Page MenuHomeDevCentral
Files F3766466

D1919.diff
No OneTemporary
Actions

D1919.diff
View Options

diff --git a/includes/config.php b/includes/config.php
--- a/includes/config.php
+++ b/includes/config.php
@@ -1,6 +1,6 @@
<?php
-/*
+/**
* Keruald, core libraries for Pluton and Xen engines.
* (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
* Released under BSD license
@@ -18,7 +18,7 @@
/// I. SQL configuration ///
/// ///
////////////////////////////////////////////////////////////////////////////////
-
+
//SQL configuration
$Config['sql']['product'] = 'MySQL'; //Only MySQL is currently implemented
$Config['sql']['host'] = 'localhost';
@@ -61,7 +61,7 @@
* The following settings give your script/application URL.
*
* Without mod_rewrite:
- *
+ *
* Subdirectory:
* - $Config['SiteURL'] = 'http://www.yourdomain.tld/application/index.php';
* - $Config['BaseURL'] = '/application/index.php';
@@ -71,7 +71,7 @@
* - $Config['BaseURL'] = '/index.php';
*
* With mod_rewrite:
- *
+ *
* Subdirectory:
* - $Config['SiteURL'] = 'http://www.yourdomain.tld/application';
* - $Config['BaseURL'] = '/application';
@@ -98,9 +98,9 @@
* If you don't want to specify the server domain, you can use get_server_url:
* $Config['SiteURL'] = get_server_url() . '/application';
* $Config['SiteURL'] = get_server_url();
- *
+ *
* !!! No trailing slash !!!
- *
+ *
*/
$Config['SiteURL'] = get_server_url();
@@ -140,5 +140,3 @@
//Sets duration lifetime to 2 hours
ini_set('session.gc_maxlifetime', 2880);
-
-?>
diff --git a/includes/core.php b/includes/core.php
--- a/includes/core.php
+++ b/includes/core.php
@@ -1,6 +1,6 @@
<?php
-/*
+/**
* Keruald, core libraries for Pluton and Xen engines.
* (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
* Released under BSD license
@@ -23,10 +23,10 @@
error_reporting(E_ALL & ~E_NOTICE);
//Load libraries
-include_once("config.php"); //Site config
-include_once("error.php"); //Error management
-include_once("mysql.php"); //MySQL layer
-include_once("session.php"); //Sessions handler
+include_once("config.php"); // Site config
+include_once("error.php"); // Error management
+include_once("mysql.php"); // MySQL layer
+include_once("session.php"); // Sessions handler
////////////////////////////////////////////////////////////////////////////////
/// ///
@@ -34,29 +34,33 @@
/// ///
////////////////////////////////////////////////////////////////////////////////
-/*
+/**
* Gets the username matching specified user id
+ *
* @param string $user_id the user ID
* @return string the username
*/
function get_username ($user_id) {
- global $db;
-
- $user_id = $db->sql_escape($user_id);
+ global $db;
+
+ $user_id = $db->sql_escape($user_id);
$sql = 'SELECT username FROM '. TABLE_USERS . " WHERE user_id = '$userid'";
- return $db->sql_query_express($sql, "Can't get username from specified user id");
+
+ return $db->sql_query_express($sql, "Can't get username from specified user id");
}
-/*
+/**
* Gets the user id matching specified username
- * @param string $username the username
+ *
+ * @param string $username the username
* @return string the user ID
*/
function get_userid ($username) {
- global $db;
-
- $username = $db->sql_escape($username);
- $sql = 'SELECT user_id FROM '. TABLE_USERS . " WHERE username LIKE '$username'";
+ global $db;
+
+ $username = $db->sql_escape($username);
+ $sql = 'SELECT user_id FROM '. TABLE_USERS . " WHERE username LIKE '$username'";
+
return $db->sql_query_express($sql, "Can't get user id from specified username");
}
@@ -66,84 +70,101 @@
/// ///
////////////////////////////////////////////////////////////////////////////////
-//Plural management
+// Plural management
-/*
+/**
* Gets a "s" if the specified amount requests the plural
+ *
* @param mixed $amount the quantity (should be numeric)
* @return string 's' if the amount is greater or equal than 2 ; otherwise, ''
*/
function s ($amount) {
