Просмотр файла news/libraries/db/sql/session.php

Конкурс дизайнеров на 15000 рублей
Реклама ваших сайтов
Размер файла: 3.97Kb 
  1. <?php
  2.  
  3. /*
  4. 	Copyright (c) 2009-2014 F3::Factory/Bong Cosca, All rights reserved.
  5.  
  6. 	This file is part of the Fat-Free Framework (http://fatfree.sf.net).
  7.  
  8. 	THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF
  9. 	ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
  10. 	IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
  11. 	PURPOSE.
  12.  
  13. 	Please see the license.txt file for more information.
  14. */
  15.  
  16. namespace DB\SQL;
  17.  
  18. //! SQL-managed session handler
  19. class Session extends Mapper {
  20.  
  21. 	protected
  22. 		//! Session ID
  23. 		$sid;
  24.  
  25. 	/**
  26. 	*	Open session
  27. 	*	@return TRUE
  28. 	*	@param $path string
  29. 	*	@param $name string
  30. 	**/
  31. 	function open($path,$name) {
  32. 		return TRUE;
  33. 	}
  34.  
  35. 	/**
  36. 	*	Close session
  37. 	*	@return TRUE
  38. 	**/
  39. 	function close() {
  40. 		return TRUE;
  41. 	}
  42.  
  43. 	/**
  44. 	*	Return session data in serialized format
  45. 	*	@return string|FALSE
  46. 	*	@param $id string
  47. 	**/
  48. 	function read($id) {
  49. 		if ($id!=$this->sid)
  50. 			$this->load(array('session_id=?',$this->sid=$id));
  51. 		return $this->dry()?FALSE:$this->get('data');
  52. 	}
  53.  
  54. 	/**
  55. 	*	Write session data
  56. 	*	@return TRUE
  57. 	*	@param $id string
  58. 	*	@param $data string
  59. 	**/
  60. 	function write($id,$data) {
  61. 		$fw=\Base::instance();
  62. 		$sent=headers_sent();
  63. 		$headers=$fw->get('HEADERS');
  64. 		if ($id!=$this->sid)
  65. 			$this->load(array('session_id=?',$this->sid=$id));
  66. 		$csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'.
  67. 			$fw->hash(mt_rand());
  68. 		$this->set('session_id',$id);
  69. 		$this->set('data',$data);
  70. 		$this->set('csrf',$sent?$this->csrf():$csrf);
  71. 		$this->set('ip',$fw->get('IP'));
  72. 		$this->set('agent',
  73. 			isset($headers['User-Agent'])?$headers['User-Agent']:'');
  74. 		$this->set('stamp',time());
  75. 		$this->save();
  76. 		return TRUE;
  77. 	}
  78.  
  79. 	/**
  80. 	*	Destroy session
  81. 	*	@return TRUE
  82. 	*	@param $id string
  83. 	**/
  84. 	function destroy($id) {
  85. 		$this->erase(array('session_id=?',$id));
  86. 		setcookie(session_name(),'',strtotime('-1 year'));
  87. 		unset($_COOKIE[session_name()]);
  88. 		header_remove('Set-Cookie');
  89. 		return TRUE;
  90. 	}
  91.  
  92. 	/**
  93. 	*	Garbage collector
  94. 	*	@return TRUE
  95. 	*	@param $max int
  96. 	**/
  97. 	function cleanup($max) {
  98. 		$this->erase(array('stamp+?<?',$max,time()));
  99. 		return TRUE;
  100. 	}
  101.  
  102. 	/**
  103. 	*	Return anti-CSRF token
  104. 	*	@return string|FALSE
  105. 	**/
  106. 	function csrf() {
  107. 		return $this->dry()?FALSE:$this->get('csrf');
  108. 	}
  109.  
  110. 	/**
  111. 	*	Return IP address
  112. 	*	@return string|FALSE
  113. 	**/
  114. 	function ip() {
  115. 		return $this->dry()?FALSE:$this->get('ip');
  116. 	}
  117.  
  118. 	/**
  119. 	*	Return Unix timestamp
  120. 	*	@return string|FALSE
  121. 	**/
  122. 	function stamp() {
  123. 		return $this->dry()?FALSE:$this->get('stamp');
  124. 	}
  125.  
  126. 	/**
  127. 	*	Return HTTP user agent
  128. 	*	@return string|FALSE
  129. 	**/
  130. 	function agent() {
  131. 		return $this->dry()?FALSE:$this->get('agent');
  132. 	}
  133.  
  134. 	/**
  135. 	*	Instantiate class
  136. 	*	@param $db object
  137. 	*	@param $table string
  138. 	*	@param $force bool
  139. 	**/
  140. 	function __construct(\DB\SQL $db,$table='sessions',$force=TRUE) {
  141. 		if ($force)
  142. 			$db->exec(
  143. 				(preg_match('/mssql|sqlsrv|sybase/',$db->driver())?
  144. 					('IF NOT EXISTS (SELECT * FROM sysobjects WHERE '.
  145. 						'name='.$db->quote($table).' AND xtype=\'U\') '.
  146. 						'CREATE TABLE dbo.'):
  147. 					('CREATE TABLE IF NOT EXISTS '.
  148. 						(($name=$db->name())?($name.'.'):''))).
  149. 				$table.' ('.
  150. 					'session_id VARCHAR(40),'.
  151. 					'data TEXT,'.
  152. 					'csrf TEXT,'.
  153. 					'ip VARCHAR(40),'.
  154. 					'agent VARCHAR(255),'.
  155. 					'stamp INTEGER,'.
  156. 					'PRIMARY KEY(session_id)'.
  157. 				');'
  158. 			);
  159. 		parent::__construct($db,$table);
  160. 		session_set_save_handler(
  161. 			array($this,'open'),
  162. 			array($this,'close'),
  163. 			array($this,'read'),
  164. 			array($this,'write'),
  165. 			array($this,'destroy'),
  166. 			array($this,'cleanup')
  167. 		);
  168. 		register_shutdown_function('session_commit');
  169. 		@session_start();
  170. 		$fw=\Base::instance();
  171. 		$headers=$fw->get('HEADERS');
  172. 		if (($ip=$this->ip()) && $ip!=$fw->get('IP') ||
  173. 			($agent=$this->agent()) &&
  174. 			(!isset($headers['User-Agent']) ||
  175. 				$agent!=$headers['User-Agent'])) {
  176. 			session_destroy();
  177. 			$fw->error(403);
  178. 		}
  179. 		$csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'.
  180. 			$fw->hash(mt_rand());
  181. 		if ($this->load(array('session_id=?',$this->sid=session_id()))) {
  182. 			$this->set('csrf',$csrf);
  183. 			$this->save();
  184. 		}
  185. 	}
  186.  
  187. }