<?php
/**************************************************************************
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
@Authors: Ryan Thompson(hide@address.com)
***************************************************************************/
class session
{
var $session_id;
/*!
@function verify_session()
@author Ryan Thompson
@abstract Checks to see if cookie information matches a currently valid session
@version 0.2
@params $session_id - Unique ID to compare with database.
@return TRUE/FALSE
@since 18-11-2003
*/
function verify_session($session_id)
{
//Get session from database
//echo $session_id;
if($session_data = $this->get_db_session($session_id))
{
if($this->is_expired($session_data['expires']))
{
return FALSE;
} else {
return TRUE;
}
} else {
return FALSE;
}
}
/*!
@function get_db_session()
@author Ryan Thompson
@abstract Retrieves matching session if from database
@version 0.2
@params $session_id - Unique ID to compare with database.
@return $session_data
@since 18-11-2003
*/
function get_db_session($session_id)
{
GLOBAL $O, $db; //DB is coming
if(empty($session_id))
{
//echo "Error Retrieving session information";
return FALSE;
} else {
$sql = "SELECT session_id, user_id, expires FROM o_sessions WHERE session_id='$session_id'";
$db->query($sql);
if($db->num_rows > 0)
{
$db->fetch_results();
return $session_data = $db->record;
} else {
return FALSE;
}
}
}
/*!
@function is_expired()
@author Ryan Thompson
@abstract Checks to see if session Expired
@version 0.2
@params $expiry_date - Date set in database for session to expire
@return TRUE/FALSE
@since 18-11-2003
*/
function is_expired($expiry_date)
{
if($expiry_date < time() && $expiry_date != 0)
{
return TRUE;
} else {
return FALSE;
}
}
/*
@Function: valid()
@Date: 29-March-2003
@Author: Ryan Thompson
@Description: Looks for valid session
@Variables:
*/
function valid()
{
GLOBAL $O, $db;
if(isset($_COOKIE['o_session']))
{
//To prevent O from crash if a session is missing from the database
//We have to check if the database still has session
$sql = "SELECT session_id FROM o_sessions WHERE session_id='{$_COOKIE['o_session']}'";
$db->query($sql);
if($db->num_rows == 0 && !isset($_POST['login']))
{
return FALSE;
} else {
return TRUE;
}
} else {
return FALSE;
}
}
/*
@Function: registered_users()
@Date: 20-Nov-2002
@Author: Ryan Thompson
@Description: Depricated function
@Variables:
*/ function get_session_id()
{
GLOBAL $O;
if(isset($_GET['o_session']))
{
return FALSE;
} elseif(isset($_POST['o_session']))
{
return FALSE;
} elseif(isset($_COOKIE['o_session']))
{
$this->o_session = $_COOKIE['o_session'];
return $this->o_session;
} else {
return FALSE;
}
}
/*
@Function: create_session()
@Date: 25-March-2003
@Author: Ryan Thompson
@Description: Creates a user session
@Variables:
*/
function create_session($user_id)
{
GLOBAL $O, $db, $security;
$sql = "SELECT preference, value FROM o_preferences WHERE user_id='". $user_id ."' AND service='gl'";
$db->query($sql);
while($db->fetch_results())
{
$pref_setting = $db->record['preference'];
$prefs[$db->record['preference']] = $db->record['value'];
}
$this->scheme = $prefs['scheme'];
$now = date('U');
$uid = $security->unique_id();
if($db->record['persistent'] == 'FALSE')
{
$expires = 0;
} else {
$expires = time() + $prefs['cookie_expiry'];
}
if($this->set_cookie($uid, $user_id))
{
$sql = "INSERT INTO o_sessions (session_id, user_id, scheme, login_date, expires)
VALUES ('$uid','$user_id','{$this->scheme}','". time() ."', '$expires')";
$db->query($sql);
$db->db_error;
}
return TRUE;
}
/*!
@function set_cookie()
@author Ryan Thompson
@abstract Set cookie on user machine based on OS and expiry time (Needs to be broken up)
@version 0.2
@params $uid - Unique Session ID
@return TRUE/FALSE
@since 25-03-2003
*/
function set_cookie($uid, $user_id)
{
GLOBAL $O, $db;
//$O->error->debug('session');
$sql = "SELECT value FROM o_preferences WHERE user_id='{$user_id}' AND preference='cookie_expiry'";
$db->query($sql);
$db->fetch_results();
$cookie_expire = $db->record['value'];
$sql = "SELECT value FROM o_preferences WHERE user_id='{$user_id}' AND preference='persistent'";
$db->query($sql);
$db->fetch_results();
if($O->server_os == 'WINNT')
{
if($db->record['value'] == 'TRUE')
{
if(setcookie('o_session', $uid))
{
return TRUE;
} else {
return FALSE;
}
} else {
$expire = time() + $cookie_expire;
if(setcookie('o_session', $uid, $expire, $O->uri))
{
return TRUE;
} else {
return FALSE;
}
}
} else {
if($db->record['value'] == 'FALSE')
{
if(setcookie('o_session', $uid))
{
return TRUE;
} else {
return FALSE;
}
} else {
$expire = time() + $cookie_expire;
if(setcookie('o_session', $uid, $expire))
{
return TRUE;
} else {
return FALSE;
}
}
}
}
/*!
@function drop_session()
@author Ryan Thompson
@abstract Removes session from Database
@version 0.2
@return TRUE
*/
function drop_session()
{
GLOBAL $O, $db, $user;
$sql = "DELETE FROM o_sessions WHERE session_id='{$_COOKIE['o_session']}' AND user_id='{$user->user_id}'";
$db->query($sql);
$now = time();
$sql = "UPDATE o_tracker SET logout='$now' WHERE user_id='{$user->user_id}'";
$db->query($sql);
//Linux won't unset a cookie if the URI is there. Unknow reaction in Windows
//$uri = '/';
$this->drop_cookie();
return TRUE;
}
/*!
@function drop_cookie()
@author Ryan Thompson
@abstract Removes cookies if user logs out or no matching session in DB
@version 0.2
@return
@since 20-11-2003
*/
function drop_cookie()
{
GLOBAL $O;
if($O->server_os == "WINNT")
{
setCookie('o_session','', time()-3600, $uri);
} else {
setCookie('o_session', NULL, time()-3600, '/');
}
return;
}
function load_session()
{
GLOBAL $O, $db, $user, $layout;
$this->session_id = $_COOKIE['o_session'];
//
$sql = "SELECT user_id FROM o_sessions WHERE session_id='". $this->session_id ."'";
$db->query($sql);
$db->fetch_results();
$user->user_id = $db->record['user_id'];
if(empty($user->user_id))
{
return FALSE;
}
$sql = "SELECT username, firstname, lastname FROM o_users WHERE user_id='". $user->user_id ."'";
$db->query($sql);
$db->fetch_results();
$user->name['first'] = $db->record['firstname'];
$user->name['last'] = $db->record['lastname'];
$user->username = $db->record['username'];
$sql = "SELECT o_themes.directory FROM o_themes
LEFT JOIN o_preferences ON o_preferences.value=o_themes.theme_id
WHERE o_preferences.preference='theme' AND o_preferences.user_id='". $user->user_id ."'";
$db->query($sql);
$db->fetch_results();
$layout->theme = $db->record['directory'];
//$sql = "SELECT language FROM o_user_locale WHERE user_id='". $O->user->user_id ."'";
//Gotta move this to language class
$sql = "SELECT value FROM o_preferences WHERE preference='language'";
$db->query($sql);
$db->fetch_results();
$user->language = $db->record['language'];
return $this->session_id;
}
}
?>