PageRenderTime 44ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/classes/Session.php

http://github.com/joshtronic/pickles
PHP | 357 lines | 144 code | 41 blank | 172 comment | 24 complexity | 3f53be0a7fe4fbdfb896bdeb0a3e4537 MD5 | raw file
Possible License(s): MIT 
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * Session Handling for PICKLES
    5. 

  5.  *
    6. 

  6.  * PHP version 5
    7. 

  7.  *
    8. 

  8.  * Licensed under The MIT License
    9. 

  9.  * Redistribution of these files must retain the above copyright notice.
    10. 

  10.  *
    11. 

  11.  * @author    Josh Sherman <josh@gravityblvd.com>
    12. 

  12.  * @copyright Copyright 2007-2011, Josh Sherman
    13. 

  13.  * @license   http://www.opensource.org/licenses/mit-license.html
    14. 

  14.  * @package   PICKLES
    15. 

  15.  * @link      http://p.ickl.es
    16. 

  16.  */
    17. 

  17. 

  18. /**
    19. 

  19.  * Session Class
    20. 

  20.  *
    21. 

  21.  * Provides session handling via database instead of the file based session
    22. 

  22.  * handling built into PHP. Using this class requires an array to be defined
    23. 

  23.  * in place of the boolean true/false (on/off). If simply array(), the
    24. 

  24.  * datasource will default to the value in $config['pickles']['datasource'] and
    25. 

  25.  * if the table will default to "sessions". The format is as follows:
    26. 

  26.  *
    27. 

  27.  *     $config = array(
    28. 

  28.  *         'pickles' => array(
    29. 

  29.  *             'session' => array(
    30. 

  30.  *                 'datasource' => 'mysql',
    31. 

  31.  *                 'table'      => 'sessions',
    32. 

  32.  *             )
    33. 

  33.  *         )
    34. 

  34.  *     );
    35. 

  35.  *
    36. 

  36.  * In addition to the configuration variables, a table in your database must
    37. 

  37.  * be created. The [MySQL] table schema is as follows:
    38. 

  38.  *
    39. 

  39.  *     CREATE TABLE sessions (
    40. 

  40.  *         id varchar(32) COLLATE utf8_unicode_ci NOT NULL,
    41. 

  41.  *         session text COLLATE utf8_unicode_ci NOT NULL,
    42. 

  42.  *         expires_at datetime NOT NULL,
    43. 

  43.  *         PRIMARY KEY (id)
    44. 

  44.  *     ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
    45. 

  45.  *
    46. 

  46.  * Note: The reason for not using a model class was to avoid a naming conflict
    47. 

  47.  * between the Session model and the Session class itself. This will eventually
    48. 

  48.  * be resolved when I abandon full 5.x support and migrate to 5.3+ (assuming
    49. 

  49.  * that ever happens).
    50. 

  50.  */
    51. 

  51. class Session extends Object
    52. 

  52. {
    53. 

  53. 	/**
    54. 

  54. 	 * Handler
    55. 

  55. 	 *
    56. 

  56. 	 * What the session is being handled by.
    57. 

  57. 	 *
    58. 

  58. 	 * @access private
    59. 

  59. 	 * @var    string
    60. 

  60. 	 */
    61. 

  61. 	private $handler = false;
    62. 

  62. 

  63. 	/**
    64. 

  64. 	 * Accessed At
    65. 

  65. 	 *
    66. 

  66. 	 * The UNIX timestamp of when the page was accessed.
    67. 

  67. 	 *
    68. 

  68. 	 * @access private
    69. 

  69. 	 * @var    integer
    70. 

  70. 	 */
    71. 

  71. 	private $accessed_at = null;
    72. 

  72. 

  73. 	/**
    74. 

  74. 	 * Time to Live
    75. 

  75. 	 *
    76. 

  76. 	 * The number of seconds the session should remain active. Corresponds to
    77. 

  77. 	 * the INI variable session.gc_maxlifetime
    78. 

  78. 	 *
    79. 

  79. 	 * @access private
    80. 

  80. 	 * @var    integer
    81. 

  81. 	 */
    82. 

  82. 	private $time_to_live = null;
    83. 

  83. 

  84. 	/**
    85. 

  85. 	 * Datasource
    86. 

  86. 	 *
    87. 

  87. 	 * Name of the datasource, defaults to whatever the default datasource
    88. 

  88. 	 * is defined to in config.php
    89. 

  89. 	 *
    90. 

  90. 	 * @access private
    91. 

  91. 	 * @var    string
    92. 

  92. 	 */
    93. 

  93. 	private $datasource = null;
    94. 

  94. 

  95. 	/**
    96. 

  96. 	 * Table
    97. 

  97. 	 *
    98. 

  98. 	 * Name of the database table in the aforementioned datasource that holds
    99. 

  99. 	 * the session data. The expected schema is defined above.
    100. 

  100. 	 *
    101. 

  101. 	 * @access private
    102. 

  102. 	 * @var    string
    103. 

  103. 	 */
    104. 

  104. 	private $table = null;
    105. 

  105. 

  106. 	/**
    107. 

  107. 	 * Database
    108. 

  108. 	 *
    109. 

  109. 	 * Our database object to interact with the aforementioned datasource and
    110. 

  110. 	 * table. This object is shared with other PICKLES internals.
    111. 

  111. 	 *
    112. 

  112. 	 * @access private
    113. 

  113. 	 * @var    object
    114. 

  114. 	 */
    115. 

  115. 	private $db = null;
    116. 

  116. 

  117. 	/**
    118. 

  118. 	 * Constructor
    119. 

  119. 	 *
    120. 

  120. 	 * All of our set up logic for the session in contained here. This object
    121. 

  121. 	 * is initially instantiated from pickles.php and the session callbacks are
    122. 

  122. 	 * established here. All variables are driven from php.ini and/or the site
    123. 

  123. 	 * config. Once configured, the session is started automatically.
    124. 

  124. 	 */
    125. 

  125. 	public function __construct()
    126. 

  126. 	{
    127. 

  127. 		if (!IS_CLI && (isset($_REQUEST['request']) == false || preg_match('/^__pickles\/(css|js)\/.+$/', $_REQUEST['request']) == false))
    128. 

  128. 		{
    129. 

  129. 			parent::__construct();
    130. 

  130. 

  131. 			// Sets up our configuration variables
    132. 

  132. 			$session     = $this->config->pickles['session'];
    133. 

  133. 			$datasources = $this->config->datasources;
    134. 

  134. 

  135. 			$datasource = false;
    136. 

  136. 			$table      = 'sessions';
    137. 

  137. 

  138. 			if (is_array($session))
    139. 

  139. 			{
    140. 

  140. 				if (isset($session['handler']) && in_array($session['handler'], array('files', 'memcache', 'mysql')))
    141. 

  141. 				{
    142. 

  142. 					$this->handler = $session['handler'];
    143. 

  143. 

  144. 					if ($this->handler != 'files')
    145. 

  145. 					{
    146. 

  146. 						if (isset($session['datasource']))
    147. 

  147. 						{
    148. 

  148. 							$datasource = $session['datasource'];
    149. 

  149. 						}
    150. 

  150. 

  151. 						if (isset($session['table']))
    152. 

  152. 						{
    153. 

  153. 							$table = $session['table'];
    154. 

  154. 						}
    155. 

  155. 					}
    156. 

  156. 				}
    157. 

  157. 			}
    158. 

  158. 			else
    159. 

  159. 			{
    160. 

  160. 				if ($session === true || $session == 'files')
    161. 

  161. 				{
    162. 

  162. 					$this->handler = 'files';
    163. 

  163. 				}
    164. 

  164. 				elseif ($session == 'memcache')
    165. 

  165. 				{
    166. 

  166. 					$this->handler = 'memcache';
    167. 

  167. 					$datasource    = 'memcached';
    168. 

  168. 				}
    169. 

  169. 				elseif ($session == 'mysql')
    170. 

  170. 				{
    171. 

  171. 					$this->handler = 'mysql';
    172. 

  172. 					$datasource    = 'mysql';
    173. 

  173. 				}
    174. 

  174. 			}
    175. 

  175. 

  176. 			switch ($this->handler)
    177. 

  177. 			{
    178. 

  178. 				case 'files':
    179. 

  179. 					ini_set('session.save_handler', 'files');
    180. 

  180. 					session_start();
    181. 

  181. 					break;
    182. 

  182. 

  183. 				case 'memcache':
    184. 

  184. 					$hostname = 'localhost';
    185. 

  185. 					$port     = 11211;
    186. 

  186. 

  187. 					if ($datasource !== false && isset($datasources[$datasource]))
    188. 

  188. 					{
    189. 

  189. 						$hostname = $datasources[$datasource]['hostname'];
    190. 

  190. 						$port     = $datasources[$datasource]['port'];
    191. 

  191. 					}
    192. 

  192. 

  193. 					ini_set('session.save_handler', 'memcache');
    194. 

  194. 					ini_set('session.save_path',    'tcp://' . $hostname . ':' . $port . '?persistent=1&amp;weight=1&amp;timeout=1&amp;retry_interval=15');
    195. 

  195. 					session_start();
    196. 

  196. 					break;
    197. 

  197. 

  198. 				case 'mysql':
    199. 

  199. 					if ($datasource !== false && isset($datasources[$datasource]))
    200. 

  200. 					{
    201. 

  201. 						// Sets our access time and time to live
    202. 

  202. 						$this->accessed_at  = time();
    203. 

  203. 						$this->time_to_live = ini_get('session.gc_maxlifetime');
    204. 

  204. 

  205. 						$this->datasource = $datasource;
    206. 

  206. 						$this->table      = $table;
    207. 

  207. 

  208. 						// Gets a database instance
    209. 

  209. 						$this->db = Database::getInstance($this->datasource);
    210. 

  210. 

  211. 						// Initializes the session
    212. 

  212. 						$this->initialize();
    213. 

  213. 

  214. 						session_start();
    215. 

  215. 					}
    216. 

  216. 					else
    217. 

  217. 					{
    218. 

  218. 						throw new Exception('Unable to determine which datasource to use');
    219. 

  219. 					}
    220. 

  220. 

  221. 					break;
    222. 

  222. 			}
    223. 

  223. 		}
    224. 

  224. 	}
    225. 

  225. 

  226. 	/**
    227. 

  227. 	 * Destructor
    228. 

  228. 	 *
    229. 

  229. 	 * Runs garbage collection and closes the session. I'm not sure if the
    230. 

  230. 	 * garbage collection should stay as it could be accomplished via php.ini
    231. 

  231. 	 * variables. The session_write_close() is present to combat a chicken
    232. 

  232. 	 * and egg scenario in earlier versions of PHP 5.
    233. 

  233. 	 */
    234. 

  234. 	public function __destruct()
    235. 

  235. 	{
    236. 

  236. 		if ($this->handler == 'mysql')
    237. 

  237. 		{
    238. 

  238. 			$this->gc($this->time_to_live);
    239. 

  239. 			session_write_close();
    240. 

  240. 		}
    241. 

  241. 	}
    242. 

  242. 

  243. 	/**
    244. 

  244. 	 * Initializes the Session
    245. 

  245. 	 *
    246. 

  246. 	 * This method exists to combat the fact that calling session_destroy()
    247. 

  247. 	 * also clears out the save handler. Upon destorying a session this method
    248. 

  248. 	 * is called again so the save handler is all set.
    249. 

  249. 	 */
    250. 

  250. 	public function initialize()
    251. 

  251. 	{
    252. 

  252. 		// Sets up the session handler
    253. 

  253. 		session_set_save_handler(
    254. 

  254. 			array($this, 'open'),
    255. 

  255. 			array($this, 'close'),
    256. 

  256. 			array($this, 'read'),
    257. 

  257. 			array($this, 'write'),
    258. 

  258. 			array($this, 'destroy'),
    259. 

  259. 			array($this, 'gc')
    260. 

  260. 		);
    261. 

  261. 

  262. 		register_shutdown_function('session_write_close');
    263. 

  263. 	}
    264. 

  264. 

  265. 	/**
    266. 

  266. 	 * Opens the Session
    267. 

  267. 	 *
    268. 

  268. 	 * Since the session is in the database, opens the database connection.
    269. 

  269. 	 * This step isn't really necessary as the Database object is smart enough
    270. 

  270. 	 * to open itself up upon execute.
    271. 

  271. 	 */
    272. 

  272. 	public function open()
    273. 

  273. 	{
    274. 

  274. 		session_regenerate_id();
    275. 

  275. 

  276. 		return $this->db->open();
    277. 

  277. 	}
    278. 

  278. 

  279. 	/**
    280. 

  280. 	 * Closes the Session
    281. 

  281. 	 *
    282. 

  282. 	 * Same as above, but in reverse.
    283. 

  283. 	 */
    284. 

  284. 	public function close()
    285. 

  285. 	{
    286. 

  286. 		return $this->db->close();
    287. 

  287. 	}
    288. 

  288. 

  289. 	/**
    290. 

  290. 	 * Reads the Session
    291. 

  291. 	 *
    292. 

  292. 	 * Checks the database for the session ID and returns the session data.
    293. 

  293. 	 *
    294. 

  294. 	 * @param  string $id session ID
    295. 

  295. 	 * @return string serialized session data
    296. 

  296. 	 */
    297. 

  297. 	public function read($id)
    298. 

  298. 	{
    299. 

  299. 		$sql = 'SELECT session FROM `' . $this->table . '` WHERE id = ?;';
    300. 

  300. 

  301. 		$session = $this->db->fetch($sql, array($id));
    302. 

  302. 

  303. 		return isset($session[0]['session']) ? $session[0]['session'] : '';
    304. 

  304. 	}
    305. 

  305. 

  306. 	/**
    307. 

  307. 	 * Writes the Session
    308. 

  308. 	 *
    309. 

  309. 	 * When there's changes to the session, writes the data to the database.
    310. 

  310. 	 *
    311. 

  311. 	 * @param  string $id session ID
    312. 

  312. 	 * @param  string $session serialized session data
    313. 

  313. 	 * @return boolean whether the query executed correctly
    314. 

  314. 	 */
    315. 

  315. 	public function write($id, $session)
    316. 

  316. 	{
    317. 

  317. 		$sql = 'REPLACE INTO `' . $this->table . '` VALUES (?, ? ,?);';
    318. 

  318. 

  319. 		$parameters = array($id, $session, date('Y-m-d H:i:s', strtotime('+' . $this->time_to_live . ' seconds')));
    320. 

  320. 

  321. 		return $this->db->execute($sql, $parameters);
    322. 

  322. 	}
    323. 

  323. 

  324. 	/**
    325. 

  325. 	 * Destroys the Session
    326. 

  326. 	 *
    327. 

  327. 	 * Deletes the session from the database.
    328. 

  328. 	 *
    329. 

  329. 	 * @param  string $id session ID
    330. 

  330. 	 * @return boolean whether the query executed correctly
    331. 

  331. 	 */
    332. 

  332. 	public function destroy($id)
    333. 

  333. 	{
    334. 

  334. 		$sql = 'DELETE FROM `' . $this->table . '` WHERE id = ?;';
    335. 

  335. 

  336. 		return $this->db->execute($sql, array($id));
    337. 

  337. 	}
    338. 

  338. 

  339. 	/**
    340. 

  340. 	 * Garbage Collector
    341. 

  341. 	 *
    342. 

  342. 	 * This is who you call when you got trash to be taken out.
    343. 

  343. 	 *
    344. 

  344. 	 * @param  integer $time_to_live number of seconds a session is active
    345. 

  345. 	 * @return boolean whether the query executed correctly
    346. 

  346. 	 */
    347. 

  347. 	public function gc($time_to_live)
    348. 

  348. 	{
    349. 

  349. 		$sql = 'DELETE FROM `' . $this->table . '` WHERE expires_at < ?;';
    350. 

  350. 

  351. 		$parameters = array(date('Y-m-d H:i:s', $this->accessed_at - $time_to_live));
    352. 

  352. 

  353. 		return $this->db->execute($sql, $parameters);
    354. 

  354. 	}
    355. 

  355. }
    356. 

  356. 

  357. ?>
    358. 

  358.