claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated to a slightly more improved version of the session management code

Browse Source 
should solve bugs with logging in on register_globals = off;
This commit is contained in:
Jeremy Newman
2004-12-13 03:50:02 +00:00
parent 170615721f
commit 5642e73425
4 changed files with 115 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
account.php
View File

@@ -50,7 +50,7 @@ function do_account($cmd = null)
exit;
case "logout":
apidb_session_destroy();
$GLOBALS['session']->destroy();
addmsg("You are successfully logged out.", "green");
redirect(apidb_fullurl("index.php"));
exit;

15
include/incl.php
View File

@@ -18,10 +18,6 @@ require(BASE."include/"."html.php");
$sidebar_func_list = array();
$help_list = array();
// start session ...
apidb_session_start();
function apidb_help_add($desc, $id)
{
global $help_list;
@@ -239,4 +235,15 @@ define("STANDARD_NOTIFY_FOOTER","------- You are receiving this mail because: --
"You are an maintainer of this app or an appdb administrator\n".
"to change your preferences go to: ".APPDB_ROOT."preferences.php\n");
/*
* Start DB Connection
*/
opendb();
/*
* Init Session (stores user info and cart info in session)
*/
$session = new session("whq_appdb");
$session->register("current");
?>

177
include/session.php
View File

@@ -1,104 +1,103 @@
<?php
function apidb_session_start()
{
session_set_cookie_params(time() + 3600 * 48);
session_start();
if(isset($_SESSION['current']))
$_SESSION['current']->connect();
}
function apidb_session_destroy()
{
session_destroy();
}
/**
* session handler functions
/*
* session.php - session handler functions
* sessions are stored in a mysql table
*/
function _session_open($save_path, $session_name)
{
opendb();
//mysql_query("CREATE TABLE IF NOT EXISTS session_list (session_id varchar(64) not null, ".
// "userid int, ip varchar(64), data text, messages text, stamp timestamp, primary key(session_id))");
return true;
}
function _session_close()
class session
{
return true;
}
// create session object
function session ($name)
{
// set name for this session
$this->name = $name;
function _session_read($key)
{
global $msg_buffer;
// define options for sessions
ini_set('session.name', $this->name);
ini_set('session.use_cookies', true);
ini_set('session.use_only_cookies', true);
opendb();
$result = mysql_query("SELECT data, messages FROM session_list WHERE session_id = '$key'");
// setup session object
session_set_save_handler(
array(&$this, "_open"),
array(&$this, "_close"),
array(&$this, "_read"),
array(&$this, "_write"),
array(&$this, "_destroy"),
array(&$this, "_gc")
);
// default lifetime on session cookie (90 days)
session_set_cookie_params(
(60*60*24*90),
'/'
);
// start the loaded session
session_start();
}
// register variables into session (dynamic load and save of vars)
function register ($var)
{
global $$var;
// load $var into memory
if (isset($_SESSION[$var]))
$$var = $_SESSION[$var];
// store var into session
$_SESSION[$var] =& $$var;
}
// destroy session
function destroy ()
{
session_destroy();
}
if(!$result)
return null;
$r = mysql_fetch_object($result);
// open session file (not needed for DB access)
function _open ($save_path, $session_name) { return true; }
if($r->messages)
$msg_buffer = explode("|", $r->messages);
return $r->data;
}
function _session_write($key, $value)
{
global $msg_buffer;
global $apidb_debug;
opendb();
if($msg_buffer)
$messages = implode("|", $msg_buffer);
else
// close session file (not needed for DB access)
function _close () { return true; }
// read session
function _read ($key)
{
$result = mysql_query("SELECT data FROM session_list WHERE session_id = '".$key."'");
if (!$result) { return null; }
$r = mysql_fetch_object($result);
return $r->data;
}
// write session to DB
function _write ($key, $value)
{
$messages = "";
if(isset($GLOBALS['msg_buffer']))
$messages = implode("|", $GLOBALS['msg_buffer']);
// remove single quotes
$value = str_replace("'", "", $value);
mysql_query("REPLACE session_list VALUES ('$key', ".$_SESSION['current']->userid.", '".get_remote()."', '".addslashes($value)."', '$messages', NOW())");
return true;
}
// delete current session
function _destroy ($key)
{
mysql_query("DELETE FROM session_list WHERE session_id = '$key'");
return true;
}
// clear old sessions (moved into a separate cron process)
function _gc ($maxlifetime)
{
mysql_query("DELETE FROM session_list WHERE to_days(now()) - to_days(stamp) >= 7");
return true;
}
//DEBUGGING
if ($apidb_debug)
mysql_query("INSERT INTO debug VALUES(null, '$key = $messages')");
if(isset($_SESSION['current']))
mysql_query("REPLACE session_list VALUES ('$key', ".$_SESSION['current']->userid.", '".get_remote()."', '$value', '$messages', NOW())");
else
mysql_query("REPLACE session_list VALUES ('$key', 0, '".get_remote()."', null, '$messages', NOW())");
return true;
}
// end session
function _session_destroy($key)
{
mysql_query("DELETE FROM session_list WHERE session_id = '$key'");
return true;
}
function _session_gc($maxlifetime)
{
// delete sessions older than 2 days
mysql_query("DELETE FROM session_list WHERE to_days(now()) - to_days(stamp) >= 2");
return true;
}
session_set_save_handler("_session_open",
"_session_close",
"_session_read",
"_session_write",
"_session_destroy",
"_session_gc");
session_register($current);
?>
?>

38
include/user.php
View File

@@ -5,7 +5,6 @@
class User {
var $link; // database connection
var $stamp;
var $userid;
var $username;
@@ -20,23 +19,16 @@ class User {
*/
function User()
{
$this->connect();
}
function connect()
{
$this->link = opendb();
}
/**
* check if a user exists
* returns TRUE if the user exists
*/
function exists($username)
{
$result = mysql_query("SELECT * FROM user_list WHERE username = '$username'", $this->link);
$result = mysql_query("SELECT * FROM user_list WHERE username = '$username'");
if(!$result || mysql_num_rows($result) != 1)
return 0;
return 1;
@@ -83,9 +75,9 @@ class User {
$result = mysql_query("SELECT stamp, userid, username, realname, ".
"created, status, perm FROM user_list WHERE ".
"username = '$username' AND ".
"password = password('$password')", $this->link);
"password = password('$password')");
if(!$result)
return "Error: ".mysql_error($this->link);
return "Error: ".mysql_error();
if(mysql_num_rows($result) == 0)
return "Invalid username or password";
@@ -121,9 +113,9 @@ class User {
{
$result = mysql_query("INSERT INTO user_list VALUES ( NOW(), 0, ".
"'$username', password('$password'), ".
"'$realname', '$email', NOW(), 0, 0)", $this->link);
"'$realname', '$email', NOW(), 0, 0)");
if(!$result)
return mysql_error($this->link);
return mysql_error();
return $this->restore($username, $password);
}
@@ -164,10 +156,10 @@ class User {
if($username == 0)
$username = $this->username;
$result = mysql_query("DELETE FROM user_list WHERE username = '$username'", $this->link);
$result = mysql_query("DELETE FROM user_list WHERE username = '$username'");
if(!$result)
return mysql_error($this->link);
return mysql_error();
if(mysql_affected_rows($result) == 0)
return "No such user.";
return 0;
@@ -176,7 +168,7 @@ class User {
function done()
{
mysql_close($this->link);
}
@@ -185,7 +177,7 @@ class User {
if(!$this->userid || !$key)
return $def;
$result = mysql_query("SELECT * FROM user_prefs WHERE userid = $this->userid AND name = '$key'", $this->link);
$result = mysql_query("SELECT * FROM user_prefs WHERE userid = $this->userid AND name = '$key'");
if(!$result || mysql_num_rows($result) == 0)
return $def;
$ob = mysql_fetch_object($result);
@@ -213,7 +205,7 @@ class User {
if(!$this->userid || !$priv)
return 0;
$result = mysql_query("SELECT * FROM user_privs WHERE userid = $this->userid AND priv = '$priv'", $this->link);
$result = mysql_query("SELECT * FROM user_privs WHERE userid = $this->userid AND priv = '$priv'");
if(!$result)
return 0;
return mysql_num_rows($result);
@@ -236,7 +228,7 @@ class User {
}
$query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND versionId = '$versionId'";
$result = mysql_query($query, $this->link);
$result = mysql_query($query);
if(!$result)
return 0;
return mysql_num_rows($result);
@@ -252,7 +244,7 @@ class User {
return false;
$query = "SELECT * FROM appMaintainers WHERE userid = '$this->userid' AND appId = '$appId' AND superMaintainer = '1'";
$result = mysql_query($query, $this->link);
$result = mysql_query($query);
if(!$result)
return 0;
return mysql_num_rows($result);
@@ -267,7 +259,7 @@ class User {
if($this->checkpriv($priv))
return 1;
$result = mysql_query("INSERT INTO user_privs VALUES ($this->userid, '$priv')", $this->link);
$result = mysql_query("INSERT INTO user_privs VALUES ($this->userid, '$priv')");
return $result;
}
@@ -277,7 +269,7 @@ class User {
if(!$this->userid || !$priv)
return 0;
$result = mysql_query("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'", $this->link);
$result = mysql_query("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'");
return $result;
}