Marown/swad-core
Marown
/
swad-core
mirror of https://github.com/acanas/swad-core.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
swad-core/swad_session.c

505 lines
19 KiB
C
Raw Blame History

// swad_session.c: sessions
/*
SWAD (Shared Workspace At a Distance),
is a web platform developed at the University of Granada (Spain),
and used to support university teaching.
This file is part of SWAD core.
Copyright (C) 1999-2017 Antonio Cañas Vargas
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*****************************************************************************/
/************************************ Headers ********************************/
/*****************************************************************************/
#include <linux/stddef.h> // For NULL
#include <mysql/mysql.h> // To access MySQL databases
#include <stdio.h> // For sprintf
#include <stdlib.h> // For malloc and free
#include <string.h> // For string functions
#include "swad_connected.h"
#include "swad_database.h"
#include "swad_global.h"
#include "swad_parameter.h"
#include "swad_social.h"
/*****************************************************************************/
/**************************** Internal constants *****************************/
/*****************************************************************************/
/*****************************************************************************/
/************** External global variables from others modules ****************/
/*****************************************************************************/
extern struct Globals Gbl;
/*****************************************************************************/
/***************************** Internal prototypes ***************************/
/*****************************************************************************/
static void Ses_RemoveSessionFromDB (void);
static bool Ses_CheckIfHiddenParIsAlreadyInDB (Act_Action_t NextAction,
const char *ParamName);
/*****************************************************************************/
/************************** Get number of open sessions **********************/
/*****************************************************************************/
void Ses_GetNumSessions (void)
{
char Query[128];
/***** Get the number of open sessions from database *****/
sprintf (Query,"SELECT COUNT(*) FROM sessions");
Gbl.Session.NumSessions = (unsigned) DB_QueryCOUNT (Query,"can not get the number of open sessions");
Gbl.Usrs.Connected.TimeToRefreshInMs = (unsigned long) (Gbl.Session.NumSessions/Cfg_TIMES_PER_SECOND_REFRESH_CONNECTED) * 1000UL;
if (Gbl.Usrs.Connected.TimeToRefreshInMs < Con_MIN_TIME_TO_REFRESH_CONNECTED_IN_MS)
Gbl.Usrs.Connected.TimeToRefreshInMs = Con_MIN_TIME_TO_REFRESH_CONNECTED_IN_MS;
else if (Gbl.Usrs.Connected.TimeToRefreshInMs > Con_MAX_TIME_TO_REFRESH_CONNECTED_IN_MS)
Gbl.Usrs.Connected.TimeToRefreshInMs = Con_MAX_TIME_TO_REFRESH_CONNECTED_IN_MS;
}
/*****************************************************************************/
/*************************** Create a new session ****************************/
/*****************************************************************************/
void Ses_CreateSession (void)
{
/***** Create a unique name for the session *****/
Str_Copy (Gbl.Session.Id,Gbl.UniqueNameEncrypted,
Ses_BYTES_SESSION_ID);
/***** Check that session is not open *****/
if (Ses_CheckIfSessionExists (Gbl.Session.Id))
Lay_ShowErrorAndExit ("Can not create session.");
/***** Add session to database *****/
Ses_InsertSessionInDB ();
/***** Update time and course in connected list *****/
Con_UpdateMeInConnectedList ();
/***** Update number of open sessions in order to show them properly *****/
Ses_GetNumSessions ();
}
/*****************************************************************************/
/*********** Check if the session already exists in the database *************/
/*****************************************************************************/
// Return true if session exists
// Return false if session does not exist or error
bool Ses_CheckIfSessionExists (const char *IdSes)
{
char Query[128 + Ses_BYTES_SESSION_ID];
/***** Get if session already exists in database *****/
sprintf (Query,"SELECT COUNT(*) FROM sessions WHERE SessionId='%s'",
IdSes);
return (DB_QueryCOUNT (Query,"can not check if a session already existed") != 0);
}
/*****************************************************************************/
/************************** Close current session ****************************/
/*****************************************************************************/
void Ses_CloseSession (void)
{
if (Gbl.Usrs.Me.Logged)
{
/***** Remove session from database *****/
Ses_RemoveSessionFromDB ();
Gbl.Session.IsOpen = false;
// Gbl.Session.HasBeenDisconnected = true;
Gbl.Session.Id[0] = '\0';
/***** If there are no more sessions for current user ==> remove user from connected list *****/
Con_RemoveOldConnected ();
Ses_RemoveHiddenParFromExpiredSessions ();
/***** Now, user is not logged in *****/
Gbl.Usrs.Me.LoggedRoleBeforeCloseSession = Gbl.Usrs.Me.LoggedRole;
Gbl.Usrs.Me.Logged = false;
Gbl.Usrs.Me.IBelongToCurrentIns = false;
Gbl.Usrs.Me.IBelongToCurrentCtr = false;
Gbl.Usrs.Me.IBelongToCurrentDeg = false;
Gbl.Usrs.Me.IBelongToCurrentCrs = false;
Gbl.Usrs.Me.LoggedRole = Rol_UNKNOWN; // Don't uncomment this line. Don't change the role to unknown. Keep user's role in order to log the access
Gbl.Usrs.Me.MyCrss.Filled = false;
Gbl.Usrs.Me.MyCrss.Num = 0;
/***** Update number of open sessions in order to show them properly *****/
Ses_GetNumSessions ();
}
}
/*****************************************************************************/
/******************** Insert new session in the database *********************/
/*****************************************************************************/
void Ses_InsertSessionInDB (void)
{
char Query[1024 +
Ses_BYTES_SESSION_ID +
Pwd_BYTES_ENCRYPTED_PASSWORD];
/***** Insert session in the database *****/
if (Gbl.Search.WhatToSearch == Sch_SEARCH_UNKNOWN)
Gbl.Search.WhatToSearch = Sch_WHAT_TO_SEARCH_DEFAULT;
sprintf (Query,"INSERT INTO sessions"
" (SessionId,UsrCod,Password,Role,"
"CtyCod,InsCod,CtrCod,DegCod,CrsCod,LastTime,LastRefresh,WhatToSearch)"
" VALUES"
" ('%s',%ld,'%s',%u,"
"%ld,%ld,%ld,%ld,%ld,NOW(),NOW(),%u)",
Gbl.Session.Id,
Gbl.Usrs.Me.UsrDat.UsrCod,
Gbl.Usrs.Me.UsrDat.Password,
(unsigned) Gbl.Usrs.Me.LoggedRole,
Gbl.CurrentCty.Cty.CtyCod,
Gbl.CurrentIns.Ins.InsCod,
Gbl.CurrentCtr.Ctr.CtrCod,
Gbl.CurrentDeg.Deg.DegCod,
Gbl.CurrentCrs.Crs.CrsCod,
Gbl.Search.WhatToSearch);
DB_QueryINSERT (Query,"can not create session");
}
/*****************************************************************************/
/***************** Modify data of session in the database ********************/
/*****************************************************************************/
void Ses_UpdateSessionDataInDB (void)
{
char Query[1024 +
Pwd_BYTES_ENCRYPTED_PASSWORD +
