| [ Index ] |
|
Code source de eZ Publish 3.9.0 |
1 <?php 2 // 3 // Definition of eZSession class 4 // 5 // Created on: <19-Aug-2002 12:49:18 bf> 6 // 7 // SOFTWARE NAME: eZ publish 8 // SOFTWARE RELEASE: 3.9.0 9 // BUILD VERSION: 17785 10 // COPYRIGHT NOTICE: Copyright (C) 1999-2006 eZ systems AS 11 // SOFTWARE LICENSE: GNU General Public License v2.0 12 // NOTICE: > 13 // This program is free software; you can redistribute it and/or 14 // modify it under the terms of version 2.0 of the GNU General 15 // Public License as published by the Free Software Foundation. 16 // 17 // This program is distributed in the hope that it will be useful, 18 // but WITHOUT ANY WARRANTY; without even the implied warranty of 19 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 // GNU General Public License for more details. 21 // 22 // You should have received a copy of version 2.0 of the GNU General 23 // Public License along with this program; if not, write to the Free 24 // Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 25 // MA 02110-1301, USA. 26 // 27 // 28 29 /*! 30 Re-implementation of PHP session management using database. 31 32 The session system has a hook system which allows external code to perform 33 extra tasks before and after a certain action is executed. For instance to 34 cleanup a table when sessions are removed. 35 To create a hook function the global variable \c eZSessionFunctions must be 36 filled in. This contains an associative array with hook points, e.g. 37 \c destroy_pre which is checked by the session system. 38 Each hook point must contain an array with function names to execute, if the 39 hook point does not exist the session handler will not handle the hooks. 40 41 \code 42 function cleanupStuff( &$db, $key, $escKey ) 43 { 44 // Do cleanup here 45 } 46 if ( !isset( $GLOBALS['eZSessionFunctions']['destroy_pre'] ) ) 47 $GLOBALS['eZSessionFunctions']['destroy_pre'] = array(); 48 $GLOBALS['eZSessionFunctions']['destroy_pre'][] = 'cleanupstuff'; 49 \endcode 50 51 When new data is inserted to the database it will call the \c update_pre and 52 \c update_post hooks. The signature of the function is 53 function insert( &$db, $key, $escapedKey, $expirationTime, $userID, $value ) 54 55 When existing data is updated in the databbase it will call the \c insert_pre 56 and \c insert_post hook. The signature of the function is 57 function update( &$db, $key, $escapedKey, $expirationTime, $userID, $value ) 58 59 When a specific session is destroyed in the database it will call the 60 \c destroy_pre and \c destroy_post hooks. The signature of the function is 61 function destroy( &$db, $key, $escapedKey ) 62 63 When multiple sessions are expired (garbage collector) in the database it 64 will call the \c gc_pre and \c gc_post hooks. The signature of the function is 65 function gcollect( &$db, $expiredTime ) 66 67 When all sessionss are removed from the database it will call the 68 \c empty_pre and \c empty_post hooks. The signature of the function is 69 function empty( &$db ) 70 71 \param $db The database object used by the session manager. 72 \param $key The session key which are being worked on, see also \a $escapedKey 73 \param $escapedKey The same key as \a $key but is escaped correctly for the database. 74 Use this to save a call to eZDBInterface::escapeString() 75 \param $expirationTime An integer specifying the timestamp of when the session 76 will expire. 77 \param $expiredTime Similar to \a $expirationTime but is the time used to figure 78 if a session is expired in the database. ie. all sessions with 79 lower expiration times will be removed. 80 */ 81 82 function eZSessionOpen( ) 83 { 84 // do nothing eZDB will open connection when needed. 85 } 86 87 function eZSessionClose( ) 88 { 89 // eZDB will handle closing the database 90 } 91 92 function &eZSessionRead( $key ) 93 { 94 include_once ( 'lib/ezdb/classes/ezdb.php' ); 95 $db =& eZDB::instance(); 96 97 $key = $db->escapeString( $key ); 98 99 $sessionRes = $db->arrayQuery( "SELECT data, user_id, expiration_time FROM ezsession WHERE session_key='$key'" ); 100 101 if ( $sessionRes !== false and count( $sessionRes ) == 1 ) 102 { 103 $ini =& eZINI::instance(); 104 105 $sessionUpdatesTime = $sessionRes[0]['expiration_time'] - $ini->variable( 'Session', 'SessionTimeout' ); 106 $sessionIdle = time() - $sessionUpdatesTime; 107 108 $data =& $sessionRes[0]['data']; 109 $GLOBALS['eZSessionUserID'] = $sessionRes[0]['user_id']; 110 $GLOBALS['eZSessionIdleTime'] = $sessionIdle; 111 112 /* 113 * The line below is needed to correctly load list of content classes saved 114 * in the CanInstantiateClassList session variable. 115 * Without this we get incomplete classes loaded (__PHP_Incomplete_Class). 116 */ 117 require_once ( 'kernel/classes/ezcontentclass.php' ); 118 119 return $data; 120 } 121 else 122 { 123 $retVal = false; 124 return $retVal; 125 } 126 } 127 128 /*! 129 Will write the session information to database. 130 */ 131 function eZSessionWrite( $key, $value ) 132 { 133 // include_once( 'lib/ezdb/classes/ezdb.php' ); 134 135 if ( isset( $GLOBALS["eZRequestError"] ) && $GLOBALS["eZRequestError"] ) 136 { 137 return; 138 } 139 140 $db =& eZDB::instance(); 141 $ini =& eZIni::instance(); 142 $expirationTime = time() + $ini->variable( 'Session', 'SessionTimeout' ); 143 144 if ( $db->bindingType() != EZ_DB_BINDING_NO ) 145 { 146 $value = $db->bindVariable( $value, array( 'name' => 'data' ) ); 147 } 148 else 149 { 150 $value = '\'' . $db->escapeString( $value ) . '\''; 151 152 } 153 // $value = $db->escapeString( $value ); 154 $escKey = $db->escapeString( $key ); 155 // check if session already exists 156 157 $userID = 0; 158 if ( isset( $GLOBALS['eZSessionUserID'] ) ) 159 $userID = $GLOBALS['eZSessionUserID']; 160 $userID = $db->escapeString( $userID ); 161 162 $sessionRes = $db->arrayQuery( "SELECT session_key FROM ezsession WHERE session_key='$escKey'" ); 163 164 if ( count( $sessionRes ) == 1 ) 165 { 166 if ( isset( $GLOBALS['eZSessionFunctions']['update_pre'] ) ) 167 { 168 foreach ( $GLOBALS['eZSessionFunctions']['update_pre'] as $func ) 169 { 170 $func( $db, $key, $escKey, $expirationTime, $userID, $value ); 171 } 172 } 173 174 $updateQuery = "UPDATE ezsession 175 SET expiration_time='$expirationTime', data=$value, user_id='$userID' 176 WHERE session_key='$escKey'"; 177 178 $ret = $db->query( $updateQuery ); 179 180 if ( isset( $GLOBALS['eZSessionFunctions']['update_post'] ) ) 181 { 182 foreach ( $GLOBALS['eZSessionFunctions']['update_post'] as $func ) 183 { 184 $func( $db, $key, $escKey, $expirationTime, $userID, $value ); 185 } 186 } 187 } 188 else 189 { 190 if ( isset( $GLOBALS['eZSessionFunctions']['insert_pre'] ) ) 191 { 192 foreach ( $GLOBALS['eZSessionFunctions']['insert_pre'] as $func ) 193 { 194 $func( $db, $key, $escKey, $expirationTime, $userID, $value ); 195 } 196 } 197 198 $insertQuery = "INSERT INTO ezsession 199 ( session_key, expiration_time, data, user_id ) 200 VALUES ( '$escKey', '$expirationTime', $value, '$userID' )"; 201 202 $ret = $db->query( $insertQuery ); 203 204 if ( isset( $GLOBALS['eZSessionFunctions']['insert_post'] ) ) 205 { 206 foreach ( $GLOBALS['eZSessionFunctions']['insert_post'] as $func ) 207 { 208 $func( $db, $key, $escKey, $expirationTime, $userID, $value ); 209 } 210 } 211 } 212 } 213 214 /*! 215 Will remove a session from the database. 216 */ 217 function eZSessionDestroy( $key ) 218 { 219 include_once ( 'lib/ezdb/classes/ezdb.php' ); 220 $db =& eZDB::instance(); 221 222 $escKey = $db->escapeString( $key ); 223 if ( isset( $GLOBALS['eZSessionFunctions']['destroy_pre'] ) ) 224 { 225 foreach ( $GLOBALS['eZSessionFunctions']['destroy_pre'] as $func ) 226 { 227 $func( $db, $key, $escKey ); 228 } 229 } 230 231 $query = "DELETE FROM ezsession WHERE session_key='$escKey'"; 232 $db->query( $query ); 233 234 if ( isset( $GLOBALS['eZSessionFunctions']['destroy_post'] ) ) 235 { 236 foreach ( $GLOBALS['eZSessionFunctions']['destroy_post'] as $func ) 237 { 238 $func( $db, $key, $escKey ); 239 } 240 } 241 } 242 243 /*! 244 Handles session cleanup. Will delete timed out sessions from the database. 245 */ 246 function eZSessionGarbageCollector() 247 { 248 include_once ( 'lib/ezdb/classes/ezdb.php' ); 249 $db =& eZDB::instance(); 250 $time = time(); 251 252 if ( isset( $GLOBALS['eZSessionFunctions']['gc_pre'] ) ) 253 { 254 foreach ( $GLOBALS['eZSessionFunctions']['gc_pre'] as $func ) 255 { 256 $func( $db, $time ); 257 } 258 } 259 260 $query = "DELETE FROM ezsession WHERE expiration_time < " . $time; 261 262 $db->query( $query ); 263 264 if ( isset( $GLOBALS['eZSessionFunctions']['gc_post'] ) ) 265 { 266 foreach ( $GLOBALS['eZSessionFunctions']['gc_post'] as $func ) 267 { 268 $func( $db, $time ); 269 } 270 } 271 } 272 273 /*! 274 Removes all entries from session. 275 */ 276 function eZSessionEmpty() 277 { 278 include_once ( 'lib/ezdb/classes/ezdb.php' ); 279 $db =& eZDB::instance(); 280 281 if ( isset( $GLOBALS['eZSessionFunctions']['empty_pre'] ) ) 282 { 283 foreach ( $GLOBALS['eZSessionFunctions']['empty_pre'] as $func ) 284 { 285 $func( $db ); 286 } 287 } 288 289 $query = "TRUNCATE TABLE ezsession"; 290 291 $db->query( $query ); 292 293 if ( isset( $GLOBALS['eZSessionFunctions']['empty_post'] ) ) 294 { 295 foreach ( $GLOBALS['eZSessionFunctions']['empty_post'] as $func ) 296 { 297 $func( $db ); 298 } 299 } 300 } 301 302 /*! 303 Counts the number of active session and returns it. 304 */ 305 function eZSessionCountActive() 306 { 307 include_once ( 'lib/ezdb/classes/ezdb.php' ); 308 $db =& eZDB::instance(); 309 $query = "SELECT count( * ) AS count FROM ezsession"; 310 311 $rows = $db->arrayQuery( $query ); 312 return $rows[0]['count']; 313 } 314 315 /*! 316 Register the needed session functions. 317 Call this only once. 318 */ 319 function eZRegisterSessionFunctions() 320 { 321 session_module_name( 'user' ); 322 $ini =& eZIni::instance(); 323 if ( $ini->variable( 'Session', 'SessionNameHandler' ) == 'custom' ) 324 { 325 $sessionName = $ini->variable( 'Session', 'SessionNamePrefix' ); 326 if ( $ini->variable( 'Session', 'SessionNamePerSiteAccess' ) == 'enabled' ) 327 { 328 $access = $GLOBALS['eZCurrentAccess']; 329 $sessionName .= $access['name']; 330 } 331 session_name( $sessionName ); 332 } 333 session_set_save_handler( 334 'ezsessionopen', 335 'ezsessionclose', 336 'ezsessionread', 337 'ezsessionwrite', 338 'ezsessiondestroy', 339 'ezsessiongarbagecollector' ); 340 } 341 342 /*! 343 Makes sure that the session is started properly. 344 Multiple calls will just be ignored. 345 */ 346 function eZSessionStart() 347 { 348 // Check if we are allowed to use sessions 349 if ( isset( $GLOBALS['eZSiteBasics'] ) and 350 isset( $GLOBALS['eZSiteBasics']['session-required'] ) and 351 !$GLOBALS['eZSiteBasics']['session-required'] ) 352 return false; 353 $hasStarted =& $GLOBALS['eZSessionIsStarted']; 354 if ( isset( $hasStarted ) and 355 $hasStarted ) 356 return false; 357 include_once ( 'lib/ezdb/classes/ezdb.php' ); 358 $db =& eZDB::instance(); 359 if ( !$db->isConnected() ) 360 return false; 361 eZRegisterSessionFunctions(); 362 $ini =& eZINI::instance(); 363 $cookieTimeout = isset( $GLOBALS['RememberMeTimeout'] ) ? $GLOBALS['RememberMeTimeout'] : $ini->variable( 'Session', 'CookieTimeout' ); 364 365 if ( is_numeric( $cookieTimeout ) ) 366 { 367 session_set_cookie_params( (int)$cookieTimeout ); 368 } 369 session_start(); 370 $hasStarted = true; 371 return true; 372 } 373 374 /*! 375 Makes sure session data is stored in the session and stops the session. 376 */ 377 function eZSessionStop() 378 { 379 $hasStarted =& $GLOBALS['eZSessionIsStarted']; 380 if ( isset( $hasStarted ) and 381 !$hasStarted ) 382 return false; 383 include_once ( 'lib/ezdb/classes/ezdb.php' ); 384 $db =& eZDB::instance(); 385 if ( !$db->isConnected() ) 386 return false; 387 session_write_close(); 388 $hasStarted = false; 389 return true; 390 } 391 392 /*! 393 Will make sure the user gets a new session ID while keepin the session data. 394 This is useful to call on logins, to avoid sessions theft from users. 395 \note This requires PHP 4.3.2 and higher which has the session_regenerate_id 396 \return \c true if succesful 397 */ 398 function eZSessionRegenerate() 399 { 400 $hasStarted =& $GLOBALS['eZSessionIsStarted']; 401 if ( isset( $hasStarted ) and 402 !$hasStarted ) 403 return false; 404 if ( !function_exists( 'session_regenerate_id' ) ) 405 return false; 406 // This doesn't seem to work as expected 407 // session_regenerate_id(); 408 return true; 409 } 410 411 /*! 412 Removes the current session and resets session variables. 413 */ 414 function eZSessionRemove() 415 { 416 $hasStarted =& $GLOBALS['eZSessionIsStarted']; 417 if ( isset( $hasStarted ) and 418 !$hasStarted ) 419 return false; 420 include_once ( 'lib/ezdb/classes/ezdb.php' ); 421 $db =& eZDB::instance(); 422 if ( !$db->isConnected() ) 423 return false; 424 $_SESSION = array(); 425 session_destroy(); 426 $hasStarted = false; 427 return true; 428 } 429 430 /*! 431 Sets the current user ID to \a $userID, 432 this ID will be written to the session table field user_id 433 when the page is done. 434 \sa eZSessionUserID 435 */ 436 function eZSessionSetUserID( $userID ) 437 { 438 $GLOBALS['eZSessionUserID'] = $userID; 439 } 440 441 /*! 442 Returns the current session ID. 443 The session handler will not care about value of the ID, 444 it's entirely up to the clients of the session handler to use and update this value. 445 */ 446 function eZSessionUserID() 447 { 448 if ( isset( $GLOBALS['eZSessionUserID'] ) ) 449 return $GLOBALS['eZSessionUserID']; 450 return 0; 451 } 452 453 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sat Feb 24 10:30:04 2007 | par Balluche grâce à PHPXref 0.7 |