Skip to content
GitLab
Select Git revision
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • dev default
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
class_session.inc 4.95 KiB
1 
<?php
2 
/*
3 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4 
  Copyright (C) 2003-2010  Cajus Pollmeier
5 
  Copyright (C) 2011-2019  FusionDirectory
6
7 
  This program is free software; you can redistribute it and/or modify
8 
  it under the terms of the GNU General Public License as published by
9 
  the Free Software Foundation; either version 2 of the License, or
10 
  (at your option) any later version.
11
12 
  This program is distributed in the hope that it will be useful,
13 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 
  GNU General Public License for more details.
16
17 
  You should have received a copy of the GNU General Public License
18 
  along with this program; if not, write to the Free Software
19 
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
20 
*/
21
22 
/*!
23 
 * \file class_session.inc
24 
 * Source code for class session
25 
 */
26
27 
/*!
28 
 * \brief This class contains all the function needed to manage sessions
29 
 */
30 
class session
31 
{
32 
  /*!
33 
   * \brief Check if the name of the session is set
34 
   *
35 
   * \param string $name The name of the session
36 
   */
37 
  public static function is_set ($name)
38 
  {
39 
    return isset($_SESSION[$name]);
40 
  }
41
42 
  /*!
43 
   * \brief Deprecated
44 
   */
45 
  public static function global_is_set ($name)
46 
  {
47 
    return static::is_set($name);
48 
  }
49
50 
  /*!
51 
   * \brief Set a value in a session
52 
   *
53 
   * \param string $name Name of the session
54 
   *
55 
   * \param $value The new value
56 
   */
57 
  public static function set ($name, $value)
58 
  {
59 
    $_SESSION[$name] = $value;
60 
  }
61
62 
  /*!
63 
   * \brief Deprecated
64 
   */
65 
  public static function global_set ($name, $value)
66 
  {
67 
    static::set($name, $value);
68 
  }
69
70 
  /*!
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
* \brief Accessor of a session var * * \param string $name Name of the session var */ public static function get ($name) { if (isset($_SESSION[$name])) { return $_SESSION[$name]; } else { return NULL; } } /*! * \brief Deprecated */ public static function global_get ($name) { return static::get($name); } /*! * \brief Accessor of a session var by reference * * \param string $name Name of the session var */ public static function &get_ref ($name) { return $_SESSION[$name]; } /*! * \brief Deprecated */ public static function delete ($name) { return static::un_set($name); } /*! * \brief Deprecated */ public static function global_delete ($name) { return static::un_set($name); } /*! * \brief Unset a session * * \param string $name Name of the session to delete */ public static function un_set ($name) { if (isset($_SESSION[$name])) { unset($_SESSION[$name]); } } /*! * \brief Deprecated */ public static function global_un_set ($name) { return static::un_set($name); } /*! * \brief Start a session */
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
public static function start ($id = NULL) { session_name("FusionDirectory"); /* Set cookie lifetime to one day (The parameter is in seconds ) */ session_set_cookie_params(24 * 60 * 60); /* Set cache limiter to one day (parameter is minute !!) - default is 180 */ session_cache_expire(60 * 24); /* Set session max lifetime, to prevent the garbage collector to delete session before timeout. !! The garbage collector is a cron job on debian systems, the cronjob will fetch the timeout from the php.ini, so if you use debian, you must hardcode session.gc_maxlifetime in your php.ini */ ini_set("session.gc_maxlifetime", 24 * 60 * 60); /* * Set HttpOnly in order to enhance security by disabling execution of javascript on cookies, * allowing possible XSS attacks */ ini_set("session.cookie_httponly", "1"); if ($id !== NULL) { session_id($id); } session_start(); /* Check for changed browsers and bail out */ if (isset($_SESSION['HTTP_USER_AGENT'])) { if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) { session_destroy(); session_name("FusionDirectory"); session_start(); } } else { $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); } /* Regenerate ID to increase security */ if (!isset($_SESSION['started'])) { session_regenerate_id(); $_SESSION['started'] = TRUE; } } /*! * \brief Destroy a session */ public static function destroy (string $reason = '') { global $ui; if (!isset($ui)) { $ui = static::get('ui'); } try { if (isset($ui)) { logging::log( 'security', 'logout', $ui->uid, [], sprintf('Logged out (%s)', $reason) ); } elseif (!empty($reason)) { logging::log( 'security', 'session', '', [], sprintf('Session destroyed (%s)', $reason)
211212213214215216217218219
); } } catch (Exception $e) { /* Ignore exceptions here */ } @session_destroy(); } }