summaryrefslogtreecommitdiffstats
path: root/libglue/session.php
diff options
context:
space:
mode:
Diffstat (limited to 'libglue/session.php')
-rw-r--r--libglue/session.php417
1 files changed, 417 insertions, 0 deletions
diff --git a/libglue/session.php b/libglue/session.php
new file mode 100644
index 00000000..aef10c60
--- /dev/null
+++ b/libglue/session.php
@@ -0,0 +1,417 @@
+<?
+/* ------------------- CVS INFO ----------------------
+ *
+ * $Source: /data/cvsroot/ampache/libglue/session.php,v $
+ * last modified by $Author: vollmerk $ at $Date: 2003/11/24 05:53:13 $
+ *
+ * Libglue, a free php library for handling authentication
+ * and session management.
+ *
+ * Written and distributed by Oregon State University.
+ * http://oss.oregonstate.edu/libglue
+ *
+ * ---------------------------------------------------
+ */
+
+
+function check_sess_db($dbtype = 'local')
+{
+ if($dbtype === 'sso')
+ {
+ $dbh = libglue_param(libglue_param('sso_dbh_name'));
+ if(is_resource($dbh)) return $dbh;
+ $dbh_name = libglue_param('sso_dbh_name');
+ $host = libglue_param('sso_host');
+ $db = libglue_param('sso_db');
+ $user = libglue_param('sso_username');
+ $pass = libglue_param('sso_pass');
+ $name = libglue_param('sso_dbh_name');
+ }
+ elseif($dbtype === 'local')
+ {
+ $dbh = libglue_param(libglue_param('local_dbh_name'));
+ if(is_resource($dbh)) return $dbh;
+ $dbh_name = libglue_param('local_dbh_name');
+ $host = libglue_param('local_host');
+ $db = libglue_param('local_db');
+ $user = libglue_param('local_username');
+ $pass = libglue_param('local_pass');
+ $name = libglue_param('local_dhb_name');
+ }
+ $dbh = setup_sess_db($dbh_name,$host,$db,$user,$pass);
+
+ if(is_resource($dbh)) return $dbh;
+ else die("Could not connect to $dbtype database for session management");
+}
+
+//
+// Really we are just checking the session here -- we want to see if
+
+// if the user has a valid session, if they do then we'll let them do
+// what they need to do.
+//
+
+function check_session($id=0)
+{
+ //If an id isn't passed in, retrieve one from the cookie
+ if($id===0) {
+
+ /*
+ We don't need to set cookie params here php
+ is smart enough to know which cookie it wants
+ via the session_name. Setting cookie params
+ here sometimes made php create a new cookie
+ which is very bad :) -- Vollmer
+ */
+ $name = libglue_param('sess_name');
+ if($name) session_name($name);
+
+ // Start the session, then get the cookie id
+ session_start();
+ $id = strip_tags($_COOKIE[$name]);
+ }
+
+ // Determine if we need to check the SSO database:
+ $auth_methods = libglue_param('auth_methods');
+ if(!is_array($auth_methods)) $auth_methods = array($auth_methods);
+ $sso_mode = in_array('sso',$auth_methods,TRUE);
+
+ $local = get_local_session($id);
+ if($sso_mode) $sso = get_sso_session($id);
+
+ if($sso_mode && !$sso)
+ {
+ return FALSE;
+ }
+ else if ($sso_mode && is_array($sso))
+ {
+ if(is_array($local)) return TRUE;
+ else
+ {
+ //
+ // Should we do gc here, just in case
+ // local is only expired?
+ // (The insert in make_local_session
+ // will fail if we don't)
+ //
+ $newlocal = make_local_session_sso($sso);
+ return $newlocal;
+ }
+ }
+ //If we get here, we're not using SSO mode
+ else if (!is_array($local))
+ {
+ return FALSE;
+ }
+ else return TRUE;
+}
+
+function make_local_session_only($data,$id=0)
+{
+ if($id===0)
+ {
+ $name = libglue_param('sess_name');
+ $domain = libglue_param('sess_domain');
+ if($name) session_name($name);
+ //Lifetime of the cookie:
+ $cookielife = libglue_param('sess_cookielife');
+ if(empty($cookielife)) $cookielife = 0;
+ //Secure cookie?
+ $cookiesecure = libglue_param('sess_cookiesecure');
+ if(empty($cookiesecure)) $cookiesecure = 0;
+ //Cookie path:
+ $cookiepath = libglue_param('sess_cookiepath');
+ if(empty($cookiepath)) $cookiepath = '/';
+
+ if(!empty($domain)) session_set_cookie_params($cookielife,$cookiepath,$domain,$cookiesecure);
+
+ // Start the session
+ session_start();
+
+
+ /*
+ Before a refresh we do not have a cookie value
+ here so let's use session_id() --Vollmer
+ */
+ $id = session_id();
+ }
+
+ $userfield = libglue_param('user_username');
+ $username = $data['info'][$userfield];
+ $type = $data['type'];
+
+ $local_dbh = check_sess_db('local');
+ $local_table = libglue_param('local_table');
+ $local_sid = libglue_param('local_sid');
+ $local_usercol = libglue_param('local_usercol');
+ $local_datacol = libglue_param('local_datacol');
+ $local_expirecol = libglue_param('local_expirecol');
+ $local_typecol = libglue_param('local_typecol');
+ $sql= "INSERT INTO $local_table ".
+ " ($local_sid,$local_usercol,$local_typecol)".
+ " VALUES ('$id','$username','$type')";
+ $db_result = mysql_query($sql, $local_dbh);
+
+ if($db_result) return TRUE;
+ else return FALSE;
+}
+
+function make_local_session_sso($sso_session)
+{
+ $sso_usercol = $sso_session[libglue_param('sso_usercol')];
+ $sso_sid = $sso_session[libglue_param('sso_sid')];
+ $sso_expire = $sso_session[libglue_param('sso_expirecol')];
+
+ $user = get_ldap_user($sso_usercol);
+
+ $data = array('user'=>$user);
+
+ //Somewhat stupidly, we have to initialize $_SESSION here,
+ // or sess_write will blast it for us
+ $_SESSION = $data;
+
+ $db_data = serialize($data);
+ $local_dbh = check_sess_db('local');
+
+ //Local stuff we need:
+ $local_table = libglue_param('local_table');
+ $local_sid = libglue_param('local_sid');
+ $local_usercol = libglue_param('local_usercol');
+ $local_datacol = libglue_param('local_datacol');
+ $local_expirecol = libglue_param('local_expirecol');
+ $local_typecol = libglue_param('local_typecol');
+ $sql= "INSERT INTO $local_table ".
+ " ($local_sid,$local_usercol,$local_datacol,$local_expirecol,$local_typecol)".
+ " VALUES ('$sso_sid','$sso_usercol','$db_data','$sso_expire','sso')";
+ $db_result = mysql_query($sql, $local_dbh);
+
+ if($db_result) return TRUE;
+ else return FALSE;
+}
+
+function get_local_session($sid)
+{
+ $local_table = libglue_param('local_table');
+ $local_sid = libglue_param('local_sid');
+ $local_expirecol = libglue_param('local_expirecol');
+ $local_length = libglue_param('local_length');
+ $local_usercol = libglue_param('local_usercol');
+ $local_datacol = libglue_param('local_datacol');
+ $local_typecol = libglue_param('local_typecol');
+
+ $local_dbh = check_sess_db('local');
+ $time = time();
+ $sql = "SELECT * FROM $local_table WHERE $local_sid='$sid' AND $local_expirecol > $time";
+ $db_result = mysql_query($sql, $local_dbh);
+ $session = mysql_fetch_array($db_result);
+
+ if(is_array($session)) $retval = $session;
+ else $retval = FALSE;
+
+ if($retval === FALSE)
+ {
+ //Find out what's going on
+ }
+
+ return $retval;
+}
+
+function get_sso_session($sid)
+{
+ $sso_table = libglue_param('sso_table');
+ $sso_sid = libglue_param('sso_sid');
+ $sso_expirecol = libglue_param('sso_expirecol');
+ $sso_length = libglue_param('sso_length');
+ $sso_usercol = libglue_param('sso_usercol');
+
+ $sso_dbh = check_sess_db('sso');
+ $time = time();
+ $sql = "SELECT * FROM $sso_table WHERE $sso_sid='$sid' AND $sso_expirecol > $time";
+ $db_result = mysql_query($sql, $sso_dbh);
+ $sso_session = mysql_fetch_array($db_result);
+
+ $retval = (is_array($sso_session))?$sso_session:FALSE;
+ return $retval;
+}
+
+
+
+// This will start the session tools, then destroy anything in the database then
+// clear all of the session information
+function logout ($id=0)
+{
+ sess_destroy($id);
+ $login_page = libglue_param('login_page');
+ // should clear both the database information as well as the
+ // current session info
+ header("Location: $login_page");
+ die();
+ return true;
+}
+
+// Double checks that we have a database handle
+// Args are completely ignored - we're using a database here
+function sess_open($save_path, $session_name)
+{
+ $local_dbh = check_sess_db();
+ if ( !is_resource($local_dbh) )
+ {
+ echo "<!-- Unable to connect to local server in order to " .
+ "use the session database. Perhaps the database is not ".
+ "running, or perhaps the admin needs to change a few variables in ".
+ "the config file in order to point to the correct ".
+ "database.-->\n";
+ return FALSE;
+ }
+
+ $auth_methods = libglue_param('auth_methods');
+ if(!is_array($auth_methods)) $auth_methods = array($auth_methods);
+ if(in_array('sso',$auth_methods,TRUE))
+ {
+ $sso_dbh = check_sess_db('sso');
+ if ( !is_resource($sso_dbh) )
+ {
+ echo "<!-- Unable to connect to the SSO server in order to " .
+ "use the session database. Perhaps the database is not ".
+ "running, or perhaps the admin needs to change a few variables in ".
+ "modules/include/global_settings in order to point to the correct ".
+ "database.-->\n";
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
+// Placeholder function, does nothing
+function sess_close()
+{
+ return true;
+}
+
+// Retrieve session identified by 'key' from the database
+// and return the data field
+function sess_read($key)
+{
+ $retval = 0;
+ $session = get_local_session($key);
+ $datacol = libglue_param('local_datacol');
+ if(is_array($session)) $retval = $session[$datacol];
+ else $retval = "";
+ return $retval;
+}
+
+
+//
+// Save the session data $val to the database
+//
+function sess_write($key, $val)
+{
+ $local_dbh = check_sess_db('local');
+ $local_datacol = libglue_param('local_datacol');
+ $local_table = libglue_param('local_table');
+ $local_sid = libglue_param('local_sid');
+
+ $auth_methods = libglue_param('auth_methods');
+ $local_expirecol = libglue_param('local_expirecol');
+ $local_length = libglue_param('local_length');
+ $time = $local_length+time();
+
+ // If they've got the long session
+ if ($_COOKIE['amp_longsess'] == '1') {
+ $time = time() + 86400*364;
+ }
+
+ if(!is_array($auth_methods)) $auth_methods = array($auth_methods);
+ if(!in_array('sso',$auth_methods,TRUE))
+ {
+ // If not using sso, we now need to update the expire time
+ $sql = "UPDATE $local_table SET $local_datacol='" . sql_escape($val) . "',$local_expirecol='$time'".
+ " WHERE $local_sid = '$key'";
+ }
+ else $sql = "UPDATE $local_table SET $local_datacol='" . sql_escape($val) . "',$local_expirecol='$time'".
+ " WHERE $local_sid = '$key'";
+
+ return mysql_query($sql, $local_dbh);
+}
+
+//
+// Remove the current session from the database.
+//
+function sess_destroy($id=0)
+{
+ if($id == 0) {
+ session_start();
+ $id = session_id();
+ }
+
+ $auth_methods = libglue_param('auth_methods');
+ if(!is_array($auth_methods)) $auth_methods = array($auth_methods);
+ if(in_array('sso',$auth_methods,TRUE))
+ {
+ $sso_sid = libglue_param('sso_sid');
+ $sso_table = libglue_param('sso_table');
+ $sso_dbh = check_sess_db('sso');
+ $sql = "DELETE FROM $sso_table WHERE $sso_sid = '$id' LIMIT 1";
+ $result = mysql_query($sql, $sso_dbh);
+ }
+ $local_sid = libglue_param('local_sid');
+ $local_table = libglue_param('local_table');
+
+ $local_dbh = check_sess_db('local');
+ $sql = "DELETE FROM $local_table WHERE $local_sid = '$id' LIMIT 1";
+ $result = mysql_query($sql, $local_dbh);
+ $_SESSION = array();
+
+ /* Delete the long ampache session cookie */
+ setcookie ("amp_longsess", "", time() - 3600);
+
+ /* Delete the ampache cookie as well... */
+ setcookie (libglue_param('sess_name'),"", time() - 3600);
+
+ return TRUE;
+}
+
+//
+// This function is called with random frequency
+// to remove expired session data
+//
+function sess_gc($maxlifetime)
+{
+ $auth_methods = libglue_param('auth_methods');
+ if(!is_array($auth_methods)) $auth_methods = array($auth_methods);
+ if(in_array('sso',$auth_methods,TRUE))
+ {
+ //Delete old sessions from SSO
+ // We do 'where length' so we don't accidentally blast
+ // another app's sessions
+ $sso_expirecol = libglue_param('sso_expirecol');
+ $sso_table = libglue_param('sso_table');
+ $sso_length = libglue_param('sso_length');
+ $local_length = libglue_param('local_length');
+
+ $sso_dbh = check_sess_db('sso');
+ $time = time();
+ $sql = "DELETE FROM $sso_table WHERE $sso_expirecol < $time".
+ " AND $sso_length = '$local_length'";
+ $result = mysql_query($sql, $sso_dbh);
+ }
+ $local_expirecol = libglue_param('local_expirecol');
+ $local_table = libglue_param('local_table');
+ $time = time();
+ $local_dbh = check_sess_db('local');
+ $sql = "DELETE FROM $local_table WHERE $local_expirecol < $time";
+ $result = mysql_query($sql, $local_dbh);
+ return true;
+}
+
+//
+// Register all our cool session handling functions
+//
+session_set_save_handler(
+ "sess_open",
+ "sess_close",
+ "sess_read",
+ "sess_write",
+ "sess_destroy",
+ "sess_gc");
+?>
generated by cgit (git 2.34.1) at 2025-08-13 07:34:53 +0000