ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.Session.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 // Datei: class.Session.inc
25 // Benoetigt: mind. 4.0.1pl2
26 
33 class Session {
34  var $version = 106; // V1.06
35  var $usesCookies = false; // Client nimmt Cookies an
36  var $transSID = false; // Wurde mit --enable-trans-sid
37  // kompiliert
38 
39 //---------------------------------------------------------
40 
45  function Session($sessionName="SESSID") {
46  $this->sendNoCacheHeader();
47 
48  ini_set("session.cookie_httponly", 1);
49  // force 4 hash bits per character for session_id // Sascha Hofmann (2005-10-19)
50  ini_set("session.hash_bits_per_character","4");
51 
52  // Session-Namen setzen, Session initialisieren
53  session_name(isset($sessionName)
54  ? $sessionName
55  : session_name());
56 
57  @session_start();
58 
59  // Prüen ob die Session-ID die Standardlänge
60  // von 32 Zeichen hat,
61  // ansonsten Session-ID neu setzen
62  if (strlen(session_id()) < 32)
63  {
64  mt_srand ((double)microtime()*1000000);
65  session_id(md5(uniqid(mt_rand())));
66  }
67 
68  // Prüfen, ob eine Session-ID übergeben wurde
69  // (über Cookie, POST oder GET)
70  $IDpassed = false;
71  if ( isset($_COOKIE[session_name()]) &&
72  @strlen($_COOKIE[session_name()]) >= 32
73  ) $IDpassed = true;
74 
75  if ( isset($_POST[session_name()]) &&
76  @strlen($_POST[session_name()]) >= 32
77  ) $IDpassed = true;
78 
79  if ( isset($_GET[session_name()]) &&
80  @strlen($_GET[session_name()]) >= 32
81  ) $IDpassed = true;
82 
83  if (!$IDpassed)
84  {
85  // Es wurde keine (gültige) Session-ID übergeben.
86  // Script-Parameter der URL zufügen
87 
88  $query = @$_SERVER["QUERY_STRING"] != "" ? "?".$_SERVER["QUERY_STRING"] : "";
89 
90  header("Status: 302 Found");
91 
92  // Script terminiert
93  $this->redirectTo($_SERVER["PHP_SELF"].$query);
94  }
95 
96  // Wenn die Session-ID übergeben wurde, muss sie
97  // nicht unbedingt gültig sein!
98 
99  // Für weiteren Gebrauch merken
100  $this->usesCookies =
101  (isset($_COOKIE[session_name()]) &&
102  @strlen($_COOKIE[session_name()])
103  >= 32);
104  }
105 
106 ### -------------------------------------------------------
107 
115  function sendNoCacheHeader() {
116  header("Expires: Sat, 05 Aug 2000 22:27:00 GMT");
117  header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
118  header("Cache-Control: no-cache, must-revalidate");
119  header("Pragma: no-cache");
120  header("Cache-Control: post-check=0, pre-check=0");
121  }
122 
123 ### -------------------------------------------------------
124 
137  function redirectTo($pathInfo) {
138 
139  // Relativer Pfad?
140  if ($pathInfo[0] != "/")
141  { $pathInfo = substr(getenv("PATH_INFO"),
142  0,
143  strrpos(getenv("PATH_INFO"),"/")+1
144  )
145  .$pathInfo;
146  }
147 
148  // Läuft dieses Script auf einem non-standard Port?
149  $port = !preg_match( "/^(80|443)$/",
150  getenv("SERVER_PORT"),
151  $portMatch)
152  ? ":".getenv("SERVER_PORT")
153  : "";
154 
155  // Redirect
156  header("Location: "
157  .(($portMatch[1] == 443) ? "https://" : "http://")
158  .$_SERVER["HTTP_HOST"].$port.$this->url($pathInfo));
159  exit;
160  }
161 
162 ### -------------------------------------------------------
163 
169  function removeTrail($pathInfo) {
170  $dummy = preg_match("/(.*)(?<!&|\?)/",$pathInfo,$match);
171  return $match[0];
172  }
173 
174 ### -------------------------------------------------------
175 
181  function url($pathInfo) {
182  if ($this->usesCookies || $this->transSID) return $pathInfo;
183 
184  // Anchor-Fragment extrahieren
185  $dummyArray = split("#",$pathInfo);
186  $pathInfo = $dummyArray[0];
187 
188  // evtl. (kaputte) Session-ID(s) aus dem Querystring entfernen
189  $pathInfo = preg_replace( "/[?|&]".session_name()."=[^&]*/",
190  "",
191  $pathInfo);
192 
193  // evtl. Query-Delimiter korrigieren
194  if (preg_match("/&/",$pathInfo) && !preg_match("/\?/",$pathInfo))
195  {
196  // 4ter Parameter für "preg_replace()" erst ab 4.0.1pl2
197  $pathInfo = preg_replace("/&/","?",$pathInfo,1);
198  }
199 
200  // Restmüll entsorgen
201  $pathInfo = $this->removeTrail($pathInfo);
202 
203  // Session-Name und Session-ID frisch hinzufügen
204  $pathInfo .= preg_match("/\?/",$pathInfo) ? "&" : "?";
205  $pathInfo .= session_name()."=".session_id();
206 
207  // Anchor-Fragment wieder anfügen
208  $pathInfo .= isset($dummyArray[1]) ? "#".$dummyArray[1] : "";
209 
210  return $pathInfo;
211  }
212 
213 ### -------------------------------------------------------
214 
223  function hidden() {
224  if ($this->usesCookies || $this->transSID) return "";
225  return "<INPUT type=\"hidden\"
226  name=\"".session_name()."\"
227  value=\"".session_id()."\">";
228  }
229 } // of class
230 
231 ?>
url($pathInfo)
Fallback via GET - wenn Cookies ausgeschaltet sind.
exit
Definition: login.php:54
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
hidden()
Fallback via HIDDEN FIELD - wenn Cookies ausgeschaltet sind.
$_POST['username']
Definition: cron.php:12
$_GET["client_id"]
$_COOKIE["ilClientId"]
Definition: cron.php:11
sendNoCacheHeader()
Cacheing unterbinden.
redirectTo($pathInfo)
HTTP-Redirect ausführen (header("Location: ...")
removeTrail($pathInfo)
Entfernt mögliche abschließende "&" und "?".
"Manueller" Session-Fallback mit PHP4
Session($sessionName="SESSID")
Konstruktor - nimmt, wenn gewuenscht einen neuen Session-Namen entgegen.