PageRenderTime 50ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 0ms

/utilities/WaxSession.php

https://gitlab.com/sheldonels/phpwax
PHP | 163 lines | 115 code | 28 blank | 20 comment | 26 complexity | 10276e50a16ea19f066ef33c3a31e3a0 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. //if sessions are used, add http headers defining the cookie use. this is above the class definition since it only needs to be sent once for all sessions, not once per session.
    4. 

  4. if(class_exists("WaxEvent", false)){
    5. 

  5.   WaxEvent::add("wax.post_render", function(){
    6. 

  6.     $response = WaxEvent::data();
    7. 

  7.     $response->add_header('P3P', ' CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
    8. 

  8.     
    9. 

  9.     //garbage collection
    10. 

  10.     $cmd = "php ".__FILE__." ";
    11. 

  11.     $run_garbage_collection = true;
    12. 

  12.     foreach(WaxSession::$garbage_collection_folders as $dir){
    13. 

  13.       if(($stats = stat($dir."/garbage.collect.lock")) && time() < $stats[9]){
    14. 

  14.         $run_garbage_collection = false;
    15. 

  15.         break;
    16. 

  16.       }
    17. 

  17.       $cmd .= $dir." ";
    18. 

  18.     }
    19. 

  19.     if($run_garbage_collection) exec($cmd." > /dev/null &");
    20. 

  20.   });
    21. 

  21. }
    22. 

  22. 

  23. class WaxSession {
    24. 

  24.   public static
    25. 

  25.     $data = array(),
    26. 

  26.     $updated = array(),
    27. 

  27.     $garbage_collection_folders = array(),
    28. 

  28.     $garbage_collection_timeout = 1440;
    29. 

  29.   
    30. 

  30.   public
    31. 

  31.     $bots = array('googlebot','ask jeeves','slurp','fast','scooter','zyborg','msnbot'),
    32. 

  32.     $file_storage_prefix = SESSION_DIR,
    33. 

  33.     $id = false,
    34. 

  34.     $lifetime = 0,
    35. 

  35.     $name = "wxsession";
    36. 

  36.   
    37. 

  37.   function __construct($data = array()){
    38. 

  38.     if($this->is_bot()) return; // Don't start a session if this is a search engine
    39. 

  39.     
    40. 

  40.     //set passed in data
    41. 

  41.     foreach($data as $k => $v) $this->$k = $v;
    42. 

  42.     
    43. 

  43.     //get id from request or generate an id
    44. 

  44.     if(($this->id = $_COOKIE[$this->name]) || ($this->id = $_REQUEST[$this->name])){
    45. 

  45.       //initialize data from cross-request storage
    46. 

  46.       if(!static::$data[$this->name] && (is_readable($storage = $this->file_storage())) && ($stats = stat($storage))){
    47. 

  47.         if(time() < $stats[9]) static::$data[$this->name] = unserialize(file_get_contents($this->file_storage()));
    48. 

  48.         else unlink($this->file_storage());
    49. 

  49.       }
    50. 

  50.     }else $this->id = $this->safe_encrypt($_SERVER['REMOTE_ADDR'].microtime().mt_rand());
    51. 

  51.     
    52. 

  52.     //add folder to collection of folders to be garbage collected
    53. 

  53.     static::$garbage_collection_folders[] = $this->file_storage_dir();
    54. 

  54.     
    55. 

  55.     //set cookie on render to propogate session
    56. 

  56.     $session = $this;
    57. 

  57.     WaxEvent::add("wax.response.execute", function() use ($session) {
    58. 

  58.       $response = WaxEvent::data();
    59. 

  59.       $response->set_cookie($session->name, $session->id, $session->lifetime?(time() + $session->lifetime):false);
    60. 

  60.     });
    61. 

  61. 

  62.     $session_save = $this;
    63. 

  63.     WaxEvent::add("wax.response.execute", function() use($session_save){
    64. 

  64.       $session_save->save_session();
    65. 

  65.     });
    66. 

  66.   }
    67. 

  67.   
    68. 

  68.   function save_session(){
    69. 

  69.     //create folder to store sessions
    70. 

  70.     if(!is_dir($this->file_storage_dir())){
    71. 

  71.       if(!mkdir($this->file_storage_dir(), 0750, true)) throw new WaxException("Session not writable - ".$this->file_storage_dir());
    72. 

  72.     }
    73. 

  73.     if(static::$updated[$this->name]){
    74. 

  74.       if(file_put_contents($this->file_storage(), serialize(static::$data[$this->name])) === false) throw new WaxException("Session not writable - ".$this->file_storage_dir());
    75. 

  75.     }
    76. 

  76.     touch($this->file_storage(), time() + ($this->lifetime?$this->lifetime:(WaxSession::$garbage_collection_timeout * 10)));
    77. 

  77.   }
    78. 

  78.   
    79. 

  79.   public function get($key){
    80. 

  80.     if(!$key) return static::$data[$this->name];
    81. 

  81.     else return static::$data[$this->name][$key];
    82. 

  82.   }
    83. 

  83.   
    84. 

  84.   public function __get($key) { return $this->get($key); }
    85. 

  85. 

  86.   public function set($key, $value) { static::$updated[$this->name] = true; static::$data[$this->name][$key] = $value; }
    87. 

  87. 

  88.   public function __set($key, $value) { return $this->set($key, $value); }
    89. 

  89.   
    90. 

  90.   public function unset_var($key) { static::$updated[$this->name] = true; unset(static::$data[$this->name][$key]); }
    91. 

  91.   
    92. 

  92.   public function get_hash() { return $this->id; }
    93. 

  93.   
    94. 

  94.   public function isset_var($key) { return isset(static::$data[$this->name][$key]); }
    95. 

  95.   
    96. 

  96.   public function add_message($string) { static::$updated[$this->name] = true; static::$data[$this->name]['user_messages'][] = $string; }
    97. 

  97.   
    98. 

  98.   public function add_error($string) { static::$updated[$this->name] = true; static::$data[$this->name]['user_errors'][] = $string; }
    99. 

  99.   
    100. 

  100.   public function unset_session() { static::$updated[$this->name] = true; unset(static::$data[$this->name]); }
    101. 

  101.   
    102. 

  102.   public function destroy_session() { $this->unset_session(); }
    103. 

  103.   
    104. 

  104.   public function is_bot() {
    105. 

  105.     foreach($this->bots as $bot)
    106. 

  106.       if(stristr($_SERVER['HTTP_USER_AGENT'], $bot))
    107. 

  107.         return true;
    108. 

  108.   }
    109. 

  109.   
    110. 

  110.   public function file_storage_dir(){ return "$this->file_storage_prefix$this->name"; }
    111. 

  111.   
    112. 

  112.   public function file_storage(){ return $this->file_storage_dir()."/".$this->id; }
    113. 

  113.   
    114. 

  114.   protected function safe_encrypt($password, $iterations = 8) {
    115. 

  115.     $itoa64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
    116. 

  116.     $random = substr(md5(mt_rand()), 0, 16);
    117. 

  117.     if($iterations < 4 || $iterations > 31) $iterations = 8;
    118. 

  118.     $salt = '$2a$';
    119. 

  119.     $salt .= chr(ord('0') + $iterations / 10);
    120. 

  120.     $salt .= chr(ord('0') + $iterations % 10);
    121. 

  121.     $salt .= '$';
    122. 

  122.     $i = 0;
    123. 

  123.     do {
    124. 

  124.       $c1 = ord($random[$i++]);
    125. 

  125.       $salt .= $itoa64[$c1 >> 2];
    126. 

  126.       $c1 = ($c1 & 0x03) << 4;
    127. 

  127.       if ($i >= 16) {
    128. 

  128.         $salt .= $itoa64[$c1];
    129. 

  129.         $hash = crypt($password, $salt);
    130. 

  130.         return strlen($hash) == 60 ? str_replace("/", "_", $hash) : '*';
    131. 

  131.       }
    132. 

  132.       $c2 = ord($random[$i++]);
    133. 

  133.       $c1 |= $c2 >> 4;
    134. 

  134.       $salt .= $itoa64[$c1];
    135. 

  135.       $c1 = ($c2 & 0x0f) << 2;
    136. 

  136.       $c2 = ord($random[$i++]);
    137. 

  137.       $c1 |= $c2 >> 6;
    138. 

  138.       $salt .= $itoa64[$c1];
    139. 

  139.       $salt .= $itoa64[$c2 & 0x3f];
    140. 

  140.     } while (true);
    141. 

  141.   }
    142. 

  142.   
    143. 

  143.   /**
    144. 

  144.    * depreciated. start does nothing now, since starting happens in construction. making use of sessions in any way will start them behind the scenes.
    145. 

  145.    */
    146. 

  146.   public function start(){}
    147. 

  147. }
    148. 

  148. 

  149. //when run from console directly, garbage collect. parameters are directories to be processed
    150. 

  150. if($argv){
    151. 

  151.   array_shift($argv);
    152. 

  152.   foreach($argv as $dir){
    153. 

  153.     if(!is_dir($dir)) continue;
    154. 

  154.     touch("$dir/garbage.collect.lock", time() + WaxSession::$garbage_collection_timeout);
    155. 

  155.     foreach(glob("$dir/*") as $file){
    156. 

  156.       if($file == "$dir/garbage.collect.lock") continue;
    157. 

  157.       if(($stats = stat($file)) && time() > $stats[9])
    158. 

  158.         unlink($file);
    159. 

  159.     }
    160. 

  160.   }
    161. 

  161. }
    162. 

  162. 

  163. ?>
    164. 

  164.