From ab23338fe9f1b3ed21455867f1c032d7b146ceb8 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 2 Mar 2015 16:51:04 +0100
Subject: Initial Commit

---
 inc/session.inc.php | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)
 create mode 100644 inc/session.inc.php

(limited to 'inc/session.inc.php')

diff --git a/inc/session.inc.php b/inc/session.inc.php
new file mode 100644
index 0000000..b9adfcb
--- /dev/null
+++ b/inc/session.inc.php
@@ -0,0 +1,99 @@
+<?php
+
+
+class Session
+{
+	private static $sid = false;
+	private static $uid = false;
+	private static $data = false;
+	
+	private static function generateSessionId()
+	{
+		if (self::$sid !== false) Util::traceError('Error: Asked to generate session id when already set.');
+		self::$sid = sha1(
+			mt_rand(0, 65535)
+			. $_SERVER['REMOTE_ADDR']
+			. mt_rand(0, 65535)
+			. $_SERVER['REMOTE_PORT']
+			. mt_rand(0, 65535)
+			. $_SERVER['HTTP_USER_AGENT']
+			. mt_rand(0, 65535)
+			. microtime(true)
+			. mt_rand(0, 65535)
+		);
+	}
+
+	public static function create()
+	{
+		self::generateSessionId();
+		self::$uid = 0;
+		self::$data = array();
+	}
+
+	public static function load()
+	{
+		// Try to load session id from cookie
+		if (!self::loadSessionId()) return false;
+		// Succeded, now try to load session data. If successful, job is done
+		if (self::readSessionData()) return true;
+		// Loading session data failed
+		self::delete();
+	}
+
+	public static function getUid()
+	{
+		return self::$uid;
+	}
+
+	public static function setUid($value)
+	{
+		if (self::$uid === false)
+			Util::traceError('Tried to set session data with no active session');
+		if (!is_numeric($value) || $value < 1)
+			Util::traceError('Invalid user id: ' . $value);
+		self::$uid = $value;
+	}
+
+	public static function get($key)
+	{
+		if (isset(self::$data[$key]))
+			return self::$data[$key];
+		return false;
+	}
+
+	private static function loadSessionId()
+	{
+		if (self::$sid !== false)
+			die('Error: Asked to load session id when already set.');
+		if (empty($_COOKIE['sid']))
+			return false;
+		$id = preg_replace('/[^a-zA-Z0-9]/', '', $_COOKIE['sid']);
+		if (empty($id))
+			return false;
+		self::$sid = $id;
+		return true;
+	}
+	
+	public static function delete()
+	{
+		if (self::$sid === false) return;
+		Database::exec('DELETE FROM websession WHERE sid = :sid', array('sid' => self::$sid));
+		@setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+		self::$sid = false;
+		self::$uid = false;
+	}
+	
+	public static function save()
+	{
+		if (self::$sid === false || self::$uid === false || self::$uid === 0)
+			return;
+		$ret = Database::exec('INSERT INTO websession (sid, userid, dateline) '
+			. ' VALUES (:sid, :uid, UNIX_TIMESTAMP()) '
+			. ' ON DUPLICATE KEY UPDATE userid = VALUES(userid), dateline = VALUES(dateline)',
+			array('sid' => self::$sid, 'uid' => self::$uid));
+		if (!$ret) Util::traceError('Storing session data  in dahdähbank failed.');
+		$ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+		if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
+	}
+}
+
-- 
cgit v1.2.3-55-g7522