diff options
Diffstat (limited to 'lib/class/vauth.class.php')
| -rw-r--r-- | lib/class/vauth.class.php | 393 |
1 files changed, 1 insertions, 392 deletions
diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php index e6dcab43..3d435d4c 100644 --- a/lib/class/vauth.class.php +++ b/lib/class/vauth.class.php @@ -39,117 +39,6 @@ class vauth { } // __construct /** - * open - * This function is for opening a new session so we just verify that we - * have a database connection, nothing more is needed - */ - public static function open($save_path, $session_name) { - - if (!is_resource(Dba::dbh())) { - debug_event('SESSION', 'Error: no database connection session failed', '1'); - return false; - } - - return true; - - } // open - - /** - * close - * This is run on the end of a session, nothing to do here for now - */ - public static function close() { - - return true; - - } // close - - /** - * read - * This takes a key and then looks in the database and returns the value - */ - public static function read($key) { - - $results = self::get_session_data($key); - - if (!is_array($results)) { - debug_event('SESSION', 'Unable to read session from key ' . $key . ' no data found', 5); - return ''; - } - - return $results['value']; - - } // read - - /** - * write - * This saves the session information into the database - */ - public static function write($key, $value) { - - if (defined('NO_SESSION_UPDATE')) { return true; } - - $length = Config::get('session_length'); - $value = Dba::escape($value); - $key = Dba::escape($key); - // Check to see if remember me cookie is set, if so use remember - // length, otherwise use the session length - $expire - = isset($_COOKIE[Config::get('session_name') . '_remember']) - ? time() + Config::get('remember_length') - : time() + Config::get('session_length'); - - $sql = "UPDATE `session` SET `value`='$value', " . - "`expire`='$expire' WHERE `id`='$key'"; - $db_results = Dba::read($sql); - - debug_event('SESSION', 'Writing to ' . $key . ' with expire ' . $expire . ' ' . Dba::error(), '6'); - - return $db_results; - - } // write - - /** - * destroy - * This removes the specified session from the database - */ - public static function destroy($key) { - - $key = Dba::escape($key); - - if (!strlen($key)) { return false; } - - // Remove anything and EVERYTHING - $sql = "DELETE FROM `session` WHERE `id`='$key'"; - $db_results = Dba::write($sql); - - debug_event('SESSION', 'Deleting Session with key:' . $key, '6'); - - // Destroy our cookie! - setcookie(Config::get('session_name'), '', time() - 86400); - - return true; - - } // destroy - - /** - * gc - * This function is randomly called and it cleans up the spoo - */ - public static function gc($maxlifetime) { - - $sql = "DELETE FROM `session` WHERE `expire` < '" . time() . "'"; - $db_results = Dba::write($sql); - - // Also clean up things that use sessions as keys - Query::gc(); - Tmp_Playlist::gc(); - - return true; - - } // gc - - /** * logout * This is called when you want to log out and nuke your session * This is the function used for the Ajax logouts, if no id is passed @@ -161,7 +50,7 @@ class vauth { $key = $key ? $key : session_id(); // Nuke the cookie before all else - self::destroy($key); + Session::destroy($key); if ((! $relogin) && Config::get('logout_redirect')) { $target = Config::get('logout_redirect'); } @@ -196,286 +85,6 @@ class vauth { } // logout /** - * get_session_data - * This takes a key and returns the raw data from the database, nothing - * to see here move along people - */ - public static function get_session_data($key) { - - $key = Dba::escape($key); - - $sql = "SELECT * FROM `session` WHERE `id`='$key' AND `expire` > '" . time() . "'"; - $db_results = Dba::read($sql); - - if ($results = Dba::fetch_assoc($db_results)) { - return $results; - } - - return false; - - } // get_session_data - - /** - * create_cookie - * This is separated into its own function because of some flaws in - * specific webservers *cough* IIS *cough* which prevent us from setting - * a cookie at the same time as a header redirect. As such on view of a - * login a cookie is set with the proper name - */ - public static function create_cookie() { - - /* Setup the cookie prefs before we throw down, this is very important */ - $cookie_life = Config::get('cookie_life'); - $cookie_path = Config::get('cookie_path'); - $cookie_domain = false; - $cookie_secure = Config::get('cookie_secure'); - - session_set_cookie_params($cookie_life,$cookie_path,$cookie_domain,$cookie_secure); - - session_name(Config::get('session_name')); - - /* Start the session */ - self::ungimp_ie(); - session_start(); - - } // create_cookie, just watch out for the cookie monster - - /** - * create_remember_cookie - * This function just creates the remember me cookie, nothing special - */ - public static function create_remember_cookie() { - - $remember_length = Config::get('remember_length'); - $session_name = Config::get('session_name'); - - Config::set('cookie_life', $remember_length, true); - setcookie($session_name . '_remember',"Rappelez-vous, rappelez-vous le 27 mars", time() + $remember_length, '/'); - - } // create_remember_cookie - - /** - * session_create - * This is called when you want to create a new session - * it takes care of setting the initial cookie, and inserting the first - * chunk of data, nifty ain't it! - */ - public static function session_create($data) { - - // Regenerate the session ID to prevent fixation - switch ($data['type']) { - case 'xml-rpc': - case 'api': - $key = md5(uniqid(rand(), true)); - break; - case 'mysql': - default: - session_regenerate_id(); - - // Before refresh we don't have the cookie so we - // have to use session ID - $key = session_id(); - break; - } // end switch on data type - - $username = Dba::escape($data['username']); - $ip = $_SERVER['REMOTE_ADDR'] - ? Dba::escape(inet_pton($_SERVER['REMOTE_ADDR'])) - : '0'; - $type = Dba::escape($data['type']); - $value = Dba::escape($data['value']); - $agent = Dba::escape(substr($_SERVER['HTTP_USER_AGENT'], 0, 254)); - $expire = Dba::escape(time() + Config::get('session_length')); - - /* We can't have null things here people */ - if (!strlen($value)) { $value = ' '; } - - /* Insert the row */ - $sql = "INSERT INTO `session` (`id`,`username`,`ip`,`type`,`agent`,`value`,`expire`) " . - " VALUES ('$key','$username','$ip','$type','$agent','$value','$expire')"; - $db_results = Dba::write($sql); - - if (!$db_results) { - debug_event('SESSION', "Session Creation Failed with Query: $sql and " . Dba::error(), '1'); - return false; - } - - debug_event('SESSION', 'Session Created:' . $key, '6'); - - return $key; - - } // session_create - - /** - * check_session - * This checks for an existing session. If it's still valid we go ahead - * and start it and return true. - */ - public static function check_session() { - - $session_name = Config::get('session_name'); - - // No cookie no go! - if (!isset($_COOKIE[$session_name])) { return false; } - - // Check for a remember me - if (isset($_COOKIE[$session_name . '_remember'])) { - self::create_remember_cookie(); - } - - // Set up the cookie params before we start the session. - // This is vital - session_set_cookie_params( - Config::get('cookie_life'), - Config::get('cookie_path'), - Config::get('cookie_domain'), - Config::get('cookie_secure')); - - // Set name - session_name($session_name); - - // Ungimp IE and go - self::ungimp_ie(); - session_start(); - - return true; - - } // check_session - - /** - * session_exists - * This checks to see if the specified session of the specified type - * exists, it also provides an array of key'd data that may be required - * based on the type - */ - public static function session_exists($type, $key, $data=array()) { - - // Switch on the type they pass - switch ($type) { - case 'xml-rpc': - case 'api': - $key = Dba::escape($key); - $time = time(); - $sql = "SELECT * FROM `session` WHERE " . - "`id`='$key' AND `expire` > '$time' " . - "AND `type`='$type'"; - $db_results = Dba::read($sql); - - if (Dba::num_rows($db_results)) { - return true; - } - break; - case 'interface': - $key = Dba::escape($key); - $time = time(); - // Build a list of enabled authentication types - $types = Config::get('auth_methods'); - if (!Config::get('use_auth')) { - $types[] = ''; - } - $enabled_types = implode("','", $types); - $sql = "SELECT * FROM `session` WHERE " . - "`id`='$key' AND `expire` > '$time' " . - "AND `type` IN('$enabled_types')"; - $db_results = Dba::read($sql); - - if (Dba::num_rows($db_results)) { - return true; - } - break; - case 'stream': - $key = Dba::escape($key); - $ip = Dba::escape(inet_pton($data['ip'])); - $agent = Dba::escape($data['agent']); - $sql = "SELECT * FROM `session_stream` WHERE " . - "`id`='$key' AND `expire` > '$time' " . - "AND `ip`='$ip' AND `agent`='$agent'"; - $db_results = Dba::read($sql); - - if (Dba::num_rows($db_results)) { - return true; - } - - break; - default: - return false; - break; - } // type - - // Default to false - return false; - - } // session_exists - - /** - * session_extend - * This should really be extend_session but hey you gotta go with the - * flow. - * This takes a SID and extends its expiration. - */ - public static function session_extend($sid) { - $time = time(); - $sid = Dba::escape($sid); - $expire = isset($_COOKIE[Config::get('session_name') . '_remember']) - ? $time + Config::get('remember_length') - : $time + Config::get('session_length'); - - $sql = "UPDATE `session` SET `expire`='$expire' WHERE `id`='$sid'"; - $db_results = Dba::write($sql); - - debug_event('SESSION', $sid . ' has been extended to ' . date('r', $expire) . ' extension length ' . ($expire - $time), 5); - - return $db_results; - } // session_extend - - /** - * _auto_init - * This function is called when the object is included, this sets up the - * session_save_handler - */ - public static function _auto_init() { - - if (!function_exists('session_start')) { - header("Location:" . Config::get('web_path') . "/test.php"); - exit; - } - - session_set_save_handler( - array('vauth', 'open'), - array('vauth', 'close'), - array('vauth', 'read'), - array('vauth', 'write'), - array('vauth', 'destroy'), - array('vauth', 'gc')); - - } // auto init - - /** - * ungimp_ie - * This function sets the cache limiting to public if you are running - * some flavor of IE. The detection used here is very conservative so - * feel free to fix it. This only has to be done if we're rolling HTTPS. - */ - public static function ungimp_ie() { - - // If no https, no ungimpage required - if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'on') { - return true; - } - - // Try to detect IE - $agent = trim($_SERVER['HTTP_USER_AGENT']); - - if ((strpos($agent, 'MSIE') !== false) || - (strpos($agent,'Internet Explorer/') !== false)) { - session_cache_limiter('public'); - } - - return true; - - } // ungimp_ie - - /** * authenticate * This takes a username and password and then returns the results * based on what happens when we try to do the auth. |