| [ Index ] |
PHP Cross Reference of MantisBT |
[Summary view] [Print] [Text view]
1 <?php 2 # MantisBT - A PHP based bugtracking system 3 4 # MantisBT is free software: you can redistribute it and/or modify 5 # it under the terms of the GNU General Public License as published by 6 # the Free Software Foundation, either version 2 of the License, or 7 # (at your option) any later version. 8 # 9 # MantisBT is distributed in the hope that it will be useful, 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 # GNU General Public License for more details. 13 # 14 # You should have received a copy of the GNU General Public License 15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17 18 /** 19 * Session API 20 * 21 * Handles user/browser sessions in an extendable manner. New session handlers 22 * can be added and configured without affecting how the API is used. Calls to 23 * session_*() are appropriately directed at the session handler class as 24 * chosen in config_inc.php. 25 * 26 * @package CoreAPI 27 * @subpackage SessionAPI 28 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 29 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net 30 * @link http://www.mantisbt.org 31 * 32 * @uses config_api.php 33 * @uses constant_inc.php 34 * @uses error_api.php 35 * @uses gpc_api.php 36 * @uses php_api.php 37 */ 38 39 require_api( 'config_api.php' ); 40 require_api( 'constant_inc.php' ); 41 require_api( 'error_api.php' ); 42 require_api( 'gpc_api.php' ); 43 require_api( 'php_api.php' ); 44 45 /** 46 * 47 * @global MantisPHPSession $g_session 48 */ 49 $g_session = null; 50 51 /** 52 * Abstract interface for a MantisBT session handler. 53 * @package MantisBT 54 * @subpackage classes 55 */ 56 abstract class MantisSession { 57 var $id; 58 59 /** 60 * Constructor 61 */ 62 abstract function __construct(); 63 64 /** 65 * get session data 66 * @param string $p_name 67 * @param mixed $p_default 68 */ 69 abstract function get( $p_name, $p_default = null ); 70 71 /** 72 * set session data 73 * @param string $p_name 74 * @param mixed $p_value 75 */ 76 abstract function set( $p_name, $p_value ); 77 78 /** 79 * delete session data 80 * @param string $p_name 81 */ 82 abstract function delete( $p_name ); 83 84 /** 85 * destroy session 86 */ 87 abstract function destroy(); 88 } 89 90 /** 91 * Implementation of the abstract MantisBT session interface using 92 * standard PHP sessions stored on the server's filesystem according 93 * to PHP's session.* settings in 'php.ini'. 94 * @package MantisBT 95 * @subpackage classes 96 */ 97 class MantisPHPSession extends MantisSession { 98 /** 99 * Constructor 100 */ 101 function __construct( $p_session_id=null ) { 102 global $g_cookie_secure_flag_enabled; 103 global $g_cookie_httponly_flag_enabled; 104 105 $this->key = hash( 'whirlpool', 'session_key' . config_get_global( 'crypto_master_salt' ), false ); 106 107 # Save session information where specified or with PHP's default 108 $t_session_save_path = config_get_global( 'session_save_path' ); 109 if( $t_session_save_path ) { 110 session_save_path( $t_session_save_path ); 111 } 112 113 # Handle session cookie and caching 114 session_cache_limiter( 'private_no_expire' ); 115 if ( $g_cookie_httponly_flag_enabled ) { 116 # The HttpOnly cookie flag is only supported in PHP >= 5.2.0 117 session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), $g_cookie_secure_flag_enabled, $g_cookie_httponly_flag_enabled ); 118 } else { 119 session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), $g_cookie_secure_flag_enabled ); 120 } 121 122 # Handle existent session ID 123 if ( !is_null( $p_session_id ) ) { 124 session_id( $p_session_id ); 125 } 126 127 # Initialize the session 128 session_start(); 129 $this->id = session_id(); 130 131 # Initialize the keyed session store 132 if ( !isset( $_SESSION[ $this->key ] ) ) { 133 $_SESSION[ $this->key ] = array(); 134 } 135 } 136 137 /** 138 * get session data 139 * @param string $p_name 140 * @param mixed $p_default 141 */ 142 function get( $p_name, $p_default=null ) { 143 if ( isset( $_SESSION[ $this->key ][ $p_name ] ) ) { 144 return unserialize( $_SESSION[ $this->key ][ $p_name ] ); 145 } 146 147 if( func_num_args() > 1 ) { 148 return $p_default; 149 } 150 151 error_parameters( $p_name ); 152 trigger_error( ERROR_SESSION_VAR_NOT_FOUND, ERROR ); 153 } 154 155 /** 156 * set session data 157 * @param string $p_name 158 * @param mixed $p_value 159 */ 160 function set( $p_name, $p_value ) { 161 $_SESSION[ $this->key ][ $p_name ] = serialize( $p_value ); 162 } 163 164 /** 165 * delete session data 166 * @param string $p_name 167 */ 168 function delete( $p_name ) { 169 unset( $_SESSION[ $this->key ][ $p_name ] ); 170 } 171 172 /** 173 * destroy session 174 */ 175 function destroy() { 176 if( isset( $_COOKIE[session_name()] ) && !headers_sent() ) { 177 gpc_set_cookie( session_name(), '', time() - 42000 ); 178 } 179 180 unset( $_SESSION[ $this->key ] ); 181 } 182 } 183 184 /** 185 * Initialize the appropriate session handler. 186 * @param string Session ID 187 */ 188 function session_init( $p_session_id=null ) { 189 global $g_session, $g_session_handler; 190 191 switch( utf8_strtolower( $g_session_handler ) ) { 192 case 'php': 193 $g_session = new MantisPHPSession( $p_session_id ); 194 break; 195 196 case 'adodb': 197 198 # Not yet implemented 199 case 'memcached': 200 201 # Not yet implemented 202 default: 203 trigger_error( ERROR_SESSION_HANDLER_INVALID, ERROR ); 204 break; 205 } 206 207 if ( ON == config_get_global( 'session_validation' ) && session_get( 'secure_session', false ) ) { 208 session_validate( $g_session ); 209 } 210 } 211 212 /** 213 * Validate the legitimacy of a session. 214 * Checks may include last-known IP address, or more. 215 * Triggers an error when the session is invalid. 216 * @param object Session object 217 */ 218 function session_validate( $p_session ) { 219 $t_user_ip = ''; 220 if ( isset( $_SERVER['REMOTE_ADDR'] ) ) { 221 $t_user_ip = trim( $_SERVER['REMOTE_ADDR'] ); 222 } 223 224 if ( is_null( $t_last_ip = $p_session->get( 'last_ip', null ) ) ) { 225 # First session usage 226 $p_session->set( 'last_ip', $t_user_ip ); 227 228 } else { 229 # Check a continued session request 230 if ( $t_user_ip != $t_last_ip ) { 231 session_clean(); 232 233 trigger_error( ERROR_SESSION_NOT_VALID, WARNING ); 234 235 $t_url = config_get_global( 'path' ) . config_get_global( 'default_home_page' ); 236 echo "\t<meta http-equiv=\"Refresh\" content=\"4;URL=$t_url\" />\n"; 237 238 die(); 239 } 240 } 241 } 242 243 /** 244 * Get arbitrary data from the session. 245 * @param string Session variable name 246 * @param mixed Default value 247 * @return mixed Session variable 248 */ 249 function session_get( $p_name, $p_default = null ) { 250 global $g_session; 251 252 $t_args = func_get_args(); 253 return call_user_func_array( array( $g_session, 'get' ), $t_args ); 254 } 255 256 /** 257 * Get an integer from the session. 258 * @param string Session variable name 259 * @param mixed Default value 260 * @return int Session variable 261 */ 262 function session_get_int( $p_name, $p_default = null ) { 263 global $g_session; 264 $t_args = func_get_args(); 265 return (int) call_user_func_array( 'session_get', $t_args ); 266 } 267 268 /** 269 * Get a boolean from the session. 270 * @param string Session variable name 271 * @param mixed Default value 272 * @return boolean Session variable 273 */ 274 function session_get_bool( $p_name, $p_default = null ) { 275 global $g_session; 276 $t_args = func_get_args(); 277 return true && call_user_func_array( 'session_get', $t_args ); 278 } 279 280 /** 281 * Get a string from the session. 282 * @param string Session variable name 283 * @param mixed Default value 284 * @return string Session variable 285 */ 286 function session_get_string( $p_name, $p_default = null ) { 287 global $g_session; 288 $t_args = func_get_args(); 289 return '' . call_user_func_array( 'session_get', $t_args ); 290 } 291 292 /** 293 * Set a session variable. 294 * @param string Session variable name 295 * @param mixed Variable value 296 */ 297 function session_set( $p_name, $p_value ) { 298 global $g_session; 299 $g_session->set( $p_name, $p_value ); 300 } 301 302 /** 303 * Delete a session variable. 304 * @param string Session variable name 305 */ 306 function session_delete( $p_name ) { 307 global $g_session; 308 $g_session->delete( $p_name ); 309 } 310 311 /** 312 * Destroy the session entirely. 313 */ 314 function session_clean() { 315 global $g_session; 316 $g_session->destroy(); 317 } 318 319 # Initialize the session 320 if ( PHP_CGI == php_mode() ) { 321 $t_session_id = gpc_get_string( 'session_id', '' ); 322 323 if ( empty( $t_session_id ) ) { 324 session_init(); 325 } else { 326 session_init( $t_session_id ); 327 } 328 } 329
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jul 28 15:48:31 2011 | Cross-referenced by PHPXref 0.7 |