Initial version of new Session library
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
deleted file mode 100644
index 566c40b..0000000
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ /dev/null
@@ -1,805 +0,0 @@
-<?php
-/**
- * CodeIgniter
- *
- * An open source application development framework for PHP 5.2.4 or newer
- *
- * NOTICE OF LICENSE
- *
- * Licensed under the Open Software License version 3.0
- *
- * This source file is subject to the Open Software License (OSL 3.0) that is
- * bundled with this package in the files license.txt / license.rst. It is
- * also available through the world wide web at this URL:
- * http://opensource.org/licenses/OSL-3.0
- * If you did not receive a copy of the license and are unable to obtain it
- * through the world wide web, please send an email to
- * licensing@ellislab.com so we can send you a copy immediately.
- *
- * @package CodeIgniter
- * @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
- * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
- * @link http://codeigniter.com
- * @since Version 1.0
- * @filesource
- */
-defined('BASEPATH') OR exit('No direct script access allowed');
-
-/**
- * Cookie-based session management driver
- *
- * This is the classic CI_Session functionality, as written by EllisLab, abstracted out to a driver.
- *
- * @package CodeIgniter
- * @subpackage Libraries
- * @category Sessions
- * @author EllisLab Dev Team
- * @link http://codeigniter.com/user_guide/libraries/sessions.html
- */
-class CI_Session_cookie extends CI_Session_driver {
-
- /**
- * Whether to encrypt the session cookie
- *
- * @var bool
- */
- public $sess_encrypt_cookie = FALSE;
-
- /**
- * Whether to use to the database for session storage
- *
- * @var bool
- */
- public $sess_use_database = FALSE;
-
- /**
- * Name of the database table in which to store sessions
- *
- * @var string
- */
- public $sess_table_name = '';
-
- /**
- * Length of time (in seconds) for sessions to expire
- *
- * @var int
- */
- public $sess_expiration = 7200;
-
- /**
- * Whether to kill session on close of browser window
- *
- * @var bool
- */
- public $sess_expire_on_close = FALSE;
-
- /**
- * Whether to match session on ip address
- *
- * @var bool
- */
- public $sess_match_ip = FALSE;
-
- /**
- * Whether to match session on user-agent
- *
- * @var bool
- */
- public $sess_match_useragent = TRUE;
-
- /**
- * Name of session cookie
- *
- * @var string
- */
- public $sess_cookie_name = 'ci_session';
-
- /**
- * Session cookie prefix
- *
- * @var string
- */
- public $cookie_prefix = '';
-
- /**
- * Session cookie path
- *
- * @var string
- */
- public $cookie_path = '';
-
- /**
- * Session cookie domain
- *
- * @var string
- */
- public $cookie_domain = '';
-
- /**
- * Whether to set the cookie only on HTTPS connections
- *
- * @var bool
- */
- public $cookie_secure = FALSE;
-
- /**
- * Whether cookie should be allowed only to be sent by the server
- *
- * @var bool
- */
- public $cookie_httponly = FALSE;
-
- /**
- * Interval at which to update session
- *
- * @var int
- */
- public $sess_time_to_update = 300;
-
- /**
- * Key with which to encrypt the session cookie
- *
- * @var string
- */
- public $encryption_key = '';
-
- /**
- * Timezone to use for the current time
- *
- * @var string
- */
- public $time_reference = 'local';
-
- /**
- * Session data
- *
- * @var array
- */
- public $userdata = array();
-
- /**
- * Current time
- *
- * @var int
- */
- public $now;
-
- // ------------------------------------------------------------------------
-
- /**
- * Default userdata keys
- *
- * @var array
- */
- protected $defaults = array(
- 'session_id' => NULL,
- 'ip_address' => NULL,
- 'user_agent' => NULL,
- 'last_activity' => NULL
- );
-
- /**
- * Data needs DB update flag
- *
- * @var bool
- */
- protected $data_dirty = FALSE;
-
- /**
- * Standardize newlines flag
- *
- * @var bool
- */
- protected $_standardize_newlines;
-
- // ------------------------------------------------------------------------
-
- /**
- * Initialize session driver object
- *
- * @return void
- */
- protected function initialize()
- {
- // Set all the session preferences, which can either be set
- // manually via the $params array or via the config file
- $prefs = array(
- 'sess_encrypt_cookie',
- 'sess_use_database',
- 'sess_table_name',
- 'sess_expiration',
- 'sess_expire_on_close',
- 'sess_match_ip',
- 'sess_match_useragent',
- 'sess_cookie_name',
- 'cookie_path',
- 'cookie_domain',
- 'cookie_secure',
- 'cookie_httponly',
- 'sess_time_to_update',
- 'time_reference',
- 'cookie_prefix',
- 'encryption_key',
- );
-
- $this->_standardize_newlines = (bool) config_item('standardize_newlines');
-
- foreach ($prefs as $key)
- {
- $this->$key = isset($this->_parent->params[$key])
- ? $this->_parent->params[$key]
- : $this->CI->config->item($key);
- }
-
- if (empty($this->encryption_key))
- {
- show_error('In order to use the Cookie Session driver you are required to set an encryption key in your config file.');
- }
-
- // Do we need encryption? If so, load the encryption class
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $this->CI->load->library('encryption');
- }
-
- // Check for database
- if ($this->sess_use_database === TRUE && $this->sess_table_name !== '')
- {
- // Load database driver
- $this->CI->load->database();
-
- // Register shutdown function
- register_shutdown_function(array($this, '_update_db'));
- }
-
- // Set the "now" time. Can either be GMT or server time, based on the config prefs.
