summaryrefslogblamecommitdiffstats
path: root/inc/session.inc.php
blob: d83de0880899114255e4c4b58406020076244700 (plain) (tree)
1
2
3
4
5
6
7
8
9
10



                           
             
 

                                     

                                            
                                                      
        
                                                               
         
                                         
                                                                                                          

                                             


                                                 
                                           
                                                     
                                           



                                           
 
                                                                                    
         
                                               







                                                                                                  
                                                   
         
 
                                           

                                                     

                                           
                                                                                      

                                            
                                              
                                   
                             
         
 





                                               
         

                                                                              
                                            
         
 




                                                                                 
                                                                           
         
                                          
                                                                                                     


                                                 
                                                                                                                    
                 
                                          

         
                                                     
         
                                         
                                                                                                      

                                           
                                                                          

                                     





                                       



                                                                      
                                     


                                    


                                             
                                         
         
 
                                                       
         
                                          
                                                                                          

                                                                                                                           
                              






                                                                                    

                                                                                                                           




                                                               


                                                                                            
                                                          

                         

                            







                                                                                                           
                                                                                                                          

                                                        
                                               

                   

                                                
         
                              



                                                                          


                                                                 












                                                                     




                                                                                          
         
 
 
<?php

require_once('config.php');

class Session
{
	private static $sid = false;
	private static $data = false;
	private static $dataChanged = false;
	private static $userId = 0;
	private static $updateSessionDateline = false;
	
	private static function generateSessionId(string $salt)
	{
		if (self::$sid !== false)
			ErrorHandler::traceError('Error: Asked to generate session id when already set.');
		self::$sid = sha1($salt . ','
			. mt_rand(0, 65535)
			. $_SERVER['REMOTE_ADDR']
			. mt_rand(0, 65535)
			. $_SERVER['REMOTE_PORT']
			. mt_rand(0, 65535)
			. $_SERVER['HTTP_USER_AGENT']
			. mt_rand(0, 65535)
			. microtime(true)
			. mt_rand(0, 65535)
		);
	}

	public static function create(string $salt, int $userId, bool $fixedAddress)
	{
		self::generateSessionId($salt);
		self::$data = [];
		self::$userId = $userId;
		Database::exec("INSERT INTO session (sid, userid, dateline, lastip, fixedip, data)
				VALUES (:sid, :userid, 0, '', :fixedip, '')", [
					'sid' => self::$sid,
					'userid' => $userId,
					'fixedip' => $fixedAddress ? 1 : 0,
		]);
		self::setupSessionAccounting(true);
	}

	public static function load(): bool
	{
		// Try to load session id from cookie
		if (!self::loadSessionId())
			return false;
		// Succeeded, now try to load session data. If successful, job is done
		if (self::readSessionData())
			return true;
		// Loading session data failed
		self::$sid = false;
		return false;
	}

	public static function getUserId(): int
	{
		return self::$userId;
	}

	public static function get(string $key)
	{
		if (!isset(self::$data[$key]) || !is_array(self::$data[$key]))
			return false;
		return self::$data[$key][0];
	}

	/**
	 * @param string $key key of entry
	 * @param mixed $value data to store for key, false = delete
	 * @param int|false $validMinutes validity in minutes, or false = forever
	 */
	public static function set(string $key, $value, $validMinutes = 60)
	{
		if (self::$data === false)
			ErrorHandler::traceError('Tried to set session data with no active session');
		if ($value === false) {
			unset(self::$data[$key]);
		} else {
			self::$data[$key] = [$value, $validMinutes === false ? false : time() + $validMinutes * 60];
		}
		self::$dataChanged = true;
	}
	
	private static function loadSessionId(): bool
	{
		if (self::$sid !== false)
			ErrorHandler::traceError('Error: Asked to load session id when already set.');
		if (empty($_COOKIE['sid']))
			return false;
		$id = preg_replace('/[^a-zA-Z0-9]/', '', $_COOKIE['sid']);
		if (empty($id))
			return false;
		self::$sid = $id;
		return true;
	}
	
	public static function delete()
	{
		if (self::$sid === false)
			return;
		Database::exec("DELETE FROM session WHERE sid = :sid",
			['sid' => self::$sid]);
		self::deleteCookie();
		self::$sid = false;
		self::$data = false;
	}

	public static function deleteCookie()
	{
		Util::clearCookie('sid');
	}

	private static function readSessionData(): bool
	{
		if (self::$data !== false)
			ErrorHandler::traceError('Tried to call read session data twice');
		$row = Database::queryFirst("SELECT userid, dateline, lastip, fixedip, data FROM session WHERE sid = :sid",
			['sid' => self::$sid]);
		$now = time();
		if ($row === false || $row['dateline'] < $now) {
			self::delete();
			return false;
		}
		if ($row['fixedip'] && $row['lastip'] !== $_SERVER['REMOTE_ADDR']) {
			return false; // Ignore but don't invalidate
		}
		// Refresh cookie if appropriate
		self::setupSessionAccounting(Request::isGet() && $row['dateline'] + 86400 < $now + CONFIG_SESSION_TIMEOUT);
		self::$userId = $row['userid'];
		self::$data = @json_decode($row['data'], true);
		if (!is_array(self::$data)) {
			self::$data = [];
		}
		foreach (array_keys(self::$data) as $key) {
			if (self::$data[$key][1] !== false && self::$data[$key][1] < $now) {
				unset(self::$data[$key]);
				self::$dataChanged = true;
			}
		}
		return true;
	}

	private static function setupSessionAccounting(bool $cookie)
	{
		if ($cookie) {
			self::$updateSessionDateline = true;
			$ret = setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT,
				null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
			if (!$ret)
				ErrorHandler::traceError('Error: Could not set Cookie for Client (headers already sent)');
		}
		register_shutdown_function(function () {
			self::saveOnShutdown();
		});
	}

	private static function saveOnShutdown()
	{
		$now = time();
		$args = ['lastip' => $_SERVER['REMOTE_ADDR']];
		if (self::$updateSessionDateline) {
			$args['dateline'] = $now + CONFIG_SESSION_TIMEOUT;
		}
		if (self::$dataChanged) {
			$args['data'] = json_encode(self::$data);
		}
		self::saveData($args);
	}

	public static function saveExtraData()
	{
		if (!self::$dataChanged)
			return;
		self::saveData(['data' => json_encode(self::$data)]);
		self::$dataChanged = false;
	}

	private static function saveData(array $args)
	{
		$query = "UPDATE session SET " . implode(', ', array_map(function ($key) {
				return "$key = :$key";
			}, array_keys($args))) . " WHERE sid = :sid";
		$args['sid'] = self::$sid;
		Database::exec($query, $args);
	}

}