WebSVN – SmartDukaan – Diff – /trunk/MobileSite/system/libraries/Session.php



<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
 * CodeIgniter
 *
 * An open source application development framework for PHP 5.1.6 or newer
 *
 * NOTICE OF LICENSE
 *
 * Licensed under the Open Software License version 3.0
 *
 * This source file is subject to the Open Software License (OSL 3.0) that is
 * bundled with this package in the files license.txt / license.rst.  It is
 * also available through the world wide web at this URL:
 * http://opensource.org/licenses/OSL-3.0
 * If you did not receive a copy of the license and are unable to obtain it
 * through the world wide web, please send an email to
 * licensing@ellislab.com so we can send you a copy immediately.
 *
 * @package		CodeIgniter
 * @author		EllisLab Dev Team
 * @copyright	Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/)
 * @license		http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
 * @link		http://codeigniter.com
 * @since		Version 1.0
 * @filesource
 */
 
 
 
/**
 * Session Class
 *
 * @package		CodeIgniter
 * @subpackage	Libraries
 * @category	Sessions
 * @author		EllisLab Dev Team
 * @link		http://codeigniter.com/user_guide/libraries/sessions.html
 */
class CI_Session {
 
	public $sess_encrypt_cookie		= FALSE;
	public $sess_use_database		= FALSE;
	public $sess_table_name			= '';
	public $sess_expiration			= 7200;
	public $sess_expire_on_close		= FALSE;
	public $sess_match_ip			= FALSE;
	public $sess_match_useragent		= TRUE;
	public $sess_cookie_name		= 'ci_session';
	public $cookie_prefix			= '';
	public $cookie_path			= '';
	public $cookie_domain			= '';
	public $cookie_secure			= FALSE;
	public $sess_time_to_update		= 300;
	public $encryption_key			= '';
	public $flashdata_key			= 'flash';
	public $time_reference			= 'time';
	public $gc_probability			= 5;
	public $userdata			= array();
	public $CI;
	public $now;
 
	/**
	 * Session Constructor
	 *
	 * The constructor runs the session routines automatically
	 * whenever the class is instantiated.
	 */
	public function __construct($params = array())
	{
		log_message('debug', 'Session Class Initialized');
 
		// Set the super object to a local variable for use throughout the class
		$this->CI =& get_instance();
 
		// Set all the session preferences, which can either be set

		if ($this->sess_encrypt_cookie == TRUE)
		{
			$this->CI->load->library('encrypt');
		}
 
		// Are we using a database? If so, load it
		if ($this->sess_use_database === TRUE && $this->sess_table_name != '')
		{
			$this->CI->load->database();
		}
 
		// Set the "now" time. Can either be GMT or server time, based on the
		// config prefs. We use this to set the "last activity" time
		$this->now = $this->_get_time();
 
		// Set the session length. If the session expiration is
		// set to zero we'll set the expiration two years from now.
		if ($this->sess_expiration == 0)

 
		// Set the cookie name
		$this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;
 
		// Run the Session routine. If a session doesn't exist we'll
		// create a new one. If it does, we'll update it.
		if ( ! $this->sess_read())
		{
			$this->sess_create();
		}
		else

		$this->_flashdata_mark();
 
		// Delete expired sessions if necessary
		$this->_sess_gc();
 
		log_message('debug', 'Session routines successfully run');
	}
 
	// --------------------------------------------------------------------
 
	/**
	 * Fetch the current session data if it exists
	 *
 
	 * @return	bool
	 */
	public function sess_read()
	{
		// Fetch the cookie
		$session = $this->CI->input->cookie($this->sess_cookie_name);
 
		// No cookie?  Goodbye cruel world!...

		{
			// encryption was not used, so we need to check the md5 hash
			$hash	 = substr($session, strlen($session)-32); // get last 32 chars
			$session = substr($session, 0, strlen($session)-32);
 
			// Does the md5 hash match? This is to prevent manipulation of session data in userspace
			if ($hash !==  md5($session.$this->encryption_key))
			{
				log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
				$this->sess_destroy();
				return FALSE;

 
		// Unserialize the session array
		$session = $this->_unserialize($session);
 
		// Is the session data we unserialized an array with the correct format?
		if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))
		{
			// $this->sess_destroy();
			// return FALSE;
		}
 
		// Is the session current?
		if (($session['last_activity'] + $this->sess_expiration) < $this->now)
		{
			$this->sess_destroy();
			return FALSE;
		}
 
		// Does the IP match?
		if ($this->sess_match_ip == TRUE && $session['ip_address'] !== $this->CI->input->ip_address())
		{
			// $this->sess_destroy();
			// return FALSE;
		}
 
		// Does the User Agent Match?
		if ($this->sess_match_useragent == TRUE && trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
		{
			// $this->sess_destroy();
			// return FALSE;
		}
 
		// Is there a corresponding session in the DB?
		if ($this->sess_use_database === TRUE)
		{

				$this->CI->db->where('user_agent', $session['user_agent']);
			}
 
			$query = $this->CI->db->get($this->sess_table_name);
 
			// No result? Kill it!
			if ($query->num_rows() === 0)
			{
				$this->sess_destroy();
				return FALSE;
			}
 
			// Is there custom data?  If so, add it to the main session array
			$row = $query->row();
			if (isset($row->user_data) && $row->user_data != '')
			{
				$custom_data = $this->_unserialize($row->user_data);
 
				if (is_array($custom_data))
				{

	// --------------------------------------------------------------------
 
	/**
	 * Write the session data
	 *
 
	 * @return	void
	 */
	public function sess_write()
	{
		// Are we saving custom data to the DB?  If not, all we do is update the cookie
		if ($this->sess_use_database === FALSE)
		{
			$this->_set_cookie();

		{
			unset($custom_userdata[$val]);
			$cookie_userdata[$val] = $this->userdata[$val];
		}
 
		// Did we find any custom data? If not, we turn the empty array into a string
		// since there's no reason to serialize and store an empty array in the DB
		if (count($custom_userdata) === 0)
		{
			$custom_userdata = '';
		}

 
		// Run the update query
		$this->CI->db->where('session_id', $this->userdata['session_id']);
		$this->CI->db->update($this->sess_table_name, array('last_activity' => $this->userdata['last_activity'], 'user_data' => $custom_userdata));
 
		// Write the cookie. Notice that we manually pass the cookie data array to the
		// _set_cookie() function. Normally that function will store $this->userdata, but
		// in this case that array contains custom data, which we do not want in the cookie.
		$this->_set_cookie($cookie_userdata);
	}
 
	// --------------------------------------------------------------------
 
	/**
	 * Create a new session
	 *
 
	 * @return	void
	 */
	public function sess_create()
	{
		$sessid = '';
		do
		{
			$sessid .= mt_rand(0, mt_getrandmax());
		}
		while (strlen($sessid) < 32);
 
		// To make the session ID even more secure we'll combine it with the user's IP
		$sessid .= $this->CI->input->ip_address();
 
		$this->userdata = array(
					'session_id'	=> md5(uniqid($sessid, TRUE)),
					'ip_address'	=> $this->CI->input->ip_address(),
					'user_agent'	=> substr($this->CI->input->user_agent(), 0, 120),
					'last_activity'	=> $this->now,
					'user_data'	=> ''
				);
 
 
		// Save the data to the DB if needed
		if ($this->sess_use_database === TRUE)
		{
			$this->CI->db->query($this->CI->db->insert_string($this->sess_table_name, $this->userdata));

	// --------------------------------------------------------------------
 
	/**
	 * Update an existing session
	 *
 
	 * @return	void
	 */
	public function sess_update()
	{
		// We only update the session every five minutes by default
		if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
		{
			return;
		}
 
		// _set_cookie() will handle this for us if we aren't using database sessions
		// by pushing all userdata to the cookie.
		$cookie_data = NULL;
 
		/* Changing the session ID during an AJAX call causes problems,
		 * so we'll only update our last_activity
		 */
		if ($this->CI->input->is_ajax_request())
		{
			$this->userdata['last_activity'] = $this->now;
 
			// Update the session ID and last_activity field in the DB if needed
			if ($this->sess_use_database === TRUE)
			{
				// set cookie explicitly to only have our session data
				$cookie_data = array();
				foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
				{
					$cookie_data[$val] = $this->userdata[$val];
				}
 
				$this->CI->db->query($this->CI->db->update_string($this->sess_table_name,
											array('last_activity' => $this->userdata['last_activity']),
											array('session_id' => $this->userdata['session_id'])));
			}
 
			return $this->_set_cookie($cookie_data);
		}
 
		// Save the old session id so we know which record to
		// update in the database if we need it
		$old_sessid = $this->userdata['session_id'];
		$new_sessid = '';
		do
		{
			$new_sessid .= mt_rand(0, mt_getrandmax());
		}
		while (strlen($new_sessid) < 32);
 
		// To make the session ID even more secure we'll combine it with the user's IP
		$new_sessid .= $this->CI->input->ip_address();
 
 
 
 
		// Turn it into a hash and update the session data array
		$this->userdata['session_id'] = $new_sessid = md5(uniqid($new_sessid, TRUE));
		$this->userdata['last_activity'] = $this->now;
 
 
 
 
 
		// Update the session ID and last_activity field in the DB if needed
		if ($this->sess_use_database === TRUE)
		{
			// set cookie explicitly to only have our session data
			$cookie_data = array();

	// --------------------------------------------------------------------
 
	/**
	 * Destroy the current session
	 *
 
	 * @return	void
	 */
	public function sess_destroy()
	{
		// Kill the session DB row
		if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
		{
			$this->CI->db->where('session_id', $this->userdata['session_id']);
			$this->CI->db->delete($this->sess_table_name);
		}
 
		// Kill the cookie
		setcookie(
				$this->sess_cookie_name,
				addslashes(serialize(array())),
				($this->now - 31500000),
				$this->cookie_path,
				$this->cookie_domain,
				0
			);
 
 
 
	}
 
	// --------------------------------------------------------------------
 
	/**
	 * Fetch a specific item from the session array
	 *
 
	 * @param	string
	 * @return	string
	 */
	public function userdata($item)
	{
		return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item];
	}
 
	// --------------------------------------------------------------------
 
	/**
	 * Fetch all session data
	 *
 
	 * @return	array
	 */
	public function all_userdata()
	{
		return $this->userdata;
	}
 
	// --------------------------------------------------------------------
 
	/**
	 * Add or change data in the "userdata" array
	 *
 
	 * @param	mixed
	 * @param	string
	 * @return	void
	 */
	public function set_userdata($newdata = array(), $newval = '')
	{
		if (is_string($newdata))
		{
			$newdata = array($newdata => $newval);
		}

	// --------------------------------------------------------------------
 
	/**
	 * Delete a session variable from the "userdata" array
	 *
 
	 * @return	void
	 */
	public function unset_userdata($newdata = array())
	{
		if (is_string($newdata))
		{
			$newdata = array($newdata => '');
		}

 
	/**
	 * Add or change flashdata, only available
	 * until the next request
	 *
 
	 * @param	mixed
	 * @param	string
	 * @return	void
	 */
	public function set_flashdata($newdata = array(), $newval = '')
	{
		if (is_string($newdata))
		{
			$newdata = array($newdata => $newval);
		}
 
		if (count($newdata) > 0)
		{
			foreach ($newdata as $key => $val)
			{
 
				$this->set_userdata($this->flashdata_key.':new:'.$key, $val);
			}
		}
	}
 
	// ------------------------------------------------------------------------
 
	/**
	 * Keeps existing flashdata available to next request.
	 *
 
	 * @param	string
	 * @return	void
	 */
	public function keep_flashdata($key)
	{
		// 'old' flashdata gets removed. Here we mark all
		// flashdata as 'new' to preserve it from _flashdata_sweep()
		// Note the function will return FALSE if the $key
		// provided cannot be found
 
		$value = $this->userdata($this->flashdata_key.':old:'.$key);
 
 
		$this->set_userdata($this->flashdata_key.':new:'.$key, $value);
	}
 
	// ------------------------------------------------------------------------
 
	/**
	 * Fetch a specific flashdata item from the session array
	 *
 
	 * @param	string
	 * @return	string
	 */
	public function flashdata($key)
	{
 
		return $this->userdata($this->flashdata_key.':old:'.$key);
	}
 
	// ------------------------------------------------------------------------
 
	/**
	 * Identifies flashdata as 'old' for removal
	 * when _flashdata_sweep() runs.
	 *
 
	 * @return	void
	 */
	protected function _flashdata_mark()
	{
		$userdata = $this->all_userdata();
		foreach ($userdata as $name => $value)
		{
			$parts = explode(':new:', $name);
			if (is_array($parts) && count($parts) === 2)
			{
				$this->set_userdata($this->flashdata_key.':old:'.$parts[1], $value);
 
				$this->unset_userdata($name);
			}
		}
	}
 
	// ------------------------------------------------------------------------
 
	/**
	 * Removes all flashdata marked as 'old'
	 *
 
	 * @return	void
	 */
 
	protected function _flashdata_sweep()
	{
		$userdata = $this->all_userdata();
		foreach ($userdata as $key => $value)
		{
			if (strpos($key, ':old:'))

	// --------------------------------------------------------------------
 
	/**
	 * Get the "now" time
	 *
 
	 * @return	string
	 */
	protected function _get_time()
	{
		return (strtolower($this->time_reference) === 'gmt')
 
 
			? mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'))
 
 
 
			: time();
 
 
 
	}
 
	// --------------------------------------------------------------------
 
	/**
	 * Write the session cookie
	 *
 
	 * @return	void
	 */
	protected function _set_cookie($cookie_data = NULL)
	{
		if (is_null($cookie_data))
		{
			$cookie_data = $this->userdata;
		}

 
		$expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
 
		// Set the cookie
		setcookie(
				$this->sess_cookie_name,
				$cookie_data,
				$expire,
				$this->cookie_path,
				$this->cookie_domain,
				$this->cookie_secure
			);
	}
 
	// --------------------------------------------------------------------
 
	/**
	 * Serialize an array
	 *
	 * This function first converts any slashes found in the array to a temporary
	 * marker, so when it gets unserialized the slashes will be preserved
	 *
 
	 * @param	array
	 * @return	string
	 */
	protected function _serialize($data)
	{
		if (is_array($data))
		{
 
 
 
 
			array_walk_recursive($data, array(&$this, '_escape_slashes'));
 
 
		}
		elseif (is_string($data))
		{
 
 
			$data = str_replace('\\', '{{slash}}', $data);
 
		}
 
		return serialize($data);
	}
 
	/**
	 * Escape slashes
	 *
	 * This function converts any slashes found into a temporary marker
	 *
	 * @param	string
	 * @param	string
	 * @return	void
	 */
	protected function _escape_slashes(&$val, $key)
	{
		if (is_string($val))
		{
			$val = str_replace('\\', '{{slash}}', $val);
		}
	}
 
	// --------------------------------------------------------------------
 
	/**
	 * Unserialize
	 *
	 * This function unserializes a data string, then converts any
	 * temporary slash markers back to actual slashes
	 *
 
	 * @param	array
	 * @return	string
	 */
	protected function _unserialize($data)
	{
		$data = @unserialize(strip_slashes($data));
 
		if (is_array($data))
		{
 
 
 
 
			array_walk_recursive($data, array(&$this, '_unescape_slashes'));
 
 
 
			return $data;
		}
 
		return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
	}
 
	/**
	 * Unescape slashes
	 *
	 * This function converts any slash markers back into actual slashes
	 *
	 * @param	string
	 * @param	string
	 * @return	void
	 */
	protected function _unescape_slashes(&$val, $key)
	{
		if (is_string($val))
		{
	 		$val= str_replace('{{slash}}', '\\', $val);
		}
	}
 
	// --------------------------------------------------------------------
 
	/**
	 * Garbage collection
	 *
	 * This deletes expired session rows from database
	 * if the probability percentage is met
	 *
 
	 * @return	void
	 */
	protected function _sess_gc()
	{
		if ($this->sess_use_database != TRUE)
		{
			return;
		}

 
			log_message('debug', 'Session garbage collection performed.');
		}
	}
 
 
}
 
 
/* End of file Session.php */
/* Location: ./system/libraries/Session.php */


Rev 11419	Rev 11537
Line 1...	Line 1...
1	`<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');`	1	`<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');`
2	`/**`	2	`/**`
3	`* CodeIgniter`	3	`* CodeIgniter`
4	`*`	4	`*`
5	`* An open source application development framework for PHP 5.1.6 or newer`	5	`* An open source application development framework for PHP 5.1.6 or newer`
6	`*`	6	`*`
-		7	`* NOTICE OF LICENSE`
-		8	`*`
-		9	`* Licensed under the Open Software License version 3.0`
-		10	`*`
-		11	`* This source file is subject to the Open Software License (OSL 3.0) that is`
-		12	`* bundled with this package in the files license.txt / license.rst. It is`
-		13	`* also available through the world wide web at this URL:`
-		14	`* http://opensource.org/licenses/OSL-3.0`
-		15	`* If you did not receive a copy of the license and are unable to obtain it`
-		16	`* through the world wide web, please send an email to`
-		17	`* licensing@ellislab.com so we can send you a copy immediately.`
-		18	`*`
7	`* @package CodeIgniter`	19	`* @package CodeIgniter`
8	`* @author ExpressionEngine Dev Team`	20	`* @author EllisLab Dev Team`
9	`* @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.`	21	`* @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/)`
10	`* @license http://codeigniter.com/user_guide/license.html`	22	`* @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)`
11	`* @link http://codeigniter.com`	23	`* @link http://codeigniter.com`
12	`* @since Version 1.0`	24	`* @since Version 1.0`
13	`* @filesource`	25	`* @filesource`
14	`*/`	26	`*/`
15		27
16	`// ------------------------------------------------------------------------`	-
17		-
18	`/**`	28	`/**`
19	`* Session Class`	29	`* Session Class`
20	`*`	30	`*`
21	`* @package CodeIgniter`	31	`* @package CodeIgniter`
22	`* @subpackage Libraries`	32	`* @subpackage Libraries`
23	`* @category Sessions`	33	`* @category Sessions`
24	`* @author ExpressionEngine Dev Team`	34	`* @author EllisLab Dev Team`
25	`* @link http://codeigniter.com/user_guide/libraries/sessions.html`	35	`* @link http://codeigniter.com/user_guide/libraries/sessions.html`
26	`*/`	36	`*/`
27	`class CI_Session {`	37	`class CI_Session {`
28		38
29	`var $sess_encrypt_cookie = FALSE;`	39	`public $sess_encrypt_cookie = FALSE;`
30	`var $sess_use_database = FALSE;`	40	`public $sess_use_database = FALSE;`
31	`var $sess_table_name = '';`	41	`public $sess_table_name = '';`
32	`var $sess_expiration = 7200;`	42	`public $sess_expiration = 7200;`
33	`var $sess_expire_on_close = FALSE;`	43	`public $sess_expire_on_close = FALSE;`
34	`var $sess_match_ip = FALSE;`	44	`public $sess_match_ip = FALSE;`
35	`var $sess_match_useragent = TRUE;`	45	`public $sess_match_useragent = TRUE;`
36	`var $sess_cookie_name = 'ci_session';`	46	`public $sess_cookie_name = 'ci_session';`
37	`var $cookie_prefix = '';`	47	`public $cookie_prefix = '';`
38	`var $cookie_path = '';`	48	`public $cookie_path = '';`
39	`var $cookie_domain = '';`	49	`public $cookie_domain = '';`
40	`var $cookie_secure = FALSE;`	50	`public $cookie_secure = FALSE;`
41	`var $sess_time_to_update = 300;`	51	`public $sess_time_to_update = 300;`
42	`var $encryption_key = '';`	52	`public $encryption_key = '';`
43	`var $flashdata_key = 'flash';`	53	`public $flashdata_key = 'flash';`
44	`var $time_reference = 'time';`	54	`public $time_reference = 'time';`
45	`var $gc_probability = 5;`	55	`public $gc_probability = 5;`
46	`var $userdata = array();`	56	`public $userdata = array();`
47	`var $CI;`	57	`public $CI;`
48	`var $now;`	58	`public $now;`
49		59
50	`/**`	60	`/**`
51	`* Session Constructor`	61	`* Session Constructor`
52	`*`	62	`*`
53	`* The constructor runs the session routines automatically`	63	`* The constructor runs the session routines automatically`
54	`* whenever the class is instantiated.`	64	`* whenever the class is instantiated.`
55	`*/`	65	`*/`
56	`public function __construct($params = array())`	66	`public function __construct($params = array())`
57	`{`	67	`{`
58	`log_message('debug', "Session Class Initialized");`	68	`log_message('debug', 'Session Class Initialized');`
59		69
60	`// Set the super object to a local variable for use throughout the class`	70	`// Set the super object to a local variable for use throughout the class`
61	`$this->CI =& get_instance();`	71	`$this->CI =& get_instance();`
62		72
63	`// Set all the session preferences, which can either be set`	73	`// Set all the session preferences, which can either be set`
Line 79...	Line 89...
79	`if ($this->sess_encrypt_cookie == TRUE)`	89	`if ($this->sess_encrypt_cookie == TRUE)`
80	`{`	90	`{`
81	`$this->CI->load->library('encrypt');`	91	`$this->CI->load->library('encrypt');`
82	`}`	92	`}`
83		93
84	`// Are we using a database? If so, load it`	94	`// Are we using a database? If so, load it`
85	`if ($this->sess_use_database === TRUE AND $this->sess_table_name != '')`	95	`if ($this->sess_use_database === TRUE && $this->sess_table_name != '')`
86	`{`	96	`{`
87	`$this->CI->load->database();`	97	`$this->CI->load->database();`
88	`}`	98	`}`
89		99
90	`// Set the "now" time. Can either be GMT or server time, based on the`	100	`// Set the "now" time. Can either be GMT or server time, based on the`
91	`// config prefs. We use this to set the "last activity" time`	101	`// config prefs. We use this to set the "last activity" time`
92	`$this->now = $this->_get_time();`	102	`$this->now = $this->_get_time();`
93		103
94	`// Set the session length. If the session expiration is`	104	`// Set the session length. If the session expiration is`
95	`// set to zero we'll set the expiration two years from now.`	105	`// set to zero we'll set the expiration two years from now.`
96	`if ($this->sess_expiration == 0)`	106	`if ($this->sess_expiration == 0)`
Line 100...	Line 110...
100		110
101	`// Set the cookie name`	111	`// Set the cookie name`
102	`$this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;`	112	`$this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;`
103		113
104	`// Run the Session routine. If a session doesn't exist we'll`	114	`// Run the Session routine. If a session doesn't exist we'll`
105	`// create a new one. If it does, we'll update it.`	115	`// create a new one. If it does, we'll update it.`
106	`if ( ! $this->sess_read())`	116	`if ( ! $this->sess_read())`
107	`{`	117	`{`
108	`$this->sess_create();`	118	`$this->sess_create();`
109	`}`	119	`}`
110	`else`	120	`else`
Line 119...	Line 129...
119	`$this->_flashdata_mark();`	129	`$this->_flashdata_mark();`
120		130
121	`// Delete expired sessions if necessary`	131	`// Delete expired sessions if necessary`
122	`$this->_sess_gc();`	132	`$this->_sess_gc();`
123		133
124	`log_message('debug', "Session routines successfully run");`	134	`log_message('debug', 'Session routines successfully run');`
125	`}`	135	`}`
126		136
127	`// --------------------------------------------------------------------`	137	`// --------------------------------------------------------------------`
128		138
129	`/**`	139	`/**`
130	`* Fetch the current session data if it exists`	140	`* Fetch the current session data if it exists`
131	`*`	141	`*`
132	`* @access public`	-
133	`* @return bool`	142	`* @return bool`
134	`*/`	143	`*/`
135	`function sess_read()`	144	`public function sess_read()`
136	`{`	145	`{`
137	`// Fetch the cookie`	146	`// Fetch the cookie`
138	`$session = $this->CI->input->cookie($this->sess_cookie_name);`	147	`$session = $this->CI->input->cookie($this->sess_cookie_name);`
139		148
140	`// No cookie? Goodbye cruel world!...`	149	`// No cookie? Goodbye cruel world!...`
Line 153...	Line 162...
153	`{`	162	`{`
154	`// encryption was not used, so we need to check the md5 hash`	163	`// encryption was not used, so we need to check the md5 hash`
155	`$hash = substr($session, strlen($session)-32); // get last 32 chars`	164	`$hash = substr($session, strlen($session)-32); // get last 32 chars`
156	`$session = substr($session, 0, strlen($session)-32);`	165	`$session = substr($session, 0, strlen($session)-32);`
157		166
158	`// Does the md5 hash match? This is to prevent manipulation of session data in userspace`	167	`// Does the md5 hash match? This is to prevent manipulation of session data in userspace`
159	`if ($hash !== md5($session.$this->encryption_key))`	168	`if ($hash !== md5($session.$this->encryption_key))`
160	`{`	169	`{`
161	`log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');`	170	`log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');`
162	`$this->sess_destroy();`	171	`$this->sess_destroy();`
163	`return FALSE;`	172	`return FALSE;`
Line 166...	Line 175...
166		175
167	`// Unserialize the session array`	176	`// Unserialize the session array`
168	`$session = $this->_unserialize($session);`	177	`$session = $this->_unserialize($session);`
169		178
170	`// Is the session data we unserialized an array with the correct format?`	179	`// Is the session data we unserialized an array with the correct format?`
171	`if ( ! is_array($session) OR ! isset($session['session_id']) OR ! isset($session['ip_address']) OR ! isset($session['user_agent']) OR ! isset($session['last_activity']))`	180	`if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))`
172	`{`	181	`{`
173	`//$this->sess_destroy();`	182	`// $this->sess_destroy();`
174	`//return FALSE;`	183	`// return FALSE;`
175	`}`	184	`}`
176		185
177	`// Is the session current?`	186	`// Is the session current?`
178	`if (($session['last_activity'] + $this->sess_expiration) < $this->now)`	187	`if (($session['last_activity'] + $this->sess_expiration) < $this->now)`
179	`{`	188	`{`
180	`$this->sess_destroy();`	189	`$this->sess_destroy();`
181	`return FALSE;`	190	`return FALSE;`
182	`}`	191	`}`
183		192
184	`// Does the IP Match?`	193	`// Does the IP match?`
185	`if ($this->sess_match_ip == TRUE AND $session['ip_address'] != $this->CI->input->ip_address())`	194	`if ($this->sess_match_ip == TRUE && $session['ip_address'] !== $this->CI->input->ip_address())`
186	`{`	195	`{`
187	`//$this->sess_destroy();`	196	`// $this->sess_destroy();`
188	`//return FALSE;`	197	`// return FALSE;`
189	`}`	198	`}`
190		199
191	`// Does the User Agent Match?`	200	`// Does the User Agent Match?`
192	`if ($this->sess_match_useragent == TRUE AND trim($session['user_agent']) != trim(substr($this->CI->input->user_agent(), 0, 120)))`	201	`if ($this->sess_match_useragent == TRUE && trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))`
193	`{`	202	`{`
194	`//$this->sess_destroy();`	203	`// $this->sess_destroy();`
195	`//return FALSE;`	204	`// return FALSE;`
196	`}`	205	`}`
197		206
198	`// Is there a corresponding session in the DB?`	207	`// Is there a corresponding session in the DB?`
199	`if ($this->sess_use_database === TRUE)`	208	`if ($this->sess_use_database === TRUE)`
200	`{`	209	`{`
Line 210...	Line 219...
210	`$this->CI->db->where('user_agent', $session['user_agent']);`	219	`$this->CI->db->where('user_agent', $session['user_agent']);`
211	`}`	220	`}`
212		221
213	`$query = $this->CI->db->get($this->sess_table_name);`	222	`$query = $this->CI->db->get($this->sess_table_name);`
214		223
215	`// No result? Kill it!`	224	`// No result? Kill it!`
216	`if ($query->num_rows() == 0)`	225	`if ($query->num_rows() === 0)`
217	`{`	226	`{`
218	`//$this->sess_destroy();`	227	`$this->sess_destroy();`
219	`//return FALSE;`	228	`return FALSE;`
220	`}`	229	`}`
221		230
222	`// Is there custom data? If so, add it to the main session array`	231	`// Is there custom data? If so, add it to the main session array`
223	`$row = $query->row();`	232	`$row = $query->row();`
224	`if (isset($row->user_data) AND $row->user_data != '')`	233	`if (isset($row->user_data) && $row->user_data != '')`
225	`{`	234	`{`
226	`$custom_data = $this->_unserialize($row->user_data);`	235	`$custom_data = $this->_unserialize($row->user_data);`
227		236
228	`if (is_array($custom_data))`	237	`if (is_array($custom_data))`
229	`{`	238	`{`
Line 245...	Line 254...
245	`// --------------------------------------------------------------------`	254	`// --------------------------------------------------------------------`
246		255
247	`/**`	256	`/**`
248	`* Write the session data`	257	`* Write the session data`
249	`*`	258	`*`
250	`* @access public`	-
251	`* @return void`	259	`* @return void`
252	`*/`	260	`*/`
253	`function sess_write()`	261	`public function sess_write()`
254	`{`	262	`{`
255	`// Are we saving custom data to the DB? If not, all we do is update the cookie`	263	`// Are we saving custom data to the DB? If not, all we do is update the cookie`
256	`if ($this->sess_use_database === FALSE)`	264	`if ($this->sess_use_database === FALSE)`
257	`{`	265	`{`
258	`$this->_set_cookie();`	266	`$this->_set_cookie();`
Line 270...	Line 278...
270	`{`	278	`{`
271	`unset($custom_userdata[$val]);`	279	`unset($custom_userdata[$val]);`
272	`$cookie_userdata[$val] = $this->userdata[$val];`	280	`$cookie_userdata[$val] = $this->userdata[$val];`
273	`}`	281	`}`
274		282
275	`// Did we find any custom data? If not, we turn the empty array into a string`	283	`// Did we find any custom data? If not, we turn the empty array into a string`
276	`// since there's no reason to serialize and store an empty array in the DB`	284	`// since there's no reason to serialize and store an empty array in the DB`
277	`if (count($custom_userdata) === 0)`	285	`if (count($custom_userdata) === 0)`
278	`{`	286	`{`
279	`$custom_userdata = '';`	287	`$custom_userdata = '';`
280	`}`	288	`}`
Line 286...	Line 294...
286		294
287	`// Run the update query`	295	`// Run the update query`
288	`$this->CI->db->where('session_id', $this->userdata['session_id']);`	296	`$this->CI->db->where('session_id', $this->userdata['session_id']);`
289	`$this->CI->db->update($this->sess_table_name, array('last_activity' => $this->userdata['last_activity'], 'user_data' => $custom_userdata));`	297	`$this->CI->db->update($this->sess_table_name, array('last_activity' => $this->userdata['last_activity'], 'user_data' => $custom_userdata));`
290		298
291	`// Write the cookie. Notice that we manually pass the cookie data array to the`	299	`// Write the cookie. Notice that we manually pass the cookie data array to the`
292	`// _set_cookie() function. Normally that function will store $this->userdata, but`	300	`// _set_cookie() function. Normally that function will store $this->userdata, but`
293	`// in this case that array contains custom data, which we do not want in the cookie.`	301	`// in this case that array contains custom data, which we do not want in the cookie.`
294	`$this->_set_cookie($cookie_userdata);`	302	`$this->_set_cookie($cookie_userdata);`
295	`}`	303	`}`
296		304
297	`// --------------------------------------------------------------------`	305	`// --------------------------------------------------------------------`
298		306
299	`/**`	307	`/**`
300	`* Create a new session`	308	`* Create a new session`
301	`*`	309	`*`
302	`* @access public`	-
303	`* @return void`	310	`* @return void`
304	`*/`	311	`*/`
305	`function sess_create()`	312	`public function sess_create()`
306	`{`	313	`{`
307	`$sessid = '';`	314	`$sessid = '';`
308	`while (strlen($sessid) < 32)`	315	`do`
309	`{`	316	`{`
310	`$sessid .= mt_rand(0, mt_getrandmax());`	317	`$sessid .= mt_rand(0, mt_getrandmax());`
311	`}`	318	`}`
-		319	`while (strlen($sessid) < 32);`
312		320
313	`// To make the session ID even more secure we'll combine it with the user's IP`	321	`// To make the session ID even more secure we'll combine it with the user's IP`
314	`$sessid .= $this->CI->input->ip_address();`	322	`$sessid .= $this->CI->input->ip_address();`
315		323
316	`$this->userdata = array(`	324	`$this->userdata = array(`
317	`'session_id' => md5(uniqid($sessid, TRUE)),`	325	`'session_id' => md5(uniqid($sessid, TRUE)),`
318	`'ip_address' => $this->CI->input->ip_address(),`	326	`'ip_address' => $this->CI->input->ip_address(),`
319	`'user_agent' => substr($this->CI->input->user_agent(), 0, 120),`	327	`'user_agent' => substr($this->CI->input->user_agent(), 0, 120),`
320	`'last_activity' => $this->now,`	328	`'last_activity' => $this->now,`
321	`'user_data' => ''`	329	`'user_data' => ''`
322	`);`	330	`);`
323		-
324		331
325	`// Save the data to the DB if needed`	332	`// Save the data to the DB if needed`
326	`if ($this->sess_use_database === TRUE)`	333	`if ($this->sess_use_database === TRUE)`
327	`{`	334	`{`
328	`$this->CI->db->query($this->CI->db->insert_string($this->sess_table_name, $this->userdata));`	335	`$this->CI->db->query($this->CI->db->insert_string($this->sess_table_name, $this->userdata));`
Line 335...	Line 342...
335	`// --------------------------------------------------------------------`	342	`// --------------------------------------------------------------------`
336		343
337	`/**`	344	`/**`
338	`* Update an existing session`	345	`* Update an existing session`
339	`*`	346	`*`
340	`* @access public`	-
341	`* @return void`	347	`* @return void`
342	`*/`	348	`*/`
343	`function sess_update()`	349	`public function sess_update()`
344	`{`	350	`{`
345	`// We only update the session every five minutes by default`	351	`// We only update the session every five minutes by default`
346	`if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)`	352	`if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)`
347	`{`	353	`{`
348	`return;`	354	`return;`
349	`}`	355	`}`
350		356
-		357	`// _set_cookie() will handle this for us if we aren't using database sessions`
-		358	`// by pushing all userdata to the cookie.`
-		359	`$cookie_data = NULL;`
-		360
-		361	`/* Changing the session ID during an AJAX call causes problems,`
-		362	`* so we'll only update our last_activity`
-		363	`*/`
-		364	`if ($this->CI->input->is_ajax_request())`
-		365	`{`
-		366	`$this->userdata['last_activity'] = $this->now;`
-		367
-		368	`// Update the session ID and last_activity field in the DB if needed`
-		369	`if ($this->sess_use_database === TRUE)`
-		370	`{`
-		371	`// set cookie explicitly to only have our session data`
-		372	`$cookie_data = array();`
-		373	`foreach (array('session_id','ip_address','user_agent','last_activity') as $val)`
-		374	`{`
-		375	`$cookie_data[$val] = $this->userdata[$val];`
-		376	`}`
-		377
-		378	`$this->CI->db->query($this->CI->db->update_string($this->sess_table_name,`
-		379	`array('last_activity' => $this->userdata['last_activity']),`
-		380	`array('session_id' => $this->userdata['session_id'])));`
-		381	`}`
-		382
-		383	`return $this->_set_cookie($cookie_data);`
-		384	`}`
-		385
351	`// Save the old session id so we know which record to`	386	`// Save the old session id so we know which record to`
352	`// update in the database if we need it`	387	`// update in the database if we need it`
353	`$old_sessid = $this->userdata['session_id'];`	388	`$old_sessid = $this->userdata['session_id'];`
354	`$new_sessid = '';`	389	`$new_sessid = '';`
355	`while (strlen($new_sessid) < 32)`	390	`do`
356	`{`	391	`{`
357	`$new_sessid .= mt_rand(0, mt_getrandmax());`	392	`$new_sessid .= mt_rand(0, mt_getrandmax());`
358	`}`	393	`}`
-		394	`while (strlen($new_sessid) < 32);`
359		395
360	`// To make the session ID even more secure we'll combine it with the user's IP`	396	`// To make the session ID even more secure we'll combine it with the user's IP`
361	`$new_sessid .= $this->CI->input->ip_address();`	397	`$new_sessid .= $this->CI->input->ip_address();`
362		398
363	`// Turn it into a hash`	-
364	`$new_sessid = md5(uniqid($new_sessid, TRUE));`	-
365		-
366	`// Update the session data in the session data array`	399	`// Turn it into a hash and update the session data array`
367	`$this->userdata['session_id'] = $new_sessid;`	400	`$this->userdata['session_id'] = $new_sessid = md5(uniqid($new_sessid, TRUE));`
368	`$this->userdata['last_activity'] = $this->now;`	401	`$this->userdata['last_activity'] = $this->now;`
369		402
370	`// _set_cookie() will handle this for us if we aren't using database sessions`	-
371	`// by pushing all userdata to the cookie.`	-
372	`$cookie_data = NULL;`	-
373		-
374	`// Update the session ID and last_activity field in the DB if needed`	403	`// Update the session ID and last_activity field in the DB if needed`
375	`if ($this->sess_use_database === TRUE)`	404	`if ($this->sess_use_database === TRUE)`
376	`{`	405	`{`
377	`// set cookie explicitly to only have our session data`	406	`// set cookie explicitly to only have our session data`
378	`$cookie_data = array();`	407	`$cookie_data = array();`
Line 391...	Line 420...
391	`// --------------------------------------------------------------------`	420	`// --------------------------------------------------------------------`
392		421
393	`/**`	422	`/**`
394	`* Destroy the current session`	423	`* Destroy the current session`
395	`*`	424	`*`
396	`* @access public`	-
397	`* @return void`	425	`* @return void`
398	`*/`	426	`*/`
399	`function sess_destroy()`	427	`public function sess_destroy()`
400	`{`	428	`{`
401	`// Kill the session DB row`	429	`// Kill the session DB row`
402	`if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))`	430	`if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))`
403	`{`	431	`{`
404	`$this->CI->db->where('session_id', $this->userdata['session_id']);`	432	`$this->CI->db->where('session_id', $this->userdata['session_id']);`
405	`$this->CI->db->delete($this->sess_table_name);`	433	`$this->CI->db->delete($this->sess_table_name);`
406	`}`	434	`}`
407		435
408	`// Kill the cookie`	436	`// Kill the cookie`
409	`setcookie(`	437	`setcookie(`
410	`$this->sess_cookie_name,`	438	`$this->sess_cookie_name,`
411	`addslashes(serialize(array())),`	439	`addslashes(serialize(array())),`
412	`($this->now - 31500000),`	440	`($this->now - 31500000),`
413	`$this->cookie_path,`	441	`$this->cookie_path,`
414	`$this->cookie_domain,`	442	`$this->cookie_domain,`
415	`0`	443	`0`
416	`);`	444	`);`
417		-
418	`// Kill session data`	-
419	`$this->userdata = array();`	-
420	`}`	445	`}`
421		446
422	`// --------------------------------------------------------------------`	447	`// --------------------------------------------------------------------`
423		448
424	`/**`	449	`/**`
425	`* Fetch a specific item from the session array`	450	`* Fetch a specific item from the session array`
426	`*`	451	`*`
427	`* @access public`	-
428	`* @param string`	452	`* @param string`
429	`* @return string`	453	`* @return string`
430	`*/`	454	`*/`
431	`function userdata($item)`	455	`public function userdata($item)`
432	`{`	456	`{`
433	`return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item];`	457	`return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item];`
434	`}`	458	`}`
435		459
436	`// --------------------------------------------------------------------`	460	`// --------------------------------------------------------------------`
437		461
438	`/**`	462	`/**`
439	`* Fetch all session data`	463	`* Fetch all session data`
440	`*`	464	`*`
441	`* @access public`	-
442	`* @return array`	465	`* @return array`
443	`*/`	466	`*/`
444	`function all_userdata()`	467	`public function all_userdata()`
445	`{`	468	`{`
446	`return $this->userdata;`	469	`return $this->userdata;`
447	`}`	470	`}`
448		471
449	`// --------------------------------------------------------------------`	472	`// --------------------------------------------------------------------`
450		473
451	`/**`	474	`/**`
452	`* Add or change data in the "userdata" array`	475	`* Add or change data in the "userdata" array`
453	`*`	476	`*`
454	`* @access public`	-
455	`* @param mixed`	477	`* @param mixed`
456	`* @param string`	478	`* @param string`
457	`* @return void`	479	`* @return void`
458	`*/`	480	`*/`
459	`function set_userdata($newdata = array(), $newval = '')`	481	`public function set_userdata($newdata = array(), $newval = '')`
460	`{`	482	`{`
461	`if (is_string($newdata))`	483	`if (is_string($newdata))`
462	`{`	484	`{`
463	`$newdata = array($newdata => $newval);`	485	`$newdata = array($newdata => $newval);`
464	`}`	486	`}`
Line 477...	Line 499...
477	`// --------------------------------------------------------------------`	499	`// --------------------------------------------------------------------`
478		500
479	`/**`	501	`/**`
480	`* Delete a session variable from the "userdata" array`	502	`* Delete a session variable from the "userdata" array`
481	`*`	503	`*`
482	`* @access array`	-
483	`* @return void`	504	`* @return void`
484	`*/`	505	`*/`
485	`function unset_userdata($newdata = array())`	506	`public function unset_userdata($newdata = array())`
486	`{`	507	`{`
487	`if (is_string($newdata))`	508	`if (is_string($newdata))`
488	`{`	509	`{`
489	`$newdata = array($newdata => '');`	510	`$newdata = array($newdata => '');`
490	`}`	511	`}`
Line 504...	Line 525...
504		525
505	`/**`	526	`/**`
506	`* Add or change flashdata, only available`	527	`* Add or change flashdata, only available`
507	`* until the next request`	528	`* until the next request`
508	`*`	529	`*`
509	`* @access public`	-
510	`* @param mixed`	530	`* @param mixed`
511	`* @param string`	531	`* @param string`
512	`* @return void`	532	`* @return void`
513	`*/`	533	`*/`
514	`function set_flashdata($newdata = array(), $newval = '')`	534	`public function set_flashdata($newdata = array(), $newval = '')`
515	`{`	535	`{`
516	`if (is_string($newdata))`	536	`if (is_string($newdata))`
517	`{`	537	`{`
518	`$newdata = array($newdata => $newval);`	538	`$newdata = array($newdata => $newval);`
519	`}`	539	`}`
520		540
521	`if (count($newdata) > 0)`	541	`if (count($newdata) > 0)`
522	`{`	542	`{`
523	`foreach ($newdata as $key => $val)`	543	`foreach ($newdata as $key => $val)`
524	`{`	544	`{`
525	`$flashdata_key = $this->flashdata_key.':new:'.$key;`	-
526	`$this->set_userdata($flashdata_key, $val);`	545	`$this->set_userdata($this->flashdata_key.':new:'.$key, $val);`
527	`}`	546	`}`
528	`}`	547	`}`
529	`}`	548	`}`
530		549
531	`// ------------------------------------------------------------------------`	550	`// ------------------------------------------------------------------------`
532		551
533	`/**`	552	`/**`
534	`* Keeps existing flashdata available to next request.`	553	`* Keeps existing flashdata available to next request.`
535	`*`	554	`*`
536	`* @access public`	-
537	`* @param string`	555	`* @param string`
538	`* @return void`	556	`* @return void`
539	`*/`	557	`*/`
540	`function keep_flashdata($key)`	558	`public function keep_flashdata($key)`
541	`{`	559	`{`
542	`// 'old' flashdata gets removed. Here we mark all`	560	`// 'old' flashdata gets removed. Here we mark all`
543	`// flashdata as 'new' to preserve it from _flashdata_sweep()`	561	`// flashdata as 'new' to preserve it from _flashdata_sweep()`
544	`// Note the function will return FALSE if the $key`	562	`// Note the function will return FALSE if the $key`
545	`// provided cannot be found`	563	`// provided cannot be found`
546	`$old_flashdata_key = $this->flashdata_key.':old:'.$key;`	-
547	`$value = $this->userdata($old_flashdata_key);`	564	`$value = $this->userdata($this->flashdata_key.':old:'.$key);`
548		565
549	`$new_flashdata_key = $this->flashdata_key.':new:'.$key;`	-
550	`$this->set_userdata($new_flashdata_key, $value);`	566	`$this->set_userdata($this->flashdata_key.':new:'.$key, $value);`
551	`}`	567	`}`
552		568
553	`// ------------------------------------------------------------------------`	569	`// ------------------------------------------------------------------------`
554		570
555	`/**`	571	`/**`
556	`* Fetch a specific flashdata item from the session array`	572	`* Fetch a specific flashdata item from the session array`
557	`*`	573	`*`
558	`* @access public`	-
559	`* @param string`	574	`* @param string`
560	`* @return string`	575	`* @return string`
561	`*/`	576	`*/`
562	`function flashdata($key)`	577	`public function flashdata($key)`
563	`{`	578	`{`
564	`$flashdata_key = $this->flashdata_key.':old:'.$key;`	-
565	`return $this->userdata($flashdata_key);`	579	`return $this->userdata($this->flashdata_key.':old:'.$key);`
566	`}`	580	`}`

Subversion Repositories SmartDukaan

(root)/trunk/MobileSite/system/libraries/Session.php – Rev 11419 → 11537