storage containers, implemented in
CT_* classes, that currently can store data in a SQL database, DBM files,
LDAP directories, and anything else, if you provide necessary CT_Something class.
1.1. Storage.
The storage mechanism is set by the $module property (that is missing from the
old Session). The $module could take 'user', 'files' or 'mm' value. If the value is
'files' or 'mm', the Session will set its storage module to a respective native
PHP4 session storage module. If you use 'files' module you can set $save_path property
to a value of the directory where you intend to store session data. Otherwise
default value from php.ini will be used.
If $module is set to 'user', the PHPLib's custom CT_* container will be used. To
define which custom container will bw used, set $that_class in your Session subclass,
like you do with the old Session. I suppose that your subclass that works with the
old Session, will work with the new one.
If the custom storage is used, session_set_save_handler() will be called during
session startup. If you use PHP version earlier then 4.0.4, use version 1.3 of the
session4_custom.inc from CVS. Since version 4.0.4 the session_set_save_handler() can
take array ($class, 'method') arguments, and this behavior is used in session4_custom.inc
after version 1.3, but it is not compatible with previous versions of PHP. I'd recommend
you to upgrade, since version 1.3 of session4_custom.inc lacks many features that are
present in the current version.
1.2. Cookies and cache.
The class does some session tweaking using supplied values. It modifies session
cookie header using $cookie_path, $cookiename, $lifetime and $cookie_domain properties.
the behaviour is similar to the old classs'. Caching behaviour is managed by $allowcache
and $allowcache_expire methods, similar to the old class.
1.3. Url rewriting.
PHPlib Session has url() and friends to append session_name=session_id pair to an url if
the session cookies are not used. This class has similar functionality, but has some
changes as well. First, $mode and $fallback_mode are not necessary - their handling is
done automatically, since PHP4 session engine will always try to set a session cookie, if
session.use_cookies in the php.ini is set to true. If you don't like session cookies, set
this parameter in the php.ini to 0, false or Off. There is currently no possibility to
change this parameter from within the script.
Another change is that now url() and friends respect the $trans_sid_used property settings.
Set $trans_sid_used to true if you are ABSOLUTELY sure that trans_sid feature works
in your setup. There is a session.use_trans_sid parameter in php.ini, but it shows me 1
even when i don't compile PHP with --enable-trans-sid option. So, if you are sure,
set $trans_sid_used property to true value, and url() and friends won't append anything
to your urls, get_hidden_session() will return nothing, and all this will be done by
trans_sid feature.
1.4. Session id.
get_id() now does not respect any value passed to it, actually it is now get_id(void).
This is done because native PHP4 session mechanism now determines the session id itself.
All the things above configured by default in a manner that they don't break existing
PHPLib-based applications. The default storage method is 'user', that will cause using
PHPLib's custom storage containers. The $trans_sid_used method is not set to true. Cache
and cookies parameters are the same, as in the Session class from PHPLib ver. 7.2c.
2. The main differences.
The main differences from previous PHPLib Session are the auto_init file use, session data
format, serialize() and thaw(), use of page_close() and use of the User class.
2.1. Serialize(), thaw(), register(), and the new data format.
The new Session the serialize() behavior is changed. Now serialize() is the wrapper over
native session_encode(), that returns session data in a native serialize() format or WDDX
format, corresponding to the php.ini's session.serialize_handler. It much more faster, then
using the old serialize(), that, using recursive calls, produced plain PHP code that should
be feed to eval() in thaw() then.
The $persistent_slots in objects that should be registered in a session are no longer
respected - all the class properties are now saved with the session.
Thaw() is used as the custom session read handler now. It does not actually 'microwave'
frozen variables, it just pass serialized session data to the session engine. To reimport
session data use unserialize() (which is a wrapper over the session_decode() itself).
Register() does not fill $pt array, it uses native session_register() instead. The session
data is actually a serialized representation of $HTTP_SESSION_VARS array. So, you can not
register any class property without registering the class itself. Register() can register
only global variables. E.g. the old Session registers $sess->in property as a marker,
whether auto_init file was used or not. That is not possible with the new register().
(Auto_init issues will be covered shortly).
And, as you could see, the new session data format is uncompatible with the old one. But
I suppose this should not affect any PHPlib-based applications.
2.2. Auto_init issues.
The auto_init file was called if $sess->in is false. $sess->in was registered as the session
variable, and if the auto_init file was called (at session initialization), it was set to
true, and the auto_init file was not called in subsequent requests. But, as it was explained
before, $sess->in can not be respected now, since it won't be saved as the session variable.
Auto_init file will be called at every request. So, you'll need to modify your auto_init
file so it could check, if the things that should be initialized only once have been
already initialized. E.g.:
#setup.inc - the default auto_init file
<?php
if (!$sess->is_registered('cart')) {
$cart = new Cart;
$cart->start();
}
?>
2.3. Page_close() use.
The native PHP4 session engine automatically saves the session data at script shutdown. To
prevent multiple attempts to save the session data you should disable call to $sess->freeze()
in page_close() (see page.inc, the example in the current CVS). Actually, if you don't use
the User class, you don't need page_close() at all anymore. The bad side that you can not
currently manage read-only sessions. In a framed page you could call page_close() only in
one frame, while other frames used the session read-only. Otherwise there are chances
that frames will spoil your application by attempting to write session state at the same
time, causing DB errors, or rewriting the data registered in a neighbor frame. The feature
request for read-only session possibility is sent to the PHP Group, so the situation can
change shortly.
2.4. User class.
The User class had been designed as an extension of the Session class. It had worked ok
with the previous Session classes. But The new Session class is incompatible with the old
User, since many methods in the current Session are the wrappers over native session
functions, and they can not be used in the User class. I supplied a User class that should
work with this Session variant - see user4.inc. It is no more extended the Session, while,
of course, has the same API functions as earlier. It now uses native serialize(), which
is much faster, as it said before, and $persistent_slots in objects are not respected
anymore. That is also apply to the $classname properties, as serialize() now determines
the names of serialized classes automatically.
The data format of the saved user data, of course, also has changed.
A simpliest program to convert old user data to the new format:
(Call it with the *OLD* user class.)
<?php
$db = new DB_Sql;
$query = "select sid from active_sessions "
. "where name = 'Your_user_class' ";
while ($db->next_record()) {
$user = new Your_User_Class;
$user->start($db->f('sid'));
$PHPLIB_USER_VARS = array();
while (list ($key) = each ($user->pt)) {
$PHPLIB_USER_VARS[$key] = $$key;
}
$value = serialize($PHPLIB_USER_VARS);
$user->that->ac_store($user->id, $user->name, $value);
// don't call page_close()
}
?>
This should convert all the user data in the table to the new format (I guess :)).
Good luck!
Maxim Derkachev <ko...@bo...>
P.S. Maybe I missed something. If you want to add something here, feel free to contact me.