Ses_BYTES_SESSION_ID];
/***** Update session in database *****/
sprintf (Query,"UPDATE sessions SET UsrCod=%ld,Password='%s',Role=%u,"
"CtyCod=%ld,InsCod=%ld,CtrCod=%ld,DegCod=%ld,CrsCod=%ld,"
"LastTime=NOW(),LastRefresh=NOW()"
" WHERE SessionId='%s'",
Gbl.Usrs.Me.UsrDat.UsrCod,
Gbl.Usrs.Me.UsrDat.Password,
(unsigned) Gbl.Usrs.Me.LoggedRole,
Gbl.CurrentCty.Cty.CtyCod,
Gbl.CurrentIns.Ins.InsCod,
Gbl.CurrentCtr.Ctr.CtrCod,
Gbl.CurrentDeg.Deg.DegCod,
Gbl.CurrentCrs.Crs.CrsCod,
Gbl.Session.Id);
DB_QueryUPDATE (Query,"can not update session");
}
/*****************************************************************************/
/******************** Modify session last refresh in database ****************/
/*****************************************************************************/
void Ses_UpdateSessionLastRefreshInDB (void)
{
char Query[128 + Ses_BYTES_SESSION_ID];
/***** Update session in database *****/
sprintf (Query,"UPDATE sessions SET LastRefresh=NOW() WHERE SessionId='%s'",
Gbl.Session.Id);
DB_QueryUPDATE (Query,"can not update session");
}
/*****************************************************************************/
/********************** Remove session from the database *********************/
/*****************************************************************************/
static void Ses_RemoveSessionFromDB (void)
{
char Query[128 + Ses_BYTES_SESSION_ID];
/***** Remove current session *****/
sprintf (Query,"DELETE FROM sessions WHERE SessionId='%s'",
Gbl.Session.Id);
DB_QueryDELETE (Query,"can not remove a session");
/***** Clear old unused social timelines in database *****/
// This is necessary to prevent the table growing and growing
Soc_ClearOldTimelinesDB ();
}
/*****************************************************************************/
/*************************** Remove expired sessions *************************/
/*****************************************************************************/
void Ses_RemoveExpiredSessions (void)
{
char Query[1024];
/***** Remove expired sessions *****/
/* A session expire
when last click (LastTime) is too old,
or (when there was at least one refresh (navigator supports AJAX)
and last refresh is too old (browser probably was closed)) */
sprintf (Query,"DELETE LOW_PRIORITY FROM sessions WHERE"
" LastTime<FROM_UNIXTIME(UNIX_TIMESTAMP()-'%lu')"
" OR "
"(LastRefresh>LastTime+INTERVAL 1 SECOND"
" AND"
" LastRefresh<FROM_UNIXTIME(UNIX_TIMESTAMP()-'%lu'))",
Cfg_TIME_TO_CLOSE_SESSION_FROM_LAST_CLICK,
Cfg_TIME_TO_CLOSE_SESSION_FROM_LAST_REFRESH);
DB_QueryDELETE (Query,"can not remove expired sessions");
}
/*****************************************************************************/
/******* Get the data (user code and password) of an initiated session *******/
/*****************************************************************************/
bool Ses_GetSessionData (void)
{
char Query[256 + Ses_BYTES_SESSION_ID];
MYSQL_RES *mysql_res;
MYSQL_ROW row;
unsigned UnsignedNum;
bool Result = false;
/***** Query data of session from database *****/
sprintf (Query,"SELECT UsrCod,Password,Role,"
"CtyCod,InsCod,CtrCod,DegCod,CrsCod,"
"WhatToSearch,SearchStr"
" FROM sessions WHERE SessionId='%s'",
Gbl.Session.Id);
/***** Check if the session existed in the database *****/
if (DB_QuerySELECT (Query,&mysql_res,"can not get data of session"))
{
row = mysql_fetch_row (mysql_res);
/***** Get user code (row[0]) *****/
Gbl.Session.UsrCod = Str_ConvertStrCodToLongCod (row[0]);
