[ Index ] |
|
Code source de CakePHP 1.1.13.4450 |
1 <?php 2 /* SVN FILE: $Id: session.php 4409 2007-02-02 13:20:59Z phpnut $ */ 3 /** 4 * Session class for Cake. 5 * 6 * Cake abstracts the handling of sessions. 7 * There are several convenient methods to access session information. 8 * This class is the implementation of those methods. 9 * They are mostly used by the Session Component. 10 * 11 * PHP versions 4 and 5 12 * 13 * CakePHP(tm) : Rapid Development Framework <http://www.cakephp.org/> 14 * Copyright 2005-2007, Cake Software Foundation, Inc. 15 * 1785 E. Sahara Avenue, Suite 490-204 16 * Las Vegas, Nevada 89104 17 * 18 * Licensed under The MIT License 19 * Redistributions of files must retain the above copyright notice. 20 * 21 * @filesource 22 * @copyright Copyright 2005-2007, Cake Software Foundation, Inc. 23 * @link http://www.cakefoundation.org/projects/info/cakephp CakePHP(tm) Project 24 * @package cake 25 * @subpackage cake.cake.libs 26 * @since CakePHP(tm) v .0.10.0.1222 27 * @version $Revision: 4409 $ 28 * @modifiedby $LastChangedBy: phpnut $ 29 * @lastmodified $Date: 2007-02-02 07:20:59 -0600 (Fri, 02 Feb 2007) $ 30 * @license http://www.opensource.org/licenses/mit-license.php The MIT License 31 */ 32 /** 33 * Database name for cake sessions. 34 * 35 */ 36 if (!defined('CAKE_SESSION_TABLE')) { 37 define('CAKE_SESSION_TABLE', 'cake_sessions'); 38 } 39 40 if (CAKE_SESSION_SAVE === 'database') { 41 uses('model' . DS . 'connection_manager'); 42 } 43 /** 44 * Session class for Cake. 45 * 46 * Cake abstracts the handling of sessions. There are several convenient methods to access session information. 47 * This class is the implementation of those methods. They are mostly used by the Session Component. 48 * 49 * @package cake 50 * @subpackage cake.cake.libs 51 */ 52 class CakeSession extends Object { 53 /** 54 * True if the Session is still valid 55 * 56 * @var boolean 57 * @access public 58 */ 59 var $valid = false; 60 /** 61 * Error messages for this session 62 * 63 * @var array 64 * @access public 65 */ 66 var $error = false; 67 /** 68 * User agent string 69 * 70 * @var string 71 * @access protected 72 */ 73 var $_userAgent = false; 74 /** 75 * Path to where the session is active. 76 * 77 * @var string 78 * @access public 79 */ 80 var $path = false; 81 /** 82 * Error number of last occurred error 83 * 84 * @var integer 85 * @access public 86 */ 87 var $lastError = null; 88 /** 89 * CAKE_SECURITY setting, "high", "medium", or "low". 90 * 91 * @var string 92 * @access public 93 */ 94 var $security = null; 95 /** 96 * Start time for this session. 97 * 98 * @var integer 99 * @access public 100 */ 101 var $time = false; 102 /** 103 * Time when this session becomes invalid. 104 * 105 * @var integer 106 * @access public 107 */ 108 var $sessionTime = false; 109 /** 110 * Constructor. 111 * 112 * @param string $base The base path for the Session 113 * @param boolean $start 114 * @access public 115 */ 116 function __construct($base = null, $start = true) { 117 if($start === true) { 118 $this->host = env('HTTP_HOST'); 119 120 if (empty($base) || strpos($base, '?')) { 121 $this->path = '/'; 122 } else { 123 $this->path = $base; 124 } 125 126 if (strpos($this->host, ':') !== false) { 127 $this->host = substr($this->host, 0, strpos($this->host, ':')); 128 } 129 130 if (env('HTTP_USER_AGENT') != null) { 131 $this->_userAgent = md5(env('HTTP_USER_AGENT') . CAKE_SESSION_STRING); 132 } else { 133 $this->_userAgent = ""; 134 } 135 136 $this->time = time(); 137 $this->sessionTime = $this->time + (Security::inactiveMins() * CAKE_SESSION_TIMEOUT); 138 $this->security = CAKE_SECURITY; 139 140 if (function_exists('session_write_close')) { 141 session_write_close(); 142 } 143 144 $this->__initSession(); 145 session_cache_limiter ("must-revalidate"); 146 session_start(); 147 header ('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); 148 $this->__checkValid(); 149 } 150 parent::__construct(); 151 } 152 /** 153 * Returns true if given variable is set in session. 