2015-04-06 20:26:05 +00:00
|
|
|
<?php
|
|
|
|
/*
|
|
|
|
* Session Handler
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace Sakura;
|
|
|
|
|
2015-09-14 20:51:23 +00:00
|
|
|
class Session
|
|
|
|
{
|
2015-04-06 20:26:05 +00:00
|
|
|
// Current user data
|
|
|
|
public static $userId;
|
|
|
|
public static $sessionId;
|
|
|
|
|
|
|
|
// Initiate new session
|
2015-09-14 20:51:23 +00:00
|
|
|
public static function init()
|
|
|
|
{
|
2015-04-06 20:26:05 +00:00
|
|
|
|
|
|
|
// Start PHP session
|
2015-09-14 20:51:23 +00:00
|
|
|
if (session_status() != PHP_SESSION_ACTIVE) {
|
2015-04-06 20:26:05 +00:00
|
|
|
session_start();
|
2015-09-12 19:57:44 +00:00
|
|
|
}
|
|
|
|
|
2015-09-14 21:41:43 +00:00
|
|
|
// Assign user ID
|
|
|
|
self::$userId =
|
|
|
|
isset($_COOKIE[Configuration::getConfig('cookie_prefix') . 'id']) ?
|
|
|
|
$_COOKIE[Configuration::getConfig('cookie_prefix') . 'id'] :
|
|
|
|
0;
|
|
|
|
|
|
|
|
// Assign session ID
|
|
|
|
self::$sessionId =
|
|
|
|
isset($_COOKIE[Configuration::getConfig('cookie_prefix') . 'session']) ?
|
|
|
|
$_COOKIE[Configuration::getConfig('cookie_prefix') . 'session'] :
|
|
|
|
'';
|
2015-04-12 13:33:59 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create new session
|
2015-09-14 20:51:23 +00:00
|
|
|
public static function newSession($userId, $remember = false)
|
|
|
|
{
|
2015-04-12 13:33:59 +00:00
|
|
|
|
|
|
|
// Generate session key
|
2015-09-14 20:51:23 +00:00
|
|
|
$session = sha1($userId . base64_encode('sakura' . mt_rand(0, 99999999)) . time());
|
2015-04-12 13:33:59 +00:00
|
|
|
|
|
|
|
// Insert the session into the database
|
|
|
|
Database::insert('sessions', [
|
2015-10-10 21:17:50 +00:00
|
|
|
'user_id' => $userId,
|
|
|
|
'user_ip' => Main::getRemoteIP(),
|
|
|
|
'user_agent' => Main::cleanString($_SERVER['HTTP_USER_AGENT']),
|
|
|
|
'session_key' => $session,
|
|
|
|
'session_start' => time(),
|
|
|
|
'session_expire' => time() + 604800,
|
|
|
|
'session_remember' => $remember ? '1' : '0',
|
2015-04-12 13:33:59 +00:00
|
|
|
]);
|
|
|
|
|
|
|
|
// Return the session key
|
|
|
|
return $session;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check session data (expiry, etc.)
|
2015-09-14 20:51:23 +00:00
|
|
|
public static function checkSession($userId, $sessionId)
|
|
|
|
{
|
2015-04-12 13:33:59 +00:00
|
|
|
|
2015-04-17 22:14:31 +00:00
|
|
|
// Get session from database
|
2015-10-10 21:17:50 +00:00
|
|
|
$session = Database::fetch('sessions', true, ['user_id' => [$userId, '='], 'session_key' => [$sessionId, '=']]);
|
2015-04-17 22:14:31 +00:00
|
|
|
|
|
|
|
// Check if we actually got something in return
|
2015-09-14 20:51:23 +00:00
|
|
|
if (!count($session)) {
|
2015-04-17 22:14:31 +00:00
|
|
|
return false;
|
2015-09-05 16:11:04 +00:00
|
|
|
}
|
|
|
|
|
2015-09-14 20:51:23 +00:00
|
|
|
$session = $session[0];
|
2015-04-17 22:14:31 +00:00
|
|
|
|
2015-09-14 20:51:23 +00:00
|
|
|
// Check if the session expired
|
2015-10-10 21:17:50 +00:00
|
|
|
if ($session['session_expire'] < time()) {
|
2015-04-17 22:14:31 +00:00
|
|
|
// If it is delete the session...
|
2015-10-10 21:17:50 +00:00
|
|
|
self::deleteSession($session['session_id']);
|
2015-04-17 22:14:31 +00:00
|
|
|
|
|
|
|
// ...and return false
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-09-05 16:11:04 +00:00
|
|
|
// Origin checking
|
2015-09-14 20:51:23 +00:00
|
|
|
if ($ipCheck = Configuration::getConfig('session_check')) {
|
2015-09-05 16:11:04 +00:00
|
|
|
// Split both IPs up
|
2015-10-10 21:17:50 +00:00
|
|
|
$sessionIP = explode('.', $session['user_ip']);
|
2015-09-14 20:51:23 +00:00
|
|
|
$userIP = explode('.', Main::getRemoteIP());
|
2015-09-05 16:11:04 +00:00
|
|
|
|
|
|
|
// Take 1 off the ipCheck variable so it's equal to the array keys
|
|
|
|
$ipCheck = $ipCheck - 1;
|
|
|
|
|
|
|
|
// Check if the user's IP is similar to the session's registered IP
|
2015-09-14 20:51:23 +00:00
|
|
|
switch ($ipCheck) {
|
2015-09-05 16:11:04 +00:00
|
|
|
// 000.xxx.xxx.xxx
|
|
|
|
case 3:
|
2015-09-14 20:51:23 +00:00
|
|
|
if ($userIP[3] !== $sessionIP[3]) {
|
|
|
|
return false;
|
|
|
|
}
|
2015-09-05 16:11:04 +00:00
|
|
|
|
|
|
|
// xxx.000.xxx.xxx
|
|
|
|
case 2:
|
|
|
|
case 3:
|
2015-09-14 20:51:23 +00:00
|
|
|
if ($userIP[2] !== $sessionIP[2]) {
|
|
|
|
return false;
|
|
|
|
}
|
2015-09-05 16:11:04 +00:00
|
|
|
|
|
|
|
// xxx.xxx.000.xxx
|
|
|
|
case 1:
|
|
|
|
case 2:
|
|
|
|
case 3:
|
2015-09-14 20:51:23 +00:00
|
|
|
if ($userIP[1] !== $sessionIP[1]) {
|
|
|
|
return false;
|
|
|
|
}
|
2015-09-05 16:11:04 +00:00
|
|
|
|
|
|
|
// xxx.xxx.xxx.000
|
|
|
|
case 0:
|
|
|
|
case 1:
|
|
|
|
case 2:
|
|
|
|
case 3:
|
2015-09-14 20:51:23 +00:00
|
|
|
if ($userIP[0] !== $sessionIP[0]) {
|
|
|
|
return false;
|
|
|
|
}
|
2015-09-05 16:11:04 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-04-17 22:14:31 +00:00
|
|
|
// If the remember flag is set extend the session time
|
2015-10-10 21:17:50 +00:00
|
|
|
if ($session['session_remember']) {
|
|
|
|
Database::update('sessions', [['session_expire' => time() + 604800], ['session_id' => [$session['session_id'], '=']]]);
|
2015-09-05 16:11:04 +00:00
|
|
|
}
|
|
|
|
|
2015-04-17 22:14:31 +00:00
|
|
|
// Return 2 if the remember flag is set and return 1 if not
|
2015-10-10 21:17:50 +00:00
|
|
|
return $session['session_remember'] ? 2 : 1;
|
2015-04-17 22:14:31 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete a session
|
2015-09-14 20:51:23 +00:00
|
|
|
public static function deleteSession($sessionId, $key = false)
|
|
|
|
{
|
2015-04-17 22:14:31 +00:00
|
|
|
|
|
|
|
// Check if the session exists
|
2015-10-10 21:17:50 +00:00
|
|
|
if (!Database::fetch('sessions', [($key ? 'session_key' : 'session_id'), true, [$sessionId, '=']])) {
|
2015-04-17 22:14:31 +00:00
|
|
|
return false;
|
2015-09-05 16:11:04 +00:00
|
|
|
}
|
|
|
|
|
2015-04-17 22:14:31 +00:00
|
|
|
// Run the query
|
2015-10-10 21:17:50 +00:00
|
|
|
Database::delete('sessions', [($key ? 'session_key' : 'session_id') => [$sessionId, '=']]);
|
2015-04-17 22:14:31 +00:00
|
|
|
|
|
|
|
// Return true if key was found and deleted
|
|
|
|
return true;
|
2015-04-12 13:33:59 +00:00
|
|
|
|
2015-04-06 20:26:05 +00:00
|
|
|
}
|
|
|
|
}
|