hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-14 05:23:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade session scope

Browse Source
This commit is contained in:
Romain Neutron
2012-09-21 14:44:53 +02:00
parent 200b8c3576
commit 6b8ac7702b
11 changed files with 75 additions and 1374 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
lib/classes/Session/Authentication/Guest.class.php
View File

@@ -9,6 +9,8 @@
* file that was distributed with this source code.
*/
use Alchemy\Phrasea\Application;
/**
* Session Authentication Object for guest access
*
@@ -20,9 +22,9 @@ class Session_Authentication_Guest implements Session_Authentication_Interface
{
/**
*
* @var appbox
* @var Application
*/
protected $appbox;
protected $app;
/**
*
@@ -32,16 +34,16 @@ class Session_Authentication_Guest implements Session_Authentication_Interface
/**
*
* @param appbox $appbox
* @param Application $app
* @return Session_Authentication_Guest
*/
public function __construct(appbox &$appbox)
public function __construct(Application $app)
{
$this->appbox = $appbox;
$this->app = $app;
$nonce = random::generatePassword(16);
$password = random::generatePassword(24);
$this->user = User_Adapter::create($this->appbox, 'invite', $password, null, false, true);
$this->user = User_Adapter::create($this->app, 'invite', $password, null, false, true);
return $this;
}
@@ -70,8 +72,8 @@ class Session_Authentication_Guest implements Session_Authentication_Interface
*/
public function signOn()
{
$inviteUsrid = User_Adapter::get_usr_id_from_login('invite');
$invite_user = User_Adapter::getInstance($inviteUsrid, $this->appbox);
$inviteUsrid = User_Adapter::get_usr_id_from_login($this->app, 'invite');
$invite_user = User_Adapter::getInstance($inviteUsrid, $this->app);
$usr_base_ids = array_keys($this->user->ACL()->get_granted_base());
$this->user->ACL()->revoke_access_from_bases($usr_base_ids);
@@ -88,7 +90,11 @@ class Session_Authentication_Guest implements Session_Authentication_Interface
*/
public function postlog()
{
/**
* TODO NEUTRON FIX THIS
*/
\Session_Handler::set_cookie('invite-usr_id', $this->user->get_id(), 0, true);
return $this;
}
}

38
lib/classes/Session/Authentication/Native.class.php
View File

@@ -9,6 +9,8 @@
* file that was distributed with this source code.
*/
use Alchemy\Phrasea\Application;
/**
* Native Authentication for Phraseanet (login/password)
*
@@ -20,9 +22,9 @@ class Session_Authentication_Native implements Session_Authentication_Interface
{
/**
*
* @var appbox
* @var Application
*/
protected $appbox;
protected $app;
/**
*
@@ -50,20 +52,20 @@ class Session_Authentication_Native implements Session_Authentication_Interface
/**
*
* @param appbox $appbox
* @param Application $app
* @param string $login
* @param string $password
* @return Session_Authentication_Native
*/
public function __construct(appbox &$appbox, $login, $password)
public function __construct(Application $app, $login, $password)
{
$this->appbox = $appbox;
$this->app = $app;
$this->login = $login;
$this->password = $password;
try {
$usr_id = User_Adapter::get_usr_id_from_login($this->login);
$this->user = User_Adapter::getInstance($usr_id, $this->appbox);
$usr_id = User_Adapter::get_usr_id_from_login($this->app, $this->login);
$this->user = User_Adapter::getInstance($usr_id, $this->app);
} catch (Exception $e) {
throw new Exception_Unauthorized('User does not exists anymore');
}
@@ -129,7 +131,7 @@ class Session_Authentication_Native implements Session_Authentication_Interface
*/
protected function check_mail_locked()
{
$conn = $this->appbox->get_connection();
$conn = $this->app['phraseanet.appbox']->get_connection();
$sql = 'SELECT mail_locked, usr_id
FROM usr
@@ -152,7 +154,7 @@ class Session_Authentication_Native implements Session_Authentication_Interface
*/
public function challenge_password(Browser $browser = null)
{
$conn = $this->appbox->get_connection();
$conn = $this->app['phraseanet.appbox']->get_connection();
$sql = 'SELECT usr_id
FROM usr
@@ -163,7 +165,7 @@ class Session_Authentication_Native implements Session_Authentication_Interface
AND salted_password = 1
AND model_of="0" AND invite="0"';
$salt = User_Adapter::salt_password($this->password, $this->user->get_nonce());
$salt = User_Adapter::salt_password($this->app, $this->password, $this->user->get_nonce());
$stmt = $conn->prepare($sql);
$stmt->execute(array(
':login' => $this->login,
@@ -189,12 +191,12 @@ class Session_Authentication_Native implements Session_Authentication_Interface
*/
protected function save_badlog(Browser $browser)
{
$conn = $this->appbox->get_connection();
$conn = $this->app['phraseanet.appbox']->get_connection();
$date_obj = new DateTime('-5 month');
$sql = 'DELETE FROM badlog WHERE date < :date';
$stmt = $conn->prepare($sql);
$stmt->execute(array(':date' => phraseadate::format_mysql($date_obj)));
$stmt->execute(array(':date' => $this->app['date-formatter']->format_mysql($date_obj)));
$stmt->closeCursor();
$sql = 'INSERT INTO badlog (date,login,pwd,ip,locked)
@@ -228,13 +230,13 @@ class Session_Authentication_Native implements Session_Authentication_Interface
':password' => hash('sha256', $this->password)
);
$stmt = $this->appbox->get_connection()->prepare($sql);
$stmt = $this->app['phraseanet.appbox']->get_connection()->prepare($sql);
$stmt->execute($params);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if ($row && $row['salted_password'] === '0')
throw new Exception_Session_BadSalinity();
throw new Exception_Session_BadSalinity('Bad password salinity');
return $this;
}
@@ -246,8 +248,8 @@ class Session_Authentication_Native implements Session_Authentication_Interface
*/
protected function check_and_revoke_badlogs($ip)
{
$conn = $this->appbox->get_connection();
$registry = $this->appbox->get_registry();
$conn = $this->app['phraseanet.appbox']->get_connection();
$registry = $this->app['phraseanet.appbox']->get_registry();
$sql = 'SELECT id FROM badlog
WHERE (login = :login OR ip = :ip) AND locked="1"';
@@ -270,7 +272,7 @@ class Session_Authentication_Native implements Session_Authentication_Interface
$stmt->closeCursor();
} elseif ($row_count > 9) {
if ($this->is_captcha_activated($registry))
throw new Exception_Session_RequireCaptcha();
throw new Exception_Session_RequireCaptcha('Require captcha');
}
return $this;
@@ -283,7 +285,7 @@ class Session_Authentication_Native implements Session_Authentication_Interface
*/
protected function is_captcha_activated(registryInterface $registry)
{
$registry = $this->appbox->get_registry();
$registry = $this->app['phraseanet.appbox']->get_registry();
return ($registry->get('GV_captchas')
&& trim($registry->get('GV_captcha_private_key')) !== ''

20
lib/classes/Session/Authentication/PersistentCookie.class.php
View File

@@ -9,6 +9,8 @@
* file that was distributed with this source code.
*/
use Alchemy\Phrasea\Application;
/**
*
* @package Session
@@ -19,9 +21,9 @@ class Session_Authentication_PersistentCookie implements Session_Authentication_
{
/**
*
* @var type
* @var Application
*/
protected $appbox;
protected $app;
/**
*
@@ -37,18 +39,18 @@ class Session_Authentication_PersistentCookie implements Session_Authentication_
/**
*
* @param appbox $appbox
* @param Application $appbox
* @param type $persistent_cookie
* @return Session_Authentication_PersistentCookie
*/
public function __construct(appbox &$appbox, $persistent_cookie)
public function __construct(Application $app, $persistent_cookie)
{
$this->appbox = $appbox;
$this->app= $app;
$this->persistent_cookie = $persistent_cookie;
$browser = Browser::getInstance();
$conn = $this->appbox->get_connection();
$conn = $this->app['phraseanet.appbox']->get_connection();
$sql = 'SELECT usr_id, session_id, nonce, token FROM cache WHERE token = :token';
$stmt = $conn->prepare($sql);
$stmt->execute(array(':token' => $this->persistent_cookie));
@@ -61,11 +63,11 @@ class Session_Authentication_PersistentCookie implements Session_Authentication_
$string = $browser->getBrowser() . '_' . $browser->getPlatform();
if (User_Adapter::salt_password($string, $row['nonce']) !== $row['token']) {
if (User_Adapter::salt_password($this->app, $string, $row['nonce']) !== $row['token']) {
throw new Exception_Session_WrongToken();
}
$this->user = User_Adapter::getInstance($row['usr_id'], $this->appbox);
$this->user = User_Adapter::getInstance($row['usr_id'], $this->app);
$this->ses_id = (int) $row['session_id'];
return $this;
@@ -89,7 +91,7 @@ class Session_Authentication_PersistentCookie implements Session_Authentication_
*
* @return int
*/
public function get_ses_id()
public function getSessionId()
{
return $this->ses_id;
}

14
lib/classes/Session/Authentication/Token.class.php
View File

@@ -9,6 +9,8 @@
* file that was distributed with this source code.
*/
use Alchemy\Phrasea\Application;
/**
*
* @package Session
@@ -19,9 +21,9 @@ class Session_Authentication_Token implements Session_Authentication_Interface
{
/**
*
* @var appbox
* @var Application
*/
protected $appbox;
protected $app;
/**
*
@@ -36,15 +38,15 @@ class Session_Authentication_Token implements Session_Authentication_Interface
* @param type $token
* @return Session_Authentication_Token
*/
public function __construct(appbox &$appbox, $token)
public function __construct(Application $app, $token)
{
$this->appbox = $appbox;
$this->app = $app;
$this->token = $token;
try {
$datas = random::helloToken($token);
$datas = random::helloToken($app, $token);
$usr_id = $datas['usr_id'];
$this->user = User_Adapter::getInstance($usr_id, $this->appbox);
$this->user = User_Adapter::getInstance($usr_id, $this->app);
} catch (Exception_NotFound $e) {
throw new Exception_Session_WrongToken();
}

