/includes/cls_session.php

https://github.com/xnsimon/dmk · PHP · 290 lines · 226 code · 49 blank · 15 comment · 29 complexity · 51eebd5a4966b6ffc1e8010a02d327b6 MD5 · raw file 

    

  1. <?php

    2. 

  2. 

    3. 

  3. /**

    4. 

  4.  * ECSHOP SESSION 公用类库

    5. 

  5.  * ============================================================================

    6. 

  6.  * 版权所有 2005-2010 上海商派网络科技有限公司,并保留所有权利。

    7. 

  7.  * 网站地址: http://www.ecshop.com;

    8. 

  8.  * ----------------------------------------------------------------------------

    9. 

  9.  * 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和

    10. 

  10.  * 使用;不允许对程序代码以任何形式任何目的的再发布。

    11. 

  11.  * ============================================================================

    12. 

  12.  * $Author: liuhui $

    13. 

  13.  * $Id: cls_session.php 17063 2010-03-25 06:35:46Z liuhui $

    14. 

  14. */

    15. 

  15. 

    16. 

  16. if (!defined('IN_ECS'))

    17. 

  17. {

    18. 

  18.     die('Hacking attempt');

    19. 

  19. }

    20. 

  20. 

    21. 

  21. class cls_session

    22. 

  22. {

    23. 

  23.     var $db             = NULL;

    24. 

  24.     var $session_table  = '';

    25. 

  25. 

    26. 

  26.     var $max_life_time  = 1800; // SESSION 过期时间

    27. 

  27. 

    28. 

  28.     var $session_name   = '';

    29. 

  29.     var $session_id     = '';

    30. 

  30. 

    31. 

  31.     var $session_expiry = '';

    32. 

  32.     var $session_md5    = '';

    33. 

  33. 

    34. 

  34.     var $session_cookie_path   = '/';

    35. 

  35.     var $session_cookie_domain = '';

    36. 

  36.     var $session_cookie_secure = false;

    37. 

  37. 

    38. 

  38.     var $_ip   = '';

    39. 

  39.     var $_time = 0;

    40. 

  40. 

    41. 

  41.     function __construct(&$db, $session_table, $session_data_table, $session_name = 'ECS_ID', $session_id = '')

    42. 

  42.     {

    43. 

  43.         $this->cls_session($db, $session_table, $session_data_table, $session_name, $session_id);

    44. 

  44.     }

    45. 

  45. 

    46. 

  46.     function cls_session(&$db, $session_table, $session_data_table, $session_name = 'ECS_ID', $session_id = '')

    47. 

  47.     {

    48. 

  48.         $GLOBALS['_SESSION'] = array();

    49. 

  49. 

    50. 

  50.         if (!empty($GLOBALS['cookie_path']))

    51. 

  51.         {

    52. 

  52.             $this->session_cookie_path = $GLOBALS['cookie_path'];

    53. 

  53.         }

    54. 

  54.         else

    55. 

  55.         {

    56. 

  56.             $this->session_cookie_path = '/';

    57. 

  57.         }

    58. 

  58. 

    59. 

  59.         if (!empty($GLOBALS['cookie_domain']))

    60. 

  60.         {

    61. 

  61.             $this->session_cookie_domain = $GLOBALS['cookie_domain'];

    62. 

  62.         }

    63. 

  63.         else

    64. 

  64.         {

    65. 

  65.             $this->session_cookie_domain = '';

    66. 

  66.         }

    67. 

  67. 

    68. 

  68.         if (!empty($GLOBALS['cookie_secure']))

    69. 

  69.         {

    70. 

  70.             $this->session_cookie_secure = $GLOBALS['cookie_secure'];

    71. 

  71.         }

    72. 

  72.         else

    73. 

  73.         {

    74. 

  74.             $this->session_cookie_secure = false;

    75. 

  75.         }

    76. 

  76. 

    77. 

  77.         $this->session_name       = $session_name;

    78. 

  78.         $this->session_table      = $session_table;

    79. 

  79.         $this->session_data_table = $session_data_table;

    80. 

  80. 

    81. 

  81.         $this->db  = &$db;

    82. 

  82.         $this->_ip = real_ip();

    83. 

  83. 

    84. 

  84.         if ($session_id == '' && !empty($_COOKIE[$this->session_name]))

    85. 

  85.         {

    86. 

  86.             $this->session_id = $_COOKIE[$this->session_name];

    87. 

  87.         }

    88. 

  88.         else

    89. 

  89.         {

    90. 

  90.             $this->session_id = $session_id;

    91. 

  91.         }

    92. 

  92. 

    93. 

  93.         if ($this->session_id)

    94. 

  94.         {

    95. 

  95.             $tmp_session_id = substr($this->session_id, 0, 32);

    96. 

  96.             if ($this->gen_session_key($tmp_session_id) == substr($this->session_id, 32))

    97. 

  97.             {

    98. 

  98.                 $this->session_id = $tmp_session_id;

    99. 

  99.             }

    100. 

  100.             else

    101. 

  101.             {

    102. 

  102.                 $this->session_id = '';

    103. 

  103.             }

    104. 

  104.         }

    105. 

  105. 

    106. 

  106.         $this->_time = time();

    107. 

  107. 

    108. 

  108.         if ($this->session_id)

    109. 

  109.         {

    110. 

  110.             $this->load_session();

    111. 

  111.         }

    112. 

  112.         else

    113. 

  113.         {

    114. 

  114.             $this->gen_session_id();

    115. 

  115. 

    116. 

  116.             setcookie($this->session_name, $this->session_id . $this->gen_session_key($this->session_id), 0, $this->session_cookie_path, $this->session_cookie_domain, $this->session_cookie_secure);

    117. 

  117.         }

    118. 

  118. 

    119. 

  119.         register_shutdown_function(array(&$this, 'close_session'));

    120. 

  120.     }

    121. 

  121. 

    122. 

  122.     function gen_session_id()

    123. 

  123.     {

    124. 

  124.         $this->session_id = md5(uniqid(mt_rand(), true));

    125. 

  125. 

    126. 

  126.         return $this->insert_session();

    127. 

  127.     }

    128. 

  128. 

    129. 

  129.     function gen_session_key($session_id)

    130. 

  130.     {

    131. 

  131.         static $ip = '';

    132. 

  132. 

    133. 

  133.         if ($ip == '')

    134. 

  134.         {

    135. 

  135.             $ip = substr($this->_ip, 0, strrpos($this->_ip, '.'));

    136. 

  136.         }

    137. 

  137. 

    138. 

  138.         return sprintf('%08x', crc32(!empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] . ROOT_PATH . $ip . $session_id : ROOT_PATH . $ip . $session_id));

    139. 

  139.     }

    140. 

  140. 

    141. 

  141.     function insert_session()

    142. 

  142.     {

    143. 

  143.         return $this->db->query('INSERT INTO ' . $this->session_table . " (sesskey, expiry, ip, data) VALUES ('" . $this->session_id . "', '". $this->_time ."', '". $this->_ip ."', 'a:0:{}')");

    144. 

  144.     }

    145. 

  145. 

    146. 

  146.     function load_session()

    147. 

  147.     {

    148. 

  148.         $session = $this->db->getRow('SELECT userid, adminid, user_name, user_rank, discount, email, data, expiry FROM ' . $this->session_table . " WHERE sesskey = '" . $this->session_id . "'");

    149. 

  149.         if (empty($session))

    150. 

  150.         {

    151. 

  151.             $this->insert_session();

    152. 

  152. 

    153. 

  153.             $this->session_expiry = 0;

    154. 

  154.             $this->session_md5    = '40cd750bba9870f18aada2478b24840a';

    155. 

  155.             $GLOBALS['_SESSION']  = array();

    156. 

  156.         }

    157. 

  157.         else

    158. 

  158.         {

    159. 

  159.             if (!empty($session['data']) && $this->_time - $session['expiry'] <= $this->max_life_time)

    160. 

  160.             {

    161. 

  161.                 $this->session_expiry = $session['expiry'];

    162. 

  162.                 $this->session_md5    = md5($session['data']);

    163. 

  163.                 $GLOBALS['_SESSION']  = unserialize($session['data']);

    164. 

  164.                 $GLOBALS['_SESSION']['user_id'] = $session['userid'];

    165. 

  165.                 $GLOBALS['_SESSION']['admin_id'] = $session['adminid'];

    166. 

  166.                 $GLOBALS['_SESSION']['user_name'] = $session['user_name'];

    167. 

  167.                 $GLOBALS['_SESSION']['user_rank'] = $session['user_rank'];

    168. 

  168.                 $GLOBALS['_SESSION']['discount'] = $session['discount'];

    169. 

  169.                 $GLOBALS['_SESSION']['email'] = $session['email'];

    170. 

  170.             }

    171. 

  171.             else

    172. 

  172.             {

    173. 

  173.                 $session_data = $this->db->getRow('SELECT data, expiry FROM ' . $this->session_data_table . " WHERE sesskey = '" . $this->session_id . "'");

    174. 

  174.                 if (!empty($session_data['data']) && $this->_time - $session_data['expiry'] <= $this->max_life_time)

    175. 

  175.                 {

    176. 

  176.                     $this->session_expiry = $session_data['expiry'];

    177. 

  177.                     $this->session_md5    = md5($session_data['data']);

    178. 

  178.                     $GLOBALS['_SESSION']  = unserialize($session_data['data']);

    179. 

  179.                     $GLOBALS['_SESSION']['user_id'] = $session['userid'];

    180. 

  180.                     $GLOBALS['_SESSION']['admin_id'] = $session['adminid'];

    181. 

  181.                     $GLOBALS['_SESSION']['user_name'] = $session['user_name'];

    182. 

  182.                     $GLOBALS['_SESSION']['user_rank'] = $session['user_rank'];

    183. 

  183.                     $GLOBALS['_SESSION']['discount'] = $session['discount'];

    184. 

  184.                     $GLOBALS['_SESSION']['email'] = $session['email'];

    185. 

  185.                 }

    186. 

  186.                 else

    187. 

  187.                 {

    188. 

  188.                     $this->session_expiry = 0;

    189. 

  189.                     $this->session_md5    = '40cd750bba9870f18aada2478b24840a';

    190. 

  190.                     $GLOBALS['_SESSION']  = array();

    191. 

  191.                 }

    192. 

  192.             }

    193. 

  193.         }

    194. 

  194.     }

    195. 

  195. 

    196. 

  196.     function update_session()

    197. 

  197.     {

    198. 

  198.         $adminid = !empty($GLOBALS['_SESSION']['admin_id']) ? intval($GLOBALS['_SESSION']['admin_id']) : 0;

    199. 

  199.         $userid  = !empty($GLOBALS['_SESSION']['user_id'])  ? intval($GLOBALS['_SESSION']['user_id'])  : 0;

    200. 

  200.         $user_name  = !empty($GLOBALS['_SESSION']['user_name'])  ? trim($GLOBALS['_SESSION']['user_name'])  : 0;

    201. 

  201.         $user_rank  = !empty($GLOBALS['_SESSION']['user_rank'])  ? intval($GLOBALS['_SESSION']['user_rank'])  : 0;

    202. 

  202.         $discount  = !empty($GLOBALS['_SESSION']['discount'])  ? round($GLOBALS['_SESSION']['discount'], 2)  : 0;

    203. 

  203.         $email  = !empty($GLOBALS['_SESSION']['email'])  ? trim($GLOBALS['_SESSION']['email'])  : 0;

    204. 

  204.         unset($GLOBALS['_SESSION']['admin_id']);

    205. 

  205.         unset($GLOBALS['_SESSION']['user_id']);

    206. 

  206.         unset($GLOBALS['_SESSION']['user_name']);

    207. 

  207.         unset($GLOBALS['_SESSION']['user_rank']);

    208. 

  208.         unset($GLOBALS['_SESSION']['discount']);

    209. 

  209.         unset($GLOBALS['_SESSION']['email']);

    210. 

  210. 

    211. 

  211.         $data        = serialize($GLOBALS['_SESSION']);

    212. 

  212.         $this->_time = time();

    213. 

  213. 

    214. 

  214.         if ($this->session_md5 == md5($data) && $this->_time < $this->session_expiry + 10)

    215. 

  215.         {

    216. 

  216.             return true;

    217. 

  217.         }

    218. 

  218. 

    219. 

  219.         $data = addslashes($data);

    220. 

  220. 

    221. 

  221.         if (isset($data{255}))

    222. 

  222.         {

    223. 

  223.             $this->db->autoReplace($this->session_data_table, array('sesskey' => $this->session_id, 'expiry' => $this->_time, 'data' => $data), array('data' => $data));

    224. 

  224. 

    225. 

  225.             $data = '';

    226. 

  226.         }

    227. 

  227. 

    228. 

  228.         return $this->db->query('UPDATE ' . $this->session_table . " SET expiry = '" . $this->_time . "', ip = '" . $this->_ip . "', userid = '" . $userid . "', adminid = '" . $adminid . "', user_name='" . $user_name . "', user_rank='" . $user_rank . "', discount='" . $discount . "', email='" . $email . "', data = '$data' WHERE sesskey = '" . $this->session_id . "' LIMIT 1");

    229. 

  229.     }

    230. 

  230. 

    231. 

  231.     function close_session()

    232. 

  232.     {

    233. 

  233.         $this->update_session();

    234. 

  234. 

    235. 

  235.         /* 随机对 sessions_data 的库进行删除操作 */

    236. 

  236.         if (mt_rand(0, 2) == 2)

    237. 

  237.         {

    238. 

  238.             $this->db->query('DELETE FROM ' . $this->session_data_table . ' WHERE expiry < ' . ($this->_time - $this->max_life_time));

    239. 

  239.         }

    240. 

  240. 

    241. 

  241.         if ((time() % 2) == 0)

    242. 

  242.         {

    243. 

  243.             return $this->db->query('DELETE FROM ' . $this->session_table . ' WHERE expiry < ' . ($this->_time - $this->max_life_time));

    244. 

  244.         }

    245. 

  245. 

    246. 

  246.         return true;

    247. 

  247.     }

    248. 

  248. 

    249. 

  249.     function delete_spec_admin_session($adminid)

    250. 

  250.     {

    251. 

  251.         if (!empty($GLOBALS['_SESSION']['admin_id']) && $adminid)

    252. 

  252.         {

    253. 

  253.             return $this->db->query('DELETE FROM ' . $this->session_table . " WHERE adminid = '$adminid'");

    254. 

  254.         }

    255. 

  255.         else

    256. 

  256.         {

    257. 

  257.             return false;

    258. 

  258.         }

    259. 

  259.     }

    260. 

  260. 

    261. 

  261.     function destroy_session()

    262. 

  262.     {

    263. 

  263.         $GLOBALS['_SESSION'] = array();

    264. 

  264. 

    265. 

  265.         setcookie($this->session_name, $this->session_id, 1, $this->session_cookie_path, $this->session_cookie_domain, $this->session_cookie_secure);

    266. 

  266. 

    267. 

  267.         /* ECSHOP 自定义执行部分 */

    268. 

  268.         if (!empty($GLOBALS['ecs']))

    269. 

  269.         {

    270. 

  270.             $this->db->query('DELETE FROM ' . $GLOBALS['ecs']->table('cart') . " WHERE session_id = '$this->session_id'");

    271. 

  271.         }

    272. 

  272.         /* ECSHOP 自定义执行部分 */

    273. 

  273. 

    274. 

  274.         $this->db->query('DELETE FROM ' . $this->session_data_table . " WHERE sesskey = '" . $this->session_id . "' LIMIT 1");

    275. 

  275. 

    276. 

  276.         return $this->db->query('DELETE FROM ' . $this->session_table . " WHERE sesskey = '" . $this->session_id . "' LIMIT 1");

    277. 

  277.     }

    278. 

  278. 

    279. 

  279.     function get_session_id()

    280. 

  280.     {

    281. 

  281.         return $this->session_id;

    282. 

  282.     }

    283. 

  283. 

    284. 

  284.     function get_users_count()

    285. 

  285.     {

    286. 

  286.         return $this->db->getOne('SELECT count(*) FROM ' . $this->session_table);

    287. 

  287.     }

    288. 

  288. }

    289. 

  289. 

    290. 

  290. ?>
    291.