- // We use this to set the "last activity" time
- $this->now = $this->_get_time();
-
- // Set the session length. If the session expiration is
- // set to zero we'll set the expiration two years from now.
- if ($this->sess_expiration === 0)
- {
- $this->sess_expiration = (60*60*24*365*2);
- }
-
- // Set the cookie name
- $this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;
-
- // Run the Session routine. If a session doesn't exist we'll
- // create a new one. If it does, we'll update it.
- if ( ! $this->_sess_read())
- {
- $this->_sess_create();
- }
- else
- {
- $this->_sess_update();
- }
-
- // Delete expired sessions if necessary
- $this->_sess_gc();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Write the session data
- *
- * @return void
- */
- public function sess_save()
- {
- // Check for database
- if ($this->sess_use_database === TRUE)
- {
- // Mark custom data as dirty so we know to update the DB
- $this->data_dirty = TRUE;
- }
-
- // Write the cookie
- $this->_set_cookie();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Destroy the current session
- *
- * @return void
- */
- public function sess_destroy()
- {
- // Kill the session DB row
- if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
- {
- $this->CI->db->delete($this->sess_table_name, array('session_id' => $this->userdata['session_id']));
- $this->data_dirty = FALSE;
- }
-
- // Kill the cookie
- $this->_setcookie($this->sess_cookie_name, '', ($this->now - 31500000),
- $this->cookie_path, $this->cookie_domain, 0);
-
- // Kill session data
- $this->userdata = array();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Regenerate the current session
- *
- * Regenerate the session id
- *
- * @param bool Destroy session data flag (default: false)
- * @return void
- */
- public function sess_regenerate($destroy = FALSE)
- {
- // Check destroy flag
- if ($destroy)
- {
- // Destroy old session and create new one
- $this->sess_destroy();
- $this->_sess_create();
- }
- else
- {
- // Just force an update to recreate the id
- $this->_sess_update(TRUE);
- }
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Get a reference to user data array
- *
- * @return array Reference to userdata
- */
- public function &get_userdata()
- {
- return $this->userdata;
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Fetch the current session data if it exists
- *
- * @return bool
- */
- protected function _sess_read()
- {
- // Fetch the cookie
- $session = $this->CI->input->cookie($this->sess_cookie_name);
-
- // No cookie? Goodbye cruel world!...
- if ($session === NULL)
- {
- log_message('debug', 'A session cookie was not found.');
- return FALSE;
- }
-
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $session = $this->CI->encryption->decrypt($session);
- if ($session === FALSE)
- {
- log_message('error', 'Session: Unable to decrypt the session cookie, possibly due to a HMAC mismatch.');
- return FALSE;
- }
- }
- else
- {
- if (($len = strlen($session) - 40) <= 0)
- {
- log_message('error', 'Session: The session cookie was not signed.');
- return FALSE;
- }
-
- // Check cookie authentication
- $hmac = substr($session, $len);
- $session = substr($session, 0, $len);
-
- // Time-attack-safe comparison
- $hmac_check = hash_hmac('sha1', $session, $this->encryption_key);
- $diff = 0;
- for ($i = 0; $i < 40; $i++)
- {
- $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]);
- }
-
- if ($diff !== 0)
- {
- log_message('error', 'Session: HMAC mismatch. The session cookie data did not match what was expected.');
- $this->sess_destroy();
- return FALSE;
- }
- }
-
- // Unserialize the session array
- $session = @unserialize($session);
-
- // Is the session data we unserialized an array with the correct format?
- if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))
- {
- log_message('debug', 'Session: Wrong cookie data format');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is the session current?
- if (($session['last_activity'] + $this->sess_expiration) < $this->now OR $session['last_activity'] > $this->now)
- {
- log_message('debug', 'Session: Expired');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Does the IP match?
- if ($this->sess_match_ip === TRUE && $session['ip_address'] !== $this->CI->input->ip_address())
- {
- log_message('debug', 'Session: IP address mismatch');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Does the User Agent Match?
