| [ Index ] |
|
Code source de eGroupWare 1.2.106-2 |
1 <?php 2 /**************************************************************************\ 3 * eGroupWare API - Session management * 4 * This file written by Dan Kuykendall <seek3r@phpgroupware.org> * 5 * and Joseph Engo <jengo@phpgroupware.org> * 6 * and Ralf Becker <ralfbecker@outdoor-training.de> * 7 * Copyright (C) 2000, 2001 Dan Kuykendall * 8 * -------------------------------------------------------------------------* 9 * This library is part of the eGroupWare API * 10 * http://www.egroupware.org/api * 11 * ------------------------------------------------------------------------ * 12 * This library is free software; you can redistribute it and/or modify it * 13 * under the terms of the GNU Lesser General Public License as published by * 14 * the Free Software Foundation; either version 2.1 of the License, * 15 * or any later version. * 16 * This library is distributed in the hope that it will be useful, but * 17 * WITHOUT ANY WARRANTY; without even the implied warranty of * 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * 19 * See the GNU Lesser General Public License for more details. * 20 * You should have received a copy of the GNU Lesser General Public License * 21 * along with this library; if not, write to the Free Software Foundation, * 22 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * 23 \**************************************************************************/ 24 25 /* $Id: class.sessions_php4.inc.php 21940 2006-06-23 19:14:55Z lkneschke $ */ 26 27 define('EGW_SESSION_VAR','egw_session'); // where to store our session-data $_SESSION[EGW_SESSION_VAR] 28 29 /** 30 * Session Management via php4 sessions 31 * 32 * @package api 33 * @subpackage sessions 34 */ 35 class sessions extends sessions_ 36 { 37 38 function sessions($domain_names=null) 39 { 40 $this->sessions_($domain_names); 41 //controls the time out for php4 sessions - skwashd 18-May-2003 42 ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']); 43 session_name('sessionid'); 44 } 45 46 /** 47 * commit the sessiondata to the filesystem 48 * 49 * @return bool 50 */ 51 function commit_session() { 52 session_write_close(); 53 return true; 54 } 55 56 function read_session() 57 { 58 if (!$this->sessionid) 59 { 60 return False; 61 } 62 session_id($this->sessionid); 63 session_start(); 64 return $_SESSION[EGW_SESSION_VAR]; 65 } 66 67 function set_cookie_params($domain) 68 { 69 session_set_cookie_params(0,'/',$domain); 70 } 71 72 function new_session_id() 73 { 74 session_start(); 75 76 return session_id(); 77 } 78 79 function register_session($login,$user_ip,$now,$session_flags) 80 { 81 // session_start() is now called in new_session_id() !!! 82 $_SESSION[EGW_SESSION_VAR]['session_id'] = $this->sessionid; 83 $_SESSION[EGW_SESSION_VAR]['session_lid'] = $login; 84 $_SESSION[EGW_SESSION_VAR]['session_ip'] = $user_ip; 85 $_SESSION[EGW_SESSION_VAR]['session_logintime'] = $now; 86 $_SESSION[EGW_SESSION_VAR]['session_dla'] = $now; 87 $_SESSION[EGW_SESSION_VAR]['session_action'] = $_SERVER['PHP_SELF']; 88 $_SESSION[EGW_SESSION_VAR]['session_flags'] = $session_flags; 89 // we need the install-id to differ between serveral installs shareing one tmp-dir 90 $_SESSION[EGW_SESSION_VAR]['session_install_id'] = $GLOBALS['egw_info']['server']['install_id']; 91 } 92 93 // This will update the DateLastActive column, so the login does not expire 94 function update_dla() 95 { 96 if (@isset($_GET['menuaction'])) 97 { 98 $action = $_GET['menuaction']; 99 } 100 else 101 { 102 $action = $_SERVER['PHP_SELF']; 103 } 104 105 // This way XML-RPC users aren't always listed as 106 // xmlrpc.php 107 if ($this->xmlrpc_method_called) 108 { 109 $action = $this->xmlrpc_method_called; 110 } 111 112 $_SESSION[EGW_SESSION_VAR]['session_dla'] = time(); 113 $_SESSION[EGW_SESSION_VAR]['session_action'] = $action; 114 115 return True; 116 } 117 118 function destroy($sessionid, $kp3) 119 { 120 if (!