2007-07-19 12:40:28 +02:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Handles all manipulation of the session.
|
2007-08-17 07:45:15 +02:00
|
|
|
*
|
|
|
|
* The static methods are used to manipulate the currently active controller's session.
|
|
|
|
* The instance methods are used to manipulate a particular session. There can be more than one of these created.
|
|
|
|
*
|
|
|
|
* In order to support things like testing, the session is associated with a particular Controller. In normal usage, this is loaded from
|
|
|
|
* and saved to the regular PHP session, but for things like static-page-generation and unit-testing, you can create multiple Controllers,
|
|
|
|
* each with their own session.
|
|
|
|
*
|
|
|
|
* The instance object is basically just a way of manipulating a set of nested maps, and isn't specific to session data.
|
2007-07-19 12:40:28 +02:00
|
|
|
* This class is currently really basic and could do with a more well-thought-out implementation
|
2010-01-15 04:42:40 +01:00
|
|
|
*
|
2008-02-25 03:10:37 +01:00
|
|
|
* @package sapphire
|
|
|
|
* @subpackage control
|
2007-07-19 12:40:28 +02:00
|
|
|
*/
|
2010-01-15 04:42:40 +01:00
|
|
|
|
2007-07-19 12:40:28 +02:00
|
|
|
class Session {
|
2008-08-12 06:46:04 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @var $timeout Set session timeout
|
|
|
|
*/
|
|
|
|
static protected $timeout = 0;
|
|
|
|
|
|
|
|
static protected $session_ips = array();
|
|
|
|
|
2010-01-15 04:42:40 +01:00
|
|
|
/**
|
|
|
|
* Session data
|
|
|
|
*/
|
|
|
|
protected $data = array();
|
|
|
|
protected $changedData = array();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a new session object, with the given starting data
|
|
|
|
*
|
|
|
|
* @param $data Can be an array of data (such as $_SESSION) or another Session object to clone.
|
|
|
|
*/
|
|
|
|
function __construct($data) {
|
|
|
|
if($data instanceof Session) $data = $data->inst_getAll();
|
|
|
|
|
|
|
|
$this->data = $data;
|
|
|
|
}
|
|
|
|
|
2008-08-12 06:46:04 +02:00
|
|
|
/**
|
|
|
|
* Provide an <code>array</code> of rules specifing timeouts for IPv4 address ranges or
|
|
|
|
* individual IPv4 addresses. The key is an IP address or range and the value is the time
|
|
|
|
* until the session expires in seconds. For example:
|
|
|
|
*
|
|
|
|
* Session::set_timeout_ips(array(
|
|
|
|
* '127.0.0.1' => 36000
|
|
|
|
* ));
|
|
|
|
*
|
|
|
|
* Any user connecting from 127.0.0.1 (localhost) will have their session expired after 10 hours.
|
|
|
|
*
|
|
|
|
* Session::set_timeout is used to set the timeout value for any users whose address is not in the given IP range.
|
|
|
|
*
|
|
|
|
* @param array $session_ips Array of IPv4 rules.
|
|
|
|
*/
|
|
|
|
public static function set_timeout_ips($session_ips) {
|
|
|
|
if(!is_array($session_ips)) {
|
|
|
|
user_error("Session::set_timeout_ips expects an array as its argument", E_USER_NOTICE);
|
|
|
|
self::$session_ips = array();
|
|
|
|
} else {
|
|
|
|
self::$session_ips = $session_ips;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-08-17 07:45:15 +02:00
|
|
|
public static function addToArray($name, $val) {
|
|
|
|
return Controller::curr()->getSession()->inst_addToArray($name, $val);
|
|
|
|
}
|
2010-01-15 04:42:40 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Set a key/value pair in the session
|
|
|
|
*
|
|
|
|
* @param string $name Key
|
|
|
|
* @param string $val Value
|
|
|
|
*/
|
|
|
|
public static function set($name, $val) {
|
|
|
|
return Controller::curr()->getSession()->inst_set($name, $val);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return a specific value by session key
|
|
|
|
*
|
|
|
|
* @param string $name Key to lookup
|
|
|
|
*/
|
2007-08-17 07:45:15 +02:00
|
|
|
public static function get($name) {
|
|
|
|
return Controller::curr()->getSession()->inst_get($name);
|
|
|
|
}
|
2010-01-15 04:42:40 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Return all the values in session
|
|
|
|
*/
|
2007-08-17 07:45:15 +02:00
|
|
|
public static function getAll() {
|
2007-11-12 02:47:48 +01:00
|
|
|
return Controller::curr()->getSession()->inst_getAll();
|
|
|
|
}
|
2010-01-15 04:42:40 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Clear a given session key, value pair.
