template TEXT
) ENGINE=InnoDB;
+CREATE TABLE IF NOT EXISTS dns_session (
+ id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY,
+ sessionID VARCHAR(255) NOT NULL DEFAULT '',
+ expire INT(10) NOT NULL,
+ sessionData TEXT
+) ENGINE=InnoDB;
+
ALTER TABLE dns_api ADD FOREIGN KEY (userID) REFERENCES dns_user (userID) ON DELETE CASCADE;
ALTER TABLE dns_sec ADD FOREIGN KEY (zone) REFERENCES dns_soa (id) ON DELETE CASCADE;
ALTER TABLE dns_rr ADD FOREIGN KEY (zone) REFERENCES dns_soa (id) ON DELETE CASCADE;
else if ($action == "requestApiKey") {
if (User::isLoggedIn()) {
$sql = "SELECT * FROM dns_api WHERE userID = ?";
- $res = DNS::getDB()->query($sql, array($_SESSION['userID']));
+ $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID));
$row = DNS::getDB()->fetch_array($res);
if (empty($row)) {
$apiKey = DNS::generateUUID();
$sql = "INSERT INTO dns_api (id, userID, apiKey) VALUES (NULL, ?, ?)";
- DNS::getDB()->query($sql, array($_SESSION['userID'], $apiKey));
+ DNS::getDB()->query($sql, array(DNS::getSession()->userID, $apiKey));
echo $apiKey;
exit;
public function prepare() {
$sql = "SELECT * FROM dns_api WHERE userID = ?";
- $res = DNS::getDB()->query($sql, array($_SESSION['userID']));
+ $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID));
$row = DNS::getDB()->fetch_array($res);
$apiKey = "";
// todo: user/server seletion
$key = "";
if (isset($_REQUEST['key'])) {
- $key = $_REQUEST['key'];
+ $key = strtoupper(trim($_REQUEST['key']));
}
if (!defined('DNS_API_KEY') || $key != DNS_API_KEY || empty($key) || !preg_match('/[a-f0-9]{8}\-[a-f0-9]{4}\-4[a-f0-9]{3}\-[89ab][a-f0-9]{3}\-[a-f0-9]{12}/i', $key)) {
$soaID = DNS::getDB()->last_id();
$sql = "INSERT INTO dns_soa_to_user (id, userID, soaID) VALUES (null, ?, ?)";
- DNS::getDB()->query($sql, array($_SESSION['userID'], $soaID));
+ DNS::getDB()->query($sql, array(DNS::getSession()->userID, $soaID));
$sql = "SELECT * FROM dns_template WHERE userID = ?";
- $res = DNS::getDB()->query($sql, array($_SESSION['userID']));
+ $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID));
$tpl = DNS::getDB()->fetch_array($res);
$records = array();
}
else {
$sql = "SELECT * from dns_user WHERE reseller = ?";
- $res = DNS::getDB()->query($sql, array($_SESSION['userID']));
+ $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID));
}
$user = array();
*/
protected static $dbObj = null;
+ /**
+ * session object
+ *
+ * @var object
+ */
+ protected static $sessionObj = null;
+
/**
* template object
*
$this->initDB();
self::buildOptions();
+ $this->initSession();
$this->initLanguage();
$this->initTPL();
new RequestHandler();
self::$dbObj = new DB($driver, $host, $user, $pass, $db, $port);
}
+ /**
+ * init session system
+ */
+ protected function initSession() {
+ self::$sessionObj = new SessionHandler();
+ }
+
+ /**
+ * return session object
+ */
+ public static function getSession() {
+ return self::$sessionObj;
+ }
+
/*
* autoload class files from namespace uses
*
$languageCode = $availableLanguages[$code];
}
}
- else if (isset($_SESSION['language'])) {
- $code = strtolower($_SESSION['language']);
+ else if (DNS::getSession()->language !== null) {
+ $code = strtolower(DNS::getSession()->language);
if (in_array($code, $availableLanguages)) {
$languageCode = $code;
}
}
$file = $basedir.$languageCode.'.lang.php';
- $_SESSION['language'] = $languageCode;
+ DNS::getSession()->register('language', $languageCode);
if (file_exists($file)) {
require_once($file);
protected function initTPL () {
require(DNS_DIR.'/config.inc.php');
- if (isset($_SESSION['tpl']) && !empty($_SESSION['tpl'])) {
- $tpl = $_SESSION['tpl'];
+ if (DNS::getSession()->tpl !== null && !empty(DNS::getSession()->tpl)) {
+ $tpl = DNS::getSession()->tpl;
}
require_once(DNS_DIR.'/lib/api/smarty/Smarty.class.php');
exit;
}
- if (isset($_SESSION['username'])) {
- DNS::getTPL()->assign(array("username" => $_SESSION['username']));
+ if (DNS::getSession()->username !== null) {
+ DNS::getTPL()->assign(array("username" => DNS::getSession()->username));
}
if (empty($className)) {
--- /dev/null
+<?php
+namespace dns\system;
+
+/**
+ * @author Jan Altensen (Stricted)
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @copyright 2013-2015 Jan Altensen (Stricted)
+ */
+class SessionHandler {
+ private $sessionID = null;
+
+ private $sessionData = array();
+
+ public function __construct () {
+ $this->init();
+ }
+
+ public function init() {
+ if ($this->sessionID === null) {
+ $this->sessionID = session_id();
+ }
+
+ // load session data from database and check if the data is expired
+ if (!$this->exists()) {
+ $sql = "INSERT INTO dns_session (id, sessionID, expire, sessionData) VALUES (NULL, ?, ?, ?)";
+ DNS::getDB()->query($sql, array($this->sessionID, time() + 3600 * 24, ''));
+ }
+
+ /* load data from database */
+ $sql ="SELECT * FROM dns_session where sessionID = ?";
+ $res = DNS::getDB()->query($sql, array($this->sessionID));
+ $data = DNS::getDB()->fetch_array($res);
+ if (isset($data['sessionData']) && !empty($data['sessionData'])) {
+ $this->sessionData = json_decode($data['sessionData'], true);
+ }
+ }
+
+ private function exists() {
+ $sql = "SELECT * FROM dns_session where sessionID = ?";
+ $res = DNS::getDB()->query($sql, array($this->sessionID));
+ $data = DNS::getDB()->fetch_array($res);
+ if (isset($data['sessionID']) && !empty($data['sessionID'])) {
+ if ($data['expire'] < time()) {
+ $this->destroy();
+ return false;
+ }
+
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Provides access to session data.
+ *
+ * @param string $key
+ * @return mixed
+ */
+ public function __get($key) {
+ return $this->getVar($key);
+ }
+
+ public function getVar($key) {
+ if (isset($this->sessionData[$key])) {
+ return $this->sessionData[$key];
+ }
+
+ return null;
+ }
+
+ /**
+ * Registers a session variable.
+ *
+ * @param string $key
+ * @param string $value
+ */
+ public function register($key, $value) {
+ $this->sessionData[$key] = $value;
+
+
+ $data = json_encode($this->sessionData);
+ $sql = "UPDATE dns_session SET sessionData = ?, expire = ? WHERE sessionID = ?";
+ DNS::getDB()->query($sql, array($data, time() + 3600 * 24, $this->sessionID));
+ }
+
+ public function __set($key, $value) {
+ $this->register($key, $value);
+ }
+
+ public function destroy() {
+ $this->sessionData = array();
+
+ $sql = "DELETE FROM dns_session WHERE sessionID = ?";
+ DNS::getDB()->query($sql, array($this->sessionID));
+ }
+
+ public function update($key, $value) {
+ $this->register($key, $value);
+ }
+}
* @return boolean
*/
public static function isLoggedIn () {
- if (isset($_SESSION['login']) && $_SESSION['login'] == 1) {
+ if (DNS::getSession()->login !== null && DNS::getSession()->login == 1) {
return true;
}
}
public static function isAdmin () {
- if (isset($_SESSION['status']) && !empty($_SESSION['status']) && $_SESSION['status'] == 2) {
+ if (DNS::getSession()->status !== null && DNS::getSession()->status == 2) {
return true;
}
return true;
}
- if (isset($_SESSION['status']) && !empty($_SESSION['status']) && $_SESSION['status'] === 1) {
+ if (DNS::getSession()->status !== null && DNS::getSession()->status == 1) {
return true;
}
$sha1Password = sha1($row['password']);
$sha1CookieHash = sha1($sha1UserID.$sha1Password);
if ($sha1CookieHash == $hash) {
- $_SESSION['login'] = 1;
- $_SESSION['username'] = $row["username"];
- $_SESSION['userID'] = $row["userID"];
- $_SESSION['status'] = intval($row["status"]);
+ DNS::getSession()->register('login', 1);
+ DNS::getSession()->register('username', $row["username"]);
+ DNS::getSession()->register('userID', $row["userID"]);
+ DNS::getSession()->register('status', intval($row["status"]));
+
return true;
}
}
$row = DNS::getDB()->fetch_array($query);
if (!empty($row)) {
if (crypt(crypt($password, $row['password']), $row['password']) == $row['password']) {
- $_SESSION['login'] = 1;
- $_SESSION['username'] = $row["username"];
- $_SESSION['userID'] = $row["userID"];
- $_SESSION['status'] = intval($row["status"]);
+ DNS::getSession()->register('login', 1);
+ DNS::getSession()->register('username', $row["username"]);
+ DNS::getSession()->register('userID', $row["userID"]);
+ DNS::getSession()->register('status', intval($row["status"]));
+
if ($remember === true) {
$sha1UserID = sha1($row["userID"]);
$sha1Password = sha1($row['password']);
return false;
}
- public static function logout () {
- $_SESSION = array(); // clear session array before destroy
-
+ public static function logout () {
if (isset($_COOKIE["userID"])) {
setcookie("userID", '', time() - 3600);
}
setcookie("cookieHash", '', time() - 3600);
}
+ DNS::getSession()->destroy();
session_destroy();
}
$data = array();
if ($userID === 0 && self::isLoggedIn()) {
- if (isset($_SESSION['userID'])) {
- $userID = $_SESSION['userID'];
+ if (DNS::getSession()->userID !== null) {
+ $userID = DNS::getSession()->userID;
}
if (self::isAdmin()) {