<?php require_once($INC . "/log.inc.php"); require_once($INC . "/sql.inc.php"); require_once($INC . "/token.inc.php"); require_once($INC . "/prof.inc.php"); /* * Add a session */ function rg_sess_add($db, $uid, $sid, $session_time, $lock_ip) { rg_prof_start("sess_add"); rg_log_enter("sess_add: uid=$uid, sid=$sid, session_time=$session_time" . " lock_ip=$lock_ip"); if ($lock_ip == 1) $ip = @$_SERVER['REMOTE_ADDR']; else $ip = ""; $now = time(); $ret = FALSE; while (1) { $params = array("sid" => $sid, "uid" => $uid, "expire" => $now + $session_time, "session_time" => $session_time, "ip" => $ip); $sql = "INSERT INTO sess (sid, uid, expire, session_time, ip)" . " VALUES (@@sid@@, @@uid@@, @@expire@@" . ", @@session_time@@, @@ip@@)"; $res = rg_sql_query_params($db, $sql, $params); if ($res === FALSE) { rg_log("\tCannot insert (" . rg_sql_error() . ")!"); break; } rg_sql_free_result($res); $params['last_db_write'] = $now; rg_cache_set("sess::" . $sid, $params); $ret = TRUE; break; } rg_log_exit(); rg_prof_end("sess_add"); return $ret; } /* * Tests if a session is still valid. Will return FALSE on error or session * info. */ function rg_sess_valid($db, $sid) { rg_prof_start("sess_valid"); rg_log_enter("sess_valid: sid=$sid..."); $ret = FALSE; while (1) { $r = rg_cache_get("sess::" . $sid); if ($r === FALSE) { $params = array("sid" => $sid); $sql = "SELECT * FROM sess WHERE sid = @@sid@@"; $res = rg_sql_query_params($db, $sql, $params); if ($res === FALSE) { rg_log("\tCannot select (" . rg_sql_error() . ")!"); break; } $rows = rg_sql_num_rows($res); if ($rows > 0) { $r = rg_sql_fetch_array($res); $r['last_db_write'] = $r['expire'] - $r['session_time']; rg_cache_set("sess::" . $sid, $r); } rg_sql_free_result($res); } if ($r === FALSE) { rg_log("\tSession not found."); break; } $now = time(); if ($r['expire'] < $now) { rg_log("\tSession too old (" . ($now - $r['expire']) . "s)."); break; } $ip = @$_SERVER['REMOTE_ADDR']; if (!empty($r['ip']) && (strcmp($r['ip'], $ip) != 0)) { rg_log("\tSession invalid because of IP" . " login=" . $r['ip'] . " now=$ip."); break; } $uid = $r['uid']; rg_log("\tSession valid, uid=$uid, expire=+" . ($r['expire'] - $now) . "s"); $ret = $r; break; } rg_log_exit(); rg_prof_end("sess_valid"); return $ret; } /* * Refreshes a session. * Because of performance reasons, we will not update database * every time. */ function rg_sess_update($db, $sess) { rg_prof_start("sess_update"); rg_log_enter("sess_update: sess=" . rg_array2string($sess)); $now = time(); $ret = FALSE; while (1) { if ($sess['last_db_write'] + 60 > $now) { $_diff = $now - $sess['last_db_write']; rg_log("DEBUG: last_db_write is fresh enough (" . $_diff . "s)."); $ret = TRUE; break; } $sess['expire'] = $now + $sess['session_time']; $sql = "UPDATE sess SET expire = @@expire@@" . " WHERE sid = @@sid@@"; $res = rg_sql_query_params($db, $sql, $sess); if ($res === FALSE) { rg_log("\tCannot update (" . rg_sql_error() . ")!"); // We will not exit here. At least in cache to be ok } else { $sess['last_db_write'] = $now; rg_sql_free_result($res); } rg_cache_set("sess::" . $sess['sid'], $sess); $ret = TRUE; break; } rg_log_exit(); rg_prof_end("sess_update"); return $ret; } /* * Destroy session */ function rg_sess_destroy($db, $sid, &$ui) { rg_prof_start("sess_destroy"); rg_log_enter("sess_destroy: sid=$sid..."); $ret = FALSE; while (1) { $params = array("sid" => $sid); $sql = "DELETE FROM sess WHERE sid = @@sid@@"; $res = rg_sql_query_params($db, $sql, $params); if ($res === FALSE) { rg_log("\tCannot delete (" . rg_sql_error() . ")!"); break; } rg_sql_free_result($res); // Delete all tokens associated with this session rg_token_delete($db, $sid, ""); $ui = array(); $ui['uid'] = 0; $ui['is_admin'] = 0; rg_cache_unset("sess::" . $sid); $ret = TRUE; break; } rg_log_exit(); rg_prof_end("sess_destroy"); return $ret; } ?>