phpDocumentor pivotx
[ class tree: pivotx ] [ index: pivotx ] [ all elements ]

Class: Session

Source Location: /objects.php

Class Session

Class Overview

This class deals with Sessions: logging in, logging out, saving sessions and performing checks for required userlevels.

This class protects the cookie/session against standard XSS attacks and sidejacking.

Located in /objects.php [line 1998]



		
		
		
		

Properties

Methods

[ Top ]
Property Summary
mixed   $logins  
mixed   $maxlogins  
mixed   $message  
mixed   $permsessions  

[ Top ]
Method Summary
Session   __construct()   Initialisation
void   checkCSRF()   Checks if the current request is accompanied by the correct CSRF check.
void   checkFailedLogins()   Checks failed login attempts so PivotX can block brute force attacks.
array   currentUser()   Returns the current user.
array   currentUsername()   Returns the username of the current user.
void   getCSRF()   Get the key to use in the CSRF checks.
array   getMessage()   Returns the latest/current message.
string   getValue()   Gets a single session value
boolean   isLoggedIn()   Verify if whomever requested the current page is logged in as a user, or else attempt to (transparently) continue from a saved session.
void   loadLogins()   Load stored login attempts from the filesystem.
void   loadPermsessions()   Load the permanent sessions from the filesystem.
void   logFailedLogin()   Logs failed login attempts so PivotX can block brute force attacks.
boolean   login()   Attempt to log in a user, using the passed credentials. If succesfull, the session info is updated and 'true' is returned. When unsuccesful the session remains unaltered, and false is returned
void   logout()   Log out a user: clear the session, and delete the cookie
void   minLevel()   Checks if the currently logged in user has at least the required level to view the page he/she is trying to access.
void   saveLogins()   Save login attempts from the filesystem.
void   savePermsessions()   Save permanent sessions to the filesystem, for users that check 'keep me logged in'.
void   setCookie()   Sets a cookie taking into account the path, domain, secure connection and if "HTTP only" is supported. Basically a wrapper around setcookie.
void   setUser()   Sets the specifics for the current user..
void   setValue()   Sets a session value, and then saves it.

[ Top ]
Properties
mixed   $logins [line 2000]

[ Top ]
mixed   $maxlogins [line 2000]

[ Top ]
mixed   $message [line 2000]

[ Top ]
mixed   $permsessions [line 2000]

[ Top ]
Methods
Constructor __construct  [line 2006]

  Session __construct( )

Initialisation



[ Top ]
checkCSRF  [line 2409]

  void checkCSRF( int $value  )

Checks if the current request is accompanied by the correct CSRF check.

If not, the user is logged out of the system.

Parameters:
int   $value: 


[ Top ]
checkFailedLogins  [line 2283]

  void checkFailedLogins( )

Checks failed login attempts so PivotX can block brute force attacks.



[ Top ]
currentUser  [line 2340]

  array currentUser( )

Returns the current user.



[ Top ]
currentUsername  [line 2364]

  array currentUsername( )

Returns the username of the current user.



[ Top ]
getCSRF  [line 2424]

  void getCSRF( )

Get the key to use in the CSRF checks.



[ Top ]
getMessage  [line 2329]

  array getMessage( )

Returns the latest/current message.



[ Top ]
getValue  [line 2538]

  string getValue( string $key  )

Gets a single session value

Parameters:
string   $key: 


[ Top ]
isLoggedIn  [line 2108]

  boolean isLoggedIn( )

Verify if whomever requested the current page is logged in as a user, or else attempt to (transparently) continue from a saved session.



[ Top ]
loadLogins  [line 2495]

  void loadLogins( )

Load stored login attempts from the filesystem.



[ Top ]
loadPermsessions  [line 2459]

  void loadPermsessions( )

Load the permanent sessions from the filesystem.



[ Top ]
logFailedLogin  [line 2264]

  void logFailedLogin( )

Logs failed login attempts so PivotX can block brute force attacks.



[ Top ]
login  [line 2191]

  boolean login( string $username, string $password, int $stay  )

Attempt to log in a user, using the passed credentials. If succesfull, the session info is updated and 'true' is returned. When unsuccesful the session remains unaltered, and false is returned

Parameters:
string   $username: 
string   $password: 
int   $stay: 


[ Top ]
logout  [line 2300]

  void logout( )

Log out a user: clear the session, and delete the cookie



[ Top ]
minLevel  [line 2379]

  void minLevel( int $level  )

Checks if the currently logged in user has at least the required level to view the page he/she is trying to access.

If not, the user is logged out of the system.

Parameters:
int   $level: 


[ Top ]
saveLogins  [line 2476]

  void saveLogins( )

Save login attempts from the filesystem.



[ Top ]
savePermsessions  [line 2447]

  void savePermsessions( )

Save permanent sessions to the filesystem, for users that check 'keep me logged in'.

The sessions are saved in db/ser_sessions.php, and they look somewhat like Array ( [8nkvr62i3s37] => Array ( [username] => admin [ip] => 127.0.0.1 [lastseen] => 1168177821 ) )



[ Top ]
setCookie  [line 2078]

  void setCookie( string $name, string $value, [string $time = '']  )

Sets a cookie taking into account the path, domain, secure connection and if "HTTP only" is supported. Basically a wrapper around setcookie.

Parameters:
string   $name: 
string   $value: 
string   $time: 


[ Top ]
setUser  [line 2352]

  void setUser( array $user  )

Sets the specifics for the current user..

Parameters:
array   $user: 


[ Top ]
setValue  [line 2521]

  void setValue( string $key, [unknown_type $value = false]  )

Sets a session value, and then saves it.

Parameters:
string   $key: 
unknown_type   $value: 


[ Top ]

Documentation generated on Tue, 27 Jun 2017 01:06:24 +0200 by phpDocumentor 1.4.3