1<?php 2 /** 3 * Session management based on database 4 * @author Dan Kuykendall <seek3r@phpgroupware.org> 5 * @author Joseph Engo <jengo@phpgroupware.org> 6 * @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc. http://www.fsf.org/ 7 * @license http://www.fsf.org/licenses/lgpl.html GNU Lesser General Public License 8 * @package phpgwapi 9 * @subpackage accounts 10 * @version $Id: class.sessions_db.inc.php 21217 2010-06-02 09:21:48Z Caeies $ 11 */ 12 13 /** 14 * Session management based on database 15 * 16 * @package phpgwapi 17 * @subpackage accounts 18 */ 19 class sessions extends sessions_ 20 { 21 function sessions() 22 { 23 $this->sessions_(); 24 } 25 26 function read_session($sessionid) 27 { 28 $this->db->query("SELECT * FROM phpgw_sessions WHERE session_id='" . $this->db->db_addslashes($this->sessionid) . "'",__LINE__,__FILE__); 29 $this->db->next_record(); 30 31 return $this->db->Record; 32 } 33 34 // This will remove stale sessions out of the database 35 function clean_sessions() 36 { 37 // If you plan on using the cron apps, please remove the following lines. 38 // I am going to make this a config option durring 0.9.11, instead of an application (jengo) 39 40 $GLOBALS['phpgw']->db->query("DELETE FROM phpgw_sessions WHERE session_dla <= '" . (time() - $GLOBALS['phpgw_info']['server']['sessions_timeout']) 41 . "' AND session_flags !='A'",__LINE__,__FILE__); 42 43 // This is set a little higher, we don't want to kill session data for anonymous sessions. 44 $GLOBALS['phpgw']->db->query("DELETE FROM phpgw_app_sessions WHERE session_dla <= '" . (time() - $GLOBALS['phpgw_info']['server']['sessions_timeout']) 45 . "'",__LINE__,__FILE__); 46 } 47 48 function register_session($login,$user_ip,$now,$session_flags) 49 { 50 $GLOBALS['phpgw']->db->query("INSERT INTO phpgw_sessions VALUES ('" . $this->db->db_addslashes($this->sessionid) 51 . "','".$this->db->db_addslashes($login)."','" . $this->db->db_addslashes($user_ip) . "','" 52 . $this->db->db_addslashes($now) . "','" . $this->db->db_addslashes($now) . "','" . $this->db->db_addslashes($_SERVER['PHP_SELF']) . "','" 53 . $this->db->db_addslashes($session_flags) 54 . "')",__LINE__,__FILE__); 55 } 56 57 // This will update the DateLastActive column, so the login does not expire 58 function update_dla() 59 { 60 if (get_var('menuaction',Array('GET','POST'))) 61 { 62 $action = get_var('menuaction',Array('GET','POST')); 63 } 64 else 65 { 66 $action = $_SERVER['PHP_SELF']; 67 } 68 69 // This way XML-RPC users aren't always listed as 70 // xmlrpc.php 71 if ($this->xmlrpc_method_called) 72 { 73 $action = $this->xmlrpc_method_called; 74 } 75 $action = $this->db->db_addslashes($action); 76 $GLOBALS['phpgw']->db->query("UPDATE phpgw_sessions SET session_dla='" . time() . "', session_action='$action' " 77 . "WHERE session_id='" . $this->db->db_addslashes($this->sessionid)."'",__LINE__,__FILE__); 78 79 $GLOBALS['phpgw']->db->query("UPDATE phpgw_app_sessions SET session_dla='" . time() . "' " 80 . "WHERE sessionid='" . $this->db->db_addslashes($this->sessionid)."'",__LINE__,__FILE__); 81 return True; 82 } 83 84 function destroy($sessionid, $kp3) 85 { 86 if (! $sessionid && $kp3) 87 { 88 return False; 89 } 90 $sessionid = $this->db->db_addslashes($sessionid); 91 $GLOBALS['phpgw']->db->transaction_begin(); 92 $GLOBALS['phpgw']->db->query("DELETE FROM phpgw_sessions WHERE session_id='" 93 . $sessionid . "'",__LINE__,__FILE__); 94 $GLOBALS['phpgw']->db->query("DELETE FROM phpgw_app_sessions WHERE sessionid='" 95 . $sessionid . "'",__LINE__,__FILE__); 96 $this->log_access($this->sessionid); // log logout-time 97 98 // Only do the following, if where working with the current user 99 if ($sessionid == $GLOBALS['phpgw_info']['user']['sessionid']) 100 { 101 $this->clean_sessions(); 102 } 103 $GLOBALS['phpgw']->db->transaction_commit(); 104 105 return True; 106 } 107 108 /*************************************************************************\ 109 * Functions for appsession data and session cache * 110 \*************************************************************************/ 111 112 function delete_cache($accountid='') 113 { 114 $account_id = get_account_id($accountid,$this->account_id); 115 116 $query = "DELETE FROM phpgw_app_sessions WHERE loginid = '".intval($account_id)."'" 117 ." AND app = 'phpgwapi' AND location = 'phpgw_info_cache'"; 118 119 $GLOBALS['phpgw']->db->query($query); 120 } 121 122 function appsession($location = 'default', $appname = '', $data = '##NOTHING##') 123 { 124 if (! $appname) 125 { 126 $appname = $GLOBALS['phpgw_info']['flags']['currentapp']; 127 } 128 129 /* This allows the user to put '' as the value. */ 130 if ($data == '##NOTHING##') 131 { 132 $query = "SELECT content FROM phpgw_app_sessions WHERE" 133 ." sessionid='".$this->db->db_addslashes($this->sessionid)."' AND loginid='".intval($this->account_id)."'" 134 ." AND app = '".$this->db->db_addslashes($appname)."' AND location='".$this->db->db_addslashes($location)."'"; 135 136 $GLOBALS['phpgw']->db->query($query,__LINE__,__FILE__); 137 $GLOBALS['phpgw']->db->next_record(); 138 139 // I added these into seperate steps for easier debugging 140 $data = $GLOBALS['phpgw']->db->f('content'); 141 // Changed by Skeeter 2001 Mar 04 0400Z 142 // This was not properly decoding structures saved into session data properly 143// $data = $GLOBALS['phpgw']->common->decrypt($data); 144// return stripslashes($data); 145 // Changed by milosch 2001 Dec 20 146 // do not stripslashes here unless this proves to be a problem. 147 // Changed by milosch 2001 Dec 25 148 /* do not decrypt and return if no data (decrypt returning garbage) */ 149 if($data) 150 { 151 $data = $GLOBALS['phpgw']->crypto->decrypt($data); 152// echo 'appsession returning: '; _debug_array($data); 153 return $data; 154 } 155 } 156 else 157 { 158 $GLOBALS['phpgw']->db->query("SELECT content FROM phpgw_app_sessions WHERE " 159 . "sessionid = '".$this->db->db_addslashes($this->sessionid)."' AND loginid = '".intval($this->account_id)."'" 160 . " AND app = '".$this->db->db_addslashes($appname)."' AND location = '".$this->db->db_addslashes($location)."'",__LINE__,__FILE__); 161 162 $encrypteddata = $GLOBALS['phpgw']->crypto->encrypt($data); 163 $encrypteddata = $GLOBALS['phpgw']->db->db_addslashes($encrypteddata); 164 165 if ($GLOBALS['phpgw']->db->num_rows()==0) 166 { 167 $GLOBALS['phpgw']->db->query("INSERT INTO phpgw_app_sessions (sessionid,loginid,app,location,content,session_dla) " 168 . "VALUES ('".$this->db->db_addslashes($this->sessionid)."','".intval($this->account_id)."','".$this->db->db_addslashes($appname) 169 . "','".$this->db->db_addslashes($location)."','".$encrypteddata."','" . time() . "')",__LINE__,__FILE__); 170 } 171 else 172 { 173 $GLOBALS['phpgw']->db->query("UPDATE phpgw_app_sessions SET content='".$encrypteddata."'" 174 . "WHERE sessionid = '".$this->db->db_addslashes($this->sessionid)."'" 175 . "AND loginid = '".intval($this->account_id)."' AND app = '".$this->db->db_addslashes($appname)."'" 176 . "AND location = '".$this->db->db_addslashes($location)."'",__LINE__,__FILE__); 177 } 178 return $data; 179 } 180 } 181 182 function list_sessions($start, $order, $sort, $all_no_sort = False) 183 { 184 $values = array(); 185 $order = $this->db->db_addslashes($order); 186 $sort = $this->db->db_addslashes($sort); 187 188 $this->db->limit_query('SELECT * FROM phpgw_sessions' 189 . " WHERE session_flags != 'A'" 190 . " ORDER BY $sort $order",$start 191 ,__LINE__,__FILE__); 192 193 while ($this->db->next_record()) 194 { 195 $values[] = array( 196 'session_id' => $this->db->f('session_id'), 197 'session_lid' => $this->db->f('session_lid'), 198 'session_ip' => $this->db->f('session_ip'), 199 'session_logintime' => $this->db->f('session_logintime'), 200 'session_action' => $this->db->f('session_action'), 201 'session_dla' => $this->db->f('session_dla') 202 ); 203 } 204 return $values; 205 } 206 207 /*! 208 @function total 209 @abstract get number of normal / non-anonymous sessions 210 */ 211 function total() 212 { 213 $this->db->query("select count(*) from phpgw_sessions where session_flags != 'A'",__LINE__,__FILE__); 214 $this->db->next_record(); 215 216 return $this->db->f(0); 217 } 218 } 219?> 220