private function showLoginForm($sLogin, $sUrlRedirect, $bRememberMe, $sError = false) { //display login form $sFormAction = AnwUtils::alink("login"); $this->out .= $this->tpl()->loginForm($sFormAction, $sLogin, $sUrlRedirect, $bRememberMe, AnwSessions::isResumeEnabled(), $sError); $this->headJsOnload($this->tpl()->loginFormJs()); }
private static function loadCurrentSession() { AnwDebug::startbench("Current session load"); try { self::$oSession = AnwSessions::getCurrentSession(); //keepalive $nElapsedTimeSinceKeepalive = time() - self::getLastKeepAlive(); $nKeepAliveInterval = AnwComponent::globalCfgKeepaliveDelay(); AnwDebug::log('(AnwSessions) Time elapsed since last keepalive: ' . $nElapsedTimeSinceKeepalive . '/' . $nKeepAliveInterval . 's'); if ($nElapsedTimeSinceKeepalive > $nKeepAliveInterval) { AnwDebug::log('(AnwSessions) Running keepalive...'); $nTime = time(); self::resetLastKeepAlive(); //keepalive session AnwSessions::keepAlive(); //run hooks $oSessionUser = self::$oSession->getUser(); AnwPlugins::hook("session_keepalive_any", $oSessionUser); if (self::$oSession->isLoggedIn()) { AnwPlugins::hook("session_keepalive_loggedin", $oSessionUser); } else { AnwPlugins::hook("session_keepalive_loggedout", $oSessionUser); } } } catch (AnwUserNotFoundException $e) { //current user doesn't exist anymore self::$oSession = new AnwSession(); self::logout(); } AnwDebug::stopbench("Current session load"); }
function output($bEmergencyError = false) { AnwDebug::startbench("output", true); //render head $this->renderHeadForOutput(); //global actions /*$asAllGlobalActions = array("lastchanges", "sitemap", "untranslated", "management"); $asAvailableGlobalActions = array(); foreach ($asAllGlobalActions as $sAction) { if (AnwCurrentSession::isActionGlobalAllowed($sAction)) { $asAvailableGlobalActions[] = array( 'action' => $sAction, 'link' => AnwUtils::alink($sAction), 'translation' => self::g_("action_".$sAction) ); } }*/ if (!$bEmergencyError) { //session nav if (AnwCurrentSession::isLoggedIn()) { $sLinkProfile = AnwUsers::isDriverInternal() ? AnwUtils::alink("profile") : AnwUsers::getLinkProfile(AnwCurrentSession::getUser()); $sLinkSettings = AnwUtils::aLink("settings"); $sLinkLogout = AnwSessions::isDriverInternal() ? AnwUtils::alink("logout") : AnwSessions::getLogoutLink(); $sessionnav = $this->tpl()->sessionNavLoggedin(AnwCurrentSession::getUser()->getDisplayName(), $sLinkProfile, $sLinkSettings, $sLinkLogout); } else { $sLinkSettings = AnwUtils::aLink("settings"); $sLinkLogin = AnwSessions::isDriverInternal() ? AnwUtils::alink("login") : AnwSessions::getLoginLink(); if (self::globalCfgUsersRegisterEnabled()) { $sLinkRegister = AnwUsers::isDriverInternal() ? AnwUtils::alink("register") : AnwUsers::getRegisterLink(); } else { $sLinkRegister = false; } $sessionnav = $this->tpl()->sessionNavGuest($sLinkSettings, $sLinkLogin, $sLinkRegister); } $aoAllowedGlobalNavEntries = $this->getGlobalNavEntriesAllowed(); if (count($aoAllowedGlobalNavEntries) > 0) { $globalnav = $this->tpl()->globalNav($aoAllowedGlobalNavEntries); } else { $globalnav = ""; } } else { $sessionnav = ""; $globalnav = ""; } $this->out = $this->tpl()->globalBody($sessionnav, $globalnav, $this->out); $this->out = $this->tpl()->globalHtml(self::g_("local_html_lang", array(), self::getActionLang()), self::g_("local_html_dir", array(), self::getActionLang()), $this->title, $this->head, $this->out); AnwDebug::stopbench("output"); $this->printOutput(); }