P.P.S. Sorry for my poor English :)
--- NEW FILE: session4_custom.inc ---
<?php
require_once($_PHPLIB["libdir"]."session/session4.inc");
/**
* PHPLib Sessions using PHP 4 build-in sessions and PHPLib storage container
*
* @copyright (c) 1998,1999 NetUSE GmbH Boris Erdmann, Kristian Koehntopp,
* 2000 Maxim Derkachev <ko...@bo...>,
* 2000 Teodor Cimpoesu <te...@di...>
* @author Maxim Derkachev <ko...@bo...>, Teodor Cimpoesu <te...@di...>,
* Ulf Wendel <uw...@ne...>
* @version $Id: session4_custom.inc,v 1.1 2002/01/05 15:47:37 nhruby Exp $
* @package PHPLib
* @access public
*/
class Session_Custom extends Session {
/**
* session storage module - user, files or mm
*
* @var string
*/
var $module = 'user';
/**
* where to save session files if module == files
*
* @var string
*/
var $save_path;
/**
* Name of data storage container
*
* var string
*/
var $that_class = '';
/**
*
* @var object CT_*
*/
var $that;
/**
* Purge all session data older than 1440 minutes.
*
* @var int
*/
var $gc_time = 1440;
/**
* Garbaga collection probability
*
* Set this in php.ini or httpd.conf (.htaccess)
*
* @var int
*/
var $gc_probability;
/**
* initialization
*/
function start() {
$this->set_container();
return Session::start();
} // end func
// the following functions used in session_set_save_handler
/**
* Open callback
*
* abstract
*/
function open() {
return true;
} // end func open
/**
* Close callback
*
* @abstract
*/
function close() {
return true;
} // end func close
/**
* Delete callback
*/
function del() {
if ($this->module == 'user') {
$this->that->ac_delete($this->id, $this->name);
$this->put_id();
}
return true;
} // end func del
/*
* Write callback.
*
*/
function freeze() {
if ($this->module == 'user') {
$r = $this->that->ac_store($this->id, $this->name, session_encode());
$this->release_lock();
if(!$r)
$this->that->ac_halt("Session: freeze() failed.");
}
} // end func freeze
/**
* Read callback.
*/
function thaw() {
if ($this->module == 'user') {
# $this->get_lock();
return $this->that->ac_get_value(session_id(), $this->name);
}
return true;
}
/**
* gc callback.
*
* Destroy all session data older than $this->gc_time
*
*/
function gc() {
if ($this->module == 'user') {
if (empty($this->gc_time))
$this->gc_time = get_cfg_var("session.gc_maxlifetime");
return $this->that->ac_gc($this->gc_time, $this->name);
}
return true;
} // end func gc
// helper functions used in initialization
/**
* ?
*
*/
function set_container(){
switch ($this->module) {
case "user" :
session_module_name('user');
$name = $this->that_class;
$this->that = new $name;
$this->that->ac_start();
// set custom session handlers
session_set_save_handler(array (&$this, 'open'),
array (&$this, 'close'),
array (&$this, 'thaw'),
array (&$this, 'freeze'),
array (&$this, 'del'),
array (&$this, 'gc')
);
break;
case "mm":
session_module_name('mm');
break;
case "files" :
default:
if ($this->save_path)
session_save_path($this->save_path);
session_module_name('files');
break;
}
} // end func set_container
/**
* ?
*/
function get_lock() {
$this->that->ac_get_lock();
} // end func get_clock
/**
* ?
*/
function release_lock() {
$this->that->ac_release_lock();
} // end func release_lock
} // end class Session4_Custom
?>
--- NEW FILE: user4.inc ---
<?php
/**
* Session Management for PHP3
*
* @copyright 1998,1999 NetUSE GmbH Boris Erdmann, Kristian Koehntopp
* 2001, Maxim Derkachev <ko...@bo...>
* @version $Id: user4.inc,v 1.1 2002/01/05 15:47:37 nhruby Exp $
* @package PHPLib
* @access public
*/
class User {
/**
*
*/
var $classname = "User";
/**
* AC storage name
*
* @var string
*/
var $name = "";
/**
* AC storage ID
*
* @var string
*/
var $id = "";
/**
* A name of a global array where references to registered user vars are stored.
*
* @var string
*/
var $vars_array = 'PHPLIB_USER_VARS';
/**
* Do we need to push user vars into global namespace?
*
* (they are anyway accessible via special array, $PHPLIB_USER_VARS by default
*
* @var boolean
*/
var $register_globals = true;
/**
* Name of data storage container
*
* var string
*/
var $that_class = '';
/**
*
* @var object CT_*
*/
var $that;
/**
*
* @param string
*/
function start($sid = '') {
$this->get_id($sid);
if ("" == $this->name)
$this->name = $this->classname;
$name = $this->that_class;
$this->that = new $name;
$this->that->ac_start();
$this->thaw();
} // end func start
/**
* registers user variables
*
* @param array
*/
function register ($things) {
$things = preg_split('/\s*,\s*/', trim($things) );
foreach ($things as $thing) {
if (!isset($GLOBALS[$thing]))
continue;
$GLOBALS[$this->vars_array][$thing] =& $GLOBALS[$thing];
}
} // end func register
/**
* find out if a var is registered user variable
*
* @param string
*/
function is_registered($name) {
return (boolean)(isset($GLOBALS[$this->vars_array][trim($name)]));
} // end func is_registered
/**
* cancel the registration of a registered user variables
*
*/
function unregister($things) {
$things = preg_split('/\s*,\s*/', trim($things) );
foreach ($things as $thing) {
if (!isset ($GLOBALS[$this->vars_array][$thing]))
continue;
unset ($GLOBALS[$this->vars_array][$thing]);
}
} // end func unregister
/**
*
* @param string
*/
function get_id($id = "") {
$this->id = $id;
} // end func get_id
/**
* Delete the current user record
*/
function delete() {
$this->that->ac_delete($this->id, $this->name);
} // end func delete
/**
* serializes user data (stored in $GLOBALS[$this->vars_array])
*/
function serialize() {
return serialize($GLOBALS[$this->vars_array]);
} // end func serialize
/**
* prepare serialized user data and store it in a storage container
*
*/
function freeze() {
if ($this->id == 'nobody')
return;
if(!$this->that->ac_store($this->id, $this->name, $this->serialize()))
$this->that->ac_halt("User: freeze() failed.");
} // end func freeze
/*
* restore saved registered user variables
**/
function thaw() {
$vals = $this->that->ac_get_value($this->id, $this->name);
$GLOBALS[$this->vars_array] = unserialize($vals);
if ($this->register_globals && is_array ($GLOBALS[$this->vars_array]) ) {
reset ($GLOBALS[$this->vars_array]);
while (list ($k, $v) = each ($GLOBALS[$this->vars_array])) {
$GLOBALS[$k] = $v;
$GLOBALS[$this->vars_array][$k] =& $GLOBALS[$k]; // change the entry in user vars array, so it is now a reference pointing to a global variable.