- if ($this->sess_match_useragent === TRUE &&
- trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
- {
- log_message('debug', 'Session: User Agent string mismatch');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is there a corresponding session in the DB?
- if ($this->sess_use_database === TRUE)
- {
- $this->CI->db->where('session_id', $session['session_id']);
-
- if ($this->sess_match_ip === TRUE)
- {
- $this->CI->db->where('ip_address', $session['ip_address']);
- }
-
- if ($this->sess_match_useragent === TRUE)
- {
- $this->CI->db->where('user_agent', $session['user_agent']);
- }
-
- // Is caching in effect? Turn it off
- $db_cache = $this->CI->db->cache_on;
- $this->CI->db->cache_off();
-
- $query = $this->CI->db->limit(1)->get($this->sess_table_name);
-
- // Was caching in effect?
- if ($db_cache)
- {
- // Turn it back on
- $this->CI->db->cache_on();
- }
-
- // No result? Kill it!
- if (empty($query) OR $query->num_rows() === 0)
- {
- log_message('debug', 'Session: No match found in our database');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is there custom data? If so, add it to the main session array
- $row = $query->row();
- if ( ! empty($row->user_data))
- {
- $custom_data = unserialize(trim($row->user_data));
-
- if (is_array($custom_data))
- {
- $session = $session + $custom_data;
- }
- }
- }
-
- // Session is valid!
- $this->userdata = $session;
- return TRUE;
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Create a new session
- *
- * @return void
- */
- protected function _sess_create()
- {
- // Initialize userdata
- $this->userdata = array(
- 'session_id' => $this->_make_sess_id(),
- 'ip_address' => $this->CI->input->ip_address(),
- 'user_agent' => trim(substr($this->CI->input->user_agent(), 0, 120)),
- 'last_activity' => $this->now,
- );
-
- log_message('debug', 'Session: Creating new session ('.$this->userdata['session_id'].')');
-
- // Check for database
- if ($this->sess_use_database === TRUE)
- {
- // Add empty user_data field and save the data to the DB
- $this->CI->db->set('user_data', '')->insert($this->sess_table_name, $this->userdata);
- }
-
- // Write the cookie
- $this->_set_cookie();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Update an existing session
- *
- * @param bool Force update flag (default: false)
- * @return void
- */
- protected function _sess_update($force = FALSE)
- {
- // We only update the session every five minutes by default (unless forced)
- if ( ! $force && ($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
- {
- return;
- }
-
- // Update last activity to now
- $this->userdata['last_activity'] = $this->now;
-
- // Save the old session id so we know which DB record to update
- $old_sessid = $this->userdata['session_id'];
-
- // Changing the session ID during an AJAX call causes problems
- if ( ! $this->CI->input->is_ajax_request())
- {
- // Get new id
- $this->userdata['session_id'] = $this->_make_sess_id();
-
- log_message('debug', 'Session: Regenerate ID');
- }
-
- // Check for database
- if ($this->sess_use_database === TRUE)
- {
- $this->CI->db->where('session_id', $old_sessid);
-
- if ($this->sess_match_ip === TRUE)
- {
- $this->CI->db->where('ip_address', $this->CI->input->ip_address());
- }
-
- if ($this->sess_match_useragent === TRUE)
- {
- $this->CI->db->where('user_agent', trim(substr($this->CI->input->user_agent(), 0, 120)));
- }
-
- // Update the session ID and last_activity field in the DB
- $this->CI->db->update($this->sess_table_name,
- array(
- 'last_activity' => $this->now,
- 'session_id' => $this->userdata['session_id']
- )
- );
- }
-
- // Write the cookie
- $this->_set_cookie();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Update database with current data
- *
- * This gets called from the shutdown function and also
- * registered with PHP to run at the end of the request
- * so it's guaranteed to update even when a fatal error
- * occurs. The first call makes the update and clears the
- * dirty flag so it won't happen twice.
- *
- * @return void
- */
- public function _update_db()
- {
- // Check for database and dirty flag and unsaved
- if ($this->sess_use_database === TRUE && $this->data_dirty === TRUE)
- {
- // Set up activity and data fields to be set
- // If we don't find custom data, user_data will remain an empty string
- $set = array(
- 'last_activity' => $this->userdata['last_activity'],
- 'user_data' => ''
- );
-
- // Get the custom userdata, leaving out the defaults
- // (which get stored in the cookie)
- $userdata = array_diff_key($this->userdata, $this->defaults);
-
- // Did we find any custom data?
- if ( ! empty($userdata))
- {
- // Serialize the custom data array so we can store it
- $set['user_data'] = serialize($userdata);
- }
-
- // Reset query builder values.
- $this->CI->db->reset_query();
-
- // Run the update query
- // Any time we change the session id, it gets updated immediately,
- // so our where clause below is always safe
- $this->CI->db->where('session_id', $this->userdata['session_id']);
-
- if ($this->sess_match_ip === TRUE)
- {
- $this->CI->db->where('ip_address', $this->CI->input->ip_address());
- }
-
- if ($this->sess_match_useragent === TRUE)
- {
- $this->CI->db->where('user_agent', trim(substr($this->CI->input->user_agent(), 0, 120)));
- }
-
- $this->CI->db->update($this->sess_table_name, $set);
-
- // Clear dirty flag to prevent double updates
- $this->data_dirty = FALSE;
-
- log_message('debug', 'CI_Session Data Saved To DB');
- }
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Generate a new session id
- *
- * @return string Hashed session id
- */
- protected function _make_sess_id()
- {
- $new_sessid = '';
- do
- {
- $new_sessid .= mt_rand();
- }
- while (strlen($new_sessid) < 32);
-
- // To make the session ID even more secure we'll combine it with the user's IP
- $new_sessid .= $this->CI->input->ip_address();
-
- // Turn it into a hash and return
- return md5(uniqid($new_sessid, TRUE));
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Get the "now" time
- *
- * @return int Time
- */
- protected function _get_time()
- {
- if ($this->time_reference === 'local' OR $this->time_reference === date_default_timezone_get())
- {
- return time();
- }
-
- $datetime = new DateTime('now', new DateTimeZone($this->time_reference));
- sscanf($datetime->format('j-n-Y G:i:s'), '%d-%d-%d %d:%d:%d', $day, $month, $year, $hour, $minute, $second);
-
- return mktime($hour, $minute, $second, $month, $day, $year);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Write the session cookie
- *
- * @return void
- */
- protected function _set_cookie()
- {
- // Get userdata (only defaults if database)
- $cookie_data = ($this->sess_use_database === TRUE)
- ? array_intersect_key($this->userdata, $this->defaults)
- : $this->userdata;
-
- // The Input class will do this and since we use HMAC verification,
- // unless we standardize here as well, the hash won't match.
- if ($this->_standardize_newlines)
- {
- foreach (array_keys($this->userdata) as $key)
- {
- $this->userdata[$key] = preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $this->userdata[$key]);
- }
- }
-
- // Serialize the userdata for the cookie
- $cookie_data = serialize($cookie_data);
-
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $cookie_data = $this->CI->encryption->encrypt($cookie_data);
- }
- else
- {
- // Require message authentication
- $cookie_data .= hash_hmac('sha1', $cookie_data, $this->encryption_key);
- }
-
- $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
-
- // Set the cookie
- $this->_setcookie($this->sess_cookie_name, $cookie_data, $expire, $this->cookie_path, $this->cookie_domain,
- $this->cookie_secure, $this->cookie_httponly);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Set a cookie with the system
- *
- * This abstraction of the setcookie call allows overriding for unit testing
- *
- * @param string Cookie name
- * @param string Cookie value
- * @param int Expiration time
- * @param string Cookie path
- * @param string Cookie domain
- * @param bool Secure connection flag
- * @param bool HTTP protocol only flag
- * @return void
- */
- protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = FALSE, $httponly = FALSE)
- {
- setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Garbage collection
- *
- * This deletes expired session rows from database
- * if the probability percentage is met
- *
- * @return void
- */
- protected function _sess_gc()
- {
- if ($this->sess_use_database !== TRUE)
- {
- return;
- }
-
- $probability = ini_get('session.gc_probability');
- $divisor = ini_get('session.gc_divisor');
-
- if (mt_rand(1, $divisor) <= $probability)
- {
- $expire = $this->now - $this->sess_expiration;
- $this->CI->db->delete($this->sess_table_name, 'last_activity < '.$expire);
-
- log_message('debug', 'Session garbage collection performed.');
- }
- }
-
-}
-
-/* End of file Session_cookie.php */
-/* Location: ./system/libraries/Session/drivers/Session_cookie.php */
\ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
new file mode 100644
index 0000000..2484745
--- /dev/null
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -0,0 +1,317 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author Andrey Andreev
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 3.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * CodeIgniter Session Database Driver
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+class CI_Session_database_driver extends CI_Session_driver implements SessionHandlerInterface {
+
+ /**
+ * DB object
+ *
+ * @var object
+ */
+ protected $_db;
+
+ /**
+ * DB table
+ *
+ * @var string
+ */
+ protected $_table;
+
+ /**
+ * Session ID
+ *
+ * @var string
