aliroSession Class Reference

Inheritance diagram for aliroSession:

List of all members.

Public Member Functions
	getip ()
	cookiesAccepted ()
	setNew ()
	rememberMe ($request)
	purge ($timeout=0)
Static Public Member Functions
static	isAdminPresent ()
Public Attributes
	$session_id = null
	$time = null
	$userid = 0
	$usertype = ''
	$username = ''
	$gid = 0
	$guest = 1
Protected Member Functions
	__construct ()
	__clone ()
	checkValidSession ()
	setSessionData ($my)
	forceLogout ($exp)
Protected Attributes
	$_lifetime
	$_newsess = false
Static Protected Attributes
static	$currentSession = null
Private Member Functions
	saveOrphanData ()
	updateTime ()

---

Detailed Description

Definition at line 56 of file aliroSession.php.

---

Constructor & Destructor Documentation

aliroSession::__construct

(

)

[protected]

Reimplemented in aliroUserSession, and aliroAdminSession.

Definition at line 68 of file aliroSession.php.

References aliroSessionData::getInstance().

                                     {
        $this->time = time();
        ini_set('session.use_cookies', 1);
        ini_set('session.use_only_cookies', 1);
        session_name(md5('aliro_'.$this->_prefix.$this->getip().criticalInfo::getInstance()->absolute_path));
        if (!session_id()) {
            $sh = aliroSessionData::getInstance();
            session_set_save_handler(array($sh,'sess_open'), array($sh,'sess_close'), array($sh,'sess_read'),
            array($sh,'sess_write'), array($sh,'sess_destroy'), array($sh,'sess_gc'));
            session_start();
        }
    }

---

Member Function Documentation

aliroSession::__clone

(

)

[protected]

Definition at line 81 of file aliroSession.php.

                                  {
        // Enforce singleton
    }

aliroSession::getip

(

)

Definition at line 85 of file aliroSession.php.

                            {
        $ip = false;
        if (!empty($_SERVER['HTTP_CLIENT_IP'])) $ip = $_SERVER['HTTP_CLIENT_IP'];
        if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
            $ips = explode (', ', $_SERVER['HTTP_X_FORWARDED_FOR']);
            if ($ip != false) {
                array_unshift($ips,$ip);
                $ip = false;
            }
            $count = count($ips);
            // Exclude IP addresses that are reserved for LANs
            for ($i = 0; $i < $count; $i++) {
                if (!preg_match("/^(10|172\.16|192\.168)\./i", $ips[$i])) {
                    $ip = $ips[$i];
                    break;
                }
            }
        }
        if (false == $ip AND isset($_SERVER['REMOTE_ADDR'])) $ip = $_SERVER['REMOTE_ADDR'];
        return $ip;
    }

aliroSession::cookiesAccepted

(

)

Definition at line 107 of file aliroSession.php.

                                       {
        return isset($_COOKIE['aliroCookieCheck']);
    }

aliroSession::setNew

(

)

Definition at line 111 of file aliroSession.php.

                              {
        $this->_newsess = true;
    }

aliroSession::checkValidSession

(

)

[protected]

Definition at line 116 of file aliroSession.php.

References saveOrphanData(), T_(), and updateTime().

Referenced by aliroAdminSession::getInstance(), and aliroUserSession::getInstance().

                                            {
       if ($this->session_id = session_id()) {
            // We try to update the time stamp in the matching record of the session table
            $result = $this->updateTime();
            if (!$result) {
                setcookie('aliroCookieCheck', 'A', time()+365*24*60*60, '/');
                $this->saveOrphanData();
                $this->session_id = '';
            }
            return $result;
        }
        else {
            trigger_error(T_('No session ID found, although aliroSession has been instantiated'));
            return false;
        }
    }

aliroSession::saveOrphanData

(

)

[private]

Definition at line 133 of file aliroSession.php.

References $_REQUEST, and aliroCoreDatabase::getInstance().

Referenced by checkValidSession().

                                       {
        if (isset($_REQUEST['option']) AND ('login' == $_REQUEST['option'] OR 'logout' == $_REQUEST['option'])) return;
        $orphandata['get'] = $_GET;
        $orphandata['post'] = $_POST;
        $orphanstring = base64_encode(serialize($orphandata));
        $database = aliroCoreDatabase::getInstance();
        $database->doSQL("INSERT INTO #__orphan_data VALUES ('$this->session_id', '$orphanstring') ON DUPLICATE KEY UPDATE orphandata = '$orphanstring'");
        setcookie ('aliroOrphanData', $this->session_id, time()+300, '/');
    }

aliroSession::rememberMe

(

$

request

)

Definition at line 143 of file aliroSession.php.

References aliroUserAuthenticator::getInstance(), aliroUser::getInstance(), and T_().

                                          {
        if (!$this->_newsess) return;
        $user = aliroUser::getInstance();
        if (0 == $user->id AND $usercookie = isset($_COOKIE['usercookie']) ? $_COOKIE['usercookie'] : null) {
            // Remember me cookie exists. Login with usercookie information if all present.
            if (!empty($usercookie['username']) AND !empty($usercookie['password'])) {
                // If the login is successful, then the session data will be updated
                // In any case, the return will be set either to user data or to null
                $message = aliroUserAuthenticator::getInstance()->systemLogin ($usercookie['username'], $usercookie['password'], 1);
                if ($message) $request->setErrorMessage(T_('Remember Me login failed - incorrect username-password combination'), _ALIRO_ERROR_WARN);
                else $user->reset();
            }
        }
    }

aliroSession::updateTime

(

)

[private]

Definition at line 158 of file aliroSession.php.

References aliroCoreDatabase::getInstance(), and aliro::getInstance().

Referenced by checkValidSession().

                                   {
        if (aliro::getInstance()->installed) {
            $database = aliroCoreDatabase::getInstance();
            $past = $this->time - $this->_lifetime;
            $database->doSQL("UPDATE #__session SET time = '$this->time', marker = marker+1 WHERE session_id = '$this->session_id' AND isadmin = $this->isadmin AND time > $past");
            return ($database->getAffectedRows()) ? true : false;
        }
        return false;
    }

aliroSession::setSessionData

(

$

my

)

[protected]

Definition at line 168 of file aliroSession.php.

References $_REQUEST, aliroCoreDatabase::getInstance(), int(), and purge().

Referenced by aliroAdminSession::setNewUserData(), and aliroUserSession::setNewUserData().

                                            {
        $database = aliroCoreDatabase::getInstance();
        if ($my->id AND !empty($_COOKIE['aliroOrphanData'])) {
            $database->setQuery("SELECT orphandata FROM #__orphan_data WHERE session_id = '{$_COOKIE['aliroOrphanData']}'");
            $orphanstring = $database->loadResult();
            if (!empty($orphanstring)) {
                $orphandata = unserialize(base64_decode($orphanstring));
                foreach (array_keys($_GET) as $key) unset($_REQUEST[$key]);
                foreach (array_keys($_POST) as $key) unset($_REQUEST[$key]);
                $_GET = $orphandata['get'];
                $_POST = $orphandata['post'];
                foreach ($_GET as $key=>$value) $_REQUEST[$key] = $value;
                foreach ($_POST as $key=>$value) $_REQUEST[$key] = $value;
                // $database->doSQL("DELETE FROM #__orphan_data WHERE session_id = '{$_COOKIE['aliroOrphanData']}'");
                setcookie('aliroOrphanData', 'A', time()-7*24*60*60, '/');
            }
        }
        session_regenerate_id();
        $this->session_id = session_id();
        $this->httphost = $_SERVER['HTTP_HOST'];
        $this->servername = $_SERVER['SERVER_NAME'];
        $this->ipaddress = getenv('REMOTE_ADDR');
        $_SESSION["aliro_{$this->_prefix}id"] = $this->userid = $my->id;
        $_SESSION["aliro_{$this->_prefix}name"] = $my->name;
        $_SESSION["aliro_{$this->_prefix}username"] = $this->username = $my->username;
        $_SESSION["aliro_{$this->_prefix}email"] = $my->email;
        $_SESSION["aliro_{$this->_prefix}sendEmail"] = $my->sendEmail;
        $_SESSION["aliro_{$this->_prefix}type"] = $this->usertype = $my->usertype;
        $_SESSION["aliro_{$this->_prefix}gid"] = $this->gid = $my->gid;
        $_SESSION["aliro_{$this->_prefix}logintime"] = $this->time = time();
        if (!isset($_SESSION["aliro_{$this->_prefix}state"])) $_SESSION["aliro_{$this->_prefix}state"]  = array();
        $this->userid = (int) $this->userid;
        $this->gid = (int) $this->gid;
        $database->insertObject('#__session', $this);
        $this->purge();
    }

aliroSession::purge

(

$

timeout = 0

)

Definition at line 205 of file aliroSession.php.

References forceLogout(), aliroSessionData::getInstance(), aliroCoreDatabase::getInstance(), and aliro::getInstance().

Referenced by setSessionData().

                                      {
        // Note purge only records on the current side - admin or user - because lifetime may be different
        if (aliro::getInstance()->installed) {
            $past = time() - ($timeout ? $timeout : $this->_lifetime);
            $database = aliroCoreDatabase::getInstance();
            $database->setQuery("SELECT session_id, username, isadmin FROM #__session WHERE (time < $past) AND isadmin = $this->isadmin");
            $expired = $database->loadObjectList();
            if ($expired) foreach ($expired as $exp) {
                $sessions[] = $exp->session_id;
                $this->forceLogout ($exp);
            }
            if (isset($sessions)) {
                $sessionlist = implode ("','", $sessions);
                $database->doSQL("DELETE LOW_PRIORITY FROM `#__session` WHERE session_id IN('$sessionlist')");
            }
            aliroSessionData::getInstance()->sess_destroy_orphans();
        }
    }

aliroSession::forceLogout

(

$

exp

)

[protected]

Reimplemented in aliroUserSession.

Definition at line 224 of file aliroSession.php.

Referenced by purge().

                                          {
        // Implemented by User Session, not Admin
    }

static aliroSession::isAdminPresent

(

)

[static]

Definition at line 228 of file aliroSession.php.

References aliroCoreDatabase::getInstance().

Referenced by aliroUserRequest::doControl().

                                             {
        if (isset($_COOKIE['aliroAdminSession'])) $admin_session = $_COOKIE['aliroAdminSession'];
        else return false;
        $database = aliroCoreDatabase::getInstance();
        $database->setQuery("SELECT COUNT(session_id) FROM #__session WHERE session_id = '$admin_session' AND isadmin = 1");
        return $database->loadResult() ? true : false;
    }

---

Member Data Documentation

aliroSession::$currentSession = null [static, protected]

Definition at line 57 of file aliroSession.php.

aliroSession::$session_id = null

Definition at line 58 of file aliroSession.php.

aliroSession::$time = null

Definition at line 59 of file aliroSession.php.

aliroSession::$userid = 0

Definition at line 60 of file aliroSession.php.

aliroSession::$usertype = ''

Definition at line 61 of file aliroSession.php.

aliroSession::$username = ''

Definition at line 62 of file aliroSession.php.

aliroSession::$gid = 0

Definition at line 63 of file aliroSession.php.

aliroSession::$guest = 1

Definition at line 64 of file aliroSession.php.

aliroSession::$_lifetime [protected]

Definition at line 65 of file aliroSession.php.

aliroSession::$_newsess = false [protected]

Definition at line 66 of file aliroSession.php.

---

The documentation for this class was generated from the following file:

• aliroSession.php