Viewing File core/SessionManager.php of 0.01.1a
|
1: <?php 2: /* ------------------------------------------------------------- 3: This file is part of FreeDESK 4: 5: FreeDESK is (C) Copyright 2012 David Cutting 6: 7: FreeDESK is free software: you can redistribute it and/or modify 8: it under the terms of the GNU General Public License as published by 9: the Free Software Foundation, either version 3 of the License, or 10: (at your option) any later version. 11: 12: FreeDESK is distributed in the hope that it will be useful, 13: but WITHOUT ANY WARRANTY; without even the implied warranty of 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15: GNU General Public License for more details. 16: 17: You should have received a copy of the GNU General Public License 18: along with FreeDESK. If not, see www.gnu.org/licenses 19: 20: For more information see www.purplepixie.org/freedesk/ 21: -------------------------------------------------------------- */ 22: 23: /** 24: * Session Class - contains information about interactive user session 25: **/ 26: class Session 27: { 28: /** 29: * Type of session 30: **/ 31: var $type = ContextType::None; 32: /** 33: * Session ID 34: **/ 35: var $sid = ""; 36: /** 37: * Username 38: **/ 39: var $username = ""; 40: /** 41: * Real name 42: **/ 43: var $realname = ""; 44: /** 45: * Create a SID - sets $this->sid and returns SID 46: * @return string SID 47: **/ 48: function CreateSID() 49: { 50: $allow = "abcdefghijklmnopqrstuvwxyz0123456789XYZ"; 51: $len = 128; 52: $allowlen = strlen($allow); 53: $this->sid=""; 54: mt_srand(microtime()*1000000); 55: for ($i=0; $i<$len; ++$i) 56: { 57: $this->sid.=$allow[mt_rand(0,$allowlen-1)]; 58: } 59: return $this->sid; 60: } 61: /** 62: * Return XML Description of the Session 63: * @param bool $header Return XML header (optional, default false) 64: * @return string XML Data 65: **/ 66: function XML($header=false) 67: { 68: $xml = new xmlCreate(); 69: $xml->startElement("session"); 70: $xml->charElement("type",$this->type); 71: $xml->charElement("sid",$this->sid); 72: $xml->charElement("username",$this->username); 73: $xml->endElement("session"); 74: return $xml->getXML($header); 75: } 76: /** 77: * Get a 'nice' name 78: * @return string Nice name for current user 79: **/ 80: function NiceName() 81: { 82: $name = ""; 83: if ($this->type == ContextType::Customer) 84: $name.="CUSTOMER"; 85: else if ($this->realname != "") 86: $name.=$this->realname; 87: else 88: $name.=$this->username; 89: return $name; 90: } 91: } 92: 93: /** 94: * Session Manager class - handles creation, check and update of sessions 95: **/ 96: class SessionManager 97: { 98: /** 99: * FreeDESK Instance 100: **/ 101: private $DESK = null; 102: 103: /** 104: * Constructor 105: * @param mixed $freeDESK FreeDESK instance 106: **/ 107: function SessionManager(&$freeDESK) 108: { 109: $this->DESK = &$freeDESK; 110: $this->DESK->PluginManager->Register(new Plugin( 111: "Session Manager", "0.01", "Core" )); 112: } 113: 114: /** 115: * Create a Session 116: * @param mixed $type Type of session of form ContextType) 117: * @param string $username Username 118: * @param string $password Password 119: * @return mixed Session class on success or bool false on failure 120: **/ 121: function Create($type, $username, $password) 122: { // TODO: Customer 123: $expiry = $this->DESK->Configuration->Get("session.expire","15"); 124: 125: if ($type == ContextType::User) 126: { 127: 128: // Fetch user auth type 129: 130: $q="SELECT ".$this->DESK->Database->Field("authtype").",".$this->DESK->Database->Field("realname")." FROM ".$this->DESK->Database->Table("user")." "; 131: $q.="WHERE ".$this->DESK->Database->Field("username")."=\"".$this->DESK->Database->Safe($username)."\" LIMIT 0,1"; 132: 133: 134: $r=$this->DESK->Database->Query($q); 135: $user=$this->DESK->Database->FetchAssoc($r); 136: $this->DESK->Database->Free($r); 137: if ($user) 138: { 139: $authtype=$user['authtype']; 140: if ($authtype=="") 141: $authtype=$this->DESK->Configuration->Get("auth.default","standard"); 142: $authmethod=AuthenticationFactory::Create($this->DESK, $authtype); 143: if (!$authmethod) 144: return false; 145: if ($authmethod->Authenticate($type, $username, $password)) 146: { 147: // Successful Login 148: $session = new Session(); 149: $session->type = $type; 150: $session->username = $username; 151: $session->realname = $user['realname']; 152: $session->CreateSID(); 153: 154: // Create the session in the DB 155: $q="INSERT INTO ".$this->DESK->Database->Table("session")."(".$this->DESK->Database->Field("username").","; 156: $q.=$this->DESK->Database->Field("session_id").",".$this->DESK->Database->Field("sessiontype").","; 157: $q.=$this->DESK->Database->Field("created_dt").",".$this->DESK->Database->Field("updated_dt").","; 158: $q.=$this->DESK->Database->Field("expires_dt").",".$this->DESK->Database->Field("realname").") VALUES("; 159: $q.="\"".$this->DESK->Database->Safe($username)."\","; 160: $q.="\"".$this->DESK->Database->Safe($session->sid)."\","; 161: $q.=$this->DESK->Database->Safe($type).","; 162: $q.="NOW(),NOW(),DATE_ADD(NOW(), INTERVAL ".$this->DESK->Database->Safe($expiry)." MINUTE),"; 163: $q.=$this->DESK->Database->SafeQuote($user['realname']).")"; 164: 165: $this->DESK->Database->Query($q); 166: 167: return $session; 168: } 169: } 170: return false; // failure 171: } 172: else if ($type == ContextType::Customer && $username!="" && $password!="") 173: { 174: $q="SELECT * FROM ".$this->DESK->Database->Table("customer")." WHERE "; 175: $q.="(".$this->DESK->Database->Field("username")."=".$this->DESK->Database->SafeQuote($username)." OR "; 176: $q.=$this->DESK->Database->Field("email")."=".$this->DESK->Database->SafeQuote($username).") AND "; 177: $q.=$this->DESK->Database->Field("password")."=".$this->DESK->Database->SafeQuote($password); 178: $q.=" LIMIT 0,1"; 179: 180: $r=$this->DESK->Database->Query($q); 181: if ($user=$this->DESK->Database->FetchAssoc($r)) 182: { 183: $this->DESK->Database->Free($r); 184: // Successful Login 185: $session = new Session(); 186: $session->type = $type; 187: $session->username = $user['customerid']; 188: $session->realname = "CUSTOMER:".$user['firstname']." ".$user['lastname']; 189: $session->CreateSID(); 190: 191: // Create the session in the DB 192: $q="INSERT INTO ".$this->DESK->Database->Table("session")."(".$this->DESK->Database->Field("username").","; 193: $q.=$this->DESK->Database->Field("session_id").",".$this->DESK->Database->Field("sessiontype").","; 194: $q.=$this->DESK->Database->Field("created_dt").",".$this->DESK->Database->Field("updated_dt").","; 195: $q.=$this->DESK->Database->Field("expires_dt").",".$this->DESK->Database->Field("realname").") VALUES("; 196: $q.="\"".$this->DESK->Database->Safe($session->username)."\","; 197: $q.="\"".$this->DESK->Database->Safe($session->sid)."\","; 198: $q.=$this->DESK->Database->Safe($type).","; 199: $q.="NOW(),NOW(),DATE_ADD(NOW(), INTERVAL ".$this->DESK->Database->Safe($expiry)." MINUTE),"; 200: $q.=$this->DESK->Database->SafeQuote($user['realname']).")"; 201: 202: $this->DESK->Database->Query($q); 203: 204: return $session; 205: } 206: else 207: return false; // failed login 208: } 209: return false; // default failure 210: } 211: 212: /** 213: * Check a Session 214: * @param mixed $sid Session ID 215: * @return mixed Sesson class on success or bool false on failure 216: **/ 217: function Check($sid) 218: { 219: $expiry = $this->DESK->Configuration->Get("session.expire","15"); 220: 221: // Select session from DB 222: $q="SELECT * FROM ".$this->DESK->Database->Table("session")." WHERE ".$this->DESK->Database->Field("session_id")."="; 223: $q.="\"".$this->DESK->Database->Safe($sid)."\" AND ".$this->DESK->Database->Field("expires_dt").">NOW() LIMIT 0,1"; 224: 225: $r=$this->DESK->Database->Query($q); 226: $sess=$this->DESK->Database->FetchAssoc($r); 227: $this->DESK->Database->Free($r); 228: if ($sess) // If session found 229: { 230: // Load session data 231: $session = new Session(); 232: $session->sid = $sid; 233: $session->type = $sess['sessiontype']; 234: $session->username = $sess['username']; 235: $session->realname = $sess['realname']; 236: 237: // And update expiry 238: $q="UPDATE ".$this->DESK->Database->Table("session")." SET ".$this->DESK->Database->Field("updated_dt")."=NOW(),"; 239: $q.=$this->DESK->Database->Field("expires_dt")."=DATE_ADD(NOW(), INTERVAL ".$this->DESK->Database->Safe($expiry)." MINUTE) "; 240: $q.="WHERE ".$this->DESK->Database->Field("session_id")."=\"".$this->DESK->Database->Safe($sid)."\""; 241: $this->DESK->Database->Query($q); 242: 243: return $session; 244: } 245: return false; 246: } 247: 248: /** 249: * Destroy a session 250: * @param string $sid Session ID 251: **/ 252: function Destroy($sid) 253: { 254: $q="DELETE FROM ".$this->DESK->Database->Table("session")." WHERE ".$this->DESK->Database->Field("session_id")."="; 255: $q.=$this->DESK->Database->SafeQuote($sid); 256: $this->DESK->Database->Query($q); 257: } 258: } 259: 260: 261: ?> 262: 263: