* Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ /** * \file htdocs/admin/tools/listsessions.php * \ingroup core * \brief List of PHP sessions */ if (! defined('CSRFCHECK_WITH_TOKEN')) { define('CSRFCHECK_WITH_TOKEN', '1'); // Force use of CSRF protection with tokens even for GET } // Load Dolibarr environment require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; // Load translation files required by the page $langs->loadLangs(array("companies", "install", "users", "other")); if (!$user->admin) { accessforbidden(); } $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check if ($user->socid > 0) { $action = ''; $socid = $user->socid; } $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOSTISSET('pageplusone') ? (GETPOSTINT('pageplusone') - 1) : GETPOSTINT("page"); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; if (!$sortorder) { $sortorder = "DESC"; } if (!$sortfield) { $sortfield = "dateevent"; } /* * Actions */ // Purge sessions if ($action == 'confirm_purge' && $confirm == 'yes' && $user->admin) { $res = purgeSessions(session_id()); } // Lock new sessions if ($action == 'confirm_lock' && $confirm == 'yes' && $user->admin) { if (dolibarr_set_const($db, 'MAIN_ONLY_LOGIN_ALLOWED', $user->login, 'text', 1, 'Logon is restricted to a particular user', 0) < 0) { dol_print_error($db); } } // Unlock new sessions if ($action == 'confirm_unlock' && $user->admin) { if (dolibarr_del_const($db, 'MAIN_ONLY_LOGIN_ALLOWED', -1) < 0) { dol_print_error($db); } } /* * View */ llxHeader('', '', '', '', 0, 0, '', '', '', 'mod-admin page-tools_listsessions'); $form = new Form($db); $userstatic = new User($db); $usefilter = 0; $listofsessions = listOfSessions(); $num = count($listofsessions); print_barre_liste($langs->trans("Sessions"), $page, $_SERVER["PHP_SELF"], "", $sortfield, $sortorder, '', $num, ($num ? $num : ''), 'setup'); // Do not show number (0) if no session found (it means we can't know) $savehandler = ini_get("session.save_handler"); $savepath = ini_get("session.save_path"); $openbasedir = ini_get("open_basedir"); $phparray = phpinfo_array(); $suhosin = empty($phparray['suhosin']["suhosin.session.encrypt"]["local"]) ? '' : $phparray['suhosin']["suhosin.session.encrypt"]["local"]; print ''.$langs->trans("SessionSaveHandler").': '.$savehandler.'
'; print ''.$langs->trans("SessionSavePath").': '.$savepath.'
'; if ($openbasedir) { print ''.$langs->trans("OpenBaseDir").': '.$openbasedir.'
'; } if ($suhosin) { print ''.$langs->trans("SuhosinSessionEncrypt").': '.$suhosin.'
'; } print '
'; if ($action == 'purge') { $formquestion = array(); print $form->formconfirm($_SERVER["PHP_SELF"].'?noparam=noparam', $langs->trans('PurgeSessions'), $langs->trans('ConfirmPurgeSessions'), 'confirm_purge', $formquestion, 'no', 2); } elseif ($action == 'lock') { $formquestion = array(); print $form->formconfirm($_SERVER["PHP_SELF"].'?noparam=noparam', $langs->trans('LockNewSessions'), $langs->trans('ConfirmLockNewSessions', $user->login), 'confirm_lock', $formquestion, 'no', 1); } if ($savehandler == 'files') { print ''; print ''; print_liste_field_titre("Login", $_SERVER["PHP_SELF"], "login", "", "", 'align="left"', $sortfield, $sortorder); print_liste_field_titre("SessionId", $_SERVER["PHP_SELF"], "id", "", "", 'align="left"', $sortfield, $sortorder); print_liste_field_titre("DateCreation", $_SERVER["PHP_SELF"], "datec", "", "", 'align="left"', $sortfield, $sortorder); print_liste_field_titre("DateModification", $_SERVER["PHP_SELF"], "datem", "", "", 'align="left"', $sortfield, $sortorder); print_liste_field_titre("Age", $_SERVER["PHP_SELF"], "age", "", "", 'align="left"', $sortfield, $sortorder); print_liste_field_titre("Raw", $_SERVER["PHP_SELF"], "raw", "", "", 'align="left"', $sortfield, $sortorder); print_liste_field_titre(''); print "\n"; foreach ($listofsessions as $key => $sessionentry) { print ''; // Login print ''; // ID print ''; // Date creation print ''; // Date modification print ''; // Age print ''; // Raw print ''; print ''; print "\n"; $i++; } if (count($listofsessions) == 0) { print ''; } print "

'.$sessionentry['login'].'	'; if ("$key" == session_id()) { print $form->textwithpicto($key, $langs->trans("YourSession")); } else { print $key; } print '	'.dol_print_date($sessionentry['creation'], '%Y-%m-%d %H:%M:%S').'	'.dol_print_date($sessionentry['modification'], '%Y-%m-%d %H:%M:%S').'	'.$sessionentry['age'].'	'.dol_trunc($sessionentry['raw'], 40, 'middle').'
'.$langs->trans("NoSessionFound", $savepath, $openbasedir).'

"; } else { print $langs->trans("NoSessionListWithThisHandler"); } /* * Buttons */ print '

'; if (!getDolGlobalString('MAIN_ONLY_LOGIN_ALLOWED')) { print ''.$langs->trans("LockNewSessions").''; } else { print ''.$langs->trans("UnlockNewSessions").''; } if ($savehandler == 'files') { if (count($listofsessions)) { print ''.$langs->trans("PurgeSessions").''; } } print '

'; print '
'; // End of page llxFooter(); $db->close();