Codice PHP:
class session
{
var $sessionid = "";
var $sessionmemberid ="";
var $useragent = "";
var $ip_address = "";
var $dateline = "";
var $is_logged = false;
var $session_type = false;
var $SESS = array();
var $sessiontype = "";
function session()
{
global $dbcore , $smarty , $RCW , $cookie , $techaut , $settings;
$this->sessionid = $cookie->GetCookie('adminid');
$this->ip_address = $_SERVER['REMOTE_ADDR'];
$this->useragent = trim(substr($_SERVER['HTTP_USER_AGENT'], 0, 60));
}
function SessionStart($sesstype)
{
if(session_id()== "")
session_start();
global $dbcore , $smarty , $RCW , $cookie , $techaut , $settings;
$this->sessiontype = $sesstype ;
$this->sessionid = session_id();
$this->sessionmemberid = $cookie->GetCookie('adminid');
$this->ip_address = $_SERVER['REMOTE_ADDR'];
$this->useragent = trim(substr($_SERVER['HTTP_USER_AGENT'], 0, 60));
if($sesstype === SESSION_ADMIN){
$sesstype = $sesstype;
} else if($sesstype === SESSION_STAFF){
$sesstype = $sesstype;
} else if($sesstype === SESSION_USER){
$sesstype = $sesstype;
} else if($sesstype === SESSION_GUEST){
$sesstype = $sesstype;
} else {
return false;
}
if(!empty($cookie->GetCookie("adminid"))){
$_COOKIE['sessionid'] = $cookie->GetCookie("adminid");
return true ;
}else{
return false;
}
$cookiesid = $cookie->GetCookie("sessionid");
if(!empty($_POST['sessionid'])) {
$sessionid = $_POST['sessionid'];
}else if (!empty($_GET['sessionid'])) {
$sessionid = $_GET['sessionid'];
}else if (!empty($cookiesid))
{
$sessionid =& $cookiesid;
echo 'io ci sono';} else if(defined("SESSIONEXPIRY")){
echo "[Session Expired Debug]: Unable to find session id in POST, GET or COOKIE variable.. Clearing Out...";
}else {
return false;
}
if (!$this->ReadSession($sessionid, $sesstype)) {
$cookie->DeleteCookie("sessionid" . $sesstype);
echo "['invalid_sessionid']";
if(defined("DEBUGSESSIONEXPIRY")) {
echo "[Session Expired Debug]: Unable to fetch a valid session for session id: " . $sessionid;
}
return false;
}
if (!empty($_GET['sessionid']) && empty($cookiesid) && $sesstype == SESSION_ADMIN) {
$cookie->SetCookie("sessionid" . $sesstype, $sessionid);
}
if ($sesstype == SESSION_USER || $sesstype == SESSION_GUEST) {
if (!empty($RCW['session']['typeid'])) {
$RCW['usergroupid'] = $RCW['tgroup']['regusergroupid'];
} else {
$RCW['usergroupid'] = $RCW['tgroup']['guestusergroupid'];
}
}
if ($sesstype != SESSION_ADMIN && $sesstype != SESSION_STAFF ){
return true;
}
if ($this->sessionmemberid) {
$this->flushsession($this->sessionmemberid, $sesstype);
if (defined("DEBUGSESSIONEXPIRY")) {
echo "[Session Expired Debug]: Unable to load any staff user for type id: " . $this->typeid;
}
return false;
}
if($settings['sessioninactivity'] != 0 and
$settings['sessioninactivity'] < NEWTIME - $this->SESS['lastactivity']
and $SESS['lastactivity'] != 0) {
$this->ReadSession($this->SESS['sessionid'],
$this->SESS['sessiontype']);
echo 'invalid_sessionid';
if (defined("RCW_SESSIONEXPIRY")) {
echo "[Session Expired Debug]: Session expired due to inactivity, Date difference between current
system date (" . date("d M Y h:i:s A", NEWTIME) . ") and last activity (" . date("d M Y h:i:s A",
$this->SESS['lastactivity']) .") is " . (NEWTIME - $this->SESS['lastactivity']) . "seconds whereas inactivity timing setting under Admin CP > Settings is " . $settings['sessioninactivity'] . " seconds.";
}
return false;
}
/*
if (180 < NEWTIME - $RCW['tech']['lastactivity']){
$techaut->UpdateLastActivity($RCW['tech']['staffid']);
}
*/return true;
}
function updatesession($sessionid, $typeid)
{
global $dbcore, $RCW;
$dbCore->query("UPDATE `sessions`
SET `typeid` = '" . $dbcore->escape($typeid) . "'
WHERE `sessionid` = '" . $dbcore->escape($sessionid) . "'");
}
function ReadSession($sessionid , $sesstype)
{
global $dbcore , $smarty , $RCW , $cookie , $techaut;
$ris = $dbcore->query("SELECT * FROM `sessions` WHERE sessionid = '".$dbcore->escape($sessionid)."'")or die(mysql_error());
$SESS = $dbcore->fetch_array($ris);
if((trim($SESS['useragent']) != trim($this->useragent) )and ( $session_type != SESSION_STAFF)){
$nocompatibily = true;
} else {
$useragentfailed = true;
$nocompatibily = false;
}
if ($SESS['sessiontype'] == $sesstype and !$nocompatibily){
if(($sesstype == SESSION_STAFF or $sesstype == SESSION_ADMIN ) && empty($SESS['typeid'])){
if (defined("SESSIONEXPIRY")) {
echo "[Session Expired Debug]: No Valid TypeID FOUND!.";
}
return false;
}
$this->sessionid = $SESS['sessionid'];
$RCW['sessionid'] = $SESS['sessionid'];
$RCW['sessionstarted'] = true;
$this->lastactivity = $SESS['lastactivity'];
$this->is_logged = $SESS['isloggedin'];
$this->session_type = $sesstype;
$this->dateline = $SESS['date'];
$this->typeid = $SESS['typeid'];
$this->SESS = $SESS;
$RCW['session'] =& $this->SESS;
unset($SESS);
$sessionidlist = array();
$sessionidlist[] = $sessionid;
if ($sesstype != SESSION_GUEST){
$result = $dbcore->query("UPDATE `sessions`
SET `lastactivity` = '".$dbcore->escape(NEWTIME)."'
WHERE `sessionid` IN (" .buildin($sessionidlist). ")")or die(mysql_error());
}
return true;
}else{
if(($useragentfailed ) and (defined("SESSIONEXPIRY"))){
echo "[Session Expired Debug]: User Agent Doesnt Match!!
Current: ". trim($this->useragent) .", DB Stored Value:" . $SESS['useragent'];
}
if (defined("SESSIONEXPIRY")) {
echo "[Session Expired Debug]: Session type doesnt match.. Current: " . $sesstype . ",
DB Stored Value: " . $SESS['sessiontype'];
}
return false;
}
}
function InsertSession($sesstype , $typeid = 0)
{
global $dbcore , $smarty , $RCW , $cookie , $techaut , $settings;
$sessionid = buildhash();
if($sesstype == SESSION_ADMIN ){
if(!empty($typeid)){
$dbcore->query("DELETE FROM `sessions`
WHERE `ipaddress` = '".$dbcore->escape($this->ip_address). "'
AND `sessiontype` = '" . $dbcore->escape($sesstype) . "'
AND `typeid` = '".intval($typeid)."'");
$isloggedin = "1";
}else{
return false;
}
} else if($sesstype == SESSION_STAFF ){
if(!empty($typeid)){
$time = NEWTIME - $settings['sessioninactivity'];
$dbcore->query("DELETE FROM `sessions`
WHERE `sessiontype` = '" . intval($sesstype) . "'
AND `lastactivity` < '" . $dbcore->escape($time) . "'");
$isloggedin = "1";
}else{
return false;
}
} else if($sesstype == SESSION_GUEST) {
$isloggedin = "0";
} else if(!$sesstype == SESSION_USER) {
return false;
}
$result_query = $dbcore->query("REPLACE INTO `sessions`
(`sessionid`, `ipaddress`, `lastactivity`, `useragent`, `isloggedin`, `sessiontype`, `typeid`, `date`, `status`) VALUES(
'".$dbcore->escape($sessionid)."',
'".$dbcore->escape($this->ip_address)."',
'". NEWTIME."',
'". $dbcore->escape(substr($this->useragent, 0,60))."',
'". intval($isloggedin) ."',
'". $dbcore->escape($sesstype) ."',
'" . $dbcore->escape($typeid) . "',
'". NEWTIME ."', 0)") or die(mysql_error());
if ( $result_query ) {
$RCW['sessionid'] = $sessionid;
$RCW['session']['sessionid'] = $sessionid;
$RCW['session']['ipaddress'] = $_SERVER['REMOTE_ADDR'];
$RCW['session']['lastactivity'] = time();
$RCW['session']['useragent'] = $_SERVER['HTTP_USER_AGENT'];
$RCW['session']['isloggedin'] = "1";
$RCW['session']['sessiontype'] = $sesstype;
$RCW['session']['typeid'] = $typeid;
$RCW['session']['date'] = NEWTIME;
$cookie->SetCookie("sessionid" . $sesstype , $sessionid);
}
return $sessionid;
}
function LogoutSession($sesstype)
{
global $cookie;
$cookiesid = $cookie->GetCookie("sessionid".$sesstype);
/* $cookiesid = cleanvar($cookie->GetCookie("sessionid".$sesstype));
*/
if(!empty($_POST['sessionid'])) {
$sessionid = $_POST['sessionid'];
} else if (!empty($_GET['sessionid'])) {
$sessionid = $_GET['sessionid'];
}else if (!empty($cookiesid)) {
$sessionid =& $cookiesid;
}else{
return false;
}
if(trim($sessionid) != ""){
$this->DestroySession($sessionid , $sesstype);
return true;
}
return false;
}
function DestroySession($sessionid , $sesstype)
{
global $dbcore , $RCW , $cookie ;
if (empty($sessionid)){
return;
}
$dbcore->query("DELETE FROM `sessions` WHERE `sessionid` = '".$dbcore->escape($sessionid)."'")or die(mysql_error());
unset($this->sessionid);
unset($this->lastactivity);
unset($this->is_logged);
unset($this->session_type);
unset($this->dateline);
unset($this->typeid);
unset($this->SESS);
unset($RCW["sessionid"]);
unset($RCW['session']);
$cookie->DeleteCookie("sessionid".$sesstype);
$RCW['sessionstarted'] = false;
}
function DeleteSession($sessionid, $sesstype)
{
global $dbcore , $RCW , $cookie ;
if(empty($sessionid)) {
return;
}
$dbcore->query("DELETE FROM `sessions` WHERE `sessionid` = '" . $dbcore->escape($sessionid) . "'");
$cookie->DeleteCookie("sessionid" . $sesstype);
}
function Destroyinactivesessions()
{
global $dbcore , $RCW , $cookie , $settings ;
$time = NEWTIME - $settings['sessioninactivity'];
$dbcore->query("DELETE FROM `sessions` WHERE `lastactivity` < '" . $dbcore->escape($time) . "'");
return true;
}
function fetchsession($sessionid, $sesstype)
{
global $dbcore , $RCW , $cookie , $settings ;
$riz = $dbcore->query("SELECT * FROM `sessions` WHERE sessionid = '" . $dbcore->escape($sessionid) . "';");
$SESS = $dbcore->fetch_array($riz);
if (($SESS['useragent'] != $this->useragent) && $sesstype != SESSION_STAFF)
/* (trim($SESS['useragent']) != trim($this->useragent)) && ($sesstype != SESSION_STAFF ))) */
{
$noproceed = true;
} else {
$useragentfailed = true;
$noproceed = false;
}
if ($SESS['sessiontype'] == $sesstype && !$noproceed) {
if ( $SESS['ipaddress'] != $this->ipaddress ) {
return false;
}else if (($sesstype == SESSION_STAFF || $sesstype == SESSION_ADMIN) && empty($SESS['typeid']))
{
if (defined("DEBUGSESSIONEXPIRY")) {
echo "[Session Expired Debug]: No Valid TypeID FOUND!.";
}
return false;
}
$this->sessionid = $SESS['sessionid'];
$RCW['sessionid'] = $SESS['sessionid'];
$RCW['sessionstarted'] = true;
$this->lastactivity = $SESS['lastactivity'];
$this->isloggedin = $SESS['isloggedin'];
$this->sessiontype = $sesstype;
$this->dateline = $SESS['dateline'];
$this->typeid = $SESS['typeid'];
$this->SESS = $SESS;
$RCW['session'] =& $this->SESS;
unset($SESS);
$sessionidlist = array();
$sessionidlist[] = $sessionid;
if ($sessiontype != SESSION_GUEST) {
$dbcore->query("UPDATE `sessions` SET `lastactivity` = '" . $dbcore->escape(DATENOW) . "' `status` = '" . $dbcore->escape($_REQUEST['status']). "' WHERE `sessionid` IN (" . buildin($sessionidlist) . ");", false);
}
return true;
}else{
if ($useragentfailed && defined("DEBUGSESSIONEXPIRY")) {
echo "[Session Expired Debug]: User Agent Doesnt Match!! Current: " . trim($this->useragent) . ", DB Stored Value: " . $SESS['useragent'];
}
if (defined("DEBUGSESSIONEXPIRY")) {
echo "[Session Expired Debug]: Session type doesnt match.. Current: " . $sesstype . ", DB Stored Value: " . $SESS['sessiontype'];
}
return false;
}
}
}
Rispondi quotando