|
|
|
|
*
|
|
|
|
* @param string $name Key to lookup
|
|
|
|
*/
|
|
|
|
public static function clear($name) {
|
|
|
|
return Controller::curr()->getSession()->inst_clear($name);
|
2007-08-17 07:45:15 +02:00
|
|
|
}
|
2010-01-15 04:42:40 +01:00
|
|
|
|
2007-08-17 07:45:15 +02:00
|
|
|
/**
|
2010-01-15 04:42:40 +01:00
|
|
|
* Clear all the values
|
2007-08-17 07:45:15 +02:00
|
|
|
*/
|
2010-01-15 04:42:40 +01:00
|
|
|
public static function clearAll() {
|
|
|
|
return Controller::curr()->getSession()->inst_clearAll();
|
|
|
|
}
|
2007-08-17 07:45:15 +02:00
|
|
|
|
|
|
|
/**
|
2010-01-15 04:42:40 +01:00
|
|
|
* Save all the values in our session to $_SESSION
|
2007-08-17 07:45:15 +02:00
|
|
|
*/
|
2010-01-15 04:42:40 +01:00
|
|
|
public static function save() {
|
|
|
|
return Controller::curr()->getSession()->inst_save();
|
2007-08-17 07:45:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function inst_set($name, $val) {
|
2009-07-31 07:38:50 +02:00
|
|
|
// Quicker execution path for "."-free names
|
|
|
|
if(strpos($name,'.') === false) {
|
|
|
|
$this->data[$name] = $val;
|
|
|
|
$this->changedData[$name] = $val;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
$names = explode('.', $name);
|
2007-07-19 12:40:28 +02:00
|
|
|
|
2009-07-31 07:38:50 +02:00
|
|
|
// We still want to do this even if we have strict path checking for legacy code
|
|
|
|
$var = &$this->data;
|
|
|
|
$diffVar = &$this->changedData;
|
2007-07-19 12:40:28 +02:00
|
|
|
|
2009-07-31 07:38:50 +02:00
|
|
|
foreach($names as $n) {
|
|
|
|
$var = &$var[$n];
|
|
|
|
$diffVar = &$diffVar[$n];
|
|
|
|
}
|
2007-07-19 12:40:28 +02:00
|
|
|
|
2009-07-31 07:38:50 +02:00
|
|
|
$var = $val;
|
|
|
|
$diffVar = $val;
|
|
|
|
}
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
|
2007-08-17 07:45:15 +02:00
|
|
|
public function inst_addToArray($name, $val) {
|
2007-07-19 12:40:28 +02:00
|
|
|
$names = explode('.', $name);
|
|
|
|
|
|
|
|
// We still want to do this even if we have strict path checking for legacy code
|
2007-08-17 07:45:15 +02:00
|
|
|
$var = &$this->data;
|
2008-02-25 03:10:37 +01:00
|
|
|
$diffVar = &$this->changedData;
|
2007-07-19 12:40:28 +02:00
|
|
|
|
|
|
|
foreach($names as $n) {
|
|
|
|
$var = &$var[$n];
|
2008-02-25 03:10:37 +01:00
|
|
|
$diffVar = &$diffVar[$n];
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
$var[] = $val;
|
2008-02-25 03:10:37 +01:00
|
|
|
$diffVar[sizeof($var)-1] = $val;
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
|
2007-08-17 07:45:15 +02:00
|
|
|
public function inst_get($name) {
|
2009-07-31 07:38:50 +02:00
|
|
|
// Quicker execution path for "."-free names
|
|
|
|
if(strpos($name,'.') === false) {
|
|
|
|
if(isset($this->data[$name])) return $this->data[$name];
|
|
|
|
|
|
|
|
} else {
|
|
|
|
$names = explode('.', $name);
|
