Home Explore Help
Sign In
compsci-industry
/
TechEmpower.FrameworkBenchmarks
mirror of https://github.com/TechEmpower/FrameworkBenchmarks.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: ba9702b441
Branches Tags
TechEmpower.Fra...
/
frameworks
/
PHP
/
php-fatfree
/
lib
/
session.php

session.php 3.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4. 	Copyright (c) 2009-2014 F3::Factory/Bong Cosca, All rights reserved.
    5. 

  5. 

  6. 	This file is part of the Fat-Free Framework (http://fatfree.sf.net).
    7. 

  7. 

  8. 	THE SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF
    9. 

  9. 	ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
    10. 

  10. 	IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR
    11. 

  11. 	PURPOSE.
    12. 

  12. 

  13. 	Please see the license.txt file for more information.
    14. 

  14. */
    15. 

  15. 

  16. //! Cache-based session handler
    17. 

  17. class Session {
    18. 

  18. 

  19. 	protected
    20. 

  20. 		//! Session ID
    21. 

  21. 		$sid;
    22. 

  22. 

  23. 	/**
    24. 

  24. 	*	Open session
    25. 

  25. 	*	@return TRUE
    26. 

  26. 	*	@param $path string
    27. 

  27. 	*	@param $name string
    28. 

  28. 	**/
    29. 

  29. 	function open($path,$name) {
    30. 

  30. 		return TRUE;
    31. 

  31. 	}
    32. 

  32. 

  33. 	/**
    34. 

  34. 	*	Close session
    35. 

  35. 	*	@return TRUE
    36. 

  36. 	**/
    37. 

  37. 	function close() {
    38. 

  38. 		return TRUE;
    39. 

  39. 	}
    40. 

  40. 

  41. 	/**
    42. 

  42. 	*	Return session data in serialized format
    43. 

  43. 	*	@return string|FALSE
    44. 

  44. 	*	@param $id string
    45. 

  45. 	**/
    46. 

  46. 	function read($id) {
    47. 

  47. 		if ($id!=$this->sid)
    48. 

  48. 			$this->sid=$id;
    49. 

  49. 		return Cache::instance()->exists($id.'.@',$data)?$data['data']:FALSE;
    50. 

  50. 	}
    51. 

  51. 

  52. 	/**
    53. 

  53. 	*	Write session data
    54. 

  54. 	*	@return TRUE
    55. 

  55. 	*	@param $id string
    56. 

  56. 	*	@param $data string
    57. 

  57. 	**/
    58. 

  58. 	function write($id,$data) {
    59. 

  59. 		$fw=Base::instance();
    60. 

  60. 		$sent=headers_sent();
    61. 

  61. 		$headers=$fw->get('HEADERS');
    62. 

  62. 		$csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'.
    63. 

  63. 			$fw->hash(mt_rand());
    64. 

  64. 		$jar=$fw->get('JAR');
    65. 

  65. 		if ($id!=$this->sid)
    66. 

  66. 			$this->sid=$id;
    67. 

  67. 		Cache::instance()->set($id.'.@',
    68. 

  68. 			array(
    69. 

  69. 				'data'=>$data,
    70. 

  70. 				'csrf'=>$sent?$this->csrf():$csrf,
    71. 

  71. 				'ip'=>$fw->get('IP'),
    72. 

  72. 				'agent'=>isset($headers['User-Agent'])?
    73. 

  73. 					$headers['User-Agent']:'',
    74. 

  74. 				'stamp'=>time()
    75. 

  75. 			),
    76. 

  76. 			$jar['expire']?($jar['expire']-time()):0
    77. 

  77. 		);
    78. 

  78. 		return TRUE;
    79. 

  79. 	}
    80. 

  80. 

  81. 	/**
    82. 

  82. 	*	Destroy session
    83. 

  83. 	*	@return TRUE
    84. 

  84. 	*	@param $id string
    85. 

  85. 	**/
    86. 

  86. 	function destroy($id) {
    87. 

  87. 		Cache::instance()->clear($id.'.@');
    88. 

  88. 		setcookie(session_name(),'',strtotime('-1 year'));
    89. 

  89. 		unset($_COOKIE[session_name()]);
    90. 

  90. 		header_remove('Set-Cookie');
    91. 

  91. 		return TRUE;
    92. 

  92. 	}
    93. 

  93. 

  94. 	/**
    95. 

  95. 	*	Garbage collector
    96. 

  96. 	*	@return TRUE
    97. 

  97. 	*	@param $max int
    98. 

  98. 	**/
    99. 

  99. 	function cleanup($max) {
    100. 

  100. 		Cache::instance()->reset('.@',$max);
    101. 

  101. 		return TRUE;
    102. 

  102. 	}
    103. 

  103. 

  104. 	/**
    105. 

  105. 	*	Return anti-CSRF token
    106. 

  106. 	*	@return string|FALSE
    107. 

  107. 	**/
    108. 

  108. 	function csrf() {
    109. 

  109. 		return Cache::instance()->
    110. 

  110. 			exists(($this->sid?:session_id()).'.@',$data)?
    111. 

  111. 				$data['csrf']:FALSE;
    112. 

  112. 	}
    113. 

  113. 

  114. 	/**
    115. 

  115. 	*	Return IP address
    116. 

  116. 	*	@return string|FALSE
    117. 

  117. 	**/
    118. 

  118. 	function ip() {
    119. 

  119. 		return Cache::instance()->
    120. 

  120. 			exists(($this->sid?:session_id()).'.@',$data)?
    121. 

  121. 				$data['ip']:FALSE;
    122. 

  122. 	}
    123. 

  123. 

  124. 	/**
    125. 

  125. 	*	Return Unix timestamp
    126. 

  126. 	*	@return string|FALSE
    127. 

  127. 	**/
    128. 

  128. 	function stamp() {
    129. 

  129. 		return Cache::instance()->
    130. 

  130. 			exists(($this->sid?:session_id()).'.@',$data)?
    131. 

  131. 				$data['stamp']:FALSE;
    132. 

  132. 	}
    133. 

  133. 

  134. 	/**
    135. 

  135. 	*	Return HTTP user agent
    136. 

  136. 	*	@return string|FALSE
    137. 

  137. 	**/
    138. 

  138. 	function agent() {
    139. 

  139. 		return Cache::instance()->
    140. 

  140. 			exists(($this->sid?:session_id()).'.@',$data)?
    141. 

  141. 				$data['agent']:FALSE;
    142. 

  142. 	}
    143. 

  143. 

  144. 	/**
    145. 

  145. 	*	Instantiate class
    146. 

  146. 	*	@return object
    147. 

  147. 	**/
    148. 

  148. 	function __construct() {
    149. 

  149. 		session_set_save_handler(
    150. 

  150. 			array($this,'open'),
    151. 

  151. 			array($this,'close'),
    152. 

  152. 			array($this,'read'),
    153. 

  153. 			array($this,'write'),
    154. 

  154. 			array($this,'destroy'),
    155. 

  155. 			array($this,'cleanup')
    156. 

  156. 		);
    157. 

  157. 		register_shutdown_function('session_commit');
    158. 

  158. 		@session_start();
    159. 

  159. 		$fw=\Base::instance();
    160. 

  160. 		$headers=$fw->get('HEADERS');
    161. 

  161. 		if (($ip=$this->ip()) && $ip!=$fw->get('IP') ||
    162. 

  162. 			($agent=$this->agent()) &&
    163. 

  163. 			(!isset($headers['User-Agent']) ||
    164. 

  164. 				$agent!=$headers['User-Agent'])) {
    165. 

  165. 			session_destroy();
    166. 

  166. 			\Base::instance()->error(403);
    167. 

  167. 		}
    168. 

  168. 		$csrf=$fw->hash($fw->get('ROOT').$fw->get('BASE')).'.'.
    169. 

  169. 			$fw->hash(mt_rand());
    170. 

  170. 		$jar=$fw->get('JAR');
    171. 

  171. 		if (Cache::instance()->exists(($this->sid=session_id()).'.@',$data)) {
    172. 

  172. 			$data['csrf']=$csrf;
    173. 

  173. 			Cache::instance()->set($this->sid.'.@',
    174. 

  174. 				$data,
    175. 

  175. 				$jar['expire']?($jar['expire']-time()):0
    176. 

  176. 			);
    177. 

  177. 		}
    178. 

  178. 	}
    179. 

  179. 

  180. }
    181.