Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3747231
D1158.id2963.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
43 KB
Referenced Files
None
Subscribers
None
D1158.id2963.diff
View Options
diff --git a/includes/_documents.xml b/includes/_documents.xml
--- a/includes/_documents.xml
+++ b/includes/_documents.xml
@@ -11,4 +11,4 @@
<noheader />
<nofooter />
</document>
-</documents>
\ No newline at end of file
+</documents>
diff --git a/includes/error.php b/includes/error.php
--- a/includes/error.php
+++ b/includes/error.php
@@ -45,7 +45,7 @@
*/
function dieprint_r ($var, $title = '') {
if (!$title) $title = 'Debug';
-
+
//GENERAL_ERROR with print_r call as message
message_die(GENERAL_ERROR, '<pre>' . print_r($var, true) .'</pre>', $title);
}
@@ -70,17 +70,17 @@
$text .= ", line $line";
}
}
-
+
//Ensures we've an error title and adds relevant extra information
switch ($code) {
case HACK_ERROR:
$title = $title ? $title : "Access non authorized";
break;
-
+
case SQL_ERROR:
global $db;
$title = $title ? $title : "SQL error";
-
+
//Gets SQL error information
$sqlError = $db->sql_error();
if ($sqlError['message'] != '') {
@@ -88,21 +88,21 @@
}
$text .= '<br /> <br />Query: ';
$text .= $sql;
-
+
break;
-
+
default:
//TODO: here can be added code to handle error error ;-)
//Falls to GENERAL_ERROR
-
+
case GENERAL_ERROR:
$title = $title ? $title : "General error";
break;
}
-
+
//HTML output of $title and $text variables
echo '<div class="FatalError"><p class="FatalErrorTitle">', $title,
'</p><p>', $text, '</p></div>';
-
+
exit;
}
diff --git a/includes/login.php b/includes/login.php
--- a/includes/login.php
+++ b/includes/login.php
@@ -1,35 +1,35 @@
-<?php
-
-/*
- * Keruald, core libraries for Pluton and Xen engines.
- * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
- * Released under BSD license
- *
- * Login and logout handler.
- *
- * 0.1 2010-02-27 1:52 DcK
- *
- */
-
-if ($_POST['LogIn']) {
- //User have submitted login form
- $username = $db->sql_escape($_POST['username']);
- $sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
- if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
- if ($row = $db->sql_fetchrow($result)) {
- if (!$row['user_password']) {
- //No password set
- $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
- } elseif ($row['user_password'] != md5($_POST['password'])) {
- //The password doesn't match
- $LoginError = "Incorrect password.";
- } else {
- //Login successful
- Session::load()->user_login($row['user_id']);
- $LoginSuccessful = true;
- }
- }
-} elseif ($_POST['LogOut'] || $_GET['action'] == "user.logout") {
- //User have submitted logout form or clicked a logout link
- Session::load()->user_logout();
-}
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * Login and logout handler.
+ *
+ * 0.1 2010-02-27 1:52 DcK
+ *
+ */
+
+if ($_POST['LogIn']) {
+ //User have submitted login form
+ $username = $db->sql_escape($_POST['username']);
+ $sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
+ if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
+ if ($row = $db->sql_fetchrow($result)) {
+ if (!$row['user_password']) {
+ //No password set
+ $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
+ } elseif ($row['user_password'] != md5($_POST['password'])) {
+ //The password doesn't match
+ $LoginError = "Incorrect password.";
+ } else {
+ //Login successful
+ Session::load()->user_login($row['user_id']);
+ $LoginSuccessful = true;
+ }
+ }
+} elseif ($_POST['LogOut'] || $_GET['action'] == "user.logout") {
+ //User have submitted logout form or clicked a logout link
+ Session::load()->user_logout();
+}
diff --git a/includes/mysql.php b/includes/mysql.php
--- a/includes/mysql.php
+++ b/includes/mysql.php
@@ -1,151 +1,151 @@
-<?php
-
-/*
- * Keruald, core libraries for Pluton and Xen engines.
- * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
- * Released under BSD license
- *
- * MySQL layer and helper class
- *
- * 0.1 2010-02-27 1:52 DcK
- *
- */
-
-if (!defined('SQL_LAYER')) {
- define('SQL_LAYER', 'MySQL');
-
- /*
- * SQL layer and helper class: MySQL
- *
- * @package Keruald
- * @subpackage Keruald
- * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
- * @license Released under BSD license
- * @version 0.1
- */
- class sql_db {
- /*
- * @var int the connection identifier
- */
- private $id;
-
- /*
- * Initializes a new instance of the database abstraction class, for MySQL engine
- */
- function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
- //Connects to MySQL server
- $this->id = @mysql_connect($host, $username, $password) or $this->sql_die();
-
- //Selects database
- if ($database != '') {
- mysql_select_db($database, $this->id);
- }
- }
-
- /*
- * Outputs a can't connect to the SQL server message and exits.
- * It's called on connect failure
- */
- private function sql_die () {
- //You can custom here code when you can't connect to SQL server
- //e.g. in a demo or appliance context, include('start.html'); exit;
- die ("Can't connect to SQL server.");
- }
-
- /*
- * Sends a unique query to the database
- * @return mixed if the query is successful, a result identifier ; otherwise, false
- */
- function sql_query ($query) {
- return mysql_query($query, $this->id);
- }
-
- /*
- * Fetches a row of result into an associative array
- * @return array an associative array with columns names as keys and row values as values
- */
- function sql_fetchrow ($result) {
- return mysql_fetch_array($result);
- }
-
- /*
- * Gets last SQL error information
- * @return array an array with two keys, code and message, containing error information
- */
- function sql_error () {
- $error['code'] = mysql_errno($this->id);
- $error['message'] = mysql_error($this->id);
- return $error;
- }
-
- /*
- * Gets the number of rows affected or returned by a query
- * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
- */
- function sql_numrows ($result) {
- return mysql_num_rows($result);
- }
-
- /*
- * Gets the primary key value of the last query (works only in INSERT context)
- * @return int the primary key value
- */
- function sql_nextid () {
- return mysql_insert_id($this->id);
- }
-
- /*
- * Express query method, returns an immediate and unique result
- *
- * @param string $query the query to execute
- * @param string $error_message the error message
- * @param boolean $return_as_string return result as string, and not as an array
- * @return mixed the row or the scalar result
- */
- function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
- if ($query === '' || $query === false || $query === null) {
- //No query, no value
- return '';
- } elseif (!$result = $this->sql_query($query)) {
- //An error have occured
- message_die(SQL_ERROR, $error_message, '', '', '', $query);
- } else {
- //Fetches row
- $row = $this->sql_fetchrow($result);
-
- //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
- return $return_as_string ? $row[0] : $row;
- }
- }
-
- /*
- * Escapes a SQL expression
- * @param string expression The expression to escape
- * @return string The escaped expression
- */
- function sql_escape ($expression) {
- return mysql_real_escape_string($expression);
- }
-
- /*
- * Set charset
- */
- function set_charset ($encoding) {
- if (function_exists('mysql_set_charset')) {
- //>PHP 5.2.3
- mysql_set_charset($encoding, $this->id);
- } else {
- //TODO: set connection variables to utf8
- }
- }
- }
-
- //Creates an instance of this database class with configuration values
- $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
-
- //To improve security, we unset sql parameters
- unset($Config['sql']);
-
- //Sets SQL connexion in UTF8. PHP 5.2.3+
- $db->set_charset('utf8');
-}
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * MySQL layer and helper class
+ *
+ * 0.1 2010-02-27 1:52 DcK
+ *
+ */
+
+if (!defined('SQL_LAYER')) {
+ define('SQL_LAYER', 'MySQL');
+
+ /*
+ * SQL layer and helper class: MySQL
+ *
+ * @package Keruald
+ * @subpackage Keruald
+ * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
+ * @license Released under BSD license
+ * @version 0.1
+ */
+ class sql_db {
+ /*
+ * @var int the connection identifier
+ */
+ private $id;
+
+ /*
+ * Initializes a new instance of the database abstraction class, for MySQL engine
+ */
+ function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
+ //Connects to MySQL server
+ $this->id = @mysql_connect($host, $username, $password) or $this->sql_die();
+
+ //Selects database
+ if ($database != '') {
+ mysql_select_db($database, $this->id);
+ }
+ }
+
+ /*
+ * Outputs a can't connect to the SQL server message and exits.
