/** * Delete current session datas * * @param boolean $force : force removing persistent session (default false) * @return void * @access public * @static */ static function deleteSession($force = false) { //clear session storage $authStorage = new Zend_Auth_Storage_Session('atm-auth'); $authStorage->clear(); //clear session table $sql = "\n\t\t\tdelete\n\t\t\tfrom\n\t\t\t\tsessions\n\t\t\twhere\n\t\t\t\tphpid_ses='" . io::sanitizeSQLString(Zend_Session::getId()) . "'\n\t\t"; if (!$force) { //keep session with persistent cookie $sql .= "\n\t\t\t\tand (\n\t\t\t\t\tUNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(lastTouch_ses) > " . io::sanitizeSQLString(APPLICATION_SESSION_TIMEOUT) . "\n\t\t\t\t\tand cookie_expire_ses = '0000-00-00 00:00:00'\n\t\t\t\t) or (\n\t\t\t\t\tcookie_expire_ses != '0000-00-00 00:00:00'\n\t\t\t\t\tand TO_DAYS(NOW()) >= cookie_expire_ses\n\t\t\t\t)\n\t\t\t"; } else { //remove autologin cookie if exists if (isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) { //remove cookie CMS_session::setCookie(CMS_session::getAutoLoginCookieName()); } } $q = new CMS_query($sql); //remove phpMyAdmin cookies if any @setcookie(session_name(), false, time() - 3600, PATH_REALROOT_WR . '/automne/phpMyAdmin/', '', 0); @setcookie('phpMyAdmin', false, time() - 3600, PATH_REALROOT_WR . '/automne/phpMyAdmin/', '', 0); return true; }
/** * Test user auto login to see if it is active * * @return boolean true if autologin is active, false otherwise * @access public * @static */ function autoLoginActive() { if (!isset($_COOKIE[CMS_session::getAutoLoginCookieName()])) { return false; } $attrs = @explode("|", base64_decode($_COOKIE[CMS_session::getAutoLoginCookieName()])); $id_ses = (int) $attrs[0]; $session_id = $attrs[1]; if ($id_ses > 0 && $session_id) { $sql = "\n\t\t\t\tselect\n\t\t\t\t\t*\n\t\t\t\tfrom\n\t\t\t\t\tsessions\n\t\t\t\twhere\n\t\t\t\t\tid_ses = '" . SensitiveIO::sanitizeSQLString($id_ses) . "'\n\t\t\t\t\tand phpid_ses = '" . SensitiveIO::sanitizeSQLString($session_id) . "'\n\t\t\t\t\tand cookie_expire_ses != '0000-00-00 00:00:00'\n\t\t\t"; if (CHECK_REMOTE_IP_MASK && isset($_SERVER['REMOTE_ADDR'])) { //Check for a range in IPv4 or for the exact address in IPv6 if (filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { $a_ip_seq = explode(".", $_SERVER['REMOTE_ADDR']); $sql .= "and remote_addr_ses like '" . SensitiveIO::sanitizeSQLString($a_ip_seq[0] . "." . $a_ip_seq[1] . ".") . "%'\n\t\t\t\t\t"; } else { $sql .= "and remote_addr_ses = '" . SensitiveIO::sanitizeSQLString($_SERVER['REMOTE_ADDR']) . "'\n\t\t\t\t\t"; } } $q = new CMS_query($sql); if ($q->getNumRows() == 1) { return true; } } return false; }
/** * Get autologin cookie name * * @return string : the autologin cookie name * @access public * @static */ static function getAutoLoginCookieName() { return CMS_session::getAutoLoginCookieName(); }