2007-08-10 00:06:39 +02:00
|
|
|
|
2009-07-31 07:38:50 +02:00
|
|
|
if(!isset($this->data)) {
|
|
|
|
return null;
|
|
|
|
}
|
2007-08-10 00:06:39 +02:00
|
|
|
|
2009-07-31 07:38:50 +02:00
|
|
|
$var = $this->data;
|
2007-07-19 12:40:28 +02:00
|
|
|
|
2009-07-31 07:38:50 +02:00
|
|
|
foreach($names as $n) {
|
|
|
|
if(!isset($var[$n])) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
$var = $var[$n];
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
|
2009-07-31 07:38:50 +02:00
|
|
|
return $var;
|
|
|
|
}
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
|
2007-08-17 07:45:15 +02:00
|
|
|
public function inst_clear($name) {
|
2007-07-19 12:40:28 +02:00
|
|
|
$names = explode('.', $name);
|
|
|
|
|
|
|
|
// We still want to do this even if we have strict path checking for legacy code
|
2007-08-17 07:45:15 +02:00
|
|
|
$var = &$this->data;
|
2008-02-25 03:10:37 +01:00
|
|
|
$diffVar = &$this->changedData;
|
2007-07-19 12:40:28 +02:00
|
|
|
|
|
|
|
foreach($names as $n) {
|
|
|
|
$var = &$var[$n];
|
2008-02-25 03:10:37 +01:00
|
|
|
$diffVar = &$diffVar[$n];
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
2010-01-15 04:42:40 +01:00
|
|
|
|
2007-07-19 12:40:28 +02:00
|
|
|
$var = null;
|
2008-02-25 03:10:37 +01:00
|
|
|
$diffVar = null;
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
2010-01-15 04:42:40 +01:00
|
|
|
|
|
|
|
public function inst_clearAll() {
|
|
|
|
if($this->data && is_array($this->data)) {
|
|
|
|
foreach(array_keys($this->data) as $key) {
|
|
|
|
$this->inst_clear($key);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-08-17 07:45:15 +02:00
|
|
|
public function inst_getAll() {
|
|
|
|
return $this->data;
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
|
2008-02-25 03:10:37 +01:00
|
|
|
/**
|
|
|
|
* Save data to session
|
|
|
|
* Only save the changes, so that anyone manipulating $_SESSION directly doesn't get burned.
|
|
|
|
*/
|
2007-11-12 02:47:48 +01:00
|
|
|
public function inst_save() {
|
2008-02-25 03:10:37 +01:00
|
|
|
$this->recursivelyApply($this->changedData, $_SESSION);
|
2007-11-19 04:12:29 +01:00
|
|
|
}
|
2007-11-12 02:47:48 +01:00
|
|
|
|
2008-02-25 03:10:37 +01:00
|
|
|
/**
|
|
|
|
* Recursively apply the changes represented in $data to $dest.
|
|
|
|
* Used to update $_SESSION
|
|
|
|
*/
|
|
|
|
protected function recursivelyApply($data, &$dest) {
|
|
|
|
foreach($data as $k => $v) {
|
|
|
|
if(is_array($v)) {
|
|
|
|
if(!isset($dest[$k])) $dest[$k] = array();
|
|
|
|
$this->recursivelyApply($v, $dest[$k]);
|
|
|
|
} else {
|
|
|
|
$dest[$k] = $v;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2008-02-25 02:06:39 +01:00
|
|
|
|
2007-07-19 12:40:28 +02:00
|
|
|
/**
|
|
|
|
* Sets the appropriate form message in session, with type. This will be shown once,
|
|
|
|
* for the form specified.
