Class: Session

Source Location: Program_Root/Session/Session.php

Class Overview

Session is a class that manages visitor sessions.

Author(s)

John Luxford <mailto:lux@simian.ca>

Version

2.6, 2003-04-23, $Id: Session.php,v 1.5 2006/03/15 06:44:31 lux Exp $

Copyright

Inherited Variables

Inherited Methods

Class Details

[line 164]
Session is a class that manages visitor sessions.

Note: Session does not handle anonymous sessions, but rather serves as a validation process for login-only site components. Session is relatively easy to integrate into web sites, but relies on a number of other Sitellite classes, such as Cookie, and CGI. It is also easy to extend in functionality, as we did with the SitelliteSession class by adding Sitellite CMS-specific permission functions.

Note: mt_srand() must also be called prior to creating a Session object, because the random number generator must be seeded.

New in 2.0:

This is a complete rewrite that breaks backward compatibility with 1.x. It offers an abstracted Session class that uses drivers for both the validation source and the visitor protocol handler. Initially, there is only one source driver, which is a database driver, and there are two handler drivers, one for storing session ids using cookies and the other challenges the client with an HTTP Basic authentication request.

New in 2.2:

$store (store driver object)
$autoSave (whether to call save() after each call to set())
setStoreProperties ()
get ()
set ()
append()
save ()

New in 2.4:

Added session_get(), session_set(), session_append(), and session_save() global functions that simply call the equivalent methods on a global $session object.

New in 3.0:

Added the use of a new SessionAcl package which provides access control functionality to this package, meant to serve as a replacement for the SitelliteSession overriding package. SessionAcl adds finer granularity in defining and controlling users through the separation of read and write access, and also boasts a new INI-based definition format in place of the MySQL sitellite_role, sitellite_team, sitellite_access, and sitellite_status tables. This will not only improve flexibility, but it should also make this package significantly faster too.
Broke backward compatibility in the parameters of the allowed() method. As compared to the SitelliteSession package, this also eliminates the getPermissions() method, which is replaced by internal handling of this functionality.

Historical ----------

New in 1.2:

Updated to use $site->webpath instead of $site->path, which is deprecated in saf.Site.

New in 1.4:

Added the ability to make accounts pending, so that they must be verified via email. This is done by storing a 24 character random string, preceded by 'PENDING:' in the $sidcol column. This key string can be generated with the new makePendingKey() method.

New in 1.6:

Traded $tpl->fill() calls for sprintf(), which should increase performance a little.
Moved the encryption of the password field into the PHP level, so as to eliminate the reliance on MySQL-specific functions (ie. password()). Unfortunately, this breaks backward compatibility and all passwords will need to be reset, since both MySQL's password() and PHP's crypt() are one-way encryption methods.

New in 1.8:

Added the following methods as aliases of properties or methods of a global $session object: session_username(), session_valid(), session_get(), session_set(), session_append(), and session_save().


1     <?php
2     
3      // seed the "better" random number generator
4      mt_srand ((double) microtime () * 1000000);
5     
6      $sessionCookieName = 'cisforcookie';
7      $sessionHandler = 'Cookie';
8      $sessionSource = 'Database';
9     
10     list ($user, $pass, $id) = Session::gatherParameters ($sessionHandler, $sessionCookieName);
11    
12     $session = new Session ($sessionHandler, $sessionSource, $user, $pass, $id);
13    
14     // time out in 1 hour
15     $session->setTimeout (3600);
16    
17     $session->setSourceProperties (array (
18         'database' => 'db',
19     ));
20    
21     $session->setHandlerProperties (array (
22         'cookiename' => 'cisforcookie',
23         'cookiedomain' => 'www.yourwebsite.com',
24         'cookiepath' => '/',
25     ));
26    
27     $session->start ();
28    
29     if ($session->error) {
30         // something is not right
31         echo $session->error;
32    
33     } elseif ($session->valid) {
34         // valid session
35         // put all of your private stuff here
36    
37     } else {
38         // invalid or new session
39         $session->sendAuthRequest ();
40    
41     }
42    
43     ? >

Tags:

access:	public
version:	2.6, 2003-04-23, $Id: Session.php,v 1.5 2006/03/15 06:44:31 lux Exp $
license:	http://www.sitellite.org/index/license
copyright:	Copyright (C) 2001-2003, Simian Systems Inc.
author:	John Luxford <mailto:lux@simian.ca>

[ Top ]

Class Variables

$autoSave = true

[line 237]

Specifies whether calls to set() should also call save() automatically. Defaults to true, since for most intents and purposes this is a nice way of not having to think about it.

Tags:

access:

public

Type:

mixed

[ Top ]

Class Methods

constructor Session [line 277]

Session Session(
string
$handler, mixed
$sources, string
$store, string
$username, string
$password, [string
$id = ''], string
$source)

Constructor method.

Tags:

access:

public

Parameters:

string	$handler
string	$source
string	$store
string	$username
string	$password
string	$id

[ Top ]

method allowed [line 667]

boolean allowed(
[string
$resource = 'documents'], [string
$access = 'rw'], [string
$type = 'resource'])

Specifies whether the user is allowed to access the requested resource. $resource may be a string, or an object or associative array with the properties name, sitellite_acces, and sitellite_status.

Valid $access values are r, w, and rw (read, write, and read/write). Valid $type values are resource, access, and status.

Tags:

access:

public

Parameters:

string	$resource
string	$access
string	$type

[ Top ]

method allowedSql [line 679]

string allowedSql(
)

Returns a piece of SQL that can be slipped into the WHERE clause of a query to check for proper permissions.

Tags:

access:

public

[ Top ]

method append [line 617]

array append(
string
$name, [mixed
$value = false])

Sets an array value in the session store. If the array

is empty, it will create a new array. If the value is false, it will empty the array. If $autoSave is on, check $error if you want to make sure it worked. Returns the array prior to making the change.

Tags:

access:

public

Parameters:

string	$name
mixed	$value

[ Top ]

method authorize [line 392]

boolean authorize(
mixed
$user, mixed
$pass, [mixed
$id = false])

Check the autorization of a user but do not log them in. Useful for web services or external applications requiring authentication but which should not log the person out on the website through their use.

Tags:

access:

public

[ Top ]

method close [line 561]

void close(
)

Closes the session handler, source, and the store. Call this to log a user out and terminate their session. Please note: when a session is terminated, all data stored in it that is not written to a permanent storage location is lost.

Tags:

access:

public

[ Top ]

method gatherParameters [line 524]

array gatherParameters(
string
$handler, string
$sessionidname)

Retrieves the appropriate username, password, and session id

values from anywhere in the script, which are gathered through the gatherParameters() method of the specified $handler, because the handlers often know more about the environment than this class because they must interact with the visitor.

Tags:

access:

public

Parameters:

string	$handler
string	$sessionidname

[ Top ]

method get [line 579]

mixed get(
string
$name)

Retrieves a value from the session store. Returns false if the value does not exist.

method getManager [line 763]

object reference &getManager(
)

Retrieves a copy of the session manager object.

[ Top ]

method getUser [line 740]

void getUser(
[string
$username = false], object
1)

Finds a user by their email address.

Parameters:

object	1
string	$username

[ Top ]

method getUserByEmail [line 754]

void getUserByEmail(
string
$email, object
1)

Finds a user by their email address.

Parameters:

object	1
string	$email

[ Top ]

method init [line 321]

void init(
[string
$path = 'inc/conf/auth'])

Initializes the session objects, which is necessary to do outside of the constructor because a constructor can't properly reference $this inside of itself it seems.

method isValidKey [line 707]

boolean isValidKey(
string
$user, string
$key)

Checks the validity of the specified recovery key.

Parameters:

string	$user
string	$key

[ Top ]

method makePendingKey [line 543]

string makePendingKey(
)

Creates a 32 character string of the form 'PENDING:' plus a 24 character long random string. Used for creating pending accounts.

Tags:

access:

public

[ Top ]

method makeRecoverKey [line 691]

string makeRecoverKey(
)

Creates a 32 character string of the form 'RECOVER:' plus a 24 character long random string. Used for recovering passwords.

Tags:

access:

public

[ Top ]

method save [line 645]

boolean save(
)

Tells the session store to save the values within it.

Tags:

access:

public

[ Top ]

method sendAuthRequest [line 502]

boolean sendAuthRequest(
)

This method issues a request for authorization to the visitor.

This request may be an HTTP WWW-Authenticate header, an HTML sign in form, a SOAP message (providing you have a SOAP handler driver), or just about any conceivable way of making this request.

Tags:

access:

public

[ Top ]

method set [line 596]

mixed set(
string
$name, [mixed
$value = false])

Sets a value in the session store. If the value is false,

it will unset it in the store. If the value is being unset or set to a new value, then the old value is returned. If it is a new value, then the value itself will be returned. If $autoSave is on, check $error if you want to make sure it worked.

Tags:

access:

public

Parameters:

string	$name
mixed	$value

[ Top ]

method setHandlerProperties [line 368]

void setHandlerProperties(
associative
$properties)

Sets any custom properties of the handler driver.

method setSourceProperties [line 357]

void setSourceProperties(
associative
$source, mixed
$properties)

Sets any custom properties of the source driver.

method setStoreProperties [line 379]

void setStoreProperties(
associative
$properties)

Sets any custom properties of the store driver.

method setTimeout [line 346]

void setTimeout(
string
$timeout)

Sets the value of the $timeout property.

method start [line 417]

boolean start(
)

Starts the session logic. This is typically the stage where the username/password or session id will be verified, so after this stage you will be able to check the $valid property to see if the user is valid.

Tags:

access:

public

[ Top ]

method update [line 719]

boolean update(
[array
$data = array ()], [string
$user = false])

Updates the user's data in the data source. May update another user than the current one by specifying a username as the second parameter.

Parameters:

array	$data	hash of new values
string	$user

[ Top ]

Packages

Classes

Files

Class: Session

Class Overview

Author(s)

Version

Copyright

Variables

Methods

Inherited Variables

Inherited Methods

Class Details

Tags:

Class Variables

$autoSave = true

Tags:

$error = false

Tags:

$handler =

Tags:

$id =

Tags:

$password =

Tags:

$source =

Tags:

$store =

Tags:

$timeout = 3600

Tags:

$useID = true

Tags:

$username =

Tags:

$valid = false

Tags:

Class Methods

constructor Session [line 277]

Tags:

Parameters:

method allowed [line 667]

Tags:

Parameters:

method allowedSql [line 679]

Tags:

method append [line 617]

Tags:

Parameters:

method authorize [line 392]

Tags:

method close [line 561]

Tags:

method gatherParameters [line 524]

Tags:

Parameters:

method get [line 579]

Tags:

Parameters:

method getManager [line 763]

method getUser [line 740]

Parameters:

method getUserByEmail [line 754]

Parameters:

method init [line 321]

Tags:

Parameters:

method isValidKey [line 707]

Parameters:

method makePendingKey [line 543]

Tags:

method makeRecoverKey [line 691]

Tags:

method save [line 645]

Tags:

method sendAuthRequest [line 502]

Tags:

method set [line 596]

Tags:

Parameters: