PageRenderTime 48ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/utilities/WaxSession.php

http://github.com/phpwax/phpwax
PHP | 190 lines | 139 code | 30 blank | 21 comment | 27 complexity | 5ec97ae8a8478129eb170c02874a4d22 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. //if sessions are used, add http headers defining the cookie use. this is above the class definition since it only needs to be sent once for all sessions, not once per session.
    4. 

  4. if(class_exists("WaxEvent", false)){
    5. 

  5.     WaxEvent::add("wax.post_render", function(){
    6. 

  6.         $response = WaxEvent::data();
    7. 

  7.         $response->add_header('P3P', ' CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
    8. 

  8. 

  9.         //garbage collection
    10. 

  10.         $cmd = "php ".__FILE__." ";
    11. 

  11.         $run_garbage_collection = true;
    12. 

  12.         foreach(WaxSession::$garbage_collection_folders as $dir){
    13. 

  13.             if(($stats = stat($dir."/garbage.collect.lock")) && time() < $stats[9]){
    14. 

  14.                 $run_garbage_collection = false;
    15. 

  15.                 break;
    16. 

  16.             }
    17. 

  17.             $cmd .= $dir." ";
    18. 

  18.         }
    19. 

  19.         if($run_garbage_collection) exec($cmd." > /dev/null &");
    20. 

  20.     });
    21. 

  21. }
    22. 

  22. 

  23. class WaxSession {
    24. 

  24.     public static
    25. 

  25.         $data = array(),
    26. 

  26.         $updated = array(),
    27. 

  27.         $garbage_collection_folders = array(),
    28. 

  28.         $garbage_collection_timeout = 1440;
    29. 

  29. 

  30.     public
    31. 

  31.         $bots = array('googlebot','ask jeeves','slurp','fast','scooter','zyborg','msnbot'),
    32. 

  32.         $file_storage_prefix = SESSION_DIR,
    33. 

  33.         $id = false,
    34. 

  34.         $lifetime = 0,
    35. 

  35.         $name = "wxsession";
    36. 

  36. 

  37.     function __construct($data = array()){
    38. 

  38.         if($this->is_bot()) {
    39. 

  39.             return;
    40. 

  40.         } // Don't start a session if this is a search engine
    41. 

  41. 

  42.         //set passed in data
    43. 

  43.         foreach($data as $k => $v) {
    44. 

  44.             $this->$k = $v;
    45. 

  45.         }
    46. 

  46. 

  47.         //get id from request or generate an id
    48. 

  48.         if(($this->id = $_COOKIE[$this->name]) || ($this->id = $_REQUEST[$this->name])){
    49. 

  49.             //initialize data from cross-request storage
    50. 

  50.             if(!static::$data[$this->name] && (is_readable($storage = $this->file_storage())) && ($stats = stat($storage))){
    51. 

  51.                 if(time() < $stats[9]) {
    52. 

  52.                     static::$data[$this->name] = unserialize(file_get_contents($this->file_storage()));
    53. 

  53.                 }
    54. 

  54.                 else {
    55. 

  55.                     unlink($this->file_storage());
    56. 

  56.                 }
    57. 

  57.             }
    58. 

  58.         } else {
    59. 

  59.             $this->id = $this->safe_encrypt($_SERVER['REMOTE_ADDR'].microtime().mt_rand());
    60. 

  60.         }
    61. 

  61. 

  62.         //add folder to collection of folders to be garbage collected
    63. 

  63.         static::$garbage_collection_folders[] = $this->file_storage_dir();
    64. 

  64. 

  65.         //set cookie on render to propagate session
    66. 

  66.         $session = $this;
    67. 

  67.         WaxEvent::add(
    68. 

  68.             'wax.response.execute', function() use ($session) {
    69. 

  69.             $response = WaxEvent::data();
    70. 

  70.             $expires = $session->lifetime ? (time() + $session->lifetime) : false;
    71. 

  71.             $response->set_cookie($session->name, $session->id, $expires);
    72. 

  72.         });
    73. 

  73. 

  74.         $session_save = $this;
    75. 

  75.         WaxEvent::add(
    76. 

  76.             'wax.response.execute', function () use ($session_save){
    77. 

  77.             $session_save->save_session();
    78. 

  78.         });
    79. 

  79.     }
    80. 

  80. 

  81.     public function save_session(){
    82. 

  82.         //create folder to store sessions
    83. 

  83.         if(!is_dir($this->file_storage_dir())){
    84. 

  84.             if(!mkdir($this->file_storage_dir(), 0750, true)) throw new WaxException(
    85. 

  85.                 'Session not writable - ' . $this->file_storage_dir());
    86. 

  86.         }
    87. 

  87.         if(static::$updated[$this->name]){
    88. 

  88.             if(file_put_contents($this->file_storage(), serialize(static::$data[$this->name])) === false) throw new WaxException("Session not writable - ".$this->file_storage_dir());
    89. 

  89.         }
    90. 

  90.         touch($this->file_storage(), time() + ($this->lifetime?$this->lifetime:(WaxSession::$garbage_collection_timeout * 10)));
    91. 

  91.     }
    92. 

