summaryrefslogtreecommitdiffstats
path: root/inc/session.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/session.inc.php')
-rw-r--r--inc/session.inc.php99
1 files changed, 99 insertions, 0 deletions
diff --git a/inc/session.inc.php b/inc/session.inc.php
new file mode 100644
index 0000000..b9adfcb
--- /dev/null
+++ b/inc/session.inc.php
@@ -0,0 +1,99 @@
+<?php
+
+
+class Session
+{
+ private static $sid = false;
+ private static $uid = false;
+ private static $data = false;
+
+ private static function generateSessionId()
+ {
+ if (self::$sid !== false) Util::traceError('Error: Asked to generate session id when already set.');
+ self::$sid = sha1(
+ mt_rand(0, 65535)
+ . $_SERVER['REMOTE_ADDR']
+ . mt_rand(0, 65535)
+ . $_SERVER['REMOTE_PORT']
+ . mt_rand(0, 65535)
+ . $_SERVER['HTTP_USER_AGENT']
+ . mt_rand(0, 65535)
+ . microtime(true)
+ . mt_rand(0, 65535)
+ );
+ }
+
+ public static function create()
+ {
+ self::generateSessionId();
+ self::$uid = 0;
+ self::$data = array();
+ }
+
+ public static function load()
+ {
+ // Try to load session id from cookie
+ if (!self::loadSessionId()) return false;
+ // Succeded, now try to load session data. If successful, job is done
+ if (self::readSessionData()) return true;
+ // Loading session data failed
+ self::delete();
+ }
+
+ public static function getUid()
+ {
+ return self::$uid;
+ }
+
+ public static function setUid($value)
+ {
+ if (self::$uid === false)
+ Util::traceError('Tried to set session data with no active session');
+ if (!is_numeric($value) || $value < 1)
+ Util::traceError('Invalid user id: ' . $value);
+ self::$uid = $value;
+ }
+
+ public static function get($key)
+ {
+ if (isset(self::$data[$key]))
+ return self::$data[$key];
+ return false;
+ }
+
+ private static function loadSessionId()
+ {
+ if (self::$sid !== false)
+ die('Error: Asked to load session id when already set.');
+ if (empty($_COOKIE['sid']))
+ return false;
+ $id = preg_replace('/[^a-zA-Z0-9]/', '', $_COOKIE['sid']);
+ if (empty($id))
+ return false;
+ self::$sid = $id;
+ return true;
+ }
+
+ public static function delete()
+ {
+ if (self::$sid === false) return;
+ Database::exec('DELETE FROM websession WHERE sid = :sid', array('sid' => self::$sid));
+ @setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+ self::$sid = false;
+ self::$uid = false;
+ }
+
+ public static function save()
+ {
+ if (self::$sid === false || self::$uid === false || self::$uid === 0)
+ return;
+ $ret = Database::exec('INSERT INTO websession (sid, userid, dateline) '
+ . ' VALUES (:sid, :uid, UNIX_TIMESTAMP()) '
+ . ' ON DUPLICATE KEY UPDATE userid = VALUES(userid), dateline = VALUES(dateline)',
+ array('sid' => self::$sid, 'uid' => self::$uid));
+ if (!$ret) Util::traceError('Storing session data in dahdähbank failed.');
+ $ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+ if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
+ }
+}
+