From: Stricted Date: Thu, 12 Mar 2015 02:01:54 +0000 (+0100) Subject: add session system X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=5a33cd739338151d5639a1299f959ef719ac2b05;p=GitHub%2FStricted%2FDomain-Control-Panel.git add session system --- diff --git a/database.sql b/database.sql index 3aa361c..55c17b7 100644 --- a/database.sql +++ b/database.sql @@ -72,6 +72,13 @@ CREATE TABLE IF NOT EXISTS dns_template ( template TEXT ) ENGINE=InnoDB; +CREATE TABLE IF NOT EXISTS dns_session ( + id INT(10) NOT NULL AUTO_INCREMENT PRIMARY KEY, + sessionID VARCHAR(255) NOT NULL DEFAULT '', + expire INT(10) NOT NULL, + sessionData TEXT +) ENGINE=InnoDB; + ALTER TABLE dns_api ADD FOREIGN KEY (userID) REFERENCES dns_user (userID) ON DELETE CASCADE; ALTER TABLE dns_sec ADD FOREIGN KEY (zone) REFERENCES dns_soa (id) ON DELETE CASCADE; ALTER TABLE dns_rr ADD FOREIGN KEY (zone) REFERENCES dns_soa (id) ON DELETE CASCADE; diff --git a/lib/page/ActionPage.class.php b/lib/page/ActionPage.class.php index d58fc8b..cd9f7f5 100644 --- a/lib/page/ActionPage.class.php +++ b/lib/page/ActionPage.class.php @@ -175,14 +175,14 @@ class ActionPage extends AbstractPage { else if ($action == "requestApiKey") { if (User::isLoggedIn()) { $sql = "SELECT * FROM dns_api WHERE userID = ?"; - $res = DNS::getDB()->query($sql, array($_SESSION['userID'])); + $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID)); $row = DNS::getDB()->fetch_array($res); if (empty($row)) { $apiKey = DNS::generateUUID(); $sql = "INSERT INTO dns_api (id, userID, apiKey) VALUES (NULL, ?, ?)"; - DNS::getDB()->query($sql, array($_SESSION['userID'], $apiKey)); + DNS::getDB()->query($sql, array(DNS::getSession()->userID, $apiKey)); echo $apiKey; exit; diff --git a/lib/page/ApiManagementPage.class.php b/lib/page/ApiManagementPage.class.php index ff08d1f..710ed3c 100644 --- a/lib/page/ApiManagementPage.class.php +++ b/lib/page/ApiManagementPage.class.php @@ -13,7 +13,7 @@ class ApiManagementPage extends AbstractPage { public function prepare() { $sql = "SELECT * FROM dns_api WHERE userID = ?"; - $res = DNS::getDB()->query($sql, array($_SESSION['userID'])); + $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID)); $row = DNS::getDB()->fetch_array($res); $apiKey = ""; diff --git a/lib/page/ApiPage.class.php b/lib/page/ApiPage.class.php index 879ac9d..b91a275 100644 --- a/lib/page/ApiPage.class.php +++ b/lib/page/ApiPage.class.php @@ -14,7 +14,7 @@ class ApiPage extends AbstractPage { // todo: user/server seletion $key = ""; if (isset($_REQUEST['key'])) { - $key = $_REQUEST['key']; + $key = strtoupper(trim($_REQUEST['key'])); } if (!defined('DNS_API_KEY') || $key != DNS_API_KEY || empty($key) || !preg_match('/[a-f0-9]{8}\-[a-f0-9]{4}\-4[a-f0-9]{3}\-[89ab][a-f0-9]{3}\-[a-f0-9]{12}/i', $key)) { diff --git a/lib/page/DomainAddPage.class.php b/lib/page/DomainAddPage.class.php index 333e709..dcf7694 100644 --- a/lib/page/DomainAddPage.class.php +++ b/lib/page/DomainAddPage.class.php @@ -36,10 +36,10 @@ class DomainAddPage extends AbstractPage { $soaID = DNS::getDB()->last_id(); $sql = "INSERT INTO dns_soa_to_user (id, userID, soaID) VALUES (null, ?, ?)"; - DNS::getDB()->query($sql, array($_SESSION['userID'], $soaID)); + DNS::getDB()->query($sql, array(DNS::getSession()->userID, $soaID)); $sql = "SELECT * FROM dns_template WHERE userID = ?"; - $res = DNS::getDB()->query($sql, array($_SESSION['userID'])); + $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID)); $tpl = DNS::getDB()->fetch_array($res); $records = array(); diff --git a/lib/page/UserList.class.php b/lib/page/UserList.class.php index 442b6a0..0efa39a 100644 --- a/lib/page/UserList.class.php +++ b/lib/page/UserList.class.php @@ -19,7 +19,7 @@ class UserListPage extends AbstractPage { } else { $sql = "SELECT * from dns_user WHERE reseller = ?"; - $res = DNS::getDB()->query($sql, array($_SESSION['userID'])); + $res = DNS::getDB()->query($sql, array(DNS::getSession()->userID)); } $user = array(); diff --git a/lib/system/DNS.class.php b/lib/system/DNS.class.php index 35fd65c..66b9f52 100644 --- a/lib/system/DNS.class.php +++ b/lib/system/DNS.class.php @@ -14,6 +14,13 @@ class DNS { */ protected static $dbObj = null; + /** + * session object + * + * @var object + */ + protected static $sessionObj = null; + /** * template object * @@ -36,6 +43,7 @@ class DNS { $this->initDB(); self::buildOptions(); + $this->initSession(); $this->initLanguage(); $this->initTPL(); new RequestHandler(); @@ -56,6 +64,20 @@ class DNS { self::$dbObj = new DB($driver, $host, $user, $pass, $db, $port); } + /** + * init session system + */ + protected function initSession() { + self::$sessionObj = new SessionHandler(); + } + + /** + * return session object + */ + public static function getSession() { + return self::$sessionObj; + } + /* * autoload class files from namespace uses * @@ -88,8 +110,8 @@ class DNS { $languageCode = $availableLanguages[$code]; } } - else if (isset($_SESSION['language'])) { - $code = strtolower($_SESSION['language']); + else if (DNS::getSession()->language !== null) { + $code = strtolower(DNS::getSession()->language); if (in_array($code, $availableLanguages)) { $languageCode = $code; } @@ -109,7 +131,7 @@ class DNS { } $file = $basedir.$languageCode.'.lang.php'; - $_SESSION['language'] = $languageCode; + DNS::getSession()->register('language', $languageCode); if (file_exists($file)) { require_once($file); @@ -159,8 +181,8 @@ class DNS { protected function initTPL () { require(DNS_DIR.'/config.inc.php'); - if (isset($_SESSION['tpl']) && !empty($_SESSION['tpl'])) { - $tpl = $_SESSION['tpl']; + if (DNS::getSession()->tpl !== null && !empty(DNS::getSession()->tpl)) { + $tpl = DNS::getSession()->tpl; } require_once(DNS_DIR.'/lib/api/smarty/Smarty.class.php'); diff --git a/lib/system/RequestHandler.class.php b/lib/system/RequestHandler.class.php index 44c8838..9e0b660 100644 --- a/lib/system/RequestHandler.class.php +++ b/lib/system/RequestHandler.class.php @@ -36,8 +36,8 @@ class RequestHandler { exit; } - if (isset($_SESSION['username'])) { - DNS::getTPL()->assign(array("username" => $_SESSION['username'])); + if (DNS::getSession()->username !== null) { + DNS::getTPL()->assign(array("username" => DNS::getSession()->username)); } if (empty($className)) { diff --git a/lib/system/SessionHandler.class.php b/lib/system/SessionHandler.class.php new file mode 100644 index 0000000..1f0e46d --- /dev/null +++ b/lib/system/SessionHandler.class.php @@ -0,0 +1,101 @@ + + * @copyright 2013-2015 Jan Altensen (Stricted) + */ +class SessionHandler { + private $sessionID = null; + + private $sessionData = array(); + + public function __construct () { + $this->init(); + } + + public function init() { + if ($this->sessionID === null) { + $this->sessionID = session_id(); + } + + // load session data from database and check if the data is expired + if (!$this->exists()) { + $sql = "INSERT INTO dns_session (id, sessionID, expire, sessionData) VALUES (NULL, ?, ?, ?)"; + DNS::getDB()->query($sql, array($this->sessionID, time() + 3600 * 24, '')); + } + + /* load data from database */ + $sql ="SELECT * FROM dns_session where sessionID = ?"; + $res = DNS::getDB()->query($sql, array($this->sessionID)); + $data = DNS::getDB()->fetch_array($res); + if (isset($data['sessionData']) && !empty($data['sessionData'])) { + $this->sessionData = json_decode($data['sessionData'], true); + } + } + + private function exists() { + $sql = "SELECT * FROM dns_session where sessionID = ?"; + $res = DNS::getDB()->query($sql, array($this->sessionID)); + $data = DNS::getDB()->fetch_array($res); + if (isset($data['sessionID']) && !empty($data['sessionID'])) { + if ($data['expire'] < time()) { + $this->destroy(); + return false; + } + + return true; + } + + return false; + } + + /** + * Provides access to session data. + * + * @param string $key + * @return mixed + */ + public function __get($key) { + return $this->getVar($key); + } + + public function getVar($key) { + if (isset($this->sessionData[$key])) { + return $this->sessionData[$key]; + } + + return null; + } + + /** + * Registers a session variable. + * + * @param string $key + * @param string $value + */ + public function register($key, $value) { + $this->sessionData[$key] = $value; + + + $data = json_encode($this->sessionData); + $sql = "UPDATE dns_session SET sessionData = ?, expire = ? WHERE sessionID = ?"; + DNS::getDB()->query($sql, array($data, time() + 3600 * 24, $this->sessionID)); + } + + public function __set($key, $value) { + $this->register($key, $value); + } + + public function destroy() { + $this->sessionData = array(); + + $sql = "DELETE FROM dns_session WHERE sessionID = ?"; + DNS::getDB()->query($sql, array($this->sessionID)); + } + + public function update($key, $value) { + $this->register($key, $value); + } +} diff --git a/lib/system/User.class.php b/lib/system/User.class.php index 8dd7ef8..33eba57 100644 --- a/lib/system/User.class.php +++ b/lib/system/User.class.php @@ -13,7 +13,7 @@ class User { * @return boolean */ public static function isLoggedIn () { - if (isset($_SESSION['login']) && $_SESSION['login'] == 1) { + if (DNS::getSession()->login !== null && DNS::getSession()->login == 1) { return true; } @@ -25,7 +25,7 @@ class User { } public static function isAdmin () { - if (isset($_SESSION['status']) && !empty($_SESSION['status']) && $_SESSION['status'] == 2) { + if (DNS::getSession()->status !== null && DNS::getSession()->status == 2) { return true; } @@ -37,7 +37,7 @@ class User { return true; } - if (isset($_SESSION['status']) && !empty($_SESSION['status']) && $_SESSION['status'] === 1) { + if (DNS::getSession()->status !== null && DNS::getSession()->status == 1) { return true; } @@ -52,10 +52,11 @@ class User { $sha1Password = sha1($row['password']); $sha1CookieHash = sha1($sha1UserID.$sha1Password); if ($sha1CookieHash == $hash) { - $_SESSION['login'] = 1; - $_SESSION['username'] = $row["username"]; - $_SESSION['userID'] = $row["userID"]; - $_SESSION['status'] = intval($row["status"]); + DNS::getSession()->register('login', 1); + DNS::getSession()->register('username', $row["username"]); + DNS::getSession()->register('userID', $row["userID"]); + DNS::getSession()->register('status', intval($row["status"])); + return true; } } @@ -68,10 +69,11 @@ class User { $row = DNS::getDB()->fetch_array($query); if (!empty($row)) { if (crypt(crypt($password, $row['password']), $row['password']) == $row['password']) { - $_SESSION['login'] = 1; - $_SESSION['username'] = $row["username"]; - $_SESSION['userID'] = $row["userID"]; - $_SESSION['status'] = intval($row["status"]); + DNS::getSession()->register('login', 1); + DNS::getSession()->register('username', $row["username"]); + DNS::getSession()->register('userID', $row["userID"]); + DNS::getSession()->register('status', intval($row["status"])); + if ($remember === true) { $sha1UserID = sha1($row["userID"]); $sha1Password = sha1($row['password']); @@ -88,9 +90,7 @@ class User { return false; } - public static function logout () { - $_SESSION = array(); // clear session array before destroy - + public static function logout () { if (isset($_COOKIE["userID"])) { setcookie("userID", '', time() - 3600); } @@ -99,6 +99,7 @@ class User { setcookie("cookieHash", '', time() - 3600); } + DNS::getSession()->destroy(); session_destroy(); } @@ -155,8 +156,8 @@ class User { $data = array(); if ($userID === 0 && self::isLoggedIn()) { - if (isset($_SESSION['userID'])) { - $userID = $_SESSION['userID']; + if (DNS::getSession()->userID !== null) { + $userID = DNS::getSession()->userID; } if (self::isAdmin()) {