ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
class.Session.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
24// Datei: class.Session.inc
25// Benoetigt: mind. 4.0.1pl2
26
33class Session {
34 var $version = 106; // V1.06
35 var $usesCookies = false; // Client nimmt Cookies an
36 var $transSID = false; // Wurde mit --enable-trans-sid
37 // kompiliert
38
39//---------------------------------------------------------
40
45 function Session($sessionName="SESSID") {
46 $this->sendNoCacheHeader();
47
48 // force 4 hash bits per character for session_id // Sascha Hofmann (2005-10-19)
49 ini_set("session.hash_bits_per_character","4");
50
51 // Session-Namen setzen, Session initialisieren
52 session_name(isset($sessionName)
53 ? $sessionName
54 : session_name());
55
56 @session_start();
57
58 // Prüen ob die Session-ID die Standardlänge
59 // von 32 Zeichen hat,
60 // ansonsten Session-ID neu setzen
61 if (strlen(session_id()) < 32)
62 {
63 mt_srand ((double)microtime()*1000000);
64 session_id(md5(uniqid(mt_rand())));
65 }
66
67 // Prüfen, ob eine Session-ID übergeben wurde
68 // (über Cookie, POST oder GET)
69 $IDpassed = false;
70 if ( isset($_COOKIE[session_name()]) &&
71 @strlen($_COOKIE[session_name()]) >= 32
72 ) $IDpassed = true;
73
74 if ( isset($_POST[session_name()]) &&
75 @strlen($_POST[session_name()]) >= 32
76 ) $IDpassed = true;
77
78 if ( isset($_GET[session_name()]) &&
79 @strlen($_GET[session_name()]) >= 32
80 ) $IDpassed = true;
81
82 if (!$IDpassed)
83 {
84 // Es wurde keine (gültige) Session-ID übergeben.
85 // Script-Parameter der URL zufügen
86
87 $query = @$_SERVER["QUERY_STRING"] != "" ? "?".$_SERVER["QUERY_STRING"] : "";
88
89 header("Status: 302 Found");
90
91 // Script terminiert
92 $this->redirectTo($_SERVER["PHP_SELF"].$query);
93 }
94
95 // Wenn die Session-ID übergeben wurde, muss sie
96 // nicht unbedingt gültig sein!
97
98 // Für weiteren Gebrauch merken
99 $this->usesCookies =
100 (isset($_COOKIE[session_name()]) &&
101 @strlen($_COOKIE[session_name()])
102 >= 32);
103 }
104
105### -------------------------------------------------------
114 function sendNoCacheHeader() {
115 header("Expires: Sat, 05 Aug 2000 22:27:00 GMT");
116 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
117 header("Cache-Control: no-cache, must-revalidate");
118 header("Pragma: no-cache");
119 header("Cache-Control: post-check=0, pre-check=0");
120 }
121
122### -------------------------------------------------------
136 function redirectTo($pathInfo) {
137
138 // Relativer Pfad?
139 if ($pathInfo[0] != "/")
140 { $pathInfo = substr(getenv("PATH_INFO"),
141 0,
142 strrpos(getenv("PATH_INFO"),"/")+1
143 )
144 .$pathInfo;
145 }
146
147 // Läuft dieses Script auf einem non-standard Port?
148 $port = !preg_match( "/^(80|443)$/",
149 getenv("SERVER_PORT"),
150 $portMatch)
151 ? ":".getenv("SERVER_PORT")
152 : "";
153
154 // Redirect
155 header("Location: "
156 .(($portMatch[1] == 443) ? "https://" : "http://")
157 .$_SERVER["HTTP_HOST"].$port.$this->url($pathInfo));
158 exit;
159 }
160
161### -------------------------------------------------------
168 function removeTrail($pathInfo) {
169 $dummy = preg_match("/(.*)(?<!&|\?)/",$pathInfo,$match);
170 return $match[0];
171 }
172
173### -------------------------------------------------------
180 function url($pathInfo) {
181 if ($this->usesCookies || $this->transSID) return $pathInfo;
182
183 // Anchor-Fragment extrahieren
184 $dummyArray = split("#",$pathInfo);
185 $pathInfo = $dummyArray[0];
186
187 // evtl. (kaputte) Session-ID(s) aus dem Querystring entfernen
188 $pathInfo = preg_replace( "/[?|&]".session_name()."=[^&]*/",
189 "",
190 $pathInfo);
191
192 // evtl. Query-Delimiter korrigieren
193 if (preg_match("/&/",$pathInfo) && !preg_match("/\?/",$pathInfo))
194 {
195 // 4ter Parameter für "preg_replace()" erst ab 4.0.1pl2
196 $pathInfo = preg_replace("/&/","?",$pathInfo,1);
197 }
198
199 // Restmüll entsorgen
200 $pathInfo = $this->removeTrail($pathInfo);
201
202 // Session-Name und Session-ID frisch hinzufügen
203 $pathInfo .= preg_match("/\?/",$pathInfo) ? "&" : "?";
204 $pathInfo .= session_name()."=".session_id();
205
206 // Anchor-Fragment wieder anfügen
207 $pathInfo .= isset($dummyArray[1]) ? "#".$dummyArray[1] : "";
208
209 return $pathInfo;
210 }
211
212### -------------------------------------------------------
222 function hidden() {
223 if ($this->usesCookies || $this->transSID) return "";
224 return "<INPUT type=\"hidden\"
225 name=\"".session_name()."\"
226 value=\"".session_id()."\">";
227 }
228} // of class
229
230?>
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
Session
"Manueller" Session-Fallback mit PHP4
Definition: class.Session.php:33
Session\url
url($pathInfo)
Fallback via GET - wenn Cookies ausgeschaltet sind.
Definition: class.Session.php:180
Session\hidden
hidden()
Fallback via HIDDEN FIELD - wenn Cookies ausgeschaltet sind.
Definition: class.Session.php:222
Session\Session
Session($sessionName="SESSID")
Konstruktor - nimmt, wenn gewuenscht einen neuen Session-Namen entgegen.
Definition: class.Session.php:45
Session\removeTrail
removeTrail($pathInfo)
Entfernt mögliche abschließende "&" und "?".
Definition: class.Session.php:168
Session\redirectTo
redirectTo($pathInfo)
HTTP-Redirect ausführen (header("Location: ...")
Definition: class.Session.php:136
Session\sendNoCacheHeader
sendNoCacheHeader()
Cacheing unterbinden.
Definition: class.Session.php:114
$_POST
$_POST['username']
Definition: cron.php:12
$_COOKIE
$_COOKIE["ilClientId"]
Definition: cron.php:11
exit
exit
Definition: login.php:54