Attachment #83469 for bug #209557

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Lines 329-334 Link Here

(-)eclipse.org-common/system/app.class.php (-1 / +53 lines)
329		329
330	function generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html) {	330	function generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html) {
331		331
		332	# OPT1: ob_start();
		333
332	# All web page parameters passed for variable scope	334	# All web page parameters passed for variable scope
333		335
334	if($theme == "") {	336	if($theme == "") {
Lines 359-364 Link Here
359		361
360	echo $html;	362	echo $html;
361	include($this->getFooterPath($theme));	363	include($this->getFooterPath($theme));
		364
		365	# OPT1:$starttime = microtime();
		366	# OPT1:$html = ob_get_contents();
		367	# OPT1:ob_end_clean();
		368
		369	# OPT1:$stripped_html = $html;
		370	# OPT1:$stripped_html = preg_replace("/^\s*/", "", $stripped_html);
		371	# OPT1:$stripped_html = preg_replace("/\s{2,}/", " ", $stripped_html);
		372	# OPT1:$stripped_html = preg_replace("/^\t*/", "", $stripped_html);
		373	# OPT1:$stripped_html = preg_replace("/\n/", "", $stripped_html);
		374	# OPT1:$stripped_html = preg_replace("/>\s</", "><", $stripped_html);
		375	# $stripped_html = preg_replace("/<!--.*-->/", "", $stripped_html);
		376	# OPT1:$endtime = microtime();
		377
		378	# OPT1:echo "<!-- unstripped: " . strlen($html) . " bytes/ stripped: " . strlen($stripped_html) . "bytes - " . sprintf("%.2f", strlen($stripped_html) / strlen($html)) . " Bytes saved: " . (strlen($html) - strlen($stripped_html)) . " Time: " . ($endtime - $starttime) . " -->";
		379	# echo $stripped_html;
362	}	380	}
363		381
364	function AddExtraHtmlHeader( $string ) {	382	function AddExtraHtmlHeader( $string ) {
Lines 395-401 Link Here
395	if(isset($_POST[$_param_name]) && $_method != "GET") {	413	if(isset($_POST[$_param_name]) && $_method != "GET") {
396	$rValue = $_POST[$_param_name];	414	$rValue = $_POST[$_param_name];
397	}	415	}
398
399	return $rValue;	416	return $rValue;
400	}	417	}
401		418
Lines 703-708 Link Here
703	}	720	}
704	return $fileSize;	721	return $fileSize;
705	}	722	}
		723
		724	function useSession() {
		725	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/session.class.php");
		726	$ssn = new Session();
		727	$ssn->validate();
		728	return $ssn;
		729	}
		730
		731	function isValidCaller($_pathArray) {
		732	$a = debug_backtrace();
		733	$caller = $a[1]['file']; # Caller 0 is the class that called App();
		734	$validCaller = false;
		735	for($i = 0; $i < count($_pathArray); $i++) {
		736	# TODO: use regexp's to match the leftmost portion for better security
		737	if(strstr($caller, $_pathArray[$i])) {
		738	$validCaller = true;
		739	break;
		740	}
		741	}
		742	return $validCaller;
		743	}
		744
		745	function sqlSanitize($_value, $_dbh) {
		746	/**
		747	* Sanitize incoming value to prevent SQL injections
		748	* @param string value to sanitize
		749	* @param dbh database resource to use
		750	* @return string santized string
		751	*/
		752	if(get_magic_quotes_gpc()) {
		753	$_value = stripslashes($_value);
		754	}
		755	$_value = mysql_real_escape_string($_value, $_dbh);
		756	return $_value;
		757	}
706	}	758	}
707		759
708	?>	760	?>




<?php
/*******************************************************************************
 * Copyright (c) 2007 Eclipse Foundation and others.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *    Denis Roy (Eclipse Foundation)- initial API and implementation
 *******************************************************************************/

define('MAX_LOG_DAYS', 365);

require_once("/home/data/httpd/eclipse-php-classes/system/dbconnection_rw.class.php");

class EvtLog {

	#*****************************************************************************
	#
	# evt_log.class.php
	#
	# Author: 		Denis Roy
	# Date:			2004-08-05
	#
	# Description: Functions and modules related to a modification log entry
	#
	# HISTORY:
	#
	#*****************************************************************************


	
	var $LogID 		= 0;
	var $LogTable		= "";
	var $PK1		= "";
	var $PK2		= "";
	var $LogAction		= "";
	var $uid		= "";
	var $EvtDateTime	= "";
	
	function getLogID() {
		return $this->LogID;
	}
	function getLogTable() {
		return $this->LogTable;
	}
	function getPK1() {
		return $this->PK1;
	}
	function getPK2() {
		return $this->PK2;
	}
	function getLogAction() {
		return $this->LogAction;
	}
	function getuid() {
		return $this->PersonID;
	}
	function getEvtDateTime() {
		return $this->EvtDateTime;
	}


	function setLogID($_LogID) {
		$this->LogID = $_LogID;
	}
	function setLogTable($_LogTable) {
		$this->LogTable = $_LogTable;
	}
	function setPK1($_PK1) {
		$this->PK1 = $_PK1;
	}
	function setPK2($_PK2) {
		$this->PK2 = $_PK2;
	}
	function setLogAction($_LogAction) {
		$this->LogAction = $_LogAction;
	}
	function setuid($_uid) {
		$this->uid = $_uid;
	}
	function setEvtDateTime($_EvtDateTime) {
		$this->EvtDateTime = $_EvtDateTime;
	}

	function insertModLog ($_uid) {
		$uid = $_uid;
		if($this->getLogTable() != "" && $this->getPK1() != "" && $this->getLogAction() != "" && $uid != "") {
			$App = new App();
			$dbc = new DBConnectionRW();
			$dbh = $dbc->connect();
			
			$sql = "INSERT INTO SYS_EvtLog (
						LogID,
						LogTable,
						PK1,
						PK2,
						LogAction,
						uid,
						EvtDateTime)
					VALUES (
						NULL,
						" . $App->returnQuotedString($App->sqlSanitize($this->getLogTable(),$dbh)) . ",
						" . $App->returnQuotedString($App->sqlSanitize($this->getPK1(),$dbh)) . ",
						" . $App->returnQuotedString($App->sqlSanitize($this->getPK2(),$dbh)) . ",
						" . $App->returnQuotedString($App->sqlSanitize($this->getLogAction(),$dbh)) . ",
						" . $App->returnQuotedString($App->sqlSanitize($uid),$dbh) . ",
						NOW()
					)";
					
			mysql_query($sql, $dbh);
			if(mysql_error() != "") {
				echo "An unknown database error has occurred while logging information.  Please contact the System Administrator.";
				echo mysql_error();
				exit;
			}
			
			$dbc->disconnect();
			
			# 1% of each hits will perform clean up	
			if(rand(0, 100) < 1) {
				$this->cleanup();
			}
		}
		else {
			echo "An unknown system error has occurred while logging information.  Please contact the System Administrator.";
			exit;
		}
	}
	
	function cleanup() {
		$sql = "DELETE FROM SYS_EvtLog WHERE EvtDateTime < " . MAX_LOG_DAYS;
					
		$dbc = new DBConnectionRW();
		$dbh = $dbc->connect();
		mysql_query($sql, $dbh);
		$dbc->disconnect();
	}
}
?>




<?php
/*******************************************************************************
 * Copyright (c) 2007 Eclipse Foundation and others.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *    Denis Roy (Eclipse Foundation)- initial API and implementation
 *******************************************************************************/

define('ECLIPSE_SESSION', 'ECLIPSESESSION');

require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php");
require_once("/home/data/httpd/eclipse-php-classes/system/dbconnection_rw.class.php");
require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/evt_log.class.php");

class Session {

	private $gid		= "";
	private $bugzilla_id= 0;
	private $subnet		= "";
	private $updated_at	= "";
	private $is_persistent	= 0;
	private $Friend		= null;
	private $data		= "";
	
	/**
	 * Default constructor
	 *
	 * @return null
	 */
	function Session($persistent=0) {
		$this->setIsPersistent($persistent);
		$this->validate();			
	}

	
	function getGID() {
		return $this->gid;
	}
	function getBugzillaID() {
		return $this->bugzilla_id;
	}
	function getSubnet() {
		return $this->subnet;
	}
	function getUpdatedAt() {
		return $this->updated_at;
	}
	function getFriend() {
		return $this->Friend;
	}
	function getData() {
		return unserialize($this->data);
	}
	function getIsPersistent() {
		return $this->is_persistent == null ? 0 : $this->is_persistent;
	}
	
	function setGID($_gid) {
		$this->gid = $_gid;
	}
	function setBugzillaID($_bugzilla_id) {
		$this->bugzilla_id = $_bugzilla_id;
	}
	function setSubnet($_subnet) {
		$this->subnet = $_subnet;
	}
	function setUpdatedAt($_updated_at) {
		$this->updated_at = $_updated_at;
	}
	function setFriend($_friend) {
		$this->Friend = $_friend;
	}
	function setData($_data) {
		$this->data = serialize($_data);
	}
	function setIsPersistent($_is_persistent) {
		$this->is_persistent = $_is_persistent;
	}

	
	/**
	 * Validate session based on browser cookie
	 *
	 * @return boolean
	 */
	function validate() {
		$cookie = (isset($_COOKIE[ECLIPSE_SESSION]) ? $_COOKIE[ECLIPSE_SESSION] : "");
		$rValue = false;
		if ( (!$this->load($cookie))) {
        	# Failed - no such session, or session no match.  Need to relogin
        	setcookie(ECLIPSE_SESSION, "", -36000, "/", "eclipse.org");
        	$rValue = false;
        }
        else {
			# TODO: update session?
			$rValue = true;
        	$this->maintenance();
        	$this->setFriend($this->getData());
        }
        return $rValue;
	}

	function destroy() {
		if($this->getBugzillaID() != 0) {
        	$sql = "DELETE FROM sessions WHERE bugzilla_id = " . $this->getBugzillaID();
        	$dbc = new DBConnectionRW();
			$dbh = $dbc->connect();
			mysql_query($sql, $dbh);
			$dbc->disconnect();
			setcookie(ECLIPSE_SESSION, "", -36000, "/", "eclipse.org");
			
			# Log this event
			$EvtLog = new EvtLog();
			$EvtLog->setLogTable("sessions");
			$EvtLog->setPK1($this->getBugzillaID());
			$EvtLog->setPK2($_SERVER['REMOTE_ADDR']);
			$EvtLog->setLogAction("DELETE");
			$EvtLog->insertModLog("apache");
		}
	}

	function create() {
		# create session on the database
		$Friend = $this->getFriend();
		$this->setData($Friend);
		
		# need to have a bugzilla ID to log in
		if($Friend->getBugzillaID() > 0) {
			$App = new App();
			$this->setGID(md5(uniqid(rand(),true)));
			$this->setSubnet($this->getClientSubnet());
			$this->setUpdatedAt($App->getCURDATE());
			$this->setBugzillaID($Friend->getBugzillaID());
			
			$dbc = new DBConnectionRW();
			$dbh = $dbc->connect();
			
			$sql = "INSERT INTO sessions (
						gid,
						bugzilla_id,
						subnet,
						updated_at,
						data,
						is_persistent)
						VALUES (
							" . $App->returnQuotedString($this->getGID()) . ",
							" . $App->sqlSanitize($Friend->getBugzillaID() ,$dbh) . ",
							" . $App->returnQuotedString($this->getSubnet()) . ",
							NOW(),
							'" . $App->returnJSSAfeString($this->data) . "',
							'" . $App->sqlSanitize($this->getIsPersistent(),$dbh) . "')";

			mysql_query($sql, $dbh);
			$dbc->disconnect();
			
			
			# Log this event
			$EvtLog = new EvtLog();
			$EvtLog->setLogTable("sessions");
			$EvtLog->setPK1($this->getBugzillaID());
			$EvtLog->setPK2($_SERVER['REMOTE_ADDR']);
			$EvtLog->setLogAction("INSERT");
			$EvtLog->insertModLog("apache");

			
			$cookie_time = 0;
			if($this->getIsPersistent()) {
				$cookie_time = time()+3600*24*365;
			}
			setcookie(ECLIPSE_SESSION, $this->getGID(), $cookie_time, "/", "eclipse.org");			
		}
	}

	function load($_gid) {
		# need to have a bugzilla ID to log in
		
		$rValue = false;
		if($_gid != "") {
			$dbc = new DBConnectionRW();
			$dbh = $dbc->connect();
			
			$App = new App();
			$sql = "SELECT	gid,
							bugzilla_id,
							subnet,
							updated_at,
							data,
							is_persistent
					FROM sessions
					WHERE gid = " . $App->sqlSanitize($App->returnQuotedString($_gid),$dbh) . "
						AND subnet = " . $App->returnQuotedString($this->getClientSubnet());
			
			$result = mysql_query($sql, $dbh);
			if($result && mysql_num_rows($result) > 0) {
				$rValue = true;
				$myrow = mysql_fetch_assoc($result);
				$this->setGID($_gid);
				$this->setBugzillaID($myrow['bugzilla_id']);
				$this->setSubnet($myrow['subnet']);
				$this->setUpdatedAt($myrow['updated_at']);
				$this->data = $myrow['data'];
				$this->setIsPersistent($myrow['is_persistent']);
			}
			$dbc->disconnect();
		}		
		return $rValue;
	}

	function maintenance() {
		$dbc = new DBConnectionRW();
		$dbh = $dbc->connect();
			
		$sql = "DELETE FROM sessions 
				WHERE (updated_at < DATE_SUB(NOW(), INTERVAL 1 DAY) AND is_persistent = 0) 
				OR (subnet = '" . $this->getClientSubnet() . "' AND gid <> '" . $App->sqlSanitize($this->getGID(), $dbh) . "')"; 

		mysql_query($sql, $dbh);

		$dbc->disconnect();
	}
		
	function getClientSubnet() {
		# return class-c subnet
		return substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], ".")) . ".0";
	}	
}    
?>

Return to bug 209557

Added Link Here

(-)eclipse.org-common/system/evt_log.class.php (+141 lines)
1	<?php
2	/*******************************************************************************
3	* Copyright (c) 2007 Eclipse Foundation and others.
4	* All rights reserved. This program and the accompanying materials
5	* are made available under the terms of the Eclipse Public License v1.0
6	* which accompanies this distribution, and is available at
7	* http://www.eclipse.org/legal/epl-v10.html
8	*
9	* Contributors:
10	* Denis Roy (Eclipse Foundation)- initial API and implementation
11	*******************************************************************************/
12
13	define('MAX_LOG_DAYS', 365);
14
15	require_once("/home/data/httpd/eclipse-php-classes/system/dbconnection_rw.class.php");
16
17	class EvtLog {
18
19	#*****************************************************************************
20	#
21	# evt_log.class.php
22	#
23	# Author: Denis Roy
24	# Date: 2004-08-05
25	#
26	# Description: Functions and modules related to a modification log entry
27	#
28	# HISTORY:
29	#
30	#*****************************************************************************
31
32
33
34	var $LogID = 0;
35	var $LogTable = "";
36	var $PK1 = "";
37	var $PK2 = "";
38	var $LogAction = "";
39	var $uid = "";
40	var $EvtDateTime = "";
41
42	function getLogID() {
43	return $this->LogID;
44	}
45	function getLogTable() {
46	return $this->LogTable;
47	}
48	function getPK1() {
49	return $this->PK1;
50	}
51	function getPK2() {
52	return $this->PK2;
53	}
54	function getLogAction() {
55	return $this->LogAction;
56	}
57	function getuid() {
58	return $this->PersonID;
59	}
60	function getEvtDateTime() {
61	return $this->EvtDateTime;
62	}
63
64
65	function setLogID($_LogID) {
66	$this->LogID = $_LogID;
67	}
68	function setLogTable($_LogTable) {
69	$this->LogTable = $_LogTable;
70	}
71	function setPK1($_PK1) {
72	$this->PK1 = $_PK1;
73	}
74	function setPK2($_PK2) {
75	$this->PK2 = $_PK2;
76	}
77	function setLogAction($_LogAction) {
78	$this->LogAction = $_LogAction;
79	}
80	function setuid($_uid) {
81	$this->uid = $_uid;
82	}
83	function setEvtDateTime($_EvtDateTime) {
84	$this->EvtDateTime = $_EvtDateTime;
85	}
86
87	function insertModLog ($_uid) {
88	$uid = $_uid;
89	if($this->getLogTable() != "" && $this->getPK1() != "" && $this->getLogAction() != "" && $uid != "") {
90	$App = new App();
91	$dbc = new DBConnectionRW();
92	$dbh = $dbc->connect();
93
94	$sql = "INSERT INTO SYS_EvtLog (
95	LogID,
96	LogTable,
97	PK1,
98	PK2,
99	LogAction,
100	uid,
101	EvtDateTime)
102	VALUES (
103	NULL,
104	" . $App->returnQuotedString($App->sqlSanitize($this->getLogTable(),$dbh)) . ",
105	" . $App->returnQuotedString($App->sqlSanitize($this->getPK1(),$dbh)) . ",
106	" . $App->returnQuotedString($App->sqlSanitize($this->getPK2(),$dbh)) . ",
107	" . $App->returnQuotedString($App->sqlSanitize($this->getLogAction(),$dbh)) . ",
108	" . $App->returnQuotedString($App->sqlSanitize($uid),$dbh) . ",
109	NOW()
110	)";
111
112	mysql_query($sql, $dbh);
113	if(mysql_error() != "") {
114	echo "An unknown database error has occurred while logging information. Please contact the System Administrator.";
115	echo mysql_error();
116	exit;
117	}
118
119	$dbc->disconnect();
120
121	# 1% of each hits will perform clean up
122	if(rand(0, 100) < 1) {
123	$this->cleanup();
124	}
125	}
126	else {
127	echo "An unknown system error has occurred while logging information. Please contact the System Administrator.";
128	exit;
129	}
130	}
131
132	function cleanup() {
133	$sql = "DELETE FROM SYS_EvtLog WHERE EvtDateTime < " . MAX_LOG_DAYS;
134
135	$dbc = new DBConnectionRW();
136	$dbh = $dbc->connect();
137	mysql_query($sql, $dbh);
138	$dbc->disconnect();
139	}
140	}
141	?>

Added Link Here

(-)eclipse.org-common/system/session.class.php (+232 lines)
1	<?php
2	/*******************************************************************************
3	* Copyright (c) 2007 Eclipse Foundation and others.
4	* All rights reserved. This program and the accompanying materials
5	* are made available under the terms of the Eclipse Public License v1.0
6	* which accompanies this distribution, and is available at
7	* http://www.eclipse.org/legal/epl-v10.html
8	*
9	* Contributors:
10	* Denis Roy (Eclipse Foundation)- initial API and implementation
11	*******************************************************************************/
12
13	define('ECLIPSE_SESSION', 'ECLIPSESESSION');
14
15	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php");
16	require_once("/home/data/httpd/eclipse-php-classes/system/dbconnection_rw.class.php");
17	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
18	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/evt_log.class.php");
19
20	class Session {
21
22	private $gid = "";
23	private $bugzilla_id= 0;
24	private $subnet = "";
25	private $updated_at = "";
26	private $is_persistent = 0;
27	private $Friend = null;
28	private $data = "";
29
30	/**
31	* Default constructor
32	*
33	* @return null
34	*/
35	function Session($persistent=0) {
36	$this->setIsPersistent($persistent);
37	$this->validate();
38	}
39
40
41	function getGID() {
42	return $this->gid;
43	}
44	function getBugzillaID() {
45	return $this->bugzilla_id;
46	}
47	function getSubnet() {
48	return $this->subnet;
49	}
50	function getUpdatedAt() {
51	return $this->updated_at;
52	}
53	function getFriend() {
54	return $this->Friend;
55	}
56	function getData() {
57	return unserialize($this->data);
58	}
59	function getIsPersistent() {
60	return $this->is_persistent == null ? 0 : $this->is_persistent;
61	}
62
63	function setGID($_gid) {
64	$this->gid = $_gid;
65	}
66	function setBugzillaID($_bugzilla_id) {
67	$this->bugzilla_id = $_bugzilla_id;
68	}
69	function setSubnet($_subnet) {
70	$this->subnet = $_subnet;
71	}
72	function setUpdatedAt($_updated_at) {
73	$this->updated_at = $_updated_at;
74	}
75	function setFriend($_friend) {
76	$this->Friend = $_friend;
77	}
78	function setData($_data) {
79	$this->data = serialize($_data);
80	}
81	function setIsPersistent($_is_persistent) {
82	$this->is_persistent = $_is_persistent;
83	}
84
85
86	/**
87	* Validate session based on browser cookie
88	*
89	* @return boolean
90	*/
91	function validate() {
92	$cookie = (isset($_COOKIE[ECLIPSE_SESSION]) ? $_COOKIE[ECLIPSE_SESSION] : "");
93	$rValue = false;
94	if ( (!$this->load($cookie))) {
95	# Failed - no such session, or session no match. Need to relogin
96	setcookie(ECLIPSE_SESSION, "", -36000, "/", "eclipse.org");
97	$rValue = false;
98	}
99	else {
100	# TODO: update session?
101	$rValue = true;
102	$this->maintenance();
103	$this->setFriend($this->getData());
104	}
105	return $rValue;
106	}
107
108	function destroy() {
109	if($this->getBugzillaID() != 0) {
110	$sql = "DELETE FROM sessions WHERE bugzilla_id = " . $this->getBugzillaID();
111	$dbc = new DBConnectionRW();
112	$dbh = $dbc->connect();
113	mysql_query($sql, $dbh);
114	$dbc->disconnect();
115	setcookie(ECLIPSE_SESSION, "", -36000, "/", "eclipse.org");
116
117	# Log this event
118	$EvtLog = new EvtLog();
119	$EvtLog->setLogTable("sessions");
120	$EvtLog->setPK1($this->getBugzillaID());
121	$EvtLog->setPK2($_SERVER['REMOTE_ADDR']);
122	$EvtLog->setLogAction("DELETE");
123	$EvtLog->insertModLog("apache");
124	}
125	}
126
127	function create() {
128	# create session on the database
129	$Friend = $this->getFriend();
130	$this->setData($Friend);
131
132	# need to have a bugzilla ID to log in
133	if($Friend->getBugzillaID() > 0) {
134	$App = new App();
135	$this->setGID(md5(uniqid(rand(),true)));
136	$this->setSubnet($this->getClientSubnet());
137	$this->setUpdatedAt($App->getCURDATE());
138	$this->setBugzillaID($Friend->getBugzillaID());
139
140	$dbc = new DBConnectionRW();
141	$dbh = $dbc->connect();
142
143	$sql = "INSERT INTO sessions (
144	gid,
145	bugzilla_id,
146	subnet,
147	updated_at,
148	data,
149	is_persistent)
150	VALUES (
151	" . $App->returnQuotedString($this->getGID()) . ",
152	" . $App->sqlSanitize($Friend->getBugzillaID() ,$dbh) . ",
153	" . $App->returnQuotedString($this->getSubnet()) . ",
154	NOW(),
155	'" . $App->returnJSSAfeString($this->data) . "',
156	'" . $App->sqlSanitize($this->getIsPersistent(),$dbh) . "')";
157
158	mysql_query($sql, $dbh);
159	$dbc->disconnect();
160
161
162	# Log this event
163	$EvtLog = new EvtLog();
164	$EvtLog->setLogTable("sessions");
165	$EvtLog->setPK1($this->getBugzillaID());
166	$EvtLog->setPK2($_SERVER['REMOTE_ADDR']);
167	$EvtLog->setLogAction("INSERT");
168	$EvtLog->insertModLog("apache");
169
170
171	$cookie_time = 0;
172	if($this->getIsPersistent()) {
173	$cookie_time = time()+360024365;
174	}
175	setcookie(ECLIPSE_SESSION, $this->getGID(), $cookie_time, "/", "eclipse.org");
176	}
177	}
178
179	function load($_gid) {
180	# need to have a bugzilla ID to log in
181
182	$rValue = false;
183	if($_gid != "") {
184	$dbc = new DBConnectionRW();
185	$dbh = $dbc->connect();
186
187	$App = new App();
188	$sql = "SELECT gid,
189	bugzilla_id,
190	subnet,
191	updated_at,
192	data,
193	is_persistent
194	FROM sessions
195	WHERE gid = " . $App->sqlSanitize($App->returnQuotedString($_gid),$dbh) . "
196	AND subnet = " . $App->returnQuotedString($this->getClientSubnet());
197
198	$result = mysql_query($sql, $dbh);
199	if($result && mysql_num_rows($result) > 0) {
200	$rValue = true;
201	$myrow = mysql_fetch_assoc($result);
202	$this->setGID($_gid);
203	$this->setBugzillaID($myrow['bugzilla_id']);
204	$this->setSubnet($myrow['subnet']);
205	$this->setUpdatedAt($myrow['updated_at']);
206	$this->data = $myrow['data'];
207	$this->setIsPersistent($myrow['is_persistent']);
208	}
209	$dbc->disconnect();
210	}
211	return $rValue;
212	}
213
214	function maintenance() {
215	$dbc = new DBConnectionRW();
216	$dbh = $dbc->connect();
217
218	$sql = "DELETE FROM sessions
219	WHERE (updated_at < DATE_SUB(NOW(), INTERVAL 1 DAY) AND is_persistent = 0)
220	OR (subnet = '" . $this->getClientSubnet() . "' AND gid <> '" . $App->sqlSanitize($this->getGID(), $dbh) . "')";
221
222	mysql_query($sql, $dbh);
223
224	$dbc->disconnect();
225	}
226
227	function getClientSubnet() {
228	# return class-c subnet
229	return substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], ".")) . ".0";
230	}
231	}
232	?>