1: <?php
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22: 23: 24: 25: 26: 27: 28: 29: 30: 31:
32:
33: 34:
35:
36:
37: ini_set('session.save_handler', 'user');
38: ini_set('session.name', 'PHPSESSID');
39:
40:
41: ini_set('session.use_cookies', true);
42:
43: 44: 45: 46: 47: 48:
49: function F_session_open($save_path, $session_name)
50: {
51: return true;
52: }
53:
54: 55: 56: 57: 58:
59: function F_session_close()
60: {
61: F_session_gc();
62: return true;
63: }
64:
65: 66: 67: 68: 69:
70: function F_session_read($key)
71: {
72: global $db;
73: $key = F_escape_sql($db, $key);
74: $sql = 'SELECT cpsession_data
75: FROM '.K_TABLE_SESSIONS.'
76: WHERE cpsession_id=\''.$key.'\'
77: AND cpsession_expiry>=\''.date(K_TIMESTAMP_FORMAT).'\'
78: LIMIT 1';
79: if ($r = F_db_query($sql, $db)) {
80: if ($m = F_db_fetch_array($r)) {
81: return $m['cpsession_data'];
82: } else {
83: return('');
84: }
85: }
86: return('');
87: }
88:
89: 90: 91: 92: 93: 94:
95: function F_session_write($key, $val)
96: {
97: global $db;
98: if ((!isset($db)) or (!$db)) {
99:
100: if (!$db = @F_db_connect(K_DATABASE_HOST, K_DATABASE_PORT, K_DATABASE_USER_NAME, K_DATABASE_USER_PASSWORD, K_DATABASE_NAME)) {
101: return;
102: }
103: }
104: $key = F_escape_sql($db, $key);
105: $val = F_escape_sql($db, $val);
106: $expiry = date(K_TIMESTAMP_FORMAT, (time() + K_SESSION_LIFE));
107:
108: $sql = 'SELECT cpsession_id
109: FROM '.K_TABLE_SESSIONS.'
110: WHERE cpsession_id=\''.$key.'\'
111: LIMIT 1';
112: if ($r = F_db_query($sql, $db)) {
113: if ($m = F_db_fetch_array($r)) {
114:
115: $sqlup = 'UPDATE '.K_TABLE_SESSIONS.' SET
116: cpsession_expiry=\''.$expiry.'\',
117: cpsession_data=\''.$val.'\'
118: WHERE cpsession_id=\''.$key.'\'';
119: } else {
120:
121: $sqlup = 'INSERT INTO '.K_TABLE_SESSIONS.' (
122: cpsession_id,
123: cpsession_expiry,
124: cpsession_data
125: ) VALUES (
126: \''.$key.'\',
127: \''.$expiry.'\',
128: \''.$val.'\'
129: )';
130: }
131: return F_db_query($sqlup, $db);
132: }
133: return false;
134: }
135:
136: 137: 138: 139: 140:
141: function F_session_destroy($key)
142: {
143: global $db;
144: $key = F_escape_sql($db, $key);
145: $sql = 'DELETE FROM '.K_TABLE_SESSIONS.' WHERE cpsession_id=\''.$key.'\'';
146: return F_db_query($sql, $db);
147: }
148:
149: 150: 151: 152: 153: 154:
155: function F_session_gc()
156: {
157: global $db;
158: $expiry_time = date(K_TIMESTAMP_FORMAT);
159: $sql = 'DELETE FROM '.K_TABLE_SESSIONS.' WHERE cpsession_expiry<=\''.$expiry_time.'\'';
160: if (!$r = F_db_query($sql, $db)) {
161: return false;
162: }
163: return F_db_affected_rows($db, $r);
164: }
165:
166: 167: 168: 169: 170: 171: 172:
173: function F_session_string_to_array($sd)
174: {
175: $sess_array = array();
176: $vars = preg_split('/[;}]/', $sd);
177: for ($i=0; $i < count($vars)-1; $i++) {
178: $parts = explode('|', $vars[$i]);
179: $key = $parts[0];
180: $val = unserialize($parts[1].';');
181: $sess_array[$key] = $val;
182: }
183: return $sess_array;
184: }
185:
186: 187: 188: 189: 190: 191:
192: function getClientFingerprint()
193: {
194: $sid = K_RANDOM_SECURITY;
195: if (isset($_SERVER['HTTP_USER_AGENT'])) {
196: $sid .= $_SERVER['HTTP_USER_AGENT'];
197: }
198: if (isset($_SERVER['HTTP_ACCEPT'])) {
199: $sid .= $_SERVER['HTTP_ACCEPT'];
200: }
201: if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])) {
202: $sid .= $_SERVER['HTTP_ACCEPT_ENCODING'];
203: }
204: if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
205: $sid .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
206: }
207: if (isset($_SERVER['HTTP_DNT'])) {
208: $sid .= $_SERVER['HTTP_DNT'];
209: }
210: if (isset($_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'])) {
211: $sid .= $_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'];
212: }
213: return md5($sid);
214: }
215:
216: 217: 218: 219: 220: 221:
222: function getNewSessionID()
223: {
224: return md5(getPasswordHash(uniqid(microtime().getmypid().getClientFingerprint().K_RANDOM_SECURITY.session_id(), true)));
225: }
226:
227: 228: 229: 230: 231:
232: function getPasswordHash($password)
233: {
234: return password_hash($password, PASSWORD_DEFAULT);
235: }
236:
237: 238: 239: 240: 241: 242: 243:
244: function checkPassword($password, $hash)
245: {
246: return password_verify($password, $hash);
247: }
248:
249:
250:
251:
252: session_set_save_handler('F_session_open', 'F_session_close', 'F_session_read', 'F_session_write', 'F_session_destroy', 'F_session_gc');
253:
254:
255: if (isset($_COOKIE['PHPSESSID'])) {
256:
257: $_REQUEST['PHPSESSID'] = $_COOKIE['PHPSESSID'];
258: }
259: if (isset($_REQUEST['PHPSESSID'])) {
260:
261: $PHPSESSID = preg_replace('/[^0-9a-f]*/', '', $_REQUEST['PHPSESSID']);
262: if (strlen($PHPSESSID) != 32) {
263:
264: $PHPSESSID = getNewSessionID();
265: }
266: } else {
267:
268: $PHPSESSID = getNewSessionID();
269: }
270:
271: if ((!isset($_REQUEST['menu_mode'])) or ($_REQUEST['menu_mode'] != 'startlongprocess')) {
272:
273: session_id($PHPSESSID);
274: }
275:
276: session_start();
277: header('Cache-control: private');
278:
279:
280:
281:
282: