[Jaws-commits] r13362 - trunk/jaws/html/include/Jaws

afz at jaws-project.com afz at jaws-project.com
Fri Aug 10 13:57:26 UTC 2012


Author: afz
Date: 2012-08-10 13:57:26 +0000 (Fri, 10 Aug 2012)
New Revision: 13362

Modified:
   trunk/jaws/html/include/Jaws/Session.php
Log:
[Session]: check logon hours and expiry date  after user logged in

Modified: trunk/jaws/html/include/Jaws/Session.php
===================================================================
--- trunk/jaws/html/include/Jaws/Session.php	2012-08-10 13:57:04 UTC (rev 13361)
+++ trunk/jaws/html/include/Jaws/Session.php	2012-08-10 13:57:26 UTC (rev 13362)
@@ -238,57 +238,77 @@
             $this->_SessionID  = $session['sid'];
             $this->_Attributes = unserialize($session['data']);
 
+            // check session longevity
             if ($session['updatetime'] < ($expTime - $session['longevity'])) {
-                // only reset session data
                 $GLOBALS['app']->Session->Logout();
-            } else {
-                if ($session['updatetime'] < $expTime) {
-                    $concurrent_logins = $this->GetAttribute('concurrent_logins');
-                    $existSessions = $this->_cache->GetUserSessions($this->GetAttribute('user'), true);
-                    if (!empty($existSessions) &&
-                        !empty($concurrent_logins) &&
-                        $existSessions >= $concurrent_logins)
-                    {
-                        $GLOBALS['app']->Session->Logout();
-                        Jaws_Error::Fatal('Maximum number of concurrent logins reached');
-                    }
-                }
+                $GLOBALS['log']->Log(JAWS_LOG_DEBUG, 'Previous session has expired');
+                return false;
+            }
 
-                $xss = $GLOBALS['app']->loadClass('XSS', 'Jaws_XSS');
-                $agent = $xss->filter($_SERVER['HTTP_USER_AGENT']);
-                if ($agent !== $session['agent']) {
-                    $GLOBALS['app']->Session->Logout();
-                    Jaws_Error::Fatal('Jaws prevented execute this request for security reason<br />'.
-                                      'because agent of this session changed');
+            // user expiry date
+            $expiry_date = $this->GetAttribute('expiry_date');
+            if (!empty($expiry_date) && $expiry_date <= time()) {
+                $GLOBALS['app']->Session->Logout();
+                Jaws_Error::Fatal('This username is expired');
+            }
+
+            // logon hours
+            $logon_hours = $this->GetAttribute('logon_hours');
+            if (!empty($logon_hours)) {
+                $wdhour = explode(',', $GLOBALS['app']->UTC2UserTime(time(), 'w,G'));
+                $lhByte = hexdec($logon_hours{$wdhour[0]*6 + floor($wdhour[1]/4)});
+                if ((pow(2, fmod($wdhour[1], 4)) & $lhByte) == 0) {
+                    //$GLOBALS['app']->Session->Logout();
+                    //Jaws_Error::Fatal('Logon hours terminated');
                 }
+            }
 
-                if (($salt !== $this->GetAttribute('salt')) || ($checksum !== $session['checksum'])) {
+            // concurrent logins
+            if ($session['updatetime'] < $expTime) {
+                $logins = $this->GetAttribute('concurrent_logins');
+                $existSessions = $this->_cache->GetUserSessions($this->GetAttribute('user'), true);
+                if (!empty($existSessions) && !empty($logins) && $existSessions >= $logins) {
                     $GLOBALS['app']->Session->Logout();
-                    Jaws_Error::Fatal('Jaws prevented execute this request for security reason<br />'.
-                                      'because the session is invalid');
+                    Jaws_Error::Fatal('Maximum number of concurrent logins reached');
                 }
+            }
 
-                // check referrer of request
-                $referrer = @parse_url($_SERVER['HTTP_REFERER']);
-                if ($referrer && isset($referrer['host'])) {
-                    $referrer = $referrer['host'];
-                } else {
-                    $referrer = $_SERVER['HTTP_HOST'];
-                }
+            // browser agent
+            $xss = $GLOBALS['app']->loadClass('XSS', 'Jaws_XSS');
+            $agent = $xss->filter($_SERVER['HTTP_USER_AGENT']);
+            if ($agent !== $session['agent']) {
+                $GLOBALS['app']->Session->Logout();
+                Jaws_Error::Fatal('Jaws prevented execute this request for security reason<br />'.
+                                  'because agent of this session changed');
+            }
 
-                if (!$this->GetAttribute('logged') ||
-                    (JAWS_SCRIPT != 'admin') ||
-                    $referrer == $_SERVER['HTTP_HOST'] ||
-                    $session['referrer'] === md5($referrer))
-                {
-                    $GLOBALS['log']->Log(JAWS_LOG_DEBUG, 'Session was OK');
-                    return true;
-                } else {
-                    $GLOBALS['log']->Log(JAWS_LOG_DEBUG, 'Session found but referrer changed');
-                    Jaws_Error::Fatal('Jaws prevented execute this request for security reason<br />'.
-                                      'because referrer of this session changed');
-                }
+            // salt & checksum
+            if (($salt !== $this->GetAttribute('salt')) || ($checksum !== $session['checksum'])) {
+                $GLOBALS['app']->Session->Logout();
+                Jaws_Error::Fatal('Jaws prevented execute this request for security reason<br />'.
+                                  'because the session is invalid');
             }
+
+            // check referrer of request
+            $referrer = @parse_url($_SERVER['HTTP_REFERER']);
+            if ($referrer && isset($referrer['host'])) {
+                $referrer = $referrer['host'];
+            } else {
+                $referrer = $_SERVER['HTTP_HOST'];
+            }
+
+            if (!$this->GetAttribute('logged') ||
+                (JAWS_SCRIPT != 'admin') ||
+                $referrer == $_SERVER['HTTP_HOST'] ||
+                $session['referrer'] === md5($referrer))
+            {
+                $GLOBALS['log']->Log(JAWS_LOG_DEBUG, 'Session was OK');
+                return true;
+            } else {
+                $GLOBALS['log']->Log(JAWS_LOG_DEBUG, 'Session found but referrer changed');
+                Jaws_Error::Fatal('Jaws prevented execute this request for security reason<br />'.
+                                  'because referrer of this session changed');
+            }
         }
 
         $GLOBALS['log']->Log(JAWS_LOG_DEBUG, 'No previous session exists');
@@ -304,12 +324,14 @@
     function Create($info = array(), $remember = false)
     {
         if (empty($info)) {
-            $info['id']         = '';
-            $info['internal']   = false;
-            $info['username']   = '';
-            $info['superadmin'] = false;
-            $info['groups']     = array();
-            $info['nickname']   = '';
+            $info['id']          = '';
+            $info['internal']    = false;
+            $info['username']    = '';
+            $info['superadmin']  = false;
+            $info['groups']      = array();
+            $info['nickname']    = '';
+            $info['logon_hours'] = '';
+            $info['expiry_date'] = 0;
             $info['concurrent_logins'] = 0;
             $info['email']      = '';
             $info['url']        = '';
@@ -321,13 +343,15 @@
         }
 
         $this->_Attributes = array();
-        $this->SetAttribute('user',       $info['id']);
-        $this->SetAttribute('internal',   $info['internal']);
-        $this->SetAttribute('salt',       uniqid(mt_rand(), true));
-        $this->SetAttribute('type',       APP_TYPE);
-        $this->SetAttribute('username',   $info['username']);
-        $this->SetAttribute('superadmin', $info['superadmin']);
-        $this->SetAttribute('groups',     $info['groups']);
+        $this->SetAttribute('user',        $info['id']);
+        $this->SetAttribute('internal',    $info['internal']);
+        $this->SetAttribute('salt',        uniqid(mt_rand(), true));
+        $this->SetAttribute('type',        APP_TYPE);
+        $this->SetAttribute('username',    $info['username']);
+        $this->SetAttribute('superadmin',  $info['superadmin']);
+        $this->SetAttribute('groups',      $info['groups']);
+        $this->SetAttribute('logon_hours', $info['logon_hours']);
+        $this->SetAttribute('expiry_date', $info['expiry_date']);
         $this->SetAttribute('concurrent_logins', $info['concurrent_logins']);
         $this->SetAttribute('longevity',  $remember?
                                           (int)$GLOBALS['app']->Registry->Get('/policy/session_remember_timeout')*3600 : 0);
@@ -354,13 +378,15 @@
     function Reset()
     {
         $this->_Attribute = array();
-        $this->SetAttribute('user',       '');
-        $this->SetAttribute('salt',       uniqid(mt_rand(), true));
-        $this->SetAttribute('type',       APP_TYPE);
-        $this->SetAttribute('internal',   false);
-        $this->SetAttribute('username',   '');
-        $this->SetAttribute('superadmin', false);
-        $this->SetAttribute('groups',     array());
+        $this->SetAttribute('user',        '');
+        $this->SetAttribute('salt',        uniqid(mt_rand(), true));
+        $this->SetAttribute('type',        APP_TYPE);
+        $this->SetAttribute('internal',    false);
+        $this->SetAttribute('username',    '');
+        $this->SetAttribute('superadmin',  false);
+        $this->SetAttribute('groups',      array());
+        $this->SetAttribute('logon_hours', '');
+        $this->SetAttribute('expiry_date', 0);
         $this->SetAttribute('concurrent_logins', 0);
         $this->SetAttribute('longevity',  0);
         $this->SetAttribute('logged',     false);



More information about the Jaws-commits mailing list