Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 4c316b6bdfa970e98127ea280fcc77ff1288190f / . / system / libraries / Session.php
blob: 3195f0a9121588212183ef038d835eba8b3840f6 [file] [log] [blame]
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]1<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]2/**
3 * CodeIgniter
4 *
Phil Sturgeon07c1ac82012-03-09 17:03:37 +0000[diff] [blame]5 * An open source application development framework for PHP 5.2.4 or newer
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]6 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]7 * NOTICE OF LICENSE
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]8 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]9 * Licensed under the Open Software License version 3.0
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]10 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]11 * This source file is subject to the Open Software License (OSL 3.0) that is
Andrey Andreevf863a022012-01-24 15:31:54 +0200[diff] [blame]12 * bundled with this package in the files license.txt / license.rst. It is
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]13 * also available through the world wide web at this URL:
14 * http://opensource.org/licenses/OSL-3.0
15 * If you did not receive a copy of the license and are unable to obtain it
16 * through the world wide web, please send an email to
17 * licensing@ellislab.com so we can send you a copy immediately.
18 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]19 * @package CodeIgniter
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]20 * @author EllisLab Dev Team
Greg Aker0defe5d2012-01-01 18:46:41 -0600[diff] [blame]21 * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/)
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]22 * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]23 * @link http://codeigniter.com
24 * @since Version 1.0
25 * @filesource
26 */
27
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]28/**
29 * Session Class
30 *
31 * @package CodeIgniter
32 * @subpackage Libraries
33 * @category Sessions
Derek Jonesf4a4bd82011-10-20 12:18:42 -0500[diff] [blame]34 * @author EllisLab Dev Team
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]35 * @link http://codeigniter.com/user_guide/libraries/sessions.html
36 */
37class CI_Session {
38
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]39 /**
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]40 * Whether to encrypt the session cookie
41 *
42 * @var bool
43 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]44 public $sess_encrypt_cookie = FALSE;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]45
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]46 /**
47 * Whether to use to the database for session storage
48 *
49 * @var bool
50 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]51 public $sess_use_database = FALSE;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]52
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]53 /**
54 * Name of the database table in which to store sessions
55 *
56 * @var string
57 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]58 public $sess_table_name = '';
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]59
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]60 /**
61 * Length of time (in seconds) for sessions to expire
62 *
63 * @var int
64 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]65 public $sess_expiration = 7200;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]66
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]67 /**
68 * Whether to kill session on close of browser window
69 *
70 * @var bool
71 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]72 public $sess_expire_on_close = FALSE;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]73
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]74 /**
75 * Whether to match session on ip address
76 *
77 * @var bool
78 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]79 public $sess_match_ip = FALSE;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]80
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]81 /**
82 * Whether to match session on user-agent
83 *
84 * @var bool
85 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]86 public $sess_match_useragent = TRUE;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]87
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]88 /**
89 * Name of session cookie
90 *
91 * @var string
92 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]93 public $sess_cookie_name = 'ci_session';
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]94
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]95 /**
96 * Session cookie prefix
97 *
98 * @var string
99 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]100 public $cookie_prefix = '';
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]101
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]102 /**
103 * Session cookie path
104 *
105 * @var string
106 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]107 public $cookie_path = '';
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]108
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]109 /**
110 * Session cookie domain
111 *
112 * @var string
113 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]114 public $cookie_domain = '';
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]115
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]116 /**
117 * Whether to set the cookie only on HTTPS connections
118 *
119 * @var bool
120 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]121 public $cookie_secure = FALSE;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]122
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]123 /**
124 * Whether cookie should be allowed only to be sent by the server
125 *
126 * @var bool
127 */
freewil4ad0fd82012-03-13 22:37:42 -0400[diff] [blame]128 public $cookie_httponly = FALSE;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]129
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]130 /**
131 * Interval at which to update session
132 *
133 * @var int
134 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]135 public $sess_time_to_update = 300;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]136
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]137 /**
138 * Key with which to encrypt the session cookie
139 *
140 * @var string
141 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]142 public $encryption_key = '';
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]143
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]144 /**
145 * String to indicate flash data cookies
146 *
147 * @var string
148 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]149 public $flashdata_key = 'flash';
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]150
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]151 /**
152 * Function to use to get the current time
153 *
154 * @var string
155 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]156 public $time_reference = 'time';
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]157
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]158 /**
159 * Probablity level of garbage collection of old sessions
160 *
161 * @var int
162 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]163 public $gc_probability = 5;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]164
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]165 /**
166 * Session data
167 *
168 * @var array
169 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]170 public $userdata = array();
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]171
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]172 /**
173 * Reference to CodeIgniter instance
174 *
175 * @var object
176 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]177 public $CI;
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]178
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]179 /**
180 * Current time
181 *
182 * @var int
183 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]184 public $now;
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]185
186 /**
187 * Session Constructor
188 *
189 * The constructor runs the session routines automatically
190 * whenever the class is instantiated.
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]191 *
192 * @param array
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]193 */
Greg Akera9263282010-11-10 15:26:43 -0600[diff] [blame]194 public function __construct($params = array())
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]195 {
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]196 log_message('debug', 'Session Class Initialized');
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]197
198 // Set the super object to a local variable for use throughout the class
199 $this->CI =& get_instance();
200
201 // Set all the session preferences, which can either be set
202 // manually via the $params array above or via the config file
freewil4ad0fd82012-03-13 22:37:42 -0400[diff] [blame]203 foreach (array('sess_encrypt_cookie', 'sess_use_database', 'sess_table_name', 'sess_expiration', 'sess_expire_on_close', 'sess_match_ip', 'sess_match_useragent', 'sess_cookie_name', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'sess_time_to_update', 'time_reference', 'cookie_prefix', 'encryption_key') as $key)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]204 {
205 $this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key);
206 }
207
Derek Jones5485db52010-08-30 21:31:08 -0500[diff] [blame]208 if ($this->encryption_key == '')
209 {
210 show_error('In order to use the Session class you are required to set an encryption key in your config file.');
211 }
212
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]213 // Load the string helper so we can use the strip_slashes() function
214 $this->CI->load->helper('string');
215
216 // Do we need encryption? If so, load the encryption class
217 if ($this->sess_encrypt_cookie == TRUE)
218 {
219 $this->CI->load->library('encrypt');
220 }
221
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]222 // Are we using a database? If so, load it
Andrey Andreevf8868182012-01-20 13:14:53 +0200[diff] [blame]223 if ($this->sess_use_database === TRUE && $this->sess_table_name != '')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]224 {
225 $this->CI->load->database();
226 }
227
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]228 // Set the "now" time. Can either be GMT or server time, based on the
229 // config prefs. We use this to set the "last activity" time
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]230 $this->now = $this->_get_time();
231
232 // Set the session length. If the session expiration is
233 // set to zero we'll set the expiration two years from now.
234 if ($this->sess_expiration == 0)
235 {
236 $this->sess_expiration = (60*60*24*365*2);
237 }
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]238
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]239 // Set the cookie name
240 $this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;
241
242 // Run the Session routine. If a session doesn't exist we'll
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]243 // create a new one. If it does, we'll update it.
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]244 if ( ! $this->sess_read())
245 {
246 $this->sess_create();
247 }
248 else
249 {
250 $this->sess_update();
251 }
252
253 // Delete 'old' flashdata (from last request)
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]254 $this->_flashdata_sweep();
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]255
256 // Mark all new flashdata as old (data will be deleted before next request)
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]257 $this->_flashdata_mark();
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]258
259 // Delete expired sessions if necessary
260 $this->_sess_gc();
261
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]262 log_message('debug', 'Session routines successfully run');
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]263 }
264
265 // --------------------------------------------------------------------
266
267 /**
268 * Fetch the current session data if it exists
269 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]270 * @return bool
271 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]272 public function sess_read()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]273 {
274 // Fetch the cookie
275 $session = $this->CI->input->cookie($this->sess_cookie_name);
276
Derek Jones4b9c6292011-07-01 17:40:48 -0500[diff] [blame]277 // No cookie? Goodbye cruel world!...
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]278 if ($session === FALSE)
279 {
280 log_message('debug', 'A session cookie was not found.');
281 return FALSE;
282 }
283
284 // Decrypt the cookie data
285 if ($this->sess_encrypt_cookie == TRUE)
286 {
287 $session = $this->CI->encrypt->decode($session);
288 }
289 else
290 {
291 // encryption was not used, so we need to check the md5 hash
292 $hash = substr($session, strlen($session)-32); // get last 32 chars
293 $session = substr($session, 0, strlen($session)-32);
294
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]295 // Does the md5 hash match? This is to prevent manipulation of session data in userspace
Derek Jones4b9c6292011-07-01 17:40:48 -0500[diff] [blame]296 if ($hash !== md5($session.$this->encryption_key))
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]297 {
298 log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
299 $this->sess_destroy();
300 return FALSE;
301 }
302 }
303
304 // Unserialize the session array
305 $session = $this->_unserialize($session);
306
307 // Is the session data we unserialized an array with the correct format?
Andrey Andreev7e087f52012-01-20 11:46:27 +0200[diff] [blame]308 if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))
309 {
310 $this->sess_destroy();
311 return FALSE;
312 }
313
314 // Is the session current?
315 if (($session['last_activity'] + $this->sess_expiration) < $this->now)
316 {
317 $this->sess_destroy();
318 return FALSE;
319 }
320
321 // Does the IP match?
322 if ($this->sess_match_ip == TRUE && $session['ip_address'] !== $this->CI->input->ip_address())
323 {
324 $this->sess_destroy();
325 return FALSE;
326 }
327
328 // Does the User Agent Match?
329 if ($this->sess_match_useragent == TRUE && trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]330 {
331 $this->sess_destroy();
332 return FALSE;
333 }
334
335 // Is there a corresponding session in the DB?
336 if ($this->sess_use_database === TRUE)
337 {
338 $this->CI->db->where('session_id', $session['session_id']);
339
340 if ($this->sess_match_ip == TRUE)
341 {
342 $this->CI->db->where('ip_address', $session['ip_address']);
343 }
344
345 if ($this->sess_match_useragent == TRUE)
346 {
347 $this->CI->db->where('user_agent', $session['user_agent']);
348 }
349
Timothy Warrenf1421922012-03-02 11:51:42 -0500[diff] [blame]350 $query = $this->CI->db->limit(1)->get($this->sess_table_name);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]351
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]352 // No result? Kill it!
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]353 if ($query->num_rows() === 0)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]354 {
355 $this->sess_destroy();
356 return FALSE;
357 }
358
Derek Jones4b9c6292011-07-01 17:40:48 -0500[diff] [blame]359 // Is there custom data? If so, add it to the main session array
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]360 $row = $query->row();
Andrey Andreevf8868182012-01-20 13:14:53 +0200[diff] [blame]361 if (isset($row->user_data) && $row->user_data != '')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]362 {
363 $custom_data = $this->_unserialize($row->user_data);
364
365 if (is_array($custom_data))
366 {
367 foreach ($custom_data as $key => $val)
368 {
369 $session[$key] = $val;
370 }
371 }
372 }
373 }
374
375 // Session is valid!
376 $this->userdata = $session;
377 unset($session);
378
379 return TRUE;
380 }
381
382 // --------------------------------------------------------------------
383
384 /**
385 * Write the session data
386 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]387 * @return void
388 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]389 public function sess_write()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]390 {
Derek Jones4b9c6292011-07-01 17:40:48 -0500[diff] [blame]391 // Are we saving custom data to the DB? If not, all we do is update the cookie
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]392 if ($this->sess_use_database === FALSE)
393 {
394 $this->_set_cookie();
395 return;
396 }
397
398 // set the custom userdata, the session data we will set in a second
399 $custom_userdata = $this->userdata;
400 $cookie_userdata = array();
401
402 // Before continuing, we need to determine if there is any custom data to deal with.
403 // Let's determine this by removing the default indexes to see if there's anything left in the array
404 // and set the session data while we're at it
405 foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
406 {
407 unset($custom_userdata[$val]);
408 $cookie_userdata[$val] = $this->userdata[$val];
409 }
410
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]411 // Did we find any custom data? If not, we turn the empty array into a string
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]412 // since there's no reason to serialize and store an empty array in the DB
413 if (count($custom_userdata) === 0)
414 {
415 $custom_userdata = '';
416 }
417 else
418 {
419 // Serialize the custom data array so we can store it
420 $custom_userdata = $this->_serialize($custom_userdata);
421 }
422
423 // Run the update query
424 $this->CI->db->where('session_id', $this->userdata['session_id']);
425 $this->CI->db->update($this->sess_table_name, array('last_activity' => $this->userdata['last_activity'], 'user_data' => $custom_userdata));
426
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]427 // Write the cookie. Notice that we manually pass the cookie data array to the
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]428 // _set_cookie() function. Normally that function will store $this->userdata, but
429 // in this case that array contains custom data, which we do not want in the cookie.
430 $this->_set_cookie($cookie_userdata);
431 }
432
433 // --------------------------------------------------------------------
434
435 /**
436 * Create a new session
437 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]438 * @return void
439 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]440 public function sess_create()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]441 {
442 $sessid = '';
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]443 do
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]444 {
445 $sessid .= mt_rand(0, mt_getrandmax());
446 }
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]447 while (strlen($sessid) < 32);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]448
449 // To make the session ID even more secure we'll combine it with the user's IP
450 $sessid .= $this->CI->input->ip_address();
451
452 $this->userdata = array(
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]453 'session_id' => md5(uniqid($sessid, TRUE)),
454 'ip_address' => $this->CI->input->ip_address(),
455 'user_agent' => substr($this->CI->input->user_agent(), 0, 120),
456 'last_activity' => $this->now,
457 'user_data' => ''
458 );
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]459
460 // Save the data to the DB if needed
461 if ($this->sess_use_database === TRUE)
462 {
463 $this->CI->db->query($this->CI->db->insert_string($this->sess_table_name, $this->userdata));
464 }
465
466 // Write the cookie
467 $this->_set_cookie();
468 }
469
470 // --------------------------------------------------------------------
471
472 /**
473 * Update an existing session
474 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]475 * @return void
476 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]477 public function sess_update()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]478 {
479 // We only update the session every five minutes by default
Andrey Andreev9c622f32012-01-19 14:12:54 +0200[diff] [blame]480 if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]481 {
482 return;
483 }
484
Andrey Andreev9c622f32012-01-19 14:12:54 +0200[diff] [blame]485 // _set_cookie() will handle this for us if we aren't using database sessions
486 // by pushing all userdata to the cookie.
487 $cookie_data = NULL;
488
489 /* Changing the session ID during an AJAX call causes problems,
490 * so we'll only update our last_activity
491 */
492 if ($this->CI->input->is_ajax_request())
493 {
494 $this->userdata['last_activity'] = $this->now;
495
496 // Update the session ID and last_activity field in the DB if needed
497 if ($this->sess_use_database === TRUE)
498 {
499 // set cookie explicitly to only have our session data
500 $cookie_data = array();
501 foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
502 {
503 $cookie_data[$val] = $this->userdata[$val];
504 }
505
506 $this->CI->db->query($this->CI->db->update_string($this->sess_table_name,
507 array('last_activity' => $this->userdata['last_activity']),
508 array('session_id' => $this->userdata['session_id'])));
509 }
510
511 return $this->_set_cookie($cookie_data);
512 }
513
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]514 // Save the old session id so we know which record to
515 // update in the database if we need it
516 $old_sessid = $this->userdata['session_id'];
517 $new_sessid = '';
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]518 do
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]519 {
520 $new_sessid .= mt_rand(0, mt_getrandmax());
521 }
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]522 while (strlen($new_sessid) < 32);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]523
524 // To make the session ID even more secure we'll combine it with the user's IP
525 $new_sessid .= $this->CI->input->ip_address();
526
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]527 // Turn it into a hash and update the session data array
528 $this->userdata['session_id'] = $new_sessid = md5(uniqid($new_sessid, TRUE));
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]529 $this->userdata['last_activity'] = $this->now;
530
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]531 // Update the session ID and last_activity field in the DB if needed
532 if ($this->sess_use_database === TRUE)
533 {
534 // set cookie explicitly to only have our session data
535 $cookie_data = array();
536 foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
537 {
538 $cookie_data[$val] = $this->userdata[$val];
539 }
540
541 $this->CI->db->query($this->CI->db->update_string($this->sess_table_name, array('last_activity' => $this->now, 'session_id' => $new_sessid), array('session_id' => $old_sessid)));
542 }
543
544 // Write the cookie
545 $this->_set_cookie($cookie_data);
546 }
547
548 // --------------------------------------------------------------------
549
550 /**
551 * Destroy the current session
552 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]553 * @return void
554 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]555 public function sess_destroy()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]556 {
557 // Kill the session DB row
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]558 if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]559 {
560 $this->CI->db->where('session_id', $this->userdata['session_id']);
561 $this->CI->db->delete($this->sess_table_name);
562 }
563
564 // Kill the cookie
565 setcookie(
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]566 $this->sess_cookie_name,
567 addslashes(serialize(array())),
568 ($this->now - 31500000),
569 $this->cookie_path,
570 $this->cookie_domain,
571 0
572 );
Michiel Vugteveen4c316b62012-05-04 11:32:48 +0200[diff] [blame^]573
574 // Kill session data
575 $this->userdata = array();
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]576 }
577
578 // --------------------------------------------------------------------
579
580 /**
581 * Fetch a specific item from the session array
582 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]583 * @param string
584 * @return string
585 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]586 public function userdata($item)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]587 {
Andrey Andreev6b831232012-03-06 11:16:57 +0200[diff] [blame]588 return isset($this->userdata[$item]) ? $this->userdata[$item] : FALSE;
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]589 }
590
591 // --------------------------------------------------------------------
592
593 /**
594 * Fetch all session data
595 *
Greg Aker34033662011-04-18 11:18:09 -0500[diff] [blame]596 * @return array
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]597 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]598 public function all_userdata()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]599 {
Greg Aker34033662011-04-18 11:18:09 -0500[diff] [blame]600 return $this->userdata;
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]601 }
Andrey Andreev38d0e932012-04-03 19:27:45 +0300[diff] [blame]602
Mike Funkc15e17c2012-02-23 14:56:18 -0500[diff] [blame]603 // --------------------------------------------------------------------------
Andrey Andreev38d0e932012-04-03 19:27:45 +0300[diff] [blame]604
Mike Funkc15e17c2012-02-23 14:56:18 -0500[diff] [blame]605 /**
606 * Fetch all flashdata
Andrey Andreev38d0e932012-04-03 19:27:45 +0300[diff] [blame]607 *
Mike Funkc91a66c2012-02-28 13:46:00 -0500[diff] [blame]608 * @return array
Mike Funkc15e17c2012-02-23 14:56:18 -0500[diff] [blame]609 */
610 public function all_flashdata()
611 {
612 $out = array();
Andrey Andreev38d0e932012-04-03 19:27:45 +0300[diff] [blame]613
Mike Funkc15e17c2012-02-23 14:56:18 -0500[diff] [blame]614 // loop through all userdata
615 foreach ($this->all_userdata() as $key => $val)
Andrey Andreev38d0e932012-04-03 19:27:45 +0300[diff] [blame]616 {
Mike Funkc15e17c2012-02-23 14:56:18 -0500[diff] [blame]617 // if it contains flashdata, add it
618 if (strpos($key, 'flash:old:') !== FALSE)
619 {
620 $out[$key] = $val;
621 }
622 }
623 return $out;
624 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]625
626 // --------------------------------------------------------------------
627
628 /**
629 * Add or change data in the "userdata" array
630 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]631 * @param mixed
632 * @param string
633 * @return void
634 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]635 public function set_userdata($newdata = array(), $newval = '')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]636 {
637 if (is_string($newdata))
638 {
639 $newdata = array($newdata => $newval);
640 }
641
642 if (count($newdata) > 0)
643 {
644 foreach ($newdata as $key => $val)
645 {
646 $this->userdata[$key] = $val;
647 }
648 }
649
650 $this->sess_write();
651 }
652
653 // --------------------------------------------------------------------
654
655 /**
656 * Delete a session variable from the "userdata" array
657 *
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]658 * @param array
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]659 * @return void
660 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]661 public function unset_userdata($newdata = array())
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]662 {
663 if (is_string($newdata))
664 {
665 $newdata = array($newdata => '');
666 }
667
668 if (count($newdata) > 0)
669 {
670 foreach ($newdata as $key => $val)
671 {
672 unset($this->userdata[$key]);
673 }
674 }
675
676 $this->sess_write();
677 }
678
679 // ------------------------------------------------------------------------
680
681 /**
682 * Add or change flashdata, only available
683 * until the next request
684 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]685 * @param mixed
686 * @param string
687 * @return void
688 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]689 public function set_flashdata($newdata = array(), $newval = '')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]690 {
691 if (is_string($newdata))
692 {
693 $newdata = array($newdata => $newval);
694 }
695
696 if (count($newdata) > 0)
697 {
698 foreach ($newdata as $key => $val)
699 {
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]700 $this->set_userdata($this->flashdata_key.':new:'.$key, $val);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]701 }
702 }
703 }
704
705 // ------------------------------------------------------------------------
706
707 /**
708 * Keeps existing flashdata available to next request.
709 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]710 * @param string
711 * @return void
712 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]713 public function keep_flashdata($key)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]714 {
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]715 // 'old' flashdata gets removed. Here we mark all
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]716 // flashdata as 'new' to preserve it from _flashdata_sweep()
717 // Note the function will return FALSE if the $key
718 // provided cannot be found
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]719 $value = $this->userdata($this->flashdata_key.':old:'.$key);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]720
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]721 $this->set_userdata($this->flashdata_key.':new:'.$key, $value);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]722 }
723
724 // ------------------------------------------------------------------------
725
726 /**
727 * Fetch a specific flashdata item from the session array
728 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]729 * @param string
730 * @return string
731 */
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]732 public function flashdata($key)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]733 {
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]734 return $this->userdata($this->flashdata_key.':old:'.$key);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]735 }
736
737 // ------------------------------------------------------------------------
738
739 /**
740 * Identifies flashdata as 'old' for removal
741 * when _flashdata_sweep() runs.
742 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]743 * @return void
744 */
Andrey Andreev2c79b762011-12-26 16:54:44 +0200[diff] [blame]745 protected function _flashdata_mark()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]746 {
747 $userdata = $this->all_userdata();
748 foreach ($userdata as $name => $value)
749 {
750 $parts = explode(':new:', $name);
751 if (is_array($parts) && count($parts) === 2)
752 {
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]753 $this->set_userdata($this->flashdata_key.':old:'.$parts[1], $value);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]754 $this->unset_userdata($name);
755 }
756 }
757 }
758
759 // ------------------------------------------------------------------------
760
761 /**
762 * Removes all flashdata marked as 'old'
763 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]764 * @return void
765 */
Andrey Andreev2c79b762011-12-26 16:54:44 +0200[diff] [blame]766 protected function _flashdata_sweep()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]767 {
768 $userdata = $this->all_userdata();
769 foreach ($userdata as $key => $value)
770 {
771 if (strpos($key, ':old:'))
772 {
773 $this->unset_userdata($key);
774 }
775 }
776
777 }
778
779 // --------------------------------------------------------------------
780
781 /**
782 * Get the "now" time
783 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]784 * @return string
785 */
Andrey Andreev2c79b762011-12-26 16:54:44 +0200[diff] [blame]786 protected function _get_time()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]787 {
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]788 return (strtolower($this->time_reference) === 'gmt')
789 ? mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'))
790 : time();
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]791 }
792
793 // --------------------------------------------------------------------
794
795 /**
796 * Write the session cookie
797 *
Timothy Warren68f09812012-04-27 10:38:32 -0400[diff] [blame]798 * @param mixed
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]799 * @return void
800 */
Andrey Andreev2c79b762011-12-26 16:54:44 +0200[diff] [blame]801 protected function _set_cookie($cookie_data = NULL)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]802 {
803 if (is_null($cookie_data))
804 {
805 $cookie_data = $this->userdata;
806 }
807
808 // Serialize the userdata for the cookie
809 $cookie_data = $this->_serialize($cookie_data);
810
811 if ($this->sess_encrypt_cookie == TRUE)
812 {
813 $cookie_data = $this->CI->encrypt->encode($cookie_data);
814 }
815 else
816 {
817 // if encryption is not used, we provide an md5 hash to prevent userside tampering
818 $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key);
819 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]820
Derek Joneseaa71ba2010-09-02 10:32:07 -0500[diff] [blame]821 $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]822
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]823 // Set the cookie
824 setcookie(
freewil4ad0fd82012-03-13 22:37:42 -0400[diff] [blame]825 $this->sess_cookie_name,
826 $cookie_data,
827 $expire,
828 $this->cookie_path,
829 $this->cookie_domain,
830 $this->cookie_secure,
831 $this->cookie_httponly
832 );
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]833 }
834
835 // --------------------------------------------------------------------
836
837 /**
838 * Serialize an array
839 *
840 * This function first converts any slashes found in the array to a temporary
841 * marker, so when it gets unserialized the slashes will be preserved
842 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]843 * @param array
844 * @return string
845 */
Andrey Andreev2c79b762011-12-26 16:54:44 +0200[diff] [blame]846 protected function _serialize($data)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]847 {
848 if (is_array($data))
849 {
Chris Muench95933492011-10-16 14:14:04 -0400[diff] [blame]850 array_walk_recursive($data, array(&$this, '_escape_slashes'));
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]851 }
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]852 elseif (is_string($data))
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]853 {
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]854 $data = str_replace('\\', '{{slash}}', $data);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]855 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]856 return serialize($data);
857 }
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]858
Chris Muench95933492011-10-16 14:14:04 -0400[diff] [blame]859 /**
860 * Escape slashes
861 *
862 * This function converts any slashes found into a temporary marker
863 *
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]864 * @param string
865 * @param string
866 * @return void
Chris Muench95933492011-10-16 14:14:04 -0400[diff] [blame]867 */
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]868 protected function _escape_slashes(&$val, $key)
Chris Muench95933492011-10-16 14:14:04 -0400[diff] [blame]869 {
870 if (is_string($val))
871 {
872 $val = str_replace('\\', '{{slash}}', $val);
873 }
874 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]875
876 // --------------------------------------------------------------------
877
878 /**
879 * Unserialize
880 *
881 * This function unserializes a data string, then converts any
882 * temporary slash markers back to actual slashes
883 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]884 * @param array
885 * @return string
886 */
Andrey Andreev2c79b762011-12-26 16:54:44 +0200[diff] [blame]887 protected function _unserialize($data)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]888 {
Andrey Andreev6b831232012-03-06 11:16:57 +0200[diff] [blame]889 $data = @unserialize(strip_slashes(trim($data)));
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]890
891 if (is_array($data))
892 {
Chris Muench95933492011-10-16 14:14:04 -0400[diff] [blame]893 array_walk_recursive($data, array(&$this, '_unescape_slashes'));
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]894 return $data;
895 }
896
Andrey Andreev6b831232012-03-06 11:16:57 +0200[diff] [blame]897 return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data;
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]898 }
Andrey Andreev57ffbbb2011-12-25 04:48:47 +0200[diff] [blame]899
Andrey Andreev6b831232012-03-06 11:16:57 +0200[diff] [blame]900 // --------------------------------------------------------------------
901
Chris Muench95933492011-10-16 14:14:04 -0400[diff] [blame]902 /**
903 * Unescape slashes
904 *
905 * This function converts any slash markers back into actual slashes
906 *
Andrey Andreeveea2ff52012-01-19 13:21:53 +0200[diff] [blame]907 * @param string
908 * @param string
909 * @return void
Chris Muench95933492011-10-16 14:14:04 -0400[diff] [blame]910 */
Andrey Andreev2c79b762011-12-26 16:54:44 +0200[diff] [blame]911 protected function _unescape_slashes(&$val, $key)
Chris Muench95933492011-10-16 14:14:04 -0400[diff] [blame]912 {
Chris Muench3e414f92011-10-16 23:03:55 -0400[diff] [blame]913 if (is_string($val))
914 {
915 $val= str_replace('{{slash}}', '\\', $val);
916 }
Chris Muench95933492011-10-16 14:14:04 -0400[diff] [blame]917 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]918
919 // --------------------------------------------------------------------
920
921 /**
922 * Garbage collection
923 *
924 * This deletes expired session rows from database
925 * if the probability percentage is met
926 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]927 * @return void
928 */
Andrey Andreev2c79b762011-12-26 16:54:44 +0200[diff] [blame]929 protected function _sess_gc()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]930 {
931 if ($this->sess_use_database != TRUE)
932 {
933 return;
934 }
935
936 srand(time());
937 if ((rand() % 100) < $this->gc_probability)
938 {
939 $expire = $this->now - $this->sess_expiration;
940
Andrey Andreev6b831232012-03-06 11:16:57 +0200[diff] [blame]941 $this->CI->db->where('last_activity < '.$expire);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]942 $this->CI->db->delete($this->sess_table_name);
943
944 log_message('debug', 'Session garbage collection performed.');
945 }
946 }
947
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]948}
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]949
950/* End of file Session.php */
Andrey Andreev38d0e932012-04-03 19:27:45 +0300[diff] [blame]951/* Location: ./system/libraries/Session.php */