XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
session.php
Go to the documentation of this file.
1 <?php
21 defined('XOOPS_ROOT_PATH') or die('Restricted access');
22 
32 {
39  var $db;
40 
54  var $securityLevel = 3;
55 
62  var $enableRegenerateId = true;
63 
70  function XoopsSessionHandler(&$db)
71  {
72  $this->db =& $db;
73  }
74 
83  function open($save_path, $session_name)
84  {
85  return true;
86  }
87 
93  function close()
94  {
95  $this->gc_force();
96  return true;
97  }
98 
106  function read($sess_id)
107  {
108  $sql = sprintf('SELECT sess_data, sess_ip FROM %s WHERE sess_id = %s', $this->db->prefix('session'), $this->db->quoteString($sess_id));
109  if (false != $result = $this->db->query($sql)) {
110  if (list ($sess_data, $sess_ip) = $this->db->fetchRow($result)) {
111  if ($this->securityLevel > 1) {
112  $pos = strpos($sess_ip, ".", $this->securityLevel - 1);
113  if (strncmp($sess_ip, $_SERVER['REMOTE_ADDR'], $pos)) {
114  $sess_data = '';
115  }
116  }
117  return $sess_data;
118  }
119  }
120  return '';
121  }
122 
131  function write($sess_id, $sess_data)
132  {
133  $sess_id = $this->db->quoteString($sess_id);
134  $sql = sprintf('UPDATE %s SET sess_updated = %u, sess_data = %s WHERE sess_id = %s', $this->db->prefix('session'), time(), $this->db->quoteString($sess_data), $sess_id);
135  $this->db->queryF($sql);
136  if (!$this->db->getAffectedRows()) {
137  $sql = sprintf('INSERT INTO %s (sess_id, sess_updated, sess_ip, sess_data) VALUES (%s, %u, %s, %s)', $this->db->prefix('session'), $sess_id, time(), $this->db->quoteString($_SERVER['REMOTE_ADDR']), $this->db->quoteString($sess_data));
138  return $this->db->queryF($sql);
139  }
140  return true;
141  }
142 
150  function destroy($sess_id)
151  {
152  $sql = sprintf('DELETE FROM %s WHERE sess_id = %s', $this->db->prefix('session'), $this->db->quoteString($sess_id));
153  if (!$result = $this->db->queryF($sql)) {
154  return false;
155  }
156  return true;
157  }
158 
165  function gc($expire)
166  {
167  if (empty($expire)) {
168  return true;
169  }
170 
171  $mintime = time() - intval($expire);
172  $sql = sprintf('DELETE FROM %s WHERE sess_updated < %u', $this->db->prefix('session'), $mintime);
173  return $this->db->queryF($sql);
174  }
175 
179  function gc_force()
180  {
181  if (rand(1, 100) < 11) {
182  $expire = @ini_get('session.gc_maxlifetime');
183  $expire = ($expire > 0) ? $expire : 900;
184  $this->gc($expire);
185  }
186  }
187 
196  function regenerate_id($delete_old_session = false)
197  {
198  $phpversion = phpversion();
199 
200  if (!$this->enableRegenerateId) {
201  $success = true;
202 
203  // parameter "delete_old_session" only available as of PHP 5.1.0
204  } else if (version_compare($phpversion, "5.1.0", ">=")) {
205  $success = session_regenerate_id($delete_old_session);
206 
207  } else {
208  $old_session_id = session_id();
209  // session_regenerate_id function available as of PHP 4.3.2
210  if (function_exists("session_regenerate_id")) {
211  $success = session_regenerate_id();
212  if ($success && $delete_old_session) {
213  // Extra step to destroy old session
214  $this->destroy($old_session_id);
215  }
216  // For PHP prior to 4.3.2
217  } else {
218  // session_regenerate_id is not defined, create new session ID
219  $session_id = md5(uniqid(rand(), true) . @$_SERVER['HTTP_USER_AGENT']);
220  // Set the new session ID
221  session_id($session_id);
222  // Destory old session on request
223  if ($delete_old_session) {
224  $this->destroy($old_session_id);
225  // switch old session to new one
226  } else {
227  $sql = sprintf('UPDATE %s SET sess_id = %s WHERE sess_id = %s', $this->db->prefix('session'), $this->db->quoteString($session_id), $this->db->quoteString($old_session_id));
228  $this->db->queryF($sql);
229  }
230  $success = true;
231  }
232  }
233 
234  // Force updating cookie for session cookie is not issued correctly in some IE versions or not automatically issued prior to PHP 4.3.3 for all browsers
235  if ($success) {
236  $this->update_cookie();
237  }
238 
239  return $success;
240  }
241 
252  function update_cookie($sess_id = null, $expire = null)
253  {
254  global $xoopsConfig;
255  $session_name = ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') ? $xoopsConfig['session_name'] : session_name();
256  $session_expire = !is_null($expire) ? intval($expire) : (($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') ? $xoopsConfig['session_expire'] * 60 : ini_get("session.cookie_lifetime"));
257  $session_id = empty($sess_id) ? session_id() : $sess_id;
258  setcookie($session_name, $session_id, $session_expire ? time() + $session_expire : 0, '/', XOOPS_COOKIE_DOMAIN, 0);
259  }
260 }
261 ?>