Class Session

Description

A class for creating and holding session information.

Located in /Session.php (line 58)


	
			
Variable Summary
Method Summary
 Session Session ([string $sid = ""])
 boolean AllowedTo (string $whatever)
 void AssignSessionDetails (object $u)
 string BuildConfirmationHash (string $method, string $varname)
 string CheckConfirmationHash (string $method, string $varname)
 void Dbg (string $whatever, string $group, mixed $whatever...)
 void EmailTemporaryPassword ( $username,  $email_address, [ $body_template = ""])
 string FormattedDate (string $indate, [string $type = 'date'])
 void GetRoles ()
 void Log (string $whatever, mixed $whatever...)
 boolean Login (string $username, string $password, [string $authenticated = false])
 boolean LoginRequired ([string $groups = ""])
 boolean LSIDLogin (string $lsid)
 string RenderLoginPanel ()
 void _CheckLogin ()
 void _CheckLogout ()
Variables
int $email = '' (line 99)

The user's email address from their usr record.

  • access: public
int $fullname = 'Guest' (line 93)

The user's full name from their usr record.

  • access: public
boolean $just_logged_in = false (line 113)

Whether the user logged in to view the current page. Perhaps some details on the login form might pollute an editable form and result in an unplanned submit. This can be used to program around such a problem.

  • access: public
string $last_session_end (line 126)

The date and time that the user requested their last page during their last session.

  • access: public
string $last_session_start (line 119)

The date and time that the user logged on during their last session.

  • access: public
int $logged_in = false (line 105)

Whether this user has actually logged in.

  • access: public
int $session_id = 0 (line 81)

A unique id for this user's logged-in session.

  • access: public
int $username = 'guest' (line 87)

The user's username used to log in.

  • access: public
int $user_no (line 75)

The user_no of the logged in user.

  • access: public
Methods
Constructor Session (line 145)

Create a new Session object.

If a session identifier is supplied, or we can find one in a cookie, we validate it and consider the person logged in. We read some useful session and user data in passing as we do this.

The session identifier contains a random value, hashed, to provide validation. This could be hijacked if the traffic was sniffable so sites who are paranoid about security should only do this across SSL.

A worthwhile enhancement would be to add some degree of external configurability to that read.

Session Session ([string $sid = ""])
  • string $sid: A session identifier.
AllowedTo (line 260)

Checks whether a user is allowed to do something.

The check is performed to see if the user has that role.

  • return: Whether or not the user has the specified role.
boolean AllowedTo (string $whatever)
  • string $whatever: The role we want to know if the user has.
AssignSessionDetails (line 283)

Internal function used to assign the session details to a user's new session.

void AssignSessionDetails (object $u)
  • object $u: The user+session object we (probably) read from the database.
BuildConfirmationHash (line 867)

Build a hash which we can use for confirmation that we didn't get e-mailed a bogus link by someone, and that we actually got here by traversing the website.

  • return: A string we can use as either a GET or POST value (i.e. a hidden field, or a varname=hash pair.
string BuildConfirmationHash (string $method, string $varname)
  • string $method: Either 'GET' or 'POST' depending on the way we will use this.
  • string $varname: The name of the variable which we will confirm
CheckConfirmationHash (line 890)

Check a hash which we created through BuildConfirmationHash

  • return: A string we can use as either a GET or POST value (i.e. a hidden field, or a varname=hash pair.
string CheckConfirmationHash (string $method, string $varname)
  • string $method: Either 'GET' or 'POST' depending on the way we will use this.
  • string $varname: The name of the variable which we will confirm
Dbg (line 230)

DEPRECATED Utility function to log debug stuff with printf expansion, and the ability to enable it selectively.

The enabling is done by setting a variable "$debuggroups[$group] = 1"

void Dbg (string $whatever, string $group, mixed $whatever...)
  • string $group: The name of an arbitrary debug group.
  • string $whatever: A log string
  • mixed $whatever...: Further parameters to be replaced into the log string a la printf
EmailTemporaryPassword (line 630)

E-mails a temporary password in response to a request from a user.

This could be called from somewhere within the application that allows someone to set up a user and invite them.

This function includes EMail.php to actually send the password.

void EmailTemporaryPassword ( $username,  $email_address, [ $body_template = ""])
  • $username
  • $email_address
  • $body_template
FormattedDate (line 827)

Function to reformat an ISO date to something nicer and possibly more localised

  • return: The nicely formatted date.
string FormattedDate (string $indate, [string $type = 'date'])
  • string $indate: The ISO date to be formatted.
  • string $type: If 'timestamp' then the time will also be shown.
GetRoles (line 268)

Internal function used to get the user's roles from the database.

void GetRoles ()
Log (line 202)

DEPRECATED Utility function to log stuff with printf expansion.

This function could be expanded to log something identifying the session, but somewhat strangely this has not yet been done.

void Log (string $whatever, mixed $whatever...)
  • string $whatever: A log string
  • mixed $whatever...: Further parameters to be replaced into the log string a la printf
Login (line 311)

Attempt to perform a login action.

This will validate the user's username and password. If they are OK then a new session id will be created and the user will be cookied with it for subsequent pages. A logged in session will be created, and the $_POST array will be cleared of the username, password and submit values. submit will also be cleared from $_GET and $GLOBALS, just in case.

  • return: Whether or not the user correctly guessed a temporary password within the necessary window of opportunity.
boolean Login (string $username, string $password, [string $authenticated = false])
  • string $username: The user's login name, or at least what they entered it as.
  • string $password: The user's password, or at least what they entered it as.
  • string $authenticated: If true, then authentication has already happened and the password is not checked, though the user must still exist.
LoginRequired (line 580)

Checks that this user is logged in, and presents a login screen if they aren't.

The function can optionally confirm whether they are a member of one of a list of groups, and deny access if they are not a member of any of them.

  • return: Whether or not the user is logged in and is a member of one of the required groups.
boolean LoginRequired ([string $groups = ""])
  • string $groups: The list of groups that the user must be a member of one of to be allowed to proceed.
LSIDLogin (line 436)

Attempts to logs in using a long-term session ID

This is all horribly insecure, but its hard not to be.

  • return: Whether or not the user's lsid cookie got them in the door.
boolean LSIDLogin (string $lsid)
  • string $lsid: The user's value of the lsid cookie.
RenderLoginPanel (line 527)

Renders some HTML for a basic login panel

  • return: The HTML to display a login panel.
string RenderLoginPanel ()
SendTemporaryPassword (line 713)

Sends a temporary password in response to a request from a user.

This is probably only going to be called from somewhere internal. An external caller will probably just want the e-mail, without the HTML that this displays.

void SendTemporaryPassword ()
_CheckLogin (line 794)
void _CheckLogin ()
_CheckLogout (line 781)
void _CheckLogout ()

Documentation generated on Thu, 15 Apr 2010 20:23:06 +1200 by phpDocumentor 1.3.2