  92. 

  93.     public function get($key)
    94. 

  94.     {
    95. 

  95.         if (!$key) {
    96. 

  96.             return static::$data[$this->name];
    97. 

  97.         }
    98. 

  98. 

  99.         if (isset(static::$data[$this->name][$key])) {
    100. 

  100.             return static::$data[$this->name][$key];
    101. 

  101.         }
    102. 

  102. 

  103.         return null;
    104. 

  104.     }
    105. 

  105. 

  106.     public function __get($key) { return $this->get($key); }
    107. 

  107. 

  108.     public function set($key, $value) { static::$updated[$this->name] = true; static::$data[$this->name][$key] = $value; }
    109. 

  109. 

  110.     public function __set($key, $value) { return $this->set($key, $value); }
    111. 

  111. 

  112.     public function unset_var($key) { static::$updated[$this->name] = true; unset(static::$data[$this->name][$key]); }
    113. 

  113. 

  114.     public function get_hash() { return $this->id; }
    115. 

  115. 

  116.     public function isset_var($key) { return isset(static::$data[$this->name][$key]); }
    117. 

  117. 

  118.     public function add_message($string) { static::$updated[$this->name] = true; static::$data[$this->name]['user_messages'][] = $string; }
    119. 

  119. 

  120.     public function add_error($string) { static::$updated[$this->name] = true; static::$data[$this->name]['user_errors'][] = $string; }
    121. 

  121. 

  122.     public function unset_session() { static::$updated[$this->name] = true; unset(static::$data[$this->name]); }
    123. 

  123. 

  124.     public function destroy_session() { $this->unset_session(); }
    125. 

  125. 

  126.     public function is_bot() {
    127. 

  127.         foreach($this->bots as $bot) {
    128. 

  128.             if (stristr($_SERVER['HTTP_USER_AGENT'], $bot)) {
    129. 

  129.                 return true;
    130. 

  130.             }
    131. 

  131.         }
    132. 

  132.     }
    133. 

  133. 

  134.     public function file_storage_dir(){ return "$this->file_storage_prefix$this->name"; }
    135. 

  135. 

  136.     public function file_storage(){ return $this->file_storage_dir()."/".$this->id; }
    137. 

  137. 

  138.     protected function safe_encrypt($password, $iterations = 8) {
    139. 

  139.         $itoa64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
    140. 

  140.         $random = substr(md5(mt_rand()), 0, 16);
    141. 

  141.         if($iterations < 4 || $iterations > 31) $iterations = 8;
    142. 

  142.         $salt = '$2a$';
    143. 

  143.         $salt .= chr(ord('0') + $iterations / 10);
    144. 

  144.         $salt .= chr(ord('0') + $iterations % 10);
    145. 

  145.         $salt .= '$';
    146. 

  146.         $i = 0;
    147. 

  147.         do {
    148. 

  148.             $c1 = ord($random[$i++]);
    149. 

  149.             $salt .= $itoa64[$c1 >> 2];
    150. 

  150.             $c1 = ($c1 & 0x03) << 4;
    151. 

  151.             if ($i >= 16) {
    152. 

  152.                 $salt .= $itoa64[$c1];
    153. 

  153.                 $hash = crypt($password, $salt);
    154. 

  154.                 return strlen($hash) == 60 ? str_replace("/", "_", $hash) : '*';
    155. 

  155.             }
    156. 

  156.             $c2 = ord($random[$i++]);
    157. 

  157.             $c1 |= $c2 >> 4;
    158. 

  158.             $salt .= $itoa64[$c1];
    159. 

  159.             $c1 = ($c2 & 0x0f) << 2;
    160. 

  160.             $c2 = ord($random[$i++]);
    161. 

  161.             $c1 |= $c2 >> 6;
    162. 

  162.             $salt .= $itoa64[$c1];
    163. 

  163.             $salt .= $itoa64[$c2 & 0x3f];
    164. 

  164.         } while (true);
    165. 

  165.     }
    166. 

  166. 

  167.     /**
    168. 

  168.      * depreciated. start does nothing now, since starting happens in construction. making use of sessions in any way will start them behind the scenes.
    169. 

  169.      */
    170. 

  170.     public function start(){}
    171. 

  171. }
    172. 

  172. 

  173. //when run from console directly, garbage collect. parameters are directories to be processed
    174. 

  174. if($argv){
    175. 

  175.     array_shift($argv);
    176. 

  176.     foreach($argv as $dir){
    177. 

  177.         if(!is_dir($dir)) {
    178. 

  178.             continue;
    179. 

  179.         }
    180. 

  180.         touch("$dir/garbage.collect.lock", time() + WaxSession::$garbage_collection_timeout);
    181. 

  181.         foreach(glob("$dir/*") as $file){
    182. 

  182.             if($file === "$dir/garbage.collect.lock") {
    183. 

  183.                 continue;
    184. 

  184.             }
    185. 

  185.             if(($stats = stat($file)) && time() > $stats[9]) {
    186. 

  186.                 unlink($file);
    187. 

  187.             }
    188. 

  188.         }
    189. 

  189.     }
    190. 

  190. }
    191.