+ */
+ protected $_session_id;
+
+ /**
+ * Row exists flag
+ *
+ * @var bool
+ */
+ protected $_row_exists = FALSE;
+
+ /**
+ * Lock "driver" flag
+ *
+ * @var string
+ */
+ protected $_lock_driver;
+
+ /**
+ * Lock status flag
+ *
+ * @var bool
+ */
+ protected $_lock = FALSE;
+
+ /**
+ * Semaphore ID
+ *
+ * Used for locking if the database doesn't support advisory locks
+ *
+ * @var resource
+ */
+ protected $_sem;
+
+ // ------------------------------------------------------------------------
+
+ /**
+ * Class constructor
+ *
+ * @param array $params Configuration parameters
+ * @return void
+ */
+ public function __construct(&$params)
+ {
+ parent::__construct($params);
+
+ $CI =& get_instance();
+ isset($CI->db) OR $CI->load->database();
+ $this->_db =& $CI->db;
+
+ if ( ! $this->_db instanceof CI_DB_query_builder)
+ {
+ throw new Exception('Query Builder not enabled for the configured database. Aborting.');
+ }
+ elseif ($this->_db->pconnect)
+ {
+ throw new Exception('Configured database connection is persistent. Aborting.');
+ }
+
+ $db_driver = $this->_db->dbdriver.(empty($this->_db->subdriver) ? '' : '_'.$this->_db->subdriver);
+ if (strpos($db_driver, 'mysql') !== FALSE)
+ {
+ $this->_lock_type = 'mysql';
+ }
+ elseif (in_array($db_driver, array('postgre', 'pdo_pgsql'), TRUE))
+ {
+ $this->_lock_type = 'postgre';
+ }
+ elseif (extension_loaded('sysvsem'))
+ {
+ $this->_lock_type = 'semaphore';
+ }
+
+ isset($this->_table) OR $this->_table = config_item('sess_table_name');
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function open($save_path, $name)
+ {
+ return empty($this->_db->conn_id)
+ ? ( ! $this->_db->autoinit && $this->_db->db_connect())
+ : TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function read($session_id)
+ {
+ $this->_session_id = $session_id;
+ if (($this->_lock = $this->_get_lock()) !== FALSE)
+ {
+ $this->_db
+ ->select('data')
+ ->from($this->_table)
+ ->where('id', $session_id);
+
+ if ($this->_match_ip)
+ {
+ $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ }
+
+ if (($result = $this->_db->get()->row()) === NULL)
+ {
+ $this->_fingerprint = md5('');
+ return '';
+ }
+
+ $this->_fingerprint = md5(rtrim($result->data));
+ $this->_row_exists = TRUE;
+ return $result->data;
+ }
+
+ $this->_fingerprint = md5('');
+ return '';
+ }
+
+ public function write($session_id, $session_data)
+ {
+ if ($this->_lock === FALSE)
+ {
+ return FALSE;
+ }
+
+ if ($this->_row_exists === FALSE)
+ {
+ if ($this->_db->insert($this->_table, array('id' => $session_id, 'ip_address' => $_SERVER['REMOTE_ADDR'], 'timestamp' => time(), 'data' => $session_data)))
+ {
+ $this->_fingerprint = md5($session_data);
+ return $this->_row_exists = TRUE;
+ }
+
+ return FALSE;
+ }
+
+ $this->_db->where('id', $session_id);
+ if ($this->_match_ip)
+ {
+ $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ }
+
+ $update_data = ($this->_fingerprint === md5($session_data))
+ ? array('timestamp' => time())
+ : array('timestamp' => time(), 'data' => $session_data);
+
+ if ($this->_db->update($this->_table, $update_data))
+ {
+ $this->_fingerprint = md5($session_data);
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function close()
+ {
+ return ($this->_lock)
+ ? $this->_release_lock()
+ : TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function destroy($session_id)
+ {
+ if ($this->_lock)
+ {
+ $this->_db->where('id', $session_id);
+ if ($this->_match_ip)
+ {
+ $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ }
+
+ return $this->_db->delete($this->_table)
+ ? ($this->close() && $this->_cookie_destroy())
+ : FALSE;
+ }
+
+ return ($this->close() && $this->_cookie_destroy());
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function gc($maxlifetime)
+ {
+ return $this->_db->delete($this->_table, 'timestamp < '.(time() - $maxlifetime));
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _get_lock()
+ {
+ $arg = $this->_session_id
+ .($this->_match_ip ? '_'.$_SERVER['REMOTE_ADDR'] : '');
+
+ if ($this->_lock_driver === 'mysql')
+ {
+ return (bool) $this->_db
+ ->query("SELECT GET_LOCK('".$session_id."', 10) AS ci_session_lock")
+ ->row()
+ ->ci_session_lock;
+ }
+ elseif ($this->_lock_driver === 'postgre')
+ {
+ return (bool) $this->_db->simple_query('SELECT pg_advisory_lock('.$arg.')');
+ }
+ elseif ($this->_lock_driver === 'semaphore')
+ {
+ if (($this->_sem = sem_get($arg, 1, 0644)) === FALSE)
+ {
+ return FALSE;
+ }
+
+ if ( ! sem_acquire($this->_sem))
+ {
+ sem_remove($this->_sem);
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _release_lock()
+ {
+ if ($this->_lock_driver === 'mysql')
+ {
+ $arg = $this->_session_id
+ .($this->_match_ip ? '_'.$_SERVER['REMOTE_ADDR'] : '');
+
+ return (bool) $this->_db
+ ->query("SELECT RELEASE_LOCK('".$arg."') AS ci_session_lock")
+ ->row()
+ ->ci_session_lock;
+ }
+ elseif ($this->_lock_driver === 'postgre')
+ {
+ $arg = "hashtext('".$this->_session_id."')"
