ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.Session.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 // Datei: class.Session.inc
25 // Benoetigt: mind. 4.0.1pl2
26 
33 class Session {
34  var $version = 106; // V1.06
35  var $usesCookies = false; // Client nimmt Cookies an
36  var $transSID = false; // Wurde mit --enable-trans-sid
37  // kompiliert
38 
39 //---------------------------------------------------------
40 
45  function Session($sessionName="SESSID") {
46  $this->sendNoCacheHeader();
47 
48  // force 4 hash bits per character for session_id // Sascha Hofmann (2005-10-19)
49  ini_set("session.hash_bits_per_character","4");
50 
51  // Session-Namen setzen, Session initialisieren
52  session_name(isset($sessionName)
53  ? $sessionName
54  : session_name());
55 
56  @session_start();
57 
58  // Prüen ob die Session-ID die Standardlänge
59  // von 32 Zeichen hat,
60  // ansonsten Session-ID neu setzen
61  if (strlen(session_id()) < 32)
62  {
63  mt_srand ((double)microtime()*1000000);
64  session_id(md5(uniqid(mt_rand())));
65  }
66 
67  // Prüfen, ob eine Session-ID übergeben wurde
68  // (über Cookie, POST oder GET)
69  $IDpassed = false;
70  if ( isset($_COOKIE[session_name()]) &&
71  @strlen($_COOKIE[session_name()]) >= 32
72  ) $IDpassed = true;
73 
74  if ( isset($_POST[session_name()]) &&
75  @strlen($_POST[session_name()]) >= 32
76  ) $IDpassed = true;
77 
78  if ( isset($_GET[session_name()]) &&
79  @strlen($_GET[session_name()]) >= 32
80  ) $IDpassed = true;
81 
82  if (!$IDpassed)
83  {
84  // Es wurde keine (gültige) Session-ID übergeben.
85  // Script-Parameter der URL zufügen
86 
87  $query = @$_SERVER["QUERY_STRING"] != "" ? "?".$_SERVER["QUERY_STRING"] : "";
88 
89  header("Status: 302 Found");
90 
91  // Script terminiert
92  $this->redirectTo($_SERVER["PHP_SELF"].$query);
93  }
94 
95  // Wenn die Session-ID übergeben wurde, muss sie
96  // nicht unbedingt gültig sein!
97 
98  // Für weiteren Gebrauch merken
99  $this->usesCookies =
100  (isset($_COOKIE[session_name()]) &&
101  @strlen($_COOKIE[session_name()])
102  >= 32);
103  }
104 
105 ### -------------------------------------------------------
106 
114  function sendNoCacheHeader() {
115  header("Expires: Sat, 05 Aug 2000 22:27:00 GMT");
116  header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
117  header("Cache-Control: no-cache, must-revalidate");
118  header("Pragma: no-cache");
119  header("Cache-Control: post-check=0, pre-check=0");
120  }
121 
122 ### -------------------------------------------------------
123 
136  function redirectTo($pathInfo) {
137 
138  // Relativer Pfad?
139  if ($pathInfo[0] != "/")
140  { $pathInfo = substr(getenv("PATH_INFO"),
141  0,
142  strrpos(getenv("PATH_INFO"),"/")+1
143  )
144  .$pathInfo;
145  }
146 
147  // Läuft dieses Script auf einem non-standard Port?
148  $port = !preg_match( "/^(80|443)$/",
149  getenv("SERVER_PORT"),
150  $portMatch)
151  ? ":".getenv("SERVER_PORT")
152  : "";
153 
154  // Redirect
155  header("Location: "
156  .(($portMatch[1] == 443) ? "https://" : "http://")
157  .$_SERVER["HTTP_HOST"].$port.$this->url($pathInfo));
158  exit;
159  }
160 
161 ### -------------------------------------------------------
162 
168  function removeTrail($pathInfo) {
169  $dummy = preg_match("/(.*)(?<!&|\?)/",$pathInfo,$match);
170  return $match[0];
171  }
172 
173 ### -------------------------------------------------------
174 
180  function url($pathInfo) {
181  if ($this->usesCookies || $this->transSID) return $pathInfo;
182 
183  // Anchor-Fragment extrahieren
184  $dummyArray = split("#",$pathInfo);
185  $pathInfo = $dummyArray[0];
186 
187  // evtl. (kaputte) Session-ID(s) aus dem Querystring entfernen
188  $pathInfo = preg_replace( "/[?|&]".session_name()."=[^&]*/",
189  "",
190  $pathInfo);
191 
192  // evtl. Query-Delimiter korrigieren
193  if (preg_match("/&/",$pathInfo) && !preg_match("/\?/",$pathInfo))
194  {
195  // 4ter Parameter für "preg_replace()" erst ab 4.0.1pl2
196  $pathInfo = preg_replace("/&/","?",$pathInfo,1);
197  }
198 
199  // Restmüll entsorgen
200  $pathInfo = $this->removeTrail($pathInfo);
201 
202  // Session-Name und Session-ID frisch hinzufügen
203  $pathInfo .= preg_match("/\?/",$pathInfo) ? "&" : "?";
204  $pathInfo .= session_name()."=".session_id();
205 
206  // Anchor-Fragment wieder anfügen
207  $pathInfo .= isset($dummyArray[1]) ? "#".$dummyArray[1] : "";
208 
209  return $pathInfo;
210  }
211 
212 ### -------------------------------------------------------
213 
222  function hidden() {
223  if ($this->usesCookies || $this->transSID) return "";
224  return "<INPUT type=\"hidden\"
225  name=\"".session_name()."\"
226  value=\"".session_id()."\">";
227  }
228 } // of class
229 
230 ?>