FishEye: file osCommerce/branches/hpdl/oscommerce/includes/classes/session.php

Annotated File View

hpdl	1	1	<?php
hpdl	1	2	/*
hpdl	1846	3	$Id: session.php 1846 2009-02-27 14:40:55Z hpdl $
hpdl	1	4
		5	osCommerce, Open Source E-Commerce Solutions
		6	http://www.oscommerce.com
		7
hpdl	1846	8	Copyright (c) 2009 osCommerce
hpdl	1	9
hpdl	1497	10	This program is free software; you can redistribute it and/or modify
		11	it under the terms of the GNU General Public License v2 (1991)
		12	as published by the Free Software Foundation.
hpdl	1	13	*/
hpdl	1	14
hpdl	1666	15	/**
		16	* The osC_Session class manages the session data and custom storage handlers
		17	*/
		18
hpdl	1	19	class osC_Session {
hpdl	1	20
hpdl	1666	21	/**
		22	* Holds the session cookie parameters (lifetime, path, domain, secure, httponly)
		23	*
		24	* @var array
		25	* @access protected
		26	*/
hpdl	1	27
hpdl	1666	28	protected $_cookie_parameters = array();
hpdl	1	29
hpdl	1666	30	/**
		31	* Defines if the session has been started or not
		32	*
		33	* @var boolean
		34	* @access protected
		35	*/
hpdl	1106	36
hpdl	1666	37	protected $_is_started = false;
		38
		39	/**
		40	* Holds the name of the session
		41	*
		42	* @var string
		43	* @access protected
		44	*/
		45
		46	protected $_name = 'osCsid';
		47
		48	/**
		49	* Holds the session id
		50	*
		51	* @var string
		52	* @access protected
		53	*/
		54
		55	protected $_id = null;
		56
		57	/**
		58	* Holds the file system save path for file based session storage
		59	*
		60	* @var string
		61	* @access protected
		62	*/
		63
		64	protected $_save_path = DIR_FS_WORK;
		65
		66	/**
		67	* Constructor, loads custom session handle module if defined
		68	*
		69	* @param string $name The name of the session
		70	* @access public
		71	*/
		72
		73	public function __construct($name = null) {
		74	$this->setName($name);
hpdl	1673	75	$this->setCookieParameters();
hpdl	1668	76
		77	if ( SERVICE_SESSION_EXPIRATION_TIME > 0 ) {
		78	ini_set('session.gc_maxlifetime', SERVICE_SESSION_EXPIRATION_TIME * 60);
		79	}
hpdl	1	80
hpdl	1846	81	register_shutdown_function(array($this, 'close'));
hpdl	1666	82	}
		83
		84	/**
hpdl	1667	85	* Loads the session storage handler
		86	*
		87	* @param string $name The name of the session
		88	* @access public
		89	*/
		90
		91	public static function load($name = null) {
		92	$class_name = 'osC_Session';
		93
		94	if ( !osc_empty(basename(STORE_SESSIONS)) && file_exists(dirname(__FILE__) . '/session/' . basename(STORE_SESSIONS) . '.php') ) {
		95	include(dirname(__FILE__) . '/session/' . basename(STORE_SESSIONS) . '.php');
		96
		97	$class_name = 'osC_Session_' . basename(STORE_SESSIONS);
		98	}
		99
		100	return new $class_name($name);
		101	}
		102
		103	/**
hpdl	1666	104	* Verify an existing session ID and create or resume the session if the existing session ID is valid
		105	*
		106	* @access public
		107	* @return boolean
		108	*/
		109
		110	public function start() {
hpdl	1	111	$sane_session_id = true;
hpdl	1	112
hpdl	1666	113	if ( isset($_GET[$this->_name]) && (empty($_GET[$this->_name]) \|\| (ctype_alnum($_GET[$this->_name]) === false)) ) {
hpdl	199	114	$sane_session_id = false;
hpdl	1666	115	} elseif ( isset($_POST[$this->_name]) && (empty($_POST[$this->_name]) \|\| (ctype_alnum($_POST[$this->_name]) === false)) ) {
hpdl	199	116	$sane_session_id = false;
hpdl	1666	117	} elseif ( isset($_COOKIE[$this->_name]) && (empty($_COOKIE[$this->_name]) \|\| (ctype_alnum($_COOKIE[$this->_name]) === false)) ) {
hpdl	199	118	$sane_session_id = false;
hpdl	199	119	}
hpdl	1	120
hpdl	1666	121	if ( $sane_session_id === false ) {
		122	if ( isset($_COOKIE[$this->_name]) ) {
		123	setcookie($this->_name, '', time()-42000, $this->getCookieParameters('path'), $this->getCookieParameters('domain'));
hpdl	1	124	}
hpdl	1	125
hpdl	725	126	osc_redirect(osc_href_link(FILENAME_DEFAULT, null, 'NONSSL', false));
hpdl	1666	127	} elseif ( session_start() ) {
		128	$this->_is_started = true;
		129	$this->_id = session_id();
hpdl	1	130
		131	return true;
		132	}
		133
		134	return false;
		135	}
		136
hpdl	1666	137	/**
		138	* Checks if the session has been started or not
		139	*
		140	* @access public
		141	* @return boolean
		142	*/
		143
		144	public function hasStarted() {
hpdl	199	145	return $this->_is_started;
hpdl	1	146	}
hpdl	1	147
hpdl	1666	148	/**
		149	* Closes the session and writes the session data to the storage handler
		150	*
		151	* @access public
		152	*/
hpdl	1	153
hpdl	1666	154	public function close() {
		155	if ( $this->_is_started === true ) {
		156	$this->_is_started = false;
		157
		158	return session_write_close();
hpdl	1	159	}
hpdl	1666	160	}
hpdl	1	161
hpdl	1666	162	/**
		163	* Deletes an existing session
		164	*
		165	* @access public
