ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.Session.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
24// Datei: class.Session.inc
25// Benoetigt: mind. 4.0.1pl2
26
34{
35 public $version = 106; // V1.06
36 public $usesCookies = false; // Client nimmt Cookies an
37 public $transSID = false; // Wurde mit --enable-trans-sid
38 // kompiliert
39
40//---------------------------------------------------------
41
46 public function __construct($sessionName="SESSID")
47 {
48 $this->sendNoCacheHeader();
49
50 ini_set("session.cookie_httponly", 1);
51 if (version_compare(PHP_VERSION, '7.1.0', '>=')) {
52 ini_set("session.sid_length", "32");
53 } else {
54 // force 4 hash bits per character for session_id // Sascha Hofmann (2005-10-19)
55 ini_set("session.hash_bits_per_character", "4");
56 }
57
58 // Session-Namen setzen, Session initialisieren
59 session_name(isset($sessionName)
60 ? $sessionName
61 : session_name());
62
63 @session_start();
64
65 // Prüen ob die Session-ID die Standardlänge
66 // von 32 Zeichen hat,
67 // ansonsten Session-ID neu setzen
68 if (strlen(session_id()) < 32) {
69 mt_srand((double) microtime()*1000000);
70 session_id(md5(uniqid(mt_rand())));
71 }
72
73 // Prüfen, ob eine Session-ID übergeben wurde
74 // (über Cookie, POST oder GET)
75 $IDpassed = false;
76 if (isset($_COOKIE[session_name()]) &&
77 @strlen($_COOKIE[session_name()]) >= 32
78 ) {
79 $IDpassed = true;
80 }
81
82 if (!$IDpassed) {
83 // Es wurde keine (gültige) Session-ID übergeben.
84 // Script-Parameter der URL zufügen
85
86 $query = @$_SERVER["QUERY_STRING"] != "" ? "?" . $_SERVER["QUERY_STRING"] : "";
87
88 header("Status: 302 Found");
89
90 // Script terminiert
91 $this->redirectTo($_SERVER["PHP_SELF"] . $query);
92 }
93
94 // Wenn die Session-ID übergeben wurde, muss sie
95 // nicht unbedingt gültig sein!
96
97 // Für weiteren Gebrauch merken
98 $this->usesCookies =
99 (isset($_COOKIE[session_name()]) &&
100 @strlen($_COOKIE[session_name()])
101 >= 32);
102 }
103
104 ### -------------------------------------------------------
113 public function sendNoCacheHeader()
114 {
115 header("Expires: Sat, 05 Aug 2000 22:27:00 GMT");
116 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
117 header("Cache-Control: no-cache, must-revalidate");
118 header("Pragma: no-cache");
119 header("Cache-Control: post-check=0, pre-check=0");
120 }
121
122 ### -------------------------------------------------------
136 public function redirectTo($pathInfo)
137 {
138
139 // Relativer Pfad?
140 if ($pathInfo[0] != "/") {
141 $pathInfo = substr(
142 getenv("PATH_INFO"),
143 0,
144 strrpos(getenv("PATH_INFO"), "/")+1
145 )
146 . $pathInfo;
147 }
148
149 // Läuft dieses Script auf einem non-standard Port?
150 $port = !preg_match(
151 "/^(80|443)$/",
152 getenv("SERVER_PORT"),
153 $portMatch
154 )
155 ? ":" . getenv("SERVER_PORT")
156 : "";
157
158 // Redirect
159 header("Location: "
160 . (($portMatch[1] == 443) ? "https://" : "http://")
161 . $_SERVER["HTTP_HOST"] . $port . $this->url($pathInfo));
162 exit;
163 }
164
165 ### -------------------------------------------------------
172 public function removeTrail($pathInfo)
173 {
174 $dummy = preg_match("/(.*)(?<!&|\?)/", $pathInfo, $match);
175 return $match[0];
176 }
177
178 ### -------------------------------------------------------
185 public function url($pathInfo)
186 {
187 if ($this->usesCookies || $this->transSID) {
188 return $pathInfo;
189 }
190
191 // Anchor-Fragment extrahieren
192 $dummyArray = explode("#", $pathInfo);
193 $pathInfo = $dummyArray[0];
194
195 // evtl. (kaputte) Session-ID(s) aus dem Querystring entfernen
196 $pathInfo = preg_replace(
197 "/[?|&]" . session_name() . "=[^&]*/",
198 "",
199 $pathInfo
200 );
201
202 // evtl. Query-Delimiter korrigieren
203 if (preg_match("/&/", $pathInfo) && !preg_match("/\?/", $pathInfo)) {
204 // 4ter Parameter für "preg_replace()" erst ab 4.0.1pl2
205 $pathInfo = preg_replace("/&/", "?", $pathInfo, 1);
206 }
207
208 // Restmüll entsorgen
209 $pathInfo = $this->removeTrail($pathInfo);
210
211 // Session-Name und Session-ID frisch hinzufügen
212 $pathInfo .= preg_match("/\?/", $pathInfo) ? "&" : "?";
213
214 // Anchor-Fragment wieder anfügen
215 $pathInfo .= isset($dummyArray[1]) ? "#" . $dummyArray[1] : "";
216
217 return $pathInfo;
218 }
219} // of class
$_COOKIE['client_id']
Definition: server.php:9
An exception for terminatinating execution or to throw for unit testing.
"Manueller" Session-Fallback mit PHP4
url($pathInfo)
Fallback via GET - wenn Cookies ausgeschaltet sind.
__construct($sessionName="SESSID")
Konstruktor - nimmt, wenn gewuenscht einen neuen Session-Namen entgegen.
removeTrail($pathInfo)
Entfernt mögliche abschließende "&" und "?".
redirectTo($pathInfo)
HTTP-Redirect ausführen (header("Location: ...")
sendNoCacheHeader()
Cacheing unterbinden.
$query
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']