}
}
} // end func thaw
} // end class User
?>
|
|
From: nathan h. <nh...@us...> - 2002-01-05 15:47:40
|
Update of /cvsroot/phplib/php-lib-stable/php In directory usw-pr-cvs1:/tmp/cvs-serv12678/php Modified Files: prepend.php3 Log Message: Added Max's sessions and user php4 stuff Upped VERSION to 7.4-pre1 for release Index: prepend.php3 =================================================================== RCS file: /cvsroot/phplib/php-lib-stable/php/prepend.php3,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** prepend.php3 2001/08/11 07:12:14 1.5 --- prepend.php3 2002/01/05 15:47:37 1.6 *************** *** 14,18 **** # Can't control your include path? # Point this to your PHPLIB base directory. Use a trailing "/"! ! $_PHPLIB["libdir"] = ""; require($_PHPLIB["libdir"] . "db_mysql.inc"); /* Change this to match your database. */ --- 14,18 ---- # Can't control your include path? # Point this to your PHPLIB base directory. Use a trailing "/"! ! $_PHPLIB["libdir"] = "/home/nathan/webDevel/php-lib-stable/php/"; require($_PHPLIB["libdir"] . "db_mysql.inc"); /* Change this to match your database. */ |
|
From: nathan h. <nh...@us...> - 2002-01-05 15:47:40
|
Update of /cvsroot/phplib/php-lib-stable
In directory usw-pr-cvs1:/tmp/cvs-serv12678
Modified Files:
CHANGES VERSION
Log Message:
Added Max's sessions and user php4 stuff
Upped VERSION to 7.4-pre1 for release
Index: CHANGES
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/CHANGES,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** CHANGES 2001/08/29 21:03:27 1.9
--- CHANGES 2002/01/05 15:47:37 1.10
***************
*** 1,4 ****
--- 1,8 ----
$Id$
+ 05 JAN 2001 10:30AM EST nathan r. hruby <na...@ds...>
+ - Added Max's php4 native session stuff to unsup/ for a twirl :)
+ - Upped version to 7.4-pre1, packaged and released as such
+
29 Aug 2001 richardarcher
- Fixed possible cross-site scripting attack by making sess->url()
Index: VERSION
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/VERSION,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** VERSION 2000/04/17 16:48:30 1.2
--- VERSION 2002/01/05 15:47:37 1.3
***************
*** 1 ****
! 7.2c
--- 1 ----
! 7.4-pre1
|
|
From: Layne W. <lay...@us...> - 2001-10-12 16:19:44
|
Update of /cvsroot/phplib/php-lib/php/db/mysql
In directory usw-pr-cvs1:/tmp/cvs-serv28837/php/db/mysql
Modified Files:
db_sql.inc
Log Message:
1. use $this->query() in both lock() and unlock()
2. removed redundant check of the $table array key
3. remove lock()'s locking mode limit of "read" and "write" when multiple tables are locked
"read local" and "low priority write" are both valid MySQL locks, but are not accepted by the previous function
Index: db_sql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/db/mysql/db_sql.inc,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -d -r1.11 -r1.12
*** db_sql.inc 2001/09/03 10:12:25 1.11
--- db_sql.inc 2001/10/12 16:19:29 1.12
***************
*** 164,187 ****
/* public: table locking */
! function lock($table, $mode="write") {
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! }
!
! $query="lock tables ";
if (is_array($table)) {
! while (list($key,$value)=each($table)) {
! if ($key=="read" && $key!=0) {
! $query.="$value read, ";
} else {
! $query.="$value $mode, ";
}
}
! $query=substr($query,0,-2);
} else {
! $query.="$table $mode";
}
! $res = @mysql_query($query, $this->Link_ID);
! if (!$res) {
$this->halt("lock() failed.");
return 0;
--- 164,184 ----
/* public: table locking */
! function lock($table, $mode = "write") {
! $query = "lock tables ";
if (is_array($table)) {
! while (list($key,$value) = each($table)) {
! if (!is_int($key)) {
! // texts key are "read", "read local", "write", "low priority write"
! $query .= "$value $key, ";
} else {
! $query .= "$value $mode, ";
}
}
! $query = substr($query,0,-2);
} else {
! $query .= "$table $mode";
}
! $res = $this->query($query);
! if (!$res) {
$this->halt("lock() failed.");
return 0;
***************
*** 191,199 ****
function unlock() {
! if (!$this->connect()) {
! return 0; /* we already complained in connect() about that. */
! }
!
! $res = @mysql_query("unlock tables", $this->Link_ID);
if (!$res) {
$this->halt("unlock() failed.");
--- 188,192 ----
function unlock() {
! $res = $this->query("unlock tables");
if (!$res) {
$this->halt("unlock() failed.");
|
|
From: Layne W. <lay...@us...> - 2001-10-12 16:16:19
|
Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv25854/php
Modified Files:
db_mysql.inc
Log Message:
1. use $this->query() in both lock() and unlock()
2. removed redundant check of the $table array key
3. remove lock()'s locking mode limit of "read" and "write" when multiple tables are locked
"read local" and "low priority write" are both valid MySQL locks, but are not accepted by the previous function
Index: db_mysql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/db_mysql.inc,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** db_mysql.inc 2001/08/21 02:20:04 1.7
--- db_mysql.inc 2001/10/12 16:16:16 1.8
***************
*** 166,187 ****
/* public: table locking */
! function lock($table, $mode="write") {
! $this->connect();
!
! $query="lock tables ";
if (is_array($table)) {
! while (list($key,$value)=each($table)) {
! if ($key=="read" && $key!=0) {
! $query.="$value read, ";
} else {
! $query.="$value $mode, ";
}
}
! $query=substr($query,0,-2);
} else {
! $query.="$table $mode";
}
! $res = @mysql_query($query, $this->Link_ID);
! if (!$res) {
$this->halt("lock() failed.");
return 0;
--- 166,186 ----
/* public: table locking */
! function lock($table, $mode = "write") {
! $query = "lock tables ";
if (is_array($table)) {
! while (list($key,$value) = each($table)) {
! if (!is_int($key)) {
! // texts key are "read", "read local", "write", "low priority write"
! $query .= "$value $key, ";
} else {
! $query .= "$value $mode, ";
}
}
! $query = substr($query,0,-2);
} else {
! $query .= "$table $mode";
}
! $res = $this->query($query);
! if (!$res) {
$this->halt("lock() failed.");
return 0;
***************
*** 191,200 ****
function unlock() {
! $this->connect();
!
! $res = @mysql_query("unlock tables", $this->Link_ID);
if (!$res) {
$this->halt("unlock() failed.");
- return 0;
}
return $res;
--- 190,196 ----
function unlock() {
! $res = $this->query("unlock tables");
if (!$res) {
$this->halt("unlock() failed.");
}
return $res;
|
|
From: Richard A. <ric...@us...> - 2001-09-04 00:21:22
|
Update of /cvsroot/phplib/php-lib/php
In directory usw-pr-cvs1:/tmp/cvs-serv2438/php
Added Files:
ct_cookie.inc ct_cookie_rc4.inc
Log Message:
Add ct_cookie.inc, a container class that stores data in cookies.
