streams/include/session.php

<?php
/**
 * @file include/session.php
 *
 * @brief This file includes session related functions.
 *
 * Session management functions. These provide database storage of PHP
 * session info.
 */

$session_exists = 0;
$session_expire = 180000;

function new_cookie($time) {
	$old_sid = session_id();

// ??? This shouldn't have any effect if called after session_start()
// We probably need to set the session expiration and change the PHPSESSID cookie.

	session_set_cookie_params($time);
	session_regenerate_id(false);

	q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
			dbesc(session_id()),
			dbesc($old_sid)
	);

	if (x($_COOKIE, 'jsAvailable')) {
		if ($time) {
			$expires = time() + $time;
		} else {
			$expires = 0;
		}
		setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
	}
}


function ref_session_open ($s, $n) {
	return true;
}


function ref_session_read ($id) {
	global $session_exists;
	if(x($id))
		$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));

	if(count($r)) {
		$session_exists = true;
		return $r[0]['data'];
	}

	return '';
}


function ref_session_write ($id, $data) {
	global $session_exists, $session_expire;

	if(! $id || ! $data) {
		return false;
	}

	$expire = time() + $session_expire;
	$default_expire = time() + 300;

	if($session_exists) {
		q("UPDATE `session`
				SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
				dbesc($data),
				dbesc($expire),
				dbesc($id)
		);
	} else {
		q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
				//SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
				dbesc($id),
				dbesc($default_expire),
				dbesc($data)
		);
	}

	return true;
}


function ref_session_close() {
	return true;
}


function ref_session_destroy ($id) {
	q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
	return true;
}


function ref_session_gc($expire) {
	q("DELETE FROM session WHERE expire < %d", dbesc(time()));
	return true;
}

$gc_probability = 50;

ini_set('session.gc_probability', $gc_probability);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);

/*
 * PHP function which sets our user-level session storage functions.
 */
session_set_save_handler(
		'ref_session_open',
		'ref_session_close',
		'ref_session_read',
		'ref_session_write',
		'ref_session_destroy',
		'ref_session_gc'
);
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`<?php`
			`/**`
			`* @file include/session.php`
			`*`
			`* @brief This file includes session related functions.`
			`*`
			`* Session management functions. These provide database storage of PHP`
			`* session info.`
			`*/`
Initial checkin 2010-07-01 23:48:07 +00:00
			`$session_exists = 0;`
			`$session_expire = 180000;`

move new_cookie() to the session driver so we can use it for other purposes besides "normal" web login (for instance magic auth) 2013-05-24 03:35:40 +00:00			`function new_cookie($time) {`
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`$old_sid = session_id();`
try to fix random logouts 2014-05-13 00:04:03 +00:00
			`// ??? This shouldn't have any effect if called after session_start()`
			`// We probably need to set the session expiration and change the PHPSESSID cookie.`

Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`session_set_cookie_params($time);`
			`session_regenerate_id(false);`
move new_cookie() to the session driver so we can use it for other purposes besides "normal" web login (for instance magic auth) 2013-05-24 03:35:40 +00:00
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`q("UPDATE session SET sid = '%s' WHERE sid = '%s'",`
			`dbesc(session_id()),`
			`dbesc($old_sid)`
			`);`
set jsAvailable cookie expire time to match PHPSESSID's 2014-01-17 06:56:34 +00:00
			`if (x($_COOKIE, 'jsAvailable')) {`
			`if ($time) {`
			`$expires = time() + $time;`
			`} else {`
			`$expires = 0;`
			`}`
			`setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);`
			`}`
move new_cookie() to the session driver so we can use it for other purposes besides "normal" web login (for instance magic auth) 2013-05-24 03:35:40 +00:00			`}`


Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`function ref_session_open ($s, $n) {`
			`return true;`
minor fixes related to postgres development 2013-05-06 02:34:56 +00:00			`}`

Initial checkin 2010-07-01 23:48:07 +00:00
			`function ref_session_read ($id) {`
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`global $session_exists;`
			`if(x($id))`
			$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));

			`if(count($r)) {`
			`$session_exists = true;`
			`return $r[0]['data'];`
			`}`

			`return '';`
minor fixes related to postgres development 2013-05-06 02:34:56 +00:00			`}`

Initial checkin 2010-07-01 23:48:07 +00:00
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`function ref_session_write ($id, $data) {`
			`global $session_exists, $session_expire;`
Initial checkin 2010-07-01 23:48:07 +00:00
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`if(! $id \|\| ! $data) {`
			`return false;`
			`}`
Initial checkin 2010-07-01 23:48:07 +00:00
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`$expire = time() + $session_expire;`
			`$default_expire = time() + 300;`

			`if($session_exists) {`
			q("UPDATE `session`
			SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
			`dbesc($data),`
			`dbesc($expire),`
			`dbesc($id)`
			`);`
			`} else {`
			q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
			//SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
			`dbesc($id),`
			`dbesc($default_expire),`
			`dbesc($data)`
			`);`
			`}`
Initial checkin 2010-07-01 23:48:07 +00:00
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`return true;`
minor fixes related to postgres development 2013-05-06 02:34:56 +00:00			`}`

Initial checkin 2010-07-01 23:48:07 +00:00
			`function ref_session_close() {`
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`return true;`
minor fixes related to postgres development 2013-05-06 02:34:56 +00:00			`}`

Initial checkin 2010-07-01 23:48:07 +00:00
			`function ref_session_destroy ($id) {`
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
			`return true;`
minor fixes related to postgres development 2013-05-06 02:34:56 +00:00			`}`

Initial checkin 2010-07-01 23:48:07 +00:00
			`function ref_session_gc($expire) {`
Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`q("DELETE FROM session WHERE expire < %d", dbesc(time()));`
			`return true;`
minor fixes related to postgres development 2013-05-06 02:34:56 +00:00			`}`
Initial checkin 2010-07-01 23:48:07 +00:00
			`$gc_probability = 50;`

			`ini_set('session.gc_probability', $gc_probability);`
			`ini_set('session.use_only_cookies', 1);`
			`ini_set('session.cookie_httponly', 1);`

Some cleanups. Fixed dbesc_identifier(), but it is not used yet. Corrected some other variable names and variable initialization before using them. 2015-03-12 23:16:19 +00:00			`/*`
			`* PHP function which sets our user-level session storage functions.`
			`*/`
			`session_set_save_handler(`
			`'ref_session_open',`
			`'ref_session_close',`
			`'ref_session_read',`
			`'ref_session_write',`
			`'ref_session_destroy',`
			`'ref_session_gc'`
			`);`