Page MenuHomeDevCentral

D1158.diff
No OneTemporary

D1158.diff

diff --git a/includes/_documents.xml b/includes/_documents.xml
--- a/includes/_documents.xml
+++ b/includes/_documents.xml
@@ -11,4 +11,4 @@
<noheader />
<nofooter />
</document>
-</documents>
\ No newline at end of file
+</documents>
diff --git a/includes/error.php b/includes/error.php
--- a/includes/error.php
+++ b/includes/error.php
@@ -45,7 +45,7 @@
*/
function dieprint_r ($var, $title = '') {
if (!$title) $title = 'Debug';
-
+
//GENERAL_ERROR with print_r call as message
message_die(GENERAL_ERROR, '<pre>' . print_r($var, true) .'</pre>', $title);
}
@@ -70,17 +70,17 @@
$text .= ", line $line";
}
}
-
+
//Ensures we've an error title and adds relevant extra information
switch ($code) {
case HACK_ERROR:
$title = $title ? $title : "Access non authorized";
break;
-
+
case SQL_ERROR:
global $db;
$title = $title ? $title : "SQL error";
-
+
//Gets SQL error information
$sqlError = $db->sql_error();
if ($sqlError['message'] != '') {
@@ -88,21 +88,21 @@
}
$text .= '<br />&nbsp;<br />Query: ';
$text .= $sql;
-
+
break;
-
+
default:
//TODO: here can be added code to handle error error ;-)
//Falls to GENERAL_ERROR
-
+
case GENERAL_ERROR:
$title = $title ? $title : "General error";
break;
}
-
+
//HTML output of $title and $text variables
echo '<div class="FatalError"><p class="FatalErrorTitle">', $title,
'</p><p>', $text, '</p></div>';
-
+
exit;
}
diff --git a/includes/login.php b/includes/login.php
--- a/includes/login.php
+++ b/includes/login.php
@@ -1,35 +1,35 @@
-<?php
-
-/*
- * Keruald, core libraries for Pluton and Xen engines.
- * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
- * Released under BSD license
- *
- * Login and logout handler.
- *
- * 0.1 2010-02-27 1:52 DcK
- *
- */
-
-if ($_POST['LogIn']) {
- //User have submitted login form
- $username = $db->sql_escape($_POST['username']);
- $sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
- if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
- if ($row = $db->sql_fetchrow($result)) {
- if (!$row['user_password']) {
- //No password set
- $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
- } elseif ($row['user_password'] != md5($_POST['password'])) {
- //The password doesn't match
- $LoginError = "Incorrect password.";
- } else {
- //Login successful
- Session::load()->user_login($row['user_id']);
- $LoginSuccessful = true;
- }
- }
-} elseif ($_POST['LogOut'] || $_GET['action'] == "user.logout") {
- //User have submitted logout form or clicked a logout link
- Session::load()->user_logout();
-}
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * Login and logout handler.
+ *
+ * 0.1 2010-02-27 1:52 DcK
+ *
+ */
+
+if ($_POST['LogIn']) {
+ //User have submitted login form
+ $username = $db->sql_escape($_POST['username']);
+ $sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
+ if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
+ if ($row = $db->sql_fetchrow($result)) {
+ if (!$row['user_password']) {
+ //No password set
+ $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
+ } elseif ($row['user_password'] != md5($_POST['password'])) {
+ //The password doesn't match
+ $LoginError = "Incorrect password.";
+ } else {
+ //Login successful
+ Session::load()->user_login($row['user_id']);
+ $LoginSuccessful = true;
+ }
+ }
+} elseif ($_POST['LogOut'] || $_GET['action'] == "user.logout") {
+ //User have submitted logout form or clicked a logout link
+ Session::load()->user_logout();
+}
diff --git a/includes/mysql.php b/includes/mysql.php
--- a/includes/mysql.php
+++ b/includes/mysql.php
@@ -1,151 +1,151 @@
-<?php
-
-/*
- * Keruald, core libraries for Pluton and Xen engines.
- * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
- * Released under BSD license
- *
- * MySQL layer and helper class
- *
- * 0.1 2010-02-27 1:52 DcK
- *
- */
-
-if (!defined('SQL_LAYER')) {
- define('SQL_LAYER', 'MySQL');
-
- /*
- * SQL layer and helper class: MySQL
- *
- * @package Keruald
- * @subpackage Keruald
- * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
- * @license Released under BSD license
- * @version 0.1
- */
- class sql_db {
- /*
- * @var int the connection identifier
- */
- private $id;
-
- /*
- * Initializes a new instance of the database abstraction class, for MySQL engine
- */
- function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
- //Connects to MySQL server
- $this->id = @mysql_connect($host, $username, $password) or $this->sql_die();
-
- //Selects database
- if ($database != '') {
- mysql_select_db($database, $this->id);
- }
- }
-
- /*
- * Outputs a can't connect to the SQL server message and exits.
- * It's called on connect failure
- */
- private function sql_die () {
- //You can custom here code when you can't connect to SQL server
- //e.g. in a demo or appliance context, include('start.html'); exit;
- die ("Can't connect to SQL server.");
- }
-
- /*
- * Sends a unique query to the database
- * @return mixed if the query is successful, a result identifier ; otherwise, false
- */
- function sql_query ($query) {
- return mysql_query($query, $this->id);
- }
-
- /*
- * Fetches a row of result into an associative array
- * @return array an associative array with columns names as keys and row values as values
- */
- function sql_fetchrow ($result) {
- return mysql_fetch_array($result);
- }
-
- /*
- * Gets last SQL error information
- * @return array an array with two keys, code and message, containing error information
- */
- function sql_error () {
- $error['code'] = mysql_errno($this->id);
- $error['message'] = mysql_error($this->id);
- return $error;
- }
-
- /*
- * Gets the number of rows affected or returned by a query
- * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
- */
- function sql_numrows ($result) {
- return mysql_num_rows($result);
- }
-
- /*
- * Gets the primary key value of the last query (works only in INSERT context)
- * @return int the primary key value
- */
- function sql_nextid () {
- return mysql_insert_id($this->id);
- }
-
- /*
- * Express query method, returns an immediate and unique result
- *
- * @param string $query the query to execute
- * @param string $error_message the error message
- * @param boolean $return_as_string return result as string, and not as an array
- * @return mixed the row or the scalar result
- */
- function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
- if ($query === '' || $query === false || $query === null) {
- //No query, no value
- return '';
- } elseif (!$result = $this->sql_query($query)) {
- //An error have occured
- message_die(SQL_ERROR, $error_message, '', '', '', $query);
- } else {
- //Fetches row
- $row = $this->sql_fetchrow($result);
-
- //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
- return $return_as_string ? $row[0] : $row;
- }
- }
-
- /*
- * Escapes a SQL expression
- * @param string expression The expression to escape
- * @return string The escaped expression
- */
- function sql_escape ($expression) {
- return mysql_real_escape_string($expression);
- }
-
- /*
- * Set charset
- */
- function set_charset ($encoding) {
- if (function_exists('mysql_set_charset')) {
- //>PHP 5.2.3
- mysql_set_charset($encoding, $this->id);
- } else {
- //TODO: set connection variables to utf8
- }
- }
- }
-
- //Creates an instance of this database class with configuration values
- $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
-
- //To improve security, we unset sql parameters
- unset($Config['sql']);
-
- //Sets SQL connexion in UTF8. PHP 5.2.3+
- $db->set_charset('utf8');
-}
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * MySQL layer and helper class
+ *
+ * 0.1 2010-02-27 1:52 DcK
+ *
+ */
+
+if (!defined('SQL_LAYER')) {
+ define('SQL_LAYER', 'MySQL');
+
+ /*
+ * SQL layer and helper class: MySQL
+ *
+ * @package Keruald
+ * @subpackage Keruald
+ * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
+ * @license Released under BSD license
+ * @version 0.1
+ */
+ class sql_db {
+ /*
+ * @var int the connection identifier
+ */
+ private $id;
+
+ /*
+ * Initializes a new instance of the database abstraction class, for MySQL engine
+ */
+ function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
+ //Connects to MySQL server
+ $this->id = @mysql_connect($host, $username, $password) or $this->sql_die();
+
+ //Selects database
+ if ($database != '') {
+ mysql_select_db($database, $this->id);
+ }
+ }
+
+ /*
+ * Outputs a can't connect to the SQL server message and exits.