Also, a documentation page, sample pages using the class for both
sess and user and an ARC4 implementation for encryption.
The basis for this class was posted to the support mailing list by
Ing. Alejandro Vzquez C. <al...@in...> in August 2000.
--- NEW FILE: ct_cookie.inc ---
<?php
##
## Copyright (c) 2000 Alejandro Vázquez C. <al...@ya...>
## Copyright (c) 2001 Richard Archer <rh...@ju...>
## This file is distributed under the GNU Lesser General Public
## License version 2, as distributed by Free Software Foundation.
## Please contact FSF for a copy of the licence terms:
## Free Software Foundation Voice: +1-617-542-5942
## 59 Temple Place - Suite 330 Fax: +1-617-542-2652
## Boston, MA 02111-1307, USA gn...@gn...
##
## $Id: ct_cookie.inc,v 1.1 2001/09/04 00:21:19 richardarcher Exp $
##
## PHPLIB Data Storage Container using cookies
##
/*
This class saves session data in cookies. It does data compression
using gzcompress() and provides md5 validation so an evil user
cannot change the session data.
Another (optional) feature is data encryption. When enabled, the user
cannot see what is inside the cookie. Included is ct_cookie_rc4,
a sample class that implements RC4 compatible encryption.
For best performance it would be best to use one of the crypt
libraries with a native PHP interface.
This container is designed for small apps that do not need to store
large amounts of data. By default, 7396 bytes of cookie data can be
stored (this includes the md5 hash and base64-encoded gzipped data).
Apache rejects any request whose headers are larger than 8190 bytes.
You can hack your Apache to increase this storage limit!
It is useful also for those with limited control over their server
environment. Pages that use ct_cookie.inc do not need any special
sql/db/file configuration.
NOTE: If you use CT_Cookie your session mode must be "cookie".
If sessions fall back to get mode the session data will be lost.
Also note that many people reject cookies while surfing. This makes
CT_Cookie somewhat unreliable, but it can be useful if you offer the
user a choice of storing their profile on the server or in a cookie.
Session cookies ($this->lifetime = 0) may be accepted more often than
permanent cookies.
*/
class CT_Cookie {
var $magic = ""; # CHANGE THIS! It should be a random string.
var $gzlevel = 0; # This is the level of compression desired.
# Requires zlib support in PHP.
# 0 = no compression
# 1 = fast -> 9 = smaller
# -1 = default setting of gzcompress().
var $lifetime = 0; # Lifetime in minutes for cookies.
# 0 = session cookies.
var $cookie_max_length = 3968; # Maximum size for every single cookie.
# The spec says it can be up to 4kb.
var $max_cookies = 2; # Maximum allowed number of cookies.
# The spec says it can be up to 20.
# Maximum amount of data = 4kb*20 = 80kb!
# Note: Apache rejects any request
# whose headers are larger than 8190.
var $cookie_domain = ''; # Domain for cookies.
var $enable_buffering = true; # Set to false if you don't want to
# use ob_start()/ob_end_flush(), however
# you would need to call page_close()
# before any output is made otherwise
# PHP will not be able to send cookies.
# Requires PHP4 for output buffer support.
var $encrypt_class = false; # Name of the class implementing a
# (de)ciphering algorithm.
# false = no encryption (plaintext).
var $encrypt_key = ""; # Encryption key. Set to a random string.
var $last_md5 = false; # Internal variable (to avoid setting the
# same cookie twice).
var $debug = false; # Enables some debug output for troubleshooting
function ac_start() {
if (!isset($this->magic) || $this->magic == "") {
$this->ac_halt("CT_Cookie: you need to change the magic value!<br>".
"If it is known, a hacker can hijack your user's sessions!");
}
if ($this->enable_buffering) {
ob_start();
register_shutdown_function(create_function('', 'ob_end_flush();'));
}
}
function encode_val($val) {
if ($this->gzlevel == -1) {
$gzval = gzcompress($val);
}
else if ($this->gzlevel > 0) {
$gzval = gzcompress($val, $this->gzlevel);
}
else {
$gzval = $val;
}
$md5_val = md5($this->magic . ":{$val}");
if ($this->encrypt_class != false) {
if ($this->encrypt_key == "") {
$this->ac_halt('CT_Cookie: you have to setup the key before using encryption!');
}
$eclass = $this->encrypt_class;
$cipher = new $eclass;
$cipher->setupKey(md5($this->magic . ':' . $this->encrypt_key));
$gzval = $cipher->encrypt($gzval);
}
$encoded_val = $md5_val . base64_encode($gzval);
if (strlen($encoded_val) > ($this->cookie_max_length * $this->max_cookies)) {
if ($this->debug) {
echo ('CT_Cookie: Tried to store too much data in cookies!<br>');
}
return false;
}
$splitted = array();
while(strlen($encoded_val) > $this->cookie_max_length) {
$splitted[] = substr($encoded_val, 0, $this->cookie_max_length);
$encoded_val = substr($encoded_val, $this->cookie_max_length);
}
$splitted[] = $encoded_val;
return $splitted;
}
function decode_val($val) {
if (is_array($val)) {
$encoded_val = implode('', $val);
}
else {
$encoded_val = $val;
}
if (!ereg('^([0-9a-z]{32})([0-9A-Za-z/+=]+)$', $encoded_val, $splitted)) {
if ($this->debug) {
echo ('CT_Cookie debug: Failed to find our data in val!<br>');
}
return false;
}
$md5_val = $splitted[1];
$gzval = @base64_decode($splitted[2]);
if ($this->encrypt_class != false) {
if ($this->encrypt_key == "") {
$this->ac_halt('CT_Cookie: you have to setup the key before using encryption!');
}
$eclass = $this->encrypt_class;
$cipher = new $eclass;
$cipher->setupKey(md5($this->magic . ':' . $this->encrypt_key));
$gzval = $cipher->decrypt($gzval);
}
if ($this->gzlevel != 0) {
$val = @gzuncompress($gzval);
}
else {
$val = $gzval;
}
if (md5($this->magic . ":{$val}") != $md5_val) {
if ($this->debug) {
echo ('CT_Cookie debug: md5 value does not match data!<br>');
}
return false;
}
return $val;
}
function ac_store($id, $name, $str) {
global $HTTP_COOKIE_VARS;
$encoded_val = $this->encode_val($str);
if (!$encoded_val) {
return false;
}
$md5 = substr($encoded_val[0], 0, 32);
if (($this->lifetime == 0) && ($this->last_md5 == $md5)) {
return true;
}
reset($encoded_val);
if ($this->lifetime > 0) {
$then = time()+$this->lifetime*60;
}
else {
$then = 0;
}
$i = 0;
while(list(, $chunk) = each($encoded_val)) {
$cookie_ptr = "{$name}_" . chr($i + 97);
SetCookie($cookie_ptr, $chunk, $then, '/', $this->cookie_domain);
$HTTP_COOKIE_VARS[$cookie_ptr] = $chunk;
$i++;
}
for( ; $i < $this->max_cookies; $i++) {
$cookie_ptr = "{$name}_" . chr($i + 97);
if (isset($HTTP_COOKIE_VARS[$cookie_ptr])) {
SetCookie($cookie_ptr, '', 0, '/', $this->cookie_domain);
unset($HTTP_COOKIE_VARS[$cookie_ptr]);
}
}
return true;
}
function ac_get_value($id, $name) {
global $HTTP_COOKIE_VARS;
$encoded_val = '';
for($i = 0; $i < $this->max_cookies; $i++) {
$cookie_ptr = "{$name}_" . chr($i+97);
if (!isset($HTTP_COOKIE_VARS[$cookie_ptr])) {
break;
}
$encoded_val .= $HTTP_COOKIE_VARS[$cookie_ptr];
}
if (strlen($encoded_val) < 1) {
if ($this->debug) {
echo ("CT_Cookie debug: Cookie decoded to nothing!<br>");
}
return '';
}
$val = $this->decode_val($encoded_val);
if (!$val) {
return '';
}
$this->last_md5 = substr($encoded_val, 0, 32);
return $val;
}
function ac_delete($id, $name) {
global $HTTP_COOKIE_VARS;
if ($HTTP_COOKIE_VARS[$name] != $id) {
if ($this->debug) {
echo ("CT_Cookie debug: No cookies match name=$name and id=$id!<br>");
}
return;
}
for($i = 0; $i < $this->max_cookies; $i++) {
$cookie_ptr = "{$name}_" . chr($i+97);
if (isset($HTTP_COOKIE_VARS[$cookie_ptr])) {
SetCookie($cookie_ptr, '', 0, '/', $this->cookie_domain);
unset($HTTP_COOKIE_VARS[$cookie_ptr]);
}
}
}
function ac_newid($str, $name) {
return $str;
}
function ac_halt($s) {
echo "<b>{$s}</b>";
exit;