/***** Get password (row[1]) *****/
Str_Copy (Gbl.Usrs.Me.LoginEncryptedPassword,row[1],
Pwd_BYTES_ENCRYPTED_PASSWORD);
/***** Get logged user type (row[2]) *****/
if (sscanf (row[2],"%u",&Gbl.Usrs.Me.RoleFromSession) != 1)
Gbl.Usrs.Me.RoleFromSession = Rol_UNKNOWN;
/***** Get country code (row[3]) *****/
Gbl.CurrentCty.Cty.CtyCod = Str_ConvertStrCodToLongCod (row[3]);
/***** Get institution code (row[4]) *****/
Gbl.CurrentIns.Ins.InsCod = Str_ConvertStrCodToLongCod (row[4]);
/***** Get centre code (row[5]) *****/
Gbl.CurrentCtr.Ctr.CtrCod = Str_ConvertStrCodToLongCod (row[5]);
/***** Get degree code (row[6]) *****/
Gbl.CurrentDeg.Deg.DegCod = Str_ConvertStrCodToLongCod (row[6]);
/***** Get course code (row[7]) *****/
Gbl.CurrentCrs.Crs.CrsCod = Str_ConvertStrCodToLongCod (row[7]);
/***** Get last search *****/
if (Gbl.Action.Act != ActLogOut) // When closing session, last search will not be needed
{
/* Get what to search (row[8]) */
Gbl.Search.WhatToSearch = Sch_SEARCH_UNKNOWN;
if (sscanf (row[8],"%u",&UnsignedNum) == 1)
if (UnsignedNum < Sch_NUM_WHAT_TO_SEARCH)
Gbl.Search.WhatToSearch = (Sch_WhatToSearch_t) UnsignedNum;
if (Gbl.Search.WhatToSearch == Sch_SEARCH_UNKNOWN)
Gbl.Search.WhatToSearch = Sch_WHAT_TO_SEARCH_DEFAULT;
/* Get search string (row[9]) */
Str_Copy (Gbl.Search.Str,row[9],
Sch_MAX_BYTES_STRING_TO_FIND);
}
Result = true;
}
/***** Free structure that stores the query result *****/
DB_FreeMySQLResult (&mysql_res);
return Result;
}
/*****************************************************************************/
/******************* Insert hidden parameter in the database *****************/
/*****************************************************************************/
void Ses_InsertHiddenParInDB (Act_Action_t NextAction,
const char *ParamName,const char *ParamValue)
{
extern struct Act_Actions Act_Actions[Act_NUM_ACTIONS];
char *Query;
size_t LengthParamName;
size_t LengthParamValue;
size_t MaxLength;
/***** Before of inserting the first hidden parameter passed to the next action,
delete all the parameters coming from the previous action *****/
Ses_RemoveHiddenParFromThisSession ();
/***** For a unique session-action-parameter, don't insert a parameter more than one time *****/
if (ParamName)
if ((LengthParamName = strlen (ParamName)))
if (!Ses_CheckIfHiddenParIsAlreadyInDB (NextAction,ParamName))
{
/***** Allocate space for query *****/
if (ParamValue)
LengthParamValue = strlen (ParamValue);
else
LengthParamValue = 0;
MaxLength = 256 +
Ses_BYTES_SESSION_ID +
LengthParamName +
LengthParamValue;
if ((Query = (char *) malloc (MaxLength + 1)) == NULL)
Lay_ShowErrorAndExit ("Not enough memory for query.");
/***** Insert parameter in the database *****/
sprintf (Query,"INSERT INTO hidden_params"
" (SessionId,Action,ParamName,ParamValue)"
" VALUES"
" ('%s',%ld,'%s','%s')",
Gbl.Session.Id,
Act_Actions[NextAction].ActCod,
ParamName,
LengthParamValue ? ParamValue :
"");
DB_QueryINSERT (Query,"can not create hidden parameter");
Gbl.HiddenParamsInsertedIntoDB = true;
/***** Free query *****/
free ((void *) Query);
}
}
/*****************************************************************************/
/************ Remove hidden parameters of a session from database ************/
/*****************************************************************************/
void Ses_RemoveHiddenParFromThisSession (void)
{
char Query[128 + Ses_BYTES_SESSION_ID];
if (Gbl.Session.IsOpen && // There is an open session
!Gbl.HiddenParamsInsertedIntoDB) // No params just inserted
{
/***** Remove hidden parameters of this session *****/
sprintf (Query,"DELETE FROM hidden_params WHERE SessionId='%s'",
Gbl.Session.Id);
DB_QueryDELETE (Query,"can not remove hidden parameters of current session");
}
}
/*****************************************************************************/
/********* Remove expired hidden parameters (from expired sessions) **********/
/*****************************************************************************/
void Ses_RemoveHiddenParFromExpiredSessions (void)
{
char Query[256];
/***** Remove hidden parameters from expired sessions *****/
sprintf (Query,"DELETE FROM hidden_params"
" WHERE SessionId NOT IN (SELECT SessionId FROM sessions)");
DB_QueryDELETE (Query,"can not remove hidden parameters of expired sessions");
}
/*****************************************************************************/
/*************** Check if a hidden parameter existed in database *************/
/*****************************************************************************/
// Return true if the parameter already existed in database
static bool Ses_CheckIfHiddenParIsAlreadyInDB (Act_Action_t NextAction,
const char *ParamName)
{
extern struct Act_Actions Act_Actions[Act_NUM_ACTIONS];
char Query[512 + Ses_BYTES_SESSION_ID];
/***** Get a hidden parameter from database *****/
sprintf (Query,"SELECT COUNT(*) FROM hidden_params"
" WHERE SessionId='%s' AND Action=%ld AND ParamName='%s'",
Gbl.Session.Id,Act_Actions[NextAction].ActCod,ParamName);
return (DB_QueryCOUNT (Query,"can not check if a hidden parameter is already in database") != 0);
}
/*****************************************************************************/
/***************** Get hidden parameter from the database ********************/
/*****************************************************************************/
// Return true if the parameter is too big
unsigned Ses_GetHiddenParFromDB (Act_Action_t NextAction,
const char *ParamName,char *ParamValue,
size_t MaxBytes)
{
extern struct Act_Actions Act_Actions[Act_NUM_ACTIONS];
char Query[512 + Ses_BYTES_SESSION_ID];
MYSQL_RES *mysql_res;
MYSQL_ROW row;
unsigned long NumRows;
bool ParameterIsTooBig = false;
unsigned NumTimes = 0;
const char *Ptr;
ParamValue[0] = '\0';
if (Gbl.Session.IsOpen) // If the session is open, get parameter from DB
{
/***** Get a hidden parameter from database *****/
sprintf (Query,"SELECT ParamValue FROM hidden_params"
" WHERE SessionId='%s' AND Action=%ld AND ParamName='%s'",
Gbl.Session.Id,Act_Actions[NextAction].ActCod,ParamName);
NumRows = DB_QuerySELECT (Query,&mysql_res,"can not get a hidden parameter");
/***** Check if the parameter is found in database *****/
if (NumRows)
{
/***** Get the value del parameter *****/
row = mysql_fetch_row (mysql_res);
ParameterIsTooBig = (strlen (row[0]) > MaxBytes);
if (!ParameterIsTooBig)
Str_Copy (ParamValue,row[0],
MaxBytes);
}
/***** Free structure that stores the query result *****/
DB_FreeMySQLResult (&mysql_res);
}
if (ParameterIsTooBig)
{
sprintf (Gbl.Alert.Txt,"Hidden parameter <strong>%s</strong> too large,"
" it exceed the maximum allowed size (%lu bytes).",
ParamName,(unsigned long) MaxBytes);
Lay_ShowErrorAndExit (Gbl.Alert.Txt);
}
/***** Count number of values of the parameter *****/
Ptr = ParamValue;
while (*Ptr)
if (Par_GetNextStrUntilSeparParamMult (&Ptr,NULL,MaxBytes)) // Characters found?
NumTimes++;
return NumTimes;
}
Reference in New Issue View Git Blame Copy Permalink