path: root/management-interface/lib/session.php

<?php

/*
	Copyright (c) 2009-2014 F3::Factory/Bong Cosca, All rights reserved.

	This file is part of the Fat-Free Framework (http://fatfree.sf.net).

	THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF
	ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
	IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
	PURPOSE.

	Please see the license.txt file for more information.
*/

//! Cache-based session handler
class Session {

	protected
		//! Session ID
		$sid;

	/**
	*	Open session
	*	@return TRUE
	*	@param $path string
	*	@param $name string
	**/
	function open($path,$name) {
		return TRUE;
	}

	/**
	*	Close session
	*	@return TRUE
	**/
	function close() {
		return TRUE;
	}

	/**
	*	Return session data in serialized format
	*	@return string|FALSE
	*	@param $id string
	**/
	function read($id) {
		if ($id!=$this->sid)
			$this->sid=$id;
		return Cache::instance()->exists($id.'.@',$data)?$data['data']:FALSE;
	}

	/**
	*	Write session data
	*	@return TRUE
	*	@param $id string
	*	@param $data string
	**/
	function write($id,$data) {
		$fw=Base::instance();
		$sent=headers_sent();
		$headers=$fw->get('HEADERS');
		$csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'.
			$fw->hash(mt_rand());
		$jar=$fw->get('JAR');
		if ($id!=$this->sid)
			$this->sid=$id;
		Cache::instance()->set($id.'.@',
			array(
				'data'=>$data,
				'csrf'=>$sent?$this->csrf():$csrf,
				'ip'=>$fw->get('IP'),
				'agent'=>isset($headers['User-Agent'])?
					$headers['User-Agent']:'',
				'stamp'=>time()
			),
			$jar['expire']?($jar['expire']-time()):0
		);
		return TRUE;
	}

	/**
	*	Destroy session
	*	@return TRUE
	*	@param $id string
	**/
	function destroy($id) {
		Cache::instance()->clear($id.'.@');
		setcookie(session_name(),'',strtotime('-1 year'));
		unset($_COOKIE[session_name()]);
		header_remove('Set-Cookie');
		return TRUE;
	}

	/**
	*	Garbage collector
	*	@return TRUE
	*	@param $max int
	**/
	function cleanup($max) {
		Cache::instance()->reset('.@',$max);
		return TRUE;
	}

	/**
	*	Return anti-CSRF token
	*	@return string|FALSE
	**/
	function csrf() {
		return Cache::instance()->
			exists(($this->sid?:session_id()).'.@',$data)?
				$data['csrf']:FALSE;
	}

	/**
	*	Return IP address
	*	@return string|FALSE
	**/
	function ip() {
		return Cache::instance()->
			exists(($this->sid?:session_id()).'.@',$data)?
				$data['ip']:FALSE;
	}

	/**
	*	Return Unix timestamp
	*	@return string|FALSE
	**/
	function stamp() {
		return Cache::instance()->
			exists(($this->sid?:session_id()).'.@',$data)?
				$data['stamp']:FALSE;
	}

	/**
	*	Return HTTP user agent
	*	@return string|FALSE
	**/
	function agent() {
		return Cache::instance()->
			exists(($this->sid?:session_id()).'.@',$data)?
				$data['agent']:FALSE;
	}

	/**
	*	Instantiate class
	*	@return object
	**/
	function __construct() {
		session_set_save_handler(
			array($this,'open'),
			array($this,'close'),
			array($this,'read'),
			array($this,'write'),
			array($this,'destroy'),
			array($this,'cleanup')
		);
		register_shutdown_function('session_commit');
		@session_start();
		$fw=\Base::instance();
		$headers=$fw->get('HEADERS');
		if (($ip=$this->ip()) && $ip!=$fw->get('IP') ||
			($agent=$this->agent()) &&
			(!isset($headers['User-Agent']) ||
				$agent!=$headers['User-Agent'])) {
			session_destroy();
			\Base::instance()->error(403);
		}
		$csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'.
			$fw->hash(mt_rand());
		$jar=$fw->get('JAR');
		if (Cache::instance()->exists(($this->sid=session_id()).'.@',$data)) {
			$data['csrf']=$csrf;
			Cache::instance()->set($this->sid.'.@',
				$data,
				$jar['expire']?($jar['expire']-time()):0
			);
		}
	}

}