diff --git a/account.php b/account.php index 06bd898..eada1b5 100644 --- a/account.php +++ b/account.php @@ -50,7 +50,7 @@ function do_account($cmd = null) exit; case "logout": - apidb_session_destroy(); + $GLOBALS['session']->destroy(); addmsg("You are successfully logged out.", "green"); redirect(apidb_fullurl("index.php")); exit; diff --git a/include/incl.php b/include/incl.php index 458c4a2..94d0eb1 100644 --- a/include/incl.php +++ b/include/incl.php @@ -18,10 +18,6 @@ require(BASE."include/"."html.php"); $sidebar_func_list = array(); $help_list = array(); -// start session ... -apidb_session_start(); - - function apidb_help_add($desc, $id) { global $help_list; @@ -239,4 +235,15 @@ define("STANDARD_NOTIFY_FOOTER","------- You are receiving this mail because: -- "You are an maintainer of this app or an appdb administrator\n". "to change your preferences go to: ".APPDB_ROOT."preferences.php\n"); +/* + * Start DB Connection + */ +opendb(); + +/* + * Init Session (stores user info and cart info in session) + */ +$session = new session("whq_appdb"); +$session->register("current"); + ?> diff --git a/include/session.php b/include/session.php index 81e6236..86ad2be 100644 --- a/include/session.php +++ b/include/session.php @@ -1,104 +1,103 @@ connect(); -} - - -function apidb_session_destroy() -{ - session_destroy(); -} - - - -/** - * session handler functions +/* + * session.php - session handler functions * sessions are stored in a mysql table */ -function _session_open($save_path, $session_name) -{ - opendb(); - //mysql_query("CREATE TABLE IF NOT EXISTS session_list (session_id varchar(64) not null, ". - // "userid int, ip varchar(64), data text, messages text, stamp timestamp, primary key(session_id))"); - return true; -} -function _session_close() +class session { - return true; -} + // create session object + function session ($name) + { + // set name for this session + $this->name = $name; -function _session_read($key) -{ - global $msg_buffer; + // define options for sessions + ini_set('session.name', $this->name); + ini_set('session.use_cookies', true); + ini_set('session.use_only_cookies', true); - opendb(); - $result = mysql_query("SELECT data, messages FROM session_list WHERE session_id = '$key'"); + // setup session object + session_set_save_handler( + array(&$this, "_open"), + array(&$this, "_close"), + array(&$this, "_read"), + array(&$this, "_write"), + array(&$this, "_destroy"), + array(&$this, "_gc") + ); + + // default lifetime on session cookie (90 days) + session_set_cookie_params( + (60*60*24*90), + '/' + ); + + // start the loaded session + session_start(); + } + + // register variables into session (dynamic load and save of vars) + function register ($var) + { + global $$var; + + // load $var into memory + if (isset($_SESSION[$var])) + $$var = $_SESSION[$var]; + + // store var into session + $_SESSION[$var] =& $$var; + } + + // destroy session + function destroy () + { + session_destroy(); + } - if(!$result) - return null; - $r = mysql_fetch_object($result); + // open session file (not needed for DB access) + function _open ($save_path, $session_name) { return true; } - if($r->messages) - $msg_buffer = explode("|", $r->messages); - - return $r->data; -} - -function _session_write($key, $value) -{ - global $msg_buffer; - global $apidb_debug; - - opendb(); - - if($msg_buffer) - $messages = implode("|", $msg_buffer); - else + // close session file (not needed for DB access) + function _close () { return true; } + + // read session + function _read ($key) + { + $result = mysql_query("SELECT data FROM session_list WHERE session_id = '".$key."'"); + if (!$result) { return null; } + $r = mysql_fetch_object($result); + return $r->data; + } + + // write session to DB + function _write ($key, $value) + { $messages = ""; + if(isset($GLOBALS['msg_buffer'])) + $messages = implode("|", $GLOBALS['msg_buffer']); - // remove single quotes - $value = str_replace("'", "", $value); + mysql_query("REPLACE session_list VALUES ('$key', ".$_SESSION['current']->userid.", '".get_remote()."', '".addslashes($value)."', '$messages', NOW())"); + return true; + } + + // delete current session + function _destroy ($key) + { + mysql_query("DELETE FROM session_list WHERE session_id = '$key'"); + return true; + } + + // clear old sessions (moved into a separate cron process) + function _gc ($maxlifetime) + { + mysql_query("DELETE FROM session_list WHERE to_days(now()) - to_days(stamp) >= 7"); + return true; + } - //DEBUGGING - if ($apidb_debug) - mysql_query("INSERT INTO debug VALUES(null, '$key = $messages')"); - - - if(isset($_SESSION['current'])) - mysql_query("REPLACE session_list VALUES ('$key', ".$_SESSION['current']->userid.", '".get_remote()."', '$value', '$messages', NOW())"); - else - mysql_query("REPLACE session_list VALUES ('$key', 0, '".get_remote()."', null, '$messages', NOW())"); - - return true; } +// end session -function _session_destroy($key) -{ - mysql_query("DELETE FROM session_list WHERE session_id = '$key'"); - return true; -} - -function _session_gc($maxlifetime) -{ - // delete sessions older than 2 days - mysql_query("DELETE FROM session_list WHERE to_days(now()) - to_days(stamp) >= 2"); - return true; -} - -session_set_save_handler("_session_open", - "_session_close", - "_session_read", - "_session_write", - "_session_destroy", - "_session_gc"); - -session_register($current); -?> \ No newline at end of file +?> diff --git a/include/user.php b/include/user.php index 8b0f2c9..1a0885c 100644 --- a/include/user.php +++ b/include/user.php @@ -5,7 +5,6 @@ class User { - var $link; // database connection var $stamp; var $userid; var $username; @@ -20,23 +19,16 @@ class User { */ function User() { - $this->connect(); + } - - function connect() - { - $this->link = opendb(); - } - - /** * check if a user exists * returns TRUE if the user exists */ function exists($username) { - $result = mysql_query("SELECT * FROM user_list WHERE username = '$username'", $this->link); + $result = mysql_query("SELECT * FROM user_list WHERE username = '$username'"); if(!$result || mysql_num_rows($result) != 1) return 0; return 1; @@ -83,9 +75,9 @@ class User { $result = mysql_query("SELECT stamp, userid, username, realname, ". "created, status, perm FROM user_list WHERE ". "username = '$username' AND ". - "password = password('$password')", $this->link); + "password = password('$password')"); if(!$result) - return "Error: ".mysql_error($this->link); + return "Error: ".mysql_error(); if(mysql_num_rows($result) == 0) return "Invalid username or password"; @@ -121,9 +113,9 @@ class User { { $result = mysql_query("INSERT INTO user_list VALUES ( NOW(), 0, ". "'$username', password('$password'), ". - "'$realname', '$email', NOW(), 0, 0)", $this->link); + "'$realname', '$email', NOW(), 0, 0)"); if(!$result) - return mysql_error($this->link); + return mysql_error(); return $this->restore($username, $password); } @@ -164,10 +156,10 @@ class User { if($username == 0) $username = $this->username; - $result = mysql_query("DELETE FROM user_list WHERE username = '$username'", $this->link); + $result = mysql_query("DELETE FROM user_list WHERE username = '$username'"); if(!$result) - return mysql_error($this->link); + return mysql_error(); if(mysql_affected_rows($result) == 0) return "No such user."; return 0; @@ -176,7 +168,7 @@ class User { function done() { - mysql_close($this->link); + } @@ -185,7 +177,7 @@ class User { if(!$this->userid || !$key) return $def; - $result = mysql_query("SELECT * FROM user_prefs WHERE userid = $this->userid AND name = '$key'", $this->link); + $result = mysql_query("SELECT * FROM user_prefs WHERE userid = $this->userid AND name = '$key'"); if(!$result || mysql_num_rows($result) == 0) return $def; $ob = mysql_fetch_object($result); @@ -213,7 +205,7 @@ class User { if(!$this->userid || !$priv) return 0; - $result = mysql_query("SELECT * FROM user_privs WHERE userid = $this->userid AND priv = '$priv'", $this->link); + $result = mysql_query("SELECT * FROM user_privs WHERE userid = $this->userid AND priv = '$priv'"); if(!$result) return 0; return mysql_num_rows($result); @@ -236,7 +228,7 @@ class User { } $query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND versionId = '$versionId'"; - $result = mysql_query($query, $this->link); + $result = mysql_query($query); if(!$result) return 0; return mysql_num_rows($result); @@ -252,7 +244,7 @@ class User { return false; $query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND superMaintainer = '1'"; - $result = mysql_query($query, $this->link); + $result = mysql_query($query); if(!$result) return 0; return mysql_num_rows($result); @@ -267,7 +259,7 @@ class User { if($this->checkpriv($priv)) return 1; - $result = mysql_query("INSERT INTO user_privs VALUES ($this->userid, '$priv')", $this->link); + $result = mysql_query("INSERT INTO user_privs VALUES ($this->userid, '$priv')"); return $result; } @@ -277,7 +269,7 @@ class User { if(!$this->userid || !$priv) return 0; - $result = mysql_query("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'", $this->link); + $result = mysql_query("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'"); return $result; }