+ .($this->_match_ip ? ", hashtext('".$_SERVER['REMOTE_ADDR']."')" : '');
+
+ return (bool) $this->_db->simple_query('SELECT pg_advisory_unlock('.$arg.')');
+ }
+ elseif ($this->_lock_driver === 'semaphore')
+ {
+ sem_release($this->_sem);
+ sem_remove($this->_sem);
+ }
+
+ return TRUE;
+ }
+
+}
+
+/* End of file Session_database_driver.php */
+/* Location: ./system/libraries/Session/drivers/Session_database_driver.php */
\ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
new file mode 100644
index 0000000..4acbcf6
--- /dev/null
+++ b/system/libraries/Session/drivers/Session_files_driver.php
@@ -0,0 +1,276 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author Andrey Andreev
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 3.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * CodeIgniter Session Files Driver
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+class CI_Session_files_driver extends CI_Session_driver implements SessionHandlerInterface {
+
+ /**
+ * Save path
+ *
+ * @var string
+ */
+ protected $_save_path;
+
+ /**
+ * File handle
+ *
+ * @var resource
+ */
+ protected $_file_handle;
+
+ /**
+ * File name
+ *
+ * @var resource
+ */
+ protected $_file_path;
+
+ /**
+ * File new flag
+ *
+ * @var bool
+ */
+ protected $_file_new;
+
+ // ------------------------------------------------------------------------
+
+ /**
+ * Class constructor
+ *
+ * @param array $params Configuration parameters
+ * @return void
+ */
+ public function __construct(&$params)
+ {
+ parent::__construct($params);
+
+ if (isset($this->_save_path))
+ {
+ $this->_save_path = rtrim($this->_save_path, '/\\');
+ ini_set('session.save_path', $this->_save_path);
+ }
+ else
+ {
+ $this->_save_path = rtrim(ini_get('session.save_path'), '/\\');
+ }
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function open($save_path, $name)
+ {
+ if ( ! is_dir($save_path) && ! mkdir($save_path, 0700, TRUE))
+ {
+ log_message('error', "Session: Configured save path '".$this->_save_path."' is not a directory, doesn't exist or cannot be created.");
+ return FALSE;
+ }
+
+ $this->_save_path = $save_path;
+ $this->_file_path = $this->_save_path.DIRECTORY_SEPARATOR
+ .$name // we'll use the session cookie name as a prefix to avoid collisions
+ .($this->_match_ip ? md5($_SERVER['REMOTE_ADDR']) : '');
+
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function read($session_id)
+ {
+ // This might seem weird, but PHP 5.6 introduces session_reset(),
+ // which re-reads session data
+ if ($this->_file_handle === NULL)
+ {
+ $this->_file_path .= $session_id;
+
+ // Just using fopen() with 'c+b' mode would be perfect, but it is only
+ // available since PHP 5.2.6 and we have to set permissions for new files,
+ // so we'd have to hack around this ...
