This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
khosb/modules/core/session.inc.php
2008-11-26 14:50:40 -08:00

413 lines
15 KiB
PHP

<?php
/**
* AgileBill - Open Billing Software
*
* This body of work is free software; you can redistribute it and/or
* modify it under the terms of the Open AgileBill License
* License as published at http://www.agileco.com/agilebill/license1-4.txt
*
* For questions, help, comments, discussion, etc., please join the
* Agileco community forums at http://forum.agileco.com/
*
* @link http://www.agileco.com/
* @copyright 2004-2008 Agileco, LLC.
* @license http://www.agileco.com/agilebill/license1-4.txt
* @author Tony Landis <tony@agileco.com>
* @package AgileBill
* @version 1.4.93
*/
class CORE_session
{
var $id;
function CORE_session()
{
global $C_debug, $_GET, $_POST,$_COOKIE, $HTTP_COOKIE_VARS, $VAR;
if (isset($_GET['s']))
$session_arr[] = $_GET['s'];
else if (isset($_POST['s']))
$session_arr[] = $_POST['s'];
else if(isset($_COOKIE[COOKIE_NAME]))
$session_arr[] = $_COOKIE[COOKIE_NAME];
else if (isset($HTTP_COOKIE_VARS[COOKIE_NAME]))
$session_arr[] = $HTTP_COOKIE_VARS[COOKIE_NAME];
if(isset($session_arr)) {
for($i=0; $i<count($session_arr); $i++) {
if($session_arr[$i] != '') {
$validate = $this->validate($session_arr[$i]);
if($validate != FALSE) {
$this->id = $session_arr[$i];
$i = count($session_arr);
}
}
}
}
@$this->sess_date_expire = time() + (SESSION_EXPIRE*60);
if(!isset($this->id))
{
empty($VAR['tid']) ? $this->sess_theme_id = DEFAULT_THEME : $this->sess_theme_id = $VAR['tid'];
empty($VAR['lid']) ? $this->sess_language_id = DEFAULT_LANGUAGE : $this->sess_language_id = $VAR['lid'];
empty($VAR['cid']) ? $this->sess_country_id = DEFAULT_COUNTRY : $this->sess_country_id = $VAR['cid'];
empty($VAR['cyid']) ? $this->sess_currency_id = DEFAULT_CURRENCY : $this->sess_currency_id = $this->get_currency($VAR['cyid']);
empty($VAR['wid']) ? $this->sess_weight_id = DEFAULT_WEIGHT : $this->sess_weight_id = $VAR['wid'];
@$this->sess_reseller_id = $VAR['rid'];
@$this->sess_affiliate_id = $this->get_affiliate(0);
@$this->sess_campaign_id = $this->get_campaign(0);
$this->sess_logged = false;
$this->sess_account_id = false;
$this->session();
}
else
{
empty($VAR['tid']) ? $this->sess_theme_id = $validate['theme_id'] : $this->sess_theme_id = $VAR['tid'];
empty($VAR['lid']) ? $this->sess_language_id = $validate['language_id'] : $this->sess_language_id = $VAR['lid'];
empty($VAR['cid']) ? $this->sess_country_id = $validate['country_id'] : $this->sess_country_id = $VAR['cid'];
empty($VAR['cyid']) ? $this->sess_currency_id = $validate['currency_id'] : $this->sess_currency_id = $this->get_currency($VAR['cyid']);
empty($VAR['wid']) ? $this->sess_weight_id = $validate['weight_id'] : $this->sess_weight_id = $VAR['wid'];
empty($VAR['rid']) ? $this->sess_reseller_id = $validate['reseller_id'] : $this->sess_reseller_id = $VAR['rid'];
empty($VAR['aid']) ? $this->sess_affiliate_id = $validate['affiliate_id'] : $this->sess_affiliate_id = $this->get_affiliate($validate['affiliate_id']);
empty($VAR['caid']) ? $this->sess_campaign_id = $validate['campaign_id'] : $this->sess_campaign_id = $this->get_campaign($validate['campaign_id']);
$this->sess_account_id = $validate['account_id'];
$this->sess_logged = $validate['logged'];
$db = &DB();
$q = "UPDATE " . AGILE_DB_PREFIX . "session SET
date_last = " . $db->qstr(time()) . ",
date_expire = " . $db->qstr($this->sess_date_expire) . ",
ip = " . $db->qstr(USER_IP) . ",
theme_id = " . $db->qstr($this->sess_theme_id) . ",
country_id = " . $db->qstr($this->sess_country_id) . ",
language_id = " . $db->qstr($this->sess_language_id) . ",
currency_id = " . $db->qstr($this->sess_currency_id) . ",
weight_id = " . $db->qstr($this->sess_weight_id) . ",
reseller_id = " . $db->qstr($this->sess_reseller_id) . ",
affiliate_id = " . $db->qstr($this->sess_affiliate_id). ",
campaign_id = " . $db->qstr($this->sess_campaign_id) . "
WHERE
id = " . $db->qstr($this->id) . "
AND
site_id = " . $db->qstr(DEFAULT_SITE);
// update the old session ONLY if info has changed or expires/no update in the past 5 minutes.
