From 9c99e2fbf26f127ab832279b4bd194ce421b2d9d Mon Sep 17 00:00:00 2001 From: peter Date: Sun, 2 Mar 2008 11:50:18 +0000 Subject: [PATCH] - added websession class git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@101 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33 --- www/config.php.template | 3 + www/inc/classes/cart.php | 39 ++++++++++++- www/inc/classes/customer.php | 11 ++++ www/inc/classes/language_manager.php | 7 +- www/inc/classes/websession.php | 101 ++++++++++++++++++++++++++++++++++ www/inc/db/db.php | 1 + www/inc/db/db_scheme.php | 13 ++++- www/inc/global_variables.php | 4 +- www/inc/loader_nonadmin.php | 1 + www/inc/rendering/cart_listing.php | 2 +- www/inc/rendering/submit.php | 14 +++- 11 files changed, 181 insertions(+), 15 deletions(-) create mode 100644 www/inc/classes/websession.php diff --git a/www/config.php.template b/www/config.php.template index d0b7a9e..b9f7e43 100644 --- a/www/config.php.template +++ b/www/config.php.template @@ -55,4 +55,7 @@ $ClientSessionTimeout=2*3600; //how long the stuff in a shopping cart is stored $CartTimeout=3600; +//Authenticated web session timeout - how long an authenticated web session lasts +// this should usually be a few hours (3600s per hour) +$WebSessionTimeout=1800; ?> \ No newline at end of file diff --git a/www/inc/classes/cart.php b/www/inc/classes/cart.php index 131cfbe..3c65524 100644 --- a/www/inc/classes/cart.php +++ b/www/inc/classes/cart.php @@ -112,6 +112,10 @@ class Cart { global $db; global $CartTimeout; + + //prune cart table + $db->deleteRows("cart", "timeout < ".time()); + if($id===false){ $db->beginTransaction(); while(1){ @@ -125,7 +129,10 @@ class Cart } } //create entry - $db->insert("cart",array("cartid"=>$id,"timeout"=>(time()+$CartTimeout))); + + $timeout = time()+$CartTimeout ; + print $timeout; + $db->insert("cart",array("cartid"=>$id,"timeout"=>$timeout,"shippingaddress"=>"test")); $db->commitTransaction(); }else{ //check that cart exists @@ -209,7 +216,7 @@ class Cart $ret=array(); //go through events global $db; - $res=$db->select("cart_ticket","*","where cartid=".$db->escapeString($this->cartid)); + $res=$db->select("cart_ticket","*","cartid=".$db->escapeString($this->cartid)); if(count($res)>0) foreach($res as $k=>$tc){ $evt=new Event($tc["eventid"]); @@ -219,7 +226,7 @@ class Cart } //vouchers are ok by default, just check amount $itmcnt=count($res); - $res=$db->select("cart_voucher","cvid","where cartid=".$db->escapeString($this->cartid)); + $res=$db->select("cart_voucher", "cvid", "cartid=".$db->escapeString($this->cartid)); $itmcnt+=count($res); //check that we have something to order if($itmcnt<=0) @@ -232,7 +239,31 @@ class Cart public function renewCart() { global $db; - $db->update("cart",array("timeout"=>(time()+$CartTimeout)),"cartid=".$db->escapeInt($this->cartid)); + if ($this->isValid()) { + $db->update("cart", array("timeout"=>(time()+$CartTimeout)), "cartid=".$db->escapeInt($this->cartid)); + } + } + + /**adds the shipping address to the cart*/ + public function addShippingAddress($address) + { + global $db; + if ($this->isValid()) { + $db->update("cart", array("shippingaddress"=>$db->escapeString($address)), "cartid=".$db->escapeString($this->cartid)); + } + } + + /**returns the shipping address for the cart*/ + public function getShippingAddress() + { + global $db; + if ($this->isValid()) { + $res = $db->select("cart", "shippingaddress", "cartid=".$db->escapeString($this->cartid)); + if (count($res) > 0) + return $res[0]["shippingaddress"]; + else + return false; + } } }; diff --git a/www/inc/classes/customer.php b/www/inc/classes/customer.php index 1648ab4..9f4b99f 100644 --- a/www/inc/classes/customer.php +++ b/www/inc/classes/customer.php @@ -13,6 +13,8 @@ class Customer /**construct an empty customer; if $id is given it tries to pre-load from the database*/ public function __construct($id=false) { + global $db; + $this->id=false; if($id!