Home Explore Help
Sign In
compsci-industry
/
TechEmpower.FrameworkBenchmarks
mirror of https://github.com/TechEmpower/FrameworkBenchmarks.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: ba9702b441
Branches Tags
TechEmpower.Fra...
/
frameworks
/
PHP
/
php-fatfree
/
lib
/
db
/
mongo
/
session.php

session.php 3.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4. 	Copyright (c) 2009-2014 F3::Factory/Bong Cosca, All rights reserved.
    5. 

  5. 

  6. 	This file is part of the Fat-Free Framework (http://fatfree.sf.net).
    7. 

  7. 

  8. 	THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF
    9. 

  9. 	ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
    10. 

  10. 	IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
    11. 

  11. 	PURPOSE.
    12. 

  12. 

  13. 	Please see the license.txt file for more information.
    14. 

  14. */
    15. 

  15. 

  16. namespace DB\Mongo;
    17. 

  17. 

  18. //! MongoDB-managed session handler
    19. 

  19. class Session extends Mapper {
    20. 

  20. 

  21. 	protected
    22. 

  22. 		//! Session ID
    23. 

  23. 		$sid;
    24. 

  24. 

  25. 	/**
    26. 

  26. 	*	Open session
    27. 

  27. 	*	@return TRUE
    28. 

  28. 	*	@param $path string
    29. 

  29. 	*	@param $name string
    30. 

  30. 	**/
    31. 

  31. 	function open($path,$name) {
    32. 

  32. 		return TRUE;
    33. 

  33. 	}
    34. 

  34. 

  35. 	/**
    36. 

  36. 	*	Close session
    37. 

  37. 	*	@return TRUE
    38. 

  38. 	**/
    39. 

  39. 	function close() {
    40. 

  40. 		return TRUE;
    41. 

  41. 	}
    42. 

  42. 

  43. 	/**
    44. 

  44. 	*	Return session data in serialized format
    45. 

  45. 	*	@return string|FALSE
    46. 

  46. 	*	@param $id string
    47. 

  47. 	**/
    48. 

  48. 	function read($id) {
    49. 

  49. 		if ($id!=$this->sid)
    50. 

  50. 			$this->load(array('session_id'=>$this->sid=$id));
    51. 

  51. 		return $this->dry()?FALSE:$this->get('data');
    52. 

  52. 	}
    53. 

  53. 

  54. 	/**
    55. 

  55. 	*	Write session data
    56. 

  56. 	*	@return TRUE
    57. 

  57. 	*	@param $id string
    58. 

  58. 	*	@param $data string
    59. 

  59. 	**/
    60. 

  60. 	function write($id,$data) {
    61. 

  61. 		$fw=\Base::instance();
    62. 

  62. 		$sent=headers_sent();
    63. 

  63. 		$headers=$fw->get('HEADERS');
    64. 

  64. 		if ($id!=$this->sid)
    65. 

  65. 			$this->load(array('session_id'=>$this->sid=$id));
    66. 

  66. 		$csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'.
    67. 

  67. 			$fw->hash(mt_rand());
    68. 

  68. 		$this->set('session_id',$id);
    69. 

  69. 		$this->set('data',$data);
    70. 

  70. 		$this->set('csrf',$sent?$this->csrf():$csrf);
    71. 

  71. 		$this->set('ip',$fw->get('IP'));
    72. 

  72. 		$this->set('agent',
    73. 

  73. 			isset($headers['User-Agent'])?$headers['User-Agent']:'');
    74. 

  74. 		$this->set('stamp',time());
    75. 

  75. 		$this->save();
    76. 

  76. 		if (!$sent) {
    77. 

  77. 			if (isset($_COOKIE['_']))
    78. 

  78. 				setcookie('_','',strtotime('-1 year'));
    79. 

  79. 			call_user_func_array('setcookie',
    80. 

  80. 				array('_',$csrf)+$fw->get('JAR'));
    81. 

  81. 		}
    82. 

  82. 		return TRUE;
    83. 

  83. 	}
    84. 

  84. 

  85. 	/**
    86. 

  86. 	*	Destroy session
    87. 