}
function ac_get_lock() {
# Nothing needed here.
}
function ac_release_lock() {
# Nothing needed here.
}
function ac_gc($gc_time, $name) {
# Nothing needed here.
}
}
?>
--- NEW FILE: ct_cookie_rc4.inc ---
<?php
##
## Copyright (c) 2000 Alejandro Vázquez C. <al...@ya...>
## This file is distributed under the GNU Lesser General Public
## License version 2, as distributed by Free Software Foundation.
## Please contact FSF for a copy of the licence terms:
## Free Software Foundation Voice: +1-617-542-5942
## 59 Temple Place - Suite 330 Fax: +1-617-542-2652
## Boston, MA 02111-1307, USA gn...@gn...
##
## $Id: ct_cookie_rc4.inc,v 1.1 2001/09/04 00:21:19 richardarcher Exp $
##
## PHPLIB Data Storage Container using cookies - RC4 encryption class
##
/*
This class provides an ciphering engine compatible with RC4.
To implement an alternative encoding you need to declare a class
with the following methods:
function setupKey($key);
It should do everything that is needed to start encoding/decoding
with the supplied key.
function encrypt($val);
It must encode the plaintext stored in $val, and return its ciphertext.
function decrypt($val);
It must decode the ciphertext stored in $val, and return its plaintext.
*/
class CT_Cookie_rc4 {
var $state, $state_save;
function setupKey($key) {
$this->state = array();
for($c = 0; $c < 256; $c++) {
$this->state[$c] = $c;
}
$i = 0;
$j = 0;
$key_len = strlen($key);
for($c = 0; $c < 256; $c++) {
$temp = $this->state[$c];
$j = (ord($key[$i]) + $temp + $j) % 256;
$this->state[$c] = $this->state[$j];
$this->state[$j] = $temp;
$i = ($i + 1) % $key_len;
}
$this->state_save = $this->state;
}
function do_rc4($val) {
$val_len = strlen($val);
$x = 0;
$y = 0;
$ret = '';
for($c = 0; $c < $val_len; $c++) {
$x = ($x + 1) % 256;
$temp = $this->state[$x];
$y = ($temp + $y) % 256;
$this->state[$x] = $this->state[$y];
$this->state[$y] = $temp;
$xorI = ($this->state[$x] + $temp) % 256;
$ret .= chr(ord($val[$c]) ^ $this->state[$xorI]);
}
return $ret;
}
function encrypt($val) {
$this->state = $this->state_save;
return $this->do_rc4($val);
}
function decrypt($val) {
$this->state = $this->state_save;
return $this->do_rc4($val);
}
}
?>
|
|
From: Richard A. <ric...@us...> - 2001-09-04 00:21:22
|
Update of /cvsroot/phplib/php-lib/pages
In directory usw-pr-cvs1:/tmp/cvs-serv2438/pages
Added Files:
ct_cookie.php3 ct_cookie_logout.php3 ct_cookie_user.php3
Log Message:
Add ct_cookie.inc, a container class that stores data in cookies.
Also, a documentation page, sample pages using the class for both
sess and user and an ARC4 implementation for encryption.
The basis for this class was posted to the support mailing list by
Ing. Alejandro Vzquez C. <al...@in...> in August 2000.
--- NEW FILE: ct_cookie.php3 ---
<?php
// include("prepend.php3");
# We are using the following features on this page:
# sess for session variables
page_open(array("sess" => "Example_Cookie_Session"));
# s is a per session variable
if (!isset($s)) { $s=0; };
$sess->register("s");
# sess_value is also a per session variable
if (!isset($sess_value)) { $sess_value=0; };
$sess->register("sess_value");
?>
<html>
<body bgcolor="#ffffff">
<a href="<?php $sess->pself_url()?>">Reload</a> this page to see the counters increment.<br>
<a href="<?php $sess->purl("ct_cookie_user.php3")?>">Load</a> a more complex example (login as kris, password test).<br>
<a href="<?php $sess->purl("ct_cookie_logout.php3") ?>">Logout</a> and delete your authentication information.<br>
<p>
This is a simple example of an alternative storage container. In this case
the per session data and per user data is stored in client-side cookies.
No server-side storage is needed, but cookies *must* be enabled in the
user's browser. In practice this is not a very useful way of maintaining
state, but it is a nice example.
</p>
<?php
// Demonstration of per session data: We are incrementing a scalar, $s.
printf("<h1>Per Session Data: %s</h1>\n", ++$s);
?>
<p>
Per Session Data is referenced by session id. The session id is propagated
using a cookie stored in the users browser. The Per Session Data is stored
in other cookies by the user's browser.
</p>
<p>
Per Session Data is available only on pages using the feature
"sess" in their page_open() call.