+ * It's called on connect failure
+ */
+ private function sql_die () {
+ //You can custom here code when you can't connect to SQL server
+ //e.g. in a demo or appliance context, include('start.html'); exit;
+ die ("Can't connect to SQL server.");
+ }
+
+ /*
+ * Sends a unique query to the database
+ * @return mixed if the query is successful, a result identifier ; otherwise, false
+ */
+ function sql_query ($query) {
+ return mysql_query($query, $this->id);
+ }
+
+ /*
+ * Fetches a row of result into an associative array
+ * @return array an associative array with columns names as keys and row values as values
+ */
+ function sql_fetchrow ($result) {
+ return mysql_fetch_array($result);
+ }
+
+ /*
+ * Gets last SQL error information
+ * @return array an array with two keys, code and message, containing error information
+ */
+ function sql_error () {
+ $error['code'] = mysql_errno($this->id);
+ $error['message'] = mysql_error($this->id);
+ return $error;
+ }
+
+ /*
+ * Gets the number of rows affected or returned by a query
+ * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
+ */
+ function sql_numrows ($result) {
+ return mysql_num_rows($result);
+ }
+
+ /*
+ * Gets the primary key value of the last query (works only in INSERT context)
+ * @return int the primary key value
+ */
+ function sql_nextid () {
+ return mysql_insert_id($this->id);
+ }
+
+ /*
+ * Express query method, returns an immediate and unique result
+ *
+ * @param string $query the query to execute
+ * @param string $error_message the error message
+ * @param boolean $return_as_string return result as string, and not as an array
+ * @return mixed the row or the scalar result
+ */
+ function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
+ if ($query === '' || $query === false || $query === null) {
+ //No query, no value
+ return '';
+ } elseif (!$result = $this->sql_query($query)) {
+ //An error have occured
+ message_die(SQL_ERROR, $error_message, '', '', '', $query);
+ } else {
+ //Fetches row
+ $row = $this->sql_fetchrow($result);
+
+ //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
+ return $return_as_string ? $row[0] : $row;
+ }
+ }
+
+ /*
+ * Escapes a SQL expression
+ * @param string expression The expression to escape
+ * @return string The escaped expression
+ */
+ function sql_escape ($expression) {
+ return mysql_real_escape_string($expression);
+ }
+
+ /*
+ * Set charset
+ */
+ function set_charset ($encoding) {
+ if (function_exists('mysql_set_charset')) {
+ //>PHP 5.2.3
+ mysql_set_charset($encoding, $this->id);
+ } else {
+ //TODO: set connection variables to utf8
+ }
+ }
+ }
+
+ //Creates an instance of this database class with configuration values
+ $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
+
+ //To improve security, we unset sql parameters
+ unset($Config['sql']);
+
+ //Sets SQL connexion in UTF8. PHP 5.2.3+
+ $db->set_charset('utf8');
+}
diff --git a/includes/mysqli.php b/includes/mysqli.php
--- a/includes/mysqli.php
+++ b/includes/mysqli.php
@@ -1,149 +1,149 @@
-<?php
-
-/**
- * Keruald, core libraries for Pluton and Xen engines.
- * (c) 2010, 2014, Sébastien Santoro aka Dereckson, some rights reserved
- * Released under BSD license
- *
- * MySQLi layer and helper class
- */
-
-if (!defined('SQL_LAYER')) {
- define('SQL_LAYER', 'MySQL');
-
- /**
- * SQL layer and helper class: MySQLi
- *
- * @package Keruald
- * @subpackage Keruald
- * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
- * @license Released under BSD license
- * @version 0.1
- */
- class sql_db {
- /*
- * @var int the connection identifier
- */
- private $db;
-
- /**
- * Initializes a new instance of the database abstraction class, for MySQLi engine
- */
- function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
- //Connects to MySQL server
- $this->db = new mysqli($host, $username, $password) or $this->sql_die();
-
- //Selects database
- if ($database != '') {
- $this->db->select_db($database);
- }
- }
-
- /**
- * Outputs a can't connect to the SQL server message and exits.
- * It's called on connect failure
- */
- private function sql_die () {
- //You can custom here code when you can't connect to SQL server
- //e.g. in a demo or appliance context, include('start.html'); exit;
- die ("Can't connect to SQL server.");
- }
-
- /**
- * Sends a unique query to the database
- *
- * @return mixed if the query is successful, a mysqli_result instance ; otherwise, false
- */
- function sql_query ($query) {
- return $this->db->query($query);
- }
-
- /**
- * Fetches a row of result into an associative array
- *
- * @return array an associative array with columns names as keys and row values as values
- */
- function sql_fetchrow ($result) {
- return $result->fetch_array();
- }
-
- /**
- * Gets last SQL error information
- *
- * @return array an array with two keys, code and message, containing error information
- */
- function sql_error () {
- return [
- 'code' => $this->db->errno,
- 'message' => $this->db->error
- ];
- }
-
- /**
- * Gets the number of rows affected or returned by a query
- *
- * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
- */
- function sql_numrows ($result) {
- return $result->num_rows;
- }
-
- /**
- * Gets the primary key value of the last query (works only in INSERT context)
- *
- * @return int the primary key value
- */
- function sql_nextid () {
- return $this->db->insert_id;
- }
-
- /**
- * Express query method, returns an immediate and unique result
- *
- * @param string $query the query to execute
- * @param string $error_message the error message
- * @param boolean $return_as_string return result as string, and not as an array
- * @return mixed the row or the scalar result
- */
- function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
- if ($query === '' || $query === false || $query === null) {
- //No query, no value
- return '';
- } elseif (!$result = $this->sql_query($query)) {
- //An error have occured
- message_die(SQL_ERROR, $error_message, '', '', '', $query);
- } else {
- //Fetches row
- $row = $this->sql_fetchrow($result);
-
- //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
- return $return_as_string ? $row[0] : $row;
- }
- }
-
- /*
- * Escapes a SQL expression
- * @param string expression The expression to escape
- * @return string The escaped expression
- */
- function sql_escape ($expression) {
- return $this->db->real_escape_string($expression);
- }
-
- /**
- * Sets charset
- */
- function set_charset ($encoding) {
- $this->db->set_charset($encoding);
- }
- }
-
- //Creates an instance of this database class with configuration values
- $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
-
- //To improve security, we unset sql parameters
- unset($Config['sql']);
-
- //Sets SQL connexion in UTF-8.
- $db->set_charset('utf8');
-}
+<?php
+
+/**
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, 2014, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * MySQLi layer and helper class
+ */
+
+if (!defined('SQL_LAYER')) {
+ define('SQL_LAYER', 'MySQL');
+
+ /**
+ * SQL layer and helper class: MySQLi
+ *
+ * @package Keruald
+ * @subpackage Keruald
+ * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
+ * @license Released under BSD license
+ * @version 0.1
+ */
+ class sql_db {
+ /*
+ * @var int the connection identifier
+ */
+ private $db;
+
+ /**
+ * Initializes a new instance of the database abstraction class, for MySQLi engine
+ */
+ function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
+ //Connects to MySQL server
+ $this->db = new mysqli($host, $username, $password) or $this->sql_die();
+
+ //Selects database
+ if ($database != '') {
+ $this->db->select_db($database);
+ }
+ }
+
+ /**
+ * Outputs a can't connect to the SQL server message and exits.
+ * It's called on connect failure
+ */
+ private function sql_die () {
+ //You can custom here code when you can't connect to SQL server
+ //e.g. in a demo or appliance context, include('start.html'); exit;
+ die ("Can't connect to SQL server.");
+ }
+
+ /**
+ * Sends a unique query to the database
+ *
+ * @return mixed if the query is successful, a mysqli_result instance ; otherwise, false
+ */
+ function sql_query ($query) {
+ return $this->db->query($query);
+ }
+
+ /**
+ * Fetches a row of result into an associative array
+ *
+ * @return array an associative array with columns names as keys and row values as values
+ */
+ function sql_fetchrow ($result) {
+ return $result->fetch_array();
+ }
+
+ /**
+ * Gets last SQL error information
+ *
+ * @return array an array with two keys, code and message, containing error information
+ */
+ function sql_error () {
+ return [
+ 'code' => $this->db->errno,
+ 'message' => $this->db->error
+ ];
+ }
+
+ /**
+ * Gets the number of rows affected or returned by a query
+ *
+ * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
+ */
+ function sql_numrows ($result) {
+ return $result->num_rows;
+ }
+
+ /**
+ * Gets the primary key value of the last query (works only in INSERT context)
+ *
+ * @return int the primary key value
+ */
+ function sql_nextid () {
+ return $this->db->insert_id;
+ }
+
+ /**
+ * Express query method, returns an immediate and unique result
+ *
+ * @param string $query the query to execute
+ * @param string $error_message the error message
+ * @param boolean $return_as_string return result as string, and not as an array
+ * @return mixed the row or the scalar result
+ */
+ function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
+ if ($query === '' || $query === false || $query === null) {
+ //No query, no value
+ return '';
+ } elseif (!$result = $this->sql_query($query)) {
+ //An error have occured
+ message_die(SQL_ERROR, $error_message, '', '', '', $query);
+ } else {
+ //Fetches row
+ $row = $this->sql_fetchrow($result);
+
+ //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
+ return $return_as_string ? $row[0] : $row;
+ }
+ }
+
+ /*
+ * Escapes a SQL expression
+ * @param string expression The expression to escape
+ * @return string The escaped expression
+ */
+ function sql_escape ($expression) {
+ return $this->db->real_escape_string($expression);
+ }
+
+ /**
+ * Sets charset
+ */
+ function set_charset ($encoding) {
+ $this->db->set_charset($encoding);
+ }
+ }
+
+ //Creates an instance of this database class with configuration values
+ $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
+
+ //To improve security, we unset sql parameters
+ unset($Config['sql']);
+
+ //Sets SQL connexion in UTF-8.
+ $db->set_charset('utf8');
+}
diff --git a/includes/objects/README b/includes/objects/README
--- a/includes/objects/README
+++ b/includes/objects/README
@@ -1,3 +1,3 @@
-This folder contains models you use in your applications.
-
-Some models ready to use in production are available on http://keruald.sf.net
\ No newline at end of file
+This folder contains models you use in your applications.
+
+Some models ready to use in production are available on http://keruald.sf.net
diff --git a/includes/session.php b/includes/session.php
--- a/includes/session.php
+++ b/includes/session.php
@@ -1,248 +1,248 @@
-<?php
-
-/*
- * Keruald, core libraries for Pluton and Xen engines.
- * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
- * Released under BSD license
- *
- * Session
- *
- * 0.1 2010-02-26 18:06 DcK
- *
- * This class uses a singleton pattern, as we only need one single instance.
- * Cf. http://www.php.net/manual/en/language.oop5.patterns.php
- *
- * @package Keruald
- * @subpackage Keruald
- * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
- * @license Released under BSD license
- * @version 0.1
- */
-class Session {
- /*
- * @var Session current session instance
- */
- private static $instance;
-
- /*
- * Gets or initializes current session instance
- * @return Session current session instance
- */
- public static function load () {
- if (!isset(self::$instance)) {
- //Creates new session instance
- $c = __CLASS__;
- self::$instance = new $c;
- }
-
- return self::$instance;
- }
-
- /*
- * @var string session ID
- */
- public $id;
-
- /*
- * @var string remote client IP
- */
- public $ip;
-
- /*
- * Initializes a new instance of Session object
- */
- private function __construct () {
- //Starts PHP session, and gets id
- session_start();
- $_SESSION['ID'] = session_id();
- $this->id = $_SESSION['ID'];
-
- //Gets remote client IP
- $this->ip = self::get_ip();
-
- //Updates or creates the session in database
- $this->update();
- }
-
- /*
- * Gets remote client IP address
- * @return string IP
- */
- public static function get_ip () {
- //mod_proxy + mod_rewrite (old pluton url scheme) will define 127.0.0.1
- //in REMOTE_ADDR, and will store ip in HTTP_X_FORWARDED_FOR variable.
- //Some ISP/orgz proxies also use this setting.
- if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
- return $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
-
- //Standard cases
- return $_SERVER['REMOTE_ADDR'];
- }
-
- /*
- * Cleans up session
- * i. deletes expired session
- * ii. sets offline relevant sessions
- */
- public static function clean_old_sessions () {
- global $db, $Config;
-
- //Gets session and online status lifetime (in seconds)
- //If not specified in config, sets default 5 and 120 minutes values
- $onlineDuration = array_key_exists('OnlineDuration', $Config) ? $Config['OnlineDuration'] : 300;
- $sessionDuration = array_key_exists('SessionDuration', $Config) ? $Config['SessionDuration'] : 7200;
-
- $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
-
- //Deletes expired sessions
- $sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $sessionDuration";
- if (!$db->sql_query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
-
- //Online -> offline
- $sql = "UPDATE " . TABLE_SESSIONS . " SET session_online = 0 WHERE TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $onlineDuration AND session_resource = $resource";
- if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
- }
-
-
- /*
- * Updates or creates a session in the database
- */
- public function update () {
- global $db, $Config;
-
- //Cleans up session
- //To boost SQL performances, try a random trigger
- // e.g. if (rand(1, 100) < 3) self::clean_old_sessions();
- //or comment this line and execute a cron script you launch each minute.
- self::clean_old_sessions();
-
- //Saves session in database.
- //If the session already exists, it updates the field online and updated.
- $id = $db->sql_escape($this->id);
- $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
- $user_id = $db->sql_escape(ANONYMOUS_USER);
- $sql = "INSERT INTO " . TABLE_SESSIONS . " (session_id, session_ip, session_resource, user_id) VALUES ('$id', '$this->ip', $resource, '$user_id') ON DUPLICATE KEY UPDATE session_online = 1";
- if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
- }
-
- /*
- * Gets the number of online users
- * @return int the online users count
- */
- public function count_online () {
- //Keeps result for later method call
- static $count = -1;
-
- if ($count == -1) {
- //Queries sessions table
- global $db, $Config;
-
- $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
- $sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND session_online = 1";
- $count = (int)$db->sql_query_express($sql, "Can't count online users");
- }
-
- //Returns number of users online
- return $count;
- }
-
- /*
- * Gets the value of a custom session table field
- * @param string $info the field to get
- * @return string the session specified field's value
- */
- public function get_info ($info) {
- global $db;
-
- $id = $db->sql_escape($this->id);
- $sql = "SELECT `$info` FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
- return $db->sql_query_express($sql, "Can't get session $info info");
- }
-
- /*
- * Sets the value of a custom session table field to the specified value
- * @param string $info the field to update
- * @param string $value the value to set
- */
- public function set_info ($info, $value) {
- global $db;
-
- $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
- $id = $db->sql_escape($this->id);
- $sql = "UPDATE " . TABLE_SESSIONS . " SET `$info` = $value WHERE session_id = '$id'";
- if (!$db->sql_query($sql))
- message_die(SQL_ERROR, "Can't set session $info info", '', __LINE__, __FILE__, $sql);
- }
-
- /*
- * Gets logged user information
- * @return User the logged user information
- */
- public function get_logged_user () {
- global $db;
-
- //Gets session information
- $id = $db->sql_escape($this->id);
- $sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
- if (!$result = $db->sql_query($sql))
- message_die(SQL_ERROR, "Can't query session information", '', __LINE__, __FILE__, $sql);
- $row = $db->sql_fetchrow($result);
-
- //Gets user instance
- require_once('includes/objects/user.php');
- $user = new User($row['user_id']);
-
- //Adds session property to this user instance
- $user->session = $row;
-
- //Returns user instance
- return $user;
- }
-
- /*
- * Cleans session
- * This method is to be called when an event implies a session destroy
- */
- public function clean () {
- //Destroies $_SESSION array values, help ID
- foreach ($_SESSION as $key => $value) {
- if ($key != 'ID') unset($_SESSION[$key]);
- }
- }
-
- /*
- * Updates the session in an user login context
- * @param string $user_id the user ID
- */
- public function user_login ($user_id) {
- global $db;
-
- //Sets specified user ID in sessions table
- $user_id = $db->sql_escape($user_id);
- $id = $db->sql_escape($this->id);
- $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
- if (!$db->sql_query($sql))
- message_die(SQL_ERROR, "Can't set logged in status", '', __LINE__, __FILE__, $sql);
- }
-
- /*
- * Updates the session in an user logout context
- */
- public function user_logout () {
- global $db;
-
- //Sets anonymous user in sessions table
- $user_id = $db->sql_escape(ANONYMOUS_USER);
- $id = $db->sql_escape($this->id);
- $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
- if (!$db->sql_query($sql))
- message_die(SQL_ERROR, "Can't set logged out status", '', __LINE__, __FILE__, $sql);
-
- //Cleans session
- $this->clean();
- }
-}
-
-//The user_id matching anonymous user
-if (!defined('ANONYMOUS_USER')) define('ANONYMOUS_USER', -1);
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * Session
+ *
+ * 0.1 2010-02-26 18:06 DcK
+ *
+ * This class uses a singleton pattern, as we only need one single instance.
+ * Cf. http://www.php.net/manual/en/language.oop5.patterns.php
+ *
+ * @package Keruald
+ * @subpackage Keruald
+ * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
+ * @license Released under BSD license
+ * @version 0.1
+ */
+class Session {
+ /*
+ * @var Session current session instance
+ */
+ private static $instance;
+
+ /*
+ * Gets or initializes current session instance
+ * @return Session current session instance
+ */
+ public static function load () {
+ if (!isset(self::$instance)) {
+ //Creates new session instance
+ $c = __CLASS__;
+ self::$instance = new $c;
+ }
+
+ return self::$instance;
+ }
+
+ /*
+ * @var string session ID
+ */
+ public $id;
+
+ /*
+ * @var string remote client IP
+ */
+ public $ip;
+
+ /*
+ * Initializes a new instance of Session object
+ */
+ private function __construct () {
+ //Starts PHP session, and gets id
+ session_start();
+ $_SESSION['ID'] = session_id();
+ $this->id = $_SESSION['ID'];
+
+ //Gets remote client IP
+ $this->ip = self::get_ip();
+
+ //Updates or creates the session in database
+ $this->update();
+ }
+
+ /*
+ * Gets remote client IP address
+ * @return string IP
+ */
+ public static function get_ip () {
+ //mod_proxy + mod_rewrite (old pluton url scheme) will define 127.0.0.1
+ //in REMOTE_ADDR, and will store ip in HTTP_X_FORWARDED_FOR variable.
+ //Some ISP/orgz proxies also use this setting.
+ if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
+ return $_SERVER['HTTP_X_FORWARDED_FOR'];
+ }
+
+ //Standard cases
+ return $_SERVER['REMOTE_ADDR'];
+ }
+
+ /*
+ * Cleans up session
+ * i. deletes expired session
+ * ii. sets offline relevant sessions
+ */
+ public static function clean_old_sessions () {
+ global $db, $Config;
+
+ //Gets session and online status lifetime (in seconds)
+ //If not specified in config, sets default 5 and 120 minutes values
+ $onlineDuration = array_key_exists('OnlineDuration', $Config) ? $Config['OnlineDuration'] : 300;
+ $sessionDuration = array_key_exists('SessionDuration', $Config) ? $Config['SessionDuration'] : 7200;
+
+ $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
+
+ //Deletes expired sessions
+ $sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $sessionDuration";
+ if (!$db->sql_query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
+
+ //Online -> offline
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET session_online = 0 WHERE TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $onlineDuration AND session_resource = $resource";
+ if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
+ }
+
+
+ /*
+ * Updates or creates a session in the database
+ */
+ public function update () {
+ global $db, $Config;
+
+ //Cleans up session
+ //To boost SQL performances, try a random trigger
+ // e.g. if (rand(1, 100) < 3) self::clean_old_sessions();
+ //or comment this line and execute a cron script you launch each minute.
+ self::clean_old_sessions();
+
+ //Saves session in database.
+ //If the session already exists, it updates the field online and updated.
+ $id = $db->sql_escape($this->id);
+ $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
+ $user_id = $db->sql_escape(ANONYMOUS_USER);
+ $sql = "INSERT INTO " . TABLE_SESSIONS . " (session_id, session_ip, session_resource, user_id) VALUES ('$id', '$this->ip', $resource, '$user_id') ON DUPLICATE KEY UPDATE session_online = 1";
+ if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
+ }
+
+ /*
+ * Gets the number of online users
+ * @return int the online users count
+ */
+ public function count_online () {
+ //Keeps result for later method call
+ static $count = -1;
+
+ if ($count == -1) {
+ //Queries sessions table
+ global $db, $Config;
+
+ $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
+ $sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND session_online = 1";
+ $count = (int)$db->sql_query_express($sql, "Can't count online users");
+ }
+
+ //Returns number of users online
+ return $count;
+ }
+
+ /*
+ * Gets the value of a custom session table field
+ * @param string $info the field to get
+ * @return string the session specified field's value
+ */
+ public function get_info ($info) {
+ global $db;
+
+ $id = $db->sql_escape($this->id);
+ $sql = "SELECT `$info` FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
+ return $db->sql_query_express($sql, "Can't get session $info info");
+ }
+
+ /*
+ * Sets the value of a custom session table field to the specified value
+ * @param string $info the field to update
+ * @param string $value the value to set
+ */
+ public function set_info ($info, $value) {
+ global $db;
+
+ $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
+ $id = $db->sql_escape($this->id);
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET `$info` = $value WHERE session_id = '$id'";
+ if (!$db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't set session $info info", '', __LINE__, __FILE__, $sql);
+ }
+
+ /*
+ * Gets logged user information
+ * @return User the logged user information
+ */
+ public function get_logged_user () {
+ global $db;
+
+ //Gets session information
+ $id = $db->sql_escape($this->id);
+ $sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
+ if (!$result = $db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't query session information", '', __LINE__, __FILE__, $sql);
+ $row = $db->sql_fetchrow($result);
+
+ //Gets user instance
+ require_once('includes/objects/user.php');
+ $user = new User($row['user_id']);
+
+ //Adds session property to this user instance
+ $user->session = $row;
+
+ //Returns user instance
+ return $user;
+ }
+
+ /*
+ * Cleans session
+ * This method is to be called when an event implies a session destroy
+ */
+ public function clean () {
+ //Destroies $_SESSION array values, help ID
+ foreach ($_SESSION as $key => $value) {
+ if ($key != 'ID') unset($_SESSION[$key]);
+ }
+ }
+
+ /*
+ * Updates the session in an user login context
+ * @param string $user_id the user ID
+ */
+ public function user_login ($user_id) {
+ global $db;
+
+ //Sets specified user ID in sessions table
+ $user_id = $db->sql_escape($user_id);
+ $id = $db->sql_escape($this->id);
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
+ if (!$db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't set logged in status", '', __LINE__, __FILE__, $sql);
+ }
+
+ /*
+ * Updates the session in an user logout context
+ */
+ public function user_logout () {
+ global $db;
+
+ //Sets anonymous user in sessions table
+ $user_id = $db->sql_escape(ANONYMOUS_USER);
+ $id = $db->sql_escape($this->id);
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
+ if (!$db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't set logged out status", '', __LINE__, __FILE__, $sql);
+
+ //Cleans session
+ $this->clean();
+ }
+}
+
+//The user_id matching anonymous user
+if (!defined('ANONYMOUS_USER')) define('ANONYMOUS_USER', -1);
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Nov 17, 01:03 (2 h, 9 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2248376
Default Alt Text
D1158.id2963.diff (43 KB)
Attached To
Mode
D1158: Fix whitespace issues
Attached
Detach File
Event Timeline
Log In to Comment