sessions.php
author Dan
Tue, 26 May 2009 15:25:30 -0400
changeset 69 73780a159e15
parent 44 92dd253f501c
child 74 7719085707d8
permissions -rw-r--r--
DCOP: added safeguards for mysterious zombie behavior

<?php

/**
 * Greyhound - real web management for Amarok
 * Copyright (C) 2008 Dan Fuhry
 *
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
 */

function greyhound_login_page($httpd, $socket)
{
  if ( session_check() )
  {
    $httpd->header('HTTP/1.1 307 Temporary Redirect');
    $httpd->header('Location: /');
    
    return;
  }
  $tried = false;
  $success = false;
  if ( isset($_POST['username']) && isset($_POST['password']) )
  {
    $tried = true;
    if ( $sessionid = login($_POST['username'], $_POST['password']) )
    {
      $success = true;
      $httpd->setcookie('grey_session', $sessionid, time() + ( 86400 * 3650 ));
    }
  }
  
  global $theme;
  $iphone = ( ( strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') ||
       strpos($_SERVER['HTTP_USER_AGENT'], 'iPod') ||
       strpos($_SERVER['HTTP_USER_AGENT'], 'BlackBerry') ||
       isset($_GET['m']) )
       && !isset($_GET['f'])
       );
  $theme_id = ( $iphone ) ? 'iphone' : $theme;
  $smarty = load_theme($theme_id);
  
  $smarty->assign('theme', $theme_id);
  $smarty->assign('greyhound_version', GREY_VERSION);
  $smarty->assign('tried', $tried);
  $smarty->assign('success', $success);
  $smarty->display('login.tpl');
}

function greyhound_logout($httpd, $socket)
{
  // destroy the session
  if ( isset($_COOKIE['grey_session']) )
  {
    load_session_data();
    global $session_data;
    unset($session_data[$_COOKIE['grey_session']]);
    session_commit_db();
  }
  
  $httpd->setcookie('grey_session', '', time() - 864000);
  $httpd->header('HTTP/1.1 307 Temporary Redirect');
  $httpd->header('Location: /');
}

/**
 * Check to see if we're logged in
 */

function session_check()
{
  global $use_auth, $auth_data;
  if ( isset($_COOKIE['grey_session']) )
  {
    load_session_data();
    global $session_data;
    if ( isset($session_data[$_COOKIE['grey_session']]) )
    {
      // has a cookie with a valid session ID, check credentials
      $session =& $session_data[$_COOKIE['grey_session']];
      if ( isset($auth_data[$session['user']]) )
      {
        if ( $session['hash'] === md5($auth_data[$session['user']] . $session['salt']) )
        {
          // session is valid, logged in
          return true;
        }
      }
    }
  }
  return ( $use_auth ) ? false : true;
}

function login($username, $password)
{
  global $use_auth, $auth_data;
  if ( !$use_auth )
    return false;
  
  if ( isset($auth_data[$username]) )
  {
    if ( $auth_data[$username] === $password )
    {
      return create_session($username, $password);
    }
  }
  return false;
}

function create_session($username, $password)
{
  load_session_data();
  global $session_data;
  
  $sessid = md5(sha1(microtime() . mt_rand()));
  $salt = md5(sha1(md5(mt_rand() . microtime() . microtime() . mt_rand())));
  
  $session_data[$sessid] = array(
      'user' => $username,
      'hash' => md5($password . $salt),
      'salt' => $salt
    );
  session_commit_db();
  
  return $sessid;
}

function var_export_string($arr)
{
  ob_start();
  var_export($arr);
  $r = ob_get_contents();
  ob_end_clean();
  return $r;
}

function session_commit_db()
{
  global $session_data;
  $d = var_export_string($session_data);
  $fp = @fopen('./session_db.php', 'w');
  if ( !$fp )
  {
    warning('Could not open the session database for writing. Logins may not work.');
    return false;
  }
  $d = <<<EOF
<?php

// Automatically generated session database for Greyhound. Do not edit this file!

\$GLOBALS['session_data'] = $d;
EOF;
  
  fwrite($fp, $d);
  fclose($fp);
  
  return true;
}

function load_session_data()
{
  if ( file_exists('./session_db.php') )
  {
    require('./session_db.php');
  }
  else
  {
    $GLOBALS['session_data'] = array();
  }
}

$session_data = array();

?>