-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsessionController.class.php
154 lines (135 loc) · 3.76 KB
/
sessionController.class.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<?php
/**
* Session Controller - Creates and Destroys sessions
*/
/* DB TABLE FOR SESSIONS
*
CREATE TABLE IF NOT EXISTS `sessions` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`uid` bigint(20) unsigned NOT NULL,
`ip` varchar(255) NOT NULL,
`sid` varchar(255) NOT NULL,
`expires` int(11) NOT NULL,
PRIMARY KEY (`sid`),
UNIQUE KEY `id` (`id`),
KEY `uid` (`uid`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=0 ;
*/
class SessionController {
private $tablename = 'sessions';
private $db;
public function __construct(){
$this->db = getDB();
}
public function create($user){
$uid = $user['uid'];
$ip = $this->getIp();
$sid = $this->makeSessionKey();
$session = array(
'uid' => $uid,
'ip' => $ip,
'sid' => $sid,
'expires' => time() + 3600
);
if($this->insertSession($session)){
return $session;
} else {
return FALSE;
}
}
public function checkSession($sid, $uid){
$query = "SELECT * FROM $this->tablename WHERE sid='$sid'";
$result = $this->db->query($query);
if($result !== FALSE){
if($result->num_rows > 0){
$values = $result->fetch_assoc();
$ip = $this->getIp();
$ret = ($uid == $values['uid'] && $ip == $values['ip'] && ($values['expires'] >= time()));
if($ret){ $this->updateSession($sid); }
return $ret;
} else {
return FALSE;
}
} else {
report_error('Database Error: ', $this->db->error);
return FALSE;
}
}
private function insertSession($session){
$query = "INSERT INTO $this->tablename (";
//create a columns array and a values array - each being escaped of course
$columns = array();
$values = array();
foreach($session as $key=>$value){
$columns[] = $this->db->real_escape_string($key);
$values[] = $this->db->real_escape_string($value);
}
$query .= implode(', ', $columns) . ') VALUES (\'' . implode("', '", $values) . '\')';
if($this->db->query($query)){
$session['id'] = $this->db->insert_id;
return $session;
} else {
report_error('Database Error: ', $this->db->error);
return FALSE;
}
}
private function updateSession($sid){
$sid = $this->db->real_escape_string($sid);
$expires = time() + 3600;
if($this->db->query("UPDATE $this->tablename SET expires=$expires")){
return TRUE;
} else {
report_error('Database Error: ', $this->db->error);
return FALSE;
}
}
public function deleteSession($sid){
$sid = $this->db->real_escape_string($sid);
if($this->db->query("DELETE FROM $this->tablename WHERE sid=$sid")){
return TRUE;
} else {
report_error('Database Error: ', $this->db->error);
return FALSE;
}
}
/**
* Retrieves the current users ip
*/
private function getIp(){
if (isset($_SERVER['HTTP_X_FORWARD_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARD_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
/**
* Get the last created id in the database
*/
private function getLastId(){
$query = 'SELECT id FROM ' . $this->tablename . ' ORDER BY id DESC LIMIT 1';
$result = $this->db->query($query);
if($result !== FALSE){
if($result->num_rows > 0){
$id = $result->fetch_assoc();
$id = $id['id'];
return $id;
} else {
return FALSE;
}
} else {
report_error('Database Error: ', $this->db->error);
return FALSE;
}
}
/**
* Make a session key
* Based on the site key and the current session num
*/
private function makeSessionKey(){
global $site_secret;
$id = $this->getLastId();
return md5($site_secret . $id);
}
}
?>