<?php

/*
   Use this to access the session, rather than $_SESSION.

   Secures the session according to session usage config.
   See config.php for more information on settings.
   */

class Session {
  function set($var,$val) {
    $_SESSION[$var] = $val;
  }

  function get($var) {
    return (isset($_SESSION[$var]) ? $_SESSION[$var] : null);
  }

  function delete($var) {
    if (isset($_SESSION[$var])) {
      unset($_SESSION[$var]);
    }
  }

  function Session() {
    session_start();
    if (!$this->sessionStart() && SESSION_LEVEL > 0) { // session exists
      $this->sessionCheck();
      $this->sessionRefresh();
    }
  }

  function sessionStart() {
    if (!isset($_SESSION['_key']) && SESSION_LEVEL > 0) { // new sess
      $time = time();
      $key = md5($_SERVER['REMOTE_ADDR'].$time.SESSION_SECRET);
      $_SESSION['_time'] = $time;
      $_SESSION['_key'] = $key;
      $_SESSION['_addr'] = $_SERVER['REMOTE_ADDR'];
      setcookie('chainlink[key]',$key);
      return true;
    }
    return false;
  }

  function sessionCheck() {
    if (SESSION_LEVEL > 0) {
      if (!isset($_COOKIE['chainlink']['key']) || $_COOKIE['chainlink']['key'] != $_SESSION['_key']) {
        $this->sessionReset();
        return;
      }
      if (($_SESSION['_time'] + SESSION_EXPIRE) < time()) {
        $this->sessionReset();
        return;
      }
      if (SESSION_LEVEL == 2 && $_SERVER['REMOTE_ADDR'] != $_SESSION['_addr']) {
        $this->sessionReset();
        return;
      }
    }
  }

  function sessionRefresh() {
    if (SESSION_LEVEL > 0) {
      $_SESSION['_time'] = time();
    }
  }

  function sessionReset() {
    global $errors;
    session_unset();
    $this->sessionStart();
    $errors->add('Your session has been reset.');
  }
}

?>