diff options
Diffstat (limited to 'inc/session.inc.php')
| -rw-r--r-- | inc/session.inc.php | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/inc/session.inc.php b/inc/session.inc.php new file mode 100644 index 0000000..b9adfcb --- /dev/null +++ b/inc/session.inc.php @@ -0,0 +1,99 @@ +<?php + + +class Session +{ + private static $sid = false; + private static $uid = false; + private static $data = false; + + private static function generateSessionId() + { + if (self::$sid !== false) Util::traceError('Error: Asked to generate session id when already set.'); + self::$sid = sha1( + mt_rand(0, 65535) + . $_SERVER['REMOTE_ADDR'] + . mt_rand(0, 65535) + . $_SERVER['REMOTE_PORT'] + . mt_rand(0, 65535) + . $_SERVER['HTTP_USER_AGENT'] + . mt_rand(0, 65535) + . microtime(true) + . mt_rand(0, 65535) + ); + } + + public static function create() + { + self::generateSessionId(); + self::$uid = 0; + self::$data = array(); + } + + public static function load() + { + // Try to load session id from cookie + if (!self::loadSessionId()) return false; + // Succeded, now try to load session data. If successful, job is done + if (self::readSessionData()) return true; + // Loading session data failed + self::delete(); + } + + public static function getUid() + { + return self::$uid; + } + + public static function setUid($value) + { + if (self::$uid === false) + Util::traceError('Tried to set session data with no active session'); + if (!is_numeric($value) || $value < 1) + Util::traceError('Invalid user id: ' . $value); + self::$uid = $value; + } + + public static function get($key) + { + if (isset(self::$data[$key])) + return self::$data[$key]; + return false; + } + + private static function loadSessionId() + { + if (self::$sid !== false) + die('Error: Asked to load session id when already set.'); + if (empty($_COOKIE['sid'])) + return false; + $id = preg_replace('/[^a-zA-Z0-9]/', '', $_COOKIE['sid']); + if (empty($id)) + return false; + self::$sid = $id; + return true; + } + + public static function delete() + { + if (self::$sid === false) return; + Database::exec('DELETE FROM websession WHERE sid = :sid', array('sid' => self::$sid)); + @setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + self::$sid = false; + self::$uid = false; + } + + public static function save() + { + if (self::$sid === false || self::$uid === false || self::$uid === 0) + return; + $ret = Database::exec('INSERT INTO websession (sid, userid, dateline) ' + . ' VALUES (:sid, :uid, UNIX_TIMESTAMP()) ' + . ' ON DUPLICATE KEY UPDATE userid = VALUES(userid), dateline = VALUES(dateline)', + array('sid' => self::$sid, 'uid' => self::$uid)); + if (!$ret) Util::traceError('Storing session data in dahdähbank failed.'); + $ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)'); + } +} + |