public function run()
{
$c = new Criteria();
$c->add("infinite", false);
$date = currentDateUTC();
$date->subtractSeconds(3600);
$c->add("last_accessed", $date, "<");
DB_OzoneSessionPeer::instance()->delete($c);
}
public function process()
{
Ozone::init();
$runData = new RunData();
$runData->init();
Ozone::setRunData($runData);
/* Get session cookie.*/
$sessionId = $_COOKIE[GlobalProperties::$SESSION_COOKIE_NAME];
if (!$sessionId) {
throw new ProcessException('Please accept cookies in your browser.');
}
/* Make sure we are using http: protocol. */
if ($_SERVER['HTTPS']) {
throw new ProcessException('This controller should be invoked in the http: mode.');
}
$pl = $runData->getParameterList();
$sessionHash = $pl->getParameterValue('sessionHash');
/* Select session from the database. */
$c = new Criteria();
$c->add('session_id', $sessionId);
$c->add("md5(session_id || '" . self::$secretSeed . "')", $sessionHash);
$session = DB_OzoneSessionPeer::instance()->selectOne($c);
if (!$session) {
throw new ProcessException('No valid session found.');
}
/* Set IP strings. */
/* Assume that the previous ip was obtained using the SSL proto.
If not, this controller should not be invoked at all. */
$session->setIpAddressSsl($session->getIpAddress());
$session->setIpAddress($runData->createIpString());
$session->save();
/* IMPORTANT: Also clear the session cache. */
$mc = OZONE::$memcache;
$key = 'session..' . $session->getSessionId();
$mc->set($key, $session, 0, 600);
/* If everything went well, redirect to the original URL. */
$url = $pl->getParameterValue('origUrl');
if (!$url) {
$url = 'http://' . GlobalProperties::$URL_HOST;
}
//echo $url;
header('HTTP/1.1 301 Moved Permanently');
header("Location: {$url}");
}
public function build($runData)
{
$pl = $runData->getParameterList();
/* Process differently when there is a sessionHash code in the URL. */
$sessionHash = $pl->getParameterValue('rcode');
if ($sessionHash) {
//var_dump($sessionHash);
/* Get the session. */
$c = new Criteria();
$c->add('user_id', null);
$c->add("md5(session_id || 'someseed')", $sessionHash);
$session = DB_OzoneSessionPeer::instance()->selectOne($c);
if ($session) {
$runData->setSession($session);
/* Handle originalUrl. */
$originalUrl = $runData->sessionGet('loginOriginalUrl');
if ($originalUrl) {
$runData->contextAdd('originalUrl', $originalUrl);
if ($runData->sessionGet('loginOriginalUrlForce')) {
$runData->contextAdd('originalUrlForce', true);
}
}
/* Complete the registration. */
require_once WIKIDOT_ROOT . '/php/actions/CreateAccount2Action.php';
$action = new CreateAccount2Action();
$action->finalizeEvent($runData, true);
$runData->contextAdd('fromEmail', true);
return;
}
}
$evcode = $runData->sessionGet('evcode');
if (!$evcode) {
throw new ProcessException(_('Not within registration chain. <a href="/auth:newaccount">Click this</a> to start a new account.'));
}
$runData->contextAdd('evcode', $runData->sessionGet('evcode'));
$runData->sessionAdd("rstep", 2);
$data = $runData->sessionGet("ca_data");
$email = $data['email'];
$name = $data['name'];
$runData->contextAdd("email", $email);
$runData->contextAdd("name", $name);
}
public function logoutEvent($runData)
{
$db = Database::connection();
$db->begin();
EventLogger::instance()->logLogout();
if ($runData->getUser()) {
$userId = $runData->getUser()->getUserId();
}
$runData->sessionStop();
// be even wiser! delete all sessions by this user from the current IP string!
if ($userId !== null) {
$c = new Criteria();
$c->add("user_id", $userId);
$c->add("ip_address", $runData->createIpString());
// outdate the cache first
$ss = DB_OzoneSessionPeer::instance()->select($c);
$mc = OZONE::$memcache;
foreach ($ss as $s) {
$mc->delete('session..' . $s->getSessionId());
}
DB_OzoneSessionPeer::instance()->delete($c);
}
$db->commit();
}
/**
* Handle session at the beginning of the request procession.
*/
public function handleSessionStart()
{
// check if session cookie exists
$cookieKey = GlobalProperties::$SESSION_COOKIE_NAME;
$cookieSessionId = $this->cookies[$cookieKey];
// TODO: we can optimise this a bit... like don't fetch the session the second time from db
$m = array();
if (preg_match(";^_domain_cookie_(.*)_(.*)\$;", $cookieSessionId, $m)) {
$user_id = (int) $m[1];
$session_hash = $m[2];
$domain = $_SERVER['HTTP_HOST'];
$session_from_db = $this->getSessionFromDomainHash($session_hash, $domain, $user_id);
if ($session_from_db) {
$cookieSessionId = $session_from_db->getSessionId();
}
}
if ($cookieSessionId == false || $cookieSessionId == '' || !$cookieSessionId) {
// no session cookie, we do not force one (new cool policy).
return;
}
//ok, cookie is here. check if corresponds to a valid session
// try memcached first
$memcache = Ozone::$memcache;
$mkey = 'session..' . $cookieSessionId;
$session = $memcache->get($mkey);
if (!$session) {
$session = DB_OzoneSessionPeer::instance()->selectByPrimaryKey($cookieSessionId);
}
if (!$session) {
// no session object, delete the cookie!
$this->_setCookie($cookieKey, $cookieSessionId, time() - 10000000, "/", GlobalProperties::$SESSION_COOKIE_DOMAIN);
return;
}
// if we are here it means that the session object EXISTS in the database. now see if it is
// valid. if ok - leave it. if not - clean up.
$sessionValid = true;
if ($session->getInfinite() == false) {
$minTimestamp = new ODate();
$minTimestamp->subtractSeconds(GlobalProperties::$SESSION_TIMEOUT);
if ($session->getLastAccessed()->before($minTimestamp)) {
$sessionValid = false;
}
}
if ($session->getCheckIp() == true) {
$currentIpString = $this->createIpString();
if ($_SERVER['HTTPS'] && $session->getIpAddressSsl()) {
$sessionIpString = $session->getIpAddressSsl();
} else {
$sessionIpString = $session->getIpAddress();
}
if ($currentIpString != $sessionIpString) {
$sessionValid = false;
$this->session = null;
return;
// nasty, we should not remove this session.
}
}
/* Check UA hash. */
if ($session->getUaHash() != $this->createUaHash()) {
$sessionValid = false;
$this->session = null;
return;
}
if ($sessionValid == false) {
// cleanup again
$c = new Criteria();
$c->add("session_id", $session->getSessionId());
DB_OzoneSessionPeer::instance()->delete($c);
$memcache->delete($mkey);
} else {
// all is right, set the session now.
$this->session = $session;
}
return;
}
