inc/session.inc.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

<?php


class Session
{
	private static $sid = false;
	private static $uid = false;
	private static $data = false;
	
	private static function generateSessionId()
	{
		if (self::$sid !== false) Util::traceError('Error: Asked to generate session id when already set.');
		self::$sid = sha1(
			mt_rand(0, 65535)
			. $_SERVER['REMOTE_ADDR']
			. mt_rand(0, 65535)
			. $_SERVER['REMOTE_PORT']
			. mt_rand(0, 65535)
			. $_SERVER['HTTP_USER_AGENT']
			. mt_rand(0, 65535)
			. microtime(true)
			. mt_rand(0, 65535)
		);
	}

	public static function create()
	{
		self::generateSessionId();
		self::$uid = 0;
		self::$data = array();
	}

	public static function load()
	{
		// Try to load session id from cookie
		if (!self::loadSessionId()) return false;
		// Succeded, now try to load session data. If successful, job is done
		if (self::readSessionData()) return true;
		// Loading session data failed
		self::delete();
	}

	public static function getUid()
	{
		return self::$uid;
	}

	public static function setUid($value)
	{
		if (self::$uid === false)
			Util::traceError('Tried to set session data with no active session');
		if (!is_numeric($value) || $value < 1)
			Util::traceError('Invalid user id: ' . $value);
		self::$uid = $value;
	}

	public static function get($key)
	{
		if (isset(self::$data[$key]))
			return self::$data[$key];
		return false;
	}

	private static function loadSessionId()
	{
		if (self::$sid !== false)
			die('Error: Asked to load session id when already set.');
		if (empty($_COOKIE['sid']))
			return false;
		$id = preg_replace('/[^a-zA-Z0-9]/', '', $_COOKIE['sid']);
		if (empty($id))
			return false;
		self::$sid = $id;
		return true;
	}
	
	public static function delete()
	{
		if (self::$sid === false) return;
		Database::exec('DELETE FROM websession WHERE sid = :sid', array('sid' => self::$sid));
		@setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
		self::$sid = false;
		self::$uid = false;
	}
	
	public static function save()
	{
		if (self::$sid === false || self::$uid === false || self::$uid === 0)
			return;
		$ret = Database::exec('INSERT INTO websession (sid, userid, dateline) '
			. ' VALUES (:sid, :uid, UNIX_TIMESTAMP()) '
			. ' ON DUPLICATE KEY UPDATE userid = VALUES(userid), dateline = VALUES(dateline)',
			array('sid' => self::$sid, 'uid' => self::$uid));
		if (!$ret) Util::traceError('Storing session data  in dahdähbank failed.');
		$ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
		if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
	}
}