  87. 	*	@return TRUE
    88. 

  88. 	*	@param $id string
    89. 

  89. 	**/
    90. 

  90. 	function destroy($id) {
    91. 

  91. 		$this->erase(array('session_id'=>$id));
    92. 

  92. 		setcookie(session_name(),'',strtotime('-1 year'));
    93. 

  93. 		unset($_COOKIE[session_name()]);
    94. 

  94. 		header_remove('Set-Cookie');
    95. 

  95. 		return TRUE;
    96. 

  96. 	}
    97. 

  97. 

  98. 	/**
    99. 

  99. 	*	Garbage collector
    100. 

  100. 	*	@return TRUE
    101. 

  101. 	*	@param $max int
    102. 

  102. 	**/
    103. 

  103. 	function cleanup($max) {
    104. 

  104. 		$this->erase(array('$where'=>'this.stamp+'.$max.'<'.time()));
    105. 

  105. 		return TRUE;
    106. 

  106. 	}
    107. 

  107. 

  108. 	/**
    109. 

  109. 	*	Return anti-CSRF token
    110. 

  110. 	*	@return string|FALSE
    111. 

  111. 	**/
    112. 

  112. 	function csrf() {
    113. 

  113. 		return $this->dry()?FALSE:$this->get('csrf');
    114. 

  114. 	}
    115. 

  115. 

  116. 	/**
    117. 

  117. 	*	Return IP address
    118. 

  118. 	*	@return string|FALSE
    119. 

  119. 	**/
    120. 

  120. 	function ip() {
    121. 

  121. 		return $this->dry()?FALSE:$this->get('ip');
    122. 

  122. 	}
    123. 

  123. 

  124. 	/**
    125. 

  125. 	*	Return Unix timestamp
    126. 

  126. 	*	@return string|FALSE
    127. 

  127. 	**/
    128. 

  128. 	function stamp() {
    129. 

  129. 		return $this->dry()?FALSE:$this->get('stamp');
    130. 

  130. 	}
    131. 

  131. 

  132. 	/**
    133. 

  133. 	*	Return HTTP user agent
    134. 

  134. 	*	@return string|FALSE
    135. 

  135. 	**/
    136. 

  136. 	function agent() {
    137. 

  137. 		return $this->dry()?FALSE:$this->get('agent');
    138. 

  138. 	}
    139. 

  139. 

  140. 	/**
    141. 

  141. 	*	Instantiate class
    142. 

  142. 	*	@param $db object
    143. 

  143. 	*	@param $table string
    144. 

  144. 	**/
    145. 

  145. 	function __construct(\DB\Mongo $db,$table='sessions') {
    146. 

  146. 		parent::__construct($db,$table);
    147. 

  147. 		session_set_save_handler(
    148. 

  148. 			array($this,'open'),
    149. 

  149. 			array($this,'close'),
    150. 

  150. 			array($this,'read'),
    151. 

  151. 			array($this,'write'),
    152. 

  152. 			array($this,'destroy'),
    153. 

  153. 			array($this,'cleanup')
    154. 

  154. 		);
    155. 

  155. 		register_shutdown_function('session_commit');
    156. 

  156. 		@session_start();
    157. 

  157. 		$fw=\Base::instance();
    158. 

  158. 		$headers=$fw->get('HEADERS');
    159. 

  159. 		if (($ip=$this->ip()) && $ip!=$fw->get('IP') ||
    160. 

  160. 			($agent=$this->agent()) &&
    161. 

  161. 			(!isset($headers['User-Agent']) ||
    162. 

  162. 				$agent!=$headers['User-Agent'])) {
    163. 

  163. 			session_destroy();
    164. 

  164. 			$fw->error(403);
    165. 

  165. 		}
    166. 

  166. 		$csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'.
    167. 

  167. 			$fw->hash(mt_rand());
    168. 

  168. 		if ($this->load(array('session_id'=>$this->sid=session_id()))) {
    169. 

  169. 			$this->set('csrf',$csrf);
    170. 

  170. 			$this->save();
    171. 

  171. 		}
    172. 

  172. 	}
    173. 

  173. 

  174. }
    175.