PageRenderTime 28ms CodeModel.GetById 0ms RepoModel.GetById 0ms app.codeStats 0ms

/fsn-site-central/mediatheque/include/functions_session.inc.php

https://gitlab.com/team_fsn/fsn-php
PHP | 274 lines | 152 code | 23 blank | 99 comment | 9 complexity | 847d89e80212397603ed05f179b6e41f MD5 | raw file
    

  1. <?php
    2. 

  2. // +-----------------------------------------------------------------------+
    3. 

  3. // | Piwigo - a PHP based photo gallery                                    |
    4. 

  4. // +-----------------------------------------------------------------------+
    5. 

  5. // | Copyright(C) 2008-2016 Piwigo Team                  http://piwigo.org |
    6. 

  6. // | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
    7. 

  7. // | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
    8. 

  8. // +-----------------------------------------------------------------------+
    9. 

  9. // | This program is free software; you can redistribute it and/or modify  |
    10. 

  10. // | it under the terms of the GNU General Public License as published by  |
    11. 

  11. // | the Free Software Foundation                                          |
    12. 

  12. // |                                                                       |
    13. 

  13. // | This program is distributed in the hope that it will be useful, but   |
    14. 

  14. // | WITHOUT ANY WARRANTY; without even the implied warranty of            |
    15. 

  15. // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
    16. 

  16. // | General Public License for more details.                              |
    17. 

  17. // |                                                                       |
    18. 

  18. // | You should have received a copy of the GNU General Public License     |
    19. 

  19. // | along with this program; if not, write to the Free Software           |
    20. 

  20. // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
    21. 

  21. // | USA.                                                                  |
    22. 

  22. // +-----------------------------------------------------------------------+
    23. 

  23. 

  24. /**
    25. 

  25.  * @package functions\session
    26. 

  26.  */
    27. 

  27. 

  28. 

  29. if (isset($conf['session_save_handler'])
    30. 

  30.   and ($conf['session_save_handler'] == 'db')
    31. 

  31.   and defined('PHPWG_INSTALLED'))
    32. 

  32. {
    33. 

  33.   session_set_save_handler(
    34. 

  34.     'pwg_session_open',
    35. 

  35.     'pwg_session_close',
    36. 

  36.     'pwg_session_read',
    37. 

  37.     'pwg_session_write',
    38. 

  38.     'pwg_session_destroy',
    39. 

  39.     'pwg_session_gc'
    40. 

  40.   );
    41. 

  41. 

  42.   if (function_exists('ini_set'))
    43. 

  43.   {
    44. 

  44.     ini_set('session.use_cookies', $conf['session_use_cookies']);
    45. 

  45.     ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
    46. 

  46.     ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
    47. 

  47.     ini_set('session.cookie_httponly', 1);
    48. 

  48.   }
    49. 

  49. 

  50.   session_name($conf['session_name']);
    51. 

  51.   session_set_cookie_params(0, cookie_path());
    52. 

  52.   register_shutdown_function('session_write_close');
    53. 

  53. }
    54. 

  54. 

  55. 

  56. /**
    57. 

  57.  * Generates a pseudo random string.
    58. 

  58.  * Characters used are a-z A-Z and numerical values.
    59. 

  59.  *
    60. 

  60.  * @param int $size
    61. 

  61.  * @return string
    62. 

  62.  */
    63. 

  63. function generate_key($size)
    64. 

  64. {
    65. 

  65.   include_once(PHPWG_ROOT_PATH.'include/random_compat/random.php');
    66. 

  66. 

  67.   try
    68. 

  68.   {
    69. 

  69.     $bytes = random_bytes($size+10);
    70. 

  70.   }
    71. 

  71.   catch (Exception $ex)
    72. 

  72.   {
    73. 

  73.     include_once(PHPWG_ROOT_PATH.'include/srand.php');
    74. 

  74.     $bytes = secure_random_bytes($size+10);
    75. 

  75.   }
    76. 

  76. 

  77.   return substr(
    78. 

  78.     str_replace(
    79. 

  79.       array('+', '/'),
    80. 

  80.       '',
    81. 

  81.       base64_encode($bytes)
    82. 

  82.       ),
    83. 

  83.     0,
    84. 

  84.     $size
    85. 

  85.     );
    86. 

  86. }
    87. 

  87. 

  88. /**
    89. 

  89.  * Called by PHP session manager, always return true.
    90. 

  90.  *
    91. 

  91.  * @param string $path
    92. 

  92.  * @param sring $name
    93. 

  93.  * @return true
    94. 

  94.  */
    95. 

  95. function pwg_session_open($path, $name)
    96. 

  96. {
    97. 

  97.   return true;
    98. 

  98. }
    99. 

  99. 

  100. /**
    101. 

  101.  * Called by PHP session manager, always return true.
    102. 

  102.  *
    103. 

  103.  * @return true
    104. 

  104.  */
    105. 

  105. function pwg_session_close()
    106. 

  106. {
    107. 

  107.   return true;
    108. 

  108. }
    109. 

  109. 

  110. /**
    111. 

  111.  * Returns a hash from current user IP
    112. 

  112.  *
    113. 

  113.  * @return string
    114. 

  114.  */
    115. 

  115. function get_remote_addr_session_hash()
    116. 

  116. {
    117. 

  117.   global $conf;
    118. 

  118. 

  119.   if (!$conf['session_use_ip_address'])
    120. 

  120.   {
    121. 

  121.     return '';
    122. 

  122.   }
    123. 

  123.   
    124. 

  124.   if (strpos($_SERVER['REMOTE_ADDR'],':')===false)
    125. 

  125.   {//ipv4
    126. 

  126.     return vsprintf(
    127. 

  127.       "%02X%02X",
    128. 

  128.       explode('.',$_SERVER['REMOTE_ADDR'])
    129. 

  129.     );
    130. 

  130.   }
    131. 

  131.   return ''; //ipv6 not yet
    132. 

  132. }
    133. 

  133. 

  134. /**
    135. 

  135.  * Called by PHP session manager, retrieves data stored in the sessions table.
    136. 

  136.  *
    137. 

  137.  * @param string $session_id
    138. 

  138.  * @return string
    139. 

  139.  */
    140. 

  140. function pwg_session_read($session_id)
    141. 

  141. {
    142. 

  142.   $query = '
    143. 

  143. SELECT data
    144. 

  144.   FROM '.SESSIONS_TABLE.'
    145. 

  145.   WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
    146. 

  146. ;';
    147. 

  147.   $result = pwg_query($query);
    148. 

  148.   if ($result)
    149. 

  149.   {
    150. 

  150.     $row = pwg_db_fetch_assoc($result);
    151. 

  151.     return $row['data'];
    152. 

  152.   }
    153. 

  153.   else
    154. 

  154.   {
    155. 

  155.     return '';
    156. 

  156.   }
    157. 

  157. }
    158. 

  158. 

  159. /**
    160. 

  160.  * Called by PHP session manager, writes data in the sessions table.
    161. 

  161.  *
    162. 

  162.  * @param string $session_id
    163. 

  163.  * @param sring $data
    164. 

  164.  * @return true
    165. 

  165.  */
    166. 

  166. function pwg_session_write($session_id, $data)
    167. 

  167. {
    168. 

  168.   $query = '
    169. 

  169. REPLACE INTO '.SESSIONS_TABLE.'
    170. 

  170.   (id,data,expiration)
    171. 

  171.   VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.pwg_db_real_escape_string($data).'\',now())
    172. 

  172. ;';
    173. 

  173.   pwg_query($query);
    174. 

  174.   return true;
    175. 

  175. }
    176. 

  176. 

  177. /**
    178. 

  178.  * Called by PHP session manager, deletes data in the sessions table.
    179. 

  179.  *
    180. 

  180.  * @param string $session_id
    181. 

  181.  * @return true
    182. 

  182.  */
    183. 

  183. function pwg_session_destroy($session_id)
    184. 

  184. {
    185. 

  185.   $query = '
    186. 

  186. DELETE
    187. 

  187.   FROM '.SESSIONS_TABLE.'
    188. 

  188.   WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
    189. 

  189. ;';
    190. 

  190.   pwg_query($query);
    191. 

  191.   return true;
    192. 

  192. }
    193. 

  193. 

  194. /**
    195. 

  195.  * Called by PHP session manager, garbage collector for expired sessions.
    196. 

  196.  *
    197. 

  197.  * @return true
    198. 

  198.  */
    199. 

  199. function pwg_session_gc()
    200. 

  200. {
    201. 

  201.   global $conf;
    202. 

  202. 

  203.   $query = '
    204. 

  204. DELETE
    205. 

  205.   FROM '.SESSIONS_TABLE.'
    206. 

  206.   WHERE '.pwg_db_date_to_ts('NOW()').' - '.pwg_db_date_to_ts('expiration').' > '
    207. 

  207.   .$conf['session_length'].'
    208. 

  208. ;';
    209. 

  209.   pwg_query($query);
    210. 

  210.   return true;
    211. 

  211. }
    212. 

  212. 

  213. /**
    214. 

  214.  * Persistently stores a variable for the current session.
    215. 

  215.  *
    216. 

  216.  * @param string $var
    217. 

  217.  * @param mixed $value
    218. 

  218.  * @return bool
    219. 

  219.  */
    220. 

  220. function pwg_set_session_var($var, $value)
    221. 

  221. {
    222. 

  222.   if ( !isset($_SESSION) )
    223. 

  223.     return false;
    224. 

  224.   $_SESSION['pwg_'.$var] = $value;
    225. 

  225.   return true;
    226. 

  226. }
    227. 

  227. 

  228. /**
    229. 

  229.  * Retrieves the value of a persistent variable for the current session.
    230. 

  230.  *
    231. 

  231.  * @param string $var
    232. 

  232.  * @param mixed $default
    233. 

  233.  * @return mixed
    234. 

  234.  */
    235. 

  235. function pwg_get_session_var($var, $default = null)
    236. 

  236. {
    237. 

  237.   if (isset( $_SESSION['pwg_'.$var] ) )
    238. 

  238.   {
    239. 

  239.     return $_SESSION['pwg_'.$var];
    240. 

  240.   }
    241. 

  241.   return $default;
    242. 

  242. }
    243. 

  243. 

  244. /**
    245. 

  245.  * Deletes a persistent variable for the current session.
    246. 

  246.  *
    247. 

  247.  * @param string $var
    248. 

  248.  * @return bool
    249. 

  249.  */
    250. 

  250. function pwg_unset_session_var($var)
    251. 

  251. {
    252. 

  252.   if ( !isset($_SESSION) )
    253. 

  253.     return false;
    254. 

  254.   unset( $_SESSION['pwg_'.$var] );
    255. 

  255.   return true;
    256. 

  256. }
    257. 

  257. 

  258. /**
    259. 

  259.  * delete all sessions for a given user (certainly deleted)
    260. 

  260.  *
    261. 

  261.  * @since 2.8
    262. 

  262.  * @param int $user_id
    263. 

  263.  * @return null
    264. 

  264.  */
    265. 

  265. function delete_user_sessions($user_id)
    266. 

  266. {
    267. 

  267.   $query = '
    268. 

  268. DELETE
    269. 

  269.   FROM '.SESSIONS_TABLE.'
    270. 

  270.   WHERE data LIKE \'%pwg_uid|i:'.(int)$user_id.';%\'
    271. 

  271. ;';
    272. 

  272.   pwg_query($query);
    273. 

  273. }
    274. 

  274. ?>
    275. 

  275.