|
|
|
|
*
|
|
|
|
* @param formname the form name you wish to use ( usually $form->FormName() )
|
|
|
|
* @param messsage the message you wish to add to it
|
|
|
|
* @param type the type of message
|
|
|
|
*/
|
|
|
|
public static function setFormMessage($formname,$message,$type){
|
|
|
|
Session::set("FormInfo.$formname.message", $message);
|
|
|
|
Session::set("FormInfo.$formname.type", $type);
|
|
|
|
}
|
|
|
|
|
2009-11-09 08:23:42 +01:00
|
|
|
/**
|
|
|
|
* Initialize session.
|
2010-01-15 04:42:40 +01:00
|
|
|
*
|
2009-11-09 08:23:42 +01:00
|
|
|
* @param string $sid Start the session with a specific ID
|
|
|
|
*/
|
|
|
|
public static function start($sid = null) {
|
2008-08-12 06:46:04 +02:00
|
|
|
self::load_config();
|
|
|
|
|
2007-07-19 12:40:28 +02:00
|
|
|
if(!session_id() && !headers_sent()) {
|
2008-08-12 06:46:04 +02:00
|
|
|
session_set_cookie_params(self::$timeout, Director::baseURL());
|
2009-07-02 00:27:18 +02:00
|
|
|
// @ is to supress win32 warnings/notices when session wasn't cleaned up properly
|
|
|
|
// There's nothing we can do about this, because it's an operating system function!
|
2009-11-09 08:23:42 +01:00
|
|
|
if($sid) session_id($sid);
|
2009-07-02 00:27:18 +02:00
|
|
|
@session_start();
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
}
|
2009-11-09 08:23:42 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Destroy the active session.
|
2010-01-15 04:42:40 +01:00
|
|
|
*
|
2009-11-09 08:23:42 +01:00
|
|
|
* @param bool $removeCookie If set to TRUE, removes the user's cookie, FALSE does not remove
|
|
|
|
*/
|
|
|
|
public static function destroy($removeCookie = true) {
|
|
|
|
if(session_id()) {
|
2009-11-09 08:41:32 +01:00
|
|
|
if($removeCookie) {
|
|
|
|
setcookie(session_name(), '');
|
|
|
|
unset($_COOKIE[session_name()]);
|
|
|
|
}
|
2009-11-09 08:23:42 +01:00
|
|
|
session_destroy();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-08-12 06:46:04 +02:00
|
|
|
/**
|
|
|
|
* Use the Session::$session_ips array to set timeouts based on IP address or IP address
|
|
|
|
* range.
|
|
|
|
*
|
|
|
|
* Note: The use of _sessions.php is deprecated.
|
|
|
|
*/
|
|
|
|
public static function load_config() {
|
|
|
|
foreach(self::$session_ips as $sessionIP => $timeout) {
|
|
|
|
if(preg_match('/^([0-9.]+)\s?-\s?([0-9.]+)$/', $sessionIP, $ips)) {
|
2008-08-13 03:43:49 +02:00
|
|
|
if(isset($_SERVER['REMOTE_ADDR'])) {
|
|
|
|
$startIP = ip2long($ips[1]);
|
|
|
|
$endIP = ip2long($ips[2]);
|
|
|
|
$clientIP = ip2long($_SERVER['REMOTE_ADDR']);
|
|
|
|
$minIP = min($startIP, $endIP);
|
|
|
|
$maxIP = max($startIP, $endIP);
|
|
|
|
|
|
|
|
if($minIP <= $clientIP && $clientIP <= $maxIP) {
|
|
|
|
return self::set_timeout($timeout);
|
|
|
|
}
|
2008-08-12 06:46:04 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
// TODO - Net masks or something
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2010-01-15 04:42:40 +01:00
|
|
|
* Set the timeout of a Session value
|
2008-08-12 06:46:04 +02:00
|
|
|
*
|
|
|
|
* @param int $timeout Time until a session expires in seconds. Defaults to expire when browser is closed.
|
|
|
|
*/
|
|
|
|
public static function set_timeout($timeout) {
|
|
|
|
self::$timeout = intval($timeout);
|
|
|
|
}
|
2008-08-12 23:05:29 +02:00
|
|
|
|
|
|
|
public static function get_timeout() {
|
|
|
|
return self::$timeout;
|
|
|
|
}
|
2010-01-15 04:42:40 +01:00
|
|
|
}
|