Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 58626b35b0b272c5e37a7a22c3efb68145dab14a / . / system / libraries / Session.php
blob: 2cdd50c2396480dd6e540e4fedd3018e0101a257 [file] [log] [blame]
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]1<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
2/**
3 * CodeIgniter
4 *
5 * An open source application development framework for PHP 4.3.2 or newer
6 *
7 * @package CodeIgniter
Derek Allard3d879d52008-01-18 19:41:32 +0000[diff] [blame]8 * @author ExpressionEngine Dev Team
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]9 * @copyright Copyright (c) 2006, EllisLab, Inc.
Derek Jones7a9193a2008-01-21 18:39:20 +0000[diff] [blame]10 * @license http://codeigniter.com/user_guide/license.html
11 * @link http://codeigniter.com
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]12 * @since Version 1.0
13 * @filesource
14 */
15
16// ------------------------------------------------------------------------
17
18/**
19 * Session Class
20 *
21 * @package CodeIgniter
22 * @subpackage Libraries
23 * @category Sessions
Derek Allard3d879d52008-01-18 19:41:32 +0000[diff] [blame]24 * @author ExpressionEngine Dev Team
Derek Jones7a9193a2008-01-21 18:39:20 +0000[diff] [blame]25 * @link http://codeigniter.com/user_guide/libraries/sessions.html
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]26 */
27class CI_Session {
28
29 var $CI;
30 var $now;
31 var $encryption = TRUE;
32 var $use_database = FALSE;
33 var $session_table = FALSE;
34 var $sess_length = 7200;
35 var $sess_cookie = 'ci_session';
36 var $userdata = array();
37 var $gc_probability = 5;
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]38 var $flashdata_key = 'flash';
Derek Allard34bc8f82007-08-10 03:26:42 +0000[diff] [blame]39 var $time_to_update = 300;
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]40
41 /**
42 * Session Constructor
43 *
44 * The constructor runs the session routines automatically
45 * whenever the class is instantiated.
46 */
47 function CI_Session()
48 {
49 $this->CI =& get_instance();
50
51 log_message('debug', "Session Class Initialized");
52 $this->sess_run();
53 }
54
55 // --------------------------------------------------------------------
56
57 /**
58 * Run the session routines
59 *
60 * @access public
61 * @return void
62 */
63 function sess_run()
64 {
65 /*
66 * Set the "now" time
67 *
68 * It can either set to GMT or time(). The pref
69 * is set in the config file. If the developer
70 * is doing any sort of time localization they
71 * might want to set the session time to GMT so
Derek Jones63df95e2008-01-30 15:59:12 +0000[diff] [blame]72 * they can offset the "last_activity" time
73 * based on each user's locale.
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]74 *
75 */
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]76
77 if (is_numeric($this->CI->config->item('sess_time_to_update')))
78 {
79 $this->time_to_update = $this->CI->config->item('sess_time_to_update');
80 }
81
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]82 if (strtolower($this->CI->config->item('time_reference')) == 'gmt')
83 {
84 $now = time();
85 $this->now = mktime(gmdate("H", $now), gmdate("i", $now), gmdate("s", $now), gmdate("m", $now), gmdate("d", $now), gmdate("Y", $now));
86
87 if (strlen($this->now) < 10)
88 {
89 $this->now = time();
90 log_message('error', 'The session class could not set a proper GMT timestamp so the local time() value was used.');
91 }
92 }
93 else
94 {
95 $this->now = time();
96 }
97
98 /*
99 * Set the session length
100 *
101 * If the session expiration is set to zero in
102 * the config file we'll set the expiration
103 * two years from now.
104 *
105 */
106 $expiration = $this->CI->config->item('sess_expiration');
107
108 if (is_numeric($expiration))
109 {
110 if ($expiration > 0)
111 {
112 $this->sess_length = $this->CI->config->item('sess_expiration');
113 }
114 else
115 {
116 $this->sess_length = (60*60*24*365*2);
117 }
118 }
119
120 // Do we need encryption?
121 $this->encryption = $this->CI->config->item('sess_encrypt_cookie');
122
123 if ($this->encryption == TRUE)
124 {
125 $this->CI->load->library('encrypt');
126 }
127
128 // Are we using a database?
