/includes/functions/sessions.php

https://github.com/ZenMagick/zc-base · PHP · 211 lines · 152 code · 29 blank · 30 comment · 34 complexity · 4b441a764005561844e5d02b0afba3b8 MD5 · raw file 

    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * functions/sessions.php
    4. 

  4.  * Session functions
    5. 

  5.  *
    6. 

  6.  * @package functions
    7. 

  7.  * @copyright Copyright 2003-2010 Zen Cart Development Team
    8. 

  8.  * @copyright Portions Copyright 2003 osCommerce
    9. 

  9.  * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
    10. 

  10.  * @version $Id: sessions.php 16745 2010-06-17 12:02:17Z wilt $
    11. 

  11.  */
    12. 

  12. if (!defined('IS_ADMIN_FLAG')) {
    13. 

  13.   die('Illegal Access');
    14. 

  14. }
    15. 

  15.   if (STORE_SESSIONS == 'db') {
    16. 

  16.     if (defined('DIR_WS_ADMIN')) {
    17. 

  17.       if (!$SESS_LIFE = (SESSION_TIMEOUT_ADMIN + 900)) {
    18. 

  18.         $SESS_LIFE = (SESSION_TIMEOUT_ADMIN + 900);
    19. 

  19.       }
    20. 

  20.     } else {
    21. 

  21.       if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
    22. 

  22.         $SESS_LIFE = 1440;
    23. 

  23.       }
    24. 

  24.     }
    25. 

  25. 

  26.     function _sess_open($save_path, $session_name) {
    27. 

  27.       return true;
    28. 

  28.     }
    29. 

  29. 

  30.     function _sess_close() {
    31. 

  31.       return true;
    32. 

  32.     }
    33. 

  33. 

  34.     function _sess_read($key) {
    35. 

  35.       global $db;
    36. 

  36.       $qid = "select value
    37. 

  37.               from " . TABLE_SESSIONS . "
    38. 

  38.               where sesskey = '" . zen_db_input($key) . "'
    39. 

  39.               and expiry > '" . time() . "'";
    40. 

    41. 

  41.       $value = $db->Execute($qid);
    42. 

  42. 

  43.       if (isset($value->fields['value']) && $value->fields['value']) {
    44. 

  44.         $value->fields['value'] = base64_decode($value->fields['value']);
    45. 

  45.         return $value->fields['value'];
    46. 

  46.       }
    47. 

  47. 

  48.       return ("");
    49. 

  49.     }
    50. 

  50. 

  51.     function _sess_write($key, $val) {
    52. 

  52.       global $db;
    53. 

  53.       if (!is_object($db)) {
    54. 

  54.         //PHP 5.2.0 bug workaround ...
    55. 

  55.         $db = new queryFactory();
    56. 

  56.         $db->connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD, DB_DATABASE, USE_PCONNECT, false);
    57. 

  57.       }
    58. 

  58.       $val = base64_encode($val);
    59. 

  59. 

  60.       global $SESS_LIFE;
    61. 

  61. 

  62.       $expiry = time() + $SESS_LIFE;
    63. 

  63. 

  64.       $qid = "select count(*) as total
    65. 

  65.               from " . TABLE_SESSIONS . "
    66. 

  66.               where sesskey = '" . zen_db_input($key) . "'";
    67. 

    68. 

  68.       $total = $db->Execute($qid);
    69. 

  69. 

  70.       if ($total->fields['total'] > 0) {
    71. 

  71.         $sql = "update " . TABLE_SESSIONS . "
    72. 

  72.                 set expiry = '" . zen_db_input($expiry) . "', value = '" . zen_db_input($val) . "'
    73. 

  73.                 where sesskey = '" . zen_db_input($key) . "'";
    74. 

    75. 

  75.         $result = $db->Execute($sql);
    76. 

  76. 

  77.       } else {
    78. 

  78.         $sql = "insert into " . TABLE_SESSIONS . "
    79. 

  79.                 values ('" . zen_db_input($key) . "', '" . zen_db_input($expiry) . "', '" .
    80. 

  80.                          zen_db_input($val) . "')";
    81. 

  81. 

  82.         $result = $db->Execute($sql);
    83. 

  83. 

  84.       }
    85. 

  85. 	  return (!empty($result) && !empty($result->resource));
    86. 

  86.     }
    87. 

  87. 

  88.     function _sess_destroy($key) {
    89. 

  89.       global $db;
    90. 

  90.       $sql = "delete from " . TABLE_SESSIONS . " where sesskey = '" . zen_db_input($key) . "'";
    91. 

  91.       return $db->Execute($sql);
    92. 

  92.     }
    93. 

  93. 

  94.     function _sess_gc($maxlifetime) {
    95. 

  95.       global $db;
    96. 

  96.       $sql = "delete from " . TABLE_SESSIONS . " where expiry < " . time();
    97. 

  97.       $db->Execute($sql);
    98. 

  98.       return true;
    99. 

  99.     }
    100. 

  100. 

  101.     session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
    102. 

  102.   }
    103. 

  103. 

  104.   function zen_session_start() {
    105. 

  105.     @ini_set('session.gc_probability', 1);
    106. 

  106.     @ini_set('session.gc_divisor', 2);
    107. 

  107.     if (defined('DIR_WS_ADMIN')) {
    108. 

  108.       @ini_set('session.gc_maxlifetime', (SESSION_TIMEOUT_ADMIN < 900 ? (SESSION_TIMEOUT_ADMIN + 900) : SESSION_TIMEOUT_ADMIN));
    109. 

  109.     }
    110. 

  110.   	if (preg_replace('/[a-zA-Z0-9]/', '', session_id()) != '') 
    111. 

  111.   	{
    112. 

  112.   	  zen_session_id(md5(uniqid(rand(), true))); 
    113. 

  113.   	}
    114. 

  114.     $temp = session_start();
    115. 

  115.     if (!isset($_SESSION['securityToken'])) {
    116. 

  116.       $_SESSION['securityToken'] = md5(uniqid(rand(), true));
    117. 

  117.     }
    118. 

  118.     return $temp;
    119. 

  119.   }
    120. 

  120. 

  121.   function zen_session_register($variable) {
    122. 

  122.     die('This function has been deprecated. Please use Register Globals Off compatible code');
    123. 

  123.   }
    124. 

  124. 

  125.   function zen_session_is_registered($variable) {
    126. 

  126.     die('This function has been deprecated. Please use Register Globals Off compatible code');
    127. 

  127.   }
    128. 

  128. 

  129.   function zen_session_unregister($variable) {
    130. 

  130.     die('This function has been deprecated. Please use Register Globals Off compatible code');
    131. 

  131.   }
    132. 

  132. 

  133.   function zen_session_id($sessid = '') {
    134. 

  134.     if (!empty($sessid)) {
    135. 

  135.       $tempSessid = $sessid;
    136. 

  136.   	  if (preg_replace('/[a-zA-Z0-9]/', '', $tempSessid) != '') 
    137. 

  137.   	  {
    138. 

  138.   	    $sessid = md5(uniqid(rand(), true)); 
    139. 

  139.   	  }
    140. 

  140.       return session_id($sessid);
    141. 

  141.     } else {
    142. 

  142.       return session_id();
    143. 

  143.     }
    144. 

  144.   }
    145. 

  145. 

  146.   function zen_session_name($name = '') {
    147. 

  147.     if (!empty($name)) {
    148. 

  148.       $tempName = $name;
    149. 

  149.       if (preg_replace('/[a-zA-Z0-9]/', '', $tempName) == '') return session_name($name);
    150. 

  150.       return FALSE;
    151. 

  151.     } else {
    152. 

  152.       return session_name();
    153. 

  153.     }
    154. 

  154.   }
    155. 

  155. 

  156.   function zen_session_close() {
    157. 

  157.     if (function_exists('session_close')) {
    158. 

  158.       return session_close();
    159. 

  159.     }
    160. 

  160.   }
    161. 

  161. 

  162.   function zen_session_destroy() {
    163. 

  163.     return session_destroy();
    164. 

  164.   }
    165. 

  165. 

  166.   function zen_session_save_path($path = '') {
    167. 

  167.     if (!empty($path)) {
    168. 

  168.       return session_save_path($path);
    169. 

  169.     } else {
    170. 

  170.       return session_save_path();
    171. 

  171.     }
    172. 

  172.   }
    173. 

  173. 

  174.   function zen_session_recreate() {
    175. 

  175.     global $http_domain, $https_domain, $current_domain;
    176. 

  176.       if ($http_domain == $https_domain) {
    177. 

  177.       $saveSession = $_SESSION;
    178. 

  178.       $oldSessID = session_id();
    179. 

  179.       session_regenerate_id();
    180. 

  180.       $newSessID = session_id();
    181. 

  181.       session_id($oldSessID);
    182. 

  182.       session_id($newSessID);
    183. 

  183.       if (STORE_SESSIONS == 'db') {
    184. 

  184.         session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
    185. 

  185.       }
    186. 

  186. //      session_start();
    187. 

  187.       $_SESSION = $saveSession;
    188. 

  188.       if (IS_ADMIN_FLAG !== true) {
    189. 

  189.         whos_online_session_recreate($oldSessID, $newSessID);
    190. 

  190.       }
    191. 

  191.     } else {
    192. 

  192.     /*
    193. 

  193.       $saveSession = $_SESSION;
    194. 

  194.       $oldSessID = session_id();
    195. 

  195.       session_regenerate_id();
    196. 

  196.       $newSessID = session_id();
    197. 

  197.       session_id($oldSessID);
    198. 

  198.       session_destroy();
    199. 

  199.       session_id($newSessID);
    200. 

  200.       session_set_cookie_params(0, '/', (zen_not_null($http_domain) ? $http_domain : ''));
    201. 

  201.       session_id($newSessID);
    202. 

  202.       if (STORE_SESSIONS == 'db') {
    203. 

  203.         session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
    204. 

  204.       }
    205. 

  205.       session_start();
    206. 

  206.       session_set_cookie_params(0, '/', (zen_not_null($current_domain) ? $current_domain : ''));
    207. 

  207.       session_start();
    208. 

  208.       $_SESSION = $saveSession;
    209. 

  209.       */
    210. 

  210.     }
    211. 

  211.   }
    212.