session
class session
Session class
Properties
$cookie_data | |||
$page | |||
$data | |||
$browser | |||
$forwarded_for | |||
$host | |||
$session_id | |||
$ip | |||
$load | |||
$time_now | |||
$update_session_page |
Methods
Extract current session page
Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present.
Start session management
Create a new session
Kills a session
Session garbage collection
Sets a cookie
Check for banned user
Check the current session for bans
Check if ip is blacklisted by Spamhaus SBL
Checks if an IPv4 address is in a specified DNS blacklist
Check if ip is blacklisted This should be called only where absolutely necessary
Set/Update a persistent login key
Reset all login keys for the specified user
Check if the request originated from the same page.
No description
Update the session data
No description
Get user ID
Update user last visit time
Update user's last active time
Details
at line 39
static array
extract_current_page(string $root_path)
Extract current session page
at line 164
extract_current_hostname()
Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present.
at line 228
session_begin(bool $update_session_page = true)
Start session management
This is where all session activity begins. We gather various pieces of information from the client and server. We test to see if a session already exists. If it does, fine and dandy. If it doesn't we'll go on to create a new one ... pretty logical heh? We also examine the system load (if we're running on a system which makes such information readily available) and halt if it's above an admin definable limit.
at line 490
session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)
Create a new session
If upon trying to start a session we discover there is nothing existing we jump here. Additionally this method is called directly during login to regenerate the session for the specific user. In this method we carry out a number of tasks; garbage collection, (search)bot checking, banned user comparison. Basically though this method will result in a new session for a specific user.
at line 865
session_kill($new_session = true)
Kills a session
This method does what it says on the tin. It will delete a pre-existing session. It resets cookie information (destroying any autologin key within that cookie data) and update the users information from the relevant session data. It will then grab guest user information.
at line 957
session_gc()
Session garbage collection
This looks a lot more complex than it really is. Effectively we are deleting any sessions older than an admin definable limit. Due to the way in which we maintain session data we have to ensure we update user data before those sessions are destroyed. In addition this method removes autologin key information that is older than an admin defined limit.
at line 1073
set_cookie(string $name, string $cookiedata, int $cookietime, bool $httponly = true)
Sets a cookie
Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set.
at line 1128
check_ban(int|false $user_id = false, mixed $user_ips = false, string|false $user_email = false, bool $return = false)
Check for banned user
Checks whether the supplied user is banned by id, ip or email. If no parameters are passed to the method pre-existing session data is used.
at line 1336
protected true
check_ban_for_current_session($config)
Check the current session for bans
at line 1364
bool
check_dnsbl_spamhaus(string $dnsbl, string|false $ip = false)
Check if ip is blacklisted by Spamhaus SBL
Disables DNSBL setting if errors are returned by Spamhaus due to a policy violation. https://www.spamhaus.com/product/help-for-spamhaus-public-mirror-users/
at line 1432
bool
check_dnsbl_ipv4_generic(string $dnsbl, string|false $ip = false)
Checks if an IPv4 address is in a specified DNS blacklist
Only checks if a record is returned or not.
at line 1468
false
check_dnsbl(string $mode, string|false $ip = false)
Check if ip is blacklisted This should be called only where absolutely necessary
Only IPv4 (rbldns does not support AAAA records/IPv6 lookups)
at line 1562
set_login_key($user_id = false, $key = false, $user_ip = false)
Set/Update a persistent login key
This method creates or updates a persistent session key. When a user makes use of persistent (formerly auto-) logins a key is generated and stored in the DB. When they revisit with the same key it's automatically updated in both the DB and cookie. Multiple keys may exist for each user representing different browsers or locations. As with any non-secure-socket no passphrase login this remains vulnerable to exploit.
at line 1632
reset_login_keys($user_id = false)
Reset all login keys for the specified user
This method removes all current login keys for a specified (or the current) user. It will be called on password change to render old keys unusable
at line 1681
validate_referer(bool $check_script_path = false)
Check if the request originated from the same page.
at line 1718
unset_admin()
No description
at line 1733
update_session(array $session_data, string $session_id = null)
Update the session data
at line 1756
update_session_infos()
No description
at line 1800
int
id()
Get user ID
at line 1808
update_user_lastvisit()
Update user last visit time
at line 1827
void
update_last_active_time()
Update user's last active time