Location: PHPKode > projects > chillyCMS > chillyCMS/core/session.class.php
<?php
//#################################################################################################
//	Class Session
//#################################################################################################
//	chillyCMS - Content Management System
//	Copyright (C) 2008
//	Stefanie Wiegand <hide@address.com> & Johannes Cox <hide@address.com>
//	
//	This program is licensed under the GPL 3.0 license. For more information see LICENSE.txt.
//#################################################################################################
defined('DOIT') or die('Restricted access');

require_once(PATH."/core/user.class.php");

class Session {
	//Class variables//////////////////////////////////////////////////////////////////////////
	private $sid;			//Session ID	
	private $logintime;		//Time of last login
	private $user;			//Owner of this session
	private $fingerprint;		//fingerprint of the user
	public $valid;			//Bool
	//Functions////////////////////////////////////////////////////////////////////////////////
	//Constructor
	public function __construct($name,$pw,$location="backend") {
		global $settings,$page;

		$error=true;
		//first check user fingerprint
		$newfingerprint=md5($_SERVER["HTTP_USER_AGENT"].substr(CMSFOLDER,1)."chillyCMS");
		if (isset($_SESSION["fingerprint"])) { $newsession=false; } else { $newsession=true; }
		if ((isset($_SESSION["fingerprint"]) && ($_SESSION["fingerprint"]==$newfingerprint)) or $newsession) {
			$this->fingerprint=$newfingerprint;
			//If user is created successfully...
			$this->user = new User($name,$pw);
			//...and has permission to log in
			$reason = $this->user->get_permission($pw);
			if ($reason=="ok") {
				//after validation hide password hash
				$this->user->pw=false;
				//Try to read data from an existing session
				if ($newsession) {
					session_regenerate_id();
				}
				$this->sid=session_id();
				$this->valid = true;
				//get logintime from session or make new logintime
				if (isset($_SESSION["logintime"])) {
					$this->logintime = $_SESSION["logintime"]; 
				} else {
					$this->logintime = time(); 
				}
				//Check if the timeout is reached
				$diff=time()-$this->logintime;
				if ($diff > $settings["session_ltime"]) {
					$reason="timeout";
					$error=true;
				} else {
					//Set actual time
					$this->set_logintime(time());
					$this->set_session();
					$error=false;
				}
			}
		}
		if ($error) {
			destroy_existing_session();
			if ($location=="frontend") {
				header("Location: ".URL."/index.php?action=logout&reason=$reason&user=$name");
				die();
			} else {
				header("Location: ".URL."/admin/login.site.php?action=logout&reason=$reason&user=$name");
				die();
			}
		}
	}
	//Getter
	public function __get($name) {
		if (isset($name, $this->$name)) { return $this->$name; }
		else { return false; }
	}
	public function set_logintime($newtime) { $this->logintime = $_SESSION["logintime"] = $newtime; }
	public function set_session() {
		$_SESSION["sid"] = $this->sid;
		$_SESSION["logintime"] = $this->logintime;
		$_SESSION["user"] = $this->user;
		$_SESSION["valid"] = $this->valid;
		$_SESSION["fingerprint"] = $this->fingerprint;
	}
}

//Check if a session is valid
function verify_session(&$session) {
	global $sendto;
	//Check if the user logged in is still valid, if not logout
	if (!$session->valid) {
		destroy_existing_session();
	}		
}
function destroy_existing_session() {
	if (!headers_sent() && empty($_SESSION)) {
		session_start();
	}
	session_regenerate_id();
	unset ($_SESSION);
	session_destroy();
	session_unset();
	session_commit();
}
?>
PHPKode Newsletter X is easy to install and configure on the most servers. Try now!
Return current item: chillyCMS