/**
* Delete current session datas
*
* @param boolean $force : force removing persistent session (default false)
* @return void
* @access public
* @static
*/
static function deleteSession($force = false)
{
//clear session storage
$authStorage = new Zend_Auth_Storage_Session('atm-auth');
$authStorage->clear();
//clear session table
$sql = "\n\t\t\tdelete\n\t\t\tfrom\n\t\t\t\tsessions\n\t\t\twhere\n\t\t\t\tphpid_ses='" . io::sanitizeSQLString(Zend_Session::getId()) . "'\n\t\t";
if (!$force) {
//keep session with persistent cookie
$sql .= "\n\t\t\t\tand (\n\t\t\t\t\tUNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(lastTouch_ses) > " . io::sanitizeSQLString(APPLICATION_SESSION_TIMEOUT) . "\n\t\t\t\t\tand cookie_expire_ses = '0000-00-00 00:00:00'\n\t\t\t\t) or (\n\t\t\t\t\tcookie_expire_ses != '0000-00-00 00:00:00'\n\t\t\t\t\tand TO_DAYS(NOW()) >= cookie_expire_ses\n\t\t\t\t)\n\t\t\t";
} else {
//remove autologin cookie if exists
if (isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) {
//remove cookie
CMS_session::setCookie(CMS_session::getAutoLoginCookieName());
}
}
$q = new CMS_query($sql);
//remove phpMyAdmin cookies if any
@setcookie(session_name(), false, time() - 3600, PATH_REALROOT_WR . '/automne/phpMyAdmin/', '', 0);
@setcookie('phpMyAdmin', false, time() - 3600, PATH_REALROOT_WR . '/automne/phpMyAdmin/', '', 0);
return true;
}
/**
* Test user auto login to see if it is active
*
* @return boolean true if autologin is active, false otherwise
* @access public
* @static
*/
function autoLoginActive()
{
if (!isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) {
return false;
}
$attrs = @explode("|", base64_decode($_COOKIE[CMS_session::getAutoLoginCookieName()]));
$id_ses = (int) $attrs[0];
$session_id = $attrs[1];
if ($id_ses > 0 && $session_id) {
$sql = "\n\t\t\t\tselect\n\t\t\t\t\t*\n\t\t\t\tfrom\n\t\t\t\t\tsessions\n\t\t\t\twhere\n\t\t\t\t\tid_ses = '" . SensitiveIO::sanitizeSQLString($id_ses) . "'\n\t\t\t\t\tand phpid_ses = '" . SensitiveIO::sanitizeSQLString($session_id) . "'\n\t\t\t\t\tand cookie_expire_ses != '0000-00-00 00:00:00'\n\t\t\t";
if (CHECK_REMOTE_IP_MASK && isset($_SERVER['REMOTE_ADDR'])) {
//Check for a range in IPv4 or for the exact address in IPv6
if (filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
$a_ip_seq = explode(".", $_SERVER['REMOTE_ADDR']);
$sql .= "and remote_addr_ses like '" . SensitiveIO::sanitizeSQLString($a_ip_seq[0] . "." . $a_ip_seq[1] . ".") . "%'\n\t\t\t\t\t";
} else {
$sql .= "and remote_addr_ses = '" . SensitiveIO::sanitizeSQLString($_SERVER['REMOTE_ADDR']) . "'\n\t\t\t\t\t";
}
}
$q = new CMS_query($sql);
if ($q->getNumRows() == 1) {
return true;
}
}
return false;
}
/**
* Get autologin cookie name
*
* @return string : the autologin cookie name
* @access public
* @static
*/
static function getAutoLoginCookieName()
{
return CMS_session::getAutoLoginCookieName();
}
