Source for file Session.php

Documentation is available at Session.php

  1. <?php
  2. /*
  3. * This file is part of Sylar.
  4. *
  5. * Sylar is free software: you can redistribute it and/or modify
  6. * it under the terms of the GNU Lesser General Public License as published by
  7. * the Free Software Foundation, either version 3 of the License, or
  8. * (at your option) any later version.
  9. *
  10. * Sylar is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. * GNU Lesser General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU Lesser General Public License
  16. * along with Sylar. If not, see <http://www.gnu.org/licenses/>.
  17. *
  18. * @copyright Copyright Sylar Development Team
  19. * @license http://www.gnu.org/licenses/ GNU Public License V2.0
  20. * @see https://launchpad.net/sylar/
  21. * @see http://www.giano-solutions.com
  22. */
  23.  
  24. import('sylar.common.system.Logger');
  25. import('sylar.common.system.ConfigBox');
  26. import('sylar.common.db.DataBaseManager');
  27.  
  28.  
  29.  
  30. /**
  31. * Gestione Sessione e Permessi.
  32. * La classe gestisce la sessione Web dell'utente e utilizza vari oggetti
  33. * globali per la gestione dei $Log, utilizza la classe DataBase, ecc...
  34. *
  35. * @package Sylar
  36. * @version 1.0
  37. * @since 11-2004
  38. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  39. * @copyright Sylar Development Team
  40. */
  41. class Sylar_Session{
  42.  
  43. /** encrypt algoritm used for password */
  44.  
  45. private $encryptPwdMethod;
  46. private $storageMethod;
  47. function __construct(){
  48. $this->setEncryptPwdMethod();
  49. $this->setStorageMethod();
  50. }
  51. function __destruct() {
  52. # nothing to do
  53. }
  54. /**
  55. * it sets the method used to encrypt the password befor autenticate user
  56. *
  57. * @todo actually only md5 method is avaiable.
  58. *
  59. * @since 16/feb/08
  60. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  61. *
  62. * @see encryptPwd
  63. * @param string $methodName
  64. */
  65. public function setEncryptPwdMethod($methodName='md5'){
  66. $this->encryptPwdMethod = $methodName;
  67. }
  68. /**
  69. * it returns the method sets for password encription
  70. *
  71. * @since 16/feb/08
  72. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  73. *
  74. * @see encryptPwd
  75. * @return string
  76. */
  77. public function getEncryptPwdMethod(){
  78. return $this->encryptPwdMethod;
  79. }
  80. /**
  81. * User Login.
  82. * Effettua il login dell'utente passato al metodo.
  83. * Aggiorna la sua sessione, lo stato sul db e logga l'azione nel DB.
  84. * Gestisce in modo trasparente le varie tipologie di utenza come
  85. * Operatore, Dipendente, ecc...
  86. *
  87. * @todo switch between the different storage methods. Now works only with DB
  88. *
  89. * @since 03-2005
  90. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  91. *
  92. * @return boolean
  93. * @param string $username nome di login dell'utente
  94. * @param string $password password di login dell'utente
  95. */
  96. public function login($password, $username=null, $email=null, $userid=null){
  97. $log = new Sylar_Logger();
  98. try {
  99. $password = $this->encryptPwd($password);
  100. $sessionStorage = $this->provideSessionStorageObject();
  101. // Perform Login from data storage
  102. $loginInfo = $sessionStorage->login($password, $username, $email, $userid);
  103. if($loginInfo){
  104. //debug print_r($loginInfo);
  105. $this->saveUserDataInSession($loginInfo);
  106. #
  107. # Extract Groups for user and store in session
  108. #
  109. $aGroup = $sessionStorage->loadUserGroups($this->getSessionParam("user_id"));
  110. $this->saveUserCollectionDataInSession("sylarGroups",$aGroup);
  111.  
  112. #
  113. # Extract permissions for user and store in session
  114. #
  115. unset($aGroup);
  116. $aGroup = $sessionStorage->loadUserPermissions($this->getSessionParam("user_id"));
  117. $this->saveUserCollectionDataInSession("sylarPermissions",$aGroup);
  118. #
  119. # Switch status of user on Logged in session and in storage
  120. #
  121. $this->setUserAsLogged();
  122. return true;
  123. }else{
  124. return false;
  125. }
  126. }catch (ExceptionInSylar $ex){
  127. $log->logEvent("Login process failed. ".$ex->getMessage(),"WARNING");
  128. // after log exception pass info to method caller.
  129. throw $ex;
  130. return false;
  131. }
  132.  
  133. }
  134.  
  135. /**
  136. * Logout
  137. * execute the logout process for the user passed
  138. *
  139. * @since 16/feb/08
  140. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  141. *
  142. * @return boolean
  143. */
  144. public function logout(){
  145. $log = new Sylar_Logger();
  146. try{
  147. $this->setUserAsNotLogged();
  148. session_unregister(Sylar_ConfigBox::getSessionName());
  149. return true;
  150. }catch (ExceptionInSylar $ex){
  151. $log->logEvent("Logout process failed. ".$ex->getMessage(),"WARNING");
  152. throw $ex;
  153. return false;
  154. }
  155. }
  156. /**
  157. * Load all info about user in session.
  158. * the data is passeb by an array.
  159. *
  160. * This method can be override and modified as you need
  161. *
  162. * @since 16/feb/08
  163. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  164. *
  165. * @param array $aUserData
  166. * @return void
  167. */
  168. private function saveUserDataInSession($aUserData){
  169. #
  170. # Save data in session from DB or other source
  171. #
  172. $this->setSessionParam("user_id", $aUserData['user_id']);
  173. $this->setSessionParam("username", $aUserData['username']);
  174. $this->setSessionParam("name", $aUserData['name']);
  175. $this->setSessionParam("surname", $aUserData['surname']);
  176. $this->setSessionParam("email", $aUserData['email']);
  177. }
  178. /**
  179. * Load a complete collection data in Session. It use an array foreach collection.
  180. * Note that it isn't a simple set method
  181. *
  182. * This method can be override and modified as you need
  183. *
  184. * @since 16/feb/08
  185. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  186. *
  187. * @param array $aUserData
  188. * @return void
  189. */
  190. private function saveUserCollectionDataInSession($collectionDataName, $aUserData){
  191.  
  192. //TODO at the moment it save array in session. In the future we should define some roules and controls in this method
  193. #
  194. # Save data in session from DB or other source
  195. #
  196. $this->setSessionParam($collectionDataName, $aUserData);
  197. }
  198. /**
  199. * extract a collection of data from session. Usually array structure is used
  200. * Note that it isn't a simple get method
  201. *
  202. * This method can be override and modified as you need
  203. *
  204. * @since 16/feb/08
  205. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  206. *
  207. * @param array $aUserData
  208. * @return array
  209. */
  210. private function retriveUserCollectionDataFromSession($collectionDataName){
  211. $log = new Sylar_Logger();
  212. //TODO at the moment it read array from session. In the future we should define some roules and controls in this method
  213. $aCollection = $this->getSessionParam($collectionDataName);
  214. if(!is_array($aCollection)){
  215. $log->logEvent("Request a Collection from session that it isn't an array. Name: ".$collectionDataName, "WARNING");
  216. }
  217. return $aCollection;
  218. }
  219. /**
  220. * check if a user is logged in session
  221. *
  222. * This method can be override and modified as you need
  223. *
  224. * @since 16/feb/08
  225. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  226. *
  227. * @return boolean
  228. */
  229. public function isUserLogged(){
  230. if($this->getSessionParam("is_logged")){
  231. return true;
  232. }
  233. return false;
  234. }
  235. /**
  236. * It returns an object that is an implementation of
  237. * interface iSessionStorage
  238. * $methodName can assume:
  239. * - db
  240. * - xml
  241. * - csv
  242. *
  243. * @since 16/feb/08
  244. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  245. *
  246. * @todo the rest of method software. Must implement the respective interfaces
  247. *
  248. * @return object
  249. */
  250. protected function provideSessionStorageObject($methodName="db"){
  251. try{
  252. switch ($methodName) {
  253. case "db":
  254. $oDbMngr = new Sylar_DataBaseManager();
  255. import( $oDbMngr->getDriverClassPath($oDbMngr->getDefaultDbConfiguration()).".security.SqlSession" );
  256. $sqlSession = new Sylar_SqlSession();
  257. return $sqlSession;
  258. break;
  259. default:
  260. $oDbMngr = new Sylar_DataBaseManager();
  261. import( $oDbMngr->getDriverClassPath($oDbMngr->getDefaultDbConfiguration()).".security.SqlSession" );
  262. $sqlSession = new Sylar_SqlSession();
  263. return $sqlSession;
  264. break;
  265. }
  266. }catch (ExceptionInSylar $ex){
  267. throw $ex;
  268. return null;
  269. }
  270. }
  271. /**
  272. * it returns true if the user in session is member of specified group_id, false otherwise
  273. *
  274. * @todo to be done isUserMemberOfGroupName but Groups name must be unique?
  275. *
  276. * @see Sylar_Session::login($username, $password)
  277. * @see Sylar_iSessionStorage::loadUserGroups($user_id)
  278. *
  279. * @since 16/feb/08
  280. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  281. *
  282. * @param int $user_id
  283. * @return boolean
  284. */
  285. public function isUserMemberOfGroupId($user_id){
  286. $aGroups = $this->retriveUserCollectionDataFromSession('sylarGroups');
  287. #
  288. # has the Groups array the key $user_id?
  289. #
  290. if(is_array($aGroups) && array_key_exists($user_id, $aGroups)){
  291. return true;
  292. }else{
  293. return false;
  294. }
  295. }
  296. /**
  297. * it controls permissions associated user by permission_id
  298. *
  299. * @see Sylar_Session::login($username, $password)
  300. * @see Sylar_iSessionStorage::loadUserPermissions($user_id)
  301. *
  302. * @since 16/feb/08
  303. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  304. *
  305. * @param int $permission_id
  306. * @return boolean
  307. */
  308. public function hasUserPermissionId($permission_id){
  309. $aPermissions = $this->retriveUserCollectionDataFromSession('sylarPermissions');
  310. #
  311. # has the Permissions array the key $permission_id?
  312. #
  313. if(is_array($aPermissions) && array_key_exists($permission_id, $aPermissions)){
  314. return true;
  315. }else{
  316. return false;
  317. }
  318. }
  319. /**
  320. * it controls permissions associati user by permission_code
  321. *
  322. * @see Sylar_Session::login($username, $password)
  323. * @see Sylar_iSessionStorage::loadUserPermissions($user_id)
  324. *
  325. * @since 16/feb/08
  326. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  327. *
  328. * @param string $permission_code
  329. * @return boolean
  330. */
  331. public function hasUserPermissionCode($permission_code){
  332. $aPermissions = $this->retriveUserCollectionDataFromSession('sylarPermissions');
  333. #
  334. # has the Permissions array the value $permission_code?
  335. #
  336. if(is_array($aPermissions) && in_array($permission_code, $aPermissions)){
  337. return true;
  338. }else{
  339. return false;
  340. }
  341. }
  342. /**
  343. * In Sylar User i logged if the session param IS_LOGGED is True.
  344. *
  345. * Exceptions will be sent to caller method
  346. *
  347. * This method can be override and modified as you need
  348. *
  349. * Set the user status as logged in the system/session
  350. * You can override thi method to modify or implement actual process
  351. *
  352. * @since 16/feb/08
  353. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  354. *
  355. * @return boolean
  356. */
  357. private function setUserAsLogged(){
  358. try{
  359. /** Update data in session */
  360. $this->setSessionParam("is_logged", true);
  361. $this->setSessionParam("unique_id", 999);
  362. /** Update session data on the storage */
  363. $sessionStorage = $this->provideSessionStorageObject();
  364. $sessionStorage->setUserAsLogged( $this->getSessionParam("username"), $this->getSessionParam("user_id") );
  365. return true;
  366. }catch (ExceptionInSylar $ex){
  367. throw $ex;
  368. return false;
  369. }
  370. }
  371.  
  372. /**
  373. * In Sylar User i logged if the session param IS_LOGGED is True.
  374. *
  375. * Exceptions will be sent to caller method
  376. *
  377. * This method can be override and modified as you need
  378. *
  379. * Set the user status as Not logged in the system/session
  380. * You can override thi method to modify or implement actual process
  381. *
  382. * @since 16/feb/08
  383. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  384. *
  385. * @return boolean
  386. */
  387. private function setUserAsNotLogged(){
  388. try{
  389. $this->setSessionParam("is_logged", false);
  390. /** Update session data on the storage */
  391. $sessionStorage = $this->provideSessionStorageObject();
  392. $sessionStorage->setUserAsNotLogged( $this->getSessionParam("username"), $this->getSessionParam("user_id") );
  393. return true;
  394. }catch (ExceptionInSylar $ex){
  395. throw $ex;
  396. return false;
  397. }
  398. }
  399. /**
  400. * set the param value.
