objectify all the session management stuff

2 files changed, 169 insertions, 0 deletions

diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
new file mode 100644
index 000000000..ff0070d15
--- /dev/null
+++ b/Zotlabs/Web/Session.php
@@ -0,0 +1,91 @@
+<?php
+
+namespace Zotlabs\Web;
+
+/**
+ *
+ * @brief This file includes session related functions.
+ *
+ * Session management functions. These provide database storage of PHP
+ * session info.
+ */
+
+
+class Session {
+
+	function init() {
+
+		$gc_probability = 50;
+
+		ini_set('session.gc_probability', $gc_probability);
+		ini_set('session.use_only_cookies', 1);
+		ini_set('session.cookie_httponly', 1);
+	
+		/*
+		 * Set our session storage functions.
+		 */
+
+		$handler = new \Zotlabs\Web\SessionHandler();
+
+		session_set_save_handler($handler,true);
+
+		// Force cookies to be secure (https only) if this site is SSL enabled. 
+		// Must be done before session_start().
+
+	    if(intval(\App::$config['system']['ssl_cookie_protection'])) {
+	        $arr = session_get_cookie_params();
+    	    session_set_cookie_params(
+        	    ((isset($arr['lifetime']))  ? $arr['lifetime'] : 0),
+            	((isset($arr['path']))      ? $arr['path']     : '/'),
+	            ((isset($arr['domain']))    ? $arr['domain']   : App::get_hostname()),
+    	        ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
+        	    ((isset($arr['httponly']))  ? $arr['httponly'] : true)
+			);
+    	}
+	}
+
+	function start() {
+		session_start();
+	}
+
+	/**
+	 * @brief Resets the current session.
+	 *
+	 * @return void
+	 */
+
+	function nuke() {
+		self::new_cookie(0); // 0 means delete on browser exit
+		if($_SESSION && count($_SESSION)) {
+			foreach($_SESSION as $k => $v) {
+				unset($_SESSION[$k]);
+			}
+		}
+	}
+
+
+
+	function new_cookie($time) {
+
+		$old_sid = session_id();
+
+		session_regenerate_id(false);
+
+		q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
+			dbesc(session_id()),
+			dbesc($old_sid)
+		);
+
+		if (x($_COOKIE, 'jsAvailable')) {
+			if ($time) {
+				$expires = time() + $time;
+			} else {
+				$expires = 0;
+			}
+			setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
+		}
+		setcookie(session_name(),session_id(),$expires);
+	}
+
+
+}
\ No newline at end of file
diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php
new file mode 100644
index 000000000..ede2bd609
--- /dev/null
+++ b/Zotlabs/Web/SessionHandler.php
@@ -0,0 +1,78 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class SessionHandler implements \SessionHandlerInterface {
+
+	private $session_exists;
+	private $session_expire;
+
+
+	function open ($s, $n) {
+		$this->session_exists = 0;
+		$this->session_expire = 180000;
+		return true;
+	}
+
+	function read ($id) {
+
+		if(x($id))
+			$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
+
+		if($r) {
+			$this->session_exists = true;
+			return $r[0]['data'];
+		}
+
+		return '';
+	}
+
+
+	function write ($id, $data) {
+
+		if(! $id || ! $data) {
+			return false;
+		}
+
+		$expire = time() + $this->session_expire;
+		$default_expire = time() + 300;
+
+		if($this->session_exists) {
+			q("UPDATE `session`
+				SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
+				dbesc($data),
+				dbesc($expire),
+				dbesc($id)
+			);
+		} 
+		else {
+			q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
+				dbesc($id),
+				dbesc($default_expire),
+				dbesc($data)
+			);
+		}
+
+		return true;
+	}
+
+	
+	function close() {
+		return true;
+	}
+
+
+	function destroy ($id) {
+		q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
+		return true;
+	}
+
+
+	function gc($expire) {
+		q("DELETE FROM session WHERE expire < %d", dbesc(time()));
+		return true;
+	}
+
+
+}
\ No newline at end of file