[SUCS Devel] site r684 - trunk/lib
imranh at sucs.org
imranh at sucs.org
Tue Apr 21 11:12:30 BST 2015
Author: imranh
Date: 2015-04-21 11:12:22 +0100 (Tue, 21 Apr 2015)
New Revision: 684
Modified:
trunk/lib/session.php
Log:
set the cookie prefix to the dbname instead of sucssite so you can be logged into multipule versions of the sucssite without errors
Modified: trunk/lib/session.php
===================================================================
--- trunk/lib/session.php 2015-04-19 13:28:33 UTC (rev 683)
+++ trunk/lib/session.php 2015-04-21 10:12:22 UTC (rev 684)
@@ -2,7 +2,7 @@
// To use:
// include_once "session.php"
// $mysession = new Session;
-//
+//
// $mysession->loggedin is TRUE if they have logged in
//
// other attributes are :
@@ -11,7 +11,6 @@
// lastseen - unix timestamp for their previous page access
// data - var/array for persistant data, commit by calling the 'save' method
-
// Session management and authentication mechanism.
class Session {
public $loggedin=FALSE; // Is this a valid logged in user ?
@@ -23,7 +22,7 @@
public $printbalance; // printer balance
public $data=''; // Var/array for session persistant data
public $token=''; // session identifier
-public $logintime=''; // Time which user last gave us credentials
+public $logintime=''; // Time which user last gave us credentials
public $lastseen=''; // Time of last page request
private $timeout = 2880; // Idle timeout limit in minutes (session deleted), 2880 == 48 hours
private $anonymous_timeout = 120; // Idle timeout limit for sessions which aren't logged in (set lower to stop the session table getting swamped)
@@ -32,19 +31,17 @@
private $table = "session"; // session storage table (const)
private $datahash=''; // hash of data field
-
-
// Create a new (insecure) session
private function newsession()
{
- global $DB, $preferred_hostname;
+ global $DB, $preferred_hostname, $dbname;
- $token = $this->genSessionID();
+ $token = $this->genSessionID();
$DB->Execute("insert into {$this->table} (hash, lastseen, ip) values (?,NOW(),?)", array($token, $_SERVER['REMOTE_ADDR']));
- setcookie("sucssite_session", $token, NULL, "/", $preferred_hostname);
-
+ setcookie($dbname."_session", $token, NULL, "/", $preferred_hostname);
+
// delete loggedin cookie if it exists
- setcookie("sucssite_loggedin", FALSE, time(), "/");
+ setcookie($dbname."_loggedin", FALSE, time(), "/");
$this->token = $token;
return;
}
@@ -65,11 +62,11 @@
// Public Object constructor
function __construct()
{
- global $DB, $preferred_hostname, $baseurl;
+ global $DB, $preferred_hostname, $baseurl, $dbname;
unset($token);
// if user requests a page via HTTP and claims to be logged in, bump them to HTTPS
- if (!isset($_SERVER['HTTPS']) && (@$_COOKIE['sucssite_loggedin'] == "true")) {
+ if (!isset($_SERVER['HTTPS']) && (@$_COOKIE[$dbname.'_loggedin'] == "true")) {
header("HTTP/1.0 307 Temporary redirect");
header("Location: https://{$preferred_hostname}{$baseurl}{$_SERVER['PATH_INFO']}");
return;
@@ -93,13 +90,13 @@
// the possible token data passed from a form
- if (isset($_REQUEST['token']))
+ if (isset($_REQUEST['token']))
$token = $_REQUEST['token'];
// Check if we were handed a specific token identifier
// Otherwise use the value from the cookie we gave out
- if (!isset($token) && isset($_COOKIE['sucssite_session']))
- $token=@$_COOKIE['sucssite_session'];
+ if (!isset($token) && isset($_COOKIE[$dbname.'_session']))
+ $token=@$_COOKIE[$dbname.'_session'];
if (isset($token)) $this->token = $token;
@@ -111,7 +108,7 @@
// Okay, so we still dont have a session id
// so issue a new one and go back to core
- if (!isset($token))
+ if (!isset($token))
{
$this->newsession();
return;
@@ -159,7 +156,7 @@
if (isset($this->data['messages'])) {
global $messages;
if (is_array($messages)) {
- $messages += $this->data['messages'];
+ $messages += $this->data['messages'];
} else {
$messages = $this->data['messages'];
}
@@ -167,9 +164,9 @@
$this->save();
}
}
-
+
// generate a string suitable to be used as a session ID
- private function genSessionID()
+ private function genSessionID()
{
global $DB;
$try = 0;
@@ -203,11 +200,11 @@
// Public function: force a logout of the session
public function logout( )
{
- global $DB;
+ global $DB, $dbname;
$DB->Execute("delete from {$this->table} where hash=?", array($this->token));
$this->newsession();
$this->loggedin = FALSE;
- setcookie("sucssite_loggedin", FALSE, time(), "/");
+ setcookie($dbname."_loggedin", FALSE, time(), "/");
}
// Fill out any extra details we know about the user
@@ -246,7 +243,7 @@
}
- /* check using mod_auth_externals helper
+ /* check using mod_auth_externals helper
private function check_pass($user, $pass)
{
@@ -322,7 +319,7 @@
// Private function: process login form
private function session_init($user, $pass)
{
- global $DB, $preferred_hostname;
+ global $DB, $preferred_hostname, $dbname;
// Check that this is a valid session start
// This prevents replay attacks
$sess = $DB->GetAll("select * from {$this->table} where hash=? and username is NULL", array($this->token));
@@ -338,11 +335,11 @@
// so generate a new one with the secure flag set
$oldtoken = $this->token;
$this->token = $this->genSessionID();
- setcookie("sucssite_session", $this->token, time() + $this->max_session_length * 60, "/", $preferred_hostname, TRUE);
+ setcookie($dbname."_session", $this->token, time() + $this->max_session_length * 60, "/", $preferred_hostname, TRUE);
// set a cookie as a hint that we're logged in
// this can be checked for to allow redirecting to SSL to get the secure cookie
- setcookie("sucssite_loggedin", "true", time() + $this->max_session_length * 60, "/");
+ setcookie($dbname."_loggedin", "true", time() + $this->max_session_length * 60, "/");
// Update the session, filling in the blanks
$DB->Execute("update {$this->table} set hash=?, username=?, logintime='NOW()', lastseen='NOW()', ip=? where hash=?",
More information about the Devel
mailing list