if (!empty($VAR['tid']) || !empty($VAR['lid']) || !empty($VAR['cid']) || !empty($VAR['cyid']) ||
!empty($VAR['wid']) || !empty($VAR['rid']) || !empty($VAR['aid']) || !empty($VAR['caid']) ) {
$result = $db->Execute($q);
} else if ($validate['logged'] == '0' && !empty($this->sess_date_expire) && $this->sess_date_expire+60*5 < time()) {
$result = $db->Execute($q);
} else if (!empty($validate['date_last']) && $validate['date_last']+60*5 < time()) {
$result = $db->Execute($q);
}
}
if(!defined("SESS")) define ('SESS', $this->id);
$this->setcookies();
}
function validate($session_id) {
global $C_debug;
$db = &DB();
$q = "SELECT
" . AGILE_DB_PREFIX . "session.*,
" . AGILE_DB_PREFIX . "account.id AS acct_id,
" . AGILE_DB_PREFIX . "account.status,
" . AGILE_DB_PREFIX . "account.date_expire AS account_date_expire,
" . AGILE_DB_PREFIX . "session_auth_cache.date_expire AS sess_auth_date_expire,
" . AGILE_DB_PREFIX . "session_auth_cache.group_arr,
" . AGILE_DB_PREFIX . "session_auth_cache.module_arr
FROM
" . AGILE_DB_PREFIX . "session
LEFT JOIN " . AGILE_DB_PREFIX . "account ON ".AGILE_DB_PREFIX."account.id = ".AGILE_DB_PREFIX."session.account_id
LEFT JOIN " . AGILE_DB_PREFIX . "session_auth_cache ON " . AGILE_DB_PREFIX . "session.id = " . AGILE_DB_PREFIX . "session_auth_cache.session_id
WHERE
" . AGILE_DB_PREFIX . "session.id = " . $db->qstr($session_id) . "
AND
" . AGILE_DB_PREFIX . "session.site_id = " . $db->qstr(DEFAULT_SITE) . "
AND
" . AGILE_DB_PREFIX . "account.site_id = " . $db->qstr(DEFAULT_SITE) . "
AND
" . AGILE_DB_PREFIX . "session_auth_cache.site_id = " . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($q);
if ($result === false) {
$C_debug->error('session.inc.php','validate', $db->ErrorMsg());
echo '<BR>Unable to start session: Database Error: ' . $db->ErrorMsg();
return;
} else if ($result->RecordCount() == 0) {
return FALSE;
}
// Set the auth caching for use in the auth module to save a query there:
$this->auth_cache['date_expire'] = $result->fields["sess_auth_date_expire"];
$this->auth_cache['group_arr'] = $result->fields["group_arr"];
$this->auth_cache['module_arr'] = $result->fields["module_arr"];
if($result->fields['id'] == $session_id) {
if($result->fields["logged"] == "1") {
if($result->fields['status'] != "1") {
return FALSE;
} else if(!empty($result->fields['account_date_expire']) && $result->fields['account_date_expire'] < time()) {
return FALSE;
} else if(SESSION_EXPIRE != 0 && $result->fields['date_expire'] <= time()) {
$this->logout($session_id);
return FALSE;
}
}
if(SESSION_IP_MATCH) {
if($result->fields['ip'] != USER_IP) {
$this->delete($session_id);
return FALSE;
}
}
} else {
return FALSE;
}
return $result->fields;
}
function setcookies() {
if(defined("AGILE_COOKIE") && AGILE_COOKIE != '') {
$domain = AGILE_COOKIE;
} else {
global $_SERVER;
if(isset($_SERVER)) {
@$domain = $_SERVER['HTTP_HOST'];
} else {
$server = getallheaders();
$domain = $server['Host'];
}
$domain = '.'.eregi_replace('^www.', '', $domain);
}
if(COOKIE_EXPIRE == 0 )
$cookie_expire = (time() + 86400*365);
else
$cookie_expire = (time() + (COOKIE_EXPIRE*60));
