This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
khosb/modules/core/session.inc.php
2011-05-03 09:49:04 +10:00

410 lines
11 KiB
PHP

<?php
/**
* AgileBill - Open Billing Software
*
* This body of work is free software; you can redistribute it and/or
* modify it under the terms of the Open AgileBill License
* License as published at http://www.agileco.com/agilebill/license1-4.txt
*
* Originally authored by Tony Landis, AgileBill LLC
*
* Recent modifications by Deon George
*
* @author Deon George <deonATleenooksDOTnet>
* @copyright 2009 Deon George
* @link http://osb.leenooks.net
*
* @link http://www.agileco.com/
* @copyright 2004-2008 Agileco, LLC.
* @license http://www.agileco.com/agilebill/license1-4.txt
* @author Tony Landis <tony@agileco.com>
* @package AgileBill
* @subpackage Core:Session
*/
/**
* The main AgileBill Session Class
*
* @package AgileBill
* @subpackage Core:Session
*/
class CORE_session {
# Our session ID
private $id = '';
# The time our session expires
private $sess_date_expire = 0;
public function __construct() {
global $C_debug,$VAR;
$session_arr = array();
# Get our SESSION ID, either as a GET/POST or COOKIE
if (isset($_GET['s']) && trim($_GET['s']))
array_push($session_arr,$_GET['s']);
elseif (isset($_POST['s']) && trim($_POST['s']))
array_push($session_arr,$_POST['s']);
elseif(isset($_COOKIE[COOKIE_NAME]) && trim($_COOKIE[COOKIE_NAME])) {
array_push($session_arr,$_COOKIE[COOKIE_NAME]);
# Clear the cookie, as we'll validate it
$this->id = $_COOKIE[COOKIE_NAME];
$this->setcookies(true);
$this->id = '';
}
foreach ($session_arr as $s)
if ($validate = $this->validate($s))
$this->id = $s;
$this->sess_date_expire = time()+(SESSION_EXPIRE*60);
if (! $this->id) {
$this->tid = empty($VAR['tid']) ? DEFAULT_THEME : $VAR['tid'];
$this->lid = empty($VAR['lid']) ? DEFAULT_LANGUAGE : $VAR['lid'];
$this->cid = empty($VAR['cid']) ? DEFAULT_COUNTRY : $VAR['cid'];
$this->cyid = empty($VAR['cyid']) ? DEFAULT_CURRENCY : $this->get_currency($VAR['cyid']);
$this->wid = empty($VAR['wid']) ? DEFAULT_WEIGHT : $VAR['wid'];
$this->rid = empty($VAR['rid']) ? null : $VAR['rid'];
$this->aid = $this->get_session_link(0,'affiliate');
$this->caid = $this->get_session_link(0,'campaign');
$this->sess_logged = false;
$this->sess_account_id = false;
$this->session();
} else {
$this->tid = empty($VAR['tid']) ? $validate['theme_id'] : $VAR['tid'];
$this->lid = empty($VAR['lid']) ? $validate['language_id'] : $VAR['lid'];
$this->cid = empty($VAR['cid']) ? $validate['country_id'] : $VAR['cid'];
$this->cyid = empty($VAR['cyid']) ? $validate['currency_id'] : $this->get_currency($VAR['cyid']);
$this->wid = empty($VAR['wid']) ? $validate['weight_id'] : $VAR['wid'];
$this->rid = empty($VAR['rid']) ? $validate['reseller_id'] : $VAR['rid'];
$this->aid = empty($VAR['aid']) ? $validate['affiliate_id'] : $this->get_session_link($validate['affiliate_id'],'affiliate');
$this->caid = empty($VAR['caid']) ? $validate['campaign_id'] : $this->get_session_link($validate['campaign_id'],'campaign');
$this->sess_logged = $validate['logged'];
$this->sess_account_id = $validate['account_id'];
$db = &DB();
# Only update the session (every 5 mins) if we are logged in
if ($validate['logged'] && $this->sess_date_expire+60*5 < time())
$db->Execute(
sqlUpdate($db,'session',array(
'date_last'=>time(),
'date_expire'=>$this->sess_date_expire,
'ip'=>USER_IP,
'theme_id'=>$this->tid,
'country_id'=>$this->cid,
'language_id'=>$this->lid,
'currency_id'=>$this->cyid,
'weight_id'=>$this->wid,
'reseller_id'=>$this->rid,
'affiliate_id'=>$this->aid,
'campaign_id'=>$this->caid,
),array('id'=>$this->id)));
}
if (! defined('SESS'))
define('SESS',$this->id);
$this->setcookies();
}
private function validate($session_id) {
global $C_debug;
$db = &DB();
$q = str_replace('{p}',AGILE_DB_PREFIX,str_replace('{s}',DEFAULT_SITE,sprintf(
'SELECT A.*,B.id AS acct_id,B.status,B.date_expire AS account_date_expire,C.date_expire AS sess_auth_date_expire,C.group_arr,C.module_arr
FROM {p}session AS A
LEFT JOIN {p}account AS B ON B.id=A.account_id LEFT JOIN {p}session_auth_cache AS C ON A.id=C.session_id
WHERE A.id=%s AND A.site_id={s} AND ((B.site_id={s} AND A.account_id IS NOT NULL) OR (B.site_id IS NULL AND A.account_id IS NULL)) AND C.site_id={s}',$db->qstr($session_id)
)));
$rs = $db->Execute($q);
if (! $rs) {
$C_debug->error(__FILE__,__METHOD__,$db->ErrorMsg());
printf('Unable to start session: Database Error: %s',$db->ErrorMsg());
return false;
} elseif ($rs->RecordCount() == 0) {
return false;
}
# Set the auth caching for use in the auth module to save a query there:
$this->auth_cache['date_expire'] = $rs->fields['sess_auth_date_expire'];
$this->auth_cache['group_arr'] = $rs->fields['group_arr'];
$this->auth_cache['module_arr'] = $rs->fields['module_arr'];
if ($rs->fields['logged'] == 1) {
if ($rs->fields['status'] != 1)
return false;
elseif (! empty($rs->fields['account_date_expire']) && $rs->fields['account_date_expire'] < time())
return false;
elseif (SESSION_EXPIRE != 0 && $rs->fields['date_expire'] <= time()) {
$this->logout($session_id);
return false;
}
}
if (SESSION_IP_MATCH && ($rs->fields['ip'] != USER_IP)) {
$this->delete($session_id);
return false;
}
return $rs->fields;
}
/**
* Set or expire cookies
*/
private function setcookies($expire=false) {
if (defined('AGILE_COOKIE') && AGILE_COOKIE != '') {
$domain = AGILE_COOKIE;
} else {
global $_SERVER;
if (isset($_SERVER['HTTP_HOST'])) {
$domain = $_SERVER['HTTP_HOST'];
} elseif (isset($_SERVER['SERVER_NAME'])) {
$domain = $_SERVER['SERVER_NAME'];
} elseif (function_exists('getallheaders')) {
$server = getallheaders();
$domain = $server['Host'];
} else {
echo '<PRE>';print_r($_SERVER);echo '</PRE>';
echo 'ERROR: Cant work out our domain?';
die();
}
$domain = '.'.preg_replace('/^www./','',$domain);
}
if ($expire)
$cookie_expire = 0;
elseif (COOKIE_EXPIRE == 0)
$cookie_expire = (time()+86400*365);
else
$cookie_expire = (time()+(COOKIE_EXPIRE*60));
if (empty($domain) || preg_match('/localhost/',$domain))
setcookie(COOKIE_NAME,$this->id,$cookie_expire,'/');
else
setcookie(COOKIE_NAME,$this->id,$cookie_expire,'/',$domain);
# Affiliate Cookie
if (! empty($this->aid)) {
$aid_cookie_name = COOKIE_NAME.'aid';
if ($expire)
$aid_expire = 0;
else
$aid_expire = time()+86400*720;
if (empty($domain) || preg_match('/localhost/',$domain))
setcookie($aid_cookie_name,$this->aid,$aid_expire,'/');
else
setcookie($aid_cookie_name,$this->aid,$aid_expire,'/',$domain);
}
# Campaign Cookie
if (! empty($this->caid)) {
$cid_cookie_name = COOKIE_NAME.'caid';
if ($expire)
$cid_expire = 0;
else
$cid_expire = time()+86400*720;
if (empty($domain) || preg_match('/localhost/',$domain))
setcookie($cid_cookie_name,$this->caid,$cid_expire,'/');
else
setcookie($cid_cookie_name,$this->caid,$cid_expire,'/',$domain);
}
}
private function get_session_link($id,$type) {
global $VAR;
switch($type) {
case 'affiliate' : $var = 'aid'; $table = 'affiliate'; break;
case 'campaign' : $var = 'caid'; $table = 'campaign'; break;
default:
return '';
}
$cookie_name = sprintf('%s%s',COOKIE_NAME,$var);
if (isset($VAR[$var]))
$i = $VAR[$var];
elseif (isset($_COOKIE[$cookie_name]))
$i = $_COOKIE[$cookie_name];
if (empty($i))
return '';
elseif ($i == $id)
return $i;
# Validate
else {
$db = &DB();
$rs = $db->Execute(sqlSelect($table,'id',array('where'=>array('id'=>$i))));
if ($rs && $rs->RecordCount())
return $i;
else
return '';
}
}
private function get_currency($id) {
$db = &DB();
$rs = $db->Execute(sqlSelect('currency','status',array('where'=>array('id'=>$id))));
if ($rs && $rs->RecordCount() && $rs->fields['status'] == 1)
return $id;
global $VAR;
$VAR['cyid'] = DEFAULT_CURRENCY;
return DEFAULT_CURRENCY;
}
/**
* Create a session
*/
private function session() {
global $C_debug;
$db = &DB();
mt_srand((double)microtime()*1000000);
$this->id = md5(uniqid(mt_rand(),1));
$rs = $db->Execute(sqlSelect('session','id',array('where'=>array('id'=>$this->id))));
if (! $rs) {
echo 'SESSION FAILED: Unable to connect to database';
exit;
}
if (! $rs->RecordCount()) {
$rs = $db->Execute(
sqlInsert($db,'session',array(
'date_orig'=>time(),
'date_last'=>time(),
'date_expire'=>$this->sess_date_expire,
'affiliate_id'=>$this->aid,
'reseller_id'=>$this->rid,
'country_id'=>$this->cid,
'language_id'=>$this->lid,
'currency_id'=>$this->cyid,
'weight_id'=>$this->wid,
'theme_id'=>$this->tid,
'campaign_id'=>$this->caid,
'logged'=>0,
'ip'=>USER_IP
),$this->id));
if (! $rs) {
$C_debug->error(__FILE__,__METHOD__,$db->ErrorMsg());
printf('Unable to start session: Db error<br/><br/>%s<br/><br/>%s',$q,$db->ErrorMsg());
exit;
}
}
}
private function logout($sess) {
$db = &DB();
$rs = $db->Execute(sqlUpdate($db,'session',array('logged'=>0),array('id'=>$sess)));
if (! $rs) {
global $C_debug;
$C_debug->error(__FILE__,__METHOD__,$db->ErrorMsg());
return false;
}
$db->Execute(sqlDelete($db,'session_auth_cache',array('session_id'=>$sess)));
define('FORCE_SESS_ACCOUNT',0);
define('FORCE_SESS_LOGGED',false);
if (CACHE_SESSIONS == '1') {
$VAR['_login'] = '1';
$force = true;
$C_auth = new CORE_auth($force);
global $C_auth2;
$C_auth2 = $C_auth;
}
}
/**
* Delete a session
*/
private function delete($sess) {
$db = &DB();
$rs = $db->Execute(sqlDelete($db,'session',array('id'=>$sess)));
if (! $rs === false) {
global $C_debug;
$C_debug->error(__FILE__,__METHOD__,$db->ErrorMsg());
return false;
}
}
/**
* Define the session constants
*/
public function session_constant() {
# Define the constants
define('SESS_THEME',$this->tid);
define('SESS_LANGUAGE',$this->lid);
define('SESS_COUNTRY',$this->cid);
define('SESS_CURRENCY',$this->cyid);
define('SESS_WEIGHT',$this->wid);
define('SESS_RESELLER',$this->rid);
define('SESS_AFFILIATE',$this->aid);
define('SESS_CAMPAIGN',$this->caid);
}
public function session_constant_log() {
global $VAR;
if (isset($VAR['_login']) || isset($VAR['_logout'])) {
$db = &DB();
$rs = $db->Execute(sqlSelect('session','logged,account_id',array('where'=>array('id'=>$this->id))));
if (! $rs) {
global $C_debug;
$C_debug->error(__FILE__,__METHOD__,$db->ErrorMsg());
return;
}
if (! defined('SESS_LOGGED'))
define('SESS_LOGGED',$rs->fields['logged']);
if (! defined('SESS_ACCOUNT'))
define('SESS_ACCOUNT',$rs->fields['account_id']);
} else {
if (! defined('SESS_LOGGED'))
define('SESS_LOGGED',$this->sess_logged);
if (! defined('SESS_ACCOUNT'))
define('SESS_ACCOUNT',$this->sess_account_id);
}
if (SESS_LOGGED)
define('SESS_EXPIRES',$this->sess_date_expire);
else
define('SESS_EXPIRES',0);
}
}
?>