2021SC@SDUSC
os-sim/www源码分析之action.php
session简述
session机制与cookie机制是web开发中常用的技术,作为web服务器必须能够采用某种方式来唯一识别同一个用户,并记录该用户的状态。而这同一个客户端与服务器端的在一段时间内的多次交互,我们就可以称该客户端为该服务器端的一个客户端会话窗口,有了会话窗口,我们就能确定哪个请求是哪个用户发出的了,从而可以实现会话跟踪,并记录用户的行为。
举一个通俗易懂的例子进行类比:
理发店办活动,注册会员理2次头发送洗发水,理发5次送优惠券200等等。。。。
- cookie机制:理发店给每个会员发一张卡片,卡片上记着每个人的信息,每理一次发就在卡片上记录一次(打勾)。
- session机制:理发店有一台电脑,电脑上记录着每个会员对应的理发次数。
可以看出:一个对应客户端,一个对应服务器端。
进而,大家可能对这两种机制的安全性有了思考,cookie或许可以被篡改/窃取,在安全角度是不如session的。
1、开始
首先,我们检查是否有活动会话。
然后我们检查登录者是否有权限
//First we check we have an active session
Session::useractive();
//Then we check the permissions
if (!Session::logcheck_bool("analysis-menu", "ControlPanelAlarms"))
{
$response['error'] = TRUE ;
$response['msg'] = _('You do not have permissions to see this section');
echo json_encode($response);
exit -1;
}
2、close_alarm
此功能可关闭单个警报。
$conn
, $data
用于连接数据库
/*
* This function close a single alarm.
*
* @param $conn object DB Connection
* @param $data array Backlog ID of the alarm to be closed
*
*/
function close_alarm($conn, $data)
{
if ( !Session::menu_perms("analysis-menu", "ControlPanelAlarmsClose")) {
ossim_set_error(_("You don't have required permissions to close Alarms"));
}
return odc_engine($conn, $data, 'close');
}
3、alarm的开启与关闭
此功能可打开单个警报。
/*
* This function open a single alarm.
*
* @param $conn object DB Connection
* @param $data array Backlog ID of the alarm to be closed
*
*/
function open_alarm($conn, $data)
{
return odc_engine($conn, $data, 'open');
}
此功能可关闭单个警报。
/*
* This function delete a single alarm.
*
* @param $conn object DB Connection
* @param $data array Backlog ID of the alarm to be closed
*
*/
function delete_alarm($conn, $data)
{
if (!Session::menu_perms("analysis-menu", "ControlPanelAlarmsDelete"))
{
die(ossim_error("You don't have required permissions to delete Alarms"));
}
return odc_engine($conn, $data, 'delete');
}
4、remember_alarms
*此功能在会话中设置已检查的报警,以记住选择。
/*
* This function set in session the alarms checked in order to remeber the selection.
*
* @param $conn object DB Connection
* @param $data array Backlog ID of the alarms selected
*
*/
function remember_alarms($data)
{
$alarms = $data['alarms'];
//Cleaning the previous selected alarms
unset($_SESSION['_SELECTED_ALARMS']);
//Going through the alarms selected
if (is_array($alarms))
{
foreach($alarms as $alarm)
{
//Only the alarms that matches with an UUID will be stored. Otherwise we ignore them
if (preg_match("/^[0-9a-fA-F]+$/", $alarm))
{
$_SESSION['_SELECTED_ALARMS'][$alarm] = 1;
}
}
}
$return['error'] = FALSE;
return $return;
}
5、check_bg_tasks
此功能检查是否有报警操作在后台运行。
/*
* This function checks if there is an alarm operation running in background.
*
* @param $conn object DB Connection
*
*/
function check_bg_tasks($conn)
{
$user = Session::get_session_user();
$config = new User_config($conn);
//Getting the pid of the operation running in background
$pid = $config->get($user, 'background_task', 'simple', "alarm");
$bg = FALSE;
//If the pid is not empty, then we check if the process is still running
if($pid != '')
{
//Launching a ps with the pid stored
$process_state = Util::execute_command('ps ?', array(intval($pid)), 'array');
$bg = (count($process_state) >= 2); //If the count is >= 2 then there is a process running
//If the process is not running any longer, then we delete the pid from db
if(!$bg)
{
$config->set($user, 'background_task', '', 'simple', 'alarm');
}
}
$return['error'] = FALSE ;
$return['msg'] = '';
$return['bg'] = $bg;
Util::memcacheFlush(FALSE);
return $return;
}
6、最后
//验证操作
//验证令牌
//验证它是否是ajax请求
然后将参数列表转换为具有实际参数的实际数组,最后调用相应的function
$action = POST("action");
$data = POST("data");
//Validating the action
ossim_valid($action, OSS_DIGIT, 'illegal:' . _("Action"));
if (ossim_error())
{
$info_error = "Error: ".ossim_get_error();
ossim_clean_error();
$response['error'] = TRUE ;
$response['msg'] = $info_error;
echo json_encode($response);
die();
}
//Verifying the token
if (!Token::verify('tk_alarm_operations', GET('token')))
{
$response['error'] = TRUE ;
$response['msg'] = _('Invalid Action');
echo json_encode($response);
die();
}
//Verifying it is an ajax request
if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest')
{
//List of all the possibles functions
$function_list = array
(
1 => array('name' => 'close_alarm', 'params' => array('conn', 'data')),
2 => array('name' => 'open_alarm', 'params' => array('conn', 'data')),
3 => array('name' => 'remember_alarms', 'params' => array('data')),
4 => array('name' => 'delete_all_alarms', 'params' => array('conn')),
5 => array('name' => 'close_all_alarms', 'params' => array('conn')),
6 => array('name' => 'delete_alarm', 'params' => array('conn', 'data')),
7 => array('name' => 'check_bg_tasks', 'params' => array('conn')),
8 => array('name' => 'open_all_alarms', 'params' => array('conn')),
);
$_function = $function_list[$action];
//Checking we have a function associated to the action given
if (is_array($_function) && function_exists($_function['name']))
{
$db = new ossim_db();
$conn = $db->connect();
//Now we translate the params list to a real array with the real parameters
$params = array();
foreach($_function['params'] as $p)
{
$params[] = $$p;
}
//Calling to the function
$return = call_user_func_array($_function['name'], $params);
if ($return === FALSE)
{
$response['error'] = TRUE ;
$response['msg'] = _('Invalid Action');
}
else
{
$response = $return;
}
$db->close($conn);
}
else
{
$response['error'] = TRUE ;
$response['msg'] = _('Wrong Option Chosen');
}
}
else
{
$response['error'] = TRUE ;
$response['msg'] = _('Invalid Action');
}
echo json_encode($response);