- if ($amount >= 2 || $amount <= -2 ) return 's';
+ if ($amount >= 2 || $amount <= -2 ) return 's';
}
-/*
+/**
* Prints human-readable information about a variable, wrapped in a <pre> block
+ *
* @param mixed $mixed the variable to dump
*/
function dprint_r ($mixed) {
- echo '<pre>';
+ echo '<pre>';
print_r($mixed);
echo '</pre>';
}
-/*
+/**
* Generates a new GUID
+ *
* @return string a guid (without {})
*/
-function new_guid () {
- //The guid chars
+function new_guid () {
+ //The guid chars
$chars = explode(',', 'a,b,c,d,e,f,0,1,2,3,4,5,6,7,8,9');
-
+
//Let's build our 36 characters string
//e.g. 68ed40c6-f5bb-4a4a-8659-3adf23536b75
- $guid = "";
- for ($i = 0 ; $i < 36 ; $i++) {
+ $guid = "";
+ for ($i = 0 ; $i < 36 ; $i++) {
if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
//Dashes at position 9, 14, 19 and 24
$guid .= "-";
- } else {
+ } else {
//0-f hex digit elsewhere
- $guid .= $chars[mt_rand() % sizeof($characters)];
- }
- }
- return $guid;
+ $guid .= $chars[mt_rand() % sizeof($characters)];
+ }
+ }
+ return $guid;
}
-/*
+/**
* Determines if the expression is a valid guid (in uuid notation, without {})
+ *
* @param string $expression the guid to check
* @return true if the expression is a valid guid ; otherwise, false
*/
function is_guid ($expression) {
//We avoid regexp to speed up the check
//A guid is a 36 characters string
- if (strlen($expression) != 36) return false;
-
+ if (strlen($expression) != 36) {
+ return false;
+ }
+
$expression = strtolower($expression);
- for ($i = 0 ; $i < 36 ; $i++) {
- if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
- //with dashes
- if ($expression[$i] != '-') return false;
- } else {
- //and hex numbers
- if (!is_numeric($expression[$i]) && $expression[$i] != 'a' && $expression[$i] != 'b' && $expression[$i] != 'c' && $expression[$i] != 'd' && $expression[$i] != 'e' && $expression[$i] != 'f' ) return false;
- }
- }
+ for ($i = 0 ; $i < 36 ; $i++) {
+ if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
+ //with dashes
+ if ($expression[$i] != '-') {
+ return false;
+ }
+ } else {
+ //and hex numbers
+ if (!is_numeric($expression[$i])
+ && $expression[$i] != 'a' && $expression[$i] != 'b'
+ && $expression[$i] != 'c' && $expression[$i] != 'd'
+ && $expression[$i] != 'e' && $expression[$i] != 'f') {
+ return false;
+ }
+ }
+ }
+
return true;
}
-/*
+/**
* Gets file extension
+ *
* @param string $file the file to get the extension
*/
function get_extension ($file) {
$dotPosition = strrpos($file, ".");
+
return substr($file, $dotPosition + 1);
}
-/*
+/**
* Determines if a string starts with specified substring
+ *
* @param string $haystack the string to check
* @param string $needle the substring to determines if it's the start
* @param boolean $case_sensitive determines if the search must be case sensitive
@@ -154,7 +175,10 @@
$haystack = strtoupper($haystack);
$needle = strtoupper($needle);
}
- if ($haystack == $needle) return true;
+ if ($haystack == $needle) {
+ return true;
+ }
+
return strpos($haystack, $needle) === 0;
}
@@ -164,8 +188,9 @@
/// ///
////////////////////////////////////////////////////////////////////////////////
-/*
+/**
* Gets URL
+ *
* @return string URL
*/
function get_url () {
@@ -180,8 +205,9 @@
}
}
-/*
+/**
* Gets page URL
+ *
* @return string URL
*/
function get_page_url () {
@@ -192,77 +218,82 @@
return $url;
}
-/*
+/**
* Gets server URL
+ *
* @todo find a way to detect https:// on non standard port
* @return string the server URL
*/
function get_server_url () {
- switch ($port = $_SERVER['SERVER_PORT']) {
- case '80':
+ switch ($port = $_SERVER['SERVER_PORT']) {
+ case '80':
return "http://$_SERVER[SERVER_NAME]";
-
+
case '443':
return "https://$_SERVER[SERVER_NAME]";
-
+
default:
return "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]";
- }
+ }
}
-/*
+/**
* Gets $_SERVER['PATH_INFO'] or computes the equivalent if not defined.
* @return string the relevant URL part
*/
function get_current_url () {
global $Config;
-
+
//Gets relevant URL part from relevant $_SERVER variables
if (array_key_exists('PATH_INFO', $_SERVER)) {
//Without mod_rewrite, and url like /index.php/controller
//we use PATH_INFO. It's the easiest case.
return $_SERVER["PATH_INFO"];
}
-
+
//In other cases, we'll need to get the relevant part of the URL
$current_url = get_server_url() . $_SERVER['REQUEST_URI'];
-
+
//Relevant URL part starts after the site URL
$len = strlen($Config['SiteURL']);
-
+
//We need to assert it's the correct site
if (substr($current_url, 0, $len) != $Config['SiteURL']) {
dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL<br /><strong>Current value:</strong> $Config[SiteURL]<br /><strong>Expected value:</strong> a string starting by " . get_server_url(), "Setup");
}
-
+
if (array_key_exists('REDIRECT_URL', $_SERVER)) {
//With mod_rewrite, we can use REDIRECT_URL
//We takes the end of the URL, ie *FROM* $len position
return substr(get_server_url() . $_SERVER["REDIRECT_URL"], $len);
}
-
+
//Last possibility: use REQUEST_URI, but remove QUERY_STRING
//If you need to edit here, use $_SERVER['REQUEST_URI']
//but you need to discard $_SERVER['QUERY_STRING']
-
+
//We takes the end of the URL, ie *FROM* $len position
$url = substr(get_server_url() . $_SERVER["REQUEST_URI"], $len);
-
- //But if there are a query string (?action=... we need to discard it)
+
+ //But if there are a query string (?action=... we need to discard it)
if ($_SERVER['QUERY_STRING']) {
return substr($url, 0, strlen($url) - strlen($_SERVER['QUERY_STRING']) - 1);
}
-
+
return $url;
}
-/*
+/**
* Gets an array of url fragments to be processed by controller
+ *
* @return array an array containing URL fragments
*/
function get_current_url_fragments () {
$url_source = get_current_url();
- if ($url_source == '/index.php') return array();
+ if ($url_source == '/index.php') {
+ return array();
+ }
+
return explode('/', substr($url_source, 1));
}
@@ -272,39 +303,40 @@
/// ///
////////////////////////////////////////////////////////////////////////////////
-/*
+/**
* Gets an hash value to check the integrity of URLs in /do.php calls
+ *
* @param Array $args the args to compute the hash
* @return the hash paramater for your xmlHttpRequest url
*/
function get_xhr_hash ($args) {
global $Config;
-
+
array_shift($args);
return md5($_SESSION['ID'] . $Config['SecretKey'] . implode('', $args));
}
-/*
+/**
* Gets the URL to call do.php, the xmlHttpRequest controller
+ *
* @return string the xmlHttpRequest url, with an integrity hash
*/
-function get_xhr_hashed_url () {
+function get_xhr_hashed_url () {
global $Config;
-
+
$args = func_get_args();
$args[] = get_xhr_hash($args);
return $Config['DoURL'] . '/' . implode('/', $args);
}
-/*
+/**
* Gets the URL to call do.php, the xmlHttpRequest controller
+ *
* @return string the xmlHttpRequest url
*/
function get_xhr_url () {
global $Config;
-
+
$args = func_get_args();
return $Config['DoURL'] . '/' .implode('/', $args);
}
-
-?>
diff --git a/includes/error.php b/includes/error.php
--- a/includes/error.php
+++ b/includes/error.php
@@ -1,6 +1,6 @@
<?php
-/*
+/**
* Keruald, core libraries for Pluton and Xen engines.
* (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
* Released under BSD license
@@ -39,20 +39,24 @@
define ("HACK_ERROR", 99);
define ("GENERAL_ERROR", 117);
-/*
+/**
* Prints human-readable information about a variable
* wrapped in a general error and dies
+ *
* @param mixed $mixed the variable to dump
*/
function dieprint_r ($var, $title = '') {
- if (!$title) $title = 'Debug';
-
+ if (!$title) {
+ $title = 'Debug';
+ }
+
//GENERAL_ERROR with print_r call as message
message_die(GENERAL_ERROR, '<pre>' . print_r($var, true) .'</pre>', $title);
}
-/*
+/**
* Prints an error message and dies
+ *
* @param int $code A constant identifying the type of error (SQL_ERROR, HACK_ERROR or GENERAL_ERROR)
* @param string $text the error description
* @param string $text the error title
@@ -71,17 +75,17 @@
$text .= ", line $line";
}
}
-
+
//Ensures we've an error title and adds relevant extra information
switch ($code) {
case HACK_ERROR:
$title = $title ? $title : "Access non authorized";
break;
-
+
case SQL_ERROR:
global $db;
$title = $title ? $title : "SQL error";
-
+
//Gets SQL error information
$sqlError = $db->sql_error();
if ($sqlError['message'] != '') {
@@ -89,22 +93,21 @@
}
$text .= '<br />&nbsp;<br />Query: ';
$text .= $sql;
-
+
break;
-
+
default:
//TODO: here can be added code to handle error error ;-)
//Falls to GENERAL_ERROR
-
+
case GENERAL_ERROR:
$title = $title ? $title : "General error";
break;
}
-
+
//HTML output of $title and $text variables
echo '<div class="FatalError"><p class="FatalErrorTitle">', $title,
'</p><p>', $text, '</p></div>';
-
+
exit;
}
-?>
diff --git a/includes/login.php b/includes/login.php
--- a/includes/login.php
+++ b/includes/login.php
@@ -1,6 +1,6 @@
<?php
-/*
+/**
* Keruald, core libraries for Pluton and Xen engines.
* (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
* Released under BSD license
@@ -8,29 +8,30 @@
* Login and logout handler.
*
* 0.1 2010-02-27 1:52 DcK
- *
+ *
*/
if ($_POST['LogIn']) {
- //User have submitted login form
+ // User have submitted login form
$username = $db->sql_escape($_POST['username']);
$sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
- if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
- if ($row = $db->sql_fetchrow($result)) {
- if (!$row['user_password']) {
- //No password set
- $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
- } elseif ($row['user_password'] != md5($_POST['password'])) {
- //The password doesn't match
- $LoginError = "Incorrect password.";
- } else {
- //Login successful
- Session::load()->user_login($row['user_id']);
- $LoginSuccessful = true;
- }
+ if ( !($result = $db->sql_query($sql)) ) {
+ message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
+ }
+ if ($row = $db->sql_fetchrow($result)) {
+ if (!$row['user_password']) {
+ // No password set
+ $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
+ } elseif ($row['user_password'] != md5($_POST['password'])) {
+ // The password doesn't match
+ $LoginError = "Incorrect password.";
+ } else {
+ // Login successful
+ Session::load()->user_login($row['user_id']);
+ $LoginSuccessful = true;
+ }
}
} elseif ($_POST['LogOut'] || $_GET['action'] == "user.logout") {
- //User have submitted logout form or clicked a logout link
+ // User have submitted logout form or clicked a logout link
Session::load()->user_logout();
}
-?>
diff --git a/includes/mysql.php b/includes/mysql.php
--- a/includes/mysql.php
+++ b/includes/mysql.php
@@ -8,15 +8,15 @@
* MySQL layer and helper class
*
* 0.1 2010-02-27 1:52 DcK
- *
+ *
*/
if (!defined('SQL_LAYER')) {
define('SQL_LAYER', 'MySQL');
- /*
+ /**
* SQL layer and helper class: MySQL
- *
+ *
* @package Keruald
* @subpackage Keruald
* @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
@@ -24,25 +24,25 @@
* @version 0.1
*/
class sql_db {
- /*
+ /**
* @var int the connection identifier
*/
private $id;
- /*
+ /**
* Initializes a new instance of the database abstraction class, for MySQL engine
*/
function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
//Connects to MySQL server
$this->id = @mysql_connect($host, $username, $password) or $this->sql_die();
-
+
//Selects database
if ($database != '') {
mysql_select_db($database, $this->id);
}
}
-
- /*
+
+ /**
* Outputs a can't connect to the SQL server message and exits.
* It's called on connect failure
*/
@@ -51,23 +51,25 @@
//e.g. in a demo or appliance context, include('start.html'); exit;
die ("Can't connect to SQL server.");
}
-
- /*
+
+ /**
* Sends a unique query to the database
+ *
* @return mixed if the query is successful, a result identifier ; otherwise, false
*/
function sql_query ($query) {
return mysql_query($query, $this->id);
}
- /*
+ /**
* Fetches a row of result into an associative array
+ *
* @return array an associative array with columns names as keys and row values as values
*/
function sql_fetchrow ($result) {
return mysql_fetch_array($result);
}
-
+
/*
* Gets last SQL error information
* @return array an array with two keys, code and message, containing error information
@@ -75,26 +77,29 @@
function sql_error () {
$error['code'] = mysql_errno($this->id);
$error['message'] = mysql_error($this->id);
+
return $error;
}
-
- /*
+
+ /**
* Gets the number of rows affected or returned by a query
+ *
* @return int the number of rows affected (delete/insert/update) or the number of rows in query result
*/
function sql_numrows ($result) {
return mysql_num_rows($result);
}
-
+
/*
* Gets the primary key value of the last query (works only in INSERT context)
+ *
* @return int the primary key value
*/
function sql_nextid () {
return mysql_insert_id($this->id);
}
-
- /*
+
+ /**
* Express query method, returns an immediate and unique result
*
* @param string $query the query to execute
@@ -112,23 +117,24 @@
} else {
//Fetches row
$row = $this->sql_fetchrow($result);
-
+
//If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
return $return_as_string ? $row[0] : $row;
}
}
-
- /*
+
+ /**
* Escapes a SQL expression
+ *
* @param string expression The expression to escape
* @return string The escaped expression
*/
function sql_escape ($expression) {
return mysql_real_escape_string($expression);
}
-
- /*
- * Set charset
+
+ /**
+ * Sets charset
*/
function set_charset ($encoding) {
if (function_exists('mysql_set_charset')) {
@@ -139,14 +145,13 @@
}
}
}
-
- //Creates an instance of this database class with configuration values
+
+ // Creates an instance of this database class with configuration values
$db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
-
- //To improve security, we unset sql parameters
+
+ // To improve security, we unset sql parameters
unset($Config['sql']);
-
- //Sets SQL connexion in UTF8. PHP 5.2.3+
+
+ // Sets SQL connexion in UTF8. PHP 5.2.3+
$db->set_charset('utf8');
}
-?>
diff --git a/includes/objects/user.php b/includes/objects/user.php
--- a/includes/objects/user.php
+++ b/includes/objects/user.php
@@ -1,6 +1,6 @@
<?php
-/*
+/**
* Keruald, core libraries for Pluton and Xen engines.
* (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
* Released under BSD license
@@ -24,9 +24,10 @@
public $active = 0;
public $email;
public $regdate;
-
- /*
+
+ /**
* Initializes a new instance
+ *
* @param int $id the primary key
*/
function __construct ($id = null) {
@@ -35,8 +36,8 @@
$this->load_from_database();
}
}
-
- /*
+
+ /**
* Loads the object User (ie fill the properties) from the $_POST array
*/
function load_from_form () {
@@ -47,8 +48,8 @@
if (array_key_exists('email', $_POST)) $this->email = $_POST['email'];
if (array_key_exists('regdate', $_POST)) $this->regdate = $_POST['regdate'];
}
-
- /*
+
+ /**
* Loads the object User (ie fill the properties) from the database
*/
function load_from_database () {
@@ -59,13 +60,13 @@
$this->lastError = "User unkwown: " . $this->id;
return false;
}
-
+
$this->load_from_row($row);
-
+
return true;
}
-
- /*
+
+ /**
* Loads the object User (ie fill the properties) from the database row
*/
function load_from_row ($row) {
@@ -76,13 +77,13 @@
$this->email = $row['user_email'];
$this->regdate = $row['user_regdate'];
}
-
- /*
+
+ /**
* Saves to database
*/
function save_to_database () {
global $db;
-
+
$id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
$name = $db->sql_escape($this->name);
$password = $db->sql_escape($this->password);
@@ -95,14 +96,14 @@
if (!$db->sql_query($sql)) {
message_die(SQL_ERROR, "Unable to save user", '', __LINE__, __FILE__, $sql);
}
-
+
if (!$this->id) {
//Gets new record id value
$this->id = $db->sql_nextid();
}
}
-
- /*
+
+ /**
* Updates the specified field in the database record
*/
function save_field ($field) {
@@ -117,13 +118,13 @@
message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
}
}
-
- /*
+
+ /**
* Generates a unique user id
*/
function generate_id () {
global $db;
-
+
do {
$this->id = mt_rand(2001, 9999);
$sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE user_id = $this->id";
@@ -131,10 +132,10 @@
message_die(SQL_ERROR, "Can't check if a user id is free", '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
- } while ($row[0]);
+ } while ($row[0]);
}
-
- /*
+
+ /**
* Fills password field with encrypted version
* of the specified clear password
*/
@@ -142,8 +143,9 @@
$this->password = md5($newpassword);
}
- /*
+ /**
* Checks if a login is available
+ *
* @param string $login the login to check
* @return boolean true if the login is avaiable ; otherwise, false.
*/
@@ -156,10 +158,11 @@
$row = $db->sql_fetchrow($result);
return ($row[0] == 0);
}
-
- /*
+
+ /**
* Initializes a new User instance ready to have its property filled
- * @return User the new user instance
+ *
+ * @return User the new user instance
*/
public static function create () {
$user = new User();
@@ -167,9 +170,10 @@
$user->active = true;
return $user;
}
-
- /*
+
+ /**
* Gets user from specified e-mail
+ *
* @return User the user matching the specified e-mail ; null, if the mail were not found.
*/
public static function get_user_from_email ($mail) {
@@ -178,17 +182,15 @@
if (!$result = $db->sql_query($sql)) {
message_die(SQL_ERROR, "Can't get user", '', __LINE__, __FILE__, $sql);
}
-
+
if ($row = $db->sql_fetchrow($result)) {
//E-mail found.
$user = new User();
$user->load_from_row($row);
return $user;
}
-
+
//E-mail not found.
return null;
}
}
-
-?>
diff --git a/includes/session.php b/includes/session.php
--- a/includes/session.php
+++ b/includes/session.php
@@ -1,6 +1,6 @@
<?php
-/*
+/**
* Keruald, core libraries for Pluton and Xen engines.
* (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
* Released under BSD license
@@ -19,13 +19,14 @@
* @version 0.1
*/
class Session {
- /*
+ /**
* @var Session current session instance
*/
private static $instance;
-
- /*
+
+ /**
* Gets or initializes current session instance
+ *
* @return Session current session instance
*/
public static function load () {
@@ -34,21 +35,21 @@
$c = __CLASS__;
self::$instance = new $c;
}
-
+
return self::$instance;
}
-
- /*
+
+ /**
* @var string session ID
*/
public $id;
-
- /*
+
+ /**
* @var string remote client IP
*/
public $ip;
-
- /*
+
+ /**
* Initializes a new instance of Session object
*/
private function __construct () {
@@ -56,16 +57,17 @@
session_start();
$_SESSION['ID'] = session_id();
$this->id = $_SESSION['ID'];
-
+
//Gets remote client IP
$this->ip = self::get_ip();
-
+
//Updates or creates the session in database
$this->update();
}
-
- /*
+
+ /**
* Gets remote client IP address
+ *
* @return string IP
*/
public static function get_ip () {
@@ -76,11 +78,11 @@
return $_SERVER['HTTP_X_FORWARDED_FOR'];
}
- //Standard cases
+ //Standard cases
return $_SERVER['REMOTE_ADDR'];
}
-
- /*
+
+ /**
* Cleans up session
* i. deletes expired session
* ii. sets offline relevant sessions
@@ -89,51 +91,57 @@
global $db, $Config;
//Gets session and online status lifetime (in seconds)
- //If not specified in config, sets default 5 and 120 minutes values
+ //If not specified in config, sets default 5 and 120 minutes values
$onlineDuration = array_key_exists('OnlineDuration', $Config) ? $Config['OnlineDuration'] : 300;
$sessionDuration = array_key_exists('SessionDuration', $Config) ? $Config['SessionDuration'] : 7200;
-
+
$resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
-
+
//Deletes expired sessions
$sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $sessionDuration";
- if (!$db->sql_query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
+ if (!$db->sql_query($sql)) {
+ message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
+ }
//Online -> offline
$sql = "UPDATE " . TABLE_SESSIONS . " SET session_online = 0 WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $onlineDuration";
- if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
+ if (!$db->sql_query($sql)) {
+ message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
+ }
}
-
-
+
+
/*
* Updates or creates a session in the database
*/
public function update () {
global $db, $Config;
-
+
//Cleans up session
//To boost SQL performances, try a random trigger
// e.g. if (rand(1, 100) < 3) self::clean_old_sessions();
//or comment this line and execute a cron script you launch each minute.
self::clean_old_sessions();
-
+
//Saves session in database.
//If the session already exists, it updates the field online and updated.
$id = $db->sql_escape($this->id);
$resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
$user_id = $db->sql_escape(ANONYMOUS_USER);
$sql = "INSERT INTO " . TABLE_SESSIONS . " (session_id, session_ip, session_resource, user_id) VALUES ('$id', '$this->ip', $resource, '$user_id') ON DUPLICATE KEY UPDATE session_online = 1";
- if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
+ if (!$db->sql_query($sql)) {
+ message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
+ }
}
-
+
/*
* Gets the number of online users
* @return int the online users count
*/
- public function count_online () {
+ public function count_online () {
//Keeps result for later method call
static $count = -1;
-
+
if ($count == -1) {
//Queries sessions table
global $db, $Config;
@@ -142,51 +150,55 @@
$sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND session_online = 1";
$count = (int)$db->sql_query_express($sql, "Can't count online users");
}
-
+
//Returns number of users online
return $count;
}
-
- /*
+
+ /**
* Gets the value of a custom session table field
+ *
* @param string $info the field to get
* @return string the session specified field's value
*/
public function get_info ($info) {
global $db;
-
+
$id = $db->sql_escape($this->id);
$sql = "SELECT `$info` FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
return $db->sql_query_express($sql, "Can't get session $info info");
}
-
- /*
+
+ /**
* Sets the value of a custom session table field to the specified value
+ *
* @param string $info the field to update
* @param string $value the value to set
*/
public function set_info ($info, $value) {
global $db;
-
+
$value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
$id = $db->sql_escape($this->id);
$sql = "UPDATE " . TABLE_SESSIONS . " SET `$info` = $value WHERE session_id = '$id'";
- if (!$db->sql_query($sql))
+ if (!$db->sql_query($sql)) {
message_die(SQL_ERROR, "Can't set session $info info", '', __LINE__, __FILE__, $sql);
+ }
}
-
- /*
+
+ /**
* Gets logged user information
* @return User the logged user information
*/
public function get_logged_user () {
global $db;
-
+
//Gets session information
$id = $db->sql_escape($this->id);
$sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
- if (!$result = $db->sql_query($sql))
+ if (!$result = $db->sql_query($sql)) {
message_die(SQL_ERROR, "Can't query session information", '', __LINE__, __FILE__, $sql);
+ }
$row = $db->sql_fetchrow($result);
//Gets user instance
@@ -200,18 +212,20 @@
return $user;
}
- /*
+ /**
* Cleans session
* This method is to be called when an event implies a session destroy
*/
public function clean () {
//Destroies $_SESSION array values, help ID
foreach ($_SESSION as $key => $value) {
- if ($key != 'ID') unset($_SESSION[$key]);
+ if ($key != 'ID') {
+ unset($_SESSION[$key]);
+ }
}
}
- /*
+ /**
* Updates the session in an user login context
* @param string $user_id the user ID
*/
@@ -222,29 +236,31 @@
$user_id = $db->sql_escape($user_id);
$id = $db->sql_escape($this->id);
$sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
- if (!$db->sql_query($sql))
+ if (!$db->sql_query($sql)) {
message_die(SQL_ERROR, "Can't set logged in status", '', __LINE__, __FILE__, $sql);
+ }
}
-
- /*
+
+ /**
* Updates the session in an user logout context
*/
public function user_logout () {
global $db;
-
+
//Sets anonymous user in sessions table
$user_id = $db->sql_escape(ANONYMOUS_USER);
$id = $db->sql_escape($this->id);
$sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
- if (!$db->sql_query($sql))
+ if (!$db->sql_query($sql)) {
message_die(SQL_ERROR, "Can't set logged out status", '', __LINE__, __FILE__, $sql);
-
+ }
+
//Cleans session
$this->clean();
}
}
//The user_id matching anonymous user
-if (!defined('ANONYMOUS_USER')) define('ANONYMOUS_USER', -1);
-
-?>
+if (!defined('ANONYMOUS_USER')) {
+ define('ANONYMOUS_USER', -1);
+}

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 23, 18:23 (18 h, 54 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2258645
Default Alt Text
D1919.diff (34 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator