Squiz Matrix  4.12.2
 All Data Structures Namespaces Functions Variables Pages
session_handler_default.inc
1 <?php
18 require_once SQ_CORE_PACKAGE_PATH.'/system/session_handling/session_handler/session_handler.inc';
19 
20 
35 {
36 
37 
42  function __construct()
43  {
44  parent::__construct();
45 
46  }//end constructor
47 
48 
60  public static function init()
61  {
62  // Calculate the domain and path for the session cookie.
63  $domain = strip_url(sq_web_path('root_url'), TRUE);
64  $pos = strpos($domain, '/');
65  $path = '/';
66  if ($pos !== FALSE) {
67  $path = substr($domain, $pos);
68  $domain = substr($domain, 0, $pos);
69  }
70 
71  // Remove the port number from the host part, if any.
72  // Session cookies cannot have a port in the domain.
73  $domain = preg_replace('|:\d+$|', '', $domain);
74 
75  $secure = FALSE;
76  if (current_protocol() === 'https' && (defined('SQ_CONF_COOKIE_OPTION_SECURE') && SQ_CONF_COOKIE_OPTION_SECURE)) $secure = TRUE;
77 
78  $http_only = FALSE;
79  $php_version_suits = (version_compare(PHP_VERSION, '5.2.0') >= 0);
80  if ($php_version_suits && (defined('SQ_CONF_COOKIE_OPTION_HTTP_ONLY') && SQ_CONF_COOKIE_OPTION_HTTP_ONLY)) $http_only = TRUE;
81  // Now, set to the default 'files' module and set the
82  // appropriate cookie parameters.
83  session_module_name('files');
84  if ($php_version_suits) {
85  session_set_cookie_params(0, $path, $domain, $secure, $http_only);
86  } else {
87  session_set_cookie_params(0, $path, $domain, $secure);
88  }
89  session_name('SQ_SYSTEM_SESSION');
90 
91  // If this config setting is ON, then we use the save path
92  // defined in php.ini. If OFF (default), we use the cache
93  // directory inside the Matrix install directory.
94  if (!SQ_CONF_USE_DEFAULT_SESSION_SAVE_PATH) {
95  if (SQ_CONF_CUSTOM_SESSION_SAVE_PATH !== '') {
96  $cache_path = SQ_CONF_CUSTOM_SESSION_SAVE_PATH;
97  } else {
98  $cache_path = SQ_CACHE_PATH;
99  }
100 
101  session_save_path($cache_path);
102  }
103 
104  }//end init()
105 
106 
118  function unserialiseSession($session_id)
119  {
120  $session_file = session_save_path().'/sess_'.$session_id;
121 
122  $session_str = file_get_contents($session_file);
123  // break the session at the word boundaries and the pipes
124  $parts = preg_split('/\w+\|/', $session_str, -1, PREG_SPLIT_OFFSET_CAPTURE);
125  $session_arr = Array();
126 
127  for ($i = 0; $i < count($parts); $i++) {
128  if ($i == count($parts) - 1) continue;
129  $offset = $parts[$i][1] + strlen($parts[$i][0]);
130  $len = $parts[$i + 1][1] - 1 - $offset;
131 
132  $key = substr($session_str, $offset, $len);
133  $session_arr[$key] = unserialize($parts[$i + 1][0]);
134  }
135  return $session_arr;
136 
137  }//end unserialiseSession()
138 
139 
149  function serialiseSession($session_id, $session_contents)
150  {
151  require_once SQ_FUDGE_PATH.'/general/file_system.inc';
152  $session_file = session_save_path().'/sess_'.$session_id;
153 
154  if (!file_exists($session_file)) {
155  trigger_localised_error('CORE0072', E_USER_WARNING, $session_file);
156  return FALSE;
157  }
158 
159  if (!is_array($session_contents)) {
160  trigger_localised_error('CORE0004', E_USER_WARNING, gettype($session_contents));
161  return FALSE;
162  }
163 
164  $session_str = '';
165  foreach ($session_contents as $key => $val) {
166  $session_str .= $key.'|'.serialize($val);
167  }
168 
169  if (!string_to_file($session_str, $session_file)) {
170  trigger_localised_error('CORE0021', E_USER_WARNING, $session_file);
171  return FALSE;
172  }
173  return TRUE;
174 
175  }//end serialiseSession()
176 
177 
185  public static function sessionExists($session_id)
186  {
187  $session_file = session_save_path().'/sess_'.$session_id;
188  return file_exists($session_file);
189 
190  }//end sessionExists()
191 
192 
205  public static function syncSession($pri_sessionid)
206  {
207  $pri_sess = self::unserialiseSession($pri_sessionid);
208 
209  if (!is_array($pri_sess)) {
210  // something is definately wrong
211  trigger_localised_error('CORE0071', E_USER_ERROR);
212  return FALSE;
213  }
214 
215  $pri_timestamp = array_get_index($pri_sess, 'SQ_SESSION_TIMESTAMP', -1);
216  $sec_timestamp = array_get_index($_SESSION, 'SQ_SESSION_TIMESTAMP', -1);
217  $pri_login_key = array_get_index($pri_sess, 'SQ_LOGIN_KEY', NULL);
218  $sec_login_key = array_get_index($_SESSION, 'SQ_LOGIN_KEY', NULL);
219 
220  // if primary is younger
221  if ($pri_timestamp > $sec_timestamp || $pri_timestamp == -1) {
222  // copy primary to secondary
223  $_SESSION = $pri_sess;
224  } else {
225  // copy secondary to primary
226  $pri_sess = $_SESSION;
227  }
228 
229  $now = time();
230  $pri_sess['SQ_SESSION_TIMESTAMP'] = $now;
231  $_SESSION['SQ_SESSION_TIMESTAMP'] = $now;
232 
233  // preserve login keys
234  if (!is_null($pri_login_key)) {
235  $pri_sess['SQ_LOGIN_KEY'] = $pri_login_key;
236  }
237  if (!is_null($sec_login_key)) {
238  $_SESSION['SQ_LOGIN_KEY'] = $sec_login_key;
239  }
240 
241  // save the sessionid of the primary so that we
242  // know that we have run this script before. We won't have to
243  // do anther browser refresh if we know this.
244  $_SESSION['PRIMARY_SESSIONID'] = $pri_sessionid;
245  $pri_sess['PRIMARY_SESSIONID'] = $pri_sessionid;
246 
247  // *** JEDI MIND TRICK *** you did not see us doing this... move along
248  if (!self::serialiseSession($pri_sessionid, $pri_sess)) {
249  trigger_localised_error('CORE0020', E_USER_ERROR);
250  return FALSE;
251  }
252  return TRUE;
253 
254  }//end syncSession()
255 
256 
257 }//end class
258 
259 
260 ?>