[ Index ]
 

Code source de CakePHP 1.1.13.4450

Accédez au Source d'autres logiciels libresSoutenez Angelica Josefina !

title

Body

[fermer]

/cake/libs/ -> session.php (source)

   1  <?php
   2  /* SVN FILE: $Id: session.php 4409 2007-02-02 13:20:59Z phpnut $ */
   3  /**
   4   * Session class for Cake.
   5   *
   6   * Cake abstracts the handling of sessions.
   7   * There are several convenient methods to access session information.
   8   * This class is the implementation of those methods.
   9   * They are mostly used by the Session Component.
  10   *
  11   * PHP versions 4 and 5
  12   *
  13   * CakePHP(tm) :  Rapid Development Framework <http://www.cakephp.org/>
  14   * Copyright 2005-2007, Cake Software Foundation, Inc.
  15   *                                1785 E. Sahara Avenue, Suite 490-204
  16   *                                Las Vegas, Nevada 89104
  17   *
  18   * Licensed under The MIT License
  19   * Redistributions of files must retain the above copyright notice.
  20   *
  21   * @filesource
  22   * @copyright        Copyright 2005-2007, Cake Software Foundation, Inc.
  23   * @link                http://www.cakefoundation.org/projects/info/cakephp CakePHP(tm) Project
  24   * @package            cake
  25   * @subpackage        cake.cake.libs
  26   * @since            CakePHP(tm) v .0.10.0.1222
  27   * @version            $Revision: 4409 $
  28   * @modifiedby        $LastChangedBy: phpnut $
  29   * @lastmodified    $Date: 2007-02-02 07:20:59 -0600 (Fri, 02 Feb 2007) $
  30   * @license            http://www.opensource.org/licenses/mit-license.php The MIT License
  31   */
  32  /**
  33   * Database name for cake sessions.
  34   *
  35   */
  36      if (!defined('CAKE_SESSION_TABLE')) {
  37           define('CAKE_SESSION_TABLE', 'cake_sessions');
  38      }
  39  
  40      if (CAKE_SESSION_SAVE === 'database') {
  41          uses('model' . DS . 'connection_manager');
  42      }
  43  /**
  44   * Session class for Cake.
  45   *
  46   * Cake abstracts the handling of sessions. There are several convenient methods to access session information.
  47   * This class is the implementation of those methods. They are mostly used by the Session Component.
  48   *
  49   * @package        cake
  50   * @subpackage    cake.cake.libs
  51   */
  52  class CakeSession extends Object {
  53  /**
  54   * True if the Session is still valid
  55   *
  56   * @var boolean
  57   * @access public
  58   */
  59      var $valid = false;
  60  /**
  61   * Error messages for this session
  62   *
  63   * @var array
  64   * @access public
  65   */
  66      var $error = false;
  67  /**
  68   * User agent string
  69   *
  70   * @var string
  71   * @access protected
  72   */
  73      var $_userAgent = false;
  74  /**
  75   * Path to where the session is active.
  76   *
  77   * @var string
  78   * @access public
  79   */
  80      var $path = false;
  81  /**
  82   * Error number of last occurred error
  83   *
  84   * @var integer
  85   * @access public
  86   */
  87      var $lastError = null;
  88  /**
  89   * CAKE_SECURITY setting, "high", "medium", or "low".
  90   *
  91   * @var string
  92   * @access public
  93   */
  94      var $security = null;
  95  /**
  96   * Start time for this session.
  97   *
  98   * @var integer
  99   * @access public
 100   */
 101      var $time = false;
 102  /**
 103   * Time when this session becomes invalid.
 104   *
 105   * @var integer
 106   * @access public
 107   */
 108      var $sessionTime = false;
 109  /**
 110   * Constructor.
 111   *
 112   * @param string $base The base path for the Session
 113   * @param boolean $start
 114   * @access public
 115   */
 116  	function __construct($base = null, $start = true) {
 117          if($start === true) {
 118              $this->host = env('HTTP_HOST');
 119  
 120              if (empty($base) || strpos($base, '?')) {
 121                  $this->path = '/';
 122              } else {
 123                  $this->path = $base;
 124              }
 125  
 126              if (strpos($this->host, ':') !== false) {
 127                  $this->host = substr($this->host, 0, strpos($this->host, ':'));
 128              }
 129  
 130              if (env('HTTP_USER_AGENT') != null) {
 131                  $this->_userAgent = md5(env('HTTP_USER_AGENT') . CAKE_SESSION_STRING);
 132              } else {
 133                  $this->_userAgent = "";
 134              }
 135  
 136              $this->time = time();
 137              $this->sessionTime = $this->time + (Security::inactiveMins() * CAKE_SESSION_TIMEOUT);
 138              $this->security = CAKE_SECURITY;
 139  
 140              if (function_exists('session_write_close')) {
 141                  session_write_close();
 142              }
 143  
 144              $this->__initSession();
 145              session_cache_limiter ("must-revalidate");
 146              session_start();
 147              header ('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
 148              $this->__checkValid();
 149          }
 150          parent::__construct();
 151      }
 152  /**
 153   * Returns true if given variable is set in session.
 154   *
 155   * @param string $name Variable name to check for
 156   * @return boolean True if variable is there
 157   * @access public
 158   */
 159  	function checkSessionVar($name) {
 160          $var = $this->__sessionVarNames($name);
 161          if (empty($var)) {
 162            return false;
 163          }
 164          $expression = "return isset(" . $var . ");";
 165          return eval($expression);
 166      }
 167  /**
 168   * Removes a variable from session.
 169   *
 170   * @param string $name Session variable to remove
 171   * @return boolean Success
 172   * @access public
 173   */
 174  	function delSessionVar($name) {
 175          if ($this->checkSessionVar($name)) {
 176              $var = $this->__sessionVarNames($name);
 177              if (empty($var)) {
 178                  return false;
 179              }
 180              eval ("unset($var);");
 181              return true;
 182          }
 183          $this->__setError(2, "$name doesn't exist");
 184          return false;
 185      }
 186  /**
 187   * Return error description for given error number.
 188   *
 189   * @param int $errorNumber
 190   * @return string Error as string
 191   * @access public
 192   */
 193  	function getError($errorNumber) {
 194          if (!is_array($this->error) || !array_key_exists($errorNumber, $this->error)) {
 195              return false;
 196          } else {
 197              return $this->error[$errorNumber];
 198          }
 199      }
 200  /**
 201   * Returns last occurred error as a string, if any.
 202   *
 203   * @return mixed Error description as a string, or false.
 204   * @access public
 205   */
 206  	function getLastError() {
 207          if ($this->lastError) {
 208              return $this->getError($this->lastError);
 209          } else {
 210              return false;
 211          }
 212      }
 213  /**
 214   * Returns true if session is valid.
 215   *
 216   * @return boolean
 217   * @access public
 218   */
 219  	function isValid() {
 220          return $this->valid;
 221      }
 222  /**
 223   * Returns given session variable, or all of them, if no parameters given.
 224   *
 225   * @param mixed $name The name of the session variable
 226   * @return mixed The value of the session variable
 227   * @access public
 228   */
 229  	function readSessionVar($name = null) {
 230          if (is_null($name)) {
 231              return $this->returnSessionVars();
 232          }
 233          if ($this->checkSessionVar($name)) {
 234              $var = $this->__sessionVarNames($name);
 235              if (empty($var)) {
 236                  return false;
 237              }
 238              $result = eval("return " . $var . ";");
 239              return $result;
 240          }
 241          $this->__setError(2, "$name doesn't exist");
 242          $return = null;
 243          return $return;
 244      }
 245  /**
 246   * Returns all session variables.
 247   *
 248   * @return mixed Full $_SESSION array, or false on error.
 249   * @access public
 250   */
 251  	function returnSessionVars() {
 252          if (!empty($_SESSION)) {
 253              $result = eval("return \$_SESSION;");
 254              return $result;
 255          }
 256          $this->__setError(2, "No Session vars set");
 257          return false;
 258      }
 259  /**
 260   * Writes value to given session variable name.
 261   *
 262   * @param mixed $name
 263   * @param string $value
 264   * @return void
 265   */
 266  	function writeSessionVar($name, $value) {
 267          $var = $this->__sessionVarNames($name);
 268          if (empty($var)) {
 269            return false;
 270          }
 271          $expression = $var . " = \$value;";
 272          eval ($expression);
 273      }
 274  /**
 275   * Method called on close of a database
 276   * session
 277   *
 278   * @return boolean
 279   * @access private
 280   */
 281  	function __close() {
 282          return true;
 283      }
 284  /**
 285   * Method called on the destruction of a
 286   * database session
 287   *
 288   * @param integer $key
 289   * @return boolean
 290   * @access private
 291   */
 292  	function __destroy($key) {
 293          $db =& ConnectionManager::getDataSource('default');
 294          $table = $db->fullTableName(CAKE_SESSION_TABLE);
 295          $db->execute("DELETE FROM " . $db->name($table) . " WHERE " . $db->name($table.'.id') . " = " . $db->value($key, 'integer'));
 296          return true;
 297      }
 298  /**
 299   * Helper method to destroy invalid sessions.
 300   *
 301   * @return void
 302   * @access private
 303   */
 304  	function destroyInvalid() {
 305          $sessionpath = session_save_path();
 306          if (empty($sessionpath)) {
 307              $sessionpath = "/tmp";
 308          }
 309  
 310          if (isset($_COOKIE[session_name()])) {
 311              setcookie(CAKE_SESSION_COOKIE, '', time() - 42000, $this->path);
 312          }
 313          $file = $sessionpath . DS . "sess_" . session_id();
 314          @session_destroy();
 315          @unlink ($file);
 316          $this->__construct($this->path);
 317          $this->renew();
 318      }
 319  /**
 320   * Helper function called on gc for
 321   * database sessions
 322   *
 323   * @param unknown_type $expires
 324   * @return boolean
 325   * @access private
 326   */
 327  	function __gc($expires) {
 328          $db =& ConnectionManager::getDataSource('default');
 329          $table = $db->fullTableName(CAKE_SESSION_TABLE);
 330          $db->execute("DELETE FROM " . $db->name($table) . " WHERE " . $db->name($table.'.expires') . " < ". $db->value(time()));
 331          return true;
 332       }
 333  /**
 334   * Helper method to initialize a session, based on Cake core settings.
 335   *
 336   * @return void
 337   * @access private
 338   */
 339  	function __initSession() {
 340          switch($this->security) {
 341              case 'high':
 342                  $this->cookieLifeTime=0;
 343                  if (function_exists('ini_set')) {
 344                      ini_set('session.referer_check', $this->host);
 345                  }
 346              break;
 347              case 'medium':
 348                  $this->cookieLifeTime = 7 * 86400;
 349              break;
 350              case 'low':
 351              default:
 352                  $this->cookieLifeTime = 788940000;
 353              break;
 354          }
 355  
 356          switch(CAKE_SESSION_SAVE) {
 357              case 'cake':
 358                  if (!isset($_SESSION)) {
 359                      if (function_exists('ini_set')) {
 360                          ini_set('session.use_trans_sid', 0);
 361                          ini_set('url_rewriter.tags', '');
 362                          ini_set('session.serialize_handler', 'php');
 363                          ini_set('session.use_cookies', 1);
 364                          ini_set('session.name', CAKE_SESSION_COOKIE);
 365                          ini_set('session.cookie_lifetime', $this->cookieLifeTime);
 366                          ini_set('session.cookie_path', $this->path);
 367                          ini_set('session.gc_probability', 1);
 368                          ini_set('session.auto_start', 0);
 369                          ini_set('session.save_path', TMP . 'sessions');
 370                      }
 371                  }
 372              break;
 373              case 'database':
 374                  if (!isset($_SESSION)) {
 375                      if (function_exists('ini_set')) {
 376                          ini_set('session.use_trans_sid', 0);
 377                          ini_set('url_rewriter.tags', '');
 378                          ini_set('session.save_handler', 'user');