</p>
<?php
if (isset($sess_action)) {
switch ($sess_action) {
case 'reset':
$sess_value = 0;
break;
case 'sub':
$sess_value--;
break;
case 'add':
$sess_value++;
break;
}
}
?>
<h1>Another Session variable: <?php echo $sess_value ?></h1>
<a href="<?php $sess->purl("$PHP_SELF?sess_action=add") ?>">Add</a><br>
<a href="<?php $sess->purl("$PHP_SELF?sess_action=sub") ?>">Subtract</a><br>
<a href="<?php $sess->purl("$PHP_SELF?sess_action=reset") ?>">Reset</a><br>
</body>
</html>
<?php
// Save data back to database.
page_close()
?>
<!-- $Id: ct_cookie.php3,v 1.1 2001/09/04 00:21:19 richardarcher Exp $ -->
--- NEW FILE: ct_cookie_logout.php3 ---
<?php
// include("prepend.php3");
# We are using the following features on this page:
# sess for session variables
# auth for user authentication (yes, you need to be logged in to log out :-)
page_open(array("sess" => "Example_Cookie_Session",
"auth" => "Example_Auth")
);
# s is a per session variable
if (!isset($s)) { $s=0; };
$sess->register("s");
# sess_value is also a per session variable
if (!isset($sess_value)) { $sess_value=0; };
$sess->register("sess_value");
?>
<html>
<body bgcolor="#ffffff">
<a href="<?php $sess->pself_url()?>">Reload</a> this page.<br>
<a href="<?php $sess->purl("ct_cookie.php3")?>">Return</a> to the simple example page.<br>
<a href="<?php $sess->purl("ct_cookie_user.php3")?>">Load</a> a more complex example (login as kris, password test).<br>
<a href="<?php $sess->purl("ct_cookie_logout.php3") ?>">Logout</a> and delete your authentication information.<br>
<p>
This is a simple example of an alternative storage container. In this case
the per session data and per user data is stored in client-side cookies.
No server-side storage is needed, but cookies *must* be enabled in the
user's browser. In practice this is not a very useful way of maintaining
state, but it is a nice example.
</p>
<h1>logout</h1>
You have been logged in as <b><?php print $auth->auth["uname"] ?></b> with
<b><?php print $auth->auth["perm"] ?></b> permission. Your authentication
was valid until <b><?php print date("d. M. Y, H:i:s", $auth->auth["exp"])
?></b>.<p>
<?php
$auth->logout();
?>
<p>
This is all over now. You have been logged out.
</p>
<p>
Per Session Data is still available -- it is just the current Auth
data that has been deleted. The Per User data still exists and will
be available next time the user logs in.
</p>
<?php
// Demonstration of per session data: We are incrementing a scalar, $s.
printf("<h1>Per Session Data: %s</h1>\n", ++$s);
?>
</body>
</html>
<?php
// Save data back to database.
page_close()
?>
<!-- $Id: ct_cookie_logout.php3,v 1.1 2001/09/04 00:21:19 richardarcher Exp $ -->
--- NEW FILE: ct_cookie_user.php3 ---
<?php
// include("prepend.php3");
# We are using the following features on this page:
# sess for session variables
# auth for login checks, also required for user variables
# perm for permission checks
# user for user variables
page_open(array("sess" => "Example_Cookie_Session",
"auth" => "Example_Auth",
"perm" => "Example_Perm",
"user" => "Example_Cookie_User")
);
# page access requires that the user is authenticated and has "admin" permission
$perm->check("admin");
# s is a per session variable
if (!isset($s)) { $s=0; };
$sess->register("s");
# sess_value is also a per session variable
if (!isset($sess_value)) { $sess_value=0; };
$sess->register("sess_value");
# u is a per user variable
if(!isset($u)) { $u=0; };
$user->register("u");
# user_value is also a per user variable
if (!isset($user_value)) { $user_value=0; };
$sess->register("user_value");
?>
<html>
<body bgcolor="#ffffff">
<a href="<?php $sess->pself_url()?>">Reload</a> this page to see the counters increment.<br>
<a href="<?php $sess->purl("ct_cookie.php3")?>">Return</a> to the simple example page.<br>
<a href="<?php $sess->purl("ct_cookie_logout.php3") ?>">Logout</a> and delete your authentication information.<br>
<p>
This is a simple example of an alternative storage container. In this case
the per session data and per user data is stored in client-side cookies.
No server-side storage is needed, but cookies *must* be enabled in the
user's browser. In practice this is not a very useful way of maintaining
state, but it is a nice example.
</p>
<?php
// Demonstration of per session data: We are incrementing a scalar, $s.
printf("<h1>Per Session Data: %s</h1>\n", ++$s);
?>
<p>
Per Session Data is referenced by session id. The session id is propagated
using a cookie stored in the users browser. The Per Session Data is stored
in other cookies by the user's browser.
</p>
<p>
Per Session Data is available only on pages using the feature
"sess" in their page_open() call.
</p>
<?php
if (isset($sess_action)) {
switch ($sess_action) {
case 'reset':
$sess_value = 0;
break;
case 'sub':
$sess_value--;
break;
case 'add':
$sess_value++;
break;
}
}
?>
<h1>Another Session variable: <?php echo $sess_value ?></h1>
<a href="<?php $sess->purl("$PHP_SELF?sess_action=add") ?>">Add</a><br>
<a href="<?php $sess->purl("$PHP_SELF?sess_action=sub") ?>">Subtract</a><br>
<a href="<?php $sess->purl("$PHP_SELF?sess_action=reset") ?>">Reset</a><br>
<?php
// Demonstration of per user data: We are incrementing a scalar, $u.
printf("<h1>Per User Data: %s</h1>\n", ++$u);
?>
<p>
Per User Data is referenced by user id. The user id is stored as a session
variable in each authenticated session. Once again, in this example the Per
User Data is being stored in cookies by the user's browser.
</p>
<p>
Per User Data is only available on authenticated pages (pages using the
feature "auth" in addition to the feature "sess"). It
is activated by using the feature "user".
</p>
<?php
if (isset($user_action)) {
switch ($user_action) {
case 'reset':
$user_value = 0;
break;
case 'sub':
$user_value--;
break;
case 'add':
$user_value++;
break;
}
}
?>
<h1>Another User variable: <?php echo $user_value ?></h1>
<a href="<?php $sess->purl("$PHP_SELF?user_action=add") ?>">Add</a><br>
<a href="<?php $sess->purl("$PHP_SELF?user_action=sub") ?>">Subtract</a><br>
<a href="<?php $sess->purl("$PHP_SELF?user_action=reset") ?>">Reset</a><br>
<h2>Some interesting variables</h2>
<?php
// Show how to access the session and the user id.
printf("Your session id is %s<br>\n", $sess->id);
printf("Your user id is %s<br>\n", $user->id);
printf("This should be the same as %s<br>\n", $auth->auth["uid"]);
printf("You have the permissions %s<br>\n", $auth->auth["perm"]);
?>
</body>
</html>
<?php
// Save data back to database.
page_close()
?>
<!-- $Id: ct_cookie_user.php3,v 1.1 2001/09/04 00:21:19 richardarcher Exp $ -->
|
|
From: Richard A. <ric...@us...> - 2001-09-04 00:21:22
|
Update of /cvsroot/phplib/php-lib/doc/sgml
In directory usw-pr-cvs1:/tmp/cvs-serv2438/doc/sgml
Modified Files:
documentation.sgml
Added Files:
03-ct_cookie.sgml
Log Message:
Add ct_cookie.inc, a container class that stores data in cookies.
Also, a documentation page, sample pages using the class for both
sess and user and an ARC4 implementation for encryption.
The basis for this class was posted to the support mailing list by
Ing. Alejandro Vzquez C. <al...@in...> in August 2000.
--- NEW FILE: 03-ct_cookie.sgml ---
<!-- $Id: 03-ct_cookie.sgml,v 1.1 2001/09/04 00:21:19 richardarcher Exp $ -->
<sect1>CT_Cookie
<p>
The <tt/Session/ class used to contain a bit of SQL to read and
write session data from and to a database. To make sessions
database independent, <tt/Session/ now makes all storage
accesses through a container class. To let <tt/Session/ use a
Browser Cookies as a container, you use <tt/CT_Cookie/.
<p>
This class saves session data in cookies. It does data compression
using <tt/gzcompress()/ and provides md5 validation so an evil user
cannot change the session data.
<p>
Another (optional) feature is data encryption. When enabled, the user
cannot see what is inside the cookie. Included is <tt/ct_cookie_rc4,/
a sample class that implements RC4 compatible encryption.
For best performance it would be best to use one of the crypt
libraries with a native PHP interface.
<p>
This container is designed for small apps that do not need to store
large amounts of data. By default, 7396 bytes of cookie data can be
stored (this includes the md5 hash and base64-encoded gzipped data).
Apache rejects any request whose headers are larger than 8190 bytes.
You can hack your Apache to increase this storage limit!
<p>
It is useful also for those with limited control over their server
environment. Pages that use ct_cookie.inc do not need any special
sql/db/file configuration.
<p>
NOTE: If you use <tt/CT_Cookie/ your session mode must be "cookie".
If sessions fall back to get mode the session data will be lost.
<p>
Also note that many people reject cookies while surfing. This makes
<tt/CT_Cookie/ somewhat unreliable, but it can be useful if you offer the
user a choice of storing their profile on the server or in a cookie.
Session cookies (<tt/$this->lifetime = 0/) may be accepted more often than
permanent cookies.
<sect2>Instance variables
<p>
<table>
<tabular ca="">
magic<colsep>A secret string used in md5 sum generation. Change it!<rowsep>
gzlevel = 0<colsep>The level of gzip compression. 0 = no compression, 1 = fast ->9 = smaller, -1 = default <tt/gzcompress()/ value<rowsep>
lifetime = 0<colsep>The lifetime of the cookies. 0 = session cookies.<rowsep>
cookie_max_length = 3968<colsep>Maximum size for every single cookie. The spec says it can be up to 4kb.<rowsep>
max_cookies = 2<colsep>Maximum allowed number of cookies. The spec says it can be up to 20. Maximum amount of data = 4kb*20 = 80kb! Note: Apache rejects any request whose headers are larger than 8190.<rowsep>
cookie_domain = ''<colsep>Domain for cookies.<rowsep>
enable_buffering = true<colsep>Set to false if you don't want to use ob_start()/ob_end_flush(), however you would need to call page_close() before any output is made otherwise PHP will not be able to send cookies. Requires PHP4 for output buffer support.<rowsep>
encrypt_class = false<colsep>Name of the class implementing a (de)ciphering algorithm. false = no encryption (plaintext).<rowsep>
encrypt_key = ""<colsep>Encryption key. Set to a random string.<rowsep>
last_md5 = false<colsep>Internal variable (to avoid setting the same cookie twice).<rowsep>
debug = false<colsep>Enables some debug output for troubleshooting<rowsep>
</tabular>
<caption>Accessible instance variables.</caption>
</table>
<sect2>Example
<p>
A working example of <tt/CT_Cookie/ is included in the <tt/pages/ directory.
See <tt/ct_cookie.inc/.
<sect2>CT_Cookie Encryption
<p>
CT_Cookie also includes the capability of encrypting the data contained in the cookie.
Included is a sample encryption class <tt/ct_cookie_rc4/.
<p>
This class provides an ciphering engine compatible with RC4.
To implement an alternative encoding you need to declare a class
with the following methods:
<table>
<tabular ca="">
function setupKey($key);<colsep>It should do everything that is needed to start encoding/decoding with the supplied key.<rowsep>
function encrypt($val);<colsep>It must encode the plaintext stored in $val, and return its ciphertext.<rowsep>
function decrypt($val);<colsep>It must decode the ciphertext stored in $val, and return its plaintext.<rowsep>
</tabular>
<caption>Accessible instance methods.</caption>
</table>
Index: documentation.sgml
===================================================================
RCS file: /cvsroot/phplib/php-lib/doc/sgml/documentation.sgml,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -d -r1.11 -r1.12
*** documentation.sgml 2000/02/24 23:33:02 1.11
--- documentation.sgml 2001/09/04 00:21:19 1.12
***************
*** 24,27 ****
--- 24,28 ----
<!ENTITY f03ctfile SYSTEM "03-ct_file.sgml">
<!ENTITY f03ctldap SYSTEM "03-ct_ldap.sgml">
+ <!ENTITY f03ctcookie SYSTEM "03-ct_cookie.sgml">
<!ENTITY f03session SYSTEM "03-session.sgml">
<!ENTITY f03auth SYSTEM "03-auth.sgml">
***************
*** 81,84 ****
--- 82,86 ----
&f03ctdbm;
&f03ctldap;
+ &f03ctcookie;
&f03session;
&f03auth;
|
|
From: Richard A. <ric...@us...> - 2001-09-04 00:21:22
|
Update of /cvsroot/phplib/php-lib
In directory usw-pr-cvs1:/tmp/cvs-serv2438
Modified Files:
CHANGES
Log Message:
Add ct_cookie.inc, a container class that stores data in cookies.
Also, a documentation page, sample pages using the class for both
sess and user and an ARC4 implementation for encryption.
The basis for this class was posted to the support mailing list by
Ing. Alejandro Vzquez C. <al...@in...> in August 2000.
Index: CHANGES
===================================================================
RCS file: /cvsroot/phplib/php-lib/CHANGES,v
retrieving revision 1.188
retrieving revision 1.189
diff -C2 -d -r1.188 -r1.189
*** CHANGES 2001/08/29 21:02:42 1.188
--- CHANGES 2001/09/04 00:21:19 1.189
***************
*** 1,4 ****
--- 1,11 ----
$Id$
+ 04-Sep-2001 richardarcher
+ - Add ct_cookie.inc, a container class that stores data in cookies.
+ - Also, a documentation page, sample pages using the class for both
+ sess and user and an ARC4 implementation for encryption.
+ The basis for this class was posted to the support mailing list by
+ Ing. Alejandro Vzquez C. <al...@in...> in August 2000.
