yetangitu/ampache
1
0
Fork 0
mirror of https://github.com/Yetangitu/ampache synced 2025-10-04 18:29:40 +02:00
Code Issues Releases Wiki Activity
ampache/libglue/session.php
Karl 'vollmerk' Vollmer bcad40a05a New Import
2005-06-09 16:34:40 +00:00

417 lines
13 KiB
PHP
Raw Blame History

<?
/* ------------------- CVS INFO ----------------------
*
* $Source: /data/cvsroot/ampache/libglue/session.php,v $
* last modified by $Author: vollmerk $ at $Date: 2003/11/24 05:53:13 $
*
* Libglue, a free php library for handling authentication
* and session management.
*
* Written and distributed by Oregon State University.
* http://oss.oregonstate.edu/libglue
*
* ---------------------------------------------------
*/
function check_sess_db($dbtype = 'local')
{
if($dbtype === 'sso')
{
$dbh = libglue_param(libglue_param('sso_dbh_name'));
if(is_resource($dbh)) return $dbh;
$dbh_name = libglue_param('sso_dbh_name');
$host = libglue_param('sso_host');
$db = libglue_param('sso_db');
$user = libglue_param('sso_username');
$pass = libglue_param('sso_pass');
$name = libglue_param('sso_dbh_name');
}
elseif($dbtype === 'local')
{
$dbh = libglue_param(libglue_param('local_dbh_name'));
if(is_resource($dbh)) return $dbh;
$dbh_name = libglue_param('local_dbh_name');
$host = libglue_param('local_host');
$db = libglue_param('local_db');
$user = libglue_param('local_username');
$pass = libglue_param('local_pass');
$name = libglue_param('local_dhb_name');
}
$dbh = setup_sess_db($dbh_name,$host,$db,$user,$pass);
if(is_resource($dbh)) return $dbh;
else die("Could not connect to $dbtype database for session management");
}
//
// Really we are just checking the session here -- we want to see if
// if the user has a valid session, if they do then we'll let them do
// what they need to do.
//
function check_session($id=0)
{
//If an id isn't passed in, retrieve one from the cookie
if($id===0) {
/*
We don't need to set cookie params here php
is smart enough to know which cookie it wants
via the session_name. Setting cookie params
here sometimes made php create a new cookie
which is very bad :) -- Vollmer
*/
$name = libglue_param('sess_name');
if($name) session_name($name);
// Start the session, then get the cookie id
session_start();
$id = strip_tags($_COOKIE[$name]);
}
// Determine if we need to check the SSO database:
$auth_methods = libglue_param('auth_methods');
if(!is_array($auth_methods)) $auth_methods = array($auth_methods);
$sso_mode = in_array('sso',$auth_methods,TRUE);
$local = get_local_session($id);
if($sso_mode) $sso = get_sso_session($id);
if($sso_mode && !$sso)
{
return FALSE;
}
else if ($sso_mode && is_array($sso))
{
if(is_array($local)) return TRUE;
else
{
//
// Should we do gc here, just in case
// local is only expired?
// (The insert in make_local_session
// will fail if we don't)
//
$newlocal = make_local_session_sso($sso);
return $newlocal;
}
}
//If we get here, we're not using SSO mode
else if (!is_array($local))
{
return FALSE;
}
else return TRUE;
}
function make_local_session_only($data,$id=0)
{
if($id===0)
{
$name = libglue_param('sess_name');
$domain = libglue_param('sess_domain');
if($name) session_name($name);
//Lifetime of the cookie:
$cookielife = libglue_param('sess_cookielife');
if(empty($cookielife)) $cookielife = 0;
//Secure cookie?
$cookiesecure = libglue_param('sess_cookiesecure');
if(empty($cookiesecure)) $cookiesecure = 0;
//Cookie path:
$cookiepath = libglue_param('sess_cookiepath');
if(empty($cookiepath)) $cookiepath = '/';
if(!empty($domain)) session_set_cookie_params($cookielife,$cookiepath,$domain,$cookiesecure);
// Start the session
session_start();
/*
Before a refresh we do not have a cookie value
here so let's use session_id() --Vollmer
*/
$id = session_id();
}
$userfield = libglue_param('user_username');
$username = $data['info'][$userfield];
$type = $data['type'];
$local_dbh = check_sess_db('local');
$local_table = libglue_param('local_table');
$local_sid = libglue_param('local_sid');
$local_usercol = libglue_param('local_usercol');
$local_datacol = libglue_param('local_datacol');
$local_expirecol = libglue_param('local_expirecol');
$local_typecol = libglue_param('local_typecol');
$sql= "INSERT INTO $local_table ".