154 * 155 * @param string $name Variable name to check for 156 * @return boolean True if variable is there 157 * @access public 158 */ 159 function checkSessionVar($name) { 160 $var = $this->__sessionVarNames($name); 161 if (empty($var)) { 162 return false; 163 } 164 $expression = "return isset(" . $var . ");"; 165 return eval($expression); 166 } 167 /** 168 * Removes a variable from session. 169 * 170 * @param string $name Session variable to remove 171 * @return boolean Success 172 * @access public 173 */ 174 function delSessionVar($name) { 175 if ($this->checkSessionVar($name)) { 176 $var = $this->__sessionVarNames($name); 177 if (empty($var)) { 178 return false; 179 } 180 eval ("unset($var);"); 181 return true; 182 } 183 $this->__setError(2, "$name doesn't exist"); 184 return false; 185 } 186 /** 187 * Return error description for given error number. 188 * 189 * @param int $errorNumber 190 * @return string Error as string 191 * @access public 192 */ 193 function getError($errorNumber) { 194 if (!is_array($this->error) || !array_key_exists($errorNumber, $this->error)) { 195 return false; 196 } else { 197 return $this->error[$errorNumber]; 198 } 199 } 200 /** 201 * Returns last occurred error as a string, if any. 202 * 203 * @return mixed Error description as a string, or false. 204 * @access public 205 */ 206 function getLastError() { 207 if ($this->lastError) { 208 return $this->getError($this->lastError); 209 } else { 210 return false; 211 } 212 } 213 /** 214 * Returns true if session is valid. 215 * 216 * @return boolean 217 * @access public 218 */ 219 function isValid() { 220 return $this->valid; 221 } 222 /** 223 * Returns given session variable, or all of them, if no parameters given. 224 * 225 * @param mixed $name The name of the session variable 226 * @return mixed The value of the session variable 227 * @access public 228 */ 229 function readSessionVar($name = null) { 230 if (is_null($name)) { 231 return $this->returnSessionVars(); 232 } 233 if ($this->checkSessionVar($name)) { 234 $var = $this->__sessionVarNames($name); 235 if (empty($var)) { 236 return false; 237 } 238 $result = eval("return " . $var . ";"); 239 return $result; 240 } 241 $this->__setError(2, "$name doesn't exist"); 242 $return = null; 243 return $return; 244 } 245 /** 246 * Returns all session variables. 247 * 248 * @return mixed Full $_SESSION array, or false on error. 249 * @access public 250 */ 251 function returnSessionVars() { 252 if (!empty($_SESSION)) { 253 $result = eval("return \$_SESSION;"); 254 return $result; 255 } 256 $this->__setError(2, "No Session vars set"); 257 return false; 258 } 259 /** 260 * Writes value to given session variable name. 261 * 262 * @param mixed $name 263 * @param string $value 264 * @return void 265 */ 266 function writeSessionVar($name, $value) { 267 $var = $this->__sessionVarNames($name); 268 if (empty($var)) { 269 return false; 270 } 271 $expression = $var . " = \$value;"; 272 eval ($expression); 273 } 274 /** 275 * Method called on close of a database 276 * session 277 * 278 * @return boolean 279 * @access private 280 */ 281 function __close() { 282 return true; 283 } 284 /** 285 * Method called on the destruction of a 286 * database session 287 * 288 * @param integer $key 289 * @return boolean 290 * @access private 291 */ 292 function __destroy($key) { 293 $db =& ConnectionManager::getDataSource('default'); 294 $table = $db->fullTableName(CAKE_SESSION_TABLE); 295 $db->execute("DELETE FROM " . $db->name($table) . " WHERE " . $db->name($table.'.id') . " = " . $db->value($key, 'integer')); 296 return true; 297 } 298 /** 299 * Helper method to destroy invalid sessions. 300 * 301 * @return void 302 * @access private 303 */ 304 function destroyInvalid() { 305 $sessionpath = session_save_path(); 306 if (empty($sessionpath)) { 307 $sessionpath = "/tmp"; 308 } 309 310 if (isset($_COOKIE[session_name()])) { 311 setcookie(CAKE_SESSION_COOKIE, '', time() - 42000, $this->path); 312 } 313 $file = $sessionpath . DS . "sess_" . session_id(); 314 @session_destroy(); 315 @unlink ($file); 316 $this->__construct($this->path); 317 $this->renew(); 318 } 319 /** 320 * Helper function called on gc for 321 * database sessions 322 * 323 * @param unknown_type $expires 324 * @return boolean 325 * @access private 326 */ 327 function __gc($expires) { 328 $db =& ConnectionManager::getDataSource('default'); 329 $table = $db->fullTableName(CAKE_SESSION_TABLE); 330 $db->execute("DELETE FROM " . $db->name($table) . " WHERE " . $db->name($table.'.expires') . " < ". $db->value(time())); 331 return true; 332 } 333 /** 334 * Helper method to initialize a session, based on Cake core settings. 335 * 336 * @return void 337 * @access private 338 */ 339 function __initSession() { 340 switch($this->security) { 341 case 'high': 342 $this->cookieLifeTime=0; 343 if (function_exists('ini_set')) { 344 ini_set('session.referer_check', $this->host); 345 } 346 break; 347 case 'medium': 348 $this->cookieLifeTime = 7 * 86400; 349 break; 350 case 'low': 351 default: 352 $this->cookieLifeTime = 788940000; 353 break; 354 } 355 356 switch(CAKE_SESSION_SAVE) { 357 case 'cake': 358 if (!isset($_SESSION)) { 359 if (function_exists('ini_set')) { 360 ini_set('session.use_trans_sid', 0); 361 ini_set('url_rewriter.tags', ''); 362 ini_set('session.serialize_handler', 'php'); 363 ini_set('session.use_cookies', 1); 364 ini_set('session.name', CAKE_SESSION_COOKIE); 365 ini_set('session.cookie_lifetime', $this->cookieLifeTime); 366 ini_set('session.cookie_path', $this->path); 367 ini_set('session.gc_probability', 1); 368 ini_set('session.auto_start', 0); 369 ini_set('session.save_path', TMP . 'sessions'); 370 } 371 } 372 break; 373 case 'database': 374 if (!isset($_SESSION)) { 375 if (function_exists('ini_set')) { 376 ini_set('session.use_trans_sid', 0); 377 ini_set('url_rewriter.tags', ''); 378 ini_set('session.save_handler', 'user'); 379 ini_set('session.serialize_handler', 'php'); 380 ini_set('session.use_cookies', 1); 381 ini_set('session.name', CAKE_SESSION_COOKIE); 382 ini_set('session.cookie_lifetime', $this->cookieLifeTime); 383 ini_set('session.cookie_path', $this->path); 384 ini_set('session.gc_probability', 1); 385 ini_set('session.auto_start', 0); 386 } 387 } 388 session_set_save_handler(array('CakeSession','__open'), 389 array('CakeSession', '__close'), 390 array('CakeSession', '__read'), 391 array('CakeSession', '__write'), 392 array('CakeSession', '__destroy'), 393 array('CakeSession', '__gc')); 394 break; 395 case 'php': 396 if (!isset($_SESSION)) { 397 if (function_exists('ini_set')) { 398 ini_set('session.use_trans_sid', 0); 399 ini_set('session.name', CAKE_SESSION_COOKIE); 400 ini_set('session.cookie_lifetime', $this->cookieLifeTime); 401 ini_set('session.cookie_path', $this->path); 402 ini_set('session.gc_probability', 1); 403 } 404 } 405 break; 406 default: 407 if (!isset($_SESSION)) { 408 $config = CONFIGS . CAKE_SESSION_SAVE . '.php'; 409 410 if (is_file($config)) { 411 require_once ($config); 412 } 413 } 414 break; 415 } 416 } 417 /** 418 * Helper method to create a new session. 419 * 420 * @return void 421 * @access private 422 * 423 */ 424 function __checkValid() { 425 if ($this->readSessionVar("Config")) { 426 if ($this->_userAgent == $this->readSessionVar("Config.userAgent") && $this->time <= $this->readSessionVar("Config.time")) { 427 $this->writeSessionVar("Config.time", $this->sessionTime); 428 $this->valid = true; 429 } else { 430 $this->valid = false; 431 $this->__setError(1, "Session Highjacking Attempted !!!"); 432 $this->destroyInvalid(); 433 } 434 } else { 435 srand ((double)microtime() * 1000000); 436 $this->writeSessionVar('Config.rand', rand()); 437 $this->writeSessionVar("Config.time", $this->sessionTime); 438 $this->writeSessionVar("Config.userAgent", $this->_userAgent); 439 $this->valid = true; 440 $this->__setError(1, "Session is valid"); 441 } 442 } 443 /** 444 * Method called on open of a database 445 * sesson 446 * 447 * @return boolean 448 * @access private 449 * 450 */ 451 function __open() { 452 return true; 453 } 454 /** 455 * Method used to read from a database 456 * session 457 * 458 * @param mixed $key The key of the value to read 459 * @return mixed The value of the key or false if it does not exist 460 * @access private 461 */ 462 function __read($key) { 463 $db =& ConnectionManager::getDataSource('default'); 464 $table = $db->fullTableName(CAKE_SESSION_TABLE, false); 465 $row = $db->query("SELECT " . $db->name($table.'.data') . " FROM " . $db->name($table) . " WHERE " . $db->name($table.'.id') . " = " . $db->value($key), false); 466 467 if ($row && !isset($row[0][$table]) && isset($row[0][0])) { 468 $table = 0; 469 } 470 471 if ($row && $row[0][$table]['data']) { 472 return $row[0][$table]['data']; 473 } else { 474 return false; 475 } 476 } 477 /** 478 * Helper method to restart a session. 479 * 480 * @return void 481 * @access private 482 */ 483 function __regenerateId() { 484 $oldSessionId = session_id(); 485 $sessionpath = session_save_path(); 486 if (empty($sessionpath)) { 487 $sessionpath = "/tmp"; 488 } 489 490 if (isset($_COOKIE[session_name()])) { 491 setcookie(CAKE_SESSION_COOKIE, '', time() - 42000, $this->path); 492 } 493 session_regenerate_id(); 494 $newSessid = session_id(); 495 $file = $sessionpath . DS . "sess_$oldSessionId"; 496 @unlink ($file); 497 @session_destroy ($oldSessionId); 498 499 if (function_exists('session_write_close')) { 500 session_write_close(); 501 } 502 $this->__initSession(); 503 session_id ($newSessid); 504 session_start(); 505 } 506 /** 507 * Restarts this session. 508 * 509 * @return void 510 * @access public 511 */ 512 function renew() { 513 $this->__regenerateId(); 514 } 515 /** 516 * Helper method to extract variable names from the session 517 * variable 518 * 519 * @param mixed $name Variable names as array or string. 520 * @return string The expression to eval to get the value or false 521 * @access private 522 */ 523 function __sessionVarNames($name) { 524 if (is_string($name) && preg_match("/^[0-9a-zA-Z._-]+$/", $name)) { 525 if (strpos($name, ".")) { 526 $names = explode(".", $name); 527 } else { 528 $names = array($name); 529 } 530 $expression="\$_SESSION"; 531 532 foreach($names as $item) { 533 $expression .= is_numeric($item) ? "[$item]" : "['$item']"; 534 } 535 return $expression; 536 } 537 $this->__setError(3, "$name is not a string"); 538 return false; 539 } 540 /** 541 * Helper method to set an internal error message. 542 * 543 * @param int $errorNumber Number of the error 544 * @param string $errorMessage Description of the error 545 * @return void 546 * @access private 547 */ 548 function __setError($errorNumber, $errorMessage) { 549 if ($this->error === false) { 550 $this->error = array(); 551 } 552 $this->error[$errorNumber] = $errorMessage; 553 $this->lastError = $errorNumber; 554 } 555 /** 556 * Helper function called on write for database 557 * sessions 558 * 559 * @param mixed $key The name of the var 560 * @param mixed $value The value of the var 561 * @return boolean 562 * @access private 563 */ 564 function __write($key, $value) { 565 $db =& ConnectionManager::getDataSource('default'); 566 $table = $db->fullTableName(CAKE_SESSION_TABLE); 567 568 switch(CAKE_SECURITY) { 569 case 'high': 570 $factor = 10; 571 break; 572 case 'medium': 573 $factor = 100; 574 break; 575 case 'low': 576 $factor = 300; 577 break; 578 default: 579 $factor = 10; 580 break; 581 } 582 $expires = time() + CAKE_SESSION_TIMEOUT * $factor; 583 $row = $db->query("SELECT COUNT(id) AS count FROM " . $db->name($table) . " WHERE " 584 . $db->name('id') . " = " 585 . $db->value($key), false); 586 587 if ($row[0][0]['count'] > 0) { 588 $db->execute("UPDATE " . $db->name($table) . " SET " . $db->name('data') . " = " 589 . $db->value($value) . ", " . $db->name('expires') . " = " 590 . $db->value($expires) . " WHERE " . $db->name('id') . " = " 591 . $db->value($key)); 592 } else { 593 $db->execute("INSERT INTO " . $db->name($table) . " (" . $db->name('data') . "," 594 . $db->name('expires') . "," . $db->name('id') 595 . ") VALUES (" . $db->value($value) . ", " . $db->value($expires) . ", " 596 . $db->value($key) . ")"); 597 } 598 return true; 599 } 600 } 601 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
Généré le : Sun Feb 25 19:27:47 2007 | par Balluche grâce à PHPXref 0.7 |