Savane PHP Frontend Developer Reference: sessions.php Source File

00001 <?php
00002 # This file is part of the Savane project
00003 # <http://gna.org/projects/savane/>
00004 #
00005 # $Id: sessions.php 4977 2005-11-15 17:38:40Z yeupou $
00006 #
00007 #  Copyright 2004      (c) Mathieu Roy <yeupou--at--gnu.org>
00008 #
00009 # The Savane project is free software; you can redistribute it and/or
00010 # modify it under the terms of the GNU General Public License
00011 # as published by the Free Software Foundation; either version 2
00012 # of the License, or (at your option) any later version.
00013 #
00014 # The Savane project is distributed in the hope that it will be useful,
00015 # but WITHOUT ANY WARRANTY; without even the implied warranty of
00016 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00017 # GNU General Public License for more details.
00018 #
00019 # You should have received a copy of the GNU General Public License
00020 # along with the Savane project; if not, write to the Free Software
00021 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
00022 
00023 
00024 require "../../include/pre.php";
00025 
00026 register_globals_off();
00027 
00028 # Check if the user is logged in.
00029 session_require(array('isloggedin'=>'1'));
00030 
00031 
00032 ########################################################################
00033 # Update the database
00034 if (sane_get("func") == "del")
00035 {
00036   $dsession_hash = sane_get("dsession_hash");
00037   $dip_addr = sane_get("dip_addr");
00038   $dtime = sane_get("dtime");
00039   $dkeep_one = sane_get("dkeep_one");
00040   
00041   if ($dsession_hash && $dip_addr && $dtime)
00042     {
00043       # Delete one session
00044       $dsession_hash = substr($dsession_hash, 0, 6)."%";
00045       $sql = "DELETE FROM session WHERE session_hash like '$dsession_hash' "
00046          . " AND ip_addr='$dip_addr'"
00047          . " AND time='$dtime'"
00048          . " AND user_id='".user_getid()."'"
00049          . " LIMIT 1";
00050       if (db_query($sql))
00051         { fb(_("Old session deleted")); }
00052       else
00053         { fb(_("Failed to delete old session"), 1); }
00054     }
00055   else if ($dkeep_one) 
00056     {
00057       # Delete all sessions apart from the current one
00058       $session_hash = sane_cookie("session_hash");
00059       $sql = "DELETE FROM session WHERE session_hash<>'$session_hash' "
00060         . " AND user_id='".user_getid()."'";
00061 
00062       if (db_query($sql))
00063         { fb(_("Old sessions deleted")); }
00064       else
00065         { fb(_("Failed to delete old sessions"), 1); }
00066     }
00067   else     
00068     {
00069       fb(_("Parameters missing, update canceled"), 1);
00070     }
00071 }
00072 
00073 
00074 
00075 ########################################################################
00076 # Actually prints the HTML page
00077 
00078 site_user_header(array('title'=>_("Manage sessions"),
00079                        'context'=>'account'));
00080 
00081 
00082 
00083 $res = db_query("SELECT session_hash,ip_addr,time FROM session WHERE "
00084                  . "user_id = '".user_getid()."' "
00085                  . "ORDER BY time DESC");
00086 
00087 if (db_numrows($res) < 1)
00088 {
00089   exit_error(_("No session found."));
00090 }
00091 
00092 print $HTML->box_top(_("Opened Sessions"));
00093 
00094 while ($row = db_fetch_array($res))
00095 {
00096   $i++;
00097   if ($i > 1)
00098     { print $HTML->box_nextitem(utils_get_alt_row_color($i)); }
00099 
00100   # We destroy a part of the session hash because in no case we want to 
00101   # provide in clear text that complete information that could be used for
00102   # forgery (even if it is true that this page access is normally properly
00103   # restricted)      
00104   
00105   $dsession_hash = substr($row['session_hash'], 0, 6)."...";
00106 
00107   # Do not incitate users to kill their own session
00108   print '<span class="trash">';
00109   if (sane_cookie("session_hash") != $row['session_hash'])
00110     {
00111       print utils_link($PHP_SELF.'?func=del&amp;dsession_hash='.$dsession_hash.'&amp;dip_addr='.$row['ip_addr'].'&amp;dtime='.$row['time'],
00112                        '<img src="'.$GLOBALS['sys_home'].'images/'.SV_THEME.'.theme/trash.png" border="0" alt="'._("Kill this session").'" />');
00113     }
00114   else
00115     { print _("Current session"); }
00116   print '</span>';
00117 
00118   # I18N
00119   # The variables are: session identifier, time, remote host
00120   print sprintf(_("Session %s opened on %s from %s"), $dsession_hash, format_date($sys_datefmt, $row['time']), gethostbyaddr($row['ip_addr']))."<br />&nbsp;";
00121 
00122 }
00123 
00124 # Allow to kill sessions apart the current one,
00125 # if more than 3 sessions were counted
00126 # (otherwise, it looks overkill)
00127 if ($i > 3)
00128 {
00129   $i++;
00130   print $HTML->box_nextitem(utils_get_alt_row_color($i));
00131   print '<span class="trash">';
00132   print utils_link($PHP_SELF.'?func=del&amp;dkeep_one=1',
00133                        '<img src="'.$GLOBALS['sys_home'].'images/'.SV_THEME.'.theme/trash.png" border="0" alt="'._("Kill all sessions").'" />');
00134   print '</span>'; 
00135   print '<em>'._("All sessions apart from the current one").'</em><br />&nbsp;';
00136 
00137 }
00138 
00139 print $HTML->box_bottom();
00140 
00141 
00142 site_user_footer(array());
00143 
00144 
00145 ?>