" ($local_sid,$local_usercol,$local_typecol)".
" VALUES ('$id','$username','$type')";
$db_result = mysql_query($sql, $local_dbh);
if($db_result) return TRUE;
else return FALSE;
}
function make_local_session_sso($sso_session)
{
$sso_usercol = $sso_session[libglue_param('sso_usercol')];
$sso_sid = $sso_session[libglue_param('sso_sid')];
$sso_expire = $sso_session[libglue_param('sso_expirecol')];
$user = get_ldap_user($sso_usercol);
$data = array('user'=>$user);
//Somewhat stupidly, we have to initialize $_SESSION here,
// or sess_write will blast it for us
$_SESSION = $data;
$db_data = serialize($data);
$local_dbh = check_sess_db('local');
//Local stuff we need:
$local_table = libglue_param('local_table');
$local_sid = libglue_param('local_sid');
$local_usercol = libglue_param('local_usercol');
$local_datacol = libglue_param('local_datacol');
$local_expirecol = libglue_param('local_expirecol');
$local_typecol = libglue_param('local_typecol');
$sql= "INSERT INTO $local_table ".
" ($local_sid,$local_usercol,$local_datacol,$local_expirecol,$local_typecol)".
" VALUES ('$sso_sid','$sso_usercol','$db_data','$sso_expire','sso')";
$db_result = mysql_query($sql, $local_dbh);
if($db_result) return TRUE;
else return FALSE;
}
function get_local_session($sid)
{
$local_table = libglue_param('local_table');
$local_sid = libglue_param('local_sid');
$local_expirecol = libglue_param('local_expirecol');
$local_length = libglue_param('local_length');
$local_usercol = libglue_param('local_usercol');
$local_datacol = libglue_param('local_datacol');
$local_typecol = libglue_param('local_typecol');
$local_dbh = check_sess_db('local');
$time = time();
$sql = "SELECT * FROM $local_table WHERE $local_sid='$sid' AND $local_expirecol > $time";
$db_result = mysql_query($sql, $local_dbh);
$session = mysql_fetch_array($db_result);
if(is_array($session)) $retval = $session;
else $retval = FALSE;
if($retval === FALSE)
{
//Find out what's going on
}
return $retval;
}
function get_sso_session($sid)
{
$sso_table = libglue_param('sso_table');
$sso_sid = libglue_param('sso_sid');
$sso_expirecol = libglue_param('sso_expirecol');
$sso_length = libglue_param('sso_length');
$sso_usercol = libglue_param('sso_usercol');
$sso_dbh = check_sess_db('sso');
$time = time();
$sql = "SELECT * FROM $sso_table WHERE $sso_sid='$sid' AND $sso_expirecol > $time";
$db_result = mysql_query($sql, $sso_dbh);
$sso_session = mysql_fetch_array($db_result);
$retval = (is_array($sso_session))?$sso_session:FALSE;
return $retval;
}
// This will start the session tools, then destroy anything in the database then
// clear all of the session information
function logout ($id=0)
{
sess_destroy($id);
$login_page = libglue_param('login_page');
// should clear both the database information as well as the
// current session info
header("Location: $login_page");
die();
return true;
}
// Double checks that we have a database handle
// Args are completely ignored - we're using a database here
function sess_open($save_path, $session_name)
{
$local_dbh = check_sess_db();
if ( !is_resource($local_dbh) )
{
echo "<!-- Unable to connect to local server in order to " .
"use the session database. Perhaps the database is not ".
"running, or perhaps the admin needs to change a few variables in ".
"the config file in order to point to the correct ".
"database.-->\n";
return FALSE;
}
$auth_methods = libglue_param('auth_methods');
if(!is_array($auth_methods)) $auth_methods = array($auth_methods);
if(in_array('sso',$auth_methods,TRUE))
{
$sso_dbh = check_sess_db('sso');
if ( !is_resource($sso_dbh) )
{
echo "<!-- Unable to connect to the SSO server in order to " .
