de/d8b/session_8php_source.html

<?php

defined('XOOPS_ROOT_PATH') or die('Restricted access');


class XoopsSessionHandler

{

    var $db;


    var $securityLevel = 3;


    var $enableRegenerateId = true;


    function XoopsSessionHandler(&$db)

    {

        $this->db =& $db;

    }


    function open($save_path, $session_name)

    {

        return true;

    }


    function close()

    {

        $this->gc_force();

        return true;

    }


    function read($sess_id)

    {

        $sql = sprintf('SELECT sess_data, sess_ip FROM %s WHERE sess_id = %s', $this->db->prefix('session'), $this->db->quoteString($sess_id));

        if (false != $result = $this->db->query($sql)) {

            if (list ($sess_data, $sess_ip) = $this->db->fetchRow($result)) {

                if ($this->securityLevel > 1) {

                    $pos = strpos($sess_ip, ".", $this->securityLevel - 1);

                    if (strncmp($sess_ip, $_SERVER['REMOTE_ADDR'], $pos)) {

                        $sess_data = '';

                    }

                }

                return $sess_data;

            }

        }

        return '';

    }


    function write($sess_id, $sess_data)

    {

        $sess_id = $this->db->quoteString($sess_id);

        $sql = sprintf('UPDATE %s SET sess_updated = %u, sess_data = %s WHERE sess_id = %s', $this->db->prefix('session'), time(), $this->db->quoteString($sess_data), $sess_id);

        $this->db->queryF($sql);

        if (!$this->db->getAffectedRows()) {

            $sql = sprintf('INSERT INTO %s (sess_id, sess_updated, sess_ip, sess_data) VALUES (%s, %u, %s, %s)', $this->db->prefix('session'), $sess_id, time(), $this->db->quoteString($_SERVER['REMOTE_ADDR']), $this->db->quoteString($sess_data));

            return $this->db->queryF($sql);

        }

        return true;

    }


    function destroy($sess_id)

    {

        $sql = sprintf('DELETE FROM %s WHERE sess_id = %s', $this->db->prefix('session'), $this->db->quoteString($sess_id));

        if (!$result = $this->db->queryF($sql)) {

            return false;

        }

        return true;

    }


    function gc($expire)

    {

        if (empty($expire)) {

            return true;

        }


        $mintime = time() - intval($expire);

        $sql = sprintf('DELETE FROM %s WHERE sess_updated < %u', $this->db->prefix('session'), $mintime);

        return $this->db->queryF($sql);

    }


    function gc_force()

    {

        if (rand(1, 100) < 11) {

            $expire = @ini_get('session.gc_maxlifetime');

            $expire = ($expire > 0) ? $expire : 900;

            $this->gc($expire);

        }

    }


    function regenerate_id($delete_old_session = false)

    {

        $phpversion = phpversion();


        if (!$this->enableRegenerateId) {

            $success = true;


        // parameter "delete_old_session" only available as of PHP 5.1.0

        } else if (version_compare($phpversion, "5.1.0", ">=")) {

            $success = session_regenerate_id($delete_old_session);


        } else {

            $old_session_id = session_id();

            // session_regenerate_id function available as of PHP 4.3.2

            if (function_exists("session_regenerate_id")) {

                $success = session_regenerate_id();

                if ($success && $delete_old_session) {

                    // Extra step to destroy old session

                    $this->destroy($old_session_id);

                }

                // For PHP prior to 4.3.2

            } else {

                // session_regenerate_id is not defined, create new session ID

                $session_id = md5(uniqid(rand(), true) . @$_SERVER['HTTP_USER_AGENT']);

                // Set the new session ID

                session_id($session_id);

                // Destory old session on request

                if ($delete_old_session) {

                    $this->destroy($old_session_id);

                    // switch old session to new one

                } else {

                    $sql = sprintf('UPDATE %s SET sess_id = %s WHERE sess_id = %s', $this->db->prefix('session'), $this->db->quoteString($session_id), $this->db->quoteString($old_session_id));

                    $this->db->queryF($sql);

                }

                $success = true;

            }

        }


        // Force updating cookie for session cookie is not issued correctly in some IE versions or not automatically issued prior to PHP 4.3.3 for all browsers

        if ($success) {

            $this->update_cookie();

        }


        return $success;

    }


    function update_cookie($sess_id = null, $expire = null)

    {

        global $xoopsConfig;

        $session_name = ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') ? $xoopsConfig['session_name'] : session_name();

        $session_expire = !is_null($expire) ? intval($expire) : (($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') ? $xoopsConfig['session_expire'] * 60 : ini_get("session.cookie_lifetime"));

        $session_id = empty($sess_id) ? session_id() : $sess_id;

        setcookie($session_name, $session_id, $session_expire ? time() + $session_expire : 0, '/', XOOPS_COOKIE_DOMAIN, 0);

    }

}

?>