$sessionid && $kp3) 121 { 122 return False; 123 } 124 125 $this->log_access($this->sessionid); // log logout-time 126 127 // Only do the following, if where working with the current user 128 if ($sessionid == $GLOBALS['egw_info']['user']['sessionid']) 129 { 130 session_unset(); 131 //echo "<p>sessions_php4::destroy: session_destroy() returned ".(session_destroy() ? 'True' : 'False')."</p>\n"; 132 @session_destroy(); 133 if ($GLOBALS['egw_info']['server']['usecookies']) 134 { 135 $this->phpgw_setcookie(session_name()); 136 } 137 } 138 else 139 { 140 $sessions = $this->list_sessions(0,'','',True); 141 142 if (isset($sessions[$sessionid])) 143 { 144 //echo "<p>session_php4::destroy($session_id): unlink('".$sessions[$sessionid]['php_session_file']."')</p>\n"; 145 @unlink($sessions[$sessionid]['php_session_file']); 146 } 147 } 148 149 return True; 150 } 151 152 /*************************************************************************\ 153 * Functions for appsession data and session cache * 154 \*************************************************************************/ 155 function delete_cache($accountid='') 156 { 157 $account_id = get_account_id($accountid,$this->account_id); 158 159 $_SESSION[EGW_SESSION_VAR]['app_sessions']['phpgwapi']['phpgw_info_cache'] = ''; 160 } 161 162 function appsession($location = 'default', $appname = '', $data = '##NOTHING##') 163 { 164 if (! $appname) 165 { 166 $appname = $GLOBALS['egw_info']['flags']['currentapp']; 167 } 168 169 /* This allows the user to put '' as the value. */ 170 if ($data === '##NOTHING##') 171 { 172 /* do not decrypt and return if no data (decrypt returning garbage) */ 173 if($_SESSION[EGW_SESSION_VAR]['app_sessions'][$appname][$location]) 174 { 175 return $GLOBALS['egw']->crypto->decrypt($_SESSION[EGW_SESSION_VAR]['app_sessions'][$appname][$location]); 176 } 177 return false; 178 } 179 $_SESSION[EGW_SESSION_VAR]['app_sessions'][$appname][$location] = $GLOBALS['egw']->crypto->encrypt($data); 180 181 return $data; 182 } 183 184 function session_sort($a,$b) 185 { 186 $sign = strcasecmp($GLOBALS['egw']->session->sort_order,'ASC') ? 1 : -1; 187 188 return strcasecmp( 189 $a[$GLOBALS['egw']->session->sort_by], 190 $b[$GLOBALS['egw']->session->sort_by] 191 ) * $sign; 192 } 193 194 /** 195 * get list of normal / non-anonymous sessions (works only for session.handler = files!, but that's the default) 196 * 197 * The data from the session-files get cached in the app_session phpgwapi/php4_session_cache 198 * 199 * @author RalfBecker-AT-outdoor-training.de 200 */ 201 function list_sessions($start,$order,$sort,$all_no_sort = False) 202 { 203 //echo "<p>session_php4::list_sessions($start,'$order','$sort',$all)</p>\n"; 204 $session_cache = $this->appsession('php4_session_cache','phpgwapi'); 205 206 $values = array(); 207 $maxmatchs = $GLOBALS['egw_info']['user']['preferences']['common']['maxmatchs']; 208 $dir = @opendir($path = ini_get('session.save_path')); 209 if (!