File: 0.01.1a/core/SessionManager.php (View as HTML)

  1: <?php 
  2: /* -------------------------------------------------------------
  3: This file is part of FreeDESK
  4: 
  5: FreeDESK is (C) Copyright 2012 David Cutting
  6: 
  7: FreeDESK is free software: you can redistribute it and/or modify
  8: it under the terms of the GNU General Public License as published by
  9: the Free Software Foundation, either version 3 of the License, or
 10: (at your option) any later version.
 11: 
 12: FreeDESK is distributed in the hope that it will be useful,
 13: but WITHOUT ANY WARRANTY; without even the implied warranty of
 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 15: GNU General Public License for more details.
 16: 
 17: You should have received a copy of the GNU General Public License
 18: along with FreeDESK.  If not, see www.gnu.org/licenses
 19: 
 20: For more information see www.purplepixie.org/freedesk/
 21: -------------------------------------------------------------- */
 22: 
 23: /**
 24:  * Session Class - contains information about interactive user session
 25: **/
 26: class Session
 27: {
 28: 	/**
 29: 	 * Type of session
 30: 	**/
 31: 	var $type = ContextType::None;
 32: 	/**
 33: 	 * Session ID
 34: 	**/
 35: 	var $sid = "";
 36: 	/**
 37: 	 * Username
 38: 	**/
 39: 	var $username = "";
 40: 	/**
 41: 	 * Real name
 42: 	**/
 43: 	var $realname = "";
 44: 	/**
 45: 	 * Create a SID - sets $this->sid and returns SID
 46: 	 * @return string SID
 47: 	**/
 48: 	function CreateSID()
 49: 	{
 50: 		$allow = "abcdefghijklmnopqrstuvwxyz0123456789XYZ";
 51: 		$len = 128;
 52: 		$allowlen = strlen($allow);
 53: 		$this->sid="";
 54: 		mt_srand(microtime()*1000000);
 55: 		for ($i=0; $i<$len; ++$i)
 56: 		{
 57: 			$this->sid.=$allow[mt_rand(0,$allowlen-1)];
 58: 		}
 59: 		return $this->sid;
 60: 	}
 61: 	/**
 62: 	 * Return XML Description of the Session
 63: 	 * @param bool $header Return XML header (optional, default false)
 64: 	 * @return string XML Data
 65: 	**/
 66: 	function XML($header=false)
 67: 	{
 68: 		$xml = new xmlCreate();
 69: 		$xml->startElement("session");
 70: 		$xml->charElement("type",$this->type);
 71: 		$xml->charElement("sid",$this->sid);
 72: 		$xml->charElement("username",$this->username);
 73: 		$xml->endElement("session");
 74: 		return $xml->getXML($header);
 75: 	}
 76: 	/**
 77: 	 * Get a 'nice' name
 78: 	 * @return string Nice name for current user
 79: 	**/
 80: 	function NiceName()
 81: 	{
 82: 		$name = "";
 83: 		if ($this->type == ContextType::Customer)
 84: 			$name.="CUSTOMER";
 85: 		else if ($this->realname != "")
 86: 			$name.=$this->realname;
 87: 		else
 88: 			$name.=$this->username;
 89: 		return $name;
 90: 	}
 91: }
 92: 
 93: /**
 94:  * Session Manager class - handles creation, check and update of sessions
 95: **/
 96: class SessionManager
 97: {
 98: 	/**
 99: 	 * FreeDESK Instance
100: 	**/
101: 	private $DESK = null;
102: 	
103: 	/**
104: 	 * Constructor
105: 	 * @param mixed $freeDESK FreeDESK instance
106: 	**/
107: 	function SessionManager(&$freeDESK)
108: 	{
109: 		$this->DESK = &$freeDESK;
110: 		$this->DESK->PluginManager->Register(new Plugin(
111: 			"Session Manager", "0.01", "Core" ));
112: 	}
113: 	
114: 	/**
115: 	 * Create a Session
116: 	 * @param mixed $type Type of session of form ContextType)
117: 	 * @param string $username Username
118: 	 * @param string $password Password
119: 	 * @return mixed Session class on success or bool false on failure
120: 	**/
121: 	function Create($type, $username, $password)
122: 	{	// TODO: Customer
123: 		$expiry = $this->DESK->Configuration->Get("session.expire","15");
124: 		
125: 		if ($type == ContextType::User)
126: 		{
127: 		
128: 			// Fetch user auth type
129: 		
130: 			$q="SELECT ".$this->DESK->Database->Field("authtype").",".$this->DESK->Database->Field("realname")." FROM ".$this->DESK->Database->Table("user")." ";
131: 			$q.="WHERE ".$this->DESK->Database->Field("username")."=\"".$this->DESK->Database->Safe($username)."\" LIMIT 0,1";
132: 		
133: 			
134: 			$r=$this->DESK->Database->Query($q);
135: 			$user=$this->DESK->Database->FetchAssoc($r);
136: 			$this->DESK->Database->Free($r);
137: 			if ($user)
138: 			{
139: 				$authtype=$user['authtype'];
140: 				if ($authtype=="")
141: 					$authtype=$this->DESK->Configuration->Get("auth.default","standard");
142: 				$authmethod=AuthenticationFactory::Create($this->DESK, $authtype);
143: 				if (!$authmethod)
144: 					return false;
145: 				if ($authmethod->Authenticate($type, $username, $password))
146: 				{
147: 					// Successful Login
148: 					$session = new Session();
149: 					$session->type = $type;
150: 					$session->username = $username;
151: 					$session->realname = $user['realname'];
152: 					$session->CreateSID();
153: 				
154: 					// Create the session in the DB
155: 					$q="INSERT INTO ".$this->DESK->Database->Table("session")."(".$this->DESK->Database->Field("username").",";
156: 					$q.=$this->DESK->Database->Field("session_id").",".$this->DESK->Database->Field("sessiontype").",";
157: 					$q.=$this->DESK->Database->Field("created_dt").",".$this->DESK->Database->Field("updated_dt").",";
158: 					$q.=$this->DESK->Database->Field("expires_dt").",".$this->DESK->Database->Field("realname").") VALUES(";
159: 					$q.="\"".$this->DESK->Database->Safe($username)."\",";
160: 					$q.="\"".$this->DESK->Database->Safe($session->sid)."\",";
161: 					$q.=$this->DESK->Database->Safe($type).",";
162: 					$q.="NOW(),NOW(),DATE_ADD(NOW(), INTERVAL ".$this->DESK->Database->Safe($expiry)." MINUTE),";
163: 					$q.=$this->DESK->Database->SafeQuote($user['realname']).")";
164: 				
165: 					$this->DESK->Database->Query($q);
166: 				
167: 					return $session;
168: 				}
169: 			}
170: 			return false; // failure
171: 		}
172: 		else if ($type == ContextType::Customer && $username!="" && $password!="")
173: 		{
174: 			$q="SELECT * FROM ".$this->DESK->Database->Table("customer")." WHERE ";
175: 			$q.="(".$this->DESK->Database->Field("username")."=".$this->DESK->Database->SafeQuote($username)." OR ";
176: 			$q.=$this->DESK->Database->Field("email")."=".$this->DESK->Database->SafeQuote($username).") AND ";
177: 			$q.=$this->DESK->Database->Field("password")."=".$this->DESK->Database->SafeQuote($password);
178: 			$q.=" LIMIT 0,1";
179: 			
180: 			$r=$this->DESK->Database->Query($q);
181: 			if ($user=$this->DESK->Database->FetchAssoc($r))
182: 			{
183: 				$this->DESK->Database->Free($r);
184: 				// Successful Login
185: 				$session = new Session();
186: 				$session->type = $type;
187: 				$session->username = $user['customerid'];
188: 				$session->realname = "CUSTOMER:".$user['firstname']." ".$user['lastname'];
189: 				$session->CreateSID();
190: 			
191: 				// Create the session in the DB
192: 				$q="INSERT INTO ".$this->DESK->Database->Table("session")."(".$this->DESK->Database->Field("username").",";
193: 				$q.=$this->DESK->Database->Field("session_id").",".$this->DESK->Database->Field("sessiontype").",";
194: 				$q.=$this->DESK->Database->Field("created_dt").",".$this->DESK->Database->Field("updated_dt").",";
195: 				$q.=$this->DESK->Database->Field("expires_dt").",".$this->DESK->Database->Field("realname").") VALUES(";
196: 				$q.="\"".$this->DESK->Database->Safe($session->username)."\",";
197: 				$q.="\"".$this->DESK->Database->Safe($session->sid)."\",";
198: 				$q.=$this->DESK->Database->Safe($type).",";
199: 				$q.="NOW(),NOW(),DATE_ADD(NOW(), INTERVAL ".$this->DESK->Database->Safe($expiry)." MINUTE),";
200: 				$q.=$this->DESK->Database->SafeQuote($user['realname']).")";
201: 			
202: 				$this->DESK->Database->Query($q);
203: 			
204: 				return $session;
205: 			}
206: 			else
207: 				return false; // failed login
208: 		}
209: 		return false; // default failure
210: 	}
211: 	
212: 	/**
213: 	 * Check a Session
214: 	 * @param mixed $sid Session ID
215: 	 * @return mixed Sesson class on success or bool false on failure
216: 	**/
217: 	function Check($sid)
218: 	{
219: 		$expiry = $this->DESK->Configuration->Get("session.expire","15");
220: 		
221: 		// Select session from DB
222: 		$q="SELECT * FROM ".$this->DESK->Database->Table("session")." WHERE ".$this->DESK->Database->Field("session_id")."=";
223: 		$q.="\"".$this->DESK->Database->Safe($sid)."\" AND ".$this->DESK->Database->Field("expires_dt").">NOW() LIMIT 0,1";
224: 		
225: 		$r=$this->DESK->Database->Query($q);
226: 		$sess=$this->DESK->Database->FetchAssoc($r);
227: 		$this->DESK->Database->Free($r);
228: 		if ($sess) // If session found
229: 		{
230: 			// Load session data
231: 			$session = new Session();
232: 			$session->sid = $sid;
233: 			$session->type = $sess['sessiontype'];
234: 			$session->username = $sess['username'];
235: 			$session->realname = $sess['realname'];
236: 			
237: 			// And update expiry
238: 			$q="UPDATE ".$this->DESK->Database->Table("session")." SET ".$this->DESK->Database->Field("updated_dt")."=NOW(),";
239: 			$q.=$this->DESK->Database->Field("expires_dt")."=DATE_ADD(NOW(), INTERVAL ".$this->DESK->Database->Safe($expiry)." MINUTE) ";
240: 			$q.="WHERE ".$this->DESK->Database->Field("session_id")."=\"".$this->DESK->Database->Safe($sid)."\"";
241: 			$this->DESK->Database->Query($q);
242: 			
243: 			return $session;
244: 		}
245: 		return false;
246: 	}
247: 	
248: 	/**
249: 	 * Destroy a session
250: 	 * @param string $sid Session ID
251: 	**/
252: 	function Destroy($sid)
253: 	{
254: 		$q="DELETE FROM ".$this->DESK->Database->Table("session")." WHERE ".$this->DESK->Database->Field("session_id")."=";
255: 		$q.=$this->DESK->Database->SafeQuote($sid);
256: 		$this->DESK->Database->Query($q);
257: 	}
258: }
259: 
260: 
261: ?>
262: 
263: