1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
<?php
/**
* @file include/session.php
*
* @brief This file includes session related functions.
*
* Session management functions. These provide database storage of PHP
* session info.
*/
$session_exists = 0;
$session_expire = 180000;
function new_cookie($time) {
$old_sid = session_id();
// ??? This shouldn't have any effect if called after session_start()
// We probably need to set the session expiration and change the PHPSESSID cookie.
session_set_cookie_params($time);
session_regenerate_id(false);
q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
dbesc(session_id()),
dbesc($old_sid)
);
if (x($_COOKIE, 'jsAvailable')) {
if ($time) {
$expires = time() + $time;
} else {
$expires = 0;
}
setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
}
}
function ref_session_open ($s, $n) {
return true;
}
function ref_session_read ($id) {
global $session_exists;
if(x($id))
$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
if(count($r)) {
$session_exists = true;
return $r[0]['data'];
}
return '';
}
function ref_session_write ($id, $data) {
global $session_exists, $session_expire;
if(! $id || ! $data) {
return false;
}
$expire = time() + $session_expire;
$default_expire = time() + 300;
if($session_exists) {
q("UPDATE `session`
SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
dbesc($data),
dbesc($expire),
dbesc($id)
);
} else {
q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
//SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
dbesc($id),
dbesc($default_expire),
dbesc($data)
);
}
return true;
}
function ref_session_close() {
return true;
}
function ref_session_destroy ($id) {
q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
return true;
}
function ref_session_gc($expire) {
q("DELETE FROM session WHERE expire < %d", dbesc(time()));
return true;
}
$gc_probability = 50;
ini_set('session.gc_probability', $gc_probability);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);
/*
* Set our session storage functions.
*/
session_set_save_handler(
'ref_session_open',
'ref_session_close',
'ref_session_read',
'ref_session_write',
'ref_session_destroy',
'ref_session_gc'
);
// Force cookies to be secure (https only) if this site is SSL enabled. Must be done before session_start().
if(intval(get_app()->config['system']['ssl_cookie_protection'])) {
$arr = session_get_cookie_params();
session_set_cookie_params(
((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
((isset($arr['path'])) ? $arr['path'] : '/'),
((isset($arr['domain'])) ? $arr['domain'] : get_app()->get_hostname()),
((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
((isset($arr['httponly'])) ? $arr['httponly'] : true));
}
|