 379                          ini_set('session.serialize_handler', 'php');
 380                          ini_set('session.use_cookies', 1);
 381                          ini_set('session.name', CAKE_SESSION_COOKIE);
 382                          ini_set('session.cookie_lifetime', $this->cookieLifeTime);
 383                          ini_set('session.cookie_path', $this->path);
 384                          ini_set('session.gc_probability', 1);
 385                          ini_set('session.auto_start', 0);
 386                      }
 387                  }
 388                  session_set_save_handler(array('CakeSession','__open'),
 389                                                      array('CakeSession', '__close'),
 390                                                      array('CakeSession', '__read'),
 391                                                      array('CakeSession', '__write'),
 392                                                      array('CakeSession', '__destroy'),
 393                                                      array('CakeSession', '__gc'));
 394              break;
 395              case 'php':
 396                  if (!isset($_SESSION)) {
 397                      if (function_exists('ini_set')) {
 398                          ini_set('session.use_trans_sid', 0);
 399                          ini_set('session.name', CAKE_SESSION_COOKIE);
 400                          ini_set('session.cookie_lifetime', $this->cookieLifeTime);
 401                          ini_set('session.cookie_path', $this->path);
 402                          ini_set('session.gc_probability', 1);
 403                      }
 404                  }
 405              break;
 406              default:
 407                  if (!isset($_SESSION)) {
 408                      $config = CONFIGS . CAKE_SESSION_SAVE . '.php';
 409  
 410                      if (is_file($config)) {
 411                          require_once ($config);
 412                      }
 413                  }
 414              break;
 415          }
 416      }
 417  /**
 418   * Helper method to create a new session.
 419   *
 420   * @return void
 421   * @access private
 422   *
 423   */
 424  	function __checkValid() {
 425          if ($this->readSessionVar("Config")) {
 426              if ($this->_userAgent == $this->readSessionVar("Config.userAgent") && $this->time <= $this->readSessionVar("Config.time")) {
 427                  $this->writeSessionVar("Config.time", $this->sessionTime);
 428                  $this->valid = true;
 429              } else {
 430                  $this->valid = false;
 431                  $this->__setError(1, "Session Highjacking Attempted !!!");
 432                  $this->destroyInvalid();
 433              }
 434          } else {
 435              srand ((double)microtime() * 1000000);
 436              $this->writeSessionVar('Config.rand', rand());
 437              $this->writeSessionVar("Config.time", $this->sessionTime);
 438              $this->writeSessionVar("Config.userAgent", $this->_userAgent);
 439              $this->valid = true;
 440              $this->__setError(1, "Session is valid");
 441          }
 442      }
 443  /**
 444   * Method called on open of a database
 445   * sesson
 446   *
 447   * @return boolean
 448   * @access private
 449   *
 450   */
 451  	function __open() {
 452          return true;
 453      }
 454  /**
 455   * Method used to read from a database
 456   * session
 457   *
 458   * @param mixed $key The key of the value to read
 459   * @return mixed The value of the key or false if it does not exist
 460   * @access private
 461   */
 462  	function __read($key) {
 463          $db =& ConnectionManager::getDataSource('default');
 464          $table = $db->fullTableName(CAKE_SESSION_TABLE, false);
 465          $row = $db->query("SELECT " . $db->name($table.'.data') . " FROM " . $db->name($table) . " WHERE " . $db->name($table.'.id') . " = " . $db->value($key), false);
 466  
 467          if ($row && !isset($row[0][$table]) && isset($row[0][0])) {
 468              $table = 0;
 469          }
 470  
 471          if ($row && $row[0][$table]['data']) {
 472              return $row[0][$table]['data'];
 473          } else {
 474              return false;
 475          }
 476      }
 477  /**
 478   * Helper method to restart a session.