function needsReauth() { if (!$this->isLoggedIn() || !AnwComponent::globalCfgReauthEnabled() || !AnwSessions::isReauthSupported()) { self::debug("needsReauth: skipping"); return false; } $nTimeElapsed = time() - $this->nTimeAuth; self::debug("needsReauth: " . $nTimeElapsed . "/" . AnwComponent::globalCfgReauthDelay() . "s"); if ($nTimeElapsed > AnwComponent::globalCfgReauthDelay()) { return true; } return false; }
/** * @throws AnwUnexpectedException */ static function loadDriver() { AnwDebug::startbench("Sessions driver init"); self::$oDriver = AnwSessionsDriver::loadComponent(AnwComponent::globalCfgDriverSessions()); self::$oDriver->init(); if (self::isDriverInternal()) { self::debug("Sessions Driver loaded : internal"); } else { if (self::isDriverExternal()) { self::debug("Sessions Driver loaded : external"); } else { throw new AnwUnexpectedException("Unknown sessionsdriver type"); } } AnwDebug::stopbench("Sessions driver init"); }
private function saveSession($oSession, $bCreateSessionIfNotExists = false) { $sSessionId = $oSession->getId(); if ($oSession->isLoggedIn()) { //purge the old sessions from database (needed for the update/insert test) $this->purgeExpiredSessionsFromDatabase(); //try to update session in database (if it already exists) $sSessionIdentifier = AnwEnv::calculateSessionIdentifier(); $sSessionCode = self::generateSessionCode(); //a new code is generated (even if session already exists) to prevent session stealing $nSessionUser = $oSession->getUser()->getId(); $sSessionResume = $oSession->isResume() ? 1 : 0; $nSessionTimeSeen = time(); $asData = array("SessionIdentifier" => $this->db()->strtosql($sSessionIdentifier), "SessionCode" => $this->db()->strtosql($sSessionCode), "SessionUser" => $this->db()->inttosql($nSessionUser), "SessionResume" => $this->db()->strtosql($sSessionResume), "SessionTimeSeen" => $this->db()->inttosql($nSessionTimeSeen)); $this->db()->do_update($asData, "session", "WHERE SessionId=" . $this->db()->strtosql($sSessionId)); //otherwise, we may need to INSERT this new session or to kill it if ($this->db()->affected_rows() != 1) { if ($bCreateSessionIfNotExists) { //user is logging in, it's normal that the session doesn't exist in database. $asData["SessionId"] = $this->db()->strtosql($sSessionId); $asData["SessionTimeStart"] = $this->db()->inttosql(time()); $asData["SessionTimeAuth"] = $this->db()->inttosql(time()); $this->db()->do_insert($asData, "session"); } else { //here, the session is supposed to exist in database, but isn't found. //this can happend in the following situations: // - The session has expired (DurationIdle or DurationMax) // - An user was using a session, when someone tried to steal it. The session was killed for security reasons. // - An administrator has killed the session. // - The session has expired. //In both situations, the current session is no longer safe and must be closed. self::debug("WARNING: Session doesn't exist in database, but session creation is NOT expected. Logging out."); AnwCurrentSession::logout(); return; } } //remember current session in cookies $nCookieExpires = AnwSessions::isResumeEnabled() && $oSession->isResume() ? time() + $this->cfgResumeDelayMax() : 0; AnwEnv::putCookie(self::COOKIE_SESSION_ID, $sSessionId, $nCookieExpires); AnwEnv::putCookie(self::COOKIE_SESSION_CODE, $sSessionCode, $nCookieExpires); AnwEnv::putSession(self::SESSION_CODE, $sSessionCode); } else { //unset cookies AnwEnv::unsetCookie(self::COOKIE_SESSION_ID); AnwEnv::unsetCookie(self::COOKIE_SESSION_CODE); } }
protected function grantUserAdmin($oUser) { //grant admin privileges AnwAcls::grantUserAdminOnInstall($oUser); //open the session AnwSessions::login($oUser, false); //squeezing AnwCurrentSession... //update step status $this->getActionInstall()->updateStepStatusNext(); AnwUtils::redirect($this->linkStepNext()); }