eZ publish: ezsession.php Source File

00001 <?php
00002 //
00003 // Definition of eZSession class
00004 //
00005 // Created on: <19-Aug-2002 12:49:18 bf>
00006 //
00007 // ## BEGIN COPYRIGHT, LICENSE AND WARRANTY NOTICE ##
00008 // SOFTWARE NAME: eZ publish
00009 // SOFTWARE RELEASE: 3.9.x
00010 // COPYRIGHT NOTICE: Copyright (C) 1999-2006 eZ systems AS
00011 // SOFTWARE LICENSE: GNU General Public License v2.0
00012 // NOTICE: >
00013 //   This program is free software; you can redistribute it and/or
00014 //   modify it under the terms of version 2.0  of the GNU General
00015 //   Public License as published by the Free Software Foundation.
00016 //
00017 //   This program is distributed in the hope that it will be useful,
00018 //   but WITHOUT ANY WARRANTY; without even the implied warranty of
00019 //   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00020 //   GNU General Public License for more details.
00021 //
00022 //   You should have received a copy of version 2.0 of the GNU General
00023 //   Public License along with this program; if not, write to the Free
00024 //   Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
00025 //   MA 02110-1301, USA.
00026 //
00027 //
00028 // ## END COPYRIGHT, LICENSE AND WARRANTY NOTICE ##
00029 //
00030 
00031 /*!
00032   Re-implementation of PHP session management using database.
00033 
00034   The session system has a hook system which allows external code to perform
00035   extra tasks before and after a certain action is executed. For instance to
00036   cleanup a table when sessions are removed.
00037   To create a hook function the global variable \c eZSessionFunctions must be
00038   filled in. This contains an associative array with hook points, e.g.
00039   \c destroy_pre which is checked by the session system.
00040   Each hook point must contain an array with function names to execute, if the
00041   hook point does not exist the session handler will not handle the hooks.
00042 
00043   \code
00044   function cleanupStuff( &$db, $key, $escKey )
00045   {
00046       // Do cleanup here
00047   }
00048   if ( !isset( $GLOBALS['eZSessionFunctions']['destroy_pre'] ) )
00049       $GLOBALS['eZSessionFunctions']['destroy_pre'] = array();
00050   $GLOBALS['eZSessionFunctions']['destroy_pre'][] = 'cleanupstuff';
00051   \endcode
00052 
00053   When new data is inserted to the database it will call the \c update_pre and
00054   \c update_post hooks. The signature of the function is
00055   function insert( &$db, $key, $escapedKey, $expirationTime, $userID, $value )
00056 
00057   When existing data is updated in the databbase it will call the \c insert_pre
00058   and \c insert_post hook. The signature of the function is
00059   function update( &$db, $key, $escapedKey, $expirationTime, $userID, $value )
00060 
00061   When a specific session is destroyed in the database it will call the
00062   \c destroy_pre and \c destroy_post hooks. The signature of the function is
00063   function destroy( &$db, $key, $escapedKey )
00064 
00065   When multiple sessions are expired (garbage collector) in the database it
00066   will call the \c gc_pre and \c gc_post hooks. The signature of the function is
00067   function gcollect( &$db, $expiredTime )
00068 
00069   When all sessionss are removed from the database it will call the
00070   \c empty_pre and \c empty_post hooks. The signature of the function is
00071   function empty( &$db )
00072 
00073   \param $db The database object used by the session manager.
00074   \param $key The session key which are being worked on, see also \a $escapedKey
00075   \param $escapedKey The same key as \a $key but is escaped correctly for the database.
00076                      Use this to save a call to eZDBInterface::escapeString()
00077   \param $expirationTime An integer specifying the timestamp of when the session
00078                          will expire.
00079   \param $expiredTime Similar to \a $expirationTime but is the time used to figure
00080                       if a session is expired in the database. ie. all sessions with
00081                       lower expiration times will be removed.
00082 */
00083 
00084 function eZSessionOpen( )
00085 {
00086     // do nothing eZDB will open connection when needed.
00087 }
00088 
00089 function eZSessionClose( )
00090 {
00091     // eZDB will handle closing the database
00092 }
00093 
00094 function &eZSessionRead( $key )
00095 {
00096     include_once( 'lib/ezdb/classes/ezdb.php' );
00097     $db =& eZDB::instance();
00098 
00099     $key = $db->escapeString( $key );
00100 
00101     $sessionRes = $db->arrayQuery( "SELECT data, user_id, expiration_time FROM ezsession WHERE session_key='$key'" );
00102 
00103     if ( $sessionRes !== false and count( $sessionRes ) == 1 )
00104     {
00105         $ini =& eZINI::instance();
00106 
00107         $sessionUpdatesTime = $sessionRes[0]['expiration_time'] - $ini->variable( 'Session', 'SessionTimeout' );
00108         $sessionIdle = time() - $sessionUpdatesTime;
00109 
00110         $data =& $sessionRes[0]['data'];
00111         $GLOBALS['eZSessionUserID'] = $sessionRes[0]['user_id'];
00112         $GLOBALS['eZSessionIdleTime'] = $sessionIdle;
00113 
00114         /*
00115          * The line below is needed to correctly load list of content classes saved
00116          * in the CanInstantiateClassList session variable.
00117          * Without this we get incomplete classes loaded (__PHP_Incomplete_Class).
00118          */
00119         require_once( 'kernel/classes/ezcontentclass.php' );
00120 
00121         return $data;
00122     }
00123     else
00124     {
00125         $retVal = false;
00126         return $retVal;
00127     }
00128 }
00129 
00130 /*!
00131   Will write the session information to database.
00132 */
00133 function eZSessionWrite( $key, $value )
00134 {
00135 //    include_once( 'lib/ezdb/classes/ezdb.php' );
00136 
00137     if ( isset( $GLOBALS["eZRequestError"] ) && $GLOBALS["eZRequestError"] )
00138     {
00139         return;
00140     }
00141 
00142     $db =& eZDB::instance();
00143     $ini =& eZIni::instance();
00144     $expirationTime = time() + $ini->variable( 'Session', 'SessionTimeout' );
00145 
00146     if ( $db->bindingType() != EZ_DB_BINDING_NO )
00147     {
00148         $value = $db->bindVariable( $value, array( 'name' => 'data' ) );
00149     }
00150     else
00151     {
00152         $value = '\'' . $db->escapeString( $value ) . '\'';
00153 
00154     }
00155 //    $value = $db->escapeString( $value );
00156     $escKey = $db->escapeString( $key );
00157     // check if session already exists
00158 
00159     $userID = 0;
00160     if ( isset( $GLOBALS['eZSessionUserID'] ) )
00161         $userID = $GLOBALS['eZSessionUserID'];
00162     $userID = $db->escapeString( $userID );
00163 
00164     $sessionRes = $db->arrayQuery( "SELECT session_key FROM ezsession WHERE session_key='$escKey'" );
00165 
00166     if ( count( $sessionRes ) == 1 )
00167     {
00168         if ( isset( $GLOBALS['eZSessionFunctions']['update_pre'] ) )
00169         {
00170             foreach ( $GLOBALS['eZSessionFunctions']['update_pre'] as $func )
00171             {
00172                 $func( $db, $key, $escKey, $expirationTime, $userID, $value );
00173             }
00174         }
00175 
00176         $updateQuery = "UPDATE ezsession
00177                     SET expiration_time='$expirationTime', data=$value, user_id='$userID'
00178                     WHERE session_key='$escKey'";
00179 
00180         $ret = $db->query( $updateQuery );
00181 
00182         if ( isset( $GLOBALS['eZSessionFunctions']['update_post'] ) )
00183         {
00184             foreach ( $GLOBALS['eZSessionFunctions']['update_post'] as $func )
00185             {
00186                 $func( $db, $key, $escKey, $expirationTime, $userID, $value );
00187             }
00188         }
00189     }
00190     else
00191     {
00192         if ( isset( $GLOBALS['eZSessionFunctions']['insert_pre'] ) )
00193         {
00194             foreach ( $GLOBALS['eZSessionFunctions']['insert_pre'] as $func )
00195             {
00196                 $func( $db, $key, $escKey, $expirationTime, $userID, $value );
00197             }
00198         }
00199 
00200         $insertQuery = "INSERT INTO ezsession
00201                     ( session_key, expiration_time, data, user_id )
00202                     VALUES ( '$escKey', '$expirationTime', $value, '$userID' )";
00203 
00204         $ret = $db->query( $insertQuery );
00205 
00206         if ( isset( $GLOBALS['eZSessionFunctions']['insert_post'] ) )
00207         {
00208             foreach ( $GLOBALS['eZSessionFunctions']['insert_post'] as $func )
00209             {
00210                 $func( $db, $key, $escKey, $expirationTime, $userID, $value );
00211             }
00212         }
00213     }
00214 }
00215 
00216 /*!