==false){ if ($this->getByID($id)) { @@ -51,6 +53,15 @@ class Customer return false; } + /** returns the ID of the customer */ + public function getID() + { + if($this->id===false) + return ""; + else + return $this->id; + } + /** returns the name of the customer */ public function getName() { diff --git a/www/inc/classes/language_manager.php b/www/inc/classes/language_manager.php index d83a6b1..8c37237 100644 --- a/www/inc/classes/language_manager.php +++ b/www/inc/classes/language_manager.php @@ -38,7 +38,6 @@ function string_format($string, $array) class LanguageManager { - private static $COOKIE_NAME = "ms_lang"; private static $instance; private $lang; private $config; @@ -58,8 +57,8 @@ class LanguageManager $this->templateFolder .= "/"; // check if cookie is set - if (isset($_COOKIE[self::$COOKIE_NAME])) { - $this->lang = $_COOKIE[self::$COOKIE_NAME]; + if (isset($_COOKIE[COOKIE_LANGUAGE])) { + $this->lang = $_COOKIE[COOKIE_LANGUAGE]; } else { $this->lang = substr($_SERVER["HTTP_ACCEPT_LANGUAGE"],0,2); } @@ -85,7 +84,7 @@ class LanguageManager public function setLanguage($language) { $this->lang = $language; - setcookie(self::$COOKIE_NAME, $language, 0); + setcookie(COOKIE_LANGUAGE, $language, 0); $this->setLanguageConfig(); } diff --git a/www/inc/classes/websession.php b/www/inc/classes/websession.php new file mode 100644 index 0000000..3c65692 --- /dev/null +++ b/www/inc/classes/websession.php @@ -0,0 +1,101 @@ +deleteRows("websession", "timeout < ".time()); + + //default: + $this->loggedin=false; + $this->customerid=null; + + //check cookie + if(isset($_COOKIE[COOKIE_WEBSESSION])){ + $res = $db->select("websession", "*", "sessionid=".$db->escapeString($_COOKIE[COOKIE_WEBSESSION])); + if (count($res) > 0){ + $uid = $res[0]["customerid"]; + $this->sessionid = $res[0]["sessionid"]; + + $customer = new Customer($uid); + if ($customer->exists()) { + $this->customerid = $customer->getID(); + $this->loggedin = true; + } else + $this->destroySession(); + } + } + } + + /** checks if the customer is authorized */ + public function isAuthorized() + { + return $this->loggedin; + } + + /** returns the current customer */ + public function getCustomer() + { + if ($this->loggedin) + return new Customer($this->customerid); + else + return false; + } + + /** creates a new session for the customer */ + public function createSession($customerId) + { + global $db; + + $this->destroySession(); + + $customer = new Customer($customerId); + + // only if customer exists, create session + if ($customer->exists()) { + + //create session and set cookie + do{ + $sessionid = getRandom(128); + $res = $db->select("websession", "*", "sessionid=".$db->escapeString($sessionid)); + $again = count($res) > 0; + } while ($again); + + $timeout=time()+$WebSessionTimeout; + $db->insert("websession", array("sessionid"=>$sessionid, "customerid"=>$customer->getID(), "timeout"=>$timeout)); + + setcookie(COOKIE_WEBSESSION, $sessionid, $timeout); + + $this->loggedin = true; + $this->customerid = $customer->getID(); + } + } + + /** destroys the current session */ + private function destroySession() + { + global $db; + + if($this->loggedin){ + $db->deleteRows("websession", "sessionid=".$db->escapeString($this->sessionid)); + } + setcookie(COOKIE_WEBSESSION, "", 1); + } + + /** logs the customer out */ + public function logout() + { + $this->destroySession(); + header("Location: index.php"); + exit(); + } +}; +?> \ No newline at end of file diff --git a/www/inc/db/db.php b/www/inc/db/db.php index 4a94b34..4d4fdaf 100644 --- a/www/inc/db/db.php +++ b/www/inc/db/db.php @@ -171,6 +171,7 @@ abstract class DbEngine $val.="NULL"; } $ret.