		166	*/
		167
		168	public function destroy() {
		169	if ( $this->_is_started === true ) {
		170	if ( isset($_COOKIE[$this->_name]) ) {
		171	setcookie($this->_name, '', time()-42000, $this->getCookieParameters('path'), $this->getCookieParameters('domain'));
hpdl	1	172	}
hpdl	1666	173
hpdl	1667	174	$this->delete();
hpdl	1666	175
hpdl	1666	176	return session_destroy();
hpdl	1	177	}
		178	}
		179
hpdl	1666	180	/**
		181	* Deletes an existing session from the storage handler
		182	*
hpdl	1667	183	* @param string $id The ID of the session
hpdl	1667	184	* @access public
hpdl	1666	185	*/
hpdl	1	186
hpdl	1667	187	public function delete($id = null) {
		188	if ( empty($id) ) {
		189	$id = $this->_id;
hpdl	1666	190	}
hpdl	1667	191
		192	if ( file_exists($this->_save_path . '/' . $id) ) {
		193	@unlink($this->_save_path . '/' . $id);
		194	}
hpdl	1666	195	}
hpdl	1	196
hpdl	1666	197	/**
		198	* Delete an existing session and move the session data to a new session with a new session ID
		199	*
		200	* @access public
		201	*/
hpdl	1	202
hpdl	1666	203	public function recreate() {
		204	if ( $this->_is_started === true ) {
		205	return session_regenerate_id(true);
		206	}
		207	}
hpdl	1	208
hpdl	1666	209	/**
		210	* Return the session file based storage location
		211	*
		212	* @access public
		213	* @return string
		214	*/
hpdl	1	215
hpdl	1666	216	public function getSavePath() {
hpdl	199	217	return $this->_save_path;
hpdl	1	218	}
hpdl	1	219
hpdl	1666	220	/**
		221	* Return the session ID
		222	*
		223	* @access public
		224	* @return string
		225	*/
		226
		227	public function getID() {
hpdl	199	228	return $this->_id;
		229	}
		230
hpdl	1666	231	/**
		232	* Return the name of the session
		233	*
		234	* @access public
		235	* @return string
		236	*/
		237
		238	public function getName() {
hpdl	199	239	return $this->_name;
		240	}
		241
hpdl	1666	242	/**
		243	* Sets the name of the session
		244	*
hpdl	1673	245	* @param string $name The name of the session
hpdl	1666	246	* @access public
		247	*/
		248
		249	public function setName($name) {
		250	if ( empty($name) ) {
		251	$name = 'osCsid';
		252	}
		253
hpdl	1	254	session_name($name);
hpdl	1	255
hpdl	199	256	$this->_name = session_name();
hpdl	1	257	}
hpdl	1	258
hpdl	1666	259	/**
		260	* Sets the storage location for the file based storage handler
		261	*
hpdl	1673	262	* @param string $path The file path to store the session data in
hpdl	1666	263	* @access public
hpdl	1666	264	*/
hpdl	1	265
hpdl	1666	266	public function setSavePath($path) {
hpdl	1666	267	if ( substr($path, -1) == '/' ) {
hpdl	1	268	$path = substr($path, 0, -1);
		269	}
		270
		271	session_save_path($path);
		272
hpdl	199	273	$this->_save_path = session_save_path();
hpdl	1	274	}
hpdl	1	275
hpdl	1666	276	/**
		277	* Sets the cookie parameters for the session (lifetime, path, domain, secure, httponly)
		278	*
hpdl	1673	279	* @param integer $lifetime The amount of minutes to keep a cookie active for
		280	* @param string $path The web path of the online store to limit cookies to
		281	* @param string $domain The domain of the online store to limit cookies to
		282	* @param boolean $secure Only access cookies over a secure HTTPS connection
		283	* @param boolean $httponly Only access cookies over a HTTP protocol (disallows javascript access to cookies)
		284	* @access public
hpdl	1666	285	*/
hpdl	1	286
hpdl	1673	287	public function setCookieParameters($lifetime = null, $path = null, $domain = null, $secure = false, $httponly = false) {
hpdl	1	288	global $request_type;
hpdl	1	289
hpdl	1668	290	if ( !is_numeric($lifetime) ) {
hpdl	1673	291	$lifetime = SERVICE_SESSION_EXPIRATION_TIME * 60;
hpdl	1668	292	}
hpdl	1668	293
hpdl	1666	294	if ( empty($path) ) {
hpdl	1	295	$path = (($request_type == 'NONSSL') ? HTTP_COOKIE_PATH : HTTPS_COOKIE_PATH);
		296	}
		297
hpdl	1666	298	if ( empty($domain) ) {
hpdl	1	299	$domain = (($request_type == 'NONSSL') ? HTTP_COOKIE_DOMAIN : HTTPS_COOKIE_DOMAIN);
		300	}
		301
hpdl	1666	302	return session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly);
hpdl	1	303	}
hpdl	1	304
hpdl	1666	305	/**
		306	* Returns the cookie parameters for the session (lifetime, path, domain, secure, httponly)
		307	*
hpdl	1673	308	* @param string $key If specified, return only the value of this cookie parameter setting
hpdl	1666	309	* @access public
		310	*/
		311
		312	public function getCookieParameters($key = null) {
		313	if ( empty($this->_cookie_parameters) ) {
hpdl	1	314	$this->_cookie_parameters = session_get_cookie_params();
		315	}
		316
hpdl	1673	317	if ( !empty($key) ) {
hpdl	1	318	return $this->_cookie_parameters[$key];
		319	}
		320
		321	return $this->_cookie_parameters;
		322	}
		323	}
		324	?>

FishEye

View

Diff

Annotations

Annotated File View