session_functions.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: session_functions.php,v $
// | $Date: 2004/02/10 01:34:25 $
// | $Revision: 1.45 $
// +-------------------------------------------------------------+
// | File Details:
// | - Session handling functions
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);

/*****************************************************
	function delete_cookies

-----DESCRIPTION: -----------------------------------
	- delete all cookies for user/admin/tech zone

*****************************************************/

function delete_cookies() {

	if (defined('USERZONE')) {

		dp_setcookie("dp_user_sessionid", "", -1);
		dp_setcookie("dp_user_userid", "", -1);
		dp_setcookie("dp_user_password", "", -1);

	} elseif (defined('ADMINZONE')) {

		dp_setcookie("dp_admin_sessionid", "", -1);
		dp_setcookie("dp_admin_userid", "", -1);
		dp_setcookie("dp_admin_password", "", -1);

	} elseif (defined('TECHZONE')) {

		dp_setcookie("dp_tech_sessionid", "", -1);
		dp_setcookie("dp_tech_userid", "", -1);
		dp_setcookie("dp_tech_password", "", -1);		

	}
}

/*****************************************************
	function update_cookies

-----DESCRIPTION: -----------------------------------
	- deletes the session from the db
	- sets an empty cookie

-----ARGUMENTS: -------------------------------------
	sessionid		:	the users sessionid

-----RETURNS:----------------------------------------
	returns the full, updated session array

*****************************************************/

function update_cookies($zone = NULL) {
	
	global $_COOKIE;

	if (defined('USERZONE')) {
		$check = 'dp_admin_remember';
	} elseif (defined('ADMINZONE')) {
		$check = 'dp_tech_remember';
	} elseif (defined('TECHZONE')) {
		$check = 'dp_user_remember';		
	}

	if ($_COOKIE[$check]) {
		$ever = 'ever';
	} else {
		$ever = NULL;
	}

	if ($zone == "admin") {
		dp_setcookie('dp_admin_remember', $_COOKIE['dp_admin_remember'], $ever);
		dp_setcookie('dp_admin_sessionid', $_COOKIE['dp_admin_sessionid'], $ever);
		dp_setcookie('dp_admin_userid', $_COOKIE['dp_admin_userid'], $ever);
		dp_setcookie('dp_admin_password', $_COOKIE['dp_admin_password'], $ever);
	} elseif ($zone == "tech") {
		dp_setcookie('dp_tech_remember', $_COOKIE['dp_tech_remember'], $ever);
		dp_setcookie('dp_tech_sessionid', $_COOKIE['dp_tech_sessionid'], $ever);
		dp_setcookie('dp_tech_userid', $_COOKIE['dp_tech_userid'], $ever);
		dp_setcookie('dp_tech_password', $_COOKIE['dp_tech_password'], $ever);
	} else {
		dp_setcookie('dp_user_remember', $_COOKIE['dp_user_remember'], $ever);
		dp_setcookie('dp_user_sessionid', $_COOKIE['dp_user_sessionid'], $ever);
		dp_setcookie('dp_user_userid', $_COOKIE['dp_user_userid'], $ever);
		dp_setcookie('dp_user_password', $_COOKIE['dp_user_password'], $ever);
	}
}

/*****************************************************
	function logout_tech_session

----- DESCRIPTION: -----------------------------------
	- Delete tech session, log session timeout in tech_timelog

----- ARGUMENTS: -------------------------------------
	sessionid:	The session ID
	techid:		The technician's ID

----- RETURNS:----------------------------------------
	- Nothing

*****************************************************/

function logout_tech_session($sessionid, $techid) {
	
	global $db;

	$time = mktime() - $settings['session_adjust'];

	$db->query("INSERT INTO tech_timelog (techid, activity, stamp) VALUES ('$techid', 'Logged out -- session expired', '$time')");
	$db->query("DELETE FROM tech_session WHERE sessionid = '$sessionid'");

	delete_cookies();

	return;
}

/*****************************************************
	function delete_session

-----DESCRIPTION: -----------------------------------
	- deletes the session from the db
	- deletes cookies

-----ARGUMENTS: -------------------------------------
	sessionid		:	the users sessionid

-----RETURNS:----------------------------------------
	returns the full, updated session array

*****************************************************/

function delete_session($sessionid='') {

	global $db;

	if (!$sessionid) {
		global $session;
		$sessionid = $session[sessionid];
	}

	if (defined('USERZONE')) {
		$table = 'user_session';
	} elseif (defined('ADMINZONE')) {
		$table = 'tech_session';
	} elseif (defined('TECHZONE')) {
		$table = 'tech_session';
	}

	$db->query("DELETE FROM $table WHERE sessionid = '" . mysql_escape_string($sessionid) . "'");

	delete_cookies();
	
	return;
}

/*****************************************************
	function update_session

-----DESCRIPTION: -----------------------------------
	- updates a specific session variable

-----ARGUMENTS: -------------------------------------
	action		:	the session variable we are updating
	value		:	the new value for the session variable

-----RETURNS:----------------------------------------
	returns the full, updated session array

*****************************************************/

function update_session($action, $value) {

	global $db, $session;

	// in case there is no session
	if (!is_array($session)) { 
		$session = make_session($value);
	}

	if (defined('USERZONE')) {
		$table = 'user_session';
		$type = 'user';
	} else {
		$table = 'tech_session';
		$type = 'tech';
	}

	if ($action == "user") {
		if ($session[userid] != $value) {
			$db->query("UPDATE $table SET ".$type."id = '" . mysql_escape_string($value) . "' WHERE sessionid = '$session[sessionid]'");
			$session[userid] = $value;
		}
	}

	if ($action == "language") {
		if ($session[language] != $value) {
			$db->query("UPDATE $table SET language = '" . mysql_escape_string($value) . "' WHERE sessionid = '$session[sessionid]'");
			$session[language] = $value;
		}
	}

	$session[user_type] = 'user';

	return $session;
}

/*****************************************************
	function prune_sessions

----- DESCRIPTION: -----------------------------------
	- Expire old sessions

----- ARGUMENTS: -------------------------------------
	- None

----- RETURNS:----------------------------------------
	- Nothing

*****************************************************/

function prune_sessions () {

	// We only actually do this on a one-in-ten chance, because it's pointless
	// to trim down the DB on every page load, but it needs to be done fairly
	// often.

	if (!rand(0,9)) {
		global $db, $settings;

		if ($settings['cookie_lifespan'] > $settings['session_length']) {
			$time = mktime() - $settings['cookie_lifespan'];
		} else {
			$time = mktime() - $settings['session_length'];
		}

		// Expire user sessions
		$db->query("DELETE FROM user_session WHERE lastactivity <= '$time'");

		// Fetch tech sessions
		$db->query("SELECT sessionid, techid FROM tech_session WHERE lastactivity <= '$time'");
		while ($res = $db->row_array()) {
			logout_tech_session($res['sessionid'], $res['techid']);
		}
	}
}	

/*****************************************************
	function validate_session

----- DESCRIPTION: -----------------------------------
	- checks if a session is still valid

----- ARGUMENTS: -------------------------------------
	sessionid			:	the users sessionid
	userid	(opt)		:	[optional] userid

----- RETURNS:----------------------------------------
	null if the session is invalud
	the full session array if the session is valid

*****************************************************/

function validate_session($sessionid='', $userid='') {

	global $db, $settings, $_REQUEST, $_COOKIE, $_POST, $_GET;

	// cookies / tables based on where we are
	if (defined('USERZONE')) {
		$table = 'user';
		$session_table = 'user_session';
	} elseif (defined('ADMINZONE')) {
		$table = 'admin';
		$session_table = 'tech_session';
	} elseif (defined('TECHZONE')) {
		$table = 'tech';
		$session_table = 'tech_session';
	}

	/* SESSION ID SOURCE PREFERENCE:

	Session ID is always taken from the first of the sources in this list
	(checked in listed order), ignoring others if present.

	1) Sessionid sent in function definition
	2) Posted session value (a POST method, i.e. submitted form)
	3) URL Variable (GET method, as in file.php?s=sessionidstring)
	4) Cookie (client-side cookie data) */

	if (!$sessionid) {
		if ($_POST['s']) {
			$sessionid = $_POST['s'];
		} elseif ($_GET['s']) {
			$sessionid = $_GET['s'];
		} elseif ($_COOKIE['dp_' . $table. '_sessionid']) {
			$sessionid = $_COOKIE['dp_' . $table . '_sessionid'];
		}
	}

	// Check we have a session
	if (strlen($sessionid) != 32) { 
	 	return null;
	}

	// different time lengths for validation because sessions are less secure than cookies
	if ($_COOKIE[dp_sessionid] OR $_COOKIE['dp_' . $table . 'userid'] OR $_COOKIE['dp_' . $table . '_password']) {
		$time = mktime() - $settings[cookie_lifespan];
	} else {
		$time = mktime() - $settings[session_length];
	}

	// validate session
	// note we check the HTTP_USER_AGENT as well to provide some extra security with url sessions
	
	$session = $db->query_return("
		SELECT * FROM $session_table
		WHERE sessionid = '" . mysql_escape_string($sessionid) . "'
		AND lastactivity > '$time'
		AND useragent = '" . mysql_escape_string($_SERVER['HTTP_USER_AGENT']) . "'
	");

	// failed validation
	if (!$db->num_rows()) {
		return null;
	} 

	// update last activity and do activity log
	if ($location = find_location($session)) {

		if (!stristr($_SERVER['PHP_SELF'], '/tech/home/footer')) {
		
			$db->query("
				UPDATE $session_table SET 
				lastactivity = '" . mktime() . "', 
				location = '" . mysql_escape_string($location) . "' 
				WHERE sessionid = '$sessionid'
			");

			// If a technician/admin update, also log the activity.
			if (defined('ADMINZONE') OR defined('TECHZONE')) { 
				$db->query("
					INSERT INTO tech_timelog 
					(techid, activity, stamp) 
					VALUES ('$session[techid]', '" . mysql_escape_string($location) . "', '" . time() . "')
			");

			}
		}
	}

	if (stristr($_SERVER['PHP_SELF'], 'autoload.php')) {
		$db->query("UPDATE $session_table SET lastactivity = '" . mktime() . "' WHERE sessionid = '$sessionid'");
	}

	return $session;
}

/*****************************************************
	function make_session

----- DESCRIPTION: -----------------------------------
	- creates a session, deleting the given user's other
	  sessions (if any)

----- ARGUMENTS: -------------------------------------
	userid				:	the userid
	language (opt)		:	language choice

----- RETURNS:----------------------------------------
	the full session array

*****************************************************/

function make_session($userid='', $language='') {

	global $db;

	if (defined('USERZONE')) {
		$table = 'user_session';
		$type = 'user';
	} else {
		$table = 'tech_session';
		$type = 'tech';
	}

	$time = mktime();

	$sessionid = md5(uniqid(rand(),1));

	if (defined('TECHZONE')) {