source-function-F_session_destroy

06 Apr 2018
Namespaces

League
- OAuth2
  - Client
    - Provider
None
Classes

Interfaces

Exceptions

Functions

  1: <?php
  2: //============================================================+
  3: // File name   : tce_functions_session.php
  4: // Begin       : 2001-09-26
  5: // Last Update : 2017-04-22
  6: //
  7: // Description : User-level session storage functions.
  8: //
  9: // Author: Nicola Asuni
 10: //
 11: // (c) Copyright:
 12: //               Nicola Asuni
 13: //               Tecnick.com LTD
 14: //               www.tecnick.com
 15: //               info@tecnick.com
 16: //
 17: // License:
 18: //    Copyright (C) 2004-2017  Nicola Asuni - Tecnick.com LTD
 19: //    See LICENSE.TXT file for more information.
 20: //============================================================+
 21: 
 22: /**
 23:  * @file
 24:  * User-level session storage functions.<br>
 25:  * This script uses the session_set_save_handler() function to set the user-level session storage functions which are used for storing and retrieving data associated with a session.<br>
 26:  * The session data is stored on a local database.
 27:  * NOTE: This script automatically starts the user's session.
 28:  * @package com.tecnick.tcexam.shared
 29:  * @author Nicola Asuni
 30:  * @since 2001-09-26
 31:  */
 32: 
 33: /**
 34:  */
 35: 
 36: // PHP session settings
 37: ini_set('session.save_handler', 'user');
 38: ini_set('session.name', 'PHPSESSID');
 39: //ini_set('session.gc_maxlifetime', K_SESSION_LIFE);
 40: //ini_set('session.cookie_lifetime', K_COOKIE_EXPIRE);
 41: ini_set('session.use_cookies', true);
 42: 
 43: /**
 44:  * Open session.
 45:  * @param $save_path (string) path were to store session data
 46:  * @param $session_name (string) name of session
 47:  * @return bool always TRUE
 48:  */
 49: function F_session_open($save_path, $session_name)
 50: {
 51:     return true;
 52: }
 53: 
 54: /**
 55:  * Close session.<br>
 56:  * Call garbage collector function to remove expired sessions.
 57:  * @return bool always TRUE
 58:  */
 59: function F_session_close()
 60: {
 61:     F_session_gc(); //call garbage collector
 62:     return true;
 63: }
 64: 
 65: /**
 66:  * Get session data.
 67:  * @param $key (string) session ID.
 68:  * @return string session data.
 69:  */
 70: function F_session_read($key)
 71: {
 72:     global $db;
 73:     $key = F_escape_sql($db, $key);
 74:     $sql = 'SELECT cpsession_data
 75:             FROM '.K_TABLE_SESSIONS.'
 76:             WHERE cpsession_id=\''.$key.'\'
 77:                 AND cpsession_expiry>=\''.date(K_TIMESTAMP_FORMAT).'\'
 78:             LIMIT 1';
 79:     if ($r = F_db_query($sql, $db)) {
 80:         if ($m = F_db_fetch_array($r)) {
 81:             return $m['cpsession_data'];
 82:         } else {
 83:             return('');
 84:         }
 85:     }
 86:     return('');
 87: }
 88: 
 89: /**
 90:  * Insert or Update session.
 91:  * @param $key (string) session ID.
 92:  * @param $val (string) session data.
 93:  * @return resource database query result.
 94:  */
 95: function F_session_write($key, $val)
 96: {
 97:     global $db;
 98:     if ((!isset($db)) or (!$db)) {
 99:         // workaround for PHP bug 41230
100:         if (!$db = @F_db_connect(K_DATABASE_HOST, K_DATABASE_PORT, K_DATABASE_USER_NAME, K_DATABASE_USER_PASSWORD, K_DATABASE_NAME)) {
101:             return;
102:         }
103:     }
104:     $key = F_escape_sql($db, $key);
105:     $val = F_escape_sql($db, $val);
106:     $expiry = date(K_TIMESTAMP_FORMAT, (time() + K_SESSION_LIFE));
107:     // check if this session already exist on database
108:     $sql = 'SELECT cpsession_id
109:             FROM '.K_TABLE_SESSIONS.'
110:             WHERE cpsession_id=\''.$key.'\'
111:             LIMIT 1';
112:     if ($r = F_db_query($sql, $db)) {
113:         if ($m = F_db_fetch_array($r)) {
114:             // SQL to update existing session
115:             $sqlup = 'UPDATE '.K_TABLE_SESSIONS.' SET
116:                 cpsession_expiry=\''.$expiry.'\',
117:                 cpsession_data=\''.$val.'\'
118:                 WHERE cpsession_id=\''.$key.'\'';
119:         } else {
120:             // SQL to insert new session
121:             $sqlup = 'INSERT INTO '.K_TABLE_SESSIONS.' (
122:                 cpsession_id,
123:                 cpsession_expiry,
124:                 cpsession_data
125:                 ) VALUES (
126:                 \''.$key.'\',
127:                 \''.$expiry.'\',
128:                 \''.$val.'\'
129:                 )';
130:         }
131:         return F_db_query($sqlup, $db);
132:     }
133:     return false;
134: }
135: 
136: /**
137:  * Deletes the specific session.
138:  * @param $key (string) session ID of session to destroy.
139:  * @return resource database query result.
140:  */
141: function F_session_destroy($key)
142: {
143:     global $db;
144:     $key = F_escape_sql($db, $key);
145:     $sql = 'DELETE FROM '.K_TABLE_SESSIONS.' WHERE cpsession_id=\''.$key.'\'';
146:     return F_db_query($sql, $db);
147: }
148: 
149: /**
150:  * Garbage collector.<br>
151:  * Deletes expired sessions.<br>
152:  * NOTE: while time() function returns a 32 bit integer, it works fine until year 2038.
153:  * @return int number of deleted sessions.
154:  */
155: function F_session_gc()
156: {
157:     global $db;
158:     $expiry_time = date(K_TIMESTAMP_FORMAT);
159:     $sql = 'DELETE FROM '.K_TABLE_SESSIONS.' WHERE cpsession_expiry<=\''.$expiry_time.'\'';
160:     if (!$r = F_db_query($sql, $db)) {
161:         return false;
162:     }
163:     return F_db_affected_rows($db, $r);
164: }
165: 
166: /**
167:  * Convert encoded session string data to array.
168:  * @author Nicola Asuni
169:  * @since 2001-10-18
170:  * @param $sd (string) input data string
171:  * @return array
172:  */
173: function F_session_string_to_array($sd)
174: {
175:     $sess_array = array();
176:     $vars = preg_split('/[;}]/', $sd);
177:     for ($i=0; $i < count($vars)-1; $i++) {
178:         $parts = explode('|', $vars[$i]);
179:         $key = $parts[0];
180:         $val = unserialize($parts[1].';');
181:         $sess_array[$key] = $val;
182:     }
183:     return $sess_array;
184: }
185: 
186: /**
187:  * Generate a client fingerprint (unique ID for the client browser)
188:  * @author Nicola Asuni
189:  * @since 2010-10-04
190:  * @return string client ID
191:  */
192: function getClientFingerprint()
193: {
194:     $sid = K_RANDOM_SECURITY;
195:     if (isset($_SERVER['HTTP_USER_AGENT'])) {
196:         $sid .= $_SERVER['HTTP_USER_AGENT'];
197:     }
198:     if (isset($_SERVER['HTTP_ACCEPT'])) {
199:         $sid .= $_SERVER['HTTP_ACCEPT'];
200:     }
201:     if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])) {
202:         $sid .= $_SERVER['HTTP_ACCEPT_ENCODING'];
203:     }
204:     if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
205:         $sid .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
206:     }
207:     if (isset($_SERVER['HTTP_DNT'])) {
208:         $sid .= $_SERVER['HTTP_DNT'];
209:     }
210:     if (isset($_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'])) {
211:         $sid .= $_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'];
212:     }
213:     return md5($sid);
214: }
215: 
216: /**
217:  * Generate and return a new session ID.
218:  * @author Nicola Asuni
219:  * @since 2010-10-04
220:  * @return string PHPSESSID
221:  */
222: function getNewSessionID()
223: {
224:     return md5(getPasswordHash(uniqid(microtime().getmypid().getClientFingerprint().K_RANDOM_SECURITY.session_id(), true)));
225: }
226: 
227: /**
228:  * Hash password for Database storing.
229:  * @param $password (string) Password to hash.
230:  * @return string password hash
231:  */
232: function getPasswordHash($password)
233: {
234:     return password_hash($password, PASSWORD_DEFAULT);
235: }
236: 
237: /**
238:  * Verifies that a password matches a hash
239:  * @param $password (string) The password to verify
240:  * @param $hash (string) Password hash
241:  * 
242:  * @return boolean
243:  */
244: function checkPassword($password, $hash)
245: {
246:     return password_verify($password, $hash);
247: }
248: 
249: // ------------------------------------------------------------
250: 
251: // Sets user-level session storage functions.
252: session_set_save_handler('F_session_open', 'F_session_close', 'F_session_read', 'F_session_write', 'F_session_destroy', 'F_session_gc');
253: 
254: // start user session
255: if (isset($_COOKIE['PHPSESSID'])) {
256:     // cookie takes precedence
257:     $_REQUEST['PHPSESSID'] = $_COOKIE['PHPSESSID'];
258: }
259: if (isset($_REQUEST['PHPSESSID'])) {
260:     // sanitize $PHPSESSID from get/post/cookie
261:     $PHPSESSID = preg_replace('/[^0-9a-f]*/', '', $_REQUEST['PHPSESSID']);
262:     if (strlen($PHPSESSID) != 32) {
263:         // generate new ID
264:         $PHPSESSID = getNewSessionID();
265:     }
266: } else {
267:     // create new PHPSESSID
268:     $PHPSESSID = getNewSessionID();
269: }
270: 
271: if ((!isset($_REQUEST['menu_mode'])) or ($_REQUEST['menu_mode'] != 'startlongprocess')) {
272:     // fix flush problem on long processes
273:     session_id($PHPSESSID); //set session id
274: }
275: 
276: session_start(); //start session
277: header('Cache-control: private'); // fix IE6 bug
278: 
279: //============================================================+
280: // END OF FILE
281: //============================================================+
282: