add session system
authorStricted <info@stricted.de>
Thu, 12 Mar 2015 02:01:54 +0000 (03:01 +0100)
committerStricted <info@stricted.de>
Thu, 12 Mar 2015 02:01:54 +0000 (03:01 +0100)
database.sql
lib/page/ActionPage.class.php
lib/page/ApiManagementPage.class.php
lib/page/ApiPage.class.php
lib/page/DomainAddPage.class.php
lib/page/UserList.class.php
lib/system/DNS.class.php
lib/system/RequestHandler.class.php
lib/system/SessionHandler.class.php [new file with mode: 0644]
lib/system/User.class.php

index 3aa361cc06fb7153426e2bf9ef4f66c2c4d9363b..55c17b795b7aea04451ddc7456c200b29ad2bd94 100644 (file)
@@ -72,6 +72,13 @@ CREATE TABLE IF NOT EXISTS dns_template (
        template TEXT
 ) ENGINE=InnoDB;
 
+CREATE TABLE IF NOT EXISTS dns_session (
+       id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
+       sessionID VARCHAR(255) NOT NULL DEFAULT '',
+       expire INT(10) NOT NULL,
+       sessionData TEXT
+) ENGINE=InnoDB;
+
 ALTER TABLE dns_api ADD FOREIGN KEY (userID) REFERENCES dns_user (userID) ON DELETE CASCADE;
 ALTER TABLE dns_sec ADD FOREIGN KEY (zone) REFERENCES dns_soa (id) ON DELETE CASCADE;
 ALTER TABLE dns_rr ADD FOREIGN KEY (zone) REFERENCES dns_soa (id) ON DELETE CASCADE;
index d58fc8b421428aae39e1025a6d8d6309984c4fe1..cd9f7f5c47cab00188ffdcad46d8d854f4d5c01b 100644 (file)
@@ -175,14 +175,14 @@ class ActionPage extends AbstractPage {
                else if ($action == "requestApiKey") {
                        if (User::isLoggedIn()) {
                                $sql = "SELECT * FROM dns_api WHERE userID = ?";
-                               $res = DNS::getDB()->query($sql, array($_SESSION['userID']));
+                               $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID));
                                $row = DNS::getDB()->fetch_array($res);
                                
                                if (empty($row)) {
                                        $apiKey = DNS::generateUUID();
                                        
                                        $sql = "INSERT INTO dns_api (id, userID, apiKey) VALUES (NULL, ?, ?)";
-                                       DNS::getDB()->query($sql, array($_SESSION['userID'], $apiKey));
+                                       DNS::getDB()->query($sql, array(DNS::getSession()->userID, $apiKey));
                                        
                                        echo $apiKey;
                                        exit;
index ff08d1feaeed7c21f836cef8db55ae1ac1110be5..710ed3ce0ff9ab7e840f15991accca884e4e0b38 100644 (file)
@@ -13,7 +13,7 @@ class ApiManagementPage extends AbstractPage {
        
        public function prepare() {
                $sql = "SELECT * FROM dns_api WHERE userID = ?";
-               $res = DNS::getDB()->query($sql, array($_SESSION['userID']));
+               $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID));
                $row = DNS::getDB()->fetch_array($res);
                
                $apiKey = "";
index 879ac9da2f06082d08f0898253c60b6f29fb2846..b91a2754a1184333fda7fc2a232166fff6789f77 100644 (file)
@@ -14,7 +14,7 @@ class ApiPage extends AbstractPage {
                // todo: user/server seletion
                $key = "";
                if (isset($_REQUEST['key'])) {
-                       $key = $_REQUEST['key'];
+                       $key = strtoupper(trim($_REQUEST['key']));
                }
                
                if (!defined('DNS_API_KEY') || $key != DNS_API_KEY || empty($key) || !preg_match('/[a-f0-9]{8}\-[a-f0-9]{4}\-4[a-f0-9]{3}\-[89ab][a-f0-9]{3}\-[a-f0-9]{12}/i', $key)) {
index 333e7092a2b46378f74cefa6f376cab1ccb0ed5d..dcf7694b73aa987000183ef147b453f7fb1aff8c 100644 (file)
@@ -36,10 +36,10 @@ class DomainAddPage extends AbstractPage {
                                        $soaID = DNS::getDB()->last_id();
                                        
                                        $sql = "INSERT INTO dns_soa_to_user (id, userID, soaID) VALUES (null, ?, ?)";
-                                       DNS::getDB()->query($sql, array($_SESSION['userID'], $soaID));
+                                       DNS::getDB()->query($sql, array(DNS::getSession()->userID, $soaID));
                                        
                                        $sql = "SELECT * FROM dns_template WHERE userID = ?";
-                                       $res = DNS::getDB()->query($sql, array($_SESSION['userID']));
+                                       $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID));
                                        $tpl = DNS::getDB()->fetch_array($res);
                                        
