  |
1 | 1 | | <?php |
| |
2 | 2 | | /* |
 |
3 | | - | $Id: session.php 153 2005-08-04 12:57:59Z hpdl $ |
| |
| 3 | + | $Id: session.php 199 2005-09-22 15:56:13Z hpdl $ |
|
4 | 4 | | |
| |
5 | 5 | | osCommerce, Open Source E-Commerce Solutions |
| |
6 | 6 | | http://www.oscommerce.com |
| |
7 | 7 | | |
|
8 | | - | Copyright (c) 2004 osCommerce |
| |
| 8 | + | Copyright (c) 2005 osCommerce |
|
9 | 9 | | |
| |
10 | 10 | | Released under the GNU General Public License |
| |
11 | 11 | | */ |
| |
12 | 12 | | |
| |
13 | 13 | | class osC_Session { |
|
14 | | - | var $is_started, |
| |
15 | | - | $save_path, |
| |
16 | | - | $name, |
| |
17 | | - | $id; |
|
18 | 14 | | |
| |
19 | 15 | | /* Private variables */ |
|
20 | | - | var $_cookie_parameters; |
| |
| 16 | + | var $_cookie_parameters, |
| |
| 17 | + | $_is_started = false, |
| |
| 18 | + | $_id, |
| |
| 19 | + | $_name, |
| |
| 20 | + | $_save_path; |
|
21 | 21 | | |
| |
22 | 22 | | // class constructor |
|
23 | | - | function osC_Session() { |
| |
24 | | - | $this->setName('osCsid'); |
| |
| 23 | + | function osC_Session($name = 'sid') { |
| |
| 24 | + | $this->setName($name); |
|
25 | 25 | | $this->setSavePath(DIR_FS_WORK); |
| |
26 | 26 | | $this->setCookieParameters(); |
| |
27 | 27 | | |
| |
|
|
 |
… |
|
33 | 33 | | array(&$this, '_destroy'), |
| |
34 | 34 | | array(&$this, '_gc')); |
| |
35 | 35 | | } |
|
36 | | - | |
| |
37 | | - | $this->setStarted(false); |
|
38 | 36 | | } |
| |
39 | 37 | | |
| |
40 | 38 | | // class methods |
| |
41 | 39 | | function start() { |
| |
42 | 40 | | $sane_session_id = true; |
| |
43 | 41 | | |
|
44 | | - | if (isset($_GET[$this->name])) { |
| |
45 | | - | if (preg_match('/^[a-zA-Z0-9]+$/', $_GET[$this->name]) == false) { |
| |
46 | | - | unset($_GET[$this->name]); |
| |
| 42 | + | if (isset($_GET[$this->_name]) && (osc_empty($_GET[$this->_name]) || (ctype_alnum($_GET[$this->_name]) === false))) { |
| |
| 43 | + | $sane_session_id = false; |
| |
| 44 | + | } elseif (isset($_POST[$this->_name]) && (osc_empty($_POST[$this->_name]) || (ctype_alnum($_POST[$this->_name]) === false))) { |
| |
| 45 | + | $sane_session_id = false; |
| |
| 46 | + | } elseif (isset($_COOKIE[$this->_name]) && (osc_empty($_COOKIE[$this->_name]) || (ctype_alnum($_COOKIE[$this->_name]) === false))) { |
| |
| 47 | + | $sane_session_id = false; |
| |
| 48 | + | } |
|
47 | 49 | | |
|
48 | | - | $sane_session_id = false; |
| |
| 50 | + | if ($sane_session_id === false) { |
| |
| 51 | + | if (isset($_COOKIE[$this->_name])) { |
| |
| 52 | + | setcookie($this->getName(), '', time()-42000, $this->getCookieParameters('path'), $this->getCookieParameters('domain')); |
|
49 | 53 | | } |
|
50 | | - | } elseif (isset($_POST[$this->name])) { |
| |
51 | | - | if (preg_match('/^[a-zA-Z0-9]+$/', $_POST[$this->name]) == false) { |
| |
52 | | - | unset($_POST[$this->name]); |
|
53 | 54 | | |
|
54 | | - | $sane_session_id = false; |
| |
55 | | - | } |
| |
56 | | - | } elseif (isset($_COOKIE[$this->name])) { |
| |
57 | | - | if (preg_match('/^[a-zA-Z0-9]+$/', $_COOKIE[$this->name]) == false) { |
| |
58 | | - | unset($_COOKIE[$this->name]); |
| |
59 | | - | |
| |
60 | | - | $sane_session_id = false; |
| |
61 | | - | } |
| |
62 | | - | } |
| |
63 | | - | |
| |
64 | | - | if ($sane_session_id == false) { |
|
65 | 55 | | tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); |
| |
66 | 56 | | } elseif (session_start()) { |
| |
67 | 57 | | $this->setStarted(true); |
|
68 | | - | |
|
69 | 58 | | $this->setID(); |
| |
70 | 59 | | |
| |
71 | 60 | | return true; |
| |
|
|
|
… |
|
74 | 63 | | return false; |
| |
75 | 64 | | } |
| |
76 | 65 | | |
|
77 | | - | function exists($variable) { |
| |
78 | | - | if (isset($_SESSION[$variable])) { |
| |
79 | | - | return true; |
| |
80 | | - | } |
| |
81 | | - | |
| |
82 | | - | return false; |
| |
| 66 | + | function hasStarted() { |
| |
| 67 | + | return $this->_is_started; |
|
83 | 68 | | } |
| |
84 | 69 | | |
|
85 | | - | function set($variable, &$value) { |
| |
86 | | - | if ($this->is_started == true) { |
| |
87 | | - | $_SESSION[$variable] = $value; |
| |
88 | | - | |
| |
89 | | - | return true; |
| |
90 | | - | } |
| |
91 | | - | |
| |
92 | | - | return false; |
| |
93 | | - | } |
| |
94 | | - | |
| |
95 | | - | function remove($variable) { |
| |
96 | | - | if ($this->exists($variable)) { |
| |
97 | | - | unset($_SESSION[$variable]); |
| |
98 | | - | |
| |
99 | | - | return true; |
| |
100 | | - | } |
| |
101 | | - | |
| |
102 | | - | return false; |
| |
103 | | - | } |
| |
104 | | - | |
| |
105 | | - | function &value($variable) { |
| |
106 | | - | if (isset($_SESSION[$variable])) { |
| |
107 | | - | return $_SESSION[$variable]; |
| |
108 | | - | } |
| |
109 | | - | |
| |
110 | | - | return false; |
| |
111 | | - | } |
| |
112 | | - | |
|
113 | 70 | | function close() { |
|
114 | | - | if (function_exists('session_write_close')) { |
| |
115 | | - | return session_write_close(); |
| |
116 | | - | } |
| |
117 | | - | |
| |
118 | | - | return true; |
| |
| 71 | + | return session_write_close(); |
|
119 | 72 | | } |
| |
120 | 73 | | |
| |
121 | 74 | | function destroy() { |
|
122 | | - | if (isset($_COOKIE[$this->name])) { |
| |
123 | | - | unset($_COOKIE[$this->name]); |
| |
| 75 | + | if (isset($_COOKIE[$this->_name])) { |
| |
| 76 | + | unset($_COOKIE[$this->_name]); |
|
124 | 77 | | } |
| |
125 | 78 | | |
| |
126 | 79 | | if (STORE_SESSIONS == '') { |
|
127 | | - | if (file_exists($this->save_path . $this->id)) { |
| |
128 | | - | @unlink($this->save_path . $this->id); |
| |
| 80 | + | if (file_exists($this->_save_path . $this->_id)) { |
| |
| 81 | + | @unlink($this->_save_path . $this->_id); |
|
129 | 82 | | } |
| |
130 | 83 | | } |
| |
131 | 84 | | |
| |
|
|
|
… |
|
147 | 100 | | } |
| |
148 | 101 | | |
| |
149 | 102 | | function getSavePath() { |
|
150 | | - | return $this->save_path; |
| |
| 103 | + | return $this->_save_path; |
|
151 | 104 | | } |
| |
152 | 105 | | |
|
| 106 | + | function getID() { |
| |
| 107 | + | return $this->_id; |
| |
| 108 | + | } |
| |
| 109 | + | |
| |
| 110 | + | function getName() { |
| |
| 111 | + | return $this->_name; |
| |
| 112 | + | } |
| |
| 113 | + | |
|
153 | 114 | | function setName($name) { |
| |
154 | 115 | | session_name($name); |
| |
155 | 116 | | |
|
156 | | - | $this->name = session_name(); |
| |
157 | | - | |
| |
158 | | - | return true; |
| |
| 117 | + | $this->_name = session_name(); |
|
159 | 118 | | } |
| |
160 | 119 | | |
| |
161 | 120 | | function setID() { |
|
162 | | - | $this->id = session_id(); |
| |
163 | | - | |
| |
164 | | - | return true; |
| |
| 121 | + | $this->_id = session_id(); |
|
165 | 122 | | } |
| |
166 | 123 | | |
| |
167 | 124 | | function setSavePath($path) { |
| |
|
|
|
… |
|
171 | 128 | | |
| |
172 | 129 | | session_save_path($path); |
| |
173 | 130 | | |
|
174 | | - | $this->save_path = session_save_path(); |
| |
175 | | - | |
| |
176 | | - | return true; |
| |
| 131 | + | $this->_save_path = session_save_path(); |
|
177 | 132 | | } |
| |
178 | 133 | | |
| |
179 | 134 | | function setStarted($state) { |
|
180 | | - | if ($state == true) { |
| |
181 | | - | $this->is_started = true; |
| |
| 135 | + | if ($state === true) { |
| |
| 136 | + | $this->_is_started = true; |
|
182 | 137 | | } else { |
|
183 | | - | $this->is_started = false; |
| |
| 138 | + | $this->_is_started = false; |
|
184 | 139 | | } |
| |
185 | 140 | | } |
| |
186 | 141 | | |