2003-09-06 12:52:42 +02:00
< ? php
2005-03-04 12:30:00 +01:00
/************************************************************************** \
* eGroupWare API - Session management *
* This file written by Dan Kuykendall < seek3r @ phpgroupware . org > *
* and Joseph Engo < jengo @ phpgroupware . org > *
* and Ralf Becker < ralfbecker @ outdoor - training . de > *
* Copyright ( C ) 2000 , 2001 Dan Kuykendall *
* Parts Copyright ( C ) 2003 Free Software Foundation Inc *
* -------------------------------------------------------------------------*
* This library is part of the eGroupWare API *
* http :// www . egroupware . org / api *
* ------------------------------------------------------------------------ *
* This library is free software ; you can redistribute it and / or modify it *
* under the terms of the GNU Lesser General Public License as published by *
* the Free Software Foundation ; either version 2.1 of the License , *
* or any later version . *
* This library is distributed in the hope that it will be useful , but *
* WITHOUT ANY WARRANTY ; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . *
* See the GNU Lesser General Public License for more details . *
* You should have received a copy of the GNU Lesser General Public License *
* along with this library ; if not , write to the Free Software Foundation , *
* Inc . , 59 Temple Place , Suite 330 , Boston , MA 02111 - 1307 USA *
\ **************************************************************************/
/* $Id$ */
2003-05-18 21:16:58 +02:00
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Session Management Libabray
*
2004-05-05 14:06:13 +02:00
* This allows eGroupWare to use php4 or database sessions
2003-09-21 16:04:13 +02:00
*
2005-03-04 12:30:00 +01:00
* @ package api
2003-09-21 16:04:13 +02:00
* @ subpackage sessions
* @ author NetUSE AG Boris Erdmann , Kristian Koehntopp < br > hacked on by phpGW
* @ copyright & copy ; 1998 - 2000 NetUSE AG Boris Erdmann , Kristian Koehntopp < br > & copy ; 2003 FreeSoftware Foundation
* @ license LGPL
* @ link http :// www . sanisoft . com / phplib / manual / DB_sql . php
*/
2003-08-28 16:31:11 +02:00
class sessions_
2003-05-18 21:16:58 +02:00
{
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* @ var string current user login
*/
var $login ;
/**
* @ var string current user password
*/
2003-05-18 21:16:58 +02:00
var $passwd ;
2003-09-21 16:04:13 +02:00
/**
* @ var int current user db / ldap account id
*/
2003-05-18 21:16:58 +02:00
var $account_id ;
2003-09-21 16:04:13 +02:00
/**
* @ var string current user account login id - ie user @ domain
*/
2003-05-18 21:16:58 +02:00
var $account_lid ;
2003-09-21 16:04:13 +02:00
/**
* @ var string previous page call id - repost prevention
*/
2003-08-28 16:31:11 +02:00
var $history_id ;
2003-09-21 16:04:13 +02:00
/**
* @ var string domain for current user
*/
2003-05-18 21:16:58 +02:00
var $account_domain ;
2003-09-21 16:04:13 +02:00
/**
* @ var session type flag , A - anonymous session , N - None , normal session
*/
2003-05-18 21:16:58 +02:00
var $session_flags ;
2003-09-21 16:04:13 +02:00
/**
* @ var string current user session id
*/
2003-05-18 21:16:58 +02:00
var $sessionid ;
2003-09-21 16:04:13 +02:00
/**
* @ var string not sure what this does , but it is important : )
*/
2003-05-18 21:16:58 +02:00
var $kp3 ;
2003-09-21 16:04:13 +02:00
/**
* @ var string encryption key ?
*/
2003-05-18 21:16:58 +02:00
var $key ;
2003-09-21 16:04:13 +02:00
/**
* @ var string iv == ivegotnoidea ;) ( skwashd )
*/
2003-05-18 21:16:58 +02:00
var $iv ;
2003-09-21 16:04:13 +02:00
/**
* @ var session data
*/
2003-05-18 21:16:58 +02:00
var $data ;
2003-08-28 16:31:11 +02:00
2003-09-21 16:04:13 +02:00
/**
* @ var object holder for the database object
*/
2003-05-18 21:16:58 +02:00
var $db ;
2003-08-28 16:31:11 +02:00
2003-09-21 16:04:13 +02:00
/**
* @ var array publicly available methods
*/
2003-05-18 21:16:58 +02:00
var $public_functions = array (
'list_methods' => True ,
'update_dla' => True ,
'list' => True ,
'total' => True
);
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* @ var string domain for cookies
*/
var $cookie_domain ;
/**
* @ var name of XML - RPC / SOAP method called
*/
var $xmlrpc_method_called ;
2003-08-28 16:31:11 +02:00
2004-11-03 22:37:01 +01:00
/**
* @ var Array with the name of the system domains
*/
var $phpgw_domains ;
2003-08-28 16:31:11 +02:00
/**
* Constructor just loads up some defaults from cookies
*/
2004-11-03 22:37:01 +01:00
function sessions_ ( $domain_names = null )
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$this -> db = clone ( $GLOBALS [ 'egw' ] -> db );
2003-05-18 21:16:58 +02:00
$this -> sessionid = get_var ( 'sessionid' , array ( 'GET' , 'COOKIE' ));
$this -> kp3 = get_var ( 'kp3' , array ( 'GET' , 'COOKIE' ));
2004-11-03 22:37:01 +01:00
$this -> phpgw_domains = $domain_names ;
2003-05-18 21:16:58 +02:00
/* Create the crypto object */
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> crypto = CreateObject ( 'phpgwapi.crypto' );
if ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'usecookies' ])
2003-10-25 13:37:36 +02:00
{
$this -> phpgw_set_cookiedomain ();
}
2003-05-18 21:16:58 +02:00
// verfiy and if necessary create and save our config settings
//
$save_rep = False ;
2005-03-04 12:30:00 +01:00
if ( ! isset ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'max_access_log_age' ]))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'max_access_log_age' ] = 90 ; // default 90 days
2003-05-18 21:16:58 +02:00
$save_rep = True ;
}
2005-03-04 12:30:00 +01:00
if ( ! isset ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'block_time' ]))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'block_time' ] = 30 ; // default 30min
2003-05-18 21:16:58 +02:00
$save_rep = True ;
}
2005-03-04 12:30:00 +01:00
if ( ! isset ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'num_unsuccessful_id' ]))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'num_unsuccessful_id' ] = 3 ; // default 3 trys per id
2003-05-18 21:16:58 +02:00
$save_rep = True ;
}
2005-03-04 12:30:00 +01:00
if ( ! isset ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'num_unsuccessful_ip' ]))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'num_unsuccessful_ip' ] = $GLOBALS [ 'egw_info' ][ 'server' ][ 'num_unsuccessful_id' ]; // default same as for id
2003-05-18 21:16:58 +02:00
$save_rep = True ;
}
2005-03-04 12:30:00 +01:00
if ( ! isset ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'install_id' ]))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'install_id' ] = md5 ( $GLOBALS [ 'egw' ] -> common -> randomstring ( 15 ));
2003-05-18 21:16:58 +02:00
$save_rep = True ;
}
2005-03-04 12:30:00 +01:00
if ( ! isset ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_timeout' ]))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_timeout' ] = 14400 ;
2003-05-18 21:16:58 +02:00
$save_rep = True ;
}
2005-03-04 12:30:00 +01:00
if ( ! isset ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_app_timeout' ]))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_app_timeout' ] = 86400 ;
2003-05-18 21:16:58 +02:00
$save_rep = True ;
}
2005-03-04 12:30:00 +01:00
if ( ! isset ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'max_history' ]))
2003-08-28 16:31:11 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'max_history' ] = 20 ;
2003-08-28 16:31:11 +02:00
$save_rep = True ;
}
2003-05-18 21:16:58 +02:00
if ( $save_rep )
{
$config = CreateObject ( 'phpgwapi.config' , 'phpgwapi' );
$config -> read_repository ();
2005-03-04 12:30:00 +01:00
$config -> value ( 'max_access_log_age' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'max_access_log_age' ]);
$config -> value ( 'block_time' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'block_time' ]);
$config -> value ( 'num_unsuccessful_id' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'num_unsuccessful_id' ]);
$config -> value ( 'num_unsuccessful_ip' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'num_unsuccessful_ip' ]);
$config -> value ( 'install_id' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'install_id' ]);
$config -> value ( 'sessions_timeout' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_timeout' ]);
$config -> value ( 'sessions_app_timeout' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_app_timeout' ]);
2003-05-18 21:16:58 +02:00
$config -> save_repository ();
unset ( $config );
}
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Introspection for XML - RPC / SOAP
* Diabled - why ? ?
*
* @ param string $_type tpye of introspection being sought
* @ return array available methods and args
*/
function DONTlist_methods ( $_type )
2003-05-18 21:16:58 +02:00
{
if ( is_array ( $_type ))
{
$_type = $_type [ 'type' ];
}
switch ( $_type )
{
case 'xmlrpc' :
$xml_functions = array (
'list_methods' => array (
'function' => 'list_methods' ,
'signature' => array ( array ( xmlrpcStruct , xmlrpcString )),
'docstring' => lang ( 'Read this list of methods.' )
),
'update_dla' => array (
'function' => 'update_dla' ,
'signature' => array ( array ( xmlrpcBoolean )),
'docstring' => lang ( 'Returns an array of todo items' )
)
);
return $xml_functions ;
break ;
case 'soap' :
return $this -> soap_functions ;
break ;
default :
return array ();
break ;
}
}
2003-11-14 00:15:55 +01:00
function split_login_domain ( $both , & $login , & $domain )
{
$parts = explode ( '@' , $both );
2004-11-03 22:37:01 +01:00
// var_dump(debug_backtrace());
//conference - for strings like vinicius@thyamad.com@default ,
//allows that user have a login that is his e-mail. (viniciuscb)
if ( count ( $parts ) > 1 )
{
$probable_domain = array_pop ( $parts );
//Last part of login string, when separated by @, is a domain name
if ( in_array ( $probable_domain , $this -> phpgw_domains ))
{
$got_login = true ;
$domain = $probable_domain ;
$login = implode ( '@' , $parts );
}
}
if ( ! $got_login )
{
2005-03-04 12:30:00 +01:00
$domain = $GLOBALS [ 'egw_info' ][ 'server' ][ 'default_domain' ];
2004-11-03 22:37:01 +01:00
$login = $both ;
}
2003-11-14 00:15:55 +01:00
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Check to see if a session is still current and valid
*
* @ param string $sessionid session id to be verfied
* @ param string $kp3 ? ? to be verified
* @ return bool is the session valid ?
*/
function verify ( $sessionid = '' , $kp3 = '' )
2003-05-18 21:16:58 +02:00
{
if ( empty ( $sessionid ) || ! $sessionid )
{
$sessionid = get_var ( 'sessionid' , array ( 'GET' , 'COOKIE' ));
$kp3 = get_var ( 'kp3' , array ( 'GET' , 'COOKIE' ));
}
$this -> sessionid = $sessionid ;
$this -> kp3 = $kp3 ;
2003-10-21 12:46:33 +02:00
$session = $this -> read_session ();
//echo "<pre>session::verify(id='$sessionid'): \n".print_r($session,True)."</pre>\n";
/*
$fp = fopen ( '/tmp/session_verify' , 'a+' );
fwrite ( $fp , " session::verify(id=' $sessionid '): \n " . print_r ( $session , True ) . " \n \n " );
fclose ( $fp );
*/
2005-03-04 12:30:00 +01:00
if ( $session [ 'session_dla' ] <= ( time () - $GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_timeout' ]))
2003-05-18 21:16:58 +02:00
{
2004-08-27 15:17:25 +02:00
$this -> destroy ( $sessionid , $kp3 );
2003-05-18 21:16:58 +02:00
return False ;
}
$this -> session_flags = $session [ 'session_flags' ];
2004-11-03 22:37:01 +01:00
$this -> split_login_domain ( $session [ 'session_lid' ], $this -> account_lid , $this -> account_domain );
2003-05-18 21:16:58 +02:00
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ][ 'kp3' ] = $this -> kp3 ;
2003-05-18 21:16:58 +02:00
$this -> update_dla ();
2005-03-04 12:30:00 +01:00
$this -> account_id = $GLOBALS [ 'egw' ] -> accounts -> name2id ( $this -> account_lid );
2003-05-18 21:16:58 +02:00
if ( ! $this -> account_id )
{
return False ;
}
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ][ 'account_id' ] = $this -> account_id ;
2003-05-18 21:16:58 +02:00
/* init the crypto object before appsession call below */
2005-03-04 12:30:00 +01:00
$this -> key = md5 ( $this -> kp3 . $this -> sessionid . @ $GLOBALS [ 'egw_info' ][ 'server' ][ 'encryptkey' ]);
$this -> iv = $GLOBALS [ 'egw_info' ][ 'server' ][ 'mcrypt_iv' ];
$GLOBALS [ 'egw' ] -> crypto -> init ( array ( $this -> key , $this -> iv ));
2003-05-18 21:16:58 +02:00
2005-03-04 12:30:00 +01:00
$this -> read_repositories ( @ $GLOBALS [ 'egw_info' ][ 'server' ][ 'cache_phpgw_info' ]);
2003-05-18 21:16:58 +02:00
if ( $this -> user [ 'expires' ] != - 1 && $this -> user [ 'expires' ] < time ())
{
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> log ))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> message ( array (
2003-05-18 21:16:58 +02:00
'text' => 'W-VerifySession, account loginid %1 is expired' ,
'p1' => $this -> account_lid ,
'line' => __LINE__ ,
'file' => __FILE__
));
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> commit ();
2003-05-18 21:16:58 +02:00
}
return False ;
}
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ] = $this -> user ;
$GLOBALS [ 'egw_info' ][ 'hooks' ] = $this -> hooks ;
2003-05-18 21:16:58 +02:00
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ][ 'session_ip' ] = $session [ 'session_ip' ];
$GLOBALS [ 'egw_info' ][ 'user' ][ 'passwd' ] = base64_decode ( $this -> appsession ( 'password' , 'phpgwapi' ));
2003-05-18 21:16:58 +02:00
2005-03-04 12:30:00 +01:00
if ( $this -> account_domain != $GLOBALS [ 'egw_info' ][ 'user' ][ 'domain' ])
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> log ))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> message ( array (
2003-05-18 21:16:58 +02:00
'text' => 'W-VerifySession, the domains %1 and %2 don\'t match' ,
'p1' => $userid_array [ 1 ],
2005-03-04 12:30:00 +01:00
'p2' => $GLOBALS [ 'egw_info' ][ 'user' ][ 'domain' ],
2003-05-18 21:16:58 +02:00
'line' => __LINE__ ,
'file' => __FILE__
));
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> commit ();
2003-05-18 21:16:58 +02:00
}
return False ;
}
2005-03-04 12:30:00 +01:00
if ( @ $GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_checkip' ])
2003-05-18 21:16:58 +02:00
{
2004-01-28 14:34:47 +01:00
if (( PHP_OS != 'Windows' ) && ( PHP_OS != 'WINNT' ) &&
2005-03-04 12:30:00 +01:00
( ! $GLOBALS [ 'egw_info' ][ 'user' ][ 'session_ip' ] || $GLOBALS [ 'egw_info' ][ 'user' ][ 'session_ip' ] != $this -> getuser_ip ())
2004-01-28 14:34:47 +01:00
)
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> log ))
2003-05-18 21:16:58 +02:00
{
// This needs some better wording
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> message ( array (
2003-05-18 21:16:58 +02:00
'text' => 'W-VerifySession, IP %1 doesn\'t match IP %2 in session table' ,
'p1' => $this -> getuser_ip (),
2005-03-04 12:30:00 +01:00
'p2' => $GLOBALS [ 'egw_info' ][ 'user' ][ 'session_ip' ],
2003-05-18 21:16:58 +02:00
'line' => __LINE__ ,
'file' => __FILE__
));
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> commit ();
2003-05-18 21:16:58 +02:00
}
return False ;
}
}
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> acl -> acl ( $this -> account_id );
$GLOBALS [ 'egw' ] -> accounts -> accounts ( $this -> account_id );
$GLOBALS [ 'egw' ] -> preferences -> preferences ( $this -> account_id );
$GLOBALS [ 'egw' ] -> applications -> applications ( $this -> account_id );
2003-05-18 21:16:58 +02:00
if ( ! $this -> account_lid )
{
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> log ))
2003-05-18 21:16:58 +02:00
{
// This needs some better wording
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> message ( array (
2003-05-18 21:16:58 +02:00
'text' => 'W-VerifySession, account_id is empty' ,
'line' => __LINE__ ,
'file' => __FILE__
));
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> commit ();
2003-05-18 21:16:58 +02:00
}
2003-05-19 15:34:33 +02:00
//echo 'DEBUG: Sessions: account_id is empty!<br>'."\n";
2003-05-18 21:16:58 +02:00
return False ;
}
2004-08-27 20:21:28 +02:00
return True ;
2003-05-18 21:16:58 +02:00
}
2003-08-28 16:31:11 +02:00
/**
* Functions for creating and verifying the session
*/
2003-09-21 16:04:13 +02:00
/**
* Get the ip address of current users
*
* @ return string ip address
*/
2003-05-18 21:16:58 +02:00
function getuser_ip ()
{
return ( isset ( $_SERVER [ 'HTTP_X_FORWARDED_FOR' ]) ? $_SERVER [ 'HTTP_X_FORWARDED_FOR' ] : $_SERVER [ 'REMOTE_ADDR' ]);
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Set the domain used for cookies
*
* @ return string domain
*/
function phpgw_set_cookiedomain ()
2003-05-18 21:16:58 +02:00
{
2004-07-31 12:14:52 +02:00
// Use HTTP_X_FORWARDED_HOST if set, which is the case behind a none-transparent proxy
$this -> cookie_domain = isset ( $_SERVER [ 'HTTP_X_FORWARDED_HOST' ]) ? $_SERVER [ 'HTTP_X_FORWARDED_HOST' ] : $_SERVER [ 'HTTP_HOST' ];
2004-04-19 12:08:06 +02:00
// remove port from HTTP_HOST
if ( preg_match ( " /^(.*):(.*) $ / " , $this -> cookie_domain , $arr ))
2003-05-18 21:16:58 +02:00
{
2004-04-19 12:08:06 +02:00
$this -> cookie_domain = $arr [ 1 ];
2003-05-18 21:16:58 +02:00
}
2004-04-27 09:54:56 +02:00
if ( count ( explode ( '.' , $this -> cookie_domain )) <= 1 )
{
// setcookie dont likes domains without dots, leaving it empty, gets setcookie to fill the domain in
$this -> cookie_domain = '' ;
}
2003-05-18 21:16:58 +02:00
print_debug ( 'COOKIE_DOMAIN' , $this -> cookie_domain , 'api' );
2004-04-19 12:08:06 +02:00
2003-05-18 21:16:58 +02:00
$this -> set_cookie_params ( $this -> cookie_domain ); // for php4 sessions necessary
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Set a cookie
*
* @ param string $cookiename name of cookie to be set
* @ param string $cookievalue value to be used , if unset cookie is cleared ( optional )
* @ param int $cookietime when cookie should expire , 0 for session only ( optional )
*/
function phpgw_setcookie ( $cookiename , $cookievalue = '' , $cookietime = 0 )
2003-05-18 21:16:58 +02:00
{
if ( ! $this -> cookie_domain )
{
$this -> phpgw_set_cookiedomain ();
}
2004-04-19 12:08:06 +02:00
setcookie ( $cookiename , $cookievalue , $cookietime , '/' , $this -> cookie_domain );
2003-05-18 21:16:58 +02:00
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Create a new session
*
* @ param string $login user login
* @ param string $passwd user password
* @ param string $passwd_type type of password being used , ie plaintext , md5 , sha1
* @ return string session id
*/
function create ( $login , $passwd = '' , $passwd_type = '' )
2003-05-18 21:16:58 +02:00
{
if ( is_array ( $login ))
{
$this -> login = $login [ 'login' ];
$this -> passwd = $login [ 'passwd' ];
$this -> passwd_type = $login [ 'passwd_type' ];
$login = $this -> login ;
}
else
{
$this -> login = $login ;
$this -> passwd = $passwd ;
$this -> passwd_type = $passwd_type ;
}
$this -> clean_sessions ();
2004-11-03 22:37:01 +01:00
$this -> split_login_domain ( $login , $this -> account_lid , $this -> account_domain );
2003-11-14 00:15:55 +01:00
2003-05-18 21:16:58 +02:00
$now = time ();
2003-05-19 15:34:33 +02:00
//echo "<p>session::create(login='$login'): lid='$this->account_lid', domain='$this->account_domain'</p>\n";
2003-05-18 21:16:58 +02:00
$user_ip = $this -> getuser_ip ();
2004-09-08 15:16:54 +02:00
2005-03-04 12:30:00 +01:00
$this -> account_id = $GLOBALS [ 'egw' ] -> accounts -> name2id ( $this -> account_lid );
2003-05-18 21:16:58 +02:00
if (( $blocked = $this -> login_blocked ( $login , $user_ip )) || // too many unsuccessful attempts
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'global_denied_users' ][ $this -> account_lid ] ||
! $GLOBALS [ 'egw' ] -> auth -> authenticate ( $this -> account_lid , $this -> passwd , $this -> passwd_type ) ||
$this -> account_id && $GLOBALS [ 'egw' ] -> accounts -> get_type ( $this -> account_id ) == 'g' )
2003-05-18 21:16:58 +02:00
{
$this -> reason = $blocked ? 'blocked, too many attempts' : 'bad login or password' ;
$this -> cd_reason = $blocked ? 99 : 5 ;
2003-10-16 16:55:12 +02:00
2003-05-18 21:16:58 +02:00
$this -> log_access ( $this -> reason , $login , $user_ip , 0 ); // log unsuccessfull login
return False ;
}
2005-05-13 17:58:10 +02:00
if ( ! $this -> account_id && $GLOBALS [ 'egw_info' ][ 'server' ][ 'auto_create_acct' ])
2003-05-18 21:16:58 +02:00
{
2005-05-13 17:58:10 +02:00
if ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'auto_create_acct' ] == 'lowercase' )
{
$this -> account_lid = strtolower ( $this -> account_lid );
}
2005-03-04 12:30:00 +01:00
$this -> account_id = $GLOBALS [ 'egw' ] -> accounts -> auto_add ( $this -> account_lid , $passwd );
2003-05-18 21:16:58 +02:00
}
2004-09-08 15:16:54 +02:00
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ][ 'account_id' ] = $this -> account_id ;
$GLOBALS [ 'egw' ] -> accounts -> accounts ( $this -> account_id );
2003-10-21 12:46:33 +02:00
$this -> sessionid = $this -> new_session_id ();
2005-03-04 12:30:00 +01:00
$this -> kp3 = md5 ( $GLOBALS [ 'egw' ] -> common -> randomstring ( 15 ));
2003-05-18 21:16:58 +02:00
2005-03-04 12:30:00 +01:00
if ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'usecookies' ])
2003-05-18 21:16:58 +02:00
{
$this -> phpgw_setcookie ( 'sessionid' , $this -> sessionid );
$this -> phpgw_setcookie ( 'kp3' , $this -> kp3 );
$this -> phpgw_setcookie ( 'domain' , $this -> account_domain );
}
2005-03-04 12:30:00 +01:00
if ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'usecookies' ] || isset ( $_COOKIE [ 'last_loginid' ]))
2003-05-18 21:16:58 +02:00
{
$this -> phpgw_setcookie ( 'last_loginid' , $this -> account_lid , $now + 1209600 ); /* For 2 weeks */
$this -> phpgw_setcookie ( 'last_domain' , $this -> account_domain , $now + 1209600 );
}
2005-03-04 12:30:00 +01:00
unset ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'default_domain' ]); /* we kill this for security reasons */
2003-05-18 21:16:58 +02:00
/* init the crypto object */
2005-03-04 12:30:00 +01:00
$this -> key = md5 ( $this -> kp3 . $this -> sessionid . $GLOBALS [ 'egw_info' ][ 'server' ][ 'encryptkey' ]);
$this -> iv = $GLOBALS [ 'egw_info' ][ 'server' ][ 'mcrypt_iv' ];
$GLOBALS [ 'egw' ] -> crypto -> init ( array ( $this -> key , $this -> iv ));
2003-05-18 21:16:58 +02:00
$this -> read_repositories ( False );
if ( $this -> user [ 'expires' ] != - 1 && $this -> user [ 'expires' ] < time ())
{
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> log ))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> message ( array (
2003-05-18 21:16:58 +02:00
'text' => 'W-LoginFailure, account loginid %1 is expired' ,
'p1' => $this -> account_lid ,
'line' => __LINE__ ,
'file' => __FILE__
));
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> commit ();
2003-05-18 21:16:58 +02:00
}
2003-10-16 16:55:12 +02:00
$this -> reason = 'account is expired' ;
$this -> cd_reason = 98 ;
2003-05-18 21:16:58 +02:00
return False ;
}
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ] = $this -> user ;
$GLOBALS [ 'egw_info' ][ 'hooks' ] = $this -> hooks ;
2003-05-18 21:16:58 +02:00
$this -> appsession ( 'password' , 'phpgwapi' , base64_encode ( $this -> passwd ));
2005-03-04 12:30:00 +01:00
if ( $GLOBALS [ 'egw' ] -> acl -> check ( 'anonymous' , 1 , 'phpgwapi' ))
2003-05-18 21:16:58 +02:00
{
$session_flags = 'A' ;
}
else
{
$session_flags = 'N' ;
}
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> db -> transaction_begin ();
2003-05-18 21:16:58 +02:00
$this -> register_session ( $login , $user_ip , $now , $session_flags );
2004-04-02 19:24:31 +02:00
if ( $session_flags != 'A' ) // dont log anonymous sessions
{
$this -> log_access ( $this -> sessionid , $login , $user_ip , $this -> account_id );
}
2005-03-04 12:30:00 +01:00
$this -> appsession ( 'account_previous_login' , 'phpgwapi' , $GLOBALS [ 'egw' ] -> auth -> previous_login );
$GLOBALS [ 'egw' ] -> auth -> update_lastlogin ( $this -> account_id , $user_ip );
$GLOBALS [ 'egw' ] -> db -> transaction_commit ();
2003-12-13 16:03:23 +01:00
2003-05-19 15:34:33 +02:00
//if (!$this->sessionid) echo "<p>session::create(login='$login') = '$this->sessionid': lid='$this->account_lid', domain='$this->account_domain'</p>\n";
2003-05-18 21:16:58 +02:00
return $this -> sessionid ;
}
2003-08-28 16:31:11 +02:00
/**
* Write or update ( for logout ) the access_log
*
* @ param string $sessionid id of session or 0 for unsuccessful logins
* @ param string $login account_lid ( evtl . with domain ) or '' for settion the logout - time
* @ param string $user_ip ip to log
* @ param int $account_id numerical account_id
2003-05-18 21:16:58 +02:00
*/
function log_access ( $sessionid , $login = '' , $user_ip = '' , $account_id = '' )
{
$now = time ();
if ( $login != '' )
{
2004-03-28 16:58:45 +02:00
if ( strlen ( $login ) > 30 )
{
$login = substr ( $login , 0 , 30 );
}
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> db -> query ( 'INSERT INTO phpgw_access_log(sessionid,loginid,ip,li,lo,account_id)'
2003-12-13 16:03:23 +01:00
. " VALUES (' " . $sessionid . " ',' " . $this -> db -> db_addslashes ( $login ) . " ',' "
. $this -> db -> db_addslashes ( $user_ip ) . " ', $now ,0, " . ( int ) $account_id . ')' , __LINE__ , __FILE__ );
2003-05-18 21:16:58 +02:00
}
else
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> db -> query ( " UPDATE phpgw_access_log SET lo= " . $now . " WHERE sessionid=' "
2003-12-13 16:03:23 +01:00
. $sessionid . " ' " , __LINE__ , __FILE__ );
2003-05-18 21:16:58 +02:00
}
2005-03-04 12:30:00 +01:00
if ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'max_access_log_age' ])
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$max_age = $now - $GLOBALS [ 'egw_info' ][ 'server' ][ 'max_access_log_age' ] * 24 * 60 * 60 ;
2003-12-13 16:03:23 +01:00
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> db -> query ( " DELETE FROM phpgw_access_log WHERE li < $max_age " );
2003-05-18 21:16:58 +02:00
}
}
2003-08-28 16:31:11 +02:00
/**
* Protect against brute force attacks , block login if too many unsuccessful login attmepts
*
* @ param string $login account_lid ( evtl . with domain )
* @ param string $ip ip of the user
* @ returns bool login blocked ?
2003-05-18 21:16:58 +02:00
*/
function login_blocked ( $login , $ip )
{
$blocked = False ;
2005-03-04 12:30:00 +01:00
$block_time = time () - $GLOBALS [ 'egw_info' ][ 'server' ][ 'block_time' ] * 60 ;
2003-05-18 21:16:58 +02:00
$ip = $this -> db -> db_addslashes ( $ip );
$this -> db -> query ( " SELECT count(*) FROM phpgw_access_log WHERE account_id=0 AND ip=' $ip ' AND li > $block_time " , __LINE__ , __FILE__ );
$this -> db -> next_record ();
2005-03-04 12:30:00 +01:00
if (( $false_ip = $this -> db -> f ( 0 )) > $GLOBALS [ 'egw_info' ][ 'server' ][ 'num_unsuccessful_ip' ])
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
//echo "<p>login_blocked: ip='$ip' ".$this->db->f(0)." trys (".$GLOBALS['egw_info']['server']['num_unsuccessful_ip']." max.) since ".date('Y/m/d H:i',$block_time)."</p>\n";
2003-05-18 21:16:58 +02:00
$blocked = True ;
}
$login = $this -> db -> db_addslashes ( $login );
$this -> db -> query ( " SELECT count(*) FROM phpgw_access_log WHERE account_id=0 AND (loginid=' $login ' OR loginid LIKE ' $login @%') AND li > $block_time " , __LINE__ , __FILE__ );
$this -> db -> next_record ();
2005-03-04 12:30:00 +01:00
if (( $false_id = $this -> db -> f ( 0 )) > $GLOBALS [ 'egw_info' ][ 'server' ][ 'num_unsuccessful_id' ])
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
//echo "<p>login_blocked: login='$login' ".$this->db->f(0)." trys (".$GLOBALS['egw_info']['server']['num_unsuccessful_id']." max.) since ".date('Y/m/d H:i',$block_time)."</p>\n";
2003-05-18 21:16:58 +02:00
$blocked = True ;
}
2005-03-04 12:30:00 +01:00
if ( $blocked && $GLOBALS [ 'egw_info' ][ 'server' ][ 'admin_mails' ] &&
2003-05-18 21:16:58 +02:00
// max. one mail each 5mins
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'login_blocked_mail_time' ] < time () - 5 * 60 )
2003-05-18 21:16:58 +02:00
{
// notify admin(s) via email
2005-03-04 12:30:00 +01:00
$from = 'eGroupWare@' . $GLOBALS [ 'egw_info' ][ 'server' ][ 'mail_suffix' ];
2003-10-14 11:32:39 +02:00
$subject = lang ( " eGroupWare: login blocked for user '%1', IP %2 " , $login , $ip );
2003-05-18 21:16:58 +02:00
$body = lang ( " Too many unsucessful attempts to login: %1 for the user '%2', %3 for the IP %4 " , $false_id , $login , $false_ip , $ip );
2005-03-04 12:30:00 +01:00
if ( ! is_object ( $GLOBALS [ 'egw' ] -> send ))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> send = CreateObject ( 'phpgwapi.send' );
2003-05-18 21:16:58 +02:00
}
2005-03-04 12:30:00 +01:00
$subject = $GLOBALS [ 'egw' ] -> send -> encode_subject ( $subject );
$admin_mails = explode ( ',' , $GLOBALS [ 'egw_info' ][ 'server' ][ 'admin_mails' ]);
2003-05-18 21:16:58 +02:00
foreach ( $admin_mails as $to )
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> send -> msg ( 'email' , $to , $subject , $body , '' , '' , '' , $from , $from );
2003-05-18 21:16:58 +02:00
}
// save time of mail, to not send to many mails
$config = CreateObject ( 'phpgwapi.config' , 'phpgwapi' );
$config -> read_repository ();
$config -> value ( 'login_blocked_mail_time' , time ());
$config -> save_repository ();
}
return $blocked ;
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Verfy a peer server access request
*
* @ param string $sessionid session id to verfiy
* @ param string $kp3 ? ?
* @ return bool verfied ?
*/
function verify_server ( $sessionid , $kp3 )
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> interserver = CreateObject ( 'phpgwapi.interserver' );
2003-05-18 21:16:58 +02:00
$this -> sessionid = $sessionid ;
$this -> kp3 = $kp3 ;
2003-10-21 12:46:33 +02:00
$session = $this -> read_session ();
2003-05-18 21:16:58 +02:00
$this -> session_flags = $session [ 'session_flags' ];
list ( $this -> account_lid , $this -> account_domain ) = explode ( '@' , $session [ 'session_lid' ]);
if ( $this -> account_domain == '' )
{
2005-03-04 12:30:00 +01:00
$this -> account_domain = $GLOBALS [ 'egw_info' ][ 'server' ][ 'default_domain' ];
2003-05-18 21:16:58 +02:00
}
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ][ 'kp3' ] = $this -> kp3 ;
$phpgw_info_flags = $GLOBALS [ 'egw_info' ][ 'flags' ];
2003-05-18 21:16:58 +02:00
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'flags' ] = $phpgw_info_flags ;
2003-12-13 16:03:23 +01:00
2003-05-18 21:16:58 +02:00
$this -> update_dla ();
2005-03-04 12:30:00 +01:00
$this -> account_id = $GLOBALS [ 'egw' ] -> interserver -> name2id ( $this -> account_lid );
2003-05-18 21:16:58 +02:00
if ( ! $this -> account_id )
{
return False ;
}
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ][ 'account_id' ] = $this -> account_id ;
2003-12-13 16:03:23 +01:00
2005-03-04 12:30:00 +01:00
$this -> read_repositories ( @ $GLOBALS [ 'egw_info' ][ 'server' ][ 'cache_phpgw_info' ]);
2003-05-18 21:16:58 +02:00
/* init the crypto object before appsession call below */
2005-03-04 12:30:00 +01:00
$this -> key = md5 ( $this -> kp3 . $this -> sessionid . $GLOBALS [ 'egw_info' ][ 'server' ][ 'encryptkey' ]);
$this -> iv = $GLOBALS [ 'egw_info' ][ 'server' ][ 'mcrypt_iv' ];
$GLOBALS [ 'egw' ] -> crypto -> init ( array ( $this -> key , $this -> iv ));
2003-05-18 21:16:58 +02:00
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ] = $this -> user ;
$GLOBALS [ 'egw_info' ][ 'hooks' ] = $this -> hooks ;
2003-05-18 21:16:58 +02:00
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ][ 'session_ip' ] = $session [ 'session_ip' ];
$GLOBALS [ 'egw_info' ][ 'user' ][ 'passwd' ] = base64_decode ( $this -> appsession ( 'password' , 'phpgwapi' ));
2003-05-18 21:16:58 +02:00
2005-03-04 12:30:00 +01:00
if ( $userid_array [ 1 ] != $GLOBALS [ 'egw_info' ][ 'user' ][ 'domain' ])
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> log ))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> message ( array (
2003-05-18 21:16:58 +02:00
'text' => 'W-VerifySession, the domains %1 and %2 don\t match' ,
'p1' => $userid_array [ 1 ],
2005-03-04 12:30:00 +01:00
'p2' => $GLOBALS [ 'egw_info' ][ 'user' ][ 'domain' ],
2003-05-18 21:16:58 +02:00
'line' => __LINE__ ,
'file' => __FILE__
));
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> commit ();
2003-05-18 21:16:58 +02:00
}
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> crypto ))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> crypto -> cleanup ();
unset ( $GLOBALS [ 'egw' ] -> crypto );
2003-05-18 21:16:58 +02:00
}
return False ;
}
2005-03-04 12:30:00 +01:00
if ( @ $GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_checkip' ])
2003-05-18 21:16:58 +02:00
{
2004-01-28 14:34:47 +01:00
if (( PHP_OS != 'Windows' ) && ( PHP_OS != 'WINNT' ) &&
2005-03-04 12:30:00 +01:00
( ! $GLOBALS [ 'egw_info' ][ 'user' ][ 'session_ip' ] || $GLOBALS [ 'egw_info' ][ 'user' ][ 'session_ip' ] != $this -> getuser_ip ())
2004-01-28 14:34:47 +01:00
)
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> log ))
2003-05-18 21:16:58 +02:00
{
// This needs some better wording
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> message ( array (
2003-05-18 21:16:58 +02:00
'text' => 'W-VerifySession, IP %1 doesn\'t match IP %2 in session table' ,
'p1' => $this -> getuser_ip (),
2005-03-04 12:30:00 +01:00
'p2' => $GLOBALS [ 'egw_info' ][ 'user' ][ 'session_ip' ],
2003-05-18 21:16:58 +02:00
'line' => __LINE__ ,
'file' => __FILE__
));
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> commit ();
2003-05-18 21:16:58 +02:00
}
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> crypto ))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> crypto -> cleanup ();
unset ( $GLOBALS [ 'egw' ] -> crypto );
2003-05-18 21:16:58 +02:00
}
return False ;
}
}
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> acl -> acl ( $this -> account_id );
$GLOBALS [ 'egw' ] -> accounts -> accounts ( $this -> account_id );
$GLOBALS [ 'egw' ] -> preferences -> preferences ( $this -> account_id );
$GLOBALS [ 'egw' ] -> applications -> applications ( $this -> account_id );
2003-05-18 21:16:58 +02:00
if ( ! $this -> account_lid )
{
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> log ))
2003-05-18 21:16:58 +02:00
{
// This needs some better wording
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> message ( array (
2003-05-18 21:16:58 +02:00
'text' => 'W-VerifySession, account_id is empty' ,
'line' => __LINE__ ,
'file' => __FILE__
));
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> log -> commit ();
2003-05-18 21:16:58 +02:00
}
2005-03-04 12:30:00 +01:00
if ( is_object ( $GLOBALS [ 'egw' ] -> crypto ))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> crypto -> cleanup ();
unset ( $GLOBALS [ 'egw' ] -> crypto );
2003-05-18 21:16:58 +02:00
}
return False ;
}
else
{
return True ;
}
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Validate a peer server login request
*
* @ param string $login login name
* @ param string $password password
* @ return bool login ok ?
*/
function create_server ( $login , $passwd )
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> interserver = CreateObject ( 'phpgwapi.interserver' );
2004-11-03 22:37:01 +01:00
// $this->login = $login;
2003-05-18 21:16:58 +02:00
$this -> passwd = $passwd ;
$this -> clean_sessions ();
$login_array = explode ( '@' , $login );
2004-11-03 22:37:01 +01:00
// $this->account_lid = $login_array[0];
2003-05-18 21:16:58 +02:00
$now = time ();
2004-11-03 22:37:01 +01:00
$this -> split_login_domain ( $login , $this -> account_lid , $this -> account_domain );
$this -> login = $this -> account_lid . '@' . $this -> account_domain ;
2003-05-18 21:16:58 +02:00
$serverdata = array (
'server_name' => $this -> account_domain ,
'username' => $this -> account_lid ,
'password' => $passwd
);
2005-03-04 12:30:00 +01:00
if ( ! $GLOBALS [ 'egw' ] -> interserver -> auth ( $serverdata ))
2003-05-18 21:16:58 +02:00
{
return False ;
exit ;
}
2005-03-04 12:30:00 +01:00
if ( ! $GLOBALS [ 'egw' ] -> interserver -> exists ( $this -> account_lid ))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$this -> account_id = $GLOBALS [ 'egw' ] -> interserver -> name2id ( $this -> account_lid );
2003-05-18 21:16:58 +02:00
}
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ][ 'account_id' ] = $this -> account_id ;
$GLOBALS [ 'egw' ] -> interserver -> serverid = $this -> account_id ;
2003-05-18 21:16:58 +02:00
2005-03-04 12:30:00 +01:00
$this -> sessionid = md5 ( $GLOBALS [ 'egw' ] -> common -> randomstring ( 10 ));
$this -> kp3 = md5 ( $GLOBALS [ 'egw' ] -> common -> randomstring ( 15 ));
2003-05-18 21:16:58 +02:00
/* re-init the crypto object */
2005-03-04 12:30:00 +01:00
$this -> key = md5 ( $this -> kp3 . $this -> sessionid . $GLOBALS [ 'egw_info' ][ 'server' ][ 'encryptkey' ]);
$this -> iv = $GLOBALS [ 'egw_info' ][ 'server' ][ 'mcrypt_iv' ];
$GLOBALS [ 'egw' ] -> crypto -> init ( array ( $this -> key , $this -> iv ));
2003-05-18 21:16:58 +02:00
//$this->read_repositories(False);
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'user' ] = $this -> user ;
$GLOBALS [ 'egw_info' ][ 'hooks' ] = $this -> hooks ;
2003-05-18 21:16:58 +02:00
$this -> appsession ( 'password' , 'phpgwapi' , base64_encode ( $this -> passwd ));
$session_flags = 'S' ;
$user_ip = $this -> getuser_ip ();
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> db -> transaction_begin ();
2003-05-18 21:16:58 +02:00
$this -> register_session ( $login , $user_ip , $now , $session_flags );
$this -> log_access ( $this -> sessionid , $login , $user_ip , $this -> account_id );
2005-03-04 12:30:00 +01:00
$this -> appsession ( 'account_previous_login' , 'phpgwapi' , $GLOBALS [ 'egw' ] -> auth -> previous_login );
$GLOBALS [ 'egw' ] -> auth -> update_lastlogin ( $this -> account_id , $user_ip );
$GLOBALS [ 'egw' ] -> db -> transaction_commit ();
2003-05-18 21:16:58 +02:00
return array ( $this -> sessionid , $this -> kp3 );
}
2003-08-28 16:31:11 +02:00
/**
* Functions for appsession data and session cache
2003-09-21 16:04:13 +02:00
*/
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Is this also useless ? ? ( skwashd )
*/
function read_repositories ( $cached = '' , $write_cache = True )
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> acl -> acl ( $this -> account_id );
$GLOBALS [ 'egw' ] -> accounts -> accounts ( $this -> account_id );
$GLOBALS [ 'egw' ] -> preferences -> preferences ( $this -> account_id );
$GLOBALS [ 'egw' ] -> applications -> applications ( $this -> account_id );
2003-12-13 16:03:23 +01:00
2003-05-18 21:16:58 +02:00
if ( @ $cached )
{
$this -> user = $this -> appsession ( 'phpgw_info_cache' , 'phpgwapi' );
if ( ! empty ( $this -> user ))
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> preferences -> data = $this -> user [ 'preferences' ];
if ( ! isset ( $GLOBALS [ 'egw_info' ][ 'apps' ]) || ! is_array ( $GLOBALS [ 'egw_info' ][ 'apps' ]))
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> applications -> read_installed_apps ();
2003-05-18 21:16:58 +02:00
}
}
else
{
$this -> setup_cache ( $write_cache );
}
}
else
{
$this -> setup_cache ( $write_cache );
}
2005-03-04 12:30:00 +01:00
$this -> hooks = $GLOBALS [ 'egw' ] -> hooks -> read ();
2003-05-18 21:16:58 +02:00
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Is this also useless ? ? ( skwashd )
*/
2003-05-18 21:16:58 +02:00
function setup_cache ( $write_cache = True )
{
2005-03-04 12:30:00 +01:00
$this -> user = $GLOBALS [ 'egw' ] -> accounts -> read_repository ();
$this -> user [ 'acl' ] = $GLOBALS [ 'egw' ] -> acl -> read_repository ();
$this -> user [ 'preferences' ] = $GLOBALS [ 'egw' ] -> preferences -> read_repository ();
$this -> user [ 'apps' ] = $GLOBALS [ 'egw' ] -> applications -> read_repository ();
2003-05-18 21:16:58 +02:00
//@reset($this->data['user']['apps']);
$this -> user [ 'domain' ] = $this -> account_domain ;
$this -> user [ 'sessionid' ] = $this -> sessionid ;
$this -> user [ 'kp3' ] = $this -> kp3 ;
$this -> user [ 'session_ip' ] = $this -> getuser_ip ();
$this -> user [ 'session_lid' ] = $this -> account_lid . '@' . $this -> account_domain ;
$this -> user [ 'account_id' ] = $this -> account_id ;
$this -> user [ 'account_lid' ] = $this -> account_lid ;
$this -> user [ 'userid' ] = $this -> account_lid ;
$this -> user [ 'passwd' ] = @ $this -> passwd ;
2005-03-04 12:30:00 +01:00
if ( @ $GLOBALS [ 'egw_info' ][ 'server' ][ 'cache_phpgw_info' ] && $write_cache )
2003-05-18 21:16:58 +02:00
{
$this -> delete_cache ();
$this -> appsession ( 'phpgw_info_cache' , 'phpgwapi' , $this -> user );
}
}
2003-08-28 16:31:11 +02:00
2003-09-21 16:04:13 +02:00
/**
* This looks to be useless
2005-03-04 12:30:00 +01:00
* This will capture everything in the $GLOBALS [ 'egw_info' ] including server info ,
2003-09-21 16:04:13 +02:00
* and store it in appsessions . This is really incompatible with any type of restoring
* from appsession as the saved user info is really in [ 'user' ] rather than the root of
* the structure , which is what this class likes .
*/
2003-05-18 21:16:58 +02:00
function save_repositories ()
{
2005-03-04 12:30:00 +01:00
$phpgw_info_temp = $GLOBALS [ 'egw_info' ];
2003-05-18 21:16:58 +02:00
$phpgw_info_temp [ 'user' ][ 'kp3' ] = '' ;
$phpgw_info_temp [ 'flags' ] = array ();
2003-12-13 16:03:23 +01:00
2005-03-04 12:30:00 +01:00
if ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'cache_phpgw_info' ])
2003-05-18 21:16:58 +02:00
{
$this -> appsession ( 'phpgw_info_cache' , 'phpgwapi' , $phpgw_info_temp );
}
}
2003-12-13 16:03:23 +01:00
2003-05-18 21:16:58 +02:00
function restore ()
{
$sessionData = $this -> appsession ( 'sessiondata' );
2003-12-13 16:03:23 +01:00
2003-08-28 16:31:11 +02:00
if ( ! empty ( $sessionData ) && is_array ( $sessionData ))
2003-05-18 21:16:58 +02:00
{
2003-08-28 16:31:11 +02:00
foreach ( $sessionData as $key => $value )
2003-05-18 21:16:58 +02:00
{
global $$key ;
$$key = $value ;
$this -> variableNames [ $key ] = 'registered' ;
// echo 'restored: '.$key.', ' . $value . '<br>';
}
}
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Save the current values of all registered variables
*/
2003-05-18 21:16:58 +02:00
function save ()
{
if ( is_array ( $this -> variableNames ))
{
reset ( $this -> variableNames );
while ( list ( $key , $value ) = each ( $this -> variableNames ))
{
if ( $value == 'registered' )
{
global $$key ;
$sessionData [ $key ] = $$key ;
}
}
$this -> appsession ( 'sessiondata' , '' , $sessionData );
}
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Create a list a variable names , which data needs to be restored
*
* @ param string $_variableName name of variable to be registered
*/
2003-05-18 21:16:58 +02:00
function register ( $_variableName )
{
$this -> variableNames [ $_variableName ] = 'registered' ;
#print 'registered '.$_variableName.'<br>';
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Mark variable as unregistered
*
* @ param string $_variableName name of variable to deregister
*/
2003-05-18 21:16:58 +02:00
function unregister ( $_variableName )
{
$this -> variableNames [ $_variableName ] = 'unregistered' ;
#print 'unregistered '.$_variableName.'<br>';
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Check if we have a variable registred already
*
* @ param string $_variableName name of variable to check
* @ return bool was the variable found ?
*/
2003-05-18 21:16:58 +02:00
function is_registered ( $_variableName )
{
if ( $this -> variableNames [ $_variableName ] == 'registered' )
{
return True ;
}
else
{
return False ;
}
}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Additional tracking of user actions - prevents reposts / use of back button
*
* @ author skwashd
* @ return string current history id
2003-08-28 16:31:11 +02:00
*/
function generate_click_history ()
{
if ( ! isset ( $this -> history_id ))
{
$this -> history_id = md5 ( $this -> login . time ());
$history = $this -> appsession ( $location = 'history' , $appname = 'phpgwapi' );
2005-03-04 12:30:00 +01:00
if ( count ( $history ) >= $GLOBALS [ 'egw_info' ][ 'server' ][ 'max_history' ])
2003-08-28 16:31:11 +02:00
{
array_shift ( $history );
$this -> appsession ( $location = 'history' , $appname = 'phpgwapi' , $history );
}
}
return $this -> history_id ;
}
/**
2003-09-21 16:04:13 +02:00
* Detects if the page has already been called before - good for forms
*
* @ author skwashd
2003-08-28 16:31:11 +02:00
* @ param bool $diplay_error when implemented will use the generic error handling code
* @ return True if called previously , else False - call ok
*/
function is_repost ( $display_error = False )
{
$history = $this -> appsession ( $location = 'history' , $appname = 'phpgwapi' );
if ( isset ( $history [ $_GET [ 'click_history' ]]))
{
if ( $display_error )
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw' ] -> redirect_link ( '/error.php' , 'type=repost' ); //more on this later :)
2003-08-28 16:31:11 +02:00
}
else
{
return True ; //handled by the app
}
}
else
{
$history [ $_GET [ 'click_history' ]] = True ;
$this -> appsession ( $location = 'history' , $appname = 'phpgwapi' , $history );
return False ;
}
}
2003-05-18 21:16:58 +02:00
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Generate a url which supports url or cookies based sessions
*
2004-05-05 14:06:13 +02:00
* @ param string $url a url relative to the egroupware install root
2003-09-21 16:04:13 +02:00
* @ param array $extravars query string arguements
* @ return string generated url
*/
2003-05-18 21:16:58 +02:00
function link ( $url , $extravars = '' )
{
2003-10-25 13:37:36 +02:00
//echo "<p>session::link(url='".print_r($url,True)."',extravars='".print_r($extravars,True)."')";
2003-05-18 21:16:58 +02:00
/* first we process the $url to build the full scriptname */
$full_scriptname = True ;
$url_firstchar = substr ( $url , 0 , 1 );
2005-03-04 12:30:00 +01:00
if ( $url_firstchar == '/' && $GLOBALS [ 'egw_info' ][ 'server' ][ 'webserver_url' ] == '/' )
2003-05-18 21:16:58 +02:00
{
$full_scriptname = False ;
}
if ( $url_firstchar != '/' )
{
2005-03-04 12:30:00 +01:00
$app = $GLOBALS [ 'egw_info' ][ 'flags' ][ 'currentapp' ];
2003-05-18 21:16:58 +02:00
if ( $app != 'home' && $app != 'login' && $app != 'logout' )
{
$url = $app . '/' . $url ;
}
}
2003-12-13 16:03:23 +01:00
2003-05-18 21:16:58 +02:00
if ( $full_scriptname )
{
2005-03-04 12:30:00 +01:00
$webserver_url_count = strlen ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'webserver_url' ]) - 1 ;
if ( substr ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'webserver_url' ] , $webserver_url_count , 1 ) != '/' && $url_firstchar != '/' )
2003-05-18 21:16:58 +02:00
{
2005-03-04 12:30:00 +01:00
$url = $GLOBALS [ 'egw_info' ][ 'server' ][ 'webserver_url' ] . '/' . $url ;
2003-05-18 21:16:58 +02:00
}
else
{
2005-03-04 12:30:00 +01:00
$url = $GLOBALS [ 'egw_info' ][ 'server' ][ 'webserver_url' ] . $url ;
2003-05-18 21:16:58 +02:00
}
}
2005-03-04 12:30:00 +01:00
if ( @ isset ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'enforce_ssl' ]) && $GLOBALS [ 'egw_info' ][ 'server' ][ 'enforce_ssl' ]) // && !$_SERVER['HTTPS']) imho https should always be a full path - skwashd
2003-05-18 21:16:58 +02:00
{
if ( substr ( $url , 0 , 4 ) != 'http' )
{
2005-03-04 12:30:00 +01:00
$url = 'https://' . $GLOBALS [ 'egw_info' ][ 'server' ][ 'hostname' ] . $url ;
2003-05-18 21:16:58 +02:00
}
else
{
$url = str_replace ( 'http:' , 'https:' , $url );
}
}
/* Now we process the extravars into a proper url format */
/* if its not an array, then we turn it into one */
/* We do this to help prevent any duplicates from being sent. */
if ( ! is_array ( $extravars ) && $extravars != '' )
{
2004-07-31 12:14:52 +02:00
$new_extravars = Array ();
2003-05-18 21:16:58 +02:00
$a = explode ( '&' , $extravars );
$i = 0 ;
while ( $i < count ( $a ))
{
2003-09-21 16:04:13 +02:00
$b = split ( '=' , $a [ $i ], 2 );
2004-07-31 12:14:52 +02:00
// Check if this value doesn't already exist in new_extravars
if ( array_key_exists ( $b [ 0 ], $new_extravars ))
{
// print "Debug::Error !!! " . $b[0] . " ($i) already exists<br>";
if ( eregi ( " \ [ \ ] " , $b [ 0 ]) )
{
$b [ 0 ] = eregi_replace ( " \ [ \ ] " , " [ $i ] " , $b [ 0 ]);
}
}
2003-05-18 21:16:58 +02:00
$new_extravars [ $b [ 0 ]] = $b [ 1 ];
$i ++ ;
}
$extravars = $new_extravars ;
unset ( $new_extravars );
}
/* if using frames we make sure there is a framepart */
if ( @ defined ( 'PHPGW_USE_FRAMES' ) && PHPGW_USE_FRAMES )
{
if ( ! isset ( $extravars [ 'framepart' ]))
{
$extravars [ 'framepart' ] = 'body' ;
}
}
2003-12-13 16:03:23 +01:00
2003-05-18 21:16:58 +02:00
/* add session params if not using cookies */
2005-03-04 12:30:00 +01:00
if ( @! $GLOBALS [ 'egw_info' ][ 'server' ][ 'usecookies' ])
2003-05-18 21:16:58 +02:00
{
$extravars [ 'sessionid' ] = $this -> sessionid ;
$extravars [ 'kp3' ] = $this -> kp3 ;
$extravars [ 'domain' ] = $this -> account_domain ;
}
2003-12-13 16:03:23 +01:00
2003-08-28 16:31:11 +02:00
//used for repost prevention
2003-09-06 12:52:42 +02:00
// $extravars['click_history'] = $this->generate_click_history();
2003-05-18 21:16:58 +02:00
/* if we end up with any extravars then we generate the url friendly string */
if ( is_array ( $extravars ))
{
$new_extravars = '' ;
2003-09-21 16:04:13 +02:00
foreach ( $extravars as $key => $value )
2003-05-18 21:16:58 +02:00
{
if ( ! empty ( $new_extravars ))
{
$new_extravars .= '&' ;
}
2003-08-28 16:31:11 +02:00
$new_extravars .= $key . '=' . urlencode ( $value );
2003-05-18 21:16:58 +02:00
}
2003-10-25 13:37:36 +02:00
$url .= '?' . $new_extravars ;
2003-05-18 21:16:58 +02:00
}
2003-10-25 13:37:36 +02:00
//echo " = '$url'</p>\n";
2003-05-18 21:16:58 +02:00
return $url ;
}
2003-09-21 16:04:13 +02:00
/**
* The remaining methods are abstract - as they are unique for each session handler
*/
/**
* Load user ' s session information
*
2003-10-21 12:46:33 +02:00
* The sessionid of the session to read is passed in the class - var $this -> sessionid
*
2003-09-21 16:04:13 +02:00
* @ return mixed the session data
*/
2003-10-21 12:46:33 +02:00
function read_session ()
2003-08-28 16:31:11 +02:00
{}
/**
2003-10-16 12:27:34 +02:00
* Remove stale sessions out of the database
*/
2003-08-28 16:31:11 +02:00
function clean_sessions ()
{}
/**
2003-09-21 16:04:13 +02:00
* Set paramaters for cookies - only implemented in PHP4 sessions
*
* @ param string $domain domain name to use in cookie
*/
function set_cookie_params ( $domain )
2003-08-28 16:31:11 +02:00
{}
2003-10-21 12:46:33 +02:00
/**
* Create a new session id
*
* @ return string a new session id
*/
function new_session_id ()
{}
2003-08-28 16:31:11 +02:00
/**
2003-09-21 16:04:13 +02:00
* Create a new session
*
* @ param string $login user login
* @ param string $user_ip users ip address
* @ param int $now time now as a unix timestamp
* @ param string $session_flags A = Anonymous , N = Normal
*/
function register_session ( $login , $user_ip , $now , $session_flags )
2003-08-28 16:31:11 +02:00
{}
/**
2003-09-21 16:04:13 +02:00
* Update the date last active info for the session , so the login does not expire
*
* @ return bool did it suceed ?
*/
2003-08-28 16:31:11 +02:00
function update_dla ()
{}
/**
2003-09-21 16:04:13 +02:00
* Terminate a session
*
* @ param string $sessionid the id of the session to be terminated
* @ param string $kp3 - NOT SURE
* @ return bool did it suceed ?
*/
function destroy ( $sessionid , $kp3 )
2003-08-28 16:31:11 +02:00
{}
/**
* Functions for appsession data and session cache
*/
2003-09-21 16:04:13 +02:00
/**
* Delete all data from the session cache for a user
*
* @ param int $accountid user account id , defaults to current user ( optional )
*/
2003-08-28 16:31:11 +02:00
function delete_cache ( $accountid = '' )
{}
/**
2003-09-21 16:04:13 +02:00
* Stores or retrieves information from the sessions cache
*
* @ param string $location identifier for data
* @ param string $appname name of app which is responsbile for the data
* @ param mixed $data data to be stored , if left blank data is retreived ( optional )
* @ return mixed data from cache , only returned if $data arg is not used
*/
function appsession ( $location = 'default' , $appname = '' , $data = '##NOTHING##' )
2003-08-28 16:31:11 +02:00
{}
/**
* Get list of normal / non - anonymous sessions
* Note : The data from the session - files get cached in the app_session phpgwapi / php4_session_cache
2003-09-21 16:04:13 +02:00
*
2003-08-28 16:31:11 +02:00
* @ author ralfbecker
2003-09-21 16:04:13 +02:00
* @ param int $start session to start at
* @ param string $order field to sort on
* @ param string $sort sort order
* @ param bool $all_no_sort list all with out sorting ( optional ) default False
* @ return array info for all current sessions
2003-08-28 16:31:11 +02:00
*/
function list_sessions ( $start , $order , $sort , $all_no_sort = False )
{}
/**
* Get the number of normal / non - anonymous sessions
*
2003-09-21 16:04:13 +02:00
* @ author ralfbecker
* @ return int number of sessions
2003-08-28 16:31:11 +02:00
*/
function total ()
{}
2003-09-06 12:52:42 +02:00
}
2003-10-16 12:27:34 +02:00
2005-03-04 12:30:00 +01:00
if ( empty ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_type' ]))
2003-10-16 12:27:34 +02:00
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_type' ] = 'php4' ; // the more performant default
2005-02-21 08:57:41 +01:00
}
2005-02-25 08:45:37 +01:00
// for php4 sessions, check if the extension is loaded, try loading it and fallback to db sessions if not
2005-03-04 12:30:00 +01:00
if ( $GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_type' ] == 'php4' && ! extension_loaded ( 'session' ))
2005-02-21 08:57:41 +01:00
{
2005-02-25 08:45:37 +01:00
// some constanst for pre php4.3
if ( ! defined ( 'PHP_SHLIB_SUFFIX' ))
{
define ( 'PHP_SHLIB_SUFFIX' , strtoupper ( substr ( PHP_OS , 0 , 3 )) == 'WIN' ? 'dll' : 'so' );
}
if ( ! defined ( 'PHP_SHLIB_PREFIX' ))
{
define ( 'PHP_SHLIB_PREFIX' , PHP_SHLIB_SUFFIX == 'dll' ? 'php_' : '' );
}
if ( ! function_exists ( 'dl' ) || !@ dl ( PHP_SHLIB_PREFIX . 'session' . '.' . PHP_SHLIB_SUFFIX ))
{
2005-03-04 12:30:00 +01:00
$GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_type' ] = 'db' ; // fallback if we have no php4 sessions support
2005-02-25 08:45:37 +01:00
}
2003-10-16 12:27:34 +02:00
}
2005-03-04 12:30:00 +01:00
include_once ( EGW_API_INC . '/class.sessions_' . $GLOBALS [ 'egw_info' ][ 'server' ][ 'sessions_type' ] . '.inc.php' );