"use the session database. Perhaps the database is not ".
"running, or perhaps the admin needs to change a few variables in ".
"modules/include/global_settings in order to point to the correct ".
"database.-->\n";
return FALSE;
}
}
return TRUE;
}
// Placeholder function, does nothing
function sess_close()
{
return true;
}
// Retrieve session identified by 'key' from the database
// and return the data field
function sess_read($key)
{
$retval = 0;
$session = get_local_session($key);
$datacol = libglue_param('local_datacol');
if(is_array($session)) $retval = $session[$datacol];
else $retval = "";
return $retval;
}
//
// Save the session data $val to the database
//
function sess_write($key, $val)
{
$local_dbh = check_sess_db('local');
$local_datacol = libglue_param('local_datacol');
$local_table = libglue_param('local_table');
$local_sid = libglue_param('local_sid');
$auth_methods = libglue_param('auth_methods');
$local_expirecol = libglue_param('local_expirecol');
$local_length = libglue_param('local_length');
$time = $local_length+time();
// If they've got the long session
if ($_COOKIE['amp_longsess'] == '1') {
$time = time() + 86400*364;
}
if(!is_array($auth_methods)) $auth_methods = array($auth_methods);
if(!in_array('sso',$auth_methods,TRUE))
{
// If not using sso, we now need to update the expire time
$sql = "UPDATE $local_table SET $local_datacol='" . sql_escape($val) . "',$local_expirecol='$time'".
" WHERE $local_sid = '$key'";
}
else $sql = "UPDATE $local_table SET $local_datacol='" . sql_escape($val) . "',$local_expirecol='$time'".
" WHERE $local_sid = '$key'";
return mysql_query($sql, $local_dbh);
}
//
// Remove the current session from the database.
//
function sess_destroy($id=0)
{
if($id == 0) {
session_start();
$id = session_id();
}
$auth_methods = libglue_param('auth_methods');
if(!is_array($auth_methods)) $auth_methods = array($auth_methods);
if(in_array('sso',$auth_methods,TRUE))
{
$sso_sid = libglue_param('sso_sid');
$sso_table = libglue_param('sso_table');
$sso_dbh = check_sess_db('sso');
$sql = "DELETE FROM $sso_table WHERE $sso_sid = '$id' LIMIT 1";
$result = mysql_query($sql, $sso_dbh);
}
$local_sid = libglue_param('local_sid');
$local_table = libglue_param('local_table');
$local_dbh = check_sess_db('local');
$sql = "DELETE FROM $local_table WHERE $local_sid = '$id' LIMIT 1";
$result = mysql_query($sql, $local_dbh);
$_SESSION = array();
/* Delete the long ampache session cookie */
setcookie ("amp_longsess", "", time() - 3600);
/* Delete the ampache cookie as well... */
setcookie (libglue_param('sess_name'),"", time() - 3600);
return TRUE;
}
//
// This function is called with random frequency
// to remove expired session data
//
function sess_gc($maxlifetime)
{
$auth_methods = libglue_param('auth_methods');
if(!is_array($auth_methods)) $auth_methods = array($auth_methods);
if(in_array('sso',$auth_methods,TRUE))
{
//Delete old sessions from SSO
// We do 'where length' so we don't accidentally blast
// another app's sessions
$sso_expirecol = libglue_param('sso_expirecol');
$sso_table = libglue_param('sso_table');
$sso_length = libglue_param('sso_length');
$local_length = libglue_param('local_length');
$sso_dbh = check_sess_db('sso');
$time = time();
$sql = "DELETE FROM $sso_table WHERE $sso_expirecol < $time".
" AND $sso_length = '$local_length'";
$result = mysql_query($sql, $sso_dbh);
}
$local_expirecol = libglue_param('local_expirecol');
$local_table = libglue_param('local_table');
$time = time();
$local_dbh = check_sess_db('local');
$sql = "DELETE FROM $local_table WHERE $local_expirecol < $time";
$result = mysql_query($sql, $local_dbh);
return true;
}
//
// Register all our cool session handling functions
//
session_set_save_handler(
"sess_open",
"sess_close",
"sess_read",
"sess_write",
"sess_destroy",
"sess_gc");
?>
Reference in a new issue View git blame Copy permalink