Thread: [phpMP-CVS] CVS: phpMP/core sessions.php,NONE,1.1 main.php,1.11,1.12 user.php,1.3,1.4 session.php,1.
Status: Pre-Alpha
Brought to you by:
heimidal
Menu
▾
▴
phpmp-commits
|
From: Brian R. <hei...@us...> - 2003-09-22 09:53:06
|
Update of /cvsroot/phpmp/phpMP/core
In directory sc8-pr-cvs1:/tmp/cvs-serv16164/core
Modified Files:
main.php user.php
Added Files:
sessions.php
Removed Files:
session.php
Log Message:
Drastic rewrite of session.php (now sessions.php). We'll see how it goes.
--- NEW FILE: sessions.php ---
<?php
/*
* phpMP - The PHP Modular Portal System
* Copyright (C) 2002-2003 Brian Rose and the phpMP group
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id: sessions.php,v 1.1 2003/09/22 09:52:28 heimidal Exp $
*
*/
class Session
{
var $_started = false;
var $_logged_in = false;
var $_session_exists = false;
var $_sess_key = false;
function sess_start($create=true)
{
if(!$this->_started)
{
if( isset($_POST['login_user']) && isset($_POST['login_password']) )
{
$this->_sess_do_login($_POST['login_user'], $_POST['login_password'], $_POST['login_auto'], $POST['login_invisible']);
}
$this->_started = true;
}
if($create)
{
$this->sess_create();
}
}
function sess_create()
{
global $DB, $Portal, $SID;
if(!$this->_started)
{
//In the future, die with a trigger_error.
die('Sessions must be started explicitly.');
}
$time = time();
$exp_time = $time + $Portal->cfg_get('session_length');
$ip = $this->_sess_ip_encoded();
$session_exists = false;
if(!$this->_logged_in)
{
////////////////////////////////////////////
// The following code tests for
// a valid cookie that may or may not
// exist.
//
// If a session is found, we will
// continue to use it. If none is found,
// we will go ahead and create one.
////////////////////////////////////////////
if($_COOKIE[$Portal->cfg_get('cookie_name') . '_data'])
{
$cookie_data = $_COOKIE[$Portal->cfg_get('cookie_name') . '_data'];
$cookie_array = explode(':', urldecode($cookie_data) );
if( ( !empty($cookie_array[0]) ) && ( strlen($cookie_array[1]) == 32 ) )
{
$user_id = $cookie_array[0];
$this->_sess_key = $cookie_array[1];
}
}
elseif(!empty($_GET['sid']))
{
$this->_sess_key = $_GET['sid'];
}
if( !$user_id )
{
if( !empty( $_COOKIE[$Portal->cfg_get('cookie_name') . '_auto'] ) )
{
$cookie_data = $_COOKIE[$Portal->cfg_get('cookie_name') . '_auto'];
$cookie_array = explode(':', urldecode($cookie_data) );
$sql = "SELECT * FROM " . DB_USERS_TABLE . "
WHERE user_id=" . $cookie_array[0] . "
AND password='" . $cookie_array[1] . "'";
$result = $DB->sql_query($sql);
if($DB->sql_num_rows($result))
{
$this->_data = $DB->sql_fetch_row($result);
$this->_data['invisible_mode'] = $cookie_array[2];
$user_id = $cookie_array[0];
$this->_logged_in = true;
}
else
{
setcookie($Portal->cfg_get('cookie_name') . '_auto', '', time() - 31536000, $Portal->cfg_get('cookie_path'), $Portal->cfg_get('cookie_domain'), $Portal->cfg_get('cookie_secure'));
$user_id = ANONYMOUS;
$this->_logged_in = false;
}
}
else
{
$user_id = ANONYMOUS;
$this->_logged_in = false;
}
}
}
else
{
$user_id = $this->_data['user_id'];
}
////////////////////////////////////////////
// If we have reached this point,
// the $user_id variable has been set.
// Either the user has logged in or
// they have a user_id of ANONYMOUS.
////////////////////////////////////////////
if(empty($this->_sess_key))
{
$this->_sess_key = md5( uniqid (microtime(), 1) );
$sql = "INSERT INTO " . DB_SESSIONS_TABLE . "
(session_key, session_user_id, session_start_time, session_exp_time, session_ip)
VALUES('" . $this->_sess_key . "', " . $user_id . ", " . $time . ", " . $exp_time . ", '" . $ip . "')";
$result = $DB->sql_query($sql);
$this->_data['session_key'] = $this->_sess_key;
$this->_data['session_user_id'] = $user_id;
$this->_data['session_start_time'] = $exp_time;
$this->_data['session_ip'] = $ip;
}
else
{
$sql = "SELECT * FROM " . DB_USERS_TABLE . " u, " . DB_SESSIONS_TABLE . " s
WHERE s.session_key='" . $this->_sess_key . "'
AND s.session_exp_time>" . $time . "
AND s.session_user_id=u.user_id
LIMIT 1";
$result = $DB->sql_query($sql);
if($DB->sql_num_rows($result))
{
$this->_data = $DB->sql_fetch_row($result);
($user_id == ANONYMOUS) ? ($this->_logged_in = false) : ($this->_logged_in = true);
}
else
{
// Trigger invalid session error.
die('Invalid session. Please try again.');
}
}
////////////////////////////////////////////////////////
// The next if() statement is a bit confusing.
// If the session will expire in less than 1/3
// of the session_length, we'll update it.
//
// EXAMPLES
// session_length=30, time to expire is 7 minutes.
// This session would be updated.
//
// session_length=30, time to expire is 11 minutes.
