Home Explore Help
Sign In
compsci-industry
/
TechEmpower.FrameworkBenchmarks
mirror of https://github.com/TechEmpower/FrameworkBenchmarks.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: ba9702b441
Branches Tags
TechEmpower.Fra...
/
frameworks
/
PHP
/
php-fatfree
/
lib
/
db
/
jig
/
session.php

session.php 3.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4. 	Copyright (c) 2009-2014 F3::Factory/Bong Cosca, All rights reserved.
    5. 

  5. 

  6. 	This file is part of the Fat-Free Framework (http://fatfree.sf.net).
    7. 

  7. 

  8. 	THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF
    9. 

  9. 	ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
    10. 

  10. 	IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
    11. 

  11. 	PURPOSE.
    12. 

  12. 

  13. 	Please see the license.txt file for more information.
    14. 

  14. */
    15. 

  15. 

  16. namespace DB\Jig;
    17. 

  17. 

  18. //! Jig-managed session handler
    19. 

  19. class Session extends Mapper {
    20. 

  20. 

  21. 	protected
    22. 

  22. 		//! Session ID
    23. 

  23. 		$sid;
    24. 

  24. 

  25. 	/**
    26. 

  26. 	*	Open session
    27. 

  27. 	*	@return TRUE
    28. 

  28. 	*	@param $path string
    29. 

  29. 	*	@param $name string
    30. 

  30. 	**/
    31. 

  31. 	function open($path,$name) {
    32. 

  32. 		return TRUE;
    33. 

  33. 	}
    34. 

  34. 

  35. 	/**
    36. 

  36. 	*	Close session
    37. 

  37. 	*	@return TRUE
    38. 

  38. 	**/
    39. 

  39. 	function close() {
    40. 

  40. 		return TRUE;
    41. 

  41. 	}
    42. 

  42. 

  43. 	/**
    44. 

  44. 	*	Return session data in serialized format
    45. 

  45. 	*	@return string|FALSE
    46. 

  46. 	*	@param $id string
    47. 

  47. 	**/
    48. 

  48. 	function read($id) {
    49. 

  49. 		if ($id!=$this->sid)
    50. 

  50. 			$this->load(array('@session_id=?',$this->sid=$id));
    51. 

  51. 		return $this->dry()?FALSE:$this->get('data');
    52. 

  52. 	}
    53. 

  53. 

  54. 	/**
    55. 

  55. 	*	Write session data
    56. 

  56. 	*	@return TRUE
    57. 

  57. 	*	@param $id string
    58. 

  58. 	*	@param $data string
    59. 

  59. 	**/
    60. 

  60. 	function write($id,$data) {
    61. 

  61. 		$fw=\Base::instance();
    62. 

  62. 		$sent=headers_sent();
    63. 

  63. 		$headers=$fw->get('HEADERS');
    64. 

  64. 		if ($id!=$this->sid)
    65. 

  65. 			$this->load(array('@session_id=?',$this->sid=$id));
    66. 

  66. 		$csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'.
    67. 

  67. 			$fw->hash(mt_rand());
    68. 

  68. 		$this->set('session_id',$id);
    69. 

  69. 		$this->set('data',$data);
    70. 

  70. 		$this->set('csrf',$sent?$this->csrf():$csrf);
    71. 

  71. 		$this->set('ip',$fw->get('IP'));
    72. 

  72. 		$this->set('agent',
    73. 

  73. 			isset($headers['User-Agent'])?$headers['User-Agent']:'');
    74. 

  74. 		$this->set('stamp',time());
    75. 

  75. 		$this->save();
    76. 

  76. 		return TRUE;
    77. 

  77. 	}
    78. 

  78. 

  79. 	/**
    80. 

  80. 	*	Destroy session
    81. 

  81. 	*	@return TRUE
    82. 

  82. 	*	@param $id string
    83. 

  83. 	**/
    84. 

  84. 	function destroy($id) {
    85. 

  85. 		$this->erase(array('@session_id=?',$id));
    86. 

  86. 		setcookie(session_name(),'',strtotime('-1 year'));
    87. 

  87. 		unset($_COOKIE[session_name()]);
    88. 

  88. 		header_remove('Set-Cookie');
    89. 

  89. 		return TRUE;
    90. 

  90. 	}
    91. 

  91. 

  92. 	/**
    93. 

  93. 	*	Garbage collector
    94. 

  94. 	*	@return TRUE
    95. 

  95. 	*	@param $max int
    96. 

  96. 	**/
    97. 

  97. 	function cleanup($max) {
    98. 

  98. 		$this->erase(array('@stamp+?<?',$max,time()));
    99. 

  99. 		return TRUE;
    100. 

  100. 	}
    101. 

  101. 

  102. 	/**
    103. 

  103. 	*	Return anti-CSRF token
    104. 

  104. 	*	@return string|FALSE
    105. 

  105. 	**/
    106. 

  106. 	function csrf() {
    107. 

  107. 		return $this->dry()?FALSE:$this->get('csrf');
    108. 

  108. 	}
    109. 

  109. 

  110. 	/**
    111. 

  111. 	*	Return IP address
    112. 

  112. 	*	@return string|FALSE
    113. 

  113. 	**/
    114. 

  114. 	function ip() {
    115. 

  115. 		return $this->dry()?FALSE:$this->get('ip');
    116. 

  116. 	}
    117. 

  117. 

  118. 	/**
    119. 

  119. 	*	Return Unix timestamp
    120. 

  120. 	*	@return string|FALSE
    121. 

  121. 	**/
    122. 

  122. 	function stamp() {
    123. 

  123. 		return $this->dry()?FALSE:$this->get('stamp');
    124. 

  124. 	}
    125. 

  125. 

  126. 	/**
    127. 

  127. 	*	Return HTTP user agent
    128. 

  128. 	*	@return string|FALSE
    129. 

  129. 	**/
    130. 

  130. 	function agent() {
    131. 

  131. 		return $this->dry()?FALSE:$this->get('agent');
    132. 

  132. 	}
    133. 

  133. 

  134. 	/**
    135. 

  135. 	*	Instantiate class
    136. 

  136. 	*	@param $db object
    137. 

  137. 	*	@param $table string
    138. 

  138. 	**/
    139. 

  139. 	function __construct(\DB\Jig $db,$table='sessions') {
    140. 

  140. 		parent::__construct($db,'sessions');
    141. 

  141. 		session_set_save_handler(
    142. 

  142. 			array($this,'open'),
    143. 

  143. 			array($this,'close'),
    144. 

  144. 			array($this,'read'),
    145. 

  145. 			array($this,'write'),
    146. 

  146. 			array($this,'destroy'),
    147. 

  147. 			array($this,'cleanup')
    148. 

  148. 		);
    149. 

  149. 		register_shutdown_function('session_commit');
    150. 

  150. 		@session_start();
    151. 

  151. 		$fw=\Base::instance();
    152. 

  152. 		$headers=$fw->get('HEADERS');
    153. 

  153. 		if (($ip=$this->ip()) && $ip!=$fw->get('IP') ||
    154. 

  154. 			($agent=$this->agent()) &&
    155. 

  155. 			(!isset($headers['User-Agent']) ||
    156. 

  156. 				$agent!=$headers['User-Agent'])) {
    157. 

  157. 			session_destroy();
    158. 

  158. 			$fw->error(403);
    159. 

  159. 		}
    160. 

  160. 		$csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'.
    161. 

  161. 			$fw->hash(mt_rand());
    162. 

  162. 		if ($this->load(array('@session_id=?',$this->sid=session_id()))) {
    163. 

  163. 			$this->set('csrf',$csrf);
    164. 

  164. 			$this->save();
    165. 

  165. 		}
    166. 

  166. 	}
    167. 

  167. 

  168. }
    169.