129 if ($this->CI->config->item('sess_use_database') === TRUE AND $this->CI->config->item('sess_table_name') != '')
130 {
131 $this->use_database = TRUE;
132 $this->session_table = $this->CI->config->item('sess_table_name');
133 $this->CI->load->database();
134 }
135
136 // Set the cookie name
137 if ($this->CI->config->item('sess_cookie_name') != FALSE)
138 {
139 $this->sess_cookie = $this->CI->config->item('cookie_prefix').$this->CI->config->item('sess_cookie_name');
140 }
141
142 /*
143 * Fetch the current session
144 *
145 * If a session doesn't exist we'll create
146 * a new one. If it does, we'll update it.
147 *
148 */
149 if ( ! $this->sess_read())
150 {
151 $this->sess_create();
152 }
153 else
154 {
155 // We only update the session every five minutes
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]156 if (($this->userdata['last_activity'] + $this->time_to_update) < $this->now)
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]157 {
158 $this->sess_update();
159 }
160 }
161
162 // Delete expired sessions if necessary
163 if ($this->use_database === TRUE)
164 {
165 $this->sess_gc();
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]166 }
167
168 // Delete 'old' flashdata (from last request)
169 $this->_flashdata_sweep();
170
171 // Mark all new flashdata as old (data will be deleted before next request)
172 $this->_flashdata_mark();
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]173 }
174
175 // --------------------------------------------------------------------
176
177 /**
178 * Fetch the current session data if it exists
179 *
180 * @access public
181 * @return void
182 */
183 function sess_read()
184 {
185 // Fetch the cookie
186 $session = $this->CI->input->cookie($this->sess_cookie);
187
188 if ($session === FALSE)
189 {
190 log_message('debug', 'A session cookie was not found.');
191 return FALSE;
192 }
193
194 // Decrypt and unserialize the data
195 if ($this->encryption == TRUE)
196 {
197 $session = $this->CI->encrypt->decode($session);
198 }
199
200 $session = @unserialize($this->strip_slashes($session));
201
202 if ( ! is_array($session) OR ! isset($session['last_activity']))
203 {
204 log_message('error', 'The session cookie data did not contain a valid array. This could be a possible hacking attempt.');
205 return FALSE;
206 }
207
208 // Is the session current?
209 if (($session['last_activity'] + $this->sess_length) < $this->now)
210 {
211 $this->sess_destroy();
212 return FALSE;
213 }
214
215 // Does the IP Match?
216 if ($this->CI->config->item('sess_match_ip') == TRUE AND $session['ip_address'] != $this->CI->input->ip_address())
217 {
218 $this->sess_destroy();
219 return FALSE;
220 }
221
222 // Does the User Agent Match?
Derek Allard59c26332007-10-01 12:17:39 +0000[diff] [blame]223 if ($this->CI->config->item('sess_match_useragent') == TRUE AND trim($session['user_agent']) != trim(substr($this->CI->input->user_agent(), 0, 50)))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]224 {
225 $this->sess_destroy();
226 return FALSE;
227 }
228
229 // Is there a corresponding session in the DB?
230 if ($this->use_database === TRUE)
231 {
232 $this->CI->db->where('session_id', $session['session_id']);
233
234 if ($this->CI->config->item('sess_match_ip') == TRUE)
235 {
236 $this->CI->db->where('ip_address', $session['ip_address']);
237 }
238
239 if ($this->CI->config->item('sess_match_useragent') == TRUE)
240 {
241 $this->CI->db->where('user_agent', $session['user_agent']);
242 }
243
244 $query = $this->CI->db->get($this->session_table);
245
246 if ($query->num_rows() == 0)
247 {
248 $this->sess_destroy();
249 return FALSE;
250 }
251 else
252 {
253 $row = $query->row();
254 if (($row->last_activity + $this->sess_length) < $this->now)
255 {
256 $this->CI->db->where('session_id', $session['session_id']);
257 $this->CI->db->delete($this->session_table);
258 $this->sess_destroy();
259 return FALSE;
260 }
261 }
262 }
263
264 // Session is valid!