+ * It's called on connect failure
+ */
+ private function sql_die () {
+ //You can custom here code when you can't connect to SQL server
+ //e.g. in a demo or appliance context, include('start.html'); exit;
+ die ("Can't connect to SQL server.");
+ }
+
+ /*
+ * Sends a unique query to the database
+ * @return mixed if the query is successful, a result identifier ; otherwise, false
+ */
+ function sql_query ($query) {
+ return mysql_query($query, $this->id);
+ }
+
+ /*
+ * Fetches a row of result into an associative array
+ * @return array an associative array with columns names as keys and row values as values
+ */
+ function sql_fetchrow ($result) {
+ return mysql_fetch_array($result);
+ }
+
+ /*
+ * Gets last SQL error information
+ * @return array an array with two keys, code and message, containing error information
+ */
+ function sql_error () {
+ $error['code'] = mysql_errno($this->id);
+ $error['message'] = mysql_error($this->id);
+ return $error;
+ }
+
+ /*
+ * Gets the number of rows affected or returned by a query
+ * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
+ */
+ function sql_numrows ($result) {
+ return mysql_num_rows($result);
+ }
+
+ /*
+ * Gets the primary key value of the last query (works only in INSERT context)
+ * @return int the primary key value
+ */
+ function sql_nextid () {
+ return mysql_insert_id($this->id);
+ }
+
+ /*
+ * Express query method, returns an immediate and unique result
+ *
+ * @param string $query the query to execute
+ * @param string $error_message the error message
+ * @param boolean $return_as_string return result as string, and not as an array
+ * @return mixed the row or the scalar result
+ */
+ function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
+ if ($query === '' || $query === false || $query === null) {
+ //No query, no value
+ return '';
+ } elseif (!$result = $this->sql_query($query)) {
+ //An error have occured
+ message_die(SQL_ERROR, $error_message, '', '', '', $query);
+ } else {
+ //Fetches row
+ $row = $this->sql_fetchrow($result);
+
+ //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
+ return $return_as_string ? $row[0] : $row;
+ }
+ }
+
+ /*
+ * Escapes a SQL expression
+ * @param string expression The expression to escape
+ * @return string The escaped expression
+ */
+ function sql_escape ($expression) {
+ return mysql_real_escape_string($expression);
+ }
+
+ /*
+ * Set charset
+ */
+ function set_charset ($encoding) {
+ if (function_exists('mysql_set_charset')) {
+ //>PHP 5.2.3
+ mysql_set_charset($encoding, $this->id);
+ } else {
+ //TODO: set connection variables to utf8
+ }
+ }
+ }
+
+ //Creates an instance of this database class with configuration values
+ $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
+
+ //To improve security, we unset sql parameters
+ unset($Config['sql']);
+
+ //Sets SQL connexion in UTF8. PHP 5.2.3+
+ $db->set_charset('utf8');
+}
diff --git a/includes/mysqli.php b/includes/mysqli.php
--- a/includes/mysqli.php
+++ b/includes/mysqli.php
@@ -1,149 +1,149 @@
-<?php
-
-/**
- * Keruald, core libraries for Pluton and Xen engines.
- * (c) 2010, 2014, Sébastien Santoro aka Dereckson, some rights reserved
- * Released under BSD license
- *
- * MySQLi layer and helper class
- */
-
-if (!defined('SQL_LAYER')) {
- define('SQL_LAYER', 'MySQL');
-
- /**
- * SQL layer and helper class: MySQLi
- *
- * @package Keruald
- * @subpackage Keruald
- * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
- * @license Released under BSD license
- * @version 0.1
- */
- class sql_db {
- /*
- * @var int the connection identifier
- */
- private $db;
-
- /**
- * Initializes a new instance of the database abstraction class, for MySQLi engine
- */
- function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
- //Connects to MySQL server
- $this->db = new mysqli($host, $username, $password) or $this->sql_die();
-
- //Selects database
- if ($database != '') {
- $this->db->select_db($database);
- }
- }
-
- /**
- * Outputs a can't connect to the SQL server message and exits.
- * It's called on connect failure
- */
- private function sql_die () {
- //You can custom here code when you can't connect to SQL server
- //e.g. in a demo or appliance context, include('start.html'); exit;
- die ("Can't connect to SQL server.");
- }
-
- /**
- * Sends a unique query to the database
- *
- * @return mixed if the query is successful, a mysqli_result instance ; otherwise, false
- */
- function sql_query ($query) {
- return $this->db->query($query);
- }
-
- /**
- * Fetches a row of result into an associative array
- *
- * @return array an associative array with columns names as keys and row values as values
- */
- function sql_fetchrow ($result) {
- return $result->fetch_array();
- }
-
- /**
- * Gets last SQL error information
- *
- * @return array an array with two keys, code and message, containing error information
- */
- function sql_error () {
- return [
- 'code' => $this->db->errno,
- 'message' => $this->db->error
- ];
- }
-
- /**
- * Gets the number of rows affected or returned by a query
- *
- * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
- */
- function sql_numrows ($result) {
- return $result->num_rows;
- }
-
- /**
- * Gets the primary key value of the last query (works only in INSERT context)
- *
- * @return int the primary key value
- */
- function sql_nextid () {
- return $this->db->insert_id;
- }
-
- /**
- * Express query method, returns an immediate and unique result
- *
- * @param string $query the query to execute
- * @param string $error_message the error message
- * @param boolean $return_as_string return result as string, and not as an array
- * @return mixed the row or the scalar result
- */
- function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
- if ($query === '' || $query === false || $query === null) {
- //No query, no value
- return '';
- } elseif (!$result = $this->sql_query($query)) {
- //An error have occured
- message_die(SQL_ERROR, $error_message, '', '', '', $query);
- } else {
- //Fetches row
- $row = $this->sql_fetchrow($result);
-
- //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
- return $return_as_string ? $row[0] : $row;
- }
- }
-
- /*
- * Escapes a SQL expression
- * @param string expression The expression to escape
- * @return string The escaped expression
- */
- function sql_escape ($expression) {
- return $this->db->real_escape_string($expression);
- }
-
- /**
- * Sets charset
- */
- function set_charset ($encoding) {
- $this->db->set_charset($encoding);
- }
- }
-
- //Creates an instance of this database class with configuration values
- $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
-
- //To improve security, we unset sql parameters
- unset($Config['sql']);
-
- //Sets SQL connexion in UTF-8.
- $db->set_charset('utf8');
-}
+<?php
+
+/**
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, 2014, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * MySQLi layer and helper class
+ */
+
+if (!defined('SQL_LAYER')) {
+ define('SQL_LAYER', 'MySQL');
+
+ /**
+ * SQL layer and helper class: MySQLi
+ *
+ * @package Keruald
+ * @subpackage Keruald
+ * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
+ * @license Released under BSD license
+ * @version 0.1
+ */
+ class sql_db {
+ /*
+ * @var int the connection identifier
+ */
+ private $db;
+
+ /**
+ * Initializes a new instance of the database abstraction class, for MySQLi engine
+ */
+ function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
+ //Connects to MySQL server
+ $this->db = new mysqli($host, $username, $password) or $this->sql_die();
+
+ //Selects database
+ if ($database != '') {
+ $this->db->select_db($database);
+ }
+ }
+
+ /**
+ * Outputs a can't connect to the SQL server message and exits.
+ * It's called on connect failure
+ */
+ private function sql_die () {
+ //You can custom here code when you can't connect to SQL server
+ //e.g. in a demo or appliance context, include('start.html'); exit;
+ die ("Can't connect to SQL server.");
+ }
+
+ /**
+ * Sends a unique query to the database
+ *
+ * @return mixed if the query is successful, a mysqli_result instance ; otherwise, false
+ */
+ function sql_query ($query) {
+ return $this->db->query($query);
+ }
+
+ /**
+ * Fetches a row of result into an associative array
+ *
+ * @return array an associative array with columns names as keys and row values as values
+ */
+ function sql_fetchrow ($result) {
+ return $result->fetch_array();
+ }
+
+ /**
+ * Gets last SQL error information
+ *
+ * @return array an array with two keys, code and message, containing error information
+ */
+ function sql_error () {
+ return [
+ 'code' => $this->db->errno,
+ 'message' => $this->db->error
+ ];
+ }
+
+ /**
+ * Gets the number of rows affected or returned by a query
+ *
+ * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
+ */
+ function sql_numrows ($result) {
+ return $result->num_rows;
+ }
+
+ /**
+ * Gets the primary key value of the last query (works only in INSERT context)
+ *
+ * @return int the primary key value
+ */
+ function sql_nextid () {
+ return $this->db->insert_id;
+ }
+
+ /**
+ * Express query method, returns an immediate and unique result
+ *
+ * @param string $query the query to execute
+ * @param string $error_message the error message
+ * @param boolean $return_as_string return result as string, and not as an array
+ * @return mixed the row or the scalar result
+ */
+ function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
+ if ($query === '' || $query === false || $query === null) {
+ //No query, no value
+ return '';
+ } elseif (!$result = $this->sql_query($query)) {
+ //An error have occured
+ message_die(SQL_ERROR, $error_message, '', '', '', $query);
+ } else {
+ //Fetches row
+ $row = $this->sql_fetchrow($result);
+
+ //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
+ return $return_as_string ? $row[0] : $row;
+ }
+ }
+
+ /*
+ * Escapes a SQL expression
+ * @param string expression The expression to escape
+ * @return string The escaped expression
+ */
+ function sql_escape ($expression) {
+ return $this->db->real_escape_string($expression);
+ }
+
+ /**
+ * Sets charset
+ */
+ function set_charset ($encoding) {
+ $this->db->set_charset($encoding);
+ }
+ }
+
+ //Creates an instance of this database class with configuration values
+ $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
+
+ //To improve security, we unset sql parameters
+ unset($Config['sql']);
+
+ //Sets SQL connexion in UTF-8.
+ $db->set_charset('utf8');
+}
diff --git a/includes/objects/README b/includes/objects/README
--- a/includes/objects/README
+++ b/includes/objects/README
@@ -1,3 +1,3 @@
-This folder contains models you use in your applications.
-
-Some models ready to use in production are available on http://keruald.sf.net
\ No newline at end of file
+This folder contains models you use in your applications.
+
+Some models ready to use in production are available on http://keruald.sf.net
diff --git a/includes/session.php b/includes/session.php
--- a/includes/session.php
+++ b/includes/session.php
@@ -1,248 +1,248 @@
-<?php
-
-/*
- * Keruald, core libraries for Pluton and Xen engines.
- * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
- * Released under BSD license
- *
- * Session
- *
- * 0.1 2010-02-26 18:06 DcK
- *
- * This class uses a singleton pattern, as we only need one single instance.
- * Cf. http://www.php.net/manual/en/language.oop5.patterns.php
- *
- * @package Keruald
- * @subpackage Keruald
- * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
- * @license Released under BSD license
- * @version 0.1
- */
-class Session {
- /*
- * @var Session current session instance
- */
- private static $instance;
-
- /*
- * Gets or initializes current session instance
- * @return Session current session instance
- */
- public static function load () {
- if (!isset(self::$instance)) {
- //Creates new session instance
- $c = __CLASS__;
- self::$instance = new $c;
- }
-
- return self::$instance;
- }
-
- /*
- * @var string session ID
- */
- public $id;
-
- /*
- * @var string remote client IP
- */
- public $ip;
-
- /*
- * Initializes a new instance of Session object
- */
- private function __construct () {
- //Starts PHP session, and gets id
- session_start();
- $_SESSION['ID'] = session_id();
- $this->id = $_SESSION['ID'];
-
- //Gets remote client IP
- $this->ip = self::get_ip();
-
- //Updates or creates the session in database
- $this->update();
- }
-
- /*
- * Gets remote client IP address
- * @return string IP
- */
- public static function get_ip () {
- //mod_proxy + mod_rewrite (old pluton url scheme) will define 127.0.0.1
- //in REMOTE_ADDR, and will store ip in HTTP_X_FORWARDED_FOR variable.
- //Some ISP/orgz proxies also use this setting.
- if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
- return $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
-
- //Standard cases
- return $_SERVER['REMOTE_ADDR'];
- }
-
- /*
- * Cleans up session
- * i. deletes expired session
- * ii. sets offline relevant sessions
- */
- public static function clean_old_sessions () {
- global $db, $Config;
-
- //Gets session and online status lifetime (in seconds)
- //If not specified in config, sets default 5 and 120 minutes values
- $onlineDuration = array_key_exists('OnlineDuration', $Config) ? $Config['OnlineDuration'] : 300;
- $sessionDuration = array_key_exists('SessionDuration', $Config) ? $Config['SessionDuration'] : 7200;
-
- $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
-
- //Deletes expired sessions
- $sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $sessionDuration";
- if (!$db->sql_query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
-
- //Online -> offline
- $sql = "UPDATE " . TABLE_SESSIONS . " SET session_online = 0 WHERE TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $onlineDuration AND session_resource = $resource";
- if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
- }
-
-
- /*
- * Updates or creates a session in the database
- */
- public function update () {
- global $db, $Config;
-
- //Cleans up session
- //To boost SQL performances, try a random trigger
- // e.g. if (rand(1, 100) < 3) self::clean_old_sessions();
- //or comment this line and execute a cron script you launch each minute.
- self::clean_old_sessions();
-
- //Saves session in database.
- //If the session already exists, it updates the field online and updated.
- $id = $db->sql_escape($this->id);
- $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
- $user_id = $db->sql_escape(ANONYMOUS_USER);
- $sql = "INSERT INTO " . TABLE_SESSIONS . " (session_id, session_ip, session_resource, user_id) VALUES ('$id', '$this->ip', $resource, '$user_id') ON DUPLICATE KEY UPDATE session_online = 1";
- if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
- }
-
- /*
- * Gets the number of online users
- * @return int the online users count
- */
- public function count_online () {
- //Keeps result for later method call
- static $count = -1;
-
- if ($count == -1) {
- //Queries sessions table
- global $db, $Config;
-
- $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
- $sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND session_online = 1";
- $count = (int)$db->sql_query_express($sql, "Can't count online users");
- }
-
- //Returns number of users online
- return $count;
- }
-
- /*
- * Gets the value of a custom session table field
- * @param string $info the field to get
- * @return string the session specified field's value
- */
- public function get_info ($info) {
- global $db;
-
- $id = $db->sql_escape($this->id);
- $sql = "SELECT `$info` FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
- return $db->sql_query_express($sql, "Can't get session $info info");
- }
-
- /*
- * Sets the value of a custom session table field to the specified value
- * @param string $info the field to update
- * @param string $value the value to set
- */
- public function set_info ($info, $value) {
- global $db;
-
- $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
- $id = $db->sql_escape($this->id);
- $sql = "UPDATE " . TABLE_SESSIONS . " SET `$info` = $value WHERE session_id = '$id'";
- if (!$db->sql_query($sql))
- message_die(SQL_ERROR, "Can't set session $info info", '', __LINE__, __FILE__, $sql);
- }
-
- /*
- * Gets logged user information
- * @return User the logged user information
- */
- public function get_logged_user () {
- global $db;
-
- //Gets session information
- $id = $db->sql_escape($this->id);
- $sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
- if (!$result = $db->sql_query($sql))
- message_die(SQL_ERROR, "Can't query session information", '', __LINE__, __FILE__, $sql);
- $row = $db->sql_fetchrow($result);
-
- //Gets user instance
- require_once('includes/objects/user.php');
- $user = new User($row['user_id']);
-
- //Adds session property to this user instance
- $user->session = $row;
-
- //Returns user instance
- return $user;
- }
-
- /*
- * Cleans session
- * This method is to be called when an event implies a session destroy
- */
- public function clean () {
- //Destroies $_SESSION array values, help ID
- foreach ($_SESSION as $key => $value) {
- if ($key != 'ID') unset($_SESSION[$key]);
- }
- }
-
- /*
- * Updates the session in an user login context
- * @param string $user_id the user ID
- */
- public function user_login ($user_id) {
- global $db;
-
- //Sets specified user ID in sessions table
- $user_id = $db->sql_escape($user_id);
- $id = $db->sql_escape($this->id);
- $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
- if (!$db->sql_query($sql))
- message_die(SQL_ERROR, "Can't set logged in status", '', __LINE__, __FILE__, $sql);
- }
-
- /*
- * Updates the session in an user logout context
- */
- public function user_logout () {
- global $db;
-
- //Sets anonymous user in sessions table
- $user_id = $db->sql_escape(ANONYMOUS_USER);
- $id = $db->sql_escape($this->id);
- $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
- if (!$db->sql_query($sql))
- message_die(SQL_ERROR, "Can't set logged out status", '', __LINE__, __FILE__, $sql);
-
- //Cleans session
- $this->clean();
- }
-}
-
-//The user_id matching anonymous user
-if (!defined('ANONYMOUS_USER')) define('ANONYMOUS_USER', -1);
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * Session
+ *
+ * 0.1 2010-02-26 18:06 DcK
+ *
+ * This class uses a singleton pattern, as we only need one single instance.
+ * Cf. http://www.php.net/manual/en/language.oop5.patterns.php
+ *
+ * @package Keruald
+ * @subpackage Keruald
+ * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
+ * @license Released under BSD license
+ * @version 0.1
+ */
+class Session {
+ /*
+ * @var Session current session instance
+ */
+ private static $instance;
+
+ /*
+ * Gets or initializes current session instance
+ * @return Session current session instance
+ */
+ public static function load () {
+ if (!isset(self::$instance)) {
+ //Creates new session instance
+ $c = __CLASS__;
+ self::$instance = new $c;
+ }
+
+ return self::$instance;
+ }
+
+ /*
+ * @var string session ID
+ */
+ public $id;
+
+ /*
+ * @var string remote client IP
+ */
+ public $ip;
+
+ /*
+ * Initializes a new instance of Session object
+ */
+ private function __construct () {
+ //Starts PHP session, and gets id
+ session_start();
+ $_SESSION['ID'] = session_id();
+ $this->id = $_SESSION['ID'];
+
+ //Gets remote client IP
+ $this->ip = self::get_ip();
+
+ //Updates or creates the session in database
+ $this->update();
+ }
+
+ /*
+ * Gets remote client IP address
+ * @return string IP
+ */
+ public static function get_ip () {
+ //mod_proxy + mod_rewrite (old pluton url scheme) will define 127.0.0.1
+ //in REMOTE_ADDR, and will store ip in HTTP_X_FORWARDED_FOR variable.
+ //Some ISP/orgz proxies also use this setting.
+ if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
+ return $_SERVER['HTTP_X_FORWARDED_FOR'];
+ }
+
+ //Standard cases
+ return $_SERVER['REMOTE_ADDR'];
+ }
+
+ /*
+ * Cleans up session
+ * i. deletes expired session
+ * ii. sets offline relevant sessions
+ */
+ public static function clean_old_sessions () {
+ global $db, $Config;
+
+ //Gets session and online status lifetime (in seconds)
+ //If not specified in config, sets default 5 and 120 minutes values
+ $onlineDuration = array_key_exists('OnlineDuration', $Config) ? $Config['OnlineDuration'] : 300;
+ $sessionDuration = array_key_exists('SessionDuration', $Config) ? $Config['SessionDuration'] : 7200;
+
+ $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
+
+ //Deletes expired sessions
+ $sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $sessionDuration";
+ if (!$db->sql_query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
+
+ //Online -> offline
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET session_online = 0 WHERE TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $onlineDuration AND session_resource = $resource";
+ if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
+ }
+
+
+ /*
+ * Updates or creates a session in the database
+ */
+ public function update () {
+ global $db, $Config;
+
+ //Cleans up session
+ //To boost SQL performances, try a random trigger
+ // e.g. if (rand(1, 100) < 3) self::clean_old_sessions();
+ //or comment this line and execute a cron script you launch each minute.
+ self::clean_old_sessions();
+
+ //Saves session in database.
+ //If the session already exists, it updates the field online and updated.
+ $id = $db->sql_escape($this->id);
+ $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
+ $user_id = $db->sql_escape(ANONYMOUS_USER);
+ $sql = "INSERT INTO " . TABLE_SESSIONS . " (session_id, session_ip, session_resource, user_id) VALUES ('$id', '$this->ip', $resource, '$user_id') ON DUPLICATE KEY UPDATE session_online = 1";
+ if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
+ }
+
+ /*
+ * Gets the number of online users
+ * @return int the online users count
+ */
+ public function count_online () {
+ //Keeps result for later method call
+ static $count = -1;
+
+ if ($count == -1) {
+ //Queries sessions table
+ global $db, $Config;
+
+ $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
+ $sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND session_online = 1";
+ $count = (int)$db->sql_query_express($sql, "Can't count online users");
+ }
+
+ //Returns number of users online
+ return $count;
+ }
+
+ /*
+ * Gets the value of a custom session table field
+ * @param string $info the field to get
+ * @return string the session specified field's value
+ */
+ public function get_info ($info) {
+ global $db;
+
+ $id = $db->sql_escape($this->id);
+ $sql = "SELECT `$info` FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
+ return $db->sql_query_express($sql, "Can't get session $info info");
+ }
+
+ /*
+ * Sets the value of a custom session table field to the specified value
+ * @param string $info the field to update
+ * @param string $value the value to set
+ */
+ public function set_info ($info, $value) {
+ global $db;
+
+ $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
+ $id = $db->sql_escape($this->id);
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET `$info` = $value WHERE session_id = '$id'";
+ if (!$db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't set session $info info", '', __LINE__, __FILE__, $sql);
+ }
+
+ /*
+ * Gets logged user information
+ * @return User the logged user information
+ */
+ public function get_logged_user () {
+ global $db;
+
+ //Gets session information
+ $id = $db->sql_escape($this->id);
+ $sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
+ if (!$result = $db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't query session information", '', __LINE__, __FILE__, $sql);
+ $row = $db->sql_fetchrow($result);
+
+ //Gets user instance
+ require_once('includes/objects/user.php');
+ $user = new User($row['user_id']);
+
+ //Adds session property to this user instance
+ $user->session = $row;
+
+ //Returns user instance
+ return $user;
+ }
+
+ /*
+ * Cleans session
+ * This method is to be called when an event implies a session destroy
+ */
+ public function clean () {
+ //Destroies $_SESSION array values, help ID
+ foreach ($_SESSION as $key => $value) {
+ if ($key != 'ID') unset($_SESSION[$key]);
+ }
+ }
+
+ /*
+ * Updates the session in an user login context
+ * @param string $user_id the user ID
+ */
+ public function user_login ($user_id) {
+ global $db;
+
+ //Sets specified user ID in sessions table
+ $user_id = $db->sql_escape($user_id);
+ $id = $db->sql_escape($this->id);
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
+ if (!$db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't set logged in status", '', __LINE__, __FILE__, $sql);
+ }
+
+ /*
+ * Updates the session in an user logout context
+ */
+ public function user_logout () {
+ global $db;
+
+ //Sets anonymous user in sessions table
+ $user_id = $db->sql_escape(ANONYMOUS_USER);
+ $id = $db->sql_escape($this->id);
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
+ if (!$db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't set logged out status", '', __LINE__, __FILE__, $sql);
+
+ //Cleans session
+ $this->clean();
+ }
+}
+
+//The user_id matching anonymous user
+if (!defined('ANONYMOUS_USER')) define('ANONYMOUS_USER', -1);

File Metadata

Mime Type
text/plain
Expires
Sun, Nov 24, 13:16 (10 h, 27 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2260232
Default Alt Text
D1158.diff (43 KB)

Event Timeline