717
lib/classes/Session/Handler.class.php
View File

@@ -1,717 +0,0 @@
<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2012 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
*
* @package Session
* @license http://opensource.org/licenses/gpl-3.0 GPLv3
* @link www.phraseanet.com
*/
class Session_Handler
{
/**
*
* @var Session_Handler
*/
protected static $_instance;
/**
*
* @var Session_Storage_Interface
*/
protected $session_storage;
/**
*
* @var Session_Phrasea
*/
protected $phrasea_session;
protected $appbox;
protected static $_cookie;
/**
* Constructor
*
* @return Session_Handler
*/
protected function __construct(appbox &$appbox)
{
$this->appbox = $appbox;
$this->init_session_storage();
if ($this->is_authenticated()) {
try {
$user = User_Adapter::getInstance($this->get_usr_id(), $appbox);
$this->restore($user, $this->get_ses_id());
} catch (Exception $e) {
$this->close_phrasea_session();
}
}
return $this;
}
/**
*
* @return Session_Handler
*/
public static function getInstance(appbox &$appbox)
{
if ( ! self::$_instance) {
self::$_instance = new self($appbox);
}
return self::$_instance;
}
/**
*
* @return Void
*/
public function logout()
{
// $this->remove_cookies();
if ( ! $this->is_authenticated()) {
return;
}
$this->storage()->reset();
$this->close_phrasea_session();
return;
}
/**
*
* @return Session_Storage_Interface
*/
public function storage()
{
return $this->session_storage;
}
/**
* Close the session storage. It can't be re-opened after that
*
* @return Session_Handler
*/
public function close_storage()
{
$this->storage()->close();
return $this;
}
/**
* Get the current locale used in this session
*
* @return string
*/
public static function get_locale()
{
return self::get_cookie('locale');
}
/**
* Set the locale used in this session
*
* @param string $value under the form i18n_l10n (de_DE, en_US...)
* @return Session_Handler;
*/
public static function set_locale($value)
{
if ((self::isset_cookie('locale') && self::get_cookie('locale') != $value) || ! self::isset_cookie('locale'))
self::set_cookie("locale", $value, 0, false);
}
/**
* Get the localization code
*
* @return string
*/
public function get_l10n()
{
return array_pop(explode('_', self::get_locale()));
}
/**
* Gets the internationalization code
*
* @return string
*/
public function get_I18n()
{
return array_shift(explode('_', self::get_locale()));
}
/**
* Returns wheter or not it's authenticated
*
* @return boolean
*/
public function is_authenticated()
{
return ($this->storage()->has('ses_id') === true &&
$this->storage()->has('usr_id') === true);
}
/**
* Get the usr_id of the owner
*
* @deprecated
* @return int
*/
public function get_usr_id()
{
return $this->storage()->get('usr_id', null);
}
/**
* Get the ses_id of the owner
*
* @return type
*/
public function get_ses_id()
{
return $this->storage()->get('ses_id', null);
}
public function isset_postlog()
{
return self::isset_cookie('postlog');
}
public function set_postlog()
{
return self::set_cookie('postlog', '1', 0, false);
}
public function get_postlog()
{
return self::get_cookie('postlog', null);
}
public function delete_postlog()
{
return self::set_cookie('postlog', '', -5, false);
}
/**
* Set temporary preference (till the session ends)
*
* @param string $key
* @param mixed $value
* @return Session_Handler
*/
public function set_session_prefs($key, $value)
{
$datas = $this->storage()->get('temp_prefs');
$datas[$key] = $value;
$this->storage()->set('temp_prefs', $datas);
return $this;
}
/**
*
* @param string $key
* @return mixed
*/
public function get_session_prefs($key)
{
$datas = $this->storage()->get('temp_prefs');
if (isset($datas[$key])) {
return $datas[$key];
}
return null;
}
/**
*
* @param string $name
* @param mixed $default_value
* @return mixed
*/
public static function get_cookie($name, $default_value = null)
{
if (http_request::is_command_line() && isset(self::$_cookie[$name])) {
return self::$_cookie[$name];
} elseif ( ! http_request::is_command_line() && isset($_COOKIE[$name])) {
return $_COOKIE[$name];
} elseif ($default_value !== null) {
return $default_value;
}
return null;
}
/**
*
* @param string $name
* @param mixed $value
* @param int $avalaibility
* @param boolean $http_only
* @return boolean
*/
public static function set_cookie($name, $value, $avalaibility, $http_only)
{
$https = false;
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'])
$https = true;
$expire = $avalaibility === 0 ? 0 : time() + (int) $avalaibility;
$http_only = ! ! $http_only;
if ($avalaibility >= 0) {
if (http_request::is_command_line())
self::$_cookie[$name] = $value;
else
$_COOKIE[$name] = $value;
} else {
if (http_request::is_command_line() && isset(self::$_cookie[$name]))
unset(self::$_cookie[$name]);
else
unset($_COOKIE[$name]);
}
if ( ! http_request::is_command_line()) {
return setcookie($name, $value, $expire, '/', '', $https, $http_only);
} else {
return true;
}
}
/**
*
* @param string $name
* @return boolean
*/
public static function isset_cookie($name)
{
if (http_request::is_command_line()) {
return isset(self::$_cookie[$name]);
}
return isset($_COOKIE[$name]);
}
public function renew_phrasea_session()
{
if ( ! $this->phrasea_session instanceof Session_Phrasea)
throw new \Exception('No phrasea session available');
$this->phrasea_session->close();
$user = \User_Adapter::getInstance($this->get_usr_id(), $this->appbox);
$this->phrasea_session = new Session_Phrasea($this->appbox, $user);
$this->phrasea_session->create(\Browser::getInstance());
$this->phrasea_session->open();
$ses_id = $this->phrasea_session->get_id();
$this->storage()->set('usr_id', $user->get_id());
$this->storage()->set('ses_id', $ses_id);
}
/**
* Open the phrasea session
*
* @return Session_Handler
*/
public function open_phrasea_session()
{
if ( ! $this->phrasea_session instanceof Session_Phrasea)
throw new \Exception('No phrasea session available');
$this->phrasea_session->open();
return $this;
}
/**
*
* @param User_Adapter $user
* @param type $ses_id
*/
public function restore(User_Adapter $user, $ses_id)
{
// if ($this->is_authenticated())
// $this->close_phrasea_session();
$this->phrasea_session = new Session_Phrasea($this->appbox, $user, $ses_id);
$this->phrasea_session->open();
$ses_id = $this->phrasea_session->get_id();
$this->storage()->set('usr_id', $user->get_id());
$this->storage()->set('ses_id', $ses_id);
}
/**
* Process the authentication
*
* @param Session_Authentication_Interface $auth
* @return Session_Handler
*/
public function authenticate(Session_Authentication_Interface $auth, $persistent = false)
{
if ($this->appbox->get_registry()->get('GV_maintenance')) {
throw new Exception_ServiceUnavailable();
}
$conn = $this->appbox->get_connection();
$browser = Browser::getInstance();
$this->send_reminders();
$auth->prelog();
if ($this->is_authenticated() && $this->get_usr_id() == $auth->get_user()->get_id()) {
return $this;
}
if ($this->is_authenticated() && $this->get_usr_id() != $auth->get_user()->get_id()) {
$this->close_phrasea_session();
}
$user = $auth->signOn();
$usr_id = $user->get_id();
$this->phrasea_session = new Session_Phrasea($this->appbox, $user);
$this->phrasea_session->create($browser);
$ses_id = $this->phrasea_session->get_id();
$this->storage()->set('usr_id', $usr_id);
$this->storage()->set('ses_id', $ses_id);
$locale = $this->storage()->get('locale', $user->get_locale($usr_id));
$this->storage()->set('locale', $locale);
$user->ACL()->inject_rights();
foreach ($user->ACL()->get_granted_sbas() as $databox) {
Session_Logger::create($databox, $browser, $this, $user);
\cache_databox::insertClient($databox);
}
$this->set_usr_lastconn($conn, $user->get_id());
$this->transfer_baskets($user);
$this->delete_postlog();
$auth->postlog();
if ($persistent) {
$this->add_persistent_cookie();
}
self::set_cookie('last_act', '', -400000, true);
return $this;
}
protected function transfer_baskets(\User_Adapter $user)
{
$Core = \bootstrap::getCore();
$transferBasks = ($this->isset_postlog() && $this->get_postlog() == '1');
if ($transferBasks && $user->is_guest() == false && Session_Handler::isset_cookie('invite-usr_id')) {
$oldusr = self::get_cookie('invite-usr_id');
if ($oldusr == $user->get_id()) {
return $this;
}
$repo = $Core['EM']->getRepository('Entities\Basket');
$baskets = $repo->findBy(array('usr_id' => $oldusr));
foreach ($baskets as $basket) {
$basket->setUsrId($user->get_id());
$Core['EM']->persist($basket);
}
$Core['EM']->flush();
}
return $this;
}
protected function set_usr_lastconn(connection_pdo &$conn, $usr_id)
{
$sql = 'UPDATE usr SET last_conn=now(), locale = :locale
WHERE usr_id = :usr_id';
$stmt = $conn->prepare($sql);
$stmt->execute(array(
':locale' => self::get_locale(),
':usr_id' => $usr_id
));
$stmt->closeCursor();
}
public function add_persistent_cookie()
{
$theclient = Browser::getInstance();
$nonce = random::generatePassword(16);
$string = $theclient->getBrowser() . '_' . $theclient->getPlatform();
$token = User_Adapter::salt_password($string, $nonce);
$sql = 'UPDATE cache SET nonce = :nonce, token = :token WHERE session_id = :ses_id';
$params = array(
':nonce' => $nonce,
':ses_id' => $this->get_ses_id(),
':token' => $token
);
$stmt = $this->appbox->get_connection()->prepare($sql);
$stmt->execute($params);
$stmt->closeCursor();
self::set_cookie('persistent', $token, (30 * 24 * 3600), true);
return $this;
}
protected function init_session_storage()
{
$session_name = 'system';
if (http_request::is_command_line()) {
$this->session_storage = Session_Storage_CommandLine::getInstance($session_name);
} else {
$this->session_storage = Session_Storage_PHPSession::getInstance($session_name);
}
return $this;
}
protected function close_phrasea_session()
{
if ($this->phrasea_session instanceof Session_Phrasea)
$this->phrasea_session->close();
$this->storage()->reset();
return $this;
}
public function remove_cookies()
{
self::set_cookie($this->storage()->getName(), '', -420000, false);
self::set_cookie('last_act', '{}', -420000, true);
self::set_cookie('persistent', '', -420000, true);
return $this;
}
/**
*
* @param databox $databox
* @return Session_Logger
*/
public function get_logger(databox $databox)
{
try {
return Session_Logger::load($databox, $this);
} catch (Exception_Session_LoggerNotFound $e) {
$user = null;
$browser = Browser::getInstance();
if ($this->is_authenticated())
$user = User_Adapter::getInstance($this->get_usr_id(), appbox::get_instance(\bootstrap::getCore()));
return Session_Logger::create($databox, $browser, $this, $user);
}
}
protected function send_reminders()
{
if ( ! class_exists('eventsmanager_broker')) {
return $this;
}
$core = bootstrap::getCore();
$registry = $core->getRegistry();
$date = new DateTime('+' . (int) $registry->get('GV_validation_reminder') . ' days');
$eventsMngr = $core['events-manager'];
$em = $core->getEntityManager();
/* @var $em \Doctrine\ORM\EntityManager */
$participantRepo = $em->getRepository('\Entities\ValidationParticipant');
/* @var $participantRepo \Repositories\ValidationParticipantRepository */
$participants = $participantRepo->findNotConfirmedAndNotRemindedParticipantsByExpireDate($date);
foreach ($participants as $participant) {
/* @var $participant \Entities\ValidationParticipant */
$validationSession = $participant->getSession();
$participantId = $participant->getUsrId();
$basketId = $validationSession->getBasket()->getId();
try {
$token = \random::getValidationToken($participantId, $basketId);
} catch (\Exception_NotFound $e) {
continue;
}
$eventsMngr->trigger('__VALIDATION_REMINDER__', array(
'to' => $participantId,
'ssel_id' => $basketId,
'from' => $validationSession->getInitiatorId(),
'validate_id' => $validationSession->getId(),
'url' => $registry->get('GV_ServerName') . 'lightbox/validate/' . $basketId . '/?LOG=' . $token
));
}
return $this;
}
public function get_my_sessions()
{
$sql = 'SELECT session_id, lastaccess, ip, platform, browser, screen
, created_on, browser_version, token
FROM cache WHERE usr_id = :usr_id';
$stmt = $this->appbox->get_connection()->prepare($sql);
$stmt->execute(array(':usr_id' => $this->get_usr_id()));
$rs = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$geonames = new geonames();
foreach ($rs as $k => $row) {
$datas = $geonames->find_geoname_from_ip($row['ip']);
if ($datas['city']) {
$infos = $datas['city'] . ' (' . $datas['country'] . ')';
} elseif ($datas['fips']) {
$infos = $datas['fips'] . ' (' . $datas['country'] . ')';
} elseif ($datas['country']) {
$infos = $datas['country'];
} else {
$infos = '';
}
$rs[$k]['session_id'] = (int) $rs[$k]['session_id'];
$rs[$k]['ip_infos'] = $infos;
$rs[$k]['created_on'] = new \DateTime($row['created_on']);;
$rs[$k]['lastaccess'] = new \DateTime($row['lastaccess']);
}
return $rs;
}
public function set_event_module($app, $enter)
{
$sql = "SELECT app FROM cache WHERE session_id = :ses_id AND usr_id = :usr_id";
$stmt = $this->appbox->get_connection()->prepare($sql);
$stmt->execute(array(':ses_id' => $this->get_ses_id(), ':usr_id' => $this->get_usr_id()));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$apps = false;
if ($row) {
$apps = unserialize($row['app']);
}
if ( ! is_array($apps))
$apps = array();
if ($enter) {
if ($app && ! in_array($app, $apps))
$apps[] = $app;
} elseif (in_array($app, $apps)) {
unset($apps[$app]);
}
$ret['apps'] = count($apps);
$sql = "UPDATE cache SET lastaccess=now(),app = :apps WHERE session_id = :ses_id AND usr_id = :usr_id";
$stmt = $this->appbox->get_connection()->prepare($sql);
$stmt->execute(array(':ses_id' => $this->get_ses_id(), ':usr_id' => $this->get_usr_id(), ':apps' => serialize($apps)));
$stmt->closeCursor();
return $this;
}
public static function get_active_sessions()
{
$conn = connection::getPDOConnection();
$date_obj = new DateTime('-5 min');
$time = date("Y-m-d H:i:s", $date_obj->format('U'));
$sql = "SELECT session_id,app, usr_id, user_agent, ip, lastaccess,
platform, browser, screen, created_on, browser_version, token
FROM cache WHERE lastaccess > :time";
$stmt = $conn->prepare($sql);
$stmt->execute(array(':time' => $time));
$rs = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
$geonames = new geonames();
$ret = array(
'sessions' => array(),
'applications' => array(
'0' => 0,
'1' => 0,
'2' => 0,
'3' => 0,
'4' => 0,
'5' => 0,
'6' => 0,
'7' => 0,
'8' => 0,
)
);
foreach ($rs as $row) {
$session = array();
$session['browser'] = $row['browser'];
$session['browser_version'] = $row['browser_version'];
$session['session_id'] = $row['session_id'];
$session['user_agent'] = $row['user_agent'];
$session['ip'] = $row['ip'];
$session['screen'] = $row['screen'];
$session['platform'] = $row['platform'];
$session['created_on'] = new DateTime($row['created_on']);
$session['lastaccess'] = new DateTime($row['lastaccess']);
$session['token'] = ! ! $row['token'];
$session['user'] = User_Adapter::getInstance($row['usr_id'], appbox::get_instance(\bootstrap::getCore()));
$session["app"] = (array) unserialize($row["app"]);
foreach ($session["app"] as $app) {
if (isset($ret['applications'][$app])) {
$ret['applications'][$app] ++;
}
}
$datas = $geonames->find_geoname_from_ip($row['ip']);
if ($datas['city']) {
$infos = $datas['city'] . ' (' . $datas['country'] . ')';
} elseif ($datas['fips']) {
$infos = $datas['fips'] . ' (' . $datas['country'] . ')';
} elseif ($datas['country']) {
$infos = $datas['country'];
} else {
$infos = '';
}
$session['ip_infos'] = $infos;
$ret['sessions'][] = $session;
}
return $ret;
}
}

41
lib/classes/Session/Logger.class.php
View File

@@ -9,6 +9,8 @@
* file that was distributed with this source code.
*/
use Alchemy\Phrasea\Application;
/**
*
* @package Session
@@ -28,6 +30,7 @@ class Session_Logger
* @var databox
*/
protected $databox;
protected $app;
const EVENT_DELETE = 'delete';
const EVENT_EDIT = 'edit';
@@ -47,8 +50,9 @@ class Session_Logger
* @param int $log_id
* @return Session_Logger
*/
public function __construct(databox &$databox, $log_id)
public function __construct(Application $app, databox &$databox, $log_id)
{
$this->app = $app;
$this->databox = $databox;
$this->id = (int) $log_id;
@@ -89,18 +93,17 @@ class Session_Logger
/**
*
* @param databox $databox
* @param Session_Phrasea $session
* @param User_Adapter $user
* @param Browser $browser
* @return Session_Logger
*/
public static function create(databox &$databox, Browser &$browser, Session_Handler $session, User_Adapter &$user = null)
public static function create(Application $app, databox &$databox, Browser &$browser)
{
$colls = array();
$registry = registry::get_instance();
$registry = $app['phraseanet.registry'];
if ($user) {
$bases = $user->ACL()->get_granted_base(array(), array($databox->get_sbas_id()));
if ($app['phraseanet.user']) {
$bases = $app['phraseanet.user']->ACL()->get_granted_base(array(), array($databox->get_sbas_id()));
foreach ($bases as $collection) {
$colls[] = $collection->get_coll_id();
}
@@ -116,10 +119,10 @@ class Session_Logger
, :user_agent, :appli, :fonction, :company, :activity, :country)";
$params = array(
':ses_id' => $session->get_ses_id(),
':usr_login' => $user ? $user->get_login() : null,
':site_id' => $registry->get('GV_sit'),
':usr_id' => $user ? $user->get_id() : null,
':ses_id' => $app['session']->get('phrasea_session_id'),
':usr_login' => $app['phraseanet.user'] ? $app['phraseanet.user']->get_login() : null,
':site_id' => $app['phraseanet.registry']->get('GV_sit'),
':usr_id' => $app['phraseanet.user'] ? $app['phraseanet.user']->get_id() : null,
':coll_list' => implode(',', $colls),
':browser' => $browser->getBrowser(),
':browser_version' => $browser->getExtendedVersion(),
@@ -128,10 +131,10 @@ class Session_Logger
':ip' => $browser->getIP(),
':user_agent' => $browser->getUserAgent(),
':appli' => serialize(array()),
':fonction' => $user ? $user->get_job() : null,
':company' => $user ? $user->get_company() : null,
':activity' => $user ? $user->get_position() : null,
':country' => $user ? $user->get_country() : null
':fonction' => $app['phraseanet.user'] ? $app['phraseanet.user']->get_job() : null,
':company' => $app['phraseanet.user'] ? $app['phraseanet.user']->get_company() : null,
':activity' => $app['phraseanet.user'] ? $app['phraseanet.user']->get_position() : null,
':country' => $app['phraseanet.user'] ? $app['phraseanet.user']->get_country() : null
);
$stmt = $databox->get_connection()->prepare($sql);
@@ -140,12 +143,12 @@ class Session_Logger
$log_id = $databox->get_connection()->lastInsertId();
$stmt->closeCursor();
return new Session_Logger($databox, $log_id);
return new Session_Logger($app, $databox, $log_id);
}
public static function load(databox $databox, Session_Handler $session)
public static function load(Application $app, databox $databox)
{
if ( ! $session->is_authenticated()) {
if ( ! $app->isAuthenticated()) {
throw new Exception_Session_LoggerNotFound('Not authenticated');
}
@@ -154,7 +157,7 @@ class Session_Logger
$params = array(
':site' => $databox->get_registry()->get('GV_sit')
, ':ses_id' => $session->get_ses_id()
, ':ses_id' => $app['session']->get('phrasea_session_id')
);
$stmt = $databox->get_connection()->prepare($sql);
@@ -165,6 +168,6 @@ class Session_Logger
if ( ! $row)
throw new Exception_Session_LoggerNotFound('Logger not found');
return new self($databox, $row['id']);
return new self($app, $databox, $row['id']);
}
}