 479   *
 480   * @return void
 481   * @access private
 482   */
 483  	function __regenerateId() {
 484          $oldSessionId = session_id();
 485          $sessionpath = session_save_path();
 486          if (empty($sessionpath)) {
 487              $sessionpath = "/tmp";
 488          }
 489  
 490          if (isset($_COOKIE[session_name()])) {
 491              setcookie(CAKE_SESSION_COOKIE, '', time() - 42000, $this->path);
 492          }
 493          session_regenerate_id();
 494          $newSessid = session_id();
 495          $file = $sessionpath . DS . "sess_$oldSessionId";
 496          @unlink ($file);
 497          @session_destroy ($oldSessionId);
 498  
 499          if (function_exists('session_write_close')) {
 500              session_write_close();
 501          }
 502          $this->__initSession();
 503          session_id ($newSessid);
 504          session_start();
 505      }
 506  /**
 507   * Restarts this session.
 508   *
 509   * @return void
 510   * @access public
 511   */
 512  	function renew() {
 513          $this->__regenerateId();
 514      }
 515  /**
 516   * Helper method to extract variable names from the session
 517   * variable
 518   *
 519   * @param mixed $name Variable names as array or string.
 520   * @return string The expression to eval to get the value or false
 521   * @access private
 522   */
 523  	function __sessionVarNames($name) {
 524          if (is_string($name) && preg_match("/^[0-9a-zA-Z._-]+$/", $name)) {
 525              if (strpos($name, ".")) {
 526                  $names = explode(".", $name);
 527              } else {
 528                  $names = array($name);
 529              }
 530              $expression="\$_SESSION";
 531  
 532              foreach($names as $item) {
 533                  $expression .= is_numeric($item) ? "[$item]" : "['$item']";
 534              }
 535              return $expression;
 536          }
 537          $this->__setError(3, "$name is not a string");
 538          return false;
 539      }
 540  /**
 541   * Helper method to set an internal error message.
 542   *
 543   * @param int $errorNumber Number of the error
 544   * @param string $errorMessage Description of the error
 545   * @return void
 546   * @access private
 547   */
 548  	function __setError($errorNumber, $errorMessage) {
 549          if ($this->error === false) {
 550              $this->error = array();
 551          }
 552          $this->error[$errorNumber] = $errorMessage;
 553          $this->lastError = $errorNumber;
 554      }
 555  /**
 556   * Helper function called on write for database
 557   * sessions
 558   *
 559   * @param mixed $key The name of the var
 560   * @param mixed $value The value of the var
 561   * @return boolean
 562   * @access private
 563   */
 564  	function __write($key, $value) {
 565          $db =& ConnectionManager::getDataSource('default');
 566          $table = $db->fullTableName(CAKE_SESSION_TABLE);
 567  
 568          switch(CAKE_SECURITY) {
 569              case 'high':
 570                  $factor = 10;
 571              break;
 572              case 'medium':
 573                  $factor = 100;
 574              break;
 575              case 'low':
 576                  $factor = 300;
 577              break;
 578              default:
 579                  $factor = 10;
 580              break;
 581          }
 582          $expires = time() + CAKE_SESSION_TIMEOUT * $factor;
 583          $row = $db->query("SELECT COUNT(id) AS count FROM " . $db->name($table) . " WHERE "
 584                                   . $db->name('id') . " = "
 585                                   . $db->value($key), false);
 586  
 587          if ($row[0][0]['count'] > 0) {
 588              $db->execute("UPDATE " . $db->name($table) . " SET " . $db->name('data') . " = "
 589                                  . $db->value($value) . ", " . $db->name('expires') . " = "
 590                                  . $db->value($expires) . " WHERE " . $db->name('id') . " = "
 591                                  . $db->value($key));
 592          } else {
 593              $db->execute("INSERT INTO " . $db->name($table) . " (" . $db->name('data') . ","
 594                                    . $db->name('expires') . "," . $db->name('id')
 595                                    . ") VALUES (" . $db->value($value) . ", " . $db->value($expires) . ", "
 596                                    . $db->value($key) . ")");
 597          }
 598          return true;
 599      }
 600  }
 601  ?>


Généré le : Sun Feb 25 19:27:47 2007 par Balluche grâce à PHPXref 0.7