aboutsummaryrefslogtreecommitdiffstats
path: root/include/session.php
blob: 00e1d8fbee7eb8a864a9cafb45977d5c7af0cce7 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<?php /** @file */

// Session management functions. These provide database storage of PHP
// session info.

$session_exists = 0;
$session_expire = 180000;

$session_mirror = null;

function red_session_start() {
	global $session_mirror;
	
	session_start();
	$session_mirror = $_SESSION;
	session_write_close();
}

function red_session_get($var) {
	global $session_mirror;
	if(is_null($session_mirror))
		red_session_start();
	return $session_mirror[$var];
}

function red_session_put($var,$val) {
	session_start();
	$_SESSION[$var'] = $val;
	$session_mirror = $_SESSION;
	session_write_close();
}

function red_session_destroy() {
	session_start();
	unset($_SESSION);
	unset($session_mirror);
	session_write_close();
}


function new_cookie($time) {
    $old_sid = session_id();

// ??? This shouldn't have any effect if called after session_start()
// We probably need to set the session expiration and change the PHPSESSID cookie.

    session_set_cookie_params($time);
    session_regenerate_id(false);

    q("UPDATE session SET sid = '%s' WHERE sid = '%s'", dbesc(session_id()), dbesc($old_sid));

	if (x($_COOKIE, 'jsAvailable')) {
		if ($time) {
			$expires = time() + $time;
		} else {
			$expires = 0;
		}
		setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
	}
}


function ref_session_open ($s,$n) {
  return true;
}


function ref_session_read ($id) {
  global $session_exists;
  if(x($id))
    $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
  if(count($r)) {
    $session_exists = true;
    return $r[0]['data'];
  }
  return '';
}


function ref_session_write ($id,$data) {
  global $session_exists, $session_expire;
  if(! $id || ! $data) { 
    return false; 
  }

  $expire = time() + $session_expire;
  $default_expire = time() + 300;

  if($session_exists)
    $r = q("UPDATE `session` 
            SET `data` = '%s', `expire` = '%s' 
            WHERE `sid` = '%s'", 
            dbesc($data), dbesc($expire), dbesc($id));
  else
    $r = q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
            //SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
            dbesc($id), dbesc($default_expire), dbesc($data));

  return true;
}


function ref_session_close() {
  return true;
}


function ref_session_destroy ($id) {
  q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
  return true;
}


function ref_session_gc($expire) {
  q("DELETE FROM session WHERE expire < %d", dbesc(time()));
    if (! get_config('system','innodb'))
	db_optimizetable('session');
    return true;
}

$gc_probability = 50;

ini_set('session.gc_probability', $gc_probability);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);


session_set_save_handler ('ref_session_open', 'ref_session_close', 'ref_session_read', 'ref_session_write', 'ref_session_destroy', 'ref_session_gc');