public function run() { $c = new Criteria(); $c->add("infinite", false); $date = currentDateUTC(); $date->subtractSeconds(3600); $c->add("last_accessed", $date, "<"); DB_OzoneSessionPeer::instance()->delete($c); }
public function process() { Ozone::init(); $runData = new RunData(); $runData->init(); Ozone::setRunData($runData); /* Get session cookie.*/ $sessionId = $_COOKIE[GlobalProperties::$SESSION_COOKIE_NAME]; if (!$sessionId) { throw new ProcessException('Please accept cookies in your browser.'); } /* Make sure we are using http: protocol. */ if ($_SERVER['HTTPS']) { throw new ProcessException('This controller should be invoked in the http: mode.'); } $pl = $runData->getParameterList(); $sessionHash = $pl->getParameterValue('sessionHash'); /* Select session from the database. */ $c = new Criteria(); $c->add('session_id', $sessionId); $c->add("md5(session_id || '" . self::$secretSeed . "')", $sessionHash); $session = DB_OzoneSessionPeer::instance()->selectOne($c); if (!$session) { throw new ProcessException('No valid session found.'); } /* Set IP strings. */ /* Assume that the previous ip was obtained using the SSL proto. If not, this controller should not be invoked at all. */ $session->setIpAddressSsl($session->getIpAddress()); $session->setIpAddress($runData->createIpString()); $session->save(); /* IMPORTANT: Also clear the session cache. */ $mc = OZONE::$memcache; $key = 'session..' . $session->getSessionId(); $mc->set($key, $session, 0, 600); /* If everything went well, redirect to the original URL. */ $url = $pl->getParameterValue('origUrl'); if (!$url) { $url = 'http://' . GlobalProperties::$URL_HOST; } //echo $url; header('HTTP/1.1 301 Moved Permanently'); header("Location: {$url}"); }
public function build($runData) { $pl = $runData->getParameterList(); /* Process differently when there is a sessionHash code in the URL. */ $sessionHash = $pl->getParameterValue('rcode'); if ($sessionHash) { //var_dump($sessionHash); /* Get the session. */ $c = new Criteria(); $c->add('user_id', null); $c->add("md5(session_id || 'someseed')", $sessionHash); $session = DB_OzoneSessionPeer::instance()->selectOne($c); if ($session) { $runData->setSession($session); /* Handle originalUrl. */ $originalUrl = $runData->sessionGet('loginOriginalUrl'); if ($originalUrl) { $runData->contextAdd('originalUrl', $originalUrl); if ($runData->sessionGet('loginOriginalUrlForce')) { $runData->contextAdd('originalUrlForce', true); } } /* Complete the registration. */ require_once WIKIDOT_ROOT . '/php/actions/CreateAccount2Action.php'; $action = new CreateAccount2Action(); $action->finalizeEvent($runData, true); $runData->contextAdd('fromEmail', true); return; } } $evcode = $runData->sessionGet('evcode'); if (!$evcode) { throw new ProcessException(_('Not within registration chain. <a href="/auth:newaccount">Click this</a> to start a new account.')); } $runData->contextAdd('evcode', $runData->sessionGet('evcode')); $runData->sessionAdd("rstep", 2); $data = $runData->sessionGet("ca_data"); $email = $data['email']; $name = $data['name']; $runData->contextAdd("email", $email); $runData->contextAdd("name", $name); }
public function logoutEvent($runData) { $db = Database::connection(); $db->begin(); EventLogger::instance()->logLogout(); if ($runData->getUser()) { $userId = $runData->getUser()->getUserId(); } $runData->sessionStop(); // be even wiser! delete all sessions by this user from the current IP string! if ($userId !== null) { $c = new Criteria(); $c->add("user_id", $userId); $c->add("ip_address", $runData->createIpString()); // outdate the cache first $ss = DB_OzoneSessionPeer::instance()->select($c); $mc = OZONE::$memcache; foreach ($ss as $s) { $mc->delete('session..' . $s->getSessionId()); } DB_OzoneSessionPeer::instance()->delete($c); } $db->commit(); }
/** * Handle session at the beginning of the request procession. */ public function handleSessionStart() { // check if session cookie exists $cookieKey = GlobalProperties::$SESSION_COOKIE_NAME; $cookieSessionId = $this->cookies[$cookieKey]; // TODO: we can optimise this a bit... like don't fetch the session the second time from db $m = array(); if (preg_match(";^_domain_cookie_(.*)_(.*)\$;", $cookieSessionId, $m)) { $user_id = (int) $m[1]; $session_hash = $m[2]; $domain = $_SERVER['HTTP_HOST']; $session_from_db = $this->getSessionFromDomainHash($session_hash, $domain, $user_id); if ($session_from_db) { $cookieSessionId = $session_from_db->getSessionId(); } } if ($cookieSessionId == false || $cookieSessionId == '' || !$cookieSessionId) { // no session cookie, we do not force one (new cool policy). return; } //ok, cookie is here. check if corresponds to a valid session // try memcached first $memcache = Ozone::$memcache; $mkey = 'session..' . $cookieSessionId; $session = $memcache->get($mkey); if (!$session) { $session = DB_OzoneSessionPeer::instance()->selectByPrimaryKey($cookieSessionId); } if (!$session) { // no session object, delete the cookie! $this->_setCookie($cookieKey, $cookieSessionId, time() - 10000000, "/", GlobalProperties::$SESSION_COOKIE_DOMAIN); return; } // if we are here it means that the session object EXISTS in the database. now see if it is // valid. if ok - leave it. if not - clean up. $sessionValid = true; if ($session->getInfinite() == false) { $minTimestamp = new ODate(); $minTimestamp->subtractSeconds(GlobalProperties::$SESSION_TIMEOUT); if ($session->getLastAccessed()->before($minTimestamp)) { $sessionValid = false; } } if ($session->getCheckIp() == true) { $currentIpString = $this->createIpString(); if ($_SERVER['HTTPS'] && $session->getIpAddressSsl()) { $sessionIpString = $session->getIpAddressSsl(); } else { $sessionIpString = $session->getIpAddress(); } if ($currentIpString != $sessionIpString) { $sessionValid = false; $this->session = null; return; // nasty, we should not remove this session. } } /* Check UA hash. */ if ($session->getUaHash() != $this->createUaHash()) { $sessionValid = false; $this->session = null; return; } if ($sessionValid == false) { // cleanup again $c = new Criteria(); $c->add("session_id", $session->getSessionId()); DB_OzoneSessionPeer::instance()->delete($c); $memcache->delete($mkey); } else { // all is right, set the session now. $this->session = $session; } return; }