| [ Index ] |
|
Code source de XOOPS 2.0.17.1 |
1 <?php 2 // $Id: session.php 1023 2007-09-08 02:55:26Z phppp $ 3 // ------------------------------------------------------------------------ // 4 // XOOPS - PHP Content Management System // 5 // Copyright (c) 2000 XOOPS.org // 6 // <http://www.xoops.org/> // 7 // ------------------------------------------------------------------------ // 8 // This program is free software; you can redistribute it and/or modify // 9 // it under the terms of the GNU General Public License as published by // 10 // the Free Software Foundation; either version 2 of the License, or // 11 // (at your option) any later version. // 12 // // 13 // You may not change or alter any portion of this comment or credits // 14 // of supporting developers from this source code or any supporting // 15 // source code which is considered copyrighted (c) material of the // 16 // original comment or credit authors. // 17 // // 18 // This program is distributed in the hope that it will be useful, // 19 // but WITHOUT ANY WARRANTY; without even the implied warranty of // 20 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // 21 // GNU General Public License for more details. // 22 // // 23 // You should have received a copy of the GNU General Public License // 24 // along with this program; if not, write to the Free Software // 25 // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // 26 // ------------------------------------------------------------------------ // 27 // Author: Kazumi Ono (AKA onokazu) // 28 // URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ // 29 // Project: The XOOPS Project // 30 // ------------------------------------------------------------------------- // 31 /** 32 * @package kernel 33 * 34 * @author Kazumi Ono <onokazu@xoops.org> 35 * @copyright copyright (c) 2000-2003 XOOPS.org 36 */ 37 38 39 /** 40 * Handler for a session 41 * @package kernel 42 * 43 * @author Kazumi Ono <onokazu@xoops.org> 44 * @copyright copyright (c) 2000-2003 XOOPS.org 45 */ 46 class XoopsSessionHandler 47 { 48 49 /** 50 * Database connection 51 * 52 * @var object 53 * @access private 54 */ 55 var $db; 56 57 /** 58 * Security checking level 59 * 60 * Possible value: 61 * 0 - no check; 62 * 1 - check browser characteristics (HTTP_USER_AGENT/HTTP_ACCEPT_LANGUAGE), to be implemented in the future now; 63 * 2 - check browser and IP A.B; 64 * 3 - check browser and IP A.B.C, recommended; 65 * 4 - check browser and IP A.B.C.D; 66 * 67 * @var int 68 * @access public 69 */ 70 var $securityLevel = 3; 71 72 /** 73 * Enable regenerate_id 74 * 75 * @var bool 76 * @access public 77 */ 78 var $enableRegenerateId = true; 79 80 /** 81 * Constructor 82 * 83 * @param object $db reference to the {@link XoopsDatabase} object 84 * 85 */ 86 function XoopsSessionHandler(&$db) 87 { 88 $this->db =& $db; 89 } 90 91 /** 92 * Open a session 93 * 94 * @param string $save_path 95 * @param string $session_name 96 * 97 * @return bool 98 */ 99 function open($save_path, $session_name) 100 { 101 return true; 102 } 103 104 /** 105 * Close a session 106 * 107 * @return bool 108 */ 109 function close() 110 { 111 $this->gc_force(); 112 return true; 113 } 114 115 /** 116 * Read a session from the database 117 * 118 * @param string &sess_id ID of the session 119 * 120 * @return array Session data 121 */ 122 function read($sess_id) 123 { 124 $sql = sprintf('SELECT sess_data, sess_ip FROM %s WHERE sess_id = %s', $this->db->prefix('session'), $this->db->quoteString($sess_id)); 125 if (false != $result = $this->db->query($sql)) { 126 if (list($sess_data, $sess_ip) = $this->db->fetchRow($result)) { 127 if ($this->securityLevel > 1) { 128 $pos = strpos($sess_ip, ".", $this->securityLevel - 1); 129 if (strncmp($sess_ip, $_SERVER['REMOTE_ADDR'], $pos)) { 130 $sess_data = ''; 131 } 132 } 133 return $sess_data; 134 } 135 } 136 return ''; 137 } 138 139 /** 140 * Write a session to the database 141 * 142 * @param string $sess_id 143 * @param string $sess_data 144 * 145 * @return bool 146 **/ 147 function write($sess_id, $sess_data) 148 { 149 $sess_id = $this->db->quoteString($sess_id); 150 $sql = sprintf('UPDATE %s SET sess_updated = %u, sess_data = %s WHERE sess_id = %s', $this->db->prefix('session'), time(), $this->db->quoteString($sess_data), $sess_id); 151 $this->db->queryF($sql); 152 if (!$this->db->getAffectedRows()) { 153 $sql = sprintf('INSERT INTO %s (sess_id, sess_updated, sess_ip, sess_data) VALUES (%s, %u, %s, %s)', $this->db->prefix('session'), $sess_id, time(), $this->db->quoteString($_SERVER['REMOTE_ADDR']), $this->db->quoteString($sess_data)); 154 return $this->db->queryF($sql); 155 } 156 return true; 157 } 158 159 /** 160 * Destroy a session 161 * 162 * @param string $sess_id 163 * 164 * @return bool 165 **/ 166 function destroy($sess_id) 167 { 168 $sql = sprintf('DELETE FROM %s WHERE sess_id = %s', $this->db->prefix('session'), $this->db->quoteString($sess_id)); 169 if ( !$result = $this->db->queryF($sql) ) { 170 return false; 171 } 172 return true; 173 } 174 175 /** 176 * Garbage Collector 177 * 178 * @param int $expire Time in seconds until a session expires 179 * @return bool 180 **/ 181 function gc($expire) 182 { 183 if (empty($expire)) { 184 return true; 185 } 186 187 $mintime = time() - intval($expire); 188 $sql = sprintf('DELETE FROM %s WHERE sess_updated < %u', $this->db->prefix('session'), $mintime); 189 return $this->db->queryF($sql); 190 } 191 192 /** 193 * Force gc for situations where gc is registered but not executed 194 **/ 195 function gc_force() 196 { 197 if (rand(1, 100) < 11) { 198 $expiration = empty($GLOBALS["xoopsConfig"]["session_expire"]) ? @ini_get('session.gc_maxlifetime') : $GLOBALS["xoopsConfig"]["session_expire"] * 60; 199 $this->gc($expiration); 200 } 201 } 202 203 /** 204 * Update the current session id with a newly generated one 205 * 206 * To be refactored 207 * 208 * @param bool $delete_old_session 209 * @return bool 210 **/ 211 function regenerate_id($delete_old_session = false) 212 { 213 if (!$this->enableRegenerateId) { 214 return true; 215 } 216 217 $phpversion = phpversion(); 218 219 // parameter "delete_old_session" only available as of PHP 5.1.0 220 if (version_compare($phpversion, "5.1.0", ">=")) { 221 $success = session_regenerate_id($delete_old_session); 222 } else { 223 $old_session_id = session_id(); 224 // session_regenerate_id function available as of PHP 4.3.2 225 if (function_exists("session_regenerate_id")) { 226 $success = session_regenerate_id(); 227 if ($success && $delete_old_session) { 228 // Extra step to destroy old session 229 $this->destroy($old_session_id); 230 } 231 // For PHP prior to 4.3.2 232 } else { 233 // session_regenerate_id is not defined, create new session ID 234 $session_id = md5( uniqid(rand(), true) . @$_SERVER['HTTP_USER_AGENT'] ); 235 // Set the new session ID 236 session_id($session_id); 237 // Destory old session on request 238 if ($delete_old_session) { 239 $this->destroy($old_session_id); 240 // switch old session to new one 241 } else { 242 $sql = sprintf('UPDATE %s SET sess_id = %s WHERE sess_id = %s', $this->db->prefix('session'), $this->db->quoteString($session_id), $this->db->quoteString($old_session_id)); 243 $this->db->queryF($sql); 244 } 245 $success = true; 246 } 247 } 248 249 // Force updating cookie for session cookie is not issued correctly in some IE versions or not automatically issued prior to PHP 4.3.3 for all browsers 250 if ($success) { 251 $this->update_cookie(); 252 } 253 254 return $success; 255 } 256 257 /** 258 * Update cookie status for current session 259 * 260 * To be refactored 261 * FIXME: how about $xoopsConfig['use_ssl'] is enabled? 262 * 263 * @param string $sess_id session ID 264 * @param int $expire Time in seconds until a session expires 265 * @return bool 266 **/ 267 function update_cookie($sess_id = null, $expire = null) 268 { 269 global $xoopsConfig; 270 $session_name = ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') ? $xoopsConfig['session_name'] : session_name(); 271 $session_expire = !is_null($expire) ? intval($expire) : ( ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') ? $xoopsConfig['session_expire'] * 60 : ini_get("session.cookie_lifetime") ); 272 $session_id = empty($sess_id) ? session_id() : $sess_id; 273 setcookie($session_name, $session_id, $session_expire ? time() + $session_expire : 0, '/', '', 0); 274 } 275 } 276 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Nov 25 11:44:32 2007 | par Balluche grâce à PHPXref 0.7 |
|
|