mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-25 09:23:28 +01:00
a6af26d8a9
- documentation update
219 lines
5.7 KiB
PHP
219 lines
5.7 KiB
PHP
<?php
|
|
/**
|
|
* eGW's Session Management
|
|
*
|
|
* This allows eGroupWare to use php or database sessions
|
|
*
|
|
* @link www.egroupware.org
|
|
* @author NetUSE AG Boris Erdmann, Kristian Koehntopp
|
|
* @author Dan Kuykendall <seek3r@phpgroupware.org>
|
|
* @author Joseph Engo <jengo@phpgroupware.org>
|
|
* @author Ralf Becker <ralfbecker@outdoor-training.de>
|
|
* @copyright © 1998-2000 NetUSE AG Boris Erdmann, Kristian Koehntopp <br> © 2003 FreeSoftware Foundation
|
|
* @license LGPL
|
|
* @version $Id$
|
|
*/
|
|
|
|
/**
|
|
* Session Management via database (based on phplib sessions)
|
|
*
|
|
* @package api
|
|
* @subpackage sessions
|
|
*/
|
|
|
|
class sessions extends sessions_
|
|
{
|
|
var $sessions_table = 'egw_sessions';
|
|
var $app_sessions_table = 'egw_app_sessions';
|
|
|
|
function sessions($domain_names=null)
|
|
{
|
|
$this->sessions_($domain_names);
|
|
}
|
|
|
|
function read_session()
|
|
{
|
|
$this->db->select($this->sessions_table,'*',array('session_id' => $this->sessionid),__LINE__,__FILE__);
|
|
|
|
return $this->db->row(true);
|
|
}
|
|
|
|
/**
|
|
* remove stale sessions out of the database
|
|
*/
|
|
function clean_sessions()
|
|
{
|
|
$this->db->delete($this->sessions_table,array(
|
|
'session_dla <= ' . (time() - $GLOBALS['egw_info']['server']['sessions_timeout']),
|
|
"session_flags != 'A'",
|
|
),__LINE__,__FILE__);
|
|
|
|
// This is set a little higher, we don't want to kill session data for anonymous sessions.
|
|
$GLOBALS['egw']->db->delete($this->app_sessions_table,array(
|
|
'session_dla <= ' . (time() - $GLOBALS['egw_info']['server']['sessions_timeout']),
|
|
),__LINE__,__FILE__);
|
|
}
|
|
|
|
function register_session($login,$user_ip,$now,$session_flags)
|
|
{
|
|
$GLOBALS['egw']->db->insert($this->sessions_table,array(
|
|
'session_lid' => $login,
|
|
'session_ip' => $user_ip,
|
|
'session_logintime' => $now,
|
|
'session_dla' => $now,
|
|
'session_action' => $_SERVER['PHP_SELF'],
|
|
'session_flags' => $session_flags,
|
|
),array(
|
|
'session_id' => $this->sessionid,
|
|
),__LINE__,__FILE__);
|
|
}
|
|
|
|
/**
|
|
* update the DateLastActive column, so the login does not expire
|
|
*/
|
|
function update_dla()
|
|
{
|
|
if (@isset($_GET['menuaction']))
|
|
{
|
|
$action = $_GET['menuaction'];
|
|
}
|
|
else
|
|
{
|
|
$action = $_SERVER['PHP_SELF'];
|
|
}
|
|
|
|
// This way XML-RPC users aren't always listed as
|
|
// xmlrpc.php
|
|
if ($this->xmlrpc_method_called)
|
|
{
|
|
$action = $this->xmlrpc_method_called;
|
|
}
|
|
|
|
$GLOBALS['egw']->db->update($this->sessions_table,array(
|
|
'session_dla' => time(),
|
|
'session_action' => $action,
|
|
),array(
|
|
'session_id' => $this->sessionid,
|
|
),__LINE__,__FILE__);
|
|
|
|
$GLOBALS['egw']->db->update($this->app_sessions_table,array(
|
|
'session_dla' => time(),
|
|
),array(
|
|
'sessionid' => $this->sessionid,
|
|
),__LINE__,__FILE__);
|
|
|
|
return True;
|
|
}
|
|
|
|