  401. * Set the value of Session param.
  402. *
  403. * @since 02-2008
  404. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  405. *
  406. * @return mixed
  407. * @param string $parametro il nome del parametro da impostare.
  408. * @param mixed $valore il valore da assegnare al parametro.
  409. */
  410. public function setSessionParam($parametro, $valore){
  411. $_SESSION[Sylar_ConfigBox::getSessionName()][$parametro] = $valore;
  412. return $valore;
  413. }
  414. /**
  415. * return the value of session param.
  416. *
  417. * @since 02-2008
  418. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  419. *
  420. * @return mixed
  421. * @param string $parametro name of param.
  422. */
  423. public function getSessionParam($parametro){
  424. if(session_is_registered(Sylar_ConfigBox::getSessionName()) && array_key_exists($parametro, $_SESSION[Sylar_ConfigBox::getSessionName()]) ){
  425. return $_SESSION[Sylar_ConfigBox::getSessionName()][$parametro];
  426. }else{
  427. return false;
  428. }
  429. }
  430. /**
  431. * set the storage method of user data
  432. * Possible value:
  433. * - db
  434. * - xml
  435. * - csv
  436. * - custom
  437. *
  438. * @todo Implements other method different from db like file or other custom
  439. *
  440. * @since 16/feb/08
  441. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  442. *
  443. * @param string $methodName
  444. * @return void
  445. */
  446. public function setStorageMethod($methodName="db"){
  447. $this->storageMethod = $methodName;
  448. }
  449.  
  450. /**
  451. * return a dump of session status converted into a formatted string.
  452. *
  453. * @since 16/feb/08
  454. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  455. *
  456. * @return string
  457. */
  458. public function getSessionStatusDump(){
  459. $sResult = "Sylar Session Status Dump: \n";
  460. // capture the output buffer
  461. ob_start();
  462. print_r($this->getSessionObj());
  463. $sResult .= ob_get_contents();
  464. ob_end_clean();
  465. return $sResult;
  466. }
  467. /**
  468. * get the storage method of user data
  469. *
  470. * @since 16/feb/08
  471. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  472. *
  473. * @return string
  474. * @todo Implements method different from db like csv, xml etc...
  475. */
  476. public function getStorageMethod(){
  477. return $this->storageMethod;
  478. }
  479. /**
  480. * return the id of session
  481. *
  482. * @since 16/feb/08
  483. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  484. *
  485. * @return string
  486. */
  487. public static function getSessionID(){
  488. return session_id();
  489. }
  490. /**
  491. * returns the Session Object. In Sylar is an Array
  492. *
  493. * @since 16/feb/08
  494. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  495. *
  496. * @return array
  497. */
  498. protected function getSessionObj(){
  499. if(session_is_registered(Sylar_ConfigBox::getSessionName())){
  500. return $_SESSION[Sylar_ConfigBox::getSessionName()];
  501. }else{
  502. return false;
  503. }
  504. }
  505.  
  506. /**
  507. * Encript the password using set algorytm
  508. * If the method set is not avaiable md5 will be used
  509. *
  510. * @todo to implement ather algorytm
  511. *
  512. * @since 16/feb/08
  513. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  514. *
  515. * @param string $password password string
  516. * @return string
  517. */
  518. private function encryptPwd($password){
  519. switch ($this->getEncryptPwdMethod()) {
  520. case 'md5':
  521. return md5($password);
  522. break;
  523.  
  524. default:
  525. return md5($password);
  526. break;
  527. }
  528. }
  529.  
  530. /**
  531. * get a unique id for the user session.
  532. *
  533. * @since 08-2005
  534. * @author Gianluca Giusti [brdp] <g.giusti@giano-solutions.com>
  535. *
  536. * @return integer
  537. */
  538. public function getUniqueID(){
  539. $_SESSION[Sylar_ConfigBox::getSessionName()]["unique_id"]++;
  540.  
  541. return $this->getSessionParam("unique_id");
  542. }
  543. }
  544.  
  545.  
  546. ?>

Documentation generated on Thu, 24 Apr 2008 16:14:20 +0200 by phpDocumentor 1.3.0RC3