diff options
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Web/Session.php | 91 | ||||
-rw-r--r-- | Zotlabs/Web/SessionHandler.php | 78 |
2 files changed, 169 insertions, 0 deletions
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php new file mode 100644 index 000000000..ff0070d15 --- /dev/null +++ b/Zotlabs/Web/Session.php @@ -0,0 +1,91 @@ +<?php + +namespace Zotlabs\Web; + +/** + * + * @brief This file includes session related functions. + * + * Session management functions. These provide database storage of PHP + * session info. + */ + + +class Session { + + function init() { + + $gc_probability = 50; + + ini_set('session.gc_probability', $gc_probability); + ini_set('session.use_only_cookies', 1); + ini_set('session.cookie_httponly', 1); + + /* + * Set our session storage functions. + */ + + $handler = new \Zotlabs\Web\SessionHandler(); + + session_set_save_handler($handler,true); + + // Force cookies to be secure (https only) if this site is SSL enabled. + // Must be done before session_start(). + + if(intval(\App::$config['system']['ssl_cookie_protection'])) { + $arr = session_get_cookie_params(); + session_set_cookie_params( + ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0), + ((isset($arr['path'])) ? $arr['path'] : '/'), + ((isset($arr['domain'])) ? $arr['domain'] : App::get_hostname()), + ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false), + ((isset($arr['httponly'])) ? $arr['httponly'] : true) + ); + } + } + + function start() { + session_start(); + } + + /** + * @brief Resets the current session. + * + * @return void + */ + + function nuke() { + self::new_cookie(0); // 0 means delete on browser exit + if($_SESSION && count($_SESSION)) { + foreach($_SESSION as $k => $v) { + unset($_SESSION[$k]); + } + } + } + + + + function new_cookie($time) { + + $old_sid = session_id(); + + session_regenerate_id(false); + + q("UPDATE session SET sid = '%s' WHERE sid = '%s'", + dbesc(session_id()), + dbesc($old_sid) + ); + + if (x($_COOKIE, 'jsAvailable')) { + if ($time) { + $expires = time() + $time; + } else { + $expires = 0; + } + setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires); + } + setcookie(session_name(),session_id(),$expires); + } + + +}
\ No newline at end of file diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php new file mode 100644 index 000000000..ede2bd609 --- /dev/null +++ b/Zotlabs/Web/SessionHandler.php @@ -0,0 +1,78 @@ +<?php + +namespace Zotlabs\Web; + + +class SessionHandler implements \SessionHandlerInterface { + + private $session_exists; + private $session_expire; + + + function open ($s, $n) { + $this->session_exists = 0; + $this->session_expire = 180000; + return true; + } + + function read ($id) { + + if(x($id)) + $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); + + if($r) { + $this->session_exists = true; + return $r[0]['data']; + } + + return ''; + } + + + function write ($id, $data) { + + if(! $id || ! $data) { + return false; + } + + $expire = time() + $this->session_expire; + $default_expire = time() + 300; + + if($this->session_exists) { + q("UPDATE `session` + SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", + dbesc($data), + dbesc($expire), + dbesc($id) + ); + } + else { + q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')", + dbesc($id), + dbesc($default_expire), + dbesc($data) + ); + } + + return true; + } + + + function close() { + return true; + } + + + function destroy ($id) { + q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id)); + return true; + } + + + function gc($expire) { + q("DELETE FROM session WHERE expire < %d", dbesc(time())); + return true; + } + + +}
\ No newline at end of file |