mycgisession.c

Go to the documentation of this file.

/*
 * Copyright (c) 2005 Christian Theil Have (christiantheilhave@gmail.com)
 *
 * This file is part of mycgisession.
 * 
 * mycgisession is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * 
 * mycgisession is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with mycgisession; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 */

#ifndef mycgisession_c
#define mycgisession_c

#include "mycgisession.h"

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

#define SESSION_TIMEOUT 600
#define SESSION_TABLE   "cgi_session"

#define ERROR 1;

#define ENC_TYPE_NONE 0
#define ENC_TYPE_BASE64 1

#define MAX_TABLE_NAME 64

static MYSQL *cgisession_mysql_conn = NULL;
static char cgisession_table_name[MAX_TABLE_NAME];
static int have_connection = 0;

struct CGISESSION_struct {
    char *key;
    char *data;
    unsigned int size;
    unsigned int timeout;
    unsigned int timestamp;
    int encoding;
    int stored;
};

static struct CGISESSION_struct cs;

/* static function, implemented below */
static void cgisession_init();
static int cgisession_database_init();
static int cgisession_delete_expired();
static int cgisession_update();
static int cgisession_load_all();
static char *cgisession_genkey();
static char *cgisession_encode_data();
static int cgisession_decode_data(char *encoded, long enc_size);

/**************************************************************************\
 * Public interface functions                                             *
\**************************************************************************/

int
cgisession_init_mysql_connection(char *host, char *username,
                                 char *password, char *database,
                                 unsigned int port)
{
    cgisession_mysql_conn = mysql_init(NULL);

    if (NULL == mysql_real_connect(cgisession_mysql_conn,
                                   host, username, password, database,
                                   port, NULL, 0)) {
#ifdef DEBUG1
        printf("mysql_real_connect failed: "
               "host: %s, user: %s, database: %s, password: %s\n",
               host, username, database, password);
#endif
        return -ERROR;
    }

    cgisession_init();

    return cgisession_database_init();
}

int cgisession_have_mysql_connection(MYSQL * m)
{
    if (!m)
        return -ERROR;

    cgisession_mysql_conn = m;

    have_connection = 1;

    cgisession_init();

    return cgisession_database_init();
}

int cgisession_load(char *key)
{
    if (key) {
        if (0 != cgisession_update(key))
            return -ERROR;
        if (0 != cgisession_load_all())
            return -ERROR;
    } else {
        return -ERROR;
    }

    cs.stored = 1;
    return 0;
}

int cgisession_save()
{
    char *query;
    char *encoded_data;
    int ret = 0;

    encoded_data = cgisession_encode_data();

    query = (char *) malloc(sizeof(encoded_data) + 1024);

    if (cs.stored) {
      if (encoded_data) {
        sprintf(query, "update %s set mtime=now(), "
                "timeout='%d', data='%s', datasize='%d' where session_key='%s'",
                cgisession_table_name, cs.timeout, encoded_data, cs.size, cs.key);
      } else {
        sprintf(query, "update %s set mtime=now(), "
                "timeout='%d' where session_key='%s'",
                cgisession_table_name, cs.timeout, cs.key);
      }
    } else {
      
      if (encoded_data) {
        sprintf(query,
                "insert into %s (session_key, mtime, timeout, data, datasize) "
                "values ('%s', now(), %d, '%s', '%d')", cgisession_table_name,
                cs.key, cs.timeout, encoded_data, cs.size);
      } else {
        sprintf(query,
                "insert into %s (session_key, mtime, timeout, data, datasize) "
                "values ('%s', now(), %d, null, 0)", cgisession_table_name,
                cs.key, cs.timeout);
      }
    }

    if ((ret = mysql_query(cgisession_mysql_conn, query))) {
#ifdef DEBUG1
        printf("\nquery %s failed with return code %d\n", query, ret);
        return -ERROR;
#endif
    }

    free(query);
    if (NULL!=encoded_data)
      free(encoded_data);
    return ret;
}

int cgisession_new()
{
    cs.key = cgisession_genkey();
    if (!cs.key)
        return -ERROR;
    return 0;
}

void cgisession_free()
{
  if (!have_connection)
    mysql_close(cgisession_mysql_conn);
}


int cgisession_set_data(void *data, unsigned int size)
{
  if (cs.data)
   free(cs.data);

  cs.data = malloc(size);
  memcpy(cs.data, data, size);
  cs.size = size;
  return 0;
}

void *cgisession_get_data()
{
    return cs.data;
}

char *cgisession_get_key()
{
    return cs.key;
}

void cgisession_dump() {
  printf("\n**** cgisession dump ****\n");
  printf("key: %s\n", cs.key?cs.key:"null");
  printf("data: %s\n", cs.data?cs.data:"null");
  printf("size: %d\n", cs.size);
  printf("timeout: %d\n", cs.timeout);
  printf("encoding: %d\n", cs.encoding);
  printf("stored: %d\n", cs.stored);
  printf("**** dump ends ****\n");
}

/******************************************/
/******************************************/

int cgisession_option_encoding(int enc)
{
    switch (enc) {
    case ENC_TYPE_NONE:
    case ENC_TYPE_BASE64:
        cs.encoding = enc;
        return 0;
    default:
        return -ERROR;
    }
}

int cgisession_option_timeout(unsigned int secs)
{
    cs.encoding = secs;
    return 0;
}

int cgisession_option_table(char *table_name)
{
    if (strlen(table_name) > MAX_TABLE_NAME)
        return -ERROR;
    strcpy(cgisession_table_name, table_name);
    return 0;
}

/**************************************************************************\
 * Private functions                                                      *
\**************************************************************************/

/*
 * initialize a the struct to the default values
 */
static void cgisession_init()
{
    cs.key = NULL;
    cs.data = NULL;
    cs.size = 0;
    cs.timeout = 0;
    cs.timestamp = 0;
    cs.encoding = ENC_TYPE_NONE;
    cs.stored = 0;              /* not yet stored */
    strcpy(cgisession_table_name, "cgi_sessions");
}

static int cgisession_database_init()
{
    char query[1024];
    int ret = 0;

    sprintf(query, "create table if not exists %s "
            "(session_key varchar(20) primary key, "
            "mtime timestamp, timeout int, data blob, datasize int)",
            cgisession_table_name);
    if ((ret = mysql_query(cgisession_mysql_conn, query))) {
#ifdef DEBUG1
        printf("query: %s failed with error code %d", query, ret);
#endif
        return ret;
    }

    if ((ret = cgisession_delete_expired()))
        return ret;

    return ret;
}

static int cgisession_delete_expired()
{
    char query[1024];
    int ret;

    sprintf(query, "delete from %s where mtime<'now()-%d'",
            cgisession_table_name, cs.timeout);

    ret = mysql_query(cgisession_mysql_conn, query);
#ifdef DEBUG1
    if (ret)
        printf("query: %s failed with error code %d", query, ret);
#endif
    return ret;
}

int cgisession_update(char *key)
{
    char *new_session_key;
    char query[1024];
    MYSQL_RES *res;
    int ret;

    sprintf(query, "select * from %s where session_key='%s'",
            cgisession_table_name, key);

    if (0 != (ret = mysql_query(cgisession_mysql_conn, query))) {
#ifdef DEBUG1
        printf("\nquery: %s failed with error code %d\n", query, ret);
#endif
        return -ERROR;
    }

    if (NULL==(res = mysql_store_result(cgisession_mysql_conn))) {
#ifdef DEBUG1
      printf("\nmysql_store_result failed\n");
      return -ERROR;
#endif
    }

    if (1 != (ret = mysql_num_rows(res))) {
#ifdef DEBUG1
      printf("\ninvalid number of rows: %d\n", ret);
#endif
        return -ERROR;
    }

    /* At this point were are sure we have a valid session:
       We don't have to check if the session has
       expired since expired session have allready
       been deleted  */

    new_session_key = cgisession_genkey();

    sprintf(query, "update %s set session_key='%s' "
            "where session_key='%s'", cgisession_table_name,
            new_session_key, key);

    if (0!=(ret = mysql_query(cgisession_mysql_conn, query))) {
#ifdef DEBUG1
        printf("query: %s failed with error code %d", query, ret);
#endif
        return -ERROR;
    }

    if (cs.key != NULL)
      free(cs.key);
    cs.key = new_session_key;

    return 0;
}

static int cgisession_load_all()
{
    char query[1024];
    char buf[1024];
    MYSQL_RES *res;
    MYSQL_ROW row;
    unsigned long *lengths;
    int ret;

    sprintf(query, "select * from %s where session_key='%s'",
            cgisession_table_name, cs.key);

    if (0!=(ret = mysql_query(cgisession_mysql_conn, query))) {
#ifdef DEBUG1
        printf("query: %s failed with error code %d", query, ret);
#endif
        return -ERROR;
    }

    if (NULL == (res = mysql_store_result(cgisession_mysql_conn)))
        return -ERROR;

    if (NULL == (row = mysql_fetch_row(res)))
        return -ERROR;

    lengths = mysql_fetch_lengths(res);

    /* copy timestamp */
    memcpy(buf, row[1], lengths[1]);
    buf[lengths[1]] = '\0';
    cs.timestamp = atoi(buf);

    /* copy timeout */
    memcpy(buf, row[2], lengths[2]);
    buf[lengths[2]] = '\0';
    cs.timeout = atoi(buf);

    if (0 != cgisession_decode_data(row[3], lengths[3]))
        return -ERROR;

    mysql_free_result(res);

    return 0;
}

static char *cgisession_genkey()
{
    MYSQL_ROW row;
    MYSQL_RES *res;
    char *new_session = NULL;
    char *query = "select password(rand())";
    unsigned long *lengths;
    int ret;

    /* generate session id */
    
    if (0!=(ret = mysql_query(cgisession_mysql_conn, query))) {
#ifdef DEBUG1
      printf("\nquery: %s failed with code %d\n", query, ret);
#endif
        return NULL;
    }

    if (NULL==(res = mysql_store_result(cgisession_mysql_conn)))
        return NULL;

    if (NULL==(row = mysql_fetch_row(res)))
        return NULL;

    lengths = mysql_fetch_lengths(res);

    /* we only expect row with one field */
    new_session = (char *) malloc(lengths[0] + 1);
    if (new_session == NULL)
        return NULL;

    memcpy(new_session, row[0], lengths[0]);

    new_session[lengths[0]] = '\0';

    mysql_free_result(res);

    return new_session;
}


static char *cgisession_encode_data()
{
   char *encoded = NULL;
   switch (cs.encoding) {
        case ENC_TYPE_NONE:
        if (NULL==cs.data)
                return NULL;
        encoded = malloc(cs.size);
        memcpy(encoded, cs.data, cs.size);
        break;
   default:
#ifdef DEBUG1
        printf("cgisession_encode_data: unknown encoding type!");
#endif
        return NULL;
   }

   return encoded;
}

/*
 * operates directly on cs
 */
static int cgisession_decode_data(char *encoded, long enc_size)
{


    if (NULL != cs.data)
        free(cs.data);

    switch (cs.encoding) {
    case ENC_TYPE_NONE:
        cs.data = malloc(enc_size);
        memcpy(cs.data, encoded, enc_size);
        cs.data[enc_size]='\0';
        cs.size = enc_size;
        return 0;
    case ENC_TYPE_BASE64:
        exit(1000);
        return -ERROR;
    }

    return -ERROR;
}

#endif                          /* mycgisession_c */

---