21 defined(
'XOOPS_ROOT_PATH') or die('Restricted access');
54 var $securityLevel = 3;
62 var $enableRegenerateId =
true;
70 function XoopsSessionHandler(&$db)
83 function open($save_path, $session_name)
106 function read($sess_id)
108 $sql = sprintf(
'SELECT sess_data, sess_ip FROM %s WHERE sess_id = %s', $this->db->prefix(
'session'), $this->db->quoteString($sess_id));
110 if (list ($sess_data, $sess_ip) = $this->db->fetchRow(
$result)) {
111 if ($this->securityLevel > 1) {
112 $pos = strpos($sess_ip,
".", $this->securityLevel - 1);
131 function write($sess_id, $sess_data)
133 $sess_id = $this->db->quoteString($sess_id);
134 $sql = sprintf(
'UPDATE %s SET sess_updated = %u, sess_data = %s WHERE sess_id = %s', $this->db->prefix(
'session'), time(), $this->db->quoteString($sess_data), $sess_id);
135 $this->db->queryF(
$sql);
136 if (!$this->db->getAffectedRows()) {
137 $sql = sprintf(
'INSERT INTO %s (sess_id, sess_updated, sess_ip, sess_data) VALUES (%s, %u, %s, %s)', $this->db->prefix(
'session'), $sess_id, time(), $this->db->quoteString(
$_SERVER[
'REMOTE_ADDR']), $this->db->quoteString($sess_data));
138 return $this->db->queryF(
$sql);
150 function destroy($sess_id)
152 $sql = sprintf(
'DELETE FROM %s WHERE sess_id = %s', $this->db->prefix(
'session'), $this->db->quoteString($sess_id));
167 if (empty($expire)) {
171 $mintime = time() - intval($expire);
172 $sql = sprintf(
'DELETE FROM %s WHERE sess_updated < %u', $this->db->prefix(
'session'), $mintime);
173 return $this->db->queryF(
$sql);
181 if (rand(1, 100) < 11) {
182 $expire = @ini_get(
'session.gc_maxlifetime');
183 $expire = ($expire > 0) ? $expire : 900;
196 function regenerate_id($delete_old_session =
false)
198 $phpversion = phpversion();
200 if (!$this->enableRegenerateId) {
204 }
else if (version_compare($phpversion,
"5.1.0",
">=")) {
205 $success = session_regenerate_id($delete_old_session);
208 $old_session_id = session_id();
210 if (function_exists(
"session_regenerate_id")) {
211 $success = session_regenerate_id();
212 if ($success && $delete_old_session) {
214 $this->destroy($old_session_id);
219 $session_id = md5(uniqid(rand(),
true) . @
$_SERVER[
'HTTP_USER_AGENT']);
221 session_id($session_id);
223 if ($delete_old_session) {
224 $this->destroy($old_session_id);
227 $sql = sprintf(
'UPDATE %s SET sess_id = %s WHERE sess_id = %s', $this->db->prefix(
'session'), $this->db->quoteString($session_id), $this->db->quoteString($old_session_id));
228 $this->db->queryF(
$sql);
236 $this->update_cookie();
252 function update_cookie($sess_id = null, $expire = null)
255 $session_name = ($xoopsConfig[
'use_mysession'] && $xoopsConfig[
'session_name'] !=
'') ? $xoopsConfig[
'session_name'] : session_name();
256 $session_expire = !is_null($expire) ? intval($expire) : (($xoopsConfig[
'use_mysession'] && $xoopsConfig[
'session_name'] !=
'') ? $xoopsConfig[
'session_expire'] * 60 : ini_get(
"session.cookie_lifetime"));
257 $session_id = empty($sess_id) ? session_id() : $sess_id;
258 setcookie($session_name, $session_id, $session_expire ? time() + $session_expire : 0,
'/',
XOOPS_COOKIE_DOMAIN, 0);