2010-07-01 23:48:07 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
// Session management functions. These provide database storage of PHP
|
|
|
|
// session info.
|
|
|
|
|
|
|
|
$session_exists = 0;
|
|
|
|
$session_expire = 180000;
|
|
|
|
|
2013-11-02 09:49:44 +00:00
|
|
|
if(! function_exists('ref_session_open')) {
|
2010-07-01 23:48:07 +00:00
|
|
|
function ref_session_open ($s,$n) {
|
2015-12-07 20:52:42 +00:00
|
|
|
return true;
|
2010-07-01 23:48:07 +00:00
|
|
|
}}
|
|
|
|
|
2013-11-02 09:49:44 +00:00
|
|
|
if(! function_exists('ref_session_read')) {
|
2010-07-01 23:48:07 +00:00
|
|
|
function ref_session_read ($id) {
|
2015-12-07 20:52:42 +00:00
|
|
|
global $session_exists;
|
|
|
|
if(x($id))
|
|
|
|
$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
|
|
|
|
|
|
|
|
if(count($r)) {
|
|
|
|
$session_exists = true;
|
|
|
|
return $r[0]['data'];
|
|
|
|
} else {
|
|
|
|
logger("no data for session $id", LOGGER_TRACE);
|
|
|
|
}
|
|
|
|
return '';
|
2010-07-01 23:48:07 +00:00
|
|
|
}}
|
|
|
|
|
2016-10-29 02:14:51 +00:00
|
|
|
/**
|
|
|
|
* @brief Standard PHP session write callback
|
|
|
|
*
|
|
|
|
* This callback updates the DB-stored session data and/or the expiration depending
|
|
|
|
* on the case. Uses the $session_expire global for existing session, 5 minutes
|
|
|
|
* for newly created session.
|
|
|
|
*
|
|
|
|
* @global bool $session_exists Whether a session with the given id already exists
|
|
|
|
* @global int $session_expire Session expiration delay in seconds
|
|
|
|
* @param string $id Session ID with format: [a-z0-9]{26}
|
|
|
|
* @param string $data Serialized session data
|
|
|
|
* @return boolean Returns false if parameters are missing, true otherwise
|
|
|
|
*/
|
|
|
|
function ref_session_write($id, $data) {
|
2015-12-07 20:52:42 +00:00
|
|
|
global $session_exists, $session_expire;
|
|
|
|
|
2016-10-29 02:14:51 +00:00
|
|
|
if (!$id || !$data) {
|
2015-12-07 20:52:42 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$expire = time() + $session_expire;
|
|
|
|
$default_expire = time() + 300;
|
|
|
|
|
2016-10-29 02:14:51 +00:00
|
|
|
if ($session_exists) {
|
2015-12-07 20:52:42 +00:00
|
|
|
$r = q("UPDATE `session`
|
|
|
|
SET `data` = '%s'
|
2016-10-29 02:15:24 +00:00
|
|
|
WHERE `data` != '%s' AND `sid` = '%s'",
|
2015-12-07 20:52:42 +00:00
|
|
|
dbesc($data), dbesc($data), dbesc($id));
|
|
|
|
|
|
|
|
$r = q("UPDATE `session`
|
|
|
|
SET `expire` = '%s'
|
2016-10-29 02:15:24 +00:00
|
|
|
WHERE `expire` != '%s' AND `sid` = '%s'",
|
2015-12-07 20:52:42 +00:00
|
|
|
dbesc($expire), dbesc($expire), dbesc($id));
|
2016-10-29 02:14:51 +00:00
|
|
|
} else {
|
2015-12-07 20:52:42 +00:00
|
|
|
$r = q("INSERT INTO `session`
|
|
|
|
SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
|
|
|
|
dbesc($id), dbesc($default_expire), dbesc($data));
|
2016-10-29 02:14:51 +00:00
|
|
|
}
|
2015-12-07 20:52:42 +00:00
|
|
|
|
|
|
|
return true;
|
2016-10-29 02:14:51 +00:00
|
|
|
}
|
2010-07-01 23:48:07 +00:00
|
|
|
|
2013-11-02 09:49:44 +00:00
|
|
|
if(! function_exists('ref_session_close')) {
|
2010-07-01 23:48:07 +00:00
|
|
|
function ref_session_close() {
|
2015-12-07 20:52:42 +00:00
|
|
|
return true;
|
2010-07-01 23:48:07 +00:00
|
|
|
}}
|
|
|
|
|
2013-11-02 09:49:44 +00:00
|
|
|
if(! function_exists('ref_session_destroy')) {
|
2010-07-01 23:48:07 +00:00
|
|
|
function ref_session_destroy ($id) {
|
2015-12-07 20:52:42 +00:00
|
|
|
q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
|
|
|
|
return true;
|
2010-07-01 23:48:07 +00:00
|
|
|
}}
|
|
|
|
|
2013-11-02 09:49:44 +00:00
|
|
|
if(! function_exists('ref_session_gc')) {
|
2010-07-01 23:48:07 +00:00
|
|
|
function ref_session_gc($expire) {
|
2015-12-07 20:52:42 +00:00
|
|
|
q("DELETE FROM `session` WHERE `expire` < %d", dbesc(time()));
|
|
|
|
return true;
|
2010-07-01 23:48:07 +00:00
|
|
|
}}
|
|
|
|
|
|
|
|
$gc_probability = 50;
|
|
|
|
|
|
|
|
ini_set('session.gc_probability', $gc_probability);
|
|
|
|
ini_set('session.use_only_cookies', 1);
|
|
|
|
ini_set('session.cookie_httponly', 1);
|
|
|
|
|
2015-12-22 10:25:37 +00:00
|
|
|
if (!get_config('system', 'disable_database_session'))
|
|
|
|
session_set_save_handler('ref_session_open', 'ref_session_close',
|
|
|
|
'ref_session_read', 'ref_session_write',
|
|
|
|
'ref_session_destroy', 'ref_session_gc');
|