session.php

Go to the documentation of this file.
00001 <?php
00049 class Session {
00050     private $enabled;       
00051     private $id_area;       
00052     private $svprefix;      
00063     function __construct() {
00064         global $cfg;
00065         $this->id_area = $cfg->getAreaId();
00066         $this->svprefix = $cfg->getConfig("SVPREFIX");
00067 
00068         session_start();
00069 
00070         $this->enabled = (isset($_COOKIE[session_name()]));
00071         if (!$this->enabled) { return; }                        // unsupported cookies
00072 
00073         /* garbage collection: remove all expired sessions from table `sessions` */
00074         mysql_query("DELETE FROM sessions WHERE (id_area = " . $this->id_area . ") " .
00075                     "AND (date_lastused < " . (time() - $cfg->getConfig("SESSION_LIFETIME") * 60) . ")");
00076 
00077         /* all sessions in table `sessions` are now supposed to be active */
00078         /* check session consistency */
00079         $res = mysql_query("SELECT remote_ip FROM sessions " .
00080                            "WHERE (" . $this->id_area . ") ".
00081                            "AND (id = '" . session_id() . "')");
00082         if (mysql_num_rows($res) > 0) {
00083             $line = mysql_fetch_assoc($res);
00084             if ($line['remote_ip'] == $_SERVER['REMOTE_ADDR']) {        // TODO also check cookie? and how?
00085                 mysql_query("UPDATE sessions SET date_lastused = " . time() .
00086                             " WHERE (id_area = " . $this->id_area . ") " .
00087                             "AND (id = '" . session_id() . "')");
00088             } else {    // not the original IP!
00089                 if (session_regenerate_id()) {  // ok: create a new one!
00090                     $this->registerSession();
00091                 } else {
00092                     return;
00093                 }
00094             }
00095         } else {    // create a new session
00096             session_unset();
00097             $_SESSION = array();
00098             $this->registerSession();
00099         }
00100         mysql_free_result($res);
00101     }
00102 
00106     private function registerSession() {
00107         mysql_query("INSERT INTO sessions (id, id_area, remote_ip, date_lastused, id_user) " .
00108                     "VALUES ('" . session_id() . "', " . $this->id_area . ", '" . $_SERVER['REMOTE_ADDR'] . "', " . time() . ", 0)");
00109     }
00110 
00116     public function setUseridInSession($uid) {
00117         mysql_query("UPDATE sessions SET id_user = " . $uid .
00118                     " WHERE (id_area = " . $this->id_area . ") " .
00119                     "AND (id = '" . session_id() . "')");
00120     }
00121 
00128     public function setValue($varname, $value) {
00129         if ($this->enabled) {
00130             $_SESSION[$this->svprefix . $varname] = $value;
00131         }
00132     }
00133 
00140     function getValue($varname) {
00141         if ($this->enabled && isset($_SESSION[$this->svprefix . $varname])) {
00142             return $_SESSION[$this->svprefix . $varname];
00143         }
00144     }
00145 
00151     function destroy() {
00152         if ($this->enabled) {
00153             /* calling session_destroy() modifies session id, so do the following one before all */
00154             mysql_query("DELETE FROM sessions WHERE id = '" . session_id() . "'");  // no need to filter by area id: more secure
00155 
00156             $_SESSION = array();    // better than unset()
00157 
00158             if (isset($_COOKIE[session_name()])) {
00159                 setcookie(session_name(), "", time() - 86400, "/");
00160             }
00161 
00162             session_destroy();
00163         }
00164     }
00165 }
00166 ?>
Generated on Fri Feb 22 11:19:48 2008 for CMSkey by  doxygen 1.5.3