blob: a16c6b640b27da8b274eb3bb5d58fa4e95f11457 [file] [log] [blame]
droyfd2bab22007-11-27 21:08:43 +00001<?php
2/*******************************************************************************
3 * Copyright (c) 2007 Eclipse Foundation and others.
4 * All rights reserved. This program and the accompanying materials
5 * are made available under the terms of the Eclipse Public License v1.0
6 * which accompanies this distribution, and is available at
7 * http://www.eclipse.org/legal/epl-v10.html
8 *
9 * Contributors:
10 * Paul Colton (Aptana)- initial API and implementation
11 * Eclipse Foundation
12*******************************************************************************/
13
14class Session {
15 public $_id = '';
16 public $_userid = '';
droy2d5fd192007-11-28 14:42:45 +000017 public $_gid = '';
droyfd2bab22007-11-27 21:08:43 +000018 public $_subnet = '';
19 public $_updated_at = '';
20
21 function validate() {
droy2c4e5502007-11-28 15:37:26 +000022 $cookie = (isset($_COOKIE[COOKIE_REMEMBER]) ? $_COOKIE[COOKIE_REMEMBER] : "");
23 $rValue = 0;
24 if ($cookie != "") {
25 if ( (!$this->load($cookie))
26 || $this->getSubnet() != $this->_subnet) {
27 # Failed - no such session, or session no match. Need to relogin
28 setcookie(COOKIE_REMEMBER, "", -36000, "/");
29 }
30 else {
31 # Update the session updated_at
32 $this->touch();
33 $this->maintenance();
34 $rValue = 1;
35 }
36 }
37 return $rValue;
droyfd2bab22007-11-27 21:08:43 +000038 }
droy2d5fd192007-11-28 14:42:45 +000039
40 function load($_gid) {
41 $rValue = false;
atoulme3e5e9342009-01-23 17:34:30 +000042 global $dbh;
43 $_gid = sqlSanitize($_gid, $dbh);
droy2d5fd192007-11-28 14:42:45 +000044
atoulme3e5e9342009-01-23 17:34:30 +000045 $sql = "SELECT id, userid, gid, subnet, updated_at FROM sessions WHERE gid = " . returnQuotedString($_gid);
droy2d5fd192007-11-28 14:42:45 +000046
kitlo2c8d8a92018-04-19 13:25:09 -040047 $result = mysqli_query($dbh, $sql);
kitlo1d027092018-04-19 17:44:07 -040048 if($result && mysqli_num_rows($result) > 0) {
droy2d5fd192007-11-28 14:42:45 +000049 $rValue = true;
kitlo1d027092018-04-19 17:44:07 -040050 $myrow = mysqli_fetch_assoc($result);
droy2d5fd192007-11-28 14:42:45 +000051 $this->_id = $myrow['id'];
52 $this->_userid = $myrow['userid'];
53 $this->_gid = $myrow['gid'];
54 $this->_subnet = $myrow['subnet'];
55 $this->updated_at = $myrow['updated_at'];
56 }
57 else {
kitloa59efea2018-05-11 12:40:40 -040058 $GLOBALS['g_ERRSTRS'][1] = mysqli_error($dbh);
droy2d5fd192007-11-28 14:42:45 +000059 }
60
61 return $rValue;
62 }
63
64 function touch() {
atoulme3e5e9342009-01-23 17:34:30 +000065 global $dbh;
66 $_gid = sqlSanitize($this->_gid, $dbh);
droy2d5fd192007-11-28 14:42:45 +000067
atoulme3e5e9342009-01-23 17:34:30 +000068 $sql = "UPDATE sessions SET updated_at = NOW() WHERE gid = " . returnQuotedString($_gid);
droy2d5fd192007-11-28 14:42:45 +000069
kitlo2c8d8a92018-04-19 13:25:09 -040070 mysqli_query($dbh, $sql);
droy2d5fd192007-11-28 14:42:45 +000071 }
droyfd2bab22007-11-27 21:08:43 +000072
73 function destroy() {
droyb93e4a22007-11-28 16:08:51 +000074 $cookie = (isset($_COOKIE[COOKIE_REMEMBER]) ? $_COOKIE[COOKIE_REMEMBER] : "");
75 if($cookie != "" && $this->load($cookie)) {
atoulme3e5e9342009-01-23 17:34:30 +000076 global $dbh;
droyb93e4a22007-11-28 16:08:51 +000077 $sql = "DELETE FROM sessions WHERE userid = " . $this->_userid;
kitlo2c8d8a92018-04-19 13:25:09 -040078 mysqli_query($dbh, $sql);
droyb93e4a22007-11-28 16:08:51 +000079 }
80 setcookie(COOKIE_REMEMBER, "", -36000, "/");
81 session_destroy();
droyfd2bab22007-11-27 21:08:43 +000082 }
83
84 function create($_userid, $_remember) {
atoulme3e5e9342009-01-23 17:34:30 +000085 global $dbh;
86 $this->_userid = sqlSanitize($_userid, $dbh);
droyfd2bab22007-11-27 21:08:43 +000087 $this->_gid = $this->guidNbr();
88 $this->_subnet = $this->getSubnet();
atoulme3e5e9342009-01-23 17:34:30 +000089 $this->_updated_at = getCURDATE();
droyfd2bab22007-11-27 21:08:43 +000090
91 $sql = "INSERT INTO sessions (
92 id,
93 userid,
94 gid,
95 subnet,
96 updated_at) VALUES (
97 NULL,
98 " . $this->_userid . ",
atoulme3e5e9342009-01-23 17:34:30 +000099 " . returnQuotedString($this->_gid) . ",
100 " . returnQuotedString($this->_subnet) . ",
droyfd2bab22007-11-27 21:08:43 +0000101 NOW())";
kitlo2c8d8a92018-04-19 13:25:09 -0400102 mysqli_query($dbh, $sql);
droyfd2bab22007-11-27 21:08:43 +0000103 $cookieTime = 0;
104 if($_remember) {
105 $cookieTime = time()+3600*24*365;
106 }
107 setcookie(COOKIE_REMEMBER, $this->_gid, $cookieTime, "/");
108
109 $this->maintenance();
110 }
111
112 function maintenance() {
113 # Delete sessions older than 14 days
droyb93e4a22007-11-28 16:08:51 +0000114 # and sessions where the same subnet,user has different gids
atoulme3e5e9342009-01-23 17:34:30 +0000115 global $dbh;
droyb93e4a22007-11-28 16:08:51 +0000116 $sql = "DELETE FROM sessions
117 WHERE updated_at < DATE_SUB(NOW(), INTERVAL 14 DAY)
118 OR (userid = " . $this->_userid . "
atoulme3e5e9342009-01-23 17:34:30 +0000119 AND subnet = " . returnQuotedString($this->getSubnet()) . "
120 AND gid <> " . returnQuotedString($this->_gid) . ")";
kitlo2c8d8a92018-04-19 13:25:09 -0400121 mysqli_query($dbh, $sql);
droyfd2bab22007-11-27 21:08:43 +0000122 }
123
124 function getSubnet() {
125 # return class-c subnet
126 return substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], ".")) . ".0";
127 }
128
129 function guidNbr() {
130 return md5(uniqid(rand(),true));
131 }
132}
133?>