projects / GitHub / Stricted / Domain-Control-Panel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
add experimental permission system
[GitHub/Stricted/Domain-Control-Panel.git] / lib / system / SessionHandler.class.php
1 <?php
2 namespace dns\system;
3
4 /**
5 * @author Jan Altensen (Stricted)
6 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
7 * @copyright 2013-2015 Jan Altensen (Stricted)
8 */
9 class SessionHandler {
10 /**
11 * session id
12 *
13 * @var integer
14 */
15 private $sessionID = null;
16
17 /**
18 * session data
19 *
20 * @var array
21 */
22 private $sessionData = array();
23
24 /**
25 * initial session system
26 */
27 public function __construct () {
28 if ($this->sessionID === null) {
29 $this->sessionID = session_id();
30 }
31
32 /* delete expired sessions */
33 $sql = "DELETE FROM dns_session WHERE expire < ?";
34 DNS::getDB()->query($sql, array(time()));
35
36 /* load data from database */
37 $sql ="SELECT * FROM dns_session where sessionID = ?";
38 $res = DNS::getDB()->query($sql, array($this->sessionID));
39 $data = DNS::getDB()->fetch_array($res);
40 if (isset($data['sessionID']) && !empty($data['sessionID'])) {
41 if (isset($data['sessionData']) && !empty($data['sessionData'])) {
42 $this->sessionData = json_decode($data['sessionData'], true);
43 }
44 }
45 else {
46 $sql = "INSERT INTO dns_session (id, sessionID, expire, sessionData) VALUES (NULL, ?, ?, ?)";
47 DNS::getDB()->query($sql, array($this->sessionID, time() + 3600 * 24, ''));
48 }
49 }
50
51 /**
52 * Checks if the active user has the given permission
53 *
54 * @return boolean
55 */
56 public function checkPermission($permission) {
57
58 /* get permissionID */
59 $sql = "SELECT * FROM dns_permissions where permission = ?";
60 $res = DNS::getDB()->query($sql, array($permission));
61 $data = DNS::getDB()->fetch_array($res);
62
63 /* get permission from user */
64 $sql = "SELECT * FROM dns_permissions_to_user where userID = ? and permissionID = ?";
65 $res = DNS::getDB()->query($sql, array($this->userID, $data['id']));
66 $row = DNS::getDB()->fetch_array($res);
67
68 if (isset($row['permission']) && $row['permission'] == $permission) {
69 return true;
70 }
71
72 return false;
73 }
74
75 /**
76 * Provides access to session data.
77 *
78 * @param string $key
79 * @return mixed
80 */
81 public function __get($key) {
82 return $this->getVar($key);
83 }
84
85 /**
86 * Provides access to session data.
87 *
88 * @param string $key
89 * @return mixed
90 */
91 public function getVar($key) {
92 if (isset($this->sessionData[$key])) {
93 return $this->sessionData[$key];
94 }
95
96 return null;
97 }
98
99 /**
100 * Unsets a session variable.
101 *
102 * @param string $key
103 */
104 public function unregister($key) {
105 if (isset($this->sessionData[$key])) {
106 unset($this->sessionData[$key]);
107 }
108 }
109
110 /**
111 * Registers a session variable.
112 *
113 * @param string $key
114 * @param string $value
115 */
116 public function register($key, $value) {
117 $this->sessionData[$key] = $value;
118
119 $data = json_encode($this->sessionData);
120 $sql = "UPDATE dns_session SET sessionData = ?, expire = ? WHERE sessionID = ?";
121 DNS::getDB()->query($sql, array($data, time() + 3600 * 24, $this->sessionID));
122 }
123
124 /**
125 * Registers a session variable.
126 *
127 * @param string $key
128 * @param string $value
129 */
130 public function __set($key, $value) {
131 $this->register($key, $value);
132 }
133
134 /**
135 * destroy the session
136 */
137 public function destroy() {
138 $this->sessionData = array();
139
140 $sql = "DELETE FROM dns_session WHERE sessionID = ?";
141 DNS::getDB()->query($sql, array($this->sessionID));
142 }
143
144 /**
145 * Registers a session variable.
146 *
147 * @param string $key
148 * @param string $value
149 */
150 public function update($key, $value) {
151 $this->register($key, $value);
152 }
153 }
Domain Control Panel version 3