function destroy($sessionid, $kp3)
|
|
{
|
|
if (!$sessionid && $kp3)
|
|
{
|
|
return False;
|
|
}
|
|
$GLOBALS['egw']->db->transaction_begin();
|
|
|
|
$GLOBALS['egw']->db->delete($this->sessions_table,array('session_id' => $sessionid),__LINE__,__FILE__);
|
|
$GLOBALS['egw']->db->delete($this->app_sessions_table,array('sessionid' => $sessionid),__LINE__,__FILE__);
|
|
|
|
$this->log_access($this->sessionid); // log logout-time
|
|
|
|
// Only do the following, if where working with the current user
|
|
if ($sessionid == $GLOBALS['egw_info']['user']['sessionid'])
|
|
{
|
|
$this->clean_sessions();
|
|
}
|
|
$GLOBALS['egw']->db->transaction_commit();
|
|
|
|
return True;
|
|
}
|
|
|
|
/*************************************************************************\
|
|
* Functions for appsession data and session cache *
|
|
\*************************************************************************/
|
|
|
|
/**
|
|
* delete the old phpgw_info cache
|
|
*
|
|
* @deprecated not longer used
|
|
*/
|
|
function delete_cache($accountid='')
|
|
{
|
|
}
|
|
|
|
function appsession($location = 'default', $appname = '', $data = '##NOTHING##')
|
|
{
|
|
if (!$this->account_id || !$this->sessionid)
|
|
{
|
|
return False; // this can happen during login or logout
|
|
}
|
|
if (!$appname)
|
|
{
|
|
$appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
|
}
|
|
|
|
/* This allows the user to put '' as the value. */
|
|
if ($data == '##NOTHING##')
|
|
{
|
|
$GLOBALS['egw']->db->select($this->app_sessions_table,'content',array(
|
|
'sessionid' => $this->sessionid,
|
|
'loginid' => $this->account_id,
|
|
'app' => $appname,
|
|
'location' => $location,
|
|
),__LINE__,__FILE__);
|
|
$GLOBALS['egw']->db->next_record();
|
|
|
|
// do not decrypt and return if no data (decrypt returning garbage)
|
|
if(($data = $GLOBALS['egw']->db->f('content')))
|
|
{
|
|
return $GLOBALS['egw']->crypto->decrypt($data);
|
|
}
|
|
return null;
|
|
}
|
|
$GLOBALS['egw']->db->insert($this->app_sessions_table,array(
|
|
'content' => $GLOBALS['egw']->crypto->encrypt($data),
|
|
),array(
|
|
'sessionid' => $this->sessionid,
|
|
'loginid' => $this->account_id,
|
|
'app' => $appname,
|
|
'location' => $location,
|
|
),__LINE__,__FILE__);
|
|
|
|
return $data;
|
|
}
|
|
|
|
/**
|
|
* list all sessions
|
|
*/
|
|
function list_sessions($start, $order, $sort, $all_no_sort = False)
|
|
{
|
|
$values = array();
|
|
|
|
$order_by = 'ORDER BY '.$sort.' '.$order;
|
|
if (!preg_match('/^[a-z_0-9, ]+$/i',$sort) || !preg_match('/^(asc|desc)?$/i',$sort))
|
|
{
|
|
$order_by = 'ORDER BY session_dla asc';
|
|
}
|
|
$this->db->select($this->sessions_table,'*',"session_flags != 'A'",__LINE__,__FILE__,(int)$start,$order_by);
|
|
|
|
while (($row = $this->db->row(true)))
|
|
{
|
|
$values[] = $row;
|
|
}
|
|
return $values;
|
|
}
|
|
|
|
/**
|
|
* get number of regular / non-anonymous sessions
|
|
*
|
|
* @return int
|
|
*/
|
|
function total()
|
|
{
|
|
$this->db->select($this->sessions_table,'COUNT(*)',"session_flags != 'A'",__LINE__,__FILE__);
|
|
|
|
return $this->db->next_record() ? $this->db->f(0) : 0;
|
|
}
|
|
}
|
|
?>
|