diff options
Diffstat (limited to 'inc/session.inc.php')
-rw-r--r-- | inc/session.inc.php | 123 |
1 files changed, 89 insertions, 34 deletions
diff --git a/inc/session.inc.php b/inc/session.inc.php index a62c5cd3..4b4d4139 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -4,46 +4,101 @@ require_once('config.php'); @mkdir(CONFIG_SESSION_DIR, 0700); @chmod(CONFIG_SESSION_DIR, 0700); +if (!is_writable(CONFIG_SESSION_DIR)) die('Config error: Session Path not writable!'); -session_set_save_handler('sh_open', 'sh_close', 'sh_read', 'sh_write', 'sh_destroy', 'sh_gc'); - -// Pretty much a reimplementation of the default session handler: Plain files -// Needs to be switched to db later - -function sh_open($path, $name) +class Session { - return true; -} + private static $sid = false; + private static $data = false; + + private static function generateSessionId() + { + if (self::$sid !== false) Util::traceError('Error: Asked to generate session id when already set.'); + self::$sid = sha1( + mt_rand(0, 65535) + . $_SERVER['REMOTE_ADDR'] + . mt_rand(0, 65535) + . $_SERVER['REMOTE_PORT'] + . $_SERVER['HTTP_USER_AGENT'] + . microtime(true) + . mt_rand(0, 65535) + ); + } -function sh_close() -{ - return true; -} + public static function createSession() + { + self::generateSessionId(); + self::$data = array(); + } -function sh_read($id) -{ - return (string)@file_get_contents(CONFIG_SESSION_DIR . '/slx-session-' . $id); -} + public static function loadSession() + { + // Try to load session id from cookie + if (!self::loadSessionId()) return false; + // Succeded, now try to load session data. If successful, job is done + if (self::readSessionData()) return true; + // Loading session data failed + self::delete(); + } -function sh_write($id, $data) -{ - return @file_put_contents(CONFIG_SESSION_DIR . '/slx-session-' . $id, $data); -} + public static function get($key) + { + if (!isset(self::$data[$key])) return false; + return self::$data[$key]; + } -function sh_destroy($id) -{ - return @unlink(CONFIG_SESSION_DIR . '/slx-session-' . $id); -} + public static function set($key, $value) + { + if (self::$data === false) Util::traceError('Tried to set session data with no active session'); + self::$data[$key] = $value; + } + + private static function loadSessionId() + { + if (self::$sid !== false) die('Error: Asked to load session id when already set.'); + if (empty($_COOKIE['sid'])) return false; + $id = preg_replace('/[^a-zA-Z0-9]/', '', $_COOKIE['sid']); + if (empty($id)) return false; + self::$sid = $id; + return true; + } + + public static function delete() + { + if (self::$sid === false) return; + @unlink(self::getSessionFile()); + @setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + self::$sid = false; + self::$data = false; + } + + private static function getSessionFile() + { + if (self::$sid === false) Util::traceError('Error: Tried to access session file when no session id was set.'); + return CONFIG_SESSION_DIR . '/' . self::$sid; + } -function sh_gc($maxAgeSeconds) -{ - $files = @glob(CONFIG_SESSION_DIR . '/slx-session-*'); - if (!is_array($files)) return false; - foreach ($files as $file) { - if (filemtime($file) + $maxAgeSeconds < time()) { - @unlink($file); - } - } - return true; + private static function readSessionData() + { + if (self::$data !== false) Util::traceError('Tried to call read session data twice'); + $sessionfile = self::getSessionFile(); + if (!is_readable($sessionfile) || filemtime($sessionfile) + CONFIG_SESSION_TIMEOUT < time()) { + @unlink($sessionfile); + return false; + } + self::$data = @unserialize(@file_get_contents($sessionfile)); + if (self::$data === false) return false; + return true; + } + + public static function save() + { + if (self::$sid === false || self::$data === false) return; //Util::traceError('Called saveSession with no active session'); + $sessionfile = self::getSessionFile(); + $ret = @file_put_contents($sessionfile, @serialize(self::$data)); + if (!$ret) Util::traceError('Storing session data in ' . $sessionfile . ' failed.'); + $ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)'); + } } |