+
29-Aug-2001 richardarcher
- Fixed possible cross-site scripting attack by making sess->url()
|
|
From: Guillaume D. <gde...@us...> - 2001-09-03 10:12:28
|
Update of /cvsroot/phplib/php-lib/php/db/mysql
In directory usw-pr-cvs1:/tmp/cvs-serv8855
Modified Files:
db_sql.inc
Log Message:
Add the function check_error() to "normalize" the code
Index: db_sql.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/db/mysql/db_sql.inc,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** db_sql.inc 2001/09/01 06:52:30 1.10
--- db_sql.inc 2001/09/03 10:12:25 1.11
***************
*** 116,122 ****
$this->Query_ID = @mysql_query($Query_String,$this->Link_ID);
$this->Row = 0;
! $this->Errno = mysql_errno();
! $this->Error = mysql_error();
!
if (!$this->Query_ID) {
$this->halt("Invalid SQL: ".$Query_String);
--- 116,120 ----
$this->Query_ID = @mysql_query($Query_String,$this->Link_ID);
$this->Row = 0;
! $this->check_error();
if (!$this->Query_ID) {
$this->halt("Invalid SQL: ".$Query_String);
***************
*** 136,141 ****
$this->Record = @mysql_fetch_array($this->Query_ID);
$this->Row += 1;
! $this->Errno = mysql_errno();
! $this->Error = mysql_error();
$stat = is_array($this->Record);
--- 134,138 ----
$this->Record = @mysql_fetch_array($this->Query_ID);
$this->Row += 1;
! $this->check_error();
$stat = is_array($this->Record);
***************
*** 409,412 ****
--- 406,414 ----
/* private: error handling */
+ function check_error() {
+ $this->Error = @mysql_error();
+ $this->Errno = @mysql_errno();
+ }
+
function halt($msg) {
$this->Error = @mysql_error($this->Link_ID);
|
|
From: Richard A. <ric...@us...> - 2001-09-01 07:09:44
|
Update of /cvsroot/phplib/php-lib/php
In directory usw-pr-cvs1:/tmp/cvs-serv24941
Modified Files:
local.inc local4.inc
Log Message:
Add ct_cookie.inc, a container class that stores data in cookies.
Also, a documentation page, sample pages using the class for both
sess and user and an ARC4 implementation for encryption.
The basis for this class was posted to the support mailing list by
Ing. Alejandro Vzquez C. <al...@in...> in August 2000.
Index: local.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/local.inc,v
retrieving revision 1.35
retrieving revision 1.36
diff -C2 -d -r1.35 -r1.36
*** local.inc 2001/08/29 12:36:42 1.35
--- local.inc 2001/09/01 07:09:42 1.36
***************
*** 29,33 ****
class Example_CT_Sql extends CT_Sql {
var $database_class = "DB_Example"; ## Which database to connect...
! var $database_table = "active_sessions"; ## and find our session data in this table.
}
--- 29,33 ----
class Example_CT_Sql extends CT_Sql {
var $database_class = "DB_Example"; ## Which database to connect...
! var $database_table = "active_sessions"; ## and find our session data in this table.
}
***************
*** 68,71 ****
--- 68,83 ----
#}
+ ## This class stores session data in cookies. You will also need to extend
+ ## the Session class so that the only acceptable $mode is "cookie".
+ ## A demo of this class is in pages/ct_cookie.php3
+ class Example_CT_Cookie extends CT_Cookie {
+ var $lifetime = 40;
+ var $gzlevel = 0; ## disable gzip compression in case the PHP
+ ## installation does not include zlib support
+ var $magic = "SomeString";
+ var $encrypt_class = "CT_Cookie_rc4"; ## enable encryption using rc4 class
+ var $encrypt_key = "AnotherString"; ## make this a strong key!!
+ }
+
class Example_Session extends Session {
var $classname = "Example_Session";
***************
*** 81,84 ****
--- 93,108 ----
}
+ ## This is an example Session class using the CT_Cookie container class.
+ class Example_Cookie_Session extends Session {
+ var $classname = "Example_Cookie_Session";
+
+ var $cookiename = "SessCookie"; ## defaults to classname
+ var $magic = "Hocuspocus"; ## ID seed
+ var $mode = "cookie"; ## *must* use cookie mode!
+ var $lifetime = 60; ## 0 = do session cookies, else minutes
+ var $that_class = "Example_CT_Cookie"; ## name of data storage container class
+ var $allowcache = "no";
+ }
+
class Example_User extends User {
var $classname = "Example_User";
***************
*** 86,89 ****
--- 110,123 ----
var $magic = "Abracadabra"; ## ID seed
var $that_class = "Example_CT_Sql"; ## name of data storage container class
+ }
+
+ ## This is an example User class using the CT_Cookie container class.
+ class Example_Cookie_User extends User {
+ var $classname = "Example_Cookie_User";
+
+ var $lifetime = 60;
+ var $magic = "Abracadabra"; ## ID seed
+ var $that_class = "Example_CT_Cookie"; ## name of data storage container class
+ var $cookiename = "UserCookie"; ## defaults to classname
}
Index: local4.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/local4.inc,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** local4.inc 2001/08/21 12:56:02 1.2
--- local4.inc 2001/09/01 07:09:42 1.3
***************
*** 68,71 ****
--- 68,83 ----
#}
+ ## This class stores session data in cookies. You will also need to extend
+ ## the Session class so that the only acceptable $mode is "cookie".
+ ## A demo of this class is in pages/ct_cookie.php3
+ class Example_CT_Cookie extends CT_Cookie {
+ var $lifetime = 40;
+ var $gzlevel = 0; ## disable gzip compression in case the PHP
+ ## installation does not include zlib support
+ var $magic = "SomeString";
+ var $encrypt_class = "CT_Cookie_rc4"; ## enable encryption using rc4 class
+ var $encrypt_key = "AnotherString"; ## make this a strong key!!
+ }
+
class Example_Session extends Session {
var $classname = "Example_Session";
***************
*** 86,93 ****
--- 98,127 ----
}
+ ## This is an example Session class using the CT_Cookie container class.
+ class Example_Cookie_Session extends Session {
+ var $classname = "Example_Cookie_Session";
+
+ var $cookiename = "SessCookie"; ## defaults to classname
+ var $magic = "Hocuspocus"; ## ID seed
+ var $mode = "cookie"; ## *must* use cookie mode!
+ var $lifetime = 60; ## 0 = do session cookies, else minutes
+ var $that_class = "Example_CT_Cookie"; ## name of data storage container class
+ var $allowcache = "no";
+ }
+
class Example_User extends User {
var $classname = "Example_User";
var $that_class = "Example_CT_Sql"; ## name of data storage container class
+ }
+
+ ## This is an example User class using the CT_Cookie container class.
+ class Example_Cookie_User extends User {
+ var $classname = "Example_Cookie_User";
+
+ var $lifetime = 60;
+ var $magic = "Abracadabra"; ## ID seed
+ var $that_class = "Example_CT_Cookie"; ## name of data storage container class
+ var $cookiename = "UserCookie"; ## defaults to classname
}
|
