ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
inc.pwassist_session_handler.php
Go to the documentation of this file.
1<?php
11/*
12 +-----------------------------------------------------------------------------+
13 | ILIAS open source |
14 +-----------------------------------------------------------------------------+
15 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
16 | |
17 | This program is free software; you can redistribute it and/or |
18 | modify it under the terms of the GNU General Public License |
19 | as published by the Free Software Foundation; either version 2 |
20 | of the License, or (at your option) any later version. |
21 | |
22 | This program is distributed in the hope that it will be useful, |
23 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
24 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
25 | GNU General Public License for more details. |
26 | |
27 | You should have received a copy of the GNU General Public License |
28 | along with this program; if not, write to the Free Software |
29 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
30 +-----------------------------------------------------------------------------+
31*/
32
33
34/*
35* open session, normally a db connection would be opened here, but
36* we use the standard ilias db connection, so nothing must be done here
37*
38* @param string $save_pathDSN information about how to access the database, format:
39* dbtype(dbsyntax)://username:password@protocol+hostspec/database
40* eg. mysql://phpsessmgr:topsecret@db.example.com/sessiondb
41* @param string $name session name [session_name()]
42*/
43function db_pwassist_session_open($save_path, $name)
44{
45 return true;
46}
47
54{
55 return true;
56}
57
58/*
59* Creates a new secure id.
60*
61* The secure id has the following characteristics:
62* - It is unique
63* - It is a non-uniformly distributed (pseudo) random value
64* - Only a non-substantial number of bits can be predicted from
65* previously generated id's.
66*/
67function db_pwassist_create_id(): string
68{
69 global $DIC;
70
71 $ilDB = $DIC->database();
72
73 do {
74 $hash = bin2hex(ilPasswordUtils::getBytes(32));
75
76 $exists = (
77 (int) ($ilDB->fetchAssoc(
78 $ilDB->query(
79 "SELECT EXISTS(" .
80 "SELECT 1 FROM usr_pwassist WHERE pwassist_id = " . $ilDB->quote($hash, ilDBConstants::T_TEXT) .
81 ") AS hit"
82 )
83 )['hit'] ?? 0) === 1
84 );
85 } while ($exists);
86
87 return $hash;
88}
89
90/*
91* Reads data of the session identified by $pwassist_id and returns it as a
92* associative array. If there is no session with this ID an empty array is
93* returned
94*
95* @param integer $pwassist_id secure id
96*/
97function db_pwassist_session_read($pwassist_id)
98{
99 global $DIC;
100
101 $ilDB = $DIC->database();
102
103 $q = "SELECT * FROM usr_pwassist " .
104 "WHERE pwassist_id = " . $ilDB->quote($pwassist_id, "text");
105 $r = $ilDB->query($q);
106 $data = $ilDB->fetchAssoc($r);
107
108 return $data;
109}
110
111/*
112* Reads data of the session identified by $user_id.
113* Teturns the data as an associative array.
114* If there is no session for the specified user_id, an
115* empty array is returned
116*
117* @param integer $user_id user id
118**/
119function db_pwassist_session_find($user_id)
120{
121 global $DIC;
122
123 $ilDB = $DIC->database();
124
125 $q = "SELECT * FROM usr_pwassist " .
126 "WHERE user_id = " . $ilDB->quote($user_id, "integer");
127 $r = $ilDB->query($q);
128 $data = $ilDB->fetchAssoc($r);
129
130 return $data;
131}
132
140function db_pwassist_session_write($pwassist_id, $maxlifetime, $user_id)
141{
142 global $DIC;
143
144 $ilDB = $DIC->database();
145
146 $q = "DELETE FROM usr_pwassist " .
147 "WHERE pwassist_id = " . $ilDB->quote($pwassist_id, "text") . " " .
148 "OR user_id = " . $ilDB->quote($user_id, 'integer');
149 $ilDB->manipulate($q);
150
151 $ctime = time();
152 $expires = $ctime + $maxlifetime;
153 $ilDB->manipulateF(
154 "INSERT INTO usr_pwassist " .
155 "(pwassist_id, expires, user_id, ctime) " .
156 "VALUES (%s,%s,%s,%s)",
157 array("text", "integer", "integer", "integer"),
158 array($pwassist_id, $expires, $user_id, $ctime)
159 );
160
161 return true;
162}
163
169function db_pwassist_session_destroy($pwassist_id)
170{
171 global $DIC;
172
173 $ilDB = $DIC->database();
174
175 $q = "DELETE FROM usr_pwassist " .
176 "WHERE pwassist_id = " . $ilDB->quote($pwassist_id, "text");
177 $ilDB->manipulate($q);
178
179 return true;
180}
181
182
187{
188 global $DIC;
189
190 $ilDB = $DIC->database();
191
192 $q = "DELETE FROM usr_pwassist " .
193 "WHERE expires < " . $ilDB->quote(time(), "integer");
194 $ilDB->manipulate($q);
195
196 return true;
197}
An exception for terminatinating execution or to throw for unit testing.
static getBytes($length)
Generate random bytes using OpenSSL or Mcrypt and mt_rand() as fallback.
db_pwassist_session_close()
close session
db_pwassist_session_destroy($pwassist_id)
destroy session
db_pwassist_session_find($user_id)
db_pwassist_session_write($pwassist_id, $maxlifetime, $user_id)
Writes serialized session data to the database.
db_pwassist_session_read($pwassist_id)
db_pwassist_session_open($save_path, $name)
Database Session Handling for the password assistance use case.
db_pwassist_session_gc()
removes all expired sessions
if($format !==null) $name
Definition: metadata.php:230
global $ilDB
$data
Definition: storeScorm.php:23
$DIC
Definition: xapitoken.php:46