diff options
Diffstat (limited to 'management-interface/lib/session.php')
| -rw-r--r-- | management-interface/lib/session.php | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/management-interface/lib/session.php b/management-interface/lib/session.php new file mode 100644 index 0000000..fcc45fc --- /dev/null +++ b/management-interface/lib/session.php @@ -0,0 +1,180 @@ +<?php + +/* + Copyright (c) 2009-2014 F3::Factory/Bong Cosca, All rights reserved. + + This file is part of the Fat-Free Framework (http://fatfree.sf.net). + + THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF + ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR + PURPOSE. + + Please see the license.txt file for more information. +*/ + +//! Cache-based session handler +class Session { + + protected + //! Session ID + $sid; + + /** + * Open session + * @return TRUE + * @param $path string + * @param $name string + **/ + function open($path,$name) { + return TRUE; + } + + /** + * Close session + * @return TRUE + **/ + function close() { + return TRUE; + } + + /** + * Return session data in serialized format + * @return string|FALSE + * @param $id string + **/ + function read($id) { + if ($id!=$this->sid) + $this->sid=$id; + return Cache::instance()->exists($id.'.@',$data)?$data['data']:FALSE; + } + + /** + * Write session data + * @return TRUE + * @param $id string + * @param $data string + **/ + function write($id,$data) { + $fw=Base::instance(); + $sent=headers_sent(); + $headers=$fw->get('HEADERS'); + $csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'. + $fw->hash(mt_rand()); + $jar=$fw->get('JAR'); + if ($id!=$this->sid) + $this->sid=$id; + Cache::instance()->set($id.'.@', + array( + 'data'=>$data, + 'csrf'=>$sent?$this->csrf():$csrf, + 'ip'=>$fw->get('IP'), + 'agent'=>isset($headers['User-Agent'])? + $headers['User-Agent']:'', + 'stamp'=>time() + ), + $jar['expire']?($jar['expire']-time()):0 + ); + return TRUE; + } + + /** + * Destroy session + * @return TRUE + * @param $id string + **/ + function destroy($id) { + Cache::instance()->clear($id.'.@'); + setcookie(session_name(),'',strtotime('-1 year')); + unset($_COOKIE[session_name()]); + header_remove('Set-Cookie'); + return TRUE; + } + + /** + * Garbage collector + * @return TRUE + * @param $max int + **/ + function cleanup($max) { + Cache::instance()->reset('.@',$max); + return TRUE; + } + + /** + * Return anti-CSRF token + * @return string|FALSE + **/ + function csrf() { + return Cache::instance()-> + exists(($this->sid?:session_id()).'.@',$data)? + $data['csrf']:FALSE; + } + + /** + * Return IP address + * @return string|FALSE + **/ + function ip() { + return Cache::instance()-> + exists(($this->sid?:session_id()).'.@',$data)? + $data['ip']:FALSE; + } + + /** + * Return Unix timestamp + * @return string|FALSE + **/ + function stamp() { + return Cache::instance()-> + exists(($this->sid?:session_id()).'.@',$data)? + $data['stamp']:FALSE; + } + + /** + * Return HTTP user agent + * @return string|FALSE + **/ + function agent() { + return Cache::instance()-> + exists(($this->sid?:session_id()).'.@',$data)? + $data['agent']:FALSE; + } + + /** + * Instantiate class + * @return object + **/ + function __construct() { + session_set_save_handler( + array($this,'open'), + array($this,'close'), + array($this,'read'), + array($this,'write'), + array($this,'destroy'), + array($this,'cleanup') + ); + register_shutdown_function('session_commit'); + @session_start(); + $fw=\Base::instance(); + $headers=$fw->get('HEADERS'); + if (($ip=$this->ip()) && $ip!=$fw->get('IP') || + ($agent=$this->agent()) && + (!isset($headers['User-Agent']) || + $agent!=$headers['User-Agent'])) { + session_destroy(); + \Base::instance()->error(403); + } + $csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'. + $fw->hash(mt_rand()); + $jar=$fw->get('JAR'); + if (Cache::instance()->exists(($this->sid=session_id()).'.@',$data)) { + $data['csrf']=$csrf; + Cache::instance()->set($this->sid.'.@', + $data, + $jar['expire']?($jar['expire']-time()):0 + ); + } + } + +} |