library/People/People.Class.Session.php

   1 <?php
   2 /**
   3  * Class that handles user sessions.
   4  *
   5  * Copyright 2003 Mark O'Sullivan
   6  * This file is part of Lussumo's Software Library.
   7  * Lussumo's Software Library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
   8  * Lussumo's Software Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
   9  * You should have received a copy of the GNU General Public License along with Vanilla; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  10  * The latest source code is available at www.lussumo.com
  11  * Contact Mark O'Sullivan at mark [at] lussumo [dot] com
  12  *
  13  * @author Mark O'Sullivan
  14  * @copyright 2003 Mark O'Sullivan
  15  * @license http://lussumo.com/community/gpl.txt GPL 2
  16  * @package People
  17  * @version 1.1.8
  18  */
  19
  20
  21 /**
  22  * Handles user sessions.
  23  * @package People
  24  */
  25
  26 class PeopleSession {
  27         /**
  28          * Unique user identifier
  29          * @var int
  30          */
  31         var $UserID;
  32
  33         /**
  34          * User object containing properties relevant to session
  35          * @var User
  36          */
  37         var $User;
  38
  39         /**
  40          * Ensure that there is an active session.
  41          *
  42          * If there isn't an active session, send the user to the SignIn Url
  43          *
  44          * @param Context $Context
  45          */
  46         function Check(&$Context) {
  47                 if (($this->UserID == 0 && !$Context->Configuration['PUBLIC_BROWSING']) || ($this->UserID > 0 && !$this->User->PERMISSION_SIGN_IN)) {
  48                         if ($this->UserID > 0 && !$this->User->PERMISSION_SIGN_IN) $this->End($Context->Authenticator);
  49                         $Url = AppendUrlParameters(
  50                                 $Context->Configuration['SAFE_REDIRECT'],
  51                                 'ReturnUrl=' . urlencode( GetRequestUri() ) );
  52                         Redirect($Url);
  53                 }
  54         }
  55
  56         /**
  57          * End the session and remove the session data.
  58          */
  59         function Destroy() {
  60                 if (session_id()) {
  61                         session_destroy();
  62                 }
  63                 $this->UserID = 0;
  64                 if($this->User) {
  65                         $this->User->Clear();
  66                 }
  67         }
  68
  69
  70         /**
  71          * End a session
  72          *
  73          * @param Authenticator $Authenticator
  74          */
  75         function End($Authenticator) {
  76                 $Authenticator->DeAuthenticate();
  77         }
  78
  79         /**
  80          * Get a session variable
  81          *
  82          * @param string $Name
  83          * @param string $DataType Can be int|bool|array|string.
  84          * @return int|boolean|array|string
  85          */
  86         function GetVariable($Name, $DataType = 'bool') {
  87                 if ($DataType == 'int') {
  88                         return ForceInt(@$_SESSION[$Name], 0);
  89                 } else if ($DataType == 'bool') {
  90                         return ForceBool(@$_SESSION[$Name], 0);
  91                 } else if ($DataType == 'array') {
  92                         return ForceArray(@$_SESSION[$Name], array());
  93                 } else {
  94                         return ForceString(@$_SESSION[$Name], '');
  95                 }
  96         }
  97
  98         /**
  99          * Set a session variable
 100          *
 101          * @param string $Name
 102          * @param int|bool|array|string $Value
 103          */
 104         function SetVariable($Name, $Value) {
 105                 @$_SESSION[$Name] = $Value;
 106         }
 107
 108         /**
 109          * Return the key used for CSRF protection.
 110          * @return String
 111          */
 112         function GetCsrfValidationKey() {
 113                 $Key = $this->GetVariable('SessionPostBackKey', 'string');
 114                 if ($Key == '') {
 115                         $Key = DefineVerificationKey();
 116                         $this->SetVariable('SessionPostBackKey', $Key);
 117                 }
 118                 return $Key;
 119         }
 120
 121         /**
 122          * Regenerate the session id.
 123          *
 124          * The old session id and the data associated to it should be destroyed.
 125          * Sending a session id is not enought since someone with the old id would
 126          * be able the claim the identity of the user.
 127          *
 128          * (the user should not lose his/her session data)
 129          *
 130          * @param Context $Context
 131          */
 132         function RegenerateId($Context) {
 133                 if (session_id()) {
 134                         if (version_compare(phpversion(), '5.0.0', '>=')) {
 135                                 session_regenerate_id(true);
 136                         } else {
 137                                 $SessionCopy = $_SESSION;
 138                                 session_destroy();
 139                                 session_id(md5(uniqid(rand(), true) . rand()));
 140                                 if ($Context->Configuration['SESSION_NAME']) {
 141                                         session_name($Context->Configuration['SESSION_NAME']);
 142                                 }
 143                                 session_start();
 144                                 setcookie(session_name(), session_id(), null,
 145                                         $Context->Configuration['COOKIE_PATH'],
 146                                         $Context->Configuration['COOKIE_DOMAIN'],
 147                                         ($Context->Configuration['HTTP_METHOD'] === "https"));
 148                                 $_SESSION = $SessionCopy;
 149                         }
 150                 }
 151         }
 152
 153         /**
 154          * Start a session if required username/password exist in the system
 155          *
 156          * @param Context $Context
 157          * @param Authenticator $Authenticator
 158          * @param int $UserID
 159          */
 160         function Start(&$Context, $Authenticator, $UserID = '0') {
 161                 $this->StartSession($Context);
 162
 163                 // If the UserID is not explicitly defined (ie. by some vanilla-based login module),
 164                 // retrieve the authenticated UserID from the Authenticator module.
 165                 $this->UserID = ForceInt($UserID, 0);
 166                 if ($this->UserID == 0) $this->UserID = $Authenticator->GetIdentity();
 167
 168                 // Now retrieve user information
 169                 if ($this->UserID > 0) {
 170                         $UserManager = $Context->ObjectFactory->NewContextObject($Context, 'UserManager');
 171                         $this->User = $UserManager->GetSessionDataById($this->UserID);
 172
 173                         // If the session data retrieval failed for some reason, dump the user
 174                         if (!$this->User) {
 175                                 $this->User = $Context->ObjectFactory->NewContextObject($Context, 'User');
 176                                 $this->User->Clear();
 177                                 $this->UserID = 0;
 178                         }
 179                 } else {
 180                         $this->User = $Context->ObjectFactory->NewContextObject($Context, 'User');
 181                         $this->User->Clear();
 182                 }
 183         }
 184
 185         /**
 186          * Start the PHP session
 187          *
 188          * @param Context $Context
 189          */
 190         function StartSession($Context) {
 191                 if (!session_id()) {
 192                         if (!empty($Context->Configuration['SESSION_NAME'])) {
 193                                 session_name($Context->Configuration['SESSION_NAME']);
 194                         }
 195                         $UseSsl = ($Context->Configuration['HTTP_METHOD'] === "https");
 196                         if (version_compare(PHP_VERSION, '5.2.0', '>=')) {
 197                                 session_set_cookie_params(0, $Context->Configuration['COOKIE_PATH'],
 198                                         $Context->Configuration['COOKIE_DOMAIN'], $UseSsl, true);
 199                         } else {
 200                                 session_set_cookie_params(0, $Context->Configuration['COOKIE_PATH'],
 201                                         $Context->Configuration['COOKIE_DOMAIN'], $UseSsl);
 202                         }
 203                         session_start();
 204                 }
 205         }
 206
 207 }
 208 ?>