=$val.")"; + print $ret; return $ret; } diff --git a/www/inc/db/db_scheme.php b/www/inc/db/db_scheme.php index db4e2ed..aaa81fb 100644 --- a/www/inc/db/db_scheme.php +++ b/www/inc/db/db_scheme.php @@ -144,7 +144,9 @@ class DbScheme { //the cookie for this cart "cartid" => array("string:32","primarykey"), //when the cart expires - "timeout" => array("int32","notnull") + "timeout" => array("int32","notnull"), + //shipping address during order process + "shippingaddress" => array("string") ); //buying tickets $this->scheme["cart_ticket"]=array( @@ -163,6 +165,15 @@ class DbScheme { "value" => array("int32","notnull") ); + //web sessions + $this->scheme["websession"]=array( + "sessionid" => array("string:64","primarykey"), + //customer + "customerid" => array("int32","notnull","foreignkey:customer:customerid"), + //unix timestamp at which to delete this session + // this needs to change to 64-bit int in 2038 + "timeout"=>array("int32","notnull") + ); } /**return the tables to be created in order*/ diff --git a/www/inc/global_variables.php b/www/inc/global_variables.php index 47190a9..73453e7 100644 --- a/www/inc/global_variables.php +++ b/www/inc/global_variables.php @@ -9,7 +9,9 @@ // +---------------------------------------------------------------------- // -define("COOKIE_NAME", "ms_cartid"); +define("COOKIE_CART", "ms_cartid"); +define("COOKIE_WEBSESSION", "ms_websession"); +define("COOKIE_LANGUAGE", "ms_lang"); $lang = LanguageManager::singleton(); $error = ErrorManager::singleton(); diff --git a/www/inc/loader_nonadmin.php b/www/inc/loader_nonadmin.php index 52d6d57..266c8a4 100644 --- a/www/inc/loader_nonadmin.php +++ b/www/inc/loader_nonadmin.php @@ -14,6 +14,7 @@ include('./inc/classes/language_manager.php'); include('./inc/classes/parser.php'); include('./inc/classes/config_manager.php'); include('./inc/classes/customer.php'); +include('./inc/classes/websession.php'); //load hash lib include("./inc/machine/cauth_".$HashLib.".php"); diff --git a/www/inc/rendering/cart_listing.php b/www/inc/rendering/cart_listing.php index 149df88..56059cf 100644 --- a/www/inc/rendering/cart_listing.php +++ b/www/inc/rendering/cart_listing.php @@ -17,7 +17,7 @@ function createCartOverview() $error = ErrorManager::singleton(); $lang = LanguageManager::singleton(); - $cart = new Cart($_COOKIE[COOKIE_NAME]); + $cart = new Cart($_COOKIE[COOKIE_CART]); $p = new Parser("cart.html"); diff --git a/www/inc/rendering/submit.php b/www/inc/rendering/submit.php index 5dadd04..5dbf57b 100644 --- a/www/inc/rendering/submit.php +++ b/www/inc/rendering/submit.php @@ -36,10 +36,10 @@ function addEventToCart() $error->add(i18n("No more tickets for this event available!")); return; } else { - $cart = new Cart(addslashes($_COOKIE[COOKIE_NAME])); + $cart = new Cart($_COOKIE[COOKIE_CART]); if (!$cart->isValid()) { $cart = new Cart(); - setcookie(COOKIE_NAME, $cart->getCartId(), 0); + setcookie(COOKIE_CART, $cart->getCartId(), 0); } // check if event is already booked @@ -80,7 +80,7 @@ function addEventToCart() function deleteEventFromCart() { if ($_GET["action"]=="deleteEvent") { - $cart = new Cart(addslashes($_COOKIE[COOKIE_NAME])); + $cart = new Cart($_COOKIE[COOKIE_CART]); // check if cart valid if ($cart->isValid()) { // get cart ticket @@ -99,7 +99,7 @@ function changeTicketAmountInCart() if (isset($_POST["ms_save"])) { - $cart = new Cart(addslashes($_COOKIE[COOKIE_NAME])); + $cart = new Cart($_COOKIE[COOKIE_CART]); // check if cart valid if ($cart->isValid()) { @@ -184,6 +184,9 @@ function checkOrderLogin() $customer = new Customer(); $customer->getByMail($_POST["ms_email"]); if ($customer->authenticate($_POST["ms_password"])) { + // create web session + $session = new Websession(); + $session->createSession($customer->getID()); // go to order overview Header("Location: index.php?mode=userdata"); exit(); @@ -253,6 +256,9 @@ function registerUser() $customer->setContact($_POST["ms_custContact"]); } + $session = new Websession(); + $session->createSession($customer->getID()); + // redirect to overview page } } -- 1.7.2.5