$dir) // eg. openbasedir restrictions 210 { 211 return $values; 212 } 213 while (($file = readdir($dir))) 214 { 215 if (substr($file,0,5) != 'sess_' || $session_cache[$file] === false) 216 { 217 continue; 218 } 219 if (isset($session_cache[$file]) && !$session_cache[$file]) // session is marked as not to list (not ours or anonymous) 220 { 221 continue; 222 } 223 if (isset($session_cache[$file])) // use copy from cache 224 { 225 $session = $session_cache[$file]; 226 227 if (!$all_no_sort || // we need the up-to-date data --> unset and reread it 228 $session['session_dla'] <= (time() - $GLOBALS['egw_info']['server']['sessions_timeout'])) // cached dla is timeout 229 { 230 unset($session_cache[$file]); 231 } 232 } 233 if (!isset($session_cache[$file])) // not in cache, read and cache it 234 { 235 if (!is_readable($path. '/' . $file)) 236 { 237 $session_cache[$file] = false; // dont try reading it again 238 continue; // happens if webserver runs multiple user-ids 239 } 240 $session = ''; 241 if (($fd = fopen ($path . '/' . $file,'r'))) 242 { 243 $session = ($size = filesize ($path . '/' . $file)) ? fread ($fd, $size) : 0; 244 fclose ($fd); 245 } 246 if (substr($session,0,1+strlen(EGW_SESSION_VAR)) != EGW_SESSION_VAR.'|') 247 { 248 $session_cache[$file] = false; // dont try reading it again 249 continue; 250 } 251 $session = unserialize(substr($session,1+strlen(EGW_SESSION_VAR))); 252 unset($session['app_sessions']); // not needed, saves memory 253 $session['php_session_file'] = $path . '/' . $file; 254 $session_cache[$file] = $session; 255 256 if($session['session_flags'] == 'A' || !$session['session_id'] || 257 $session['session_install_id'] != $GLOBALS['egw_info']['server']['install_id']) 258 { 259 $session_cache[$file] = false; // dont try reading it again 260 continue; // no anonymous sessions or other domains or installations 261 } 262 // check for and terminate sessions which are timed out ==> destroy them 263 // this should be not necessary if php is configured right, but I'm sick of the questions on the list 264 if ($session['session_dla'] <= (time() - $GLOBALS['egw_info']['server']['sessions_timeout'])) 265 { 266 //echo "session $session[session_id] is timed out !!!<br>\n"; 267 @unlink($path . '/' . $file); 268 $session_cache[$file] = false; 269 continue; 270 } 271 } 272 // ignore (empty) login sessions created by IE and konqueror, when clicking on [login] (double submission of the form) 273 if ($session['session_action'] == $GLOBALS['egw_info']['server']['webserver_url'].'/login.php') continue; 274 275 //echo "file='$file'=<pre>"; print_r($session); echo "</pre>"; 276 $values[$session['session_id']] = $session; 277 } 278 closedir($dir); 279 280 if(!$all_no_sort) 281 { 282 $GLOBALS['egw']->session->sort_by = $sort; 283 $GLOBALS['egw']->session->sort_order = $order; 284 285 uasort($values,array('sessions','session_sort')); 286 287 $i = 0; 288 $start = (int)$start; 289 foreach($values as $id => $data) 290 { 291 if($i < $start || $i > $start+$maxmatchs) 292 { 293 unset($values[$id]); 294 } 295 ++$i; 296 } 297 reset($values); 298 } 299 $this->appsession('php4_session_cache','phpgwapi',$session_cache); 300 301 return $values; 302 } 303 304 /** 305 * get number of normal / non-anonymous sessions 306 * 307 * @author RalfBecker-AT-outdoor-training.de 308 */ 309 function total() 310 { 311 return count($this->list_sessions(0,'','',True)); 312 } 313 }
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 17:20:01 2007 | par Balluche grâce à PHPXref 0.7 |