members
Packages
Interfaces
Classes
Files

Class: Session

Source Location: /members/session.class.php [line 40]

Class Overview


This class manages all sessions for the users.

Author(s):

  • Régis VIARRE <crowkait@phpboost.com


Class Details

This class manages all sessions for the users.

Tags:

  • author: Régis VIARRE <crowkait@phpboost.com
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]


Class Methods

method act [line 51]

void act( )
Manage the actions for the session caused by the user (connection, disconnection).
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]

method check [line 297]

void check( string $session_script_title)
Check session validity, and update it

Parameters:

string   $session_script_title   The page title where the session has been check.
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]

method csrf_get_protect [line 713]

true csrf_get_protect( [mixed $redirect = SEASURF_ATTACK_ERROR_PAGE])
Check the session against CSRF attacks by GET. Checks that GETs are done from this site with a correct token.

Tags:

  • return: if no csrf attack by get is detected

Parameters:

mixed   $redirect   if string, redirect to the $redirect error page if the token is wrong if false, do not redirect
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]

method csrf_post_protect [line 679]

bool csrf_post_protect( [mixed $redirect = SEASURF_ATTACK_ERROR_PAGE])
Check the session against CSRF attacks by POST. Checks that POSTs are done from this site. 2 different cases are accepted but the first is safer:
  • The request contains a parameter whose name is token and value is the value of the token of the current session.
  • If the token isn't in the request, we analyse the HTTP referer to be sure that the request comes from the current site and not from another which can be suspect
If the request doesn't match any of these two cases, this method will consider that it's a CSRF attack.

Tags:

  • return: true if no csrf attack by post is detected

Parameters:

mixed   $redirect   if string, redirect to the $redirect error page if the token is wrong if false, do not redirect
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]

method end [line 357]

void end( )
Destroy the session
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]

method get_module_parameters [line 411]

array get_module_parameters( [string $module = ''])
Get module's parametres from session

Tags:

  • return: array of parameters

Parameters:

string   $module   module module name (if null then current module)
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]

method get_token [line 655]

string get_token( )
Return the session token

Tags:

  • return: the session token
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]

method load [line 237]

void load( )
Get informations from the user, and set it for his session.
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]

method set_module_parameters [line 379]

void set_module_parameters( mixed $parameters, [ $module = ''])
Save module's parameters into session

Parameters:

mixed   $parameters   module's parameters
   $module  
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]

method start [line 139]

True start( int $user_id, string $password, $level, string $session_script, string $session_script_get, string $session_script_title, [boolean $autoconnect = false], [boolean $already_hashed = false])
Start the session

Tags:

  • return: if succed, false otherwise and return an error code.

Parameters:

int   $user_id   The member's user id.
string   $password   The member's password.
string   $session_script   Session script value where the session is started.
string   $session_script_get   Get value of session script where the session is started.
string   $session_script_title   Title of session script where the session is started.
boolean   $autoconnect   The member user id.
boolean   $already_hashed   True if password has been already hashed width str_hash() function, false otherwise.
   $level  
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]

static method garbage_collector [line 544]

static void garbage_collector( )
Deletes all the existing sessions
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]


Class Variables

[line 45]   mixed  $autoconnect  = array()
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]
[line 43]   mixed  $data  = array()
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]
[line 44]   mixed  $session_mod  =  0
[ Top ] - [ Class Details ] - [ Methods ] - [ Variables ]
Documentation generated on Tue, 28 Jul 2009 22:43:41 +0200 by phpDocumentor 1.4.1