2016-04-08 11:44:10 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Zotlabs\Web;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class SessionHandler implements \SessionHandlerInterface {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function open ($s, $n) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-13 02:40:19 +00:00
|
|
|
// IMPORTANT: if we read the session and it doesn't exist, create an empty record.
|
|
|
|
|
// We rely on this due to differing PHP implementation of session_regenerate_id()
|
|
|
|
|
// some which call read explicitly and some that do not. So we call it explicitly
|
|
|
|
|
// just after sid regeneration to force a record to exist.
|
|
|
|
|
|
2016-04-08 11:44:10 +00:00
|
|
|
function read ($id) {
|
|
|
|
|
|
2019-06-14 06:36:16 +00:00
|
|
|
if ($id) {
|
2016-10-04 04:48:53 +00:00
|
|
|
$r = q("SELECT sess_data FROM session WHERE sid= '%s'", dbesc($id));
|
2016-04-08 11:44:10 +00:00
|
|
|
|
2019-06-14 06:36:16 +00:00
|
|
|
if ($r) {
|
2016-06-01 00:50:47 +00:00
|
|
|
return $r[0]['sess_data'];
|
2016-04-13 02:40:19 +00:00
|
|
|
}
|
|
|
|
|
else {
|
2016-10-04 04:48:53 +00:00
|
|
|
q("INSERT INTO session (sess_data, sid, expire) values ('%s', '%s', '%s')",
|
2016-07-11 20:27:44 +00:00
|
|
|
dbesc(''),
|
2016-04-13 02:40:19 +00:00
|
|
|
dbesc($id),
|
|
|
|
|
dbesc(time() + 300)
|
|
|
|
|
);
|
|
|
|
|
}
|
2016-04-08 11:44:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return '';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function write ($id, $data) {
|
|
|
|
|
|
2019-06-14 06:36:16 +00:00
|
|
|
// Pretend everything is hunky-dory, even though it isn't. There probably isn't anything
|
|
|
|
|
// we can do about it in any event.
|
|
|
|
|
|
|
|
|
|
if (! $id) {
|
|
|
|
|
return true;
|
2016-04-08 11:44:10 +00:00
|
|
|
}
|
|
|
|
|
|
2016-04-13 02:40:19 +00:00
|
|
|
// Unless we authenticate somehow, only keep a session for 5 minutes
|
|
|
|
|
// The viewer can extend this by performing any web action using the
|
|
|
|
|
// original cookie, but this allows us to cleanup the hundreds or
|
|
|
|
|
// thousands of empty sessions left around from web crawlers which are
|
|
|
|
|
// assigned cookies on each page that they never use.
|
|
|
|
|
|
|
|
|
|
$expire = time() + 300;
|
|
|
|
|
|
2019-06-14 06:36:16 +00:00
|
|
|
if ($_SESSION) {
|
|
|
|
|
if (array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me']))
|
2016-04-13 02:40:19 +00:00
|
|
|
$expire = time() + (60 * 60 * 24 * 365);
|
2019-06-14 06:36:16 +00:00
|
|
|
elseif (local_channel())
|
2016-04-13 02:40:19 +00:00
|
|
|
$expire = time() + (60 * 60 * 24 * 3);
|
2019-06-14 06:36:16 +00:00
|
|
|
elseif (remote_channel())
|
2016-04-13 02:40:19 +00:00
|
|
|
$expire = time() + (60 * 60 * 24 * 1);
|
2016-04-08 11:44:10 +00:00
|
|
|
}
|
|
|
|
|
|
2016-10-04 04:48:53 +00:00
|
|
|
q("UPDATE session
|
|
|
|
|
SET sess_data = '%s', expire = '%s' WHERE sid = '%s'",
|
2016-04-13 02:40:19 +00:00
|
|
|
dbesc($data),
|
|
|
|
|
dbesc($expire),
|
|
|
|
|
dbesc($id)
|
|
|
|
|
);
|
|
|
|
|
|
2016-04-08 11:44:10 +00:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function close() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function destroy ($id) {
|
2016-10-04 04:48:53 +00:00
|
|
|
q("DELETE FROM session WHERE sid = '%s'", dbesc($id));
|
2016-04-08 11:44:10 +00:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function gc($expire) {
|
|
|
|
|
q("DELETE FROM session WHERE expire < %d", dbesc(time()));
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-13 02:40:19 +00:00
|
|
|
}
|