00217   Will remove a session from the database.
00218 */
00219 function eZSessionDestroy( $key )
00220 {
00221     include_once( 'lib/ezdb/classes/ezdb.php' );
00222     $db =& eZDB::instance();
00223 
00224     $escKey = $db->escapeString( $key );
00225     if ( isset( $GLOBALS['eZSessionFunctions']['destroy_pre'] ) )
00226     {
00227         foreach ( $GLOBALS['eZSessionFunctions']['destroy_pre'] as $func )
00228         {
00229             $func( $db, $key, $escKey );
00230         }
00231     }
00232 
00233     $query = "DELETE FROM ezsession WHERE session_key='$escKey'";
00234     $db->query( $query );
00235 
00236     if ( isset( $GLOBALS['eZSessionFunctions']['destroy_post'] ) )
00237     {
00238         foreach ( $GLOBALS['eZSessionFunctions']['destroy_post'] as $func )
00239         {
00240             $func( $db, $key, $escKey );
00241         }
00242     }
00243 }
00244 
00245 /*!
00246   Handles session cleanup. Will delete timed out sessions from the database.
00247 */
00248 function eZSessionGarbageCollector()
00249 {
00250     include_once( 'lib/ezdb/classes/ezdb.php' );
00251     $db =& eZDB::instance();
00252     $time = time();
00253 
00254     if ( isset( $GLOBALS['eZSessionFunctions']['gc_pre'] ) )
00255     {
00256         foreach ( $GLOBALS['eZSessionFunctions']['gc_pre'] as $func )
00257         {
00258             $func( $db, $time );
00259         }
00260     }
00261 
00262     $query = "DELETE FROM ezsession WHERE expiration_time < " . $time;
00263 
00264     $db->query( $query );
00265 
00266     if ( isset( $GLOBALS['eZSessionFunctions']['gc_post'] ) )
00267     {
00268         foreach ( $GLOBALS['eZSessionFunctions']['gc_post'] as $func )
00269         {
00270             $func( $db, $time );
00271         }
00272     }
00273 }
00274 
00275 /*!
00276   Removes all entries from session.
00277 */
00278 function eZSessionEmpty()
00279 {
00280     include_once( 'lib/ezdb/classes/ezdb.php' );
00281     $db =& eZDB::instance();
00282 
00283     if ( isset( $GLOBALS['eZSessionFunctions']['empty_pre'] ) )
00284     {
00285         foreach ( $GLOBALS['eZSessionFunctions']['empty_pre'] as $func )
00286         {
00287             $func( $db );
00288         }
00289     }
00290 
00291     $query = "TRUNCATE TABLE ezsession";
00292 
00293     $db->query( $query );
00294 
00295     if ( isset( $GLOBALS['eZSessionFunctions']['empty_post'] ) )
00296     {
00297         foreach ( $GLOBALS['eZSessionFunctions']['empty_post'] as $func )
00298         {
00299             $func( $db );
00300         }
00301     }
00302 }
00303 
00304 /*!
00305   Counts the number of active session and returns it.
00306 */
00307 function eZSessionCountActive()
00308 {
00309     include_once( 'lib/ezdb/classes/ezdb.php' );
00310     $db =& eZDB::instance();
00311     $query = "SELECT count( * ) AS count FROM ezsession";
00312 
00313     $rows = $db->arrayQuery( $query );
00314     return $rows[0]['count'];
00315 }
00316 
00317 /*!
00318  Register the needed session functions.
00319  Call this only once.
00320 */
00321 function eZRegisterSessionFunctions()
00322 {
00323     session_module_name( 'user' );
00324     $ini =& eZIni::instance();
00325     if ( $ini->variable( 'Session', 'SessionNameHandler' ) == 'custom' )
00326     {
00327         $sessionName = $ini->variable( 'Session', 'SessionNamePrefix' );
00328         if ( $ini->variable( 'Session', 'SessionNamePerSiteAccess' ) == 'enabled' )
00329         {
00330             $access = $GLOBALS['eZCurrentAccess'];
00331             $sessionName .=  $access['name'];
00332         }
00333         session_name( $sessionName );
00334     }
00335     session_set_save_handler(
00336         'ezsessionopen',
00337         'ezsessionclose',
00338         'ezsessionread',
00339         'ezsessionwrite',
00340         'ezsessiondestroy',
00341         'ezsessiongarbagecollector' );
00342 }
00343 
00344 /*!
