From 155cf6aeea9ba7ecbc39face6442d3ce1b03ad8e Mon Sep 17 00:00:00 2001 From: Nils Schwabe Date: Wed, 4 Jun 2014 14:27:03 +0200 Subject: Add webinterface with functionallity --- management-interface/lib/session.php | 180 +++++++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) create mode 100644 management-interface/lib/session.php (limited to 'management-interface/lib/session.php') diff --git a/management-interface/lib/session.php b/management-interface/lib/session.php new file mode 100644 index 0000000..fcc45fc --- /dev/null +++ b/management-interface/lib/session.php @@ -0,0 +1,180 @@ +sid) + $this->sid=$id; + return Cache::instance()->exists($id.'.@',$data)?$data['data']:FALSE; + } + + /** + * Write session data + * @return TRUE + * @param $id string + * @param $data string + **/ + function write($id,$data) { + $fw=Base::instance(); + $sent=headers_sent(); + $headers=$fw->get('HEADERS'); + $csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'. + $fw->hash(mt_rand()); + $jar=$fw->get('JAR'); + if ($id!=$this->sid) + $this->sid=$id; + Cache::instance()->set($id.'.@', + array( + 'data'=>$data, + 'csrf'=>$sent?$this->csrf():$csrf, + 'ip'=>$fw->get('IP'), + 'agent'=>isset($headers['User-Agent'])? + $headers['User-Agent']:'', + 'stamp'=>time() + ), + $jar['expire']?($jar['expire']-time()):0 + ); + return TRUE; + } + + /** + * Destroy session + * @return TRUE + * @param $id string + **/ + function destroy($id) { + Cache::instance()->clear($id.'.@'); + setcookie(session_name(),'',strtotime('-1 year')); + unset($_COOKIE[session_name()]); + header_remove('Set-Cookie'); + return TRUE; + } + + /** + * Garbage collector + * @return TRUE + * @param $max int + **/ + function cleanup($max) { + Cache::instance()->reset('.@',$max); + return TRUE; + } + + /** + * Return anti-CSRF token + * @return string|FALSE + **/ + function csrf() { + return Cache::instance()-> + exists(($this->sid?:session_id()).'.@',$data)? + $data['csrf']:FALSE; + } + + /** + * Return IP address + * @return string|FALSE + **/ + function ip() { + return Cache::instance()-> + exists(($this->sid?:session_id()).'.@',$data)? + $data['ip']:FALSE; + } + + /** + * Return Unix timestamp + * @return string|FALSE + **/ + function stamp() { + return Cache::instance()-> + exists(($this->sid?:session_id()).'.@',$data)? + $data['stamp']:FALSE; + } + + /** + * Return HTTP user agent + * @return string|FALSE + **/ + function agent() { + return Cache::instance()-> + exists(($this->sid?:session_id()).'.@',$data)? + $data['agent']:FALSE; + } + + /** + * Instantiate class + * @return object + **/ + function __construct() { + session_set_save_handler( + array($this,'open'), + array($this,'close'), + array($this,'read'), + array($this,'write'), + array($this,'destroy'), + array($this,'cleanup') + ); + register_shutdown_function('session_commit'); + @session_start(); + $fw=\Base::instance(); + $headers=$fw->get('HEADERS'); + if (($ip=$this->ip()) && $ip!=$fw->get('IP') || + ($agent=$this->agent()) && + (!isset($headers['User-Agent']) || + $agent!=$headers['User-Agent'])) { + session_destroy(); + \Base::instance()->error(403); + } + $csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'. + $fw->hash(mt_rand()); + $jar=$fw->get('JAR'); + if (Cache::instance()->exists(($this->sid=session_id()).'.@',$data)) { + $data['csrf']=$csrf; + Cache::instance()->set($this->sid.'.@', + $data, + $jar['expire']?($jar['expire']-time()):0 + ); + } + } + +} -- cgit v1.2.3-55-g7522