if(empty($domain) || eregi('localhost', $domain))
setcookie(COOKIE_NAME,$this->id,$cookie_expire,'/');
else
setcookie(COOKIE_NAME,$this->id,$cookie_expire,'/', $domain);
# Affiliate Cookie
if(!empty($this->sess_affiliate_id)) {
$aid_expire = time()+86400*720;
$aid_cookie_name = COOKIE_NAME . 'aid';
if(empty($domain) || eregi('localhost', $domain))
setcookie($aid_cookie_name, $this->sess_affiliate_id, $aid_expire,'/');
else
setcookie($aid_cookie_name, $this->sess_affiliate_id, $aid_expire,'/', $domain);
}
# Campaign Cookie
if(!empty($this->sess_campaign_id)) {
$cid_expire = time()+86400*720;
$cid_cookie_name = COOKIE_NAME . 'caid';
if(empty($domain) || eregi('localhost', $domain))
setcookie($cid_cookie_name, $this->sess_campaign_id, $cid_expire,'/');
else
setcookie($cid_cookie_name, $this->sess_campaign_id, $cid_expire,'/', $domain);
}
}
function get_affiliate($old_aid) {
global $_COOKIE, $VAR;
$aid_cookie_name = COOKIE_NAME.'aid';
if(isset($VAR['aid']))
$aid = $VAR['aid'];
else if(isset($_COOKIE[$aid_cookie_name]))
@$aid = $_COOKIE[$aid_cookie_name];
else if(isset($HTTP_COOKIE_VARS[$aid_cookie_name]))
@$aid = $HTTP_COOKIE_VARS[$aid_cookie_name];
if ($aid == $old_aid) {
return $aid;
} else if (empty($aid)) {
return '';
} else {
// validate
$db = &DB();
$q = "SELECT id,account_id FROM " . AGILE_DB_PREFIX . "affiliate
WHERE id = ".$db->qstr($aid)." AND
site_id = ".$db->qstr(DEFAULT_SITE);
@$result = $db->Execute($q);
if(@$result->fields['id'] == $aid)
return $aid;
else
return '';
}
}
function get_campaign($old_cid) {
global $_COOKIE, $VAR;
$cid_cookie_name = COOKIE_NAME.'caid';
if(isset($VAR['caid']))
$cid = $VAR['caid'];
else if(isset($_COOKIE[$cid_cookie_name]))
@$cid = $_COOKIE[$cid_cookie_name];
else if(isset($HTTP_COOKIE_VARS[$cid_cookie_name]))
@$cid = $HTTP_COOKIE_VARS[$cid_cookie_name];
if ($cid == $old_cid) {
return $cid;
} else if (empty($cid)) {
return '';
} else {
// validate
$db = &DB();
$q = "SELECT id FROM " . AGILE_DB_PREFIX . "campaign
WHERE id = ".$db->qstr($cid)." AND
site_id = ".$db->qstr(DEFAULT_SITE);
@$result = $db->Execute($q);
if(@$result->fields['id'] == $cid)
return $cid;
else
return '';
}
}
function get_currency($id) {
$db = &DB();
$sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'currency WHERE id = ' . $db->qstr($id) . ' AND site_id = ' . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($sql);
if($result->fields['status'] == 1) return $id;
global $VAR; $VAR['cyid'] = DEFAULT_CURRENCY;
return DEFAULT_CURRENCY;
}
function session() {
global $C_debug;
mt_srand ((double) microtime() * 1000000);
$this->id = md5(uniqid(mt_rand(),1));
$db = &DB();
$q = "SELECT id FROM " . AGILE_DB_PREFIX . "session
WHERE id = ".$db->qstr($this->id)." AND
site_id = '" . DEFAULT_SITE . "'";
$result = $db->Execute($q);
if ($result === false) {
echo "SESSION FAILED: Unable to connect to database";
exit;
} if($result->RecordCount() == 0) {
$expires = time() + (SESSION_EXPIRE*60);
$db = &DB();
$q = "INSERT INTO " . AGILE_DB_PREFIX . "session SET
id = ".$db->qstr($this->id).",
date_orig = ".$db->qstr(time()).",
date_last = ".$db->qstr(time()).",
date_expire = ".$db->qstr($expires).",
logged = ".$db->qstr('0').",
ip = ".$db->qstr(USER_IP).",
site_id = ".$db->qstr(DEFAULT_SITE).",
affiliate_id= ".$db->qstr($this->sess_affiliate_id).",
reseller_id = ".$db->qstr($this->sess_reseller_id).",
country_id = ".$db->qstr($this->sess_country_id).",
language_id = ".$db->qstr($this->sess_language_id).",
currency_id = ".$db->qstr($this->sess_currency_id).",
weight_id = ".$db->qstr($this->sess_weight_id).",
theme_id = ".$db->qstr($this->sess_theme_id).",
campaign_id = ".$db->qstr($this->sess_campaign_id);
$result = $db->Execute($q);
$C_debug->sql_count();
if ($result === false) {
$C_debug->error('session.inc.php','validate', $db->ErrorMsg());
echo 'Unable to start session: Db error<RB><BR>' . $q . '<BR><BR>' . $db->ErrorMsg();
exit;
}
}
}
function logout($sess) {
$db = &DB();
$q = "UPDATE " . AGILE_DB_PREFIX . "session SET logged = '0' WHERE
id = '$sess' AND
site_id = '" . DEFAULT_SITE . "'";
$result = $db->Execute($q);
if ($result === false) {
global $C_debug;
$C_debug->error('session.inc.php','logout', $db->ErrorMsg());
}
$q = 'DELETE FROM '.AGILE_DB_PREFIX.'session_auth_cache WHERE
session_id = '. $db->qstr($sess) .' AND
site_id = '. $db->qstr(DEFAULT_SITE);
$db->Execute($q);
define('FORCE_SESS_ACCOUNT', 0);
define('FORCE_SESS_LOGGED', FALSE);
if(CACHE_SESSIONS == '1') {
$VAR['_login'] = '1';
$force = true;
$C_auth = new CORE_auth($force);
global $C_auth2;
$C_auth2 = $C_auth;
}
}
function delete($sess) {
global $C_debug;
$db = &DB();
$q = "DELETE FROM " . AGILE_DB_PREFIX . "session WHERE id = '$sess' AND site_id = '" . DEFAULT_SITE . "'";
$result = $db->Execute($q);
$C_debug->sql_count();
if ($result === false) $C_debug->error('session.inc.php','delete', $db->ErrorMsg());
}
function session_constant() {
# Define the constants
define ('SESS_THEME', $this->sess_theme_id);
define ('SESS_COUNTRY', $this->sess_country_id);
define ('SESS_LANGUAGE', $this->sess_language_id);
define ('SESS_CURRENCY', $this->sess_currency_id);
define ('SESS_WEIGHT', $this->sess_weight_id);
define ('SESS_RESELLER', $this->sess_reseller_id);
define ('SESS_AFFILIATE', $this->sess_affiliate_id);
define ('SESS_CAMPAIGN', $this->sess_campaign_id);
}
function session_constant_log() {
global $VAR;
if(isset($VAR['_login']) || isset($VAR['_logout'])) {
$db = &DB();
$q = "SELECT logged,account_id FROM " . AGILE_DB_PREFIX . "session
WHERE id = " . $db->qstr($this->id) . "
AND site_id = " . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($q);
global $C_debug;
$C_debug->sql_count();
if ($result === false) $C_debug->error('session.inc.php','session_constant', $db->ErrorMsg());
if(!defined("SESS_LOGGED"))
define ('SESS_LOGGED', $result->fields['logged']);
if(!defined("SESS_ACCOUNT"))
define ('SESS_ACCOUNT', $result->fields['account_id']);
} else {
if(!defined("SESS_LOGGED"))
define ('SESS_LOGGED', $this->sess_logged);
if(!defined("SESS_ACCOUNT"))
define ('SESS_ACCOUNT', $this->sess_account_id);
}
if(SESS_LOGGED)
define ('SESS_EXPIRES', $this->sess_date_expire);
else
define ('SESS_EXPIRES', 0);
}
}
?>