File:
0.00.1a/core/SessionManager.php (
View as Code)
1: 2: /* -------------------------------------------------------------
3: This file is part of FreeDESK
4:
5: FreeDESK is (C) Copyright 2012 David Cutting
6:
7: FreeDESK is free software: you can redistribute it and/or modify
8: it under the terms of the GNU General Public License as published by
9: the Free Software Foundation, either version 3 of the License, or
10: (at your option) any later version.
11:
12: FreeDESK is distributed in the hope that it will be useful,
13: but WITHOUT ANY WARRANTY; without even the implied warranty of
14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15: GNU General Public License for more details.
16:
17: You should have received a copy of the GNU General Public License
18: along with FreeDESK. If not, see www.gnu.org/licenses
19:
20: For more information see www.purplepixie.org/freedesk/
21: -------------------------------------------------------------- */
22:
23: /**
24: * Session Class - contains information about interactive user session
25: **/
26: class Session
27: {
28: /**
29: * Type of session
30: **/
31: var $type = ContextType::None;
32: /**
33: * Session ID
34: **/
35: var $sid = "";
36: /**
37: * Username
38: **/
39: var $username = "";
40: /**
41: * Real name
42: **/
43: var $realname = "";
44: /**
45: * Create a SID - sets $this->sid and returns SID
46: * @return string SID
47: **/
48: function CreateSID()
49: {
50: $allow = "abcdefghijklmnopqrstuvwxyz0123456789XYZ";
51: $len = 128;
52: $allowlen = strlen($allow);
53: $this->sid="";
54: mt_srand(microtime()*1000000);
55: for ($i=0; $i<$len; ++$i)
56: {
57: $this->sid.=$allow[mt_rand(0,$allowlen-1)];
58: }
59: return $this->sid;
60: }
61: /**
62: * Return XML Description of the Session
63: * @param bool $header Return XML header (optional, default false)
64: * @return string XML Data
65: **/
66: function XML($header=false)
67: {
68: $xml = new xmlCreate();
69: $xml->startElement("session");
70: $xml->charElement("type",$this->type);
71: $xml->charElement("sid",$this->sid);
72: $xml->charElement("username",$this->username);
73: $xml->endElement("session");
74: return $xml->getXML($header);
75: }
76: /**
77: * Get a 'nice' name
78: * @return string Nice name for current user
79: **/
80: function NiceName()
81: {
82: $name = "";
83: if ($this->type == ContextType::Customer)
84: $name.="CUSTOMER";
85: else if ($this->realname != "")
86: $name.=$this->realname;
87: else
88: $name.=$this->username;
89: return $name;
90: }
91: }
92:
93: /**
94: * Session Manager class - handles creation, check and update of sessions
95: **/
96: class SessionManager
97: {
98: /**
99: * FreeDESK Instance
100: **/
101: private $DESK = null;
102:
103: /**
104: * Constructor
105: * @param mixed $freeDESK FreeDESK instance
106: **/
107: function SessionManager(&$freeDESK)
108: {
109: $this->DESK = &$freeDESK;
110: $this->DESK->PluginManager->Register(new Plugin(
111: "Session Manager", "0.01", "Core" ));
112: }
113:
114: /**
115: * Create a Session
116: * @param mixed $type Type of session of form ContextType)
117: * @param string $username Username
118: * @param string $password Password
119: * @return mixed Session class on success or bool false on failure
120: **/
121: function Create($type, $username, $password)
122: { // TODO: Customer
123: $expiry = $this->DESK->Configuration->Get("session.expire","15");
124:
125: if ($type == ContextType::User)
126: {
127:
128: // Fetch user auth type
129:
130: $q="SELECT ".$this->DESK->Database->Field("authtype").",".$this->DESK->Database->Field("realname")." FROM ".$this->DESK->Database->Table("user")." ";
131: $q.="WHERE ".$this->DESK->Database->Field("username")."=\"".$this->DESK->Database->Safe($username)."\" LIMIT 0,1";
132:
133:
134: $r=$this->DESK->Database->Query($q);
135: $user=$this->DESK->Database->FetchAssoc($r);
136: $this->DESK->Database->Free($r);
137: if ($user)
138: {
139: $authtype=$user['authtype'];
140: if ($authtype=="")
141: $authtype=$this->DESK->Configuration->Get("auth.default","standard");
142: $authmethod=AuthenticationFactory::Create($this->DESK, $authtype);
143: if (!$authmethod)
144: return false;
145: if ($authmethod->Authenticate($type, $username, $password))
146: {
147: // Successful Login
148: $session = new Session();
149: $session->type = $type;
150: $session->username = $username;
151: $session->realname = $user['realname'];
152: $session->CreateSID();
153:
154: // Create the session in the DB
155: $q="INSERT INTO ".$this->DESK->Database->Table("session")."(".$this->DESK->Database->Field("username").",";
156: $q.=$this->DESK->Database->Field("session_id").",".$this->DESK->Database->Field("sessiontype").",";
157: $q.=$this->DESK->Database->Field("created_dt").",".$this->DESK->Database->Field("updated_dt").",";
158: $q.=$this->DESK->Database->Field("expires_dt").",".$this->DESK->Database->Field("realname").") VALUES(";
159: $q.="\"".$this->DESK->Database->Safe($username)."\",";
160: $q.="\"".$this->DESK->Database->Safe($session->sid)."\",";
161: $q.=$this->DESK->Database->Safe($type).",";
162: $q.="NOW(),NOW(),DATE_ADD(NOW(), INTERVAL ".$this->DESK->Database->Safe($expiry)." MINUTE),";
163: $q.=$this->DESK->Database->SafeQuote($user['realname']).")";
164:
165: $this->DESK->Database->Query($q);
166:
167: return $session;
168: }
169: }
170: return false; // failure
171: }
172: else if ($type == ContextType::Customer && $username!="" && $password!="")
173: {
174: $q="SELECT * FROM ".$this->DESK->Database->Table("customer")." WHERE ";
175: $q.="(".$this->DESK->Database->Field("username")."=".$this->DESK->Database->SafeQuote($username)." OR ";
176: $q.=$this->DESK->Database->Field("email")."=".$this->DESK->Database->SafeQuote($username).") AND ";
177: $q.=$this->DESK->Database->Field("password")."=".$this->DESK->Database->SafeQuote($password);
178: $q.=" LIMIT 0,1";
179:
180: $r=$this->DESK->Database->Query($q);
181: if ($user=$this->DESK->Database->FetchAssoc($r))
182: {
183: $this->DESK->Database->Free($r);
184: // Successful Login
185: $session = new Session();
186: $session->type = $type;
187: $session->username = $user['customerid'];
188: $session->realname = "CUSTOMER:".$user['firstname']." ".$user['lastname'];
189: $session->CreateSID();
190:
191: // Create the session in the DB
192: $q="INSERT INTO ".$this->DESK->Database->Table("session")."(".$this->DESK->Database->Field("username").",";
193: $q.=$this->DESK->Database->Field("session_id").",".$this->DESK->Database->Field("sessiontype").",";
194: $q.=$this->DESK->Database->Field("created_dt").",".$this->DESK->Database->Field("updated_dt").",";
195: $q.=$this->DESK->Database->Field("expires_dt").",".$this->DESK->Database->Field("realname").") VALUES(";
196: $q.="\"".$this->DESK->Database->Safe($session->username)."\",";
197: $q.="\"".$this->DESK->Database->Safe($session->sid)."\",";
198: $q.=$this->DESK->Database->Safe($type).",";
199: $q.="NOW(),NOW(),DATE_ADD(NOW(), INTERVAL ".$this->DESK->Database->Safe($expiry)." MINUTE),";
200: $q.=$this->DESK->Database->SafeQuote($user['realname']).")";
201:
202: $this->DESK->Database->Query($q);
203:
204: return $session;
205: }
206: else
207: return false; // failed login
208: }
209: return false; // default failure
210: }
211:
212: /**
213: * Check a Session
214: * @param mixed $sid Session ID
215: * @return mixed Sesson class on success or bool false on failure
216: **/
217: function Check($sid)
218: {
219: $expiry = $this->DESK->Configuration->Get("session.expire","15");
220:
221: // Select session from DB
222: $q="SELECT * FROM ".$this->DESK->Database->Table("session")." WHERE ".$this->DESK->Database->Field("session_id")."=";
223: $q.="\"".$this->DESK->Database->Safe($sid)."\" AND ".$this->DESK->Database->Field("expires_dt").">NOW() LIMIT 0,1";
224:
225: $r=$this->DESK->Database->Query($q);
226: $sess=$this->DESK->Database->FetchAssoc($r);
227: $this->DESK->Database->Free($r);
228: if ($sess) // If session found
229: {
230: // Load session data
231: $session = new Session();
232: $session->sid = $sid;
233: $session->type = $sess['sessiontype'];
234: $session->username = $sess['username'];
235: $session->realname = $sess['realname'];
236:
237: // And update expiry
238: $q="UPDATE ".$this->DESK->Database->Table("session")." SET ".$this->DESK->Database->Field("updated_dt")."=NOW(),";
239: $q.=$this->DESK->Database->Field("expires_dt")."=DATE_ADD(NOW(), INTERVAL ".$this->DESK->Database->Safe($expiry)." MINUTE) ";
240: $q.="WHERE ".$this->DESK->Database->Field("session_id")."=\"".$this->DESK->Database->Safe($sid)."\"";
241: $this->DESK->Database->Query($q);
242:
243: return $session;
244: }
245: return false;
246: }
247:
248: /**
249: * Destroy a session
250: * @param string $sid Session ID
251: **/
252: function Destroy($sid)
253: {
254: $q="DELETE FROM ".$this->DESK->Database->Table("session")." WHERE ".$this->DESK->Database->Field("session_id")."=";
255: $q.=$this->DESK->Database->SafeQuote($sid);
256: $this->DESK->Database->Query($q);
257: }
258: }
259:
260:
261: ?>
262:
263: