1<?php
2	/**
3	* Session management based on database
4	* @author Dan Kuykendall <seek3r@phpgroupware.org>
5	* @author Joseph Engo <jengo@phpgroupware.org>
6	* @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc. http://www.fsf.org/
7	* @license http://www.fsf.org/licenses/lgpl.html GNU Lesser General Public License
8	* @package phpgwapi
9	* @subpackage accounts
10	* @version $Id: class.sessions_db.inc.php 21217 2010-06-02 09:21:48Z Caeies $
11	*/
12
13	/**
14	* Session management based on database
15	*
16	* @package phpgwapi
17	* @subpackage accounts
18	*/
19	class sessions extends sessions_
20	{
21		function sessions()
22		{
23			$this->sessions_();
24		}
25
26		function read_session($sessionid)
27		{
28			$this->db->query("SELECT * FROM phpgw_sessions WHERE session_id='" . $this->db->db_addslashes($this->sessionid) . "'",__LINE__,__FILE__);
29			$this->db->next_record();
30
31			return $this->db->Record;
32		}
33
34		// This will remove stale sessions out of the database
35		function clean_sessions()
36		{
37			// If you plan on using the cron apps, please remove the following lines.
38			// I am going to make this a config option durring 0.9.11, instead of an application (jengo)
39
40			$GLOBALS['phpgw']->db->query("DELETE FROM phpgw_sessions WHERE session_dla <= '" . (time() - $GLOBALS['phpgw_info']['server']['sessions_timeout'])
41				. "' AND session_flags !='A'",__LINE__,__FILE__);
42
43			// This is set a little higher, we don't want to kill session data for anonymous sessions.
44			$GLOBALS['phpgw']->db->query("DELETE FROM phpgw_app_sessions WHERE session_dla <= '" . (time() - $GLOBALS['phpgw_info']['server']['sessions_timeout'])
45				. "'",__LINE__,__FILE__);
46		}
47
48		function register_session($login,$user_ip,$now,$session_flags)
49		{
50			$GLOBALS['phpgw']->db->query("INSERT INTO phpgw_sessions VALUES ('" . $this->db->db_addslashes($this->sessionid)
51				. "','".$this->db->db_addslashes($login)."','" . $this->db->db_addslashes($user_ip) . "','"
52				. $this->db->db_addslashes($now) . "','" . $this->db->db_addslashes($now) . "','" . $this->db->db_addslashes($_SERVER['PHP_SELF']) . "','"
53				. $this->db->db_addslashes($session_flags)
54				. "')",__LINE__,__FILE__);
55		}
56
57		// This will update the DateLastActive column, so the login does not expire
58		function update_dla()
59		{
60			if (get_var('menuaction',Array('GET','POST')))
61			{
62				$action = get_var('menuaction',Array('GET','POST'));
63			}
64			else
65			{
66				$action = $_SERVER['PHP_SELF'];
67			}
68
69			// This way XML-RPC users aren't always listed as
70			// xmlrpc.php
71			if ($this->xmlrpc_method_called)
72			{
73				$action = $this->xmlrpc_method_called;
74			}
75			$action = $this->db->db_addslashes($action);
76			$GLOBALS['phpgw']->db->query("UPDATE phpgw_sessions SET session_dla='" . time() . "', session_action='$action' "
77				. "WHERE session_id='" . $this->db->db_addslashes($this->sessionid)."'",__LINE__,__FILE__);
78
79			$GLOBALS['phpgw']->db->query("UPDATE phpgw_app_sessions SET session_dla='" . time() . "' "
80				. "WHERE sessionid='" . $this->db->db_addslashes($this->sessionid)."'",__LINE__,__FILE__);
81			return True;
82		}
83
84		function destroy($sessionid, $kp3)
85		{
86			if (! $sessionid && $kp3)
87			{
88				return False;
89			}
90			$sessionid = $this->db->db_addslashes($sessionid);
91			$GLOBALS['phpgw']->db->transaction_begin();
92			$GLOBALS['phpgw']->db->query("DELETE FROM phpgw_sessions WHERE session_id='"
93				. $sessionid . "'",__LINE__,__FILE__);
94			$GLOBALS['phpgw']->db->query("DELETE FROM phpgw_app_sessions WHERE sessionid='"
95				. $sessionid . "'",__LINE__,__FILE__);
96			$this->log_access($this->sessionid);	// log logout-time
97
98			// Only do the following, if where working with the current user
99			if ($sessionid == $GLOBALS['phpgw_info']['user']['sessionid'])
100			{
101				$this->clean_sessions();
102			}
103			$GLOBALS['phpgw']->db->transaction_commit();
104
105			return True;
106		}
107
108		/*************************************************************************\
109		* Functions for appsession data and session cache                         *
110		\*************************************************************************/
111
112		function delete_cache($accountid='')
113		{
114			$account_id = get_account_id($accountid,$this->account_id);
115
116			$query = "DELETE FROM phpgw_app_sessions WHERE loginid = '".intval($account_id)."'"
117				." AND app = 'phpgwapi' AND location = 'phpgw_info_cache'";
118
119			$GLOBALS['phpgw']->db->query($query);
120		}
121
122		function appsession($location = 'default', $appname = '', $data = '##NOTHING##')
123		{
124			if (! $appname)
125			{
126				$appname = $GLOBALS['phpgw_info']['flags']['currentapp'];
127			}
128
129			/* This allows the user to put '' as the value. */
130			if ($data == '##NOTHING##')
131			{
132				$query = "SELECT content FROM phpgw_app_sessions WHERE"
133					." sessionid='".$this->db->db_addslashes($this->sessionid)."' AND loginid='".intval($this->account_id)."'"
134					." AND app = '".$this->db->db_addslashes($appname)."' AND location='".$this->db->db_addslashes($location)."'";
135
136				$GLOBALS['phpgw']->db->query($query,__LINE__,__FILE__);
137				$GLOBALS['phpgw']->db->next_record();
138
139				// I added these into seperate steps for easier debugging
140				$data = $GLOBALS['phpgw']->db->f('content');
141				// Changed by Skeeter 2001 Mar 04 0400Z
142				// This was not properly decoding structures saved into session data properly
143//				$data = $GLOBALS['phpgw']->common->decrypt($data);
144//				return stripslashes($data);
145				// Changed by milosch 2001 Dec 20
146				// do not stripslashes here unless this proves to be a problem.
147				// Changed by milosch 2001 Dec 25
148				/* do not decrypt and return if no data (decrypt returning garbage) */
149				if($data)
150				{
151					$data = $GLOBALS['phpgw']->crypto->decrypt($data);
152//					echo 'appsession returning: '; _debug_array($data);
153					return $data;
154				}
155			}
156			else
157			{
158				$GLOBALS['phpgw']->db->query("SELECT content FROM phpgw_app_sessions WHERE "
159					. "sessionid = '".$this->db->db_addslashes($this->sessionid)."' AND loginid = '".intval($this->account_id)."'"
160					. " AND app = '".$this->db->db_addslashes($appname)."' AND location = '".$this->db->db_addslashes($location)."'",__LINE__,__FILE__);
161
162				$encrypteddata = $GLOBALS['phpgw']->crypto->encrypt($data);
163				$encrypteddata = $GLOBALS['phpgw']->db->db_addslashes($encrypteddata);
164
165				if ($GLOBALS['phpgw']->db->num_rows()==0)
166				{
167					$GLOBALS['phpgw']->db->query("INSERT INTO phpgw_app_sessions (sessionid,loginid,app,location,content,session_dla) "
168						. "VALUES ('".$this->db->db_addslashes($this->sessionid)."','".intval($this->account_id)."','".$this->db->db_addslashes($appname)
169						. "','".$this->db->db_addslashes($location)."','".$encrypteddata."','" . time() . "')",__LINE__,__FILE__);
170				}
171				else
172				{
173					$GLOBALS['phpgw']->db->query("UPDATE phpgw_app_sessions SET content='".$encrypteddata."'"
174						. "WHERE sessionid = '".$this->db->db_addslashes($this->sessionid)."'"
175						. "AND loginid = '".intval($this->account_id)."' AND app = '".$this->db->db_addslashes($appname)."'"
176						. "AND location = '".$this->db->db_addslashes($location)."'",__LINE__,__FILE__);
177				}
178				return $data;
179			}
180		}
181
182		function list_sessions($start, $order, $sort, $all_no_sort = False)
183		{
184			$values = array();
185			$order = $this->db->db_addslashes($order);
186			$sort = $this->db->db_addslashes($sort);
187
188			$this->db->limit_query('SELECT * FROM phpgw_sessions'
189						. " WHERE session_flags != 'A'"
190						. " ORDER BY $sort $order",$start
191						,__LINE__,__FILE__);
192
193			while ($this->db->next_record())
194			{
195				$values[] = array(
196					'session_id'        => $this->db->f('session_id'),
197					'session_lid'       => $this->db->f('session_lid'),
198					'session_ip'        => $this->db->f('session_ip'),
199					'session_logintime' => $this->db->f('session_logintime'),
200					'session_action'    => $this->db->f('session_action'),
201					'session_dla'       => $this->db->f('session_dla')
202				);
203			}
204			return $values;
205		}
206
207		/*!
208		@function total
209		@abstract get number of normal / non-anonymous sessions
210		*/
211		function total()
212		{
213			$this->db->query("select count(*) from phpgw_sessions where session_flags != 'A'",__LINE__,__FILE__);
214			$this->db->next_record();
215
216			return $this->db->f(0);
217		}
218	}
219?>
220