265 $this->userdata = $session;
266 unset($session);
267
268 return TRUE;
269 }
270
271 // --------------------------------------------------------------------
272
273 /**
274 * Write the session cookie
275 *
276 * @access public
277 * @return void
278 */
279 function sess_write()
280 {
281 $cookie_data = serialize($this->userdata);
282
283 if ($this->encryption == TRUE)
284 {
285 $cookie_data = $this->CI->encrypt->encode($cookie_data);
286 }
287
288 setcookie(
289 $this->sess_cookie,
290 $cookie_data,
291 $this->sess_length + time(),
292 $this->CI->config->item('cookie_path'),
293 $this->CI->config->item('cookie_domain'),
294 0
295 );
296 }
297
298 // --------------------------------------------------------------------
299
300 /**
301 * Create a new session
302 *
303 * @access public
304 * @return void
305 */
306 function sess_create()
307 {
308 $sessid = '';
309 while (strlen($sessid) < 32)
310 {
311 $sessid .= mt_rand(0, mt_getrandmax());
312 }
313
314 $this->userdata = array(
315 'session_id' => md5(uniqid($sessid, TRUE)),
316 'ip_address' => $this->CI->input->ip_address(),
317 'user_agent' => substr($this->CI->input->user_agent(), 0, 50),
318 'last_activity' => $this->now
319 );
320
321
322 // Save the session in the DB if needed
323 if ($this->use_database === TRUE)
324 {
325 $this->CI->db->query($this->CI->db->insert_string($this->session_table, $this->userdata));
326 }
327
328 // Write the cookie
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]329 $this->sess_write();
330 }
331
332 // --------------------------------------------------------------------
333
334 /**
335 * Update an existing session
336 *
337 * @access public
338 * @return void
339 */
340 function sess_update()
341 {
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]342 // Save the old session id so we know which record to
343 // update in the database if we need it
344 $old_sessid = $this->userdata['session_id'];
345 $new_sessid = '';
346 while (strlen($new_sessid) < 32)
347 {
348 $new_sessid .= mt_rand(0, mt_getrandmax());
349 }
350 $new_sessid = md5(uniqid($new_sessid, TRUE));
351
352 // Update the session data in the session data array
353 $this->userdata['session_id'] = $new_sessid;
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]354 $this->userdata['last_activity'] = $this->now;
355
356 // Update the session in the DB if needed
357 if ($this->use_database === TRUE)
358 {
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]359 $this->CI->db->query($this->CI->db->update_string($this->session_table, array('last_activity' => $this->now, 'session_id' => $new_sessid), array('session_id' => $old_sessid)));
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]360 }
361
362 // Write the cookie
363 $this->sess_write();
364 }
365
366 // --------------------------------------------------------------------
367
368 /**
369 * Destroy the current session
370 *
371 * @access public
372 * @return void
373 */
374 function sess_destroy()
375 {
376 setcookie(
377 $this->sess_cookie,
378 addslashes(serialize(array())),
379 ($this->now - 31500000),
380 $this->CI->config->item('cookie_path'),
381 $this->CI->config->item('cookie_domain'),
382 0
383 );
384 }
385
386 // --------------------------------------------------------------------
387
388 /**
389 * Garbage collection
390 *
391 * This deletes expired session rows from database
392 * if the probability percentage is met
393 *
394 * @access public
395 * @return void
396 */
397 function sess_gc()
398 {
399 srand(time());
400 if ((rand() % 100) < $this->gc_probability)
401 {
402 $expire = $this->now - $this->sess_length;
403
404 $this->CI->db->where("last_activity < {$expire}");
405 $this->CI->db->delete($this->session_table);
406
407 log_message('debug', 'Session garbage collection performed.');
408 }
409 }
410
411 // --------------------------------------------------------------------
412
413 /**
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]414 * Fetch a specific item from the session array
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]415 *
416 * @access public
417 * @param string
418 * @return string
419 */
420 function userdata($item)
421 {
422 return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item];
423 }
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]424
425 // --------------------------------------------------------------------
426
427 /**
428 * Fetch all session data
429 *
430 * @access public
431 * @return mixed
432 */
433 function all_userdata()
434 {
435 return ( ! isset($this->userdata)) ? FALSE : $this->userdata;
436 }
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]437
438 // --------------------------------------------------------------------
439
440 /**
441 * Add or change data in the "userdata" array
442 *
443 * @access public
444 * @param mixed
445 * @param string
446 * @return void
447 */
448 function set_userdata($newdata = array(), $newval = '')
449 {
450 if (is_string($newdata))
451 {
452 $newdata = array($newdata => $newval);
453 }
454
455 if (count($newdata) > 0)
456 {
457 foreach ($newdata as $key => $val)
458 {
459 $this->userdata[$key] = $val;
460 }
461 }
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]462
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]463 $this->sess_write();
464 }
465
466 // --------------------------------------------------------------------
467
468 /**
469 * Delete a session variable from the "userdata" array
470 *
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]471 * @access array
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]472 * @return void
473 */
474 function unset_userdata($newdata = array())
475 {
476 if (is_string($newdata))
477 {
478 $newdata = array($newdata => '');
479 }
480
481 if (count($newdata) > 0)
482 {
483 foreach ($newdata as $key => $val)
484 {
485 unset($this->userdata[$key]);
486 }
487 }
488
489 $this->sess_write();
490 }
491
492 // --------------------------------------------------------------------
493
494 /**
495 * Strip slashes
496 *
497 * @access public
498 * @param mixed
499 * @return mixed
500 */
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]501 function strip_slashes($vals)
502 {
503 if (is_array($vals))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]504 {
505 foreach ($vals as $key=>$val)
506 {
507 $vals[$key] = $this->strip_slashes($val);
508 }
509 }
510 else
511 {
512 $vals = stripslashes($vals);
513 }
514
515 return $vals;
516 }
517
Derek Allard428e9642007-08-10 03:16:16 +0000[diff] [blame]518
519 // ------------------------------------------------------------------------
520
521 /**
522 * Add or change flashdata, only available
523 * until the next request
524 *
525 * @access public
526 * @param mixed
527 * @param string
528 * @return void
529 */
530 function set_flashdata($newdata = array(), $newval = '')
531 {
532 if (is_string($newdata))
533 {
534 $newdata = array($newdata => $newval);
535 }
536
537 if (count($newdata) > 0)
538 {
539 foreach ($newdata as $key => $val)
540 {
541 $flashdata_key = $this->flashdata_key.':new:'.$key;
542 $this->set_userdata($flashdata_key, $val);
543 }
544 }
545 }
546
547 // ------------------------------------------------------------------------
548
549 /**
550 * Keeps existing flashdata available to next request.
551 *
552 * @access public
553 * @param string
554 * @return void
555 */
556 function keep_flashdata($key)
557 {
558 // 'old' flashdata gets removed. Here we mark all
559 // flashdata as 'new' to preserve it from _flashdata_sweep()
560 // Note the function will return FALSE if the $key
561 // provided cannot be found
562 $old_flashdata_key = $this->flashdata_key.':old:'.$key;
563 $value = $this->userdata($old_flashdata_key);
564
565 $new_flashdata_key = $this->flashdata_key.':new:'.$key;
566 $this->set_userdata($new_flashdata_key, $value);
567 }
568
569 // ------------------------------------------------------------------------
570
571 /**
572 * Fetch a specific flashdata item from the session array
573 *
574 * @access public
575 * @param string
576 * @return string
577 */
578 function flashdata($key)
579 {
580 $flashdata_key = $this->flashdata_key.':old:'.$key;
581 return $this->userdata($flashdata_key);
582 }
583
584 // ------------------------------------------------------------------------
585
586 /**
587 * Identifies flashdata as 'old' for removal
588 * when _flashdata_sweep() runs.
589 *
590 * @access private
591 * @return void
592 */
593 function _flashdata_mark()
594 {
595 $userdata = $this->all_userdata();
596 foreach ($userdata as $name => $value)
597 {
598 $parts = explode(':new:', $name);
599 if (is_array($parts) && count($parts) === 2)
600 {
601 $new_name = $this->flashdata_key.':old:'.$parts[1];
602 $this->set_userdata($new_name, $value);
603 $this->unset_userdata($name);
604 }
605 }
606 }
607
608 // ------------------------------------------------------------------------
609
610 /**
611 * Removes all flashdata marked as 'old'
612 *
613 * @access private
614 * @return void
615 */
616
617 function _flashdata_sweep()
618 {
619 $userdata = $this->all_userdata();
620 foreach ($userdata as $key => $value)
621 {
622 if (strpos($key, ':old:'))
623 {
624 $this->unset_userdata($key);
625 }
626 }
627
628 }
629
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]630}
631// END Session Class
adminb0dd10f2006-08-25 17:25:49 +0000[diff] [blame]632?>