PHPonTrax
[ class tree: PHPonTrax ] [ index: PHPonTrax ] [ all elements ]

Source for file session.php

Documentation is available at session.php

  1. <?php
  2. /**
  3. * File containing the Session class
  4. *
  5. * (PHP 5)
  6. *
  7. * @package PHPonTrax
  8. * @version $Id: session.php 198 2006-04-20 16:20:30Z haas $
  9. * @copyright (c) 2005 John Peterson
  10. *
  11. * Permission is hereby granted, free of charge, to any person obtaining
  12. * a copy of this software and associated documentation files (the
  13. * "Software"), to deal in the Software without restriction, including
  14. * without limitation the rights to use, copy, modify, merge, publish,
  15. * distribute, sublicense, and/or sell copies of the Software, and to
  16. * permit persons to whom the Software is furnished to do so, subject to
  17. * the following conditions:
  18. *
  19. * The above copyright notice and this permission notice shall be
  20. * included in all copies or substantial portions of the Software.
  21. *
  22. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  23. * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  24. * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  25. * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  26. * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  27. * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  28. * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  29. */
  30.  
  31. /**
  32. * Keep track of state of the client's session with the server
  33. *
  34. * Since there is no continuous connection between the client and the
  35. * web server, there must be some way to carry information forward
  36. * from one page to the next. PHP does this with a global array variable
  37. * {@link http://www.php.net/manual/en/reserved.variables.php#reserved.variables.session $_SESSION}
  38. * which is automatically restored from an area of the server's hard disk
  39. * indicated by the contents of a cookie stored on the client's computer.
  40. * This class is a static class with convenience methods for accessing the
  41. * contents of $_SESSION.
  42. * @tutorial PHPonTrax/Session.cls
  43. */
  44. class Session {
  45.  
  46. /**
  47. * Name of the session (used as cookie name).
  48. */
  49. const TRAX_SESSION_NAME = "TRAXSESSID";
  50.  
  51. /**
  52. * Lifetime in seconds of cookie or, if 0, until browser is restarted.
  53. */
  54. const TRAX_SESSION_LIFETIME = "0";
  55.  
  56. /**
  57. * After this number of minutes, stored data will be seen as
  58. * 'garbage' and cleaned up by the garbage collection process.
  59. */
  60. const TRAX_SESSION_MAXLIFETIME_MINUTES = "20";
  61.  
  62. /**
  63. * IP Address of client
  64. * @var string
  65. */
  66. private static $ip = null;
  67.  
  68. /**
  69. * User Agent (OS, Browser, etc) of client
  70. * @var string
  71. */
  72. private static $user_agent = null;
  73.  
  74. /**
  75. * Session ID
  76. * @var string
  77. */
  78. public static $id = null;
  79.  
  80. /**
  81. * Get a session variable
  82. *
  83. * Fetch the contents from a specified element of
  84. * {@link http://www.php.net/manual/en/reserved.variables.php#reserved.variables.session $_SESSION}
  85. * @param mixed $key Key to identify one particular session variable
  86. * of potentially many for this session
  87. * @return mixed Content of the session variable with the specified
  88. * key if the variable exists; otherwise null.
  89. * @uses get_hash()
  90. * @uses is_valid_host()
  91. */
  92. function get($key) {
  93. if(self::is_valid_host()) {
  94. return $_SESSION[self::get_hash()][$key];
  95. }
  96. return null;
  97. }
  98.  
  99. /**
  100. * Set a session variable
  101. *
  102. * Store a value in a specified element of
  103. * {@link http://www.php.net/manual/en/reserved.variables.php#reserved.variables.session $_SESSION}
  104. * @param mixed $key Key to identify one particular session variable
  105. * of potentially many for this session
  106. * @param string $value Value to store in the session variable
  107. * identified by $key
  108. * @uses get_hash()
  109. * @uses is_valid_host()
  110. *
  111. */
  112. function set($key, $value) {
  113. if(self::is_valid_host()) {
  114. $_SESSION[self::get_hash()][$key] = $value;
  115. }
  116. }
  117.  
  118. /**
  119. * Test whether the user host is as expected for this session
  120. *
  121. * Compare the REMOTE_ADDR and HTTP_USER_AGENT elements of
  122. * {@link http://www.php.net/manual/en/reserved.variables.php#reserved.variables.server $_SERVER}
  123. * to the expected values for this session.
  124. * @uses $ip
  125. * @uses is_aol_host()
  126. * @uses $user_agent
  127. * @return boolean
  128. * <ul>
  129. * <li>true => User host is as expected</li>
  130. * <li>false => User host NOT as expected</li>
  131. * </ul>
  132. */
  133. function is_valid_host() {
  134. if(($_SERVER['REMOTE_ADDR'] == self::$ip || self::is_aol_host()) &&
  135. $_SERVER['HTTP_USER_AGENT'] == self::$user_agent) {
  136. return true;
  137. }
  138. return false;
  139. }
  140.  
  141. /**
  142. * Test whether the client is an AOL user
  143. *
  144. * Check whether the domain name of the client's IP ends in
  145. * "proxy.aol.com" or the client's user agent name includes "AOL"
  146. * @return boolean
  147. * <ul>
  148. * <li>true => Client is on AOL</li>
  149. * <li>false => Client from some other ISP</li>
  150. * </ul>
  151. */
  152. function is_aol_host() {
  153. if(ereg("proxy\.aol\.com$", gethostbyaddr($_SERVER['REMOTE_ADDR'])) ||
  154. stristr($_SERVER['HTTP_USER_AGENT'], "AOL")) {
  155. return true;
  156. }
  157. return false;
  158. }
  159.  
  160. /**
  161. * Get key that uniquely identifies this session
  162. *
  163. * Calculate a unique session key based on the session ID and
  164. * user agent, plus the user's IP address if not on AOL.
  165. * @uses is_aol_host()
  166. * @uses md5()
  167. * @uses session_id()
  168. */
  169. function get_hash() {
  170. $key = session_id().$_SERVER['HTTP_USER_AGENT'];
  171. if(!self::is_aol_host()) {
  172. $key .= $_SERVER['REMOTE_ADDR'];
  173. }
  174. // error_log('get_hash() returns '.md5($key));
  175. return md5($key);
  176. }
  177.  
  178. /**
  179. * Start or continue a session
  180. *
  181. * @uses ini_set()
  182. * @uses $ip
  183. * @uses is_valid_host()
  184. * @uses session_id()
  185. * @uses session_start()
  186. * @uses $user_agent
  187. */
  188. function start() {
  189. $session_name = defined("TRAX_SESSION_NAME") ? TRAX_SESSION_NAME : self::TRAX_SESSION_NAME;
  190. $session_lifetime = defined("TRAX_SESSION_LIFETIME") ? TRAX_SESSION_LIFETIME : self::TRAX_SESSION_LIFETIME;
  191. $session_maxlifetime_minutes = defined("TRAX_SESSION_MAXLIFETIME_MINUTES") ? TRAX_SESSION_MAXLIFETIME_MINUTES : self::TRAX_SESSION_MAXLIFETIME_MINUTES;
  192. # set the session default for this app
  193. ini_set('session.name', $session_name);
  194. ini_set('session.cookie_lifetime', $session_lifetime);
  195. ini_set('session.gc_probability', 1);
  196. ini_set('session.gc_maxlifetime', $session_maxlifetime_minutes * 60);
  197.  
  198. header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
  199.  
  200. self::$ip = $_SERVER['REMOTE_ADDR'];
  201. self::$user_agent = $_SERVER['HTTP_USER_AGENT'];
  202.  
  203. if(self::is_valid_host() && array_key_exists('sess_id',$_REQUEST)) {
  204. session_id($_REQUEST['sess_id']);
  205. }
  206.  
  207. session_cache_limiter("must-revalidate");
  208. session_start();
  209. self::$id = session_id();
  210. }
  211.  
  212. /**
  213. * Destroy the user's session
  214. *
  215. * Destroy all data registered to a session
  216. *
  217. * @uses session_destroy()
  218. */
  219. function destory_session() {
  220. session_destroy();
  221. }
  222.  
  223. /**
  224. * Free all session variables currently registered
  225. *
  226. * @uses get_hash()
  227. * @uses session_unset()
  228. */
  229. function unset_session() {
  230. session_unset($_SESSION[self::get_hash()]);
  231. }
  232.  
  233. /**
  234. * Unset a session variable
  235. *
  236. * Unset the variable in
  237. * {@link http://www.php.net/manual/en/reserved.variables.php#reserved.variables.session $_SESSION}
  238. * identified by key $key
  239. * @uses get_hash()
  240. * @uses is_valid_host()
  241. */
  242. function unset_var($key) {
  243. // error_log('Session::unset_var("'.$key.'")');
  244. if(self::is_valid_host()) {
  245. // error_log('before unsetting SESSION='.var_export($_SESSION,true));
  246. unset($_SESSION[self::get_hash()][$key]);
  247. // error_log('after unsetting SESSION='.var_export($_SESSION,true));
  248. }
  249. }
  250.  
  251. /**
  252. * Test whether a session variable is defined in $_SESSION
  253. *
  254. * Check the
  255. * {@link http://www.php.net/manual/en/reserved.variables.php#reserved.variables.session $_SESSION}
  256. * array for the existance of a variable identified by $key
  257. * @param mixed $key Key to identify one particular session variable
  258. * of potentially many for this session
  259. * @return boolean
  260. * <ul>
  261. * <li>true => The specified session variable is
  262. * defined.</li>
  263. * <li>false => The specified session variable is
  264. * not defined.</li>
  265. * </ul>
  266. * @uses get_hash()
  267. * @uses is_valid_host()
  268. */
  269. function isset_var($key) {
  270. if(self::is_valid_host()) {
  271. if($_SESSION[self::get_hash()][$key]) {
  272. return true;
  273. }
  274. }
  275. return false;
  276. }
  277.  
  278. /**
  279. * Test whether there is a flash message to be shown
  280. *
  281. * Check whether the
  282. * {@link http://www.php.net/manual/en/reserved.variables.php#reserved.variables.session $_SESSION}
  283. * array for this session contains a
  284. * flash message to be shown to the user.
  285. * @param mixed $key Key to identify one particular flash message
  286. * of potentially many for this session
  287. * @return boolean
  288. * <ul>
  289. * <li>true => A flash message is present</li>
  290. * <li>false => No flash message is present</li>
  291. * </ul>
  292. * @uses get_hash()
  293. * @uses is_valid_host()
  294. */
  295. function isset_flash($key) {
  296. if(self::is_valid_host()) {
  297. if(array_key_exists(self::get_hash(), $_SESSION)
  298. && array_key_exists('flash',$_SESSION[self::get_hash()])
  299. && array_key_exists($key,
  300. $_SESSION[self::get_hash()]['flash'])) {
  301. return true;
  302. }
  303. }
  304. return false;
  305. }
  306.  
  307. /**
  308. * Get or set a flash message
  309. *
  310. * A flash message is a message that will appear prominently on
  311. * the next screen to be sent to the user. Flash
  312. * messages are intended to be shown to the user once then erased.
  313. * They are stored in the
  314. * {@link http://www.php.net/manual/en/reserved.variables.php#reserved.variables.session $_SESSION}
  315. * array for the user's session.
  316. *
  317. * @param mixed $key Key to identify one particular flash message
  318. * of potentially many for this session
  319. * @param string $value Content of the flash message if present
  320. * @return mixed Content of the flash message with the specified
  321. * key if $value is null; otherwise null.
  322. * @uses get_hash()
  323. * @uses is_valid_host()
  324. */
  325. function flash($key, $value = null) {
  326. if(self::is_valid_host()) {
  327. if($value) {
  328. $_SESSION[self::get_hash()]['flash'][$key] = $value;
  329. } else {
  330. $value = $_SESSION[self::get_hash()]['flash'][$key];
  331. unset($_SESSION[self::get_hash()]['flash'][$key]);
  332. return $value;
  333. }
  334. }
  335. }
  336. }
  337.  
  338. // -- set Emacs parameters --
  339. // Local variables:
  340. // tab-width: 4
  341. // c-basic-offset: 4
  342. // c-hanging-comment-ender-p: nil
  343. // indent-tabs-mode: nil
  344. // End:
  345. ?>

Documentation generated on Thu, 04 May 2006 19:47:54 -0600 by phpDocumentor 1.3.0RC4