From 9b66b5eee37c1a3958d9ddccb9c1a06ac7ef49ce Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 8 Apr 2016 04:44:10 -0700 Subject: [PATCH] objectify all the session management stuff --- Zotlabs/Web/Session.php | 91 ++++++++++++++++++++++++++++++++++ Zotlabs/Web/SessionHandler.php | 78 +++++++++++++++++++++++++++++ include/Contact.php | 2 +- include/api.php | 2 +- include/auth.php | 14 +++--- include/cli_startup.php | 2 +- index.php | 4 +- 7 files changed, 181 insertions(+), 12 deletions(-) create mode 100644 Zotlabs/Web/Session.php create mode 100644 Zotlabs/Web/SessionHandler.php diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php new file mode 100644 index 000000000..ff0070d15 --- /dev/null +++ b/Zotlabs/Web/Session.php @@ -0,0 +1,91 @@ + $v) { + unset($_SESSION[$k]); + } + } + } + + + + function new_cookie($time) { + + $old_sid = session_id(); + + session_regenerate_id(false); + + q("UPDATE session SET sid = '%s' WHERE sid = '%s'", + dbesc(session_id()), + dbesc($old_sid) + ); + + if (x($_COOKIE, 'jsAvailable')) { + if ($time) { + $expires = time() + $time; + } else { + $expires = 0; + } + setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires); + } + setcookie(session_name(),session_id(),$expires); + } + + +} \ No newline at end of file diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php new file mode 100644 index 000000000..ede2bd609 --- /dev/null +++ b/Zotlabs/Web/SessionHandler.php @@ -0,0 +1,78 @@ +session_exists = 0; + $this->session_expire = 180000; + return true; + } + + function read ($id) { + + if(x($id)) + $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id)); + + if($r) { + $this->session_exists = true; + return $r[0]['data']; + } + + return ''; + } + + + function write ($id, $data) { + + if(! $id || ! $data) { + return false; + } + + $expire = time() + $this->session_expire; + $default_expire = time() + 300; + + if($this->session_exists) { + q("UPDATE `session` + SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'", + dbesc($data), + dbesc($expire), + dbesc($id) + ); + } + else { + q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')", + dbesc($id), + dbesc($default_expire), + dbesc($data) + ); + } + + return true; + } + + + function close() { + return true; + } + + + function destroy ($id) { + q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id)); + return true; + } + + + function gc($expire) { + q("DELETE FROM session WHERE expire < %d", dbesc(time())); + return true; + } + + +} \ No newline at end of file diff --git a/include/Contact.php b/include/Contact.php index 507c922d0..e011c60c8 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -389,7 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=false) { proc_run('php','include/directory.php',$channel_id); if($channel_id == local_channel() && $unset_session) { - nuke_session(); + \Zotlabs\Web\Session::nuke(); goaway(z_root()); } diff --git a/include/api.php b/include/api.php index 41837ad88..fd644947c 100644 --- a/include/api.php +++ b/include/api.php @@ -486,7 +486,7 @@ require_once('include/api_auth.php'); function api_account_logout(&$a, $type){ require_once('include/auth.php'); - nuke_session(); + \Zotlabs\Web\Session::nuke(); return api_apply_template("user", $type, array('$user' => null)); } diff --git a/include/auth.php b/include/auth.php index 228143e12..21f0dded8 100644 --- a/include/auth.php +++ b/include/auth.php @@ -101,7 +101,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && // process logout request $args = array('channel_id' => local_channel()); call_hooks('logging_out', $args); - nuke_session(); + \Zotlabs\Web\Session::nuke(); info( t('Logged out.') . EOL); goaway(z_root()); } @@ -117,7 +117,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && intval(ACCOUNT_ROLE_ADMIN) ); if($x) { - new_cookie(60 * 60 * 24); // one day + \Zotlabs\Web\Session::new_cookie(60 * 60 * 24); // one day $_SESSION['last_login_date'] = datetime_convert(); unset($_SESSION['visitor_id']); // no longer a visitor authenticate_success($x[0], true, true); @@ -172,7 +172,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && // check any difference at all logger('Session address changed. Paranoid setting in effect, blocking session. ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); - nuke_session(); + \Zotlabs\Web\Session::nuke(); goaway(z_root()); break; } @@ -196,7 +196,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && } else { $_SESSION['account_id'] = 0; - nuke_session(); + \Zotlabs\Web\Session::nuke(); goaway(z_root()); } } // end logged in user returning @@ -204,7 +204,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && else { if(isset($_SESSION)) { - nuke_session(); + \Zotlabs\Web\Session::nuke(); } // handle a fresh login request @@ -275,10 +275,10 @@ else { // on the cookie if($_POST['remember_me']) { - new_cookie(31449600); // one year + \Zotlabs\Web\Session::new_cookie(31449600); // one year } else { - new_cookie(0); // 0 means delete on browser exit + \Zotlabs\Web\Session::new_cookie(0); // 0 means delete on browser exit } // if we haven't failed up this point, log them in. diff --git a/include/cli_startup.php b/include/cli_startup.php index b0e4fcf10..a99164d4c 100644 --- a/include/cli_startup.php +++ b/include/cli_startup.php @@ -30,7 +30,7 @@ function cli_startup() { unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type); }; - require_once('include/session.php'); + \Zotlabs\Web\Session::init(); load_config('system'); diff --git a/index.php b/index.php index a6ed3dbc6..60760539c 100755 --- a/index.php +++ b/index.php @@ -62,7 +62,7 @@ if(! App::$install) { load_config('system'); load_config('feature'); - require_once('include/session.php'); + \Zotlabs\Web\Session::init(); load_hooks(); call_hooks('init_1'); @@ -84,7 +84,7 @@ if(! App::$install) { * */ -session_start(); +\Zotlabs\Web\Session::start(); /** * Language was set earlier, but we can over-ride it in the session.