blob: a16c6b640b27da8b274eb3bb5d58fa4e95f11457 [file] [log] [blame]
<?php
/*******************************************************************************
* Copyright (c) 2007 Eclipse Foundation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Paul Colton (Aptana)- initial API and implementation
* Eclipse Foundation
*******************************************************************************/
class Session {
public $_id = '';
public $_userid = '';
public $_gid = '';
public $_subnet = '';
public $_updated_at = '';
function validate() {
$cookie = (isset($_COOKIE[COOKIE_REMEMBER]) ? $_COOKIE[COOKIE_REMEMBER] : "");
$rValue = 0;
if ($cookie != "") {
if ( (!$this->load($cookie))
|| $this->getSubnet() != $this->_subnet) {
# Failed - no such session, or session no match. Need to relogin
setcookie(COOKIE_REMEMBER, "", -36000, "/");
}
else {
# Update the session updated_at
$this->touch();
$this->maintenance();
$rValue = 1;
}
}
return $rValue;
}
function load($_gid) {
$rValue = false;
global $dbh;
$_gid = sqlSanitize($_gid, $dbh);
$sql = "SELECT id, userid, gid, subnet, updated_at FROM sessions WHERE gid = " . returnQuotedString($_gid);
$result = mysqli_query($dbh, $sql);
if($result && mysqli_num_rows($result) > 0) {
$rValue = true;
$myrow = mysqli_fetch_assoc($result);
$this->_id = $myrow['id'];
$this->_userid = $myrow['userid'];
$this->_gid = $myrow['gid'];
$this->_subnet = $myrow['subnet'];
$this->updated_at = $myrow['updated_at'];
}
else {
$GLOBALS['g_ERRSTRS'][1] = mysqli_error($dbh);
}
return $rValue;
}
function touch() {
global $dbh;
$_gid = sqlSanitize($this->_gid, $dbh);
$sql = "UPDATE sessions SET updated_at = NOW() WHERE gid = " . returnQuotedString($_gid);
mysqli_query($dbh, $sql);
}
function destroy() {
$cookie = (isset($_COOKIE[COOKIE_REMEMBER]) ? $_COOKIE[COOKIE_REMEMBER] : "");
if($cookie != "" && $this->load($cookie)) {
global $dbh;
$sql = "DELETE FROM sessions WHERE userid = " . $this->_userid;
mysqli_query($dbh, $sql);
}
setcookie(COOKIE_REMEMBER, "", -36000, "/");
session_destroy();
}
function create($_userid, $_remember) {
global $dbh;
$this->_userid = sqlSanitize($_userid, $dbh);
$this->_gid = $this->guidNbr();
$this->_subnet = $this->getSubnet();
$this->_updated_at = getCURDATE();
$sql = "INSERT INTO sessions (
id,
userid,
gid,
subnet,
updated_at) VALUES (
NULL,
" . $this->_userid . ",
" . returnQuotedString($this->_gid) . ",
" . returnQuotedString($this->_subnet) . ",
NOW())";
mysqli_query($dbh, $sql);
$cookieTime = 0;
if($_remember) {
$cookieTime = time()+3600*24*365;
}
setcookie(COOKIE_REMEMBER, $this->_gid, $cookieTime, "/");
$this->maintenance();
}
function maintenance() {
# Delete sessions older than 14 days
# and sessions where the same subnet,user has different gids
global $dbh;
$sql = "DELETE FROM sessions
WHERE updated_at < DATE_SUB(NOW(), INTERVAL 14 DAY)
OR (userid = " . $this->_userid . "
AND subnet = " . returnQuotedString($this->getSubnet()) . "
AND gid <> " . returnQuotedString($this->_gid) . ")";
mysqli_query($dbh, $sql);
}
function getSubnet() {
# return class-c subnet
return substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], ".")) . ".0";
}
function guidNbr() {
return md5(uniqid(rand(),true));
}
}
?>