181
lib/classes/Session/Phrasea.class.php
View File

@@ -1,181 +0,0 @@
<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2012 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
*
* @package Session
* @license http://opensource.org/licenses/gpl-3.0 GPLv3
* @link www.phraseanet.com
*/
class Session_Phrasea
{
/**
*
* @var User_Adapter
*/
protected $user;
/**
*
* @var appbox
*/
protected $appbox;
/**
*
* @var int
*/
protected $ses_id;
/**
*
* @param appbox $appbox
* @param User_Adapter $user
* @param int $ses_id
* @return Session_Phrasea
*/
public function __construct(appbox &$appbox, User_Adapter &$user, $ses_id = null)
{
$this->clear_sessions();
$this->appbox = $appbox;
$this->user = $user;
$this->ses_id = $ses_id;
return $this;
}
/**
*
* @return int
*/
public function get_id()
{
return $this->ses_id;
}
/**
*
* @param Browser $browser
* @return Session_Phrasea
*/
public function create(Browser &$browser)
{
if ($this->ses_id)
throw new Exception_Session_AlreadyCreated();
if ( ! $this->user)
throw new Exception_Session_Closed('You have to create a new Phrasea session with the new user');
if (($ses_id = phrasea_create_session($this->user->get_id())) === false)
throw new Exception_InternalServerError();
$this->ses_id = $ses_id;
$this->update_informations($this->appbox, $browser);
return $this;
}
/**
*
* @param appbox $appbox
* @param Browser $browser
* @param Array $logs
*/
protected function update_informations(appbox &$appbox, Browser &$browser)
{
$sql = "UPDATE cache SET
user_agent = :user_agent, ip = :ip, platform = :platform,
browser = :browser,
screen = :screen, browser_version = :browser_version
WHERE session_id = :ses_id";
$stmt = $appbox->get_connection()->prepare($sql);
$stmt->execute(
array(
':user_agent' => $browser->getUserAgent(),
':ip' => $browser->getIP(),
':platform' => $browser->getPlatform(),
':browser' => $browser->getBrowser(),
':screen' => $browser->getScreenSize(),
':browser_version' => $browser->getExtendedVersion(),
':ses_id' => $this->ses_id
)
);
$stmt->closeCursor();
}
/**
*
* @return Session_Phrasea
*/
public function open()
{
if ( ! $this->user instanceof User_Adapter)
throw new Exception_Session_Closed();
if ( ! phrasea_open_session($this->ses_id, $this->user->get_id()))
throw new Exception_Session_Closed();
return $this;
}
/**
*
* @return Session_Phrasea
*/
public function close()
{
phrasea_close_session($this->ses_id);
$this->ses_id = null;
$this->user = null;
return $this;
}
// /**
// *
// * @param type $usr_id
// */
// public static function get_actives_by_usr_id($usr_id)
// {
//
// }
//
// public static function get_actives()
// {
//
// }
/**
*
* @return Session_Phrasea
*/
protected function clear_sessions()
{
$conn = connection::getPDOConnection();
$registry = registry::get_instance();
$sql = "SELECT session_id FROM cache
WHERE (lastaccess < DATE_SUB(NOW(), INTERVAL 1 MONTH) AND token IS NOT NULL)
OR (lastaccess < DATE_SUB(NOW(), INTERVAL 30 MINUTE) AND token IS NULL)";
$stmt = $conn->prepare($sql);
$stmt->execute();
$rs = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
foreach ($rs as $row) {
phrasea_close_session($row['session_id']);
}
$date_two_day = new DateTime('+' . (int) $registry->get('GV_validation_reminder') . ' days');
return $this;
}
}

48
lib/classes/Session/Storage/Abstract.class.php
View File

@@ -1,48 +0,0 @@
<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2012 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
*
* @package Session
* @license http://opensource.org/licenses/gpl-3.0 GPLv3
* @link www.phraseanet.com
*/
abstract class Session_Storage_Abstract
{
/**
*
* @var boolean
*/
protected $open = true;
/**
*
* @return Session_Storage_Abstract
*/
public function close()
{
$this->open = false;
return $this;
}
/**
*
* @return Session_Storage_Abstract
*/
protected function require_open_storage()
{
if ( ! $this->open)
throw new Exception_Session_StorageClosed ();
return $this;
}
}