+ if (($this->_file_new = ! file_exists($this->_file_path)) === TRUE)
+ {
+ if (($this->_file_handle = fopen($this->_file_path, 'w+b')) === FALSE)
+ {
+ log_message('error', "Session: File '".$this->_file_path."' doesn't exist and cannot be created.");
+ return FALSE;
+ }
+ }
+ elseif (($this->_file_handle = fopen($this->_file_path, 'r+b')) === FALSE)
+ {
+ log_message('error', "Session: Unable to open file '".$this->_file_path."'.");
+ return FALSE;
+ }
+
+ if (flock($this->_file_handle, LOCK_EX) === FALSE)
+ {
+ log_message('error', "Session: Unable to obtain lock for file '".$this->_file_path."'.");
+ fclose($this->_file_handle);
+ $this->_file_handle = NULL;
+ return FALSE;
+ }
+
+ if ($this->_file_new)
+ {
+ chmod($this->_file_path, 0600);
+ $this->_fingerprint = md5('');
+ return '';
+ }
+ }
+ else
+ {
+ rewind($this->_file_handle);
+ }
+
+ $session_data = '';
+ for ($read = 0, $length = filesize($this->_file_path); $read < $length; $read += strlen($buffer))
+ {
+ if (($buffer = fread($this->_file_handle, $length - $read)) === FALSE)
+ {
+ break;
+ }
+
+ $session_data .= $buffer;
+ }
+
+ $this->_fingerprint = md5($session_data);
+ return $session_data;
+ }
+
+ public function write($session_id, $session_data)
+ {
+ if ( ! is_resource($this->_file_handle))
+ {
+ return FALSE;
+ }
+ elseif ($this->_fingerprint === md5($session_data))
+ {
+ return ($this->_file_new)
+ ? TRUE
+ : touch($this->_file_path);
+ }
+
+ if ( ! $this->_file_new)
+ {
+ ftruncate($this->_file_handle, 0);
+ rewind($this->_file_handle);
+ }
+
+ for ($written = 0, $length = strlen($session_data); $written < $length; $written += $result)
+ {
+ if (($result = fwrite($this->_file_handle, substr($session_data, $written))) === FALSE)
+ {
+ break;
+ }
+ }
+
+ if ( ! is_int($result))
+ {
+ $this->_fingerprint = md5(substr($session_data, 0, $written));
+ log_message('error', 'Session: Unable to write data.');
+ return FALSE;
+ }
+
+ $this->_fingerprint = md5($session_data);
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function close()
+ {
+ if (is_resource($this->_file_handle))
+ {
+ flock($this->_file_handle, LOCK_UN);
+ fclose($this->_file_handle);
+
+ $this->_file_handle = $this->_file_new = NULL;
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function destroy($session_id)
+ {
+ if ($this->close())
+ {
+ return unlink($this->_file_path) && $this->_cookie_destroy();
+ }
+ elseif ($this->_file_path !== NULL)
+ {
+ clearstatcache();
+ return file_exists($this->_file_path)
+ ? (unlink($this->_file_path) && $this->_cookie_destroy())
+ : TRUE;
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function gc($maxlifetime)
+ {
+ if ( ! is_dir($this->_save_path) OR ($files = scandir($this->_save_path)) === FALSE)
+ {
+ log_message('debug', "Session: Garbage collector couldn't list files under directory '".$this->_save_path."'.");
+ return FALSE;
+ }
+
+ $ts = time() - $maxlifetime;
+
+ foreach ($files as $file)
+ {
+ // If the filename doesn't match this pattern, it's either not a session file or is not ours
+ if ( ! preg_match('/(?:[0-9a-f]{32})?[0-9a-f]{40}$/i', $file)
+ OR ! is_file($this->_save_path.DIRECTORY_SEPARATOR.$file)
+ OR ($mtime = filemtime($file)) === FALSE
+ OR $mtime > $ts)
+ {
+ continue;
+ }
+
+ unlink($this->_save_path.DIRECTORY_SEPARATOR.$file);
+ }
+
+ return TRUE;
+ }
+
+}
+
+/* End of file Session_files_driver.php */
+/* Location: ./system/libraries/Session/drivers/Session_files_driver.php */
\ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
deleted file mode 100644
index 4104652..0000000
--- a/system/libraries/Session/drivers/Session_native.php
+++ /dev/null
@@ -1,246 +0,0 @@
-<?php
-/**
- * CodeIgniter
- *
- * An open source application development framework for PHP 5.2.4 or newer
- *
- * NOTICE OF LICENSE
- *
- * Licensed under the Open Software License version 3.0
- *
- * This source file is subject to the Open Software License (OSL 3.0) that is
- * bundled with this package in the files license.txt / license.rst. It is
- * also available through the world wide web at this URL:
- * http://opensource.org/licenses/OSL-3.0
- * If you did not receive a copy of the license and are unable to obtain it
- * through the world wide web, please send an email to
- * licensing@ellislab.com so we can send you a copy immediately.
- *
- * @package CodeIgniter
- * @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
- * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
- * @link http://codeigniter.com
- * @since Version 1.0
- * @filesource
- */
-defined('BASEPATH') OR exit('No direct script access allowed');
-
-/**
- * Native PHP session management driver
- *
- * This is the driver that uses the native PHP $_SESSION array through the Session driver library.
- *
- * @package CodeIgniter
- * @subpackage Libraries
- * @category Sessions
- * @author EllisLab Dev Team
- */
-class CI_Session_native extends CI_Session_driver {
-
- /**
- * Initialize session driver object
- *
- * @return void
- */
- protected function initialize()
- {
- // Get config parameters
- $config = array();
- $prefs = array(
- 'sess_cookie_name',
- 'sess_expire_on_close',
- 'sess_expiration',
- 'sess_match_ip',
- 'sess_match_useragent',
- 'sess_time_to_update',
- 'cookie_prefix',
- 'cookie_path',
- 'cookie_domain',
- 'cookie_secure',
- 'cookie_httponly'
- );
-
- foreach ($prefs as $key)
- {
- $config[$key] = isset($this->_parent->params[$key])
- ? $this->_parent->params[$key]
- : $this->CI->config->item($key);
- }
-
- // Set session name, if specified
- if ($config['sess_cookie_name'])
- {
- // Differentiate name from cookie driver with '_id' suffix
- $name = $config['sess_cookie_name'].'_id';
- if ($config['cookie_prefix'])
- {
- // Prepend cookie prefix
- $name = $config['cookie_prefix'].$name;
- }
- session_name($name);
- }
-
- // Set expiration, path, and domain
- $expire = 7200;
- $path = '/';
- $domain = '';
- $secure = (bool) $config['cookie_secure'];
- $http_only = (bool) $config['cookie_httponly'];
-
- if ($config['sess_expiration'] !== FALSE)
- {
- // Default to 2 years if expiration is "0"
- $expire = ($config['sess_expiration'] == 0) ? (60*60*24*365*2) : $config['sess_expiration'];
- }
-
- if ($config['cookie_path'])
- {
- // Use specified path
- $path = $config['cookie_path'];
- }
-
- if ($config['cookie_domain'])
- {
- // Use specified domain
- $domain = $config['cookie_domain'];
- }
-
- session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain, $secure, $http_only);
-
- // Start session
- session_start();
-
- // Check session expiration, ip, and agent
- $now = time();
- $destroy = FALSE;
- if (isset($_SESSION['last_activity']) && (($_SESSION['last_activity'] + $expire) < $now OR $_SESSION['last_activity'] > $now))
- {
- // Expired - destroy
- log_message('debug', 'Session: Expired');
- $destroy = TRUE;
- }
- elseif ($config['sess_match_ip'] === TRUE && isset($_SESSION['ip_address'])
- && $_SESSION['ip_address'] !== $this->CI->input->ip_address())
- {
- // IP doesn't match - destroy
- log_message('debug', 'Session: IP address mismatch');
- $destroy = TRUE;
- }
- elseif ($config['sess_match_useragent'] === TRUE && isset($_SESSION['user_agent'])
- && $_SESSION['user_agent'] !== trim(substr($this->CI->input->user_agent(), 0, 50)))
- {
- // Agent doesn't match - destroy
- log_message('debug', 'Session: User Agent string mismatch');
- $destroy = TRUE;
- }
-
- // Destroy expired or invalid session
- if ($destroy)
- {
- // Clear old session and start new
- $this->sess_destroy();
- session_start();
- }
-
- // Check for update time
- if ($config['sess_time_to_update'] && isset($_SESSION['last_activity'])
- && ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now)
- {
- // Changing the session ID amidst a series of AJAX calls causes problems
- if ( ! $this->CI->input->is_ajax_request())
- {
- // Regenerate ID, but don't destroy session
- log_message('debug', 'Session: Regenerate ID');
- $this->sess_regenerate(FALSE);
- }
- }
-
- // Set activity time
- $_SESSION['last_activity'] = $now;
-
- // Set matching values as required
- if ($config['sess_match_ip'] === TRUE && ! isset($_SESSION['ip_address']))
- {
- // Store user IP address
- $_SESSION['ip_address'] = $this->CI->input->ip_address();
- }
-
- if ($config['sess_match_useragent'] === TRUE && ! isset($_SESSION['user_agent']))
- {
- // Store user agent string
- $_SESSION['user_agent'] = trim(substr($this->CI->input->user_agent(), 0, 50));
- }
-
- // Make session ID available
- $_SESSION['session_id'] = session_id();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Save the session data
- *
- * @return void
- */
- public function sess_save()
- {
- // Nothing to do - changes to $_SESSION are automatically saved
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Destroy the current session
- *
- * @return void
- */
- public function sess_destroy()
- {
- // Cleanup session
- $_SESSION = array();
- $name = session_name();
- if (isset($_COOKIE[$name]))
- {
- // Clear session cookie
- $params = session_get_cookie_params();
- setcookie($name, '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
- unset($_COOKIE[$name]);
- }
- session_destroy();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Regenerate the current session
- *
- * Regenerate the session id
- *
- * @param bool Destroy session data flag (default: FALSE)
- * @return void
- */
- public function sess_regenerate($destroy = FALSE)
- {
- // Just regenerate id, passing destroy flag
- session_regenerate_id($destroy);
- $_SESSION['session_id'] = session_id();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Get a reference to user data array
- *
- * @return array Reference to userdata
- */
- public function &get_userdata()
- {
- // Just return reference to $_SESSION
- return $_SESSION;
- }
-
-}
-
-/* End of file Session_native.php */
-/* Location: ./system/libraries/Session/drivers/Session_native.php */
\ No newline at end of file