                                        $records = array();
index 442b6a0cc05f78ba95f71924b0647ec276eaf19a..0efa39aa465998abac7b82db3d82a6065925d2e5 100644 (file)
@@ -19,7 +19,7 @@ class UserListPage extends AbstractPage {
                        }
                        else {
                                $sql = "SELECT * from dns_user WHERE reseller = ?";
-                               $res = DNS::getDB()->query($sql, array($_SESSION['userID']));
+                               $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID));
                        }
                        
                        $user = array();
index 35fd65cf8c4cefab1dce62001c9f58dea174c209..66b9f52b1ec599029f53e4e947de59cf5685d0dd 100644 (file)
@@ -14,6 +14,13 @@ class DNS {
         */
        protected static $dbObj = null;
        
+       /**
+        * session object
+        *
+        * @var object
+        */
+       protected static $sessionObj = null;
+       
        /**
         * template object
         *
@@ -36,6 +43,7 @@ class DNS {
                
                $this->initDB();
                self::buildOptions();
+               $this->initSession();
                $this->initLanguage();
                $this->initTPL();
                new RequestHandler();
@@ -56,6 +64,20 @@ class DNS {
                self::$dbObj = new DB($driver, $host, $user, $pass, $db, $port);
        }
        
+       /**
+        * init session system
+        */
+       protected function initSession() {
+               self::$sessionObj = new SessionHandler();
+       }
+       
+       /**
+        * return session object
+        */
+       public static function getSession() {
+               return self::$sessionObj;
+       }
+       
        /*
         * autoload class files from namespace uses
         *
@@ -88,8 +110,8 @@ class DNS {
                                $languageCode = $availableLanguages[$code];
                        }
                }
-               else if (isset($_SESSION['language'])) {
-                       $code = strtolower($_SESSION['language']);
+               else if (DNS::getSession()->language !== null) {
+                       $code = strtolower(DNS::getSession()->language);
                        if (in_array($code, $availableLanguages)) {
                                $languageCode = $code;
                        }
@@ -109,7 +131,7 @@ class DNS {
                }
                
                $file = $basedir.$languageCode.'.lang.php';
-               $_SESSION['language'] = $languageCode;
+               DNS::getSession()->register('language', $languageCode);
                
                if (file_exists($file)) {
                        require_once($file);
@@ -159,8 +181,8 @@ class DNS {
        protected function initTPL () {
                require(DNS_DIR.'/config.inc.php');
                
-               if (isset($_SESSION['tpl']) && !empty($_SESSION['tpl'])) {
-                       $tpl = $_SESSION['tpl'];
+               if (DNS::getSession()->tpl !== null && !empty(DNS::getSession()->tpl)) {
+                       $tpl = DNS::getSession()->tpl;
                }
                
                require_once(DNS_DIR.'/lib/api/smarty/Smarty.class.php');
index 44c8838c1bad42e08d58f6f623ecc881a588f9dc..9e0b66096f453cdeb4f79dd86841953a9aeb162f 100644 (file)
@@ -36,8 +36,8 @@ class RequestHandler {
                        exit;
                }
                
-               if (isset($_SESSION['username'])) {
-                       DNS::getTPL()->assign(array("username" => $_SESSION['username']));
+               if (DNS::getSession()->username !== null) {
+                       DNS::getTPL()->assign(array("username" => DNS::getSession()->username));
                }
                
                if (empty($className)) {
diff --git a/lib/system/SessionHandler.class.php b/lib/system/SessionHandler.class.php
new file mode 100644 (file)
index 0000000..1f0e46d
--- /dev/null
@@ -0,0 +1,101 @@
+<?php
+namespace dns\system;
+
+/**
+ * @author      Jan Altensen (Stricted)
+ * @license     GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @copyright   2013-2015 Jan Altensen (Stricted)
+ */
+class SessionHandler {
+       private $sessionID = null;
+       
+       private $sessionData = array();
+       
+       public function __construct () {
+               $this->init();
+       }
+       
+       public function init() {
+               if ($this->sessionID === null) {
+                       $this->sessionID = session_id();
+               }
+               
+               // load session data from database and check if the data is expired
+               if (!$this->exists()) {
+                       $sql = "INSERT INTO dns_session (id, sessionID, expire, sessionData) VALUES (NULL, ?, ?, ?)";
+                       DNS::getDB()->query($sql, array($this->sessionID, time() + 3600 * 24, ''));
+               }
+               
+               /* load data from database */
+               $sql ="SELECT * FROM dns_session where sessionID = ?";
+               $res = DNS::getDB()->query($sql, array($this->sessionID));
+               $data = DNS::getDB()->fetch_array($res);
+               if (isset($data['sessionData']) && !empty($data['sessionData'])) {
+                       $this->sessionData = json_decode($data['sessionData'], true);
+               }
+       }
+       
+       private function exists() {
+               $sql = "SELECT * FROM dns_session where sessionID = ?";
+               $res = DNS::getDB()->query($sql, array($this->sessionID));
+               $data = DNS::getDB()->fetch_array($res);
+               if (isset($data['sessionID']) && !empty($data['sessionID'])) {
+                       if ($data['expire'] < time()) {
+                               $this->destroy();
+                               return false;
+                       }
+                       
+                       return true;
+               }
+               
+               return false;
+       }
+       
+       /**
+        * Provides access to session data.
+        * 
+        * @param       string          $key
+        * @return      mixed
+        */
+       public function __get($key) {
+               return $this->getVar($key);
+       }
+       
+       public function getVar($key) {
+               if (isset($this->sessionData[$key])) {
+                       return $this->sessionData[$key];
+               }
+               
+               return null;
+       }
+       
+       /**
+        * Registers a session variable.
+        * 
+        * @param       string          $key
+        * @param       string          $value
+        */
+       public function register($key, $value) {
+               $this->sessionData[$key] = $value;
+               
+               
+               $data = json_encode($this->sessionData);
+               $sql = "UPDATE dns_session SET sessionData = ?, expire = ? WHERE sessionID = ?";
+               DNS::getDB()->query($sql, array($data, time() + 3600 * 24, $this->sessionID));
+       }
+       
+       public function __set($key, $value) {
+               $this->register($key, $value);
+       }
+       
+       public function destroy() {
+               $this->sessionData = array();
+               
+               $sql = "DELETE FROM dns_session WHERE sessionID = ?";
+               DNS::getDB()->query($sql, array($this->sessionID));
+       }
+       
+       public function update($key, $value) {
+               $this->register($key, $value);
+       }
+}
index 8dd7ef8da961c722ac24b1031588da9e4f197621..33eba57f26f2678eef6677aa1f5597989d491738 100644 (file)
@@ -13,7 +13,7 @@ class User {
         * @return      boolean
         */
        public static function isLoggedIn () {          
-               if (isset($_SESSION['login']) && $_SESSION['login'] == 1) {
+               if (DNS::getSession()->login !== null && DNS::getSession()->login == 1) {
                        return true;
                }
                
@@ -25,7 +25,7 @@ class User {
        }
        
        public static function isAdmin () {
-               if (isset($_SESSION['status']) && !empty($_SESSION['status']) && $_SESSION['status'] == 2) {
+               if (DNS::getSession()->status !== null && DNS::getSession()->status == 2) {
                        return true;
                }
                
@@ -37,7 +37,7 @@ class User {
                        return true;
                }
                
-               if (isset($_SESSION['status']) && !empty($_SESSION['status']) && $_SESSION['status'] === 1) {
+               if (DNS::getSession()->status !== null && DNS::getSession()->status == 1) {
                        return true;
                }
                
@@ -52,10 +52,11 @@ class User {
                        $sha1Password = sha1($row['password']);
                        $sha1CookieHash = sha1($sha1UserID.$sha1Password);
                        if ($sha1CookieHash == $hash) {
-                               $_SESSION['login'] = 1;
-                               $_SESSION['username'] = $row["username"];
-                               $_SESSION['userID'] = $row["userID"];
-                               $_SESSION['status'] = intval($row["status"]);
+                               DNS::getSession()->register('login', 1);
+                               DNS::getSession()->register('username', $row["username"]);
+                               DNS::getSession()->register('userID', $row["userID"]);
+                               DNS::getSession()->register('status', intval($row["status"]));
+                               
                                return true;
                        }
                }
@@ -68,10 +69,11 @@ class User {
                $row = DNS::getDB()->fetch_array($query);
                if (!empty($row)) {
                        if (crypt(crypt($password, $row['password']), $row['password']) == $row['password']) {
-                               $_SESSION['login'] = 1;
-                               $_SESSION['username'] = $row["username"];
-                               $_SESSION['userID'] = $row["userID"];
-                               $_SESSION['status'] = intval($row["status"]);
+                               DNS::getSession()->register('login', 1);
+                               DNS::getSession()->register('username', $row["username"]);
+                               DNS::getSession()->register('userID', $row["userID"]);
+                               DNS::getSession()->register('status', intval($row["status"]));
+                               
                                if ($remember === true) {
                                        $sha1UserID = sha1($row["userID"]);
                                        $sha1Password = sha1($row['password']);
@@ -88,9 +90,7 @@ class User {
                return false;
        }
        
-       public static function logout () {
-               $_SESSION = array(); // clear session array before destroy
-               
+       public static function logout () {              
                if (isset($_COOKIE["userID"])) {
                        setcookie("userID", '', time() - 3600);
                }
@@ -99,6 +99,7 @@ class User {
                        setcookie("cookieHash", '', time() - 3600);
                }
                
+               DNS::getSession()->destroy();
                session_destroy();
        }
        
@@ -155,8 +156,8 @@ class User {
                $data = array();
                
                if ($userID === 0 && self::isLoggedIn()) {
-                       if (isset($_SESSION['userID'])) {
-                               $userID = $_SESSION['userID'];
+                       if (DNS::getSession()->userID !== null) {
+                               $userID = DNS::getSession()->userID;
                        }
                        
                        if (self::isAdmin()) {