PageRenderTime 27ms CodeModel.GetById 26ms RepoModel.GetById 1ms app.codeStats 0ms

/includes/classes/sessions.php

https://github.com/validoc/Pikmas
PHP | 521 lines | 350 code | 112 blank | 59 comment | 59 complexity | 52ad94d4ed11c8bc33cbfb1b3e840db0 MD5 | raw file
    

  1. <?php
    2. 

  2. /*
    3. 

  3.   $Id: sessions.php 1739 2007-12-20 00:52:16Z hpdl $
    4. 

    5. 

  5.   osCommerce, Open Source E-Commerce Solutions
    6. 

  6.   http://www.oscommerce.com
    7. 

    8. 

  8.   Copyright (c) 2003 osCommerce
    9. 

    10. 

  10.   Released under the GNU General Public License
    11. 

    12. 

  12.   Original source from Web Application Development with PHP (Tobias Ratschiller, Till Gerken)
    13. 

  13.   Copyright (c) 2000, New Riders Publishing
    14. 

  14. */
    15. 

  15. 

  16.   $SID = '';
    17. 

  17. 

  18.   class php3session {
    19. 

  19.     var $name = PHP_SESSION_NAME;
    20. 

  20.     var $auto_start = false;
    21. 

  21.     var $referer_check = false;
    22. 

  22. 

  23.     var $save_path = PHP_SESSION_SAVE_PATH;
    24. 

  24.     var $save_handler = 'php3session_files';
    25. 

  25. 

  26.     var $lifetime = 0;
    27. 

  27. 

  28.     var $cache_limiter = 'nocache';
    29. 

  29.     var $cache_expire = 180;
    30. 

  30. 

  31.     var $use_cookies = true;
    32. 

  32.     var $cookie_lifetime = 0;
    33. 

  33.     var $cookie_path = PHP_SESSION_PATH;
    34. 

  34.     var $cookie_domain = PHP_SESSION_DOMAIN;
    35. 

  35. 

  36.     var $gc_probability = 1;
    37. 

  37.     var $gc_maxlifetime = 0;
    38. 

  38. 

  39.     var $serialize_handler = 'php';
    40. 

  40.     var $ID;
    41. 

  41. 

  42.     var $nr_open_sessions = 0;
    43. 

  43.     var $mod_name = '';
    44. 

  44.     var $id;
    45. 

  45.     var $delimiter = "\n";
    46. 

  46.     var $delimiter_value = '[==]';
    47. 

  47. 

  48.     var $vars;
    49. 

  49. 

  50.     function php3session() {
    51. 

  51.       $this->mod_name = $this->save_handler;
    52. 

  52.       $this->vars = array();
    53. 

  53.     }
    54. 

  54.   }
    55. 

  55. 

  56.   class php3session_user {
    57. 

  57.     var $open_func, $close_func, $read_func, $write_func, $destroy_func, $gc_func;
    58. 

  58. 

  59.     function open($save_path, $sess_name) {
    60. 

  60.       $func = $this->open_func;
    61. 

  61.       if (function_exists($func)) {
    62. 

  62.         return $func($save_path, $sess_name);
    63. 

  63.       }
    64. 

  64. 

  65.       return true;
    66. 

  66.     }
    67. 

  67. 

  68.     function close($save_path, $sess_name) {
    69. 

  69.       $func = $this->close_func;
    70. 

  70.       if (function_exists($func)) {
    71. 

  71.         return $func();
    72. 

  72.       }
    73. 

  73. 

  74.       return true;
    75. 

  75.     }
    76. 

  76. 

  77.     function read($sess_id) {
    78. 

  78.       $func = $this->read_func;
    79. 

  79. 

  80.       return $func($sess_id);
    81. 

  81.     }
    82. 

  82. 

  83.     function write($sess_id, $val) {
    84. 

  84.       $func = $this->write_func;
    85. 

  85. 

  86.       return $func($sess_id, $val);
    87. 

  87.     }
    88. 

  88. 

  89.     function destroy($sess_id) {
    90. 

  90.       $func = $this->destroy_func;
    91. 

  91.       if (function_exists($func)) {
    92. 

  92.         return $func($sess_id);
    93. 

  93.       }
    94. 

  94. 

  95.       return true;
    96. 

  96.     }
    97. 

  97. 

  98.     function gc($max_lifetime) {
    99. 

  99.       $func = $this->gc_func;
    100. 

  100.       if (function_exists($func)) {
    101. 

  101.         return $func($max_lifetime);
    102. 

  102.       }
    103. 

  103. 

  104.       return true;
    105. 

  105.     }
    106. 

  106.   }
    107. 

  107. 

  108.   class php3session_files {
    109. 

  109.     function open($save_path, $sess_name) {
    110. 

  110.       return true;
    111. 

  111.     }
    112. 

  112. 

  113.     function close() {
    114. 

  114.       return true;
    115. 

  115.     }
    116. 

  116. 

  117.     function read($sess_id) {
    118. 

  118.       global $session;
    119. 

  119. 

  120. // Open, read in, close file with session data
    121. 

  121.       $file = $session->save_path . '/sess_' . $sess_id;
    122. 

  122.       if (!file_exists($file)) {
    123. 

  123. // Create it
    124. 

  124.         touch($file);
    125. 

  125.       }
    126. 

  126.       $fp = fopen($file, 'r') or die('Could not open session file (' . $file . ').');
    127. 

  127.       $val = fread($fp, filesize($file));
    128. 

  128.       fclose($fp);
    129. 

  129. 

  130.       return $val;
    131. 

  131.     }
    132. 

  132. 

  133.     function write($sess_id, $val) {
    134. 

  134.       global $session;
    135. 

  135. 

  136. // Open, write to, close file with session data
    137. 

  137.       $file = $session->save_path . '/sess_' . $sess_id;
    138. 

  138.       $fp = fopen($file, 'w') or die('Could not write session file (' . $file . ')');
    139. 

  139.       $val = fputs($fp, $val);
    140. 

  140.       fclose($fp);
    141. 

  141. 

  142.       return true;
    143. 

  143.     }
    144. 

  144. 

  145.     function destroy($sess_id) {
    146. 

  146.       global $session;
    147. 

  147. 

  148.       $file = $session->save_path . '/sess_' . $sess_id;
    149. 

  149.       unlink($file);
    150. 

  150. 

  151.       return true;
    152. 

  152.     }
    153. 

  153. 

  154.     function gc($max_lifetime) {
    155. 

  155. // We return true, since all cleanup should be handled by
    156. 

  156. // an external entity (i.e. find -ctime x | xargs rm)
    157. 

  157.       return true;
    158. 

  158.     }
    159. 

  159.   }
    160. 

  160. 

  161.   function _session_create_id() {
    162. 

  162.     return md5(uniqid(microtime()));
    163. 

  163.   }
    164. 

  164. 

  165.   function _session_cache_limiter() {
    166. 

  166.     global $session;
    167. 

  167. 

  168.     switch ($session->cache_limiter) {
    169. 

  169.       case 'nocache':
    170. 

  170.                       header('Expires: Thu, 19 Nov 1981 08:52:00 GMT');
    171. 

  171.                       header('Cache-Control: no-cache');
    172. 

  172.                       header('Pragma: no-cache');
    173. 

  173.                       break;
    174. 

  174.       case 'private':
    175. 

  175.                       header('Expires: Thu, 19 Nov 1981 08:52:00 GMT');
    176. 

  176.                       header(sprintf('Cache-Control: private, max-age=%s', $session->cache_expire * 60));
    177. 

  177.                       header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime(basename($GLOBALS['PHP_SELF']))) . ' GMT');
    178. 

  178.                       break;
    179. 

  179.       case 'public':
    180. 

  180.                       $now = time();
    181. 

  181.                       $now += $session->cache_expire * 60;
    182. 

  182.                       $now = gmdate('D, d M Y H:i:s', $now) . ' GMT';
    183. 

  183.                       header('Expires: ' . $now);
    184. 

  184.                       header(sprintf('Cache-Control: public, max-age=%s', $session->cache_expire * 60));
    185. 

  185.                       header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime(basename($GLOBALS['PHP_SELF']))) . ' GMT');
    186. 

  186.                       break;
    187. 

  187.       default:
    188. 

  188.                       die('Caching method ' . $session->cache_limiter . ' not implemented.');
    189. 

  189.     }
    190. 

  190.   }
    191. 

  191. 

  192.   function _php_encode() {
    193. 

  193.     global $session;
    194. 

  194. 

  195.     $ret = '';
    196. 

  196. // Create a string containing the serialized variables
    197. 

  197.     for (reset($session->vars); list($i)=each($session->vars);) {
    198. 

  198.       $ret .= $session->vars[$i] . $session->delimiter_value . serialize($GLOBALS[$session->vars[$i]]) . $session->delimiter;
    199. 

  199.     }
    200. 

  200. 

  201.     return $ret;
    202. 

  202.   }
    203. 

  203. 

  204.   function _php_decode($data) {
    205. 

  205.     global $session;
    206. 

  206. 

  207.     $data = trim($data);
    208. 

  208.     $vars = explode($session->delimiter, $data);
    209. 

  209. 

  210. // Add the variables to the global namespace
    211. 

  211.     for (reset($vars); list($i)=each($vars);) {
    212. 

  212.       $tmp = explode($session->delimiter_value, $vars[$i]);
    213. 

  213.       $name = trim($tmp[0]);
    214. 

  214.       $value = trim($tmp[1]);
    215. 

  215.       $GLOBALS[$name] = unserialize($value);
    216. 

  216.       $session->vars[] = trim($name);
    217. 

  217.     }
    218. 

  218.   }
    219. 

  219. 

  220.   function _wddx_encode($data) {
    221. 

  221.     global $session;
    222. 

  222. 

  223.     $ret = wddx_serialize_vars($session->vars);
    224. 

  224. 

  225.     return $ret;
    226. 

  226.   }
    227. 

  227. 

  228.   function _wddx_decode($data) {
    229. 

  229.     return wddx_deserialize($data);
    230. 

  230.   }
    231. 

  231. 

  232.   function session_name($name = '') {
    233. 

  233.     global $session;
    234. 

  234. 

  235.     if (empty($name)) {
    236. 

  236.       return $session->name;
    237. 

  237.     }
    238. 

  238. 

  239.     $session->name = $name;
    240. 

  240.   }
    241. 

  241. 

  242.   function session_set_save_handler($open, $close, $read, $write, $destroy, $gc) {
    243. 

  243.     global $session, $php3session_user;
    244. 

  244. 

  245.     $php3session_user = new php3session_user;
    246. 

  246.     $php3session_user->open_func = $open;
    247. 

  247.     $php3session_user->close_func = $close;
    248. 

  248.     $php3session_user->read_func = $read;
    249. 

  249.     $php3session_user->write_func = $write;
    250. 

  250.     $php3session_user->destroy_func = $destroy;
    251. 

  251.     $php3session_user->gc_func = $gc;
    252. 

  252.     $session->mod_name = 'php3session_user';
    253. 

  253.   }
    254. 

  254. 

  255.   function session_module_name($name = '') {
    256. 

  256.     global $session;
    257. 

  257. 

  258.     if (empty($name)) {
    259. 

  259.       return $session->mod_name;
    260. 

  260.     }
    261. 

  261. 

  262.     $session->mod_name = $name;
    263. 

  263.   }
    264. 

  264. 

  265.   function session_save_path($path = '') {
    266. 

  266.     global $session;
    267. 

  267. 

  268.     if(empty($path)) {
    269. 

  269.       return $session->save_path;
    270. 

  270.     }
    271. 

  271. 

  272.     $session->save_path = $path;
    273. 

  273.   }
    274. 

  274. 

  275.   function session_id($id = '') {
    276. 

  276.     global $session;
    277. 

  277. 

  278.     if(empty($id)) {
    279. 

  279.       return $session->id;
    280. 

  280.     }
    281. 

  281. 

  282.     $session->id = $id;
    283. 

  283.   }
    284. 

  284. 

  285.   function session_register($var) {
    286. 

  286.     global $session;
    287. 

  287. 

  288.     if ($session->nr_open_sessions == 0) {
    289. 

  289.       session_start();
    290. 

  290.     }
    291. 

  291. 

  292.     $session->vars[] = trim($var);
    293. 

  293.   }
    294. 

  294. 

  295.   function session_unregister($var) {
    296. 

  296.     global $session;
    297. 

  297. 

  298.     for (reset($session->vars); list($i)=each($session->vars);) {
    299. 

  299.       if ($session->vars[$i] == trim($var)) {
    300. 

  300.         unset($session->vars[$i]);
    301. 

  301.         break;
    302. 

  302.       }
    303. 

  303.     }
    304. 

  304.   }
    305. 

  305. 

  306.   function session_is_registered($var) {
    307. 

  307.     global $session;
    308. 

  308. 

  309.     for (reset($session->vars); list($i)=each($session->vars);) {
    310. 

  310.       if ($session->vars[$i] == trim($var)) {
    311. 

  311.         return true;
    312. 

  312.       }
    313. 

  313.     }
    314. 

  314. 

  315.     return false;
    316. 

  316.   }
    317. 

  317. 

  318.   function session_encode() {
    319. 

  319.     global $session;
    320. 

  320. 

  321.     $serializer = '_' . $session->serialize_handler . '_encode';
    322. 

  322.     $ret = $serializer();
    323. 

  323. 

  324.     return $ret;
    325. 

  325.   }
    326. 

  326. 

  327.   function session_decode($data) {
    328. 

  328.     global $session;
    329. 

  329. 

  330.     $serializer = '_' . $session->serialize_handler . '_decode';
    331. 

  331.     $ret = $serializer($data);
    332. 

  332. 

  333.     return $ret;
    334. 

  334.   }
    335. 

  335. 

  336.   function session_start() {
    337. 

  337.     global $session, $SID, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS;
    338. 

  338. 

  339. // Define the global variable $SID?
    340. 

  340.     $define_sid = true;
    341. 

  341. 

  342. // Send the session cookie?
    343. 

  343.     $send_cookie = true;
    344. 

  344. 

  345. // Is track_vars enabled?
    346. 

  346.     $track_vars = ( (isset($HTTP_COOKIE_VARS)) || (isset($HTTP_GET_VARS)) || (isset($HTTP_POST_VARS)) ) ? true : false;
    347. 

  347. 

  348. // Check if session_start() has been called once already
    349. 

  349.     if ($session->nr_open_sessions != 0) {
    350. 

  350.       return false;
    351. 

  351.     }
    352. 

  352. 

  353. // If our only resource is the global symbol_table, then check it.
    354. 

  354. // If track_vars are enabled, we prefer these, because they are more
    355. 

  355. // reliable, and we always know whether the user has accepted the 
    356. 

  356. // cookie.
    357. 

  357.     if ( (isset($GLOBALS[$session->name])) && (!empty($GLOBALS[$session->name])) && (!$track_vars) ) {
    358. 

  358.       $session->id = $GLOBALS[$session->name];
    359. 

  359.       $send_cookie = false;
    360. 

  360.     }
    361. 

  361. 

  362. // Now check the track_vars. Cookies are preferred, because initially
    363. 

  363. // cookie and get variables will be available. 
    364. 

  364.     if ( (empty($session->id)) && ($track_vars) ) {
    365. 

  365.       if (isset($HTTP_COOKIE_VARS[$session->name])) {
    366. 

  366.         $session->id = $HTTP_COOKIE_VARS[$session->name];
    367. 

  367.         $define_sid = false;
    368. 

  368.         $send_cookie = false;
    369. 

  369.       }
    370. 

  370. 

  371.       if (isset($HTTP_GET_VARS[$session->name])) {
    372. 

  372.         $session->id = $HTTP_GET_VARS[$session->name];
    373. 

  373.       }
    374. 

  374. 

  375.       if (isset($HTTP_POST_VARS[$session->name])) {
    376. 

  376.         $session->id = $HTTP_POST_VARS[$session->name];
    377. 

  377.       }
    378. 

  378.     }
    379. 

  379. 

  380.     if (!empty($session->id)) {
    381. 

  381.       if (preg_match('/^[a-zA-Z0-9]+$/', $session->id) == false) {
    382. 

  382.         unset($session->id);
    383. 

  383.       }
    384. 

  384.     }
    385. 

  385. 

  386. /*
    387. 

  387. // Check the REQUEST_URI symbol for a string of the form
    388. 

  388. // '<session-name>=<session-id>' to allow URLs of the form
    389. 

  389. // http://yoursite/<session-name>=<session-id>/script.php 
    390. 

  390.     if (empty($session->id)) {
    391. 

  391.       eregi($session->name . '=([^/]+)', $GLOBALS['REQUEST_URI'], $regs);
    392. 

  392.       $regs[1] = trim($regs[1]);
    393. 

  393.       if (!empty($regs[1])) {
    394. 

  394.         $session->id = $regs[1];
    395. 

  395.       }
    396. 

  396.     }
    397. 

  397. */
    398. 

  398. 

  399. // Check whether the current request was referred to by
    400. 

  400. // an external site which invalidates the previously found ID
    401. 

  401.     if ( (!empty($session->id)) && ($session->referer_check) ) {
    402. 

  402.       $url = parse_url($GLOBALS['HTTP_REFERER']);
    403. 

  403.       if (trim($url['host']) != $GLOBALS['SERVER_NAME']) {
    404. 

  404.         unset($session->id);
    405. 

  405.         $send_cookie = true;
    406. 

  406.         $define_sid = true;
    407. 

  407.       }
    408. 

  408.     }
    409. 

  409. 

  410. // Do we have an existing session ID?
    411. 

  411.     if (empty($session->id)) {
    412. 

  412. // Create new session ID
    413. 

  413.       $session->id = _session_create_id();
    414. 

  414.     }
    415. 

  415. 

  416. // Is use_cookies set to false?
    417. 

  417.     if ( (!$session->use_cookies) && ($send_cookie) ) {
    418. 

  418.       $define_sid = true;
    419. 

  419.       $send_cookie = false;
    420. 

  420.     }
    421. 

  421. 

  422. // Should we send a cookie?
    423. 

  423.     if ($send_cookie) {
    424. 

  424.       setcookie($session->name, $session->id, $session->cookie_lifetime, $session->cookie_path, $session->cookie_domain);
    425. 

  425.     }
    426. 

  426. 

  427. // Should we define the SID?
    428. 

  428.     if($define_sid) {
    429. 

  429.       $SID = $session->name . '=' . $session->id;
    430. 

  430.     }
    431. 

  431. 

  432.     $session->nr_open_sessions++;
    433. 

  433. 

  434. // Send caching headers
    435. 

  435. 

  436. // Start session
    437. 

  437.     $mod = $GLOBALS[$session->mod_name];
    438. 

  438.     if (!$mod->open($session->save_path, $session->name)) {
    439. 

  439.       die('Failed to initialize session module.');
    440. 

  440.     }
    441. 

  441. 

  442. // Read session data
    443. 

  443.     if ($val = $mod->read($session->id)) {
    444. 

  444. // Decode session data
    445. 

  445.       session_decode($val);
    446. 

  446.     }
    447. 

  447. 

  448. // Send HTTP cache headers
    449. 

  449.     _session_cache_limiter();
    450. 

  450. 

  451. // Check if we should clean up (call the garbage collection routines)
    452. 

  452.     if ($session->gc_probability > 0) {
    453. 

  453.       $randmax = getrandmax();
    454. 

  454.       $nrand = (int)(100 * tep_rand() / $randmax);
    455. 

  455.       if ($nrand < $session->gc_probability) {
    456. 

  456.         $mod->gc($session->gc_maxlifetime);
    457. 

  457.       }
    458. 

  458.     }
    459. 

  459. 

  460.     if ($define_sid) {
    461. 

  461.       define('SID', $SID);
    462. 

  462.     } else {
    463. 

  463.       define('SID', '');
    464. 

  464.     }
    465. 

  465. 

  466.     return true;
    467. 

  467.   }
    468. 

  468. 

  469.   function session_destroy() {
    470. 

  470.     global $session;
    471. 

  471. 

  472.     if ($session->nr_open_sessions == 0) {
    473. 

  473.       return false;
    474. 

  474.     }
    475. 

  475. 

  476. // Destroy session
    477. 

  477.     $mod = $GLOBALS[$session->mod_name];
    478. 

  478.     if (!$mod->destroy($session->id)) {
    479. 

  479.       return false;
    480. 

  480.     }
    481. 

  481.     unset($session);
    482. 

  482.     $session = new php3session;
    483. 

  483. 

  484.     return true;
    485. 

  485.   }
    486. 

  486. 

  487.   function session_close() {
    488. 

  488.     global $session, $SID;
    489. 

  489. 

  490.     if ($session->nr_open_sessions == 0) {
    491. 

  491.       return false;
    492. 

  492.     }
    493. 

  493. // Encode session
    494. 

  494.     $val = session_encode();
    495. 

  495.     $len = strlen($val);
    496. 

  496. 

  497. // Save session
    498. 

  498.     $mod = $GLOBALS[$session->mod_name];
    499. 

  499.     if (!$mod->write($session->id, $val)) {
    500. 

  500.       die('Session could not be saved.');
    501. 

  501.     }
    502. 

  502. // Close session
    503. 

  503.     if ( (function_exists($session->mod_name . '->close')) && (!$mod->close()) ) {
    504. 

  504.       die('Session could not be closed.');
    505. 

  505.     }
    506. 

  506.     $SID = '';
    507. 

  507.     $session->nr_open_sessions--;
    508. 

  508. 

  509.     return true;
    510. 

  510.   }
    511. 

  511. 

  512.   $session = new php3session;
    513. 

  513.   $mod = $session->save_handler;
    514. 

  514.   $$mod = new $mod;
    515. 

  515. 

  516.   if ($session->auto_start) {
    517. 

  517.     $ret = session_start() or die('Session could not be started.');
    518. 

  518.   }
    519. 

  519. 

  520.   register_shutdown_function('session_close');
    521. 

  521. ?>
    522. 

  522.