From c90c7bfb5d72d327e6fe8fb3a85d852ec1ee94a4 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 3 Mar 2015 19:01:30 +0100 Subject: Third Commit --- inc/image.inc.php | 14 ++++++++++++ inc/session.inc.php | 62 +++++++++++++++++++++++++++++++++++++++-------------- inc/user.inc.php | 38 ++++++++++++++++++++++++++++---- inc/util.inc.php | 4 ++-- 4 files changed, 96 insertions(+), 22 deletions(-) create mode 100644 inc/image.inc.php (limited to 'inc') diff --git a/inc/image.inc.php b/inc/image.inc.php new file mode 100644 index 0000000..2c0ec74 --- /dev/null +++ b/inc/image.inc.php @@ -0,0 +1,14 @@ + $userid)); + } + +} + diff --git a/inc/session.inc.php b/inc/session.inc.php index b9adfcb..6718006 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -4,8 +4,8 @@ class Session { private static $sid = false; - private static $uid = false; private static $data = false; + private static $needUpdate = true; private static function generateSessionId() { @@ -26,7 +26,6 @@ class Session public static function create() { self::generateSessionId(); - self::$uid = 0; self::$data = array(); } @@ -38,20 +37,19 @@ class Session if (self::readSessionData()) return true; // Loading session data failed self::delete(); + return false; } public static function getUid() { - return self::$uid; + return self::get('uid'); } public static function setUid($value) { - if (self::$uid === false) - Util::traceError('Tried to set session data with no active session'); if (!is_numeric($value) || $value < 1) Util::traceError('Invalid user id: ' . $value); - self::$uid = $value; + self::set('uid', (int)$value); } public static function get($key) @@ -61,6 +59,16 @@ class Session return false; } + public static function set($key, $value) + { + if (!is_array(self::$data)) + Util::traceError('Tried to set session data with no active session'); + if (isset(self::$data[$key]) && self::$data[$key] === $value) + return; + self::$data[$key] = $value; + self::$needUpdate = true; + } + private static function loadSessionId() { if (self::$sid !== false) @@ -73,27 +81,49 @@ class Session self::$sid = $id; return true; } - + public static function delete() { if (self::$sid === false) return; Database::exec('DELETE FROM websession WHERE sid = :sid', array('sid' => self::$sid)); @setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); self::$sid = false; - self::$uid = false; + self::$data = false; } - + public static function save() { - if (self::$sid === false || self::$uid === false || self::$uid === 0) + if (self::$sid === false || self::$data === false || !self::$needUpdate) return; - $ret = Database::exec('INSERT INTO websession (sid, userid, dateline) ' - . ' VALUES (:sid, :uid, UNIX_TIMESTAMP()) ' - . ' ON DUPLICATE KEY UPDATE userid = VALUES(userid), dateline = VALUES(dateline)', - array('sid' => self::$sid, 'uid' => self::$uid)); - if (!$ret) Util::traceError('Storing session data in dahdähbank failed.'); + $data = json_encode(self::$data); + $ret = Database::exec('INSERT INTO websession (sid, dateline, data) ' + . ' VALUES (:sid, UNIX_TIMESTAMP(), :data) ' + . ' ON DUPLICATE KEY UPDATE dateline = VALUES(dateline), data = VALUES(data)', + array('sid' => self::$sid, 'data' => $data)); + if ($ret === false) + Util::traceError('Storing session data in Dahdähbank failed.'); $ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); - if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)'); + if ($ret === false) + Util::traceError('Error: Could not set Cookie for Client (headers already sent)'); } + + public static function readSessionData() + { + if (self::$sid === false || self::$data !== false) + Util::traceError('Tried to readSessionData on an active session!'); + $data = Database::queryFirst('SELECT dateline, data FROM websession WHERE sid = :sid LIMIT 1', array('sid' => self::$sid)); + if ($data === false) + return false; + if ($data['dateline'] + CONFIG_SESSION_TIMEOUT < time()) { + self::delete(); + return false; + } + self::$needUpdate = ($data['dateline'] + 3600 < time()); + self::$data = @json_decode($data['data'], true); + if (!is_array(self::$data)) + self::$data = array(); + return true; + } + } diff --git a/inc/user.inc.php b/inc/user.inc.php index f023ae7..496857e 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -7,6 +7,7 @@ class User private static $organization = NULL; private static $isShib = false; private static $isInDb = false; + private static $isAnonymous = false; public static function isLoggedIn() { @@ -28,11 +29,23 @@ class User return self::$user !== false && self::$isShib === false; } + public static function isAnonymous() + { + return self::$isAnonymous; + } + public static function getData() { return self::$user; } + public static function getId() + { + if (!isset(self::$user['userid'])) + return false; + return (int)self::$user['userid']; + } + public static function getName() { if (!self::isLoggedIn()) @@ -97,7 +110,7 @@ class User { if (self::isLoggedIn()) return true; - Session::load(); + $hasSession = Session::load(); if (empty($_SERVER['persistent-id'])) { if (Session::getUid() === false) return false; @@ -106,6 +119,11 @@ class User return self::$user !== false; } // Try bwIDM etc. + if (!$hasSession) { + Session::create(); + Session::set('token', md5(mt_rand() . $_SERVER['REMOTE_ADDR'] . microtime(true) . $_SERVER['persistent-id'] . mt_rand())); + Session::save(); + } self::$isShib = true; if (!isset($_SERVER['sn'])) $_SERVER['sn'] = ''; if (!isset($_SERVER['givenName'])) $_SERVER['givenName'] = ''; @@ -133,9 +151,14 @@ class User // No match in database, user is not signed up return true; } + if (Session::getUid() === false) { + Session::setUid($user['userid']); + Session::save(); + } // Already signed up, see if we can fetch missing fields from DB self::$user['login'] = $user['login']; self::$isInDb = true; + self::$isAnonymous = (empty($user['firstname']) && empty($user['lastname'])); foreach (array('firstname', 'lastname', 'email') as $key) { if (empty(self::$user[$key])) self::$user[$key] = $user[$key]; @@ -149,13 +172,15 @@ class User Util::traceError('NO SHIBID'); if ($anonymous) { Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " - . " VALUES (:shibid, :shibid, :org, '', '', '')", array( + . " VALUES (:shibid, :shibid, :org, '', '', '') " + . " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = ''", array( 'shibid' => self::$user['shibid'], 'org' => self::getOrganizationId() )); } else { Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " - . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email)", array( + . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email) " + . " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email)", array( 'shibid' => self::$user['shibid'], 'firstname' => self::$user['firstname'], 'lastname' => self::$user['lastname'], @@ -181,8 +206,13 @@ class User public static function logout() { + foreach ($_COOKIE as $name => $value) { + if (substr($name, 0, 5) !== '_shib') + continue; + @setcookie($name, '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + } Session::delete(); - Header('Location: ?do=Main&fromlogout'); + Header('Location: ?do=Logout&noredirect=yes'); exit(0); } diff --git a/inc/util.inc.php b/inc/util.inc.php index 4378a08..aaf46c6 100644 --- a/inc/util.inc.php +++ b/inc/util.inc.php @@ -95,11 +95,11 @@ SADFACE; */ public static function verifyToken() { - if (Session::get('token') === false) + if (Session::get('token') === false && Session::getUid() === false) return true; if (isset($_REQUEST['token']) && Session::get('token') === $_REQUEST['token']) return true; - Message::addError('token'); + Message::addError('Fehlerhaftes Token!'); return false; } -- cgit v1.2.3-55-g7522