150
lib/classes/Session/Storage/CommandLine.class.php
View File

@@ -1,150 +0,0 @@
<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2012 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
*
* @package Session
* @license http://opensource.org/licenses/gpl-3.0 GPLv3
* @link www.phraseanet.com
*/
class Session_Storage_CommandLine extends Session_Storage_Abstract implements Session_Storage_Interface
{
/**
*
* @var Session_Storage_CommandLine
*/
protected static $_instance;
/**
*
* @var string
*/
private static $_name = '';
/**
*
* @var Array
*/
private static $_cli_storage = array();
/**
*
* @param string $session_name
* @return Session_Storage_CommandLine
*/
public static function getInstance($session_name)
{
if ( ! self::$_instance) {
self::$_instance = new self($session_name);
}
return self::$_instance;
}
/**
*
* @param string $name
* @return Session_Storage_CommandLine
*/
protected function __construct($name)
{
return $this;
}
/**
*
* @param string $key
* @return mixed
*/
public function get($key, $default_value = null)
{
return isset(self::$_cli_storage[self::$_name][$key]) ? self::$_cli_storage[self::$_name][$key] : $default_value;
}
/**
*
* @param string $key
* @return mixed
*/
public function has($key)
{
return isset(self::$_cli_storage[self::$_name][$key]);
}
/**
*
* @param string $key
* @param mixed $value
* @return boolean
*/
public function set($key, $value)
{
$this->require_open_storage();
return self::$_cli_storage[self::$_name][$key] = $value;
}
/**
*
* @param string $key
* @return boolean
*/
public function remove($key)
{
$retval = null;
$this->require_open_storage();
if (isset(self::$_cli_storage[self::$_name][$key])) {
$retval = self::$_cli_storage[self::$_name][$key];
unset(self::$_cli_storage[self::$_name][$key]);
}
return $retval;
}
/**
* Return PHP session name
*
* @return string
*/
public function getName()
{
return 'commandLine';
}
/**
* Return PHP session Id
*
* @return string
*/
public function getId()
{
return 'commandLine';
}
public function reset()
{
self::$_cli_storage[self::$_name] = array();
return;
}
/**
*
* @return Void
*/
public function destroy()
{
unset(self::$_cli_storage[self::$_name]);
return;
}
}

55
lib/classes/Session/Storage/Interface.class.php
View File

@@ -1,55 +0,0 @@
<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2012 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
*
* @package Session
* @license http://opensource.org/licenses/gpl-3.0 GPLv3
* @link www.phraseanet.com
*/
interface Session_Storage_Interface
{
/**
* Close the session storage
*
* @return Void
*/
public function close();
/**
* Return true if the storage contains the key
*
* @param string $key
* @return boolean
*/
public function has($key);
/**
* Set a key in the storage
*
* @param string $key
* @param mixed $default_value
*/
public function get($key, $default_value = null);
public function set($key, $value);
public function remove($key);
public function getName();
public function getId();
public function reset();
public function destroy();
}

163
lib/classes/Session/Storage/PHPSession.class.php
View File

@@ -1,163 +0,0 @@
<?php
/*
* This file is part of Phraseanet
*
* (c) 2005-2012 Alchemy
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
*
* @package Session
* @license http://opensource.org/licenses/gpl-3.0 GPLv3
* @link www.phraseanet.com
*/
class Session_Storage_PHPSession extends Session_Storage_Abstract implements Session_Storage_Interface
{
/**
*
* @var Session_Storage_PHPSession
*/
protected static $_instance;
/**
*
* @var string
*/
protected $name = 'PHPSESSID';
/**
*
* @param string $session_name
* @return Session_Storage_PHPSession
*/
public static function getInstance($session_name)
{
if ( ! self::$_instance) {
self::$_instance = new self($session_name);
}
return self::$_instance;
}
/**
*
* @param string $session_name
* @return Session_Storage_PHPSession
*/
protected function __construct($session_name)
{
$this->name = $session_name;
$this->start();
return $this;
}
/**
*
* @return Session_Storage_PHPSession
*/
protected function start()
{
session_cache_limiter('');
session_name($this->name);
session_start();
$this->open = true;
return $this;
}
/**
*
* @return Session_Storage_PHPSession
*/
public function close()
{
if ($this->open) {
session_write_close();
}
parent::close();
return $this;
}
/**
*
* @param string $key
* @return mixed
*/
public function has($key)
{
return isset($_SESSION[$key]);
}
/**
*
* @param string $key
* @return mixed
*/
public function get($key, $default_value = null)
{
return isset($_SESSION[$key]) ? $_SESSION[$key] : $default_value;
}
public function set($key, $value)
{
$this->require_open_storage();
$_SESSION[$key] = $value;
return $this;
}
public function remove($key)
{
$this->require_open_storage();
if (isset($_SESSION[$key]))
unset($_SESSION[$key]);
return $this;
}
/**
* Return PHP session name
*
* @return string
*/
public function getName()
{
return session_name();
}
/**
* Return PHP session Id
*
* @return <type>
*/
public function getId()
{
return session_id();
}
public function reset()
{
$_SESSION = array();
return $this;
}
/**
*
* @return Void
*/
public function destroy()
{
session_destroy();
$this->open = false;
return;
}
}