<?php
/*******************************************************************************
* Copyright (c) 2007-2014 Eclipse Foundation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Denis Roy (Eclipse Foundation)- initial API and implementation
* Christopher Guindon (Eclipse Foundation) - Bug 440590 - Improve the flexibility of session.class.php
*******************************************************************************/
require_once(realpath(dirname(__FILE__) . "/../classes/friends/friend.class.php"));
require_once("app.class.php");
if (!class_exists("EvtLog")) {
require_once("evt_log.class.php");
}
class Session {
private $App = NULL;
private $gid = "";
private $bugzilla_id = 0;
private $subnet = "";
private $updated_at = "";
private $Friend = NULL;
private $data = "";
private $session_name = "";
private $domain = "";
private $env = "";
private $login_page = "";
private $cookies_sent = FALSE;
/**
* Default constructor
*
* @return NULL
*/
public function __construct($persistent=0, $configs = array()) {
$this->App = new App();
$domain = $this->App->getEclipseDomain();
$default = array(
'domain' => $domain['cookie'] ,
'session_name' => 'ECLIPSESESSION',
'env' => 'ECLIPSE_ENV',
'login_page' => 'https://' . $domain['accounts'] . '/user/login',
);
# Set default config values.
foreach ($default as $key => $value) {
$this->{$key} = $value;
if (!empty($configs[$key]) && is_string($configs[$key])) {
$this->{$key} = $configs[$key];
}
}
$this->validate();
}
function getGID() {
return $this->gid;
}
function getBugzillaID() {
return $this->bugzilla_id;
}
function getSubnet() {
return $this->subnet;
}
function getUpdatedAt() {
return $this->updated_at;
}
function getFriend() {
if($this->Friend == NULL) {
$this->Friend = new Friend();
}
return $this->Friend;
}
function getData() {
return unserialize($this->data);
}
function getIsPersistent() {
if ($this->hasCookieConsent()) {
return 1;
}
return 0;
}
function getLoginPageURL() {
return $this->login_page;
}
function getIsLoggedIn() {
return $this->getGID() !== "";
}
/**
* Verify if consent was given to use cookies
*
* @return boolean
*/
public function hasCookieConsent() {
$App = new App();
return $App->hasCookieConsent();
}
function setGID($_gid) {
$this->gid = $_gid;
}
function setBugzillaID($_bugzilla_id) {
if (ctype_digit($_bugzilla_id)) {
$this->bugzilla_id = $_bugzilla_id;
}
}
function setSubnet($_subnet) {
$this->subnet = $_subnet;
}
function setUpdatedAt($_updated_at) {
$this->updated_at = $_updated_at;
}
function setFriend($_friend) {
$this->Friend = $_friend;
}
function setData($_data) {
$this->data = serialize($_data);
}
/**
* Set is_persistent
*
* @deprecated
*/
function setIsPersistent($_is_persistent) {
trigger_error("Deprecated function called.", E_USER_NOTICE);
}
/**
* Validate session based on browser cookie
*
* @return boolean
*/
function validate() {
$cookie = (isset($_COOKIE[$this->session_name]) ? $_COOKIE[$this->session_name] : "");
$rValue = FALSE;
if ($this->load($cookie)) {
# TODO: update session?
$rValue = TRUE;
$this->maintenance();
$this->setFriend($this->getData());
}
return $rValue;
}
function destroy($flush_all_sessions = FALSE) {
$App = new App();
$Friend = $this->getFriend();
if ($flush_all_sessions && $Friend->getBugzillaID() > 0) {
$sql = "DELETE FROM sessions WHERE bugzilla_id = '" . $App->sqlSanitize($Friend->getBugzillaID(), 0) . "'";
}
else {
$sql = "DELETE FROM sessions WHERE gid = '" . $App->sqlSanitize($this->getGID(), NULL) . "' LIMIT 1";
}
$App->eclipse_sql($sql);
# Remove the TAKEMEBACK cookie
# Should these also be in session() ?
setcookie("TAKEMEBACK", "", 0, "/", ".eclipse.org");
setcookie("fud_session_2015", "", 0, "/forums/", ".eclipse.org");
setcookie($this->session_name, "", 0, "/", $this->domain, 1, TRUE);
setcookie($this->env, "", 0, "/", $this->domain, 0, TRUE);
if (!$App->devmode) {
# Log this event
$EvtLog = new EvtLog();
$EvtLog->setLogTable("sessions");
$EvtLog->setPK1($Friend->getBugzillaID());
$EvtLog->setPK2($App->getRemoteIPAddress());
$EvtLog->setLogAction("DELETE");
$EvtLog->insertModLog("apache");
}
}
function create() {
# create session in the database.
$Friend = $this->getFriend();
$this->setData($Friend);
# need to have a LDAP ID to log in.
if ($Friend->getUID()) {
$App = new App();
$this->setGID(md5(uniqid(rand(), TRUE)));
$this->setSubnet($this->getClientSubnet());
$this->setUpdatedAt($App->getCURDATE());
// Bugzilla id is missing, let's try to find it.
if (!$Friend->getBugzillaID() && $Friend->getEmail()) {
$Friend->setBugzillaID($Friend->getBugzillaIDFromEmail($Friend->getEmail()));
}
$this->setBugzillaID($Friend->getBugzillaID());
//$Friend->insertUpdateFriend();
$sql = "INSERT INTO sessions (
gid,
bugzilla_id,
subnet,
updated_at,
data,
is_persistent)
VALUES (
" . $App->returnQuotedString($this->getGID()) . ",
" . $App->sqlSanitize($Friend->getBugzillaID(), NULL) . ",
" . $App->returnQuotedString($this->getSubnet()) . ",
NOW(),
'" . $App->sqlSanitize($this->data) . "',
'" . $App->sqlSanitize($this->getIsPersistent(), NULL) . "')";
$App->eclipse_sql($sql);
if (!$App->devmode) {
# Log this event
$EvtLog = new EvtLog();
$EvtLog->setLogTable("sessions");
$EvtLog->setPK1($Friend->getBugzillaID());
$EvtLog->setPK2($App->getRemoteIPAddress());
$EvtLog->setLogAction("INSERT");
$EvtLog->insertModLog("apache");
}
$this->setEclipseSessionCookies();
}
}
/**
* Set Eclipse Session Cookies
*
* @return boolean
*/
public function setEclipseSessionCookies(){
$gid = $this->getGID();
if (empty($gid) || $this->cookies_sent) {
return FALSE;
}
$this->cookies_sent = TRUE;
$cookie_time = 0;
if ($this->getIsPersistent()) {
$cookie_time = time()+3600*24*7;
}
setcookie($this->session_name, $this->getGID(), $cookie_time, "/", $this->domain, 1, TRUE);
# 422767 Session broken between http and https
# Set to "S" for Secure. We could eventually append more environment data, separated by semicolons and such
setcookie($this->env, "S", $cookie_time, "/", $this->domain, 0, TRUE);
return TRUE;
}
function load($_gid) {
# need to have a bugzilla ID to log in
$rValue = FALSE;
if (!empty($_gid)) {
$App = new App();
$sql = "SELECT /* USE MASTER */ gid, bugzilla_id, subnet, updated_at, data, is_persistent
FROM sessions
WHERE gid = " . $App->returnQuotedString($App->sqlSanitize($_gid, NULL)) . "
AND subnet = " . $App->returnQuotedString($this->getClientSubnet());
$result = $App->eclipse_sql($sql);
if ($result && mysql_num_rows($result) > 0) {
$rValue = TRUE;
$myrow = mysql_fetch_assoc($result);
$this->setGID($_gid);
$this->setBugzillaID($myrow['bugzilla_id']);
$this->setSubnet($myrow['subnet']);
$this->setUpdatedAt($myrow['updated_at']);
$this->data = $myrow['data'];
# touch this session
$sql = "UPDATE sessions SET updated_at = NOW(), is_persistent = '" . $App->sqlSanitize($this->getIsPersistent(), NULL) . "' WHERE gid = '" . $App->sqlSanitize($_gid, NULL) . "'";
$App->eclipse_sql($sql);
$this->setEclipseSessionCookies();
}
}
return $rValue;
}
function maintenance() {
$App = new App();
// Sessions are re-generated by visiting accounts.eclipse.org
$sql = "DELETE FROM sessions WHERE updated_at < DATE_SUB(NOW(), INTERVAL 8 DAY)";
$App->eclipse_sql($sql);
}
function getClientSubnet() {
# return class-c subnet
$App = new App();
return substr($App->getRemoteIPAddress(), 0, strrpos($App->getRemoteIPAddress(), ".")) . ".0";
}
function redirectToLogin() {
$this->App->preventCaching();
header("Location: " . $this->login_page, 303);
exit;
}
/**
* Determine if this session is logged in.
* @author droy
* @since 2014-07-03
* @return boolean
*/
function isLoggedIn() {
return $this->getGID() != "";
}
/**
* Update Friend object in Sessions table.
*
* @param object $Friend
* @return boolean
*/
function updateSessionData($Friend = NULL) {
if (is_null($Friend)) {
$Friend = $this->getFriend();
}
if (is_a($Friend, 'Friend') && $gid = $this->getGID()) {
$this->setFriend($Friend);
$this->setData($Friend);
$sql = "UPDATE sessions SET updated_at = NOW(),
data = '" . $this->App->sqlSanitize($this->data) . "'
WHERE gid = '" . $this->App->sqlSanitize($gid, NULL) . "'";
$this->App->eclipse_sql($sql);
return TRUE;
}
return FALSE;
}
}