00345  Makes sure that the session is started properly.
00346  Multiple calls will just be ignored.
00347 */
00348 function eZSessionStart()
00349 {
00350     // Check if we are allowed to use sessions
00351     if ( isset( $GLOBALS['eZSiteBasics'] ) and
00352          isset( $GLOBALS['eZSiteBasics']['session-required'] ) and
00353          !$GLOBALS['eZSiteBasics']['session-required'] )
00354         return false;
00355     $hasStarted =& $GLOBALS['eZSessionIsStarted'];
00356     if ( isset( $hasStarted ) and
00357          $hasStarted )
00358          return false;
00359     include_once( 'lib/ezdb/classes/ezdb.php' );
00360     $db =& eZDB::instance();
00361     if ( !$db->isConnected() )
00362         return false;
00363     eZRegisterSessionFunctions();
00364     $ini =& eZINI::instance();
00365     $cookieTimeout = isset( $GLOBALS['RememberMeTimeout'] ) ? $GLOBALS['RememberMeTimeout'] : $ini->variable( 'Session', 'CookieTimeout' );
00366 
00367     if ( is_numeric( $cookieTimeout ) )
00368     {
00369         session_set_cookie_params( (int)$cookieTimeout );
00370     }
00371     session_start();
00372     $hasStarted = true;
00373     return true;
00374 }
00375 
00376 /*!
00377  Makes sure session data is stored in the session and stops the session.
00378 */
00379 function eZSessionStop()
00380 {
00381     $hasStarted =& $GLOBALS['eZSessionIsStarted'];
00382     if ( isset( $hasStarted ) and
00383          !$hasStarted )
00384          return false;
00385     include_once( 'lib/ezdb/classes/ezdb.php' );
00386     $db =& eZDB::instance();
00387     if ( !$db->isConnected() )
00388         return false;
00389     session_write_close();
00390     $hasStarted = false;
00391     return true;
00392 }
00393 
00394 /*!
00395  Will make sure the user gets a new session ID while keepin the session data.
00396  This is useful to call on logins, to avoid sessions theft from users.
00397  \note This requires PHP 4.3.2 and higher which has the session_regenerate_id
00398  \return \c true if succesful
00399 */
00400 function eZSessionRegenerate()
00401 {
00402     $hasStarted =& $GLOBALS['eZSessionIsStarted'];
00403     if ( isset( $hasStarted ) and
00404          !$hasStarted )
00405          return false;
00406     if ( !function_exists( 'session_regenerate_id' ) )
00407         return false;
00408     // This doesn't seem to work as expected
00409 //     session_regenerate_id();
00410     return true;
00411 }
00412 
00413 /*!
00414  Removes the current session and resets session variables.
00415 */
00416 function eZSessionRemove()
00417 {
00418     $hasStarted =& $GLOBALS['eZSessionIsStarted'];
00419     if ( isset( $hasStarted ) and
00420          !$hasStarted )
00421          return false;
00422     include_once( 'lib/ezdb/classes/ezdb.php' );
00423     $db =& eZDB::instance();
00424     if ( !$db->isConnected() )
00425         return false;
00426     $_SESSION = array();
00427     session_destroy();
00428     $hasStarted = false;
00429     return true;
00430 }
00431 
00432 /*!
00433  Sets the current user ID to \a $userID,
00434  this ID will be written to the session table field user_id
00435  when the page is done.
00436  \sa eZSessionUserID
00437 */
00438 function eZSessionSetUserID( $userID )
00439 {
00440     $GLOBALS['eZSessionUserID'] = $userID;
00441 }
00442 
00443 /*!
00444  Returns the current session ID.
00445  The session handler will not care about value of the ID,
00446  it's entirely up to the clients of the session handler to use and update this value.
00447 */
00448 function eZSessionUserID()
00449 {
00450     if ( isset( $GLOBALS['eZSessionUserID'] ) )
00451         return $GLOBALS['eZSessionUserID'];
00452     return 0;
00453 }
00454 
00455 ?>