// This session would not be updated.
////////////////////////////////////////////////////////
if( ($this->_data['session_exp_time'] - $time) < ($Portal->cfg_get('session_length') * .33333) )
{
$sql = "UPDATE " . DB_SESSIONS_TABLE . " SET
session_exp_time=" . $exp_time . " WHERE
session_key=" . $this->_sess_key;
$result = $DB->sql_query($sql);
}
$cookie_data = urlencode( $this->user_id . ':' . $this->_sess_key );
(setcookie($Portal->cfg_get('cookie_name') . '_data', $cookie_data, $cur_time + $Portal->cfg_get('session_length'), $Portal->cfg_get('cookie_path'), $Portal->cfg_get('cookie_domain'), $Portal->cfg_get('cookie_secure'))) ? ($SID = "?sid=") : ($SID = "?sid=" . $this->_sess_key);
$this->clean();
}
function _sess_do_login($username, $password, $autologin=0, $invisible_mode=0)
{
global $DB, $Portal;
$username = addslashes($username);
$enc_password = md5($password);
$sql = "SELECT * FROM " . DB_USERS_TABLE . "
WHERE user_name='$username' AND password='$enc_password'";
$result = $DB->sql_query($sql);
if($DB->sql_num_rows($result))
{
$this->_data = $DB->sql_fetch_row($result); // _data is a variable that exists in the User class.
$this->_logged_in = true;
$user_id = $this->_data['user_id'];
$this->_data['invisible_mode'] = $invisible_mode;
if($autologin)
{
$cookie_data = urlencode( $user_id . ':' . $passwd_enc . ':' . $invisible_mode );
setcookie($Portal->cfg_get('cookie_name') . '_auto', $cookie_data, time() + 31536000, $Portal->cfg_get('cookie_path'), $Portal->cfg_get('cookie_domain'), $Portal->cfg_get('cookie_secure'));
}
}
else
{
// Trigger error concerning invalid username/password.
// The following is temporary.
die('Your username/password are incorrect.');
}
}
/**
* @return void
* @desc Fetches the user's IP in hex-encoded form.
* Taken from phpBB2.
*/
function _sess_ip_encoded()
{
$this->ip = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
{
if (preg_match('#^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)#', $_SERVER['HTTP_X_FORWARDED_FOR'], $ip_list))
{
$private_ip = array('#^0\.#', '#^127\.0\.0\.1#', '#^192\.168\.#', '#^172\.16\.#', '#^10\.#', '#^224\.#', '#^240\.#');
$this->ip = preg_replace($private_ip, $this->ip, $ip_list[1]);
}
}
}
/**
* @return string
* @param encoded_ip string
* @desc Decodes a hexed IP.
* Taken from phpBB2.
*/
function _sess_decode_ip($encoded_ip)
{
$hexipbang = explode('.', chunk_split($encoded_ip, 2, '.'));
return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
}
function sess_clean($all = false)
{
global $DB, $SID;
// 1:10 chance of session cleanup. This may later become a setting.
$rand = rand(0,10);
if(($rand <= 1) || $all)
{
$sql = "DELETE FROM " . DB_SESSIONS_TABLE . " WHERE session_exp_time<" . time();
$DB->sql_query($sql);
}
}
}
?>
Index: main.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/core/main.php,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** main.php 15 Sep 2003 07:26:06 -0000 1.11
--- main.php 22 Sep 2003 09:52:28 -0000 1.12
***************
*** 99,109 ****
include_once(C_PHPMP_ROOT . CORE_DIR . 'functions.php');
include_once(C_PHPMP_ROOT . CORE_DIR . 'user.php');
$User = new User(); // Create an instance of User.
//create_vars();
-
- include_once(C_PHPMP_ROOT . CORE_DIR . 'session.php');
- $Session = new Session();
$Session->start();
--- 99,109 ----
include_once(C_PHPMP_ROOT . CORE_DIR . 'functions.php');
+ include_once(C_PHPMP_ROOT . CORE_DIR . 'sessions.php');
include_once(C_PHPMP_ROOT . CORE_DIR . 'user.php');
$User = new User(); // Create an instance of User.
+
+ $User->sess_start();
//create_vars();
$Session->start();
Index: user.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/core/user.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -r1.3 -r1.4
*** user.php 15 Sep 2003 06:40:24 -0000 1.3
--- user.php 22 Sep 2003 09:52:28 -0000 1.4
***************
*** 23,27 ****
*/
! class User
{
--- 23,27 ----
*/
! class User extends Session
{
***************
*** 75,108 ****
}
- /**
- * @return void
- * @desc Fetches the user's IP in hex-encoded form.
- * Taken from phpBB2.
- */
- function get_ip_encoded()
- {
- $this->ip = $_SERVER['REMOTE_ADDR'];
-
- if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
- {
- if (preg_match('#^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)#', $_SERVER['HTTP_X_FORWARDED_FOR'], $ip_list))
- {
- $private_ip = array('#^0\.#', '#^127\.0\.0\.1#', '#^192\.168\.#', '#^172\.16\.#', '#^10\.#', '#^224\.#', '#^240\.#');
- $this->ip = preg_replace($private_ip, $this->ip, $ip_list[1]);
- }
- }
- }
-
- /**
- * @return string
- * @param encoded_ip string
- * @desc Decodes a hexed IP.
- * Taken from phpBB2.
- */
- function decode_ip($encoded_ip)
- {
- $hexipbang = explode('.', chunk_split($encoded_ip, 2, '.'));
- return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
- }
}
--- 75,78 ----
--- session.php DELETED ---
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X