blob: 57c3777a2a5154111223b09d94765b56f410e60b [file] [log] [blame]
Andrey Andreev05afe3e2015-02-02 19:04:37 +02001<?php
Andrey Andreev47a47fb2014-05-31 16:08:30 +03002/**
3 * CodeIgniter
4 *
Andrey Andreevbf6b11d2015-01-12 17:27:12 +02005 * An open source application development framework for PHP
Andrey Andreev47a47fb2014-05-31 16:08:30 +03006 *
Andrey Andreev46f2f262014-11-11 14:37:51 +02007 * This content is released under the MIT License (MIT)
Andrey Andreev47a47fb2014-05-31 16:08:30 +03008 *
Andrey Andreev125ef472016-01-11 12:33:00 +02009 * Copyright (c) 2014 - 2016, British Columbia Institute of Technology
Andrey Andreev47a47fb2014-05-31 16:08:30 +030010 *
Andrey Andreev46f2f262014-11-11 14:37:51 +020011 * Permission is hereby granted, free of charge, to any person obtaining a copy
12 * of this software and associated documentation files (the "Software"), to deal
13 * in the Software without restriction, including without limitation the rights
14 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
15 * copies of the Software, and to permit persons to whom the Software is
16 * furnished to do so, subject to the following conditions:
Andrey Andreev47a47fb2014-05-31 16:08:30 +030017 *
Andrey Andreev46f2f262014-11-11 14:37:51 +020018 * The above copyright notice and this permission notice shall be included in
19 * all copies or substantial portions of the Software.
20 *
21 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 * THE SOFTWARE.
28 *
29 * @package CodeIgniter
30 * @author EllisLab Dev Team
Andrey Andreev1924e872016-01-11 12:55:34 +020031 * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
Andrey Andreev125ef472016-01-11 12:33:00 +020032 * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
Andrey Andreev46f2f262014-11-11 14:37:51 +020033 * @license http://opensource.org/licenses/MIT MIT License
Andrey Andreevbd202c92016-01-11 12:50:18 +020034 * @link https://codeigniter.com
Andrey Andreev46f2f262014-11-11 14:37:51 +020035 * @since Version 3.0.0
Andrey Andreev47a47fb2014-05-31 16:08:30 +030036 * @filesource
Andrey Andreev46f2f262014-11-11 14:37:51 +020037*/
Andrey Andreev47a47fb2014-05-31 16:08:30 +030038defined('BASEPATH') OR exit('No direct script access allowed');
39
40/**
41 * CodeIgniter Session Files Driver
42 *
Andrey Andreev46f2f262014-11-11 14:37:51 +020043 * @package CodeIgniter
Andrey Andreev47a47fb2014-05-31 16:08:30 +030044 * @subpackage Libraries
45 * @category Sessions
Andrey Andreev46f2f262014-11-11 14:37:51 +020046 * @author Andrey Andreev
Andrey Andreevbd202c92016-01-11 12:50:18 +020047 * @link https://codeigniter.com/user_guide/libraries/sessions.html
Andrey Andreev47a47fb2014-05-31 16:08:30 +030048 */
49class CI_Session_files_driver extends CI_Session_driver implements SessionHandlerInterface {
50
51 /**
52 * Save path
53 *
54 * @var string
55 */
56 protected $_save_path;
57
58 /**
59 * File handle
60 *
61 * @var resource
62 */
63 protected $_file_handle;
64
65 /**
66 * File name
67 *
68 * @var resource
69 */
70 protected $_file_path;
71
72 /**
73 * File new flag
74 *
75 * @var bool
76 */
77 protected $_file_new;
78
79 // ------------------------------------------------------------------------
80
81 /**
82 * Class constructor
83 *
84 * @param array $params Configuration parameters
85 * @return void
86 */
87 public function __construct(&$params)
88 {
89 parent::__construct($params);
90
Andrey Andreevdfb39be2014-10-06 01:50:14 +030091 if (isset($this->_config['save_path']))
Andrey Andreev47a47fb2014-05-31 16:08:30 +030092 {
Andrey Andreevdfb39be2014-10-06 01:50:14 +030093 $this->_config['save_path'] = rtrim($this->_config['save_path'], '/\\');
94 ini_set('session.save_path', $this->_config['save_path']);
Andrey Andreev47a47fb2014-05-31 16:08:30 +030095 }
96 else
97 {
Andrey Andreev85dfc2a2016-04-01 22:54:15 +030098 log_message('debug', 'Session: "sess_save_path" is empty; using "session.save_path" value from php.ini.');
Andrey Andreevdfb39be2014-10-06 01:50:14 +030099 $this->_config['save_path'] = rtrim(ini_get('session.save_path'), '/\\');
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300100 }
101 }
102
103 // ------------------------------------------------------------------------
104
Andrey Andreev10411fc2015-01-19 13:54:53 +0200105 /**
106 * Open
107 *
108 * Sanitizes the save_path directory.
109 *
110 * @param string $save_path Path to session files' directory
Tom Atkinson388ce592015-02-04 17:54:52 +0100111 * @param string $name Session cookie name
Andrey Andreev10411fc2015-01-19 13:54:53 +0200112 * @return bool
113 */
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300114 public function open($save_path, $name)
115 {
Andrey Andreev5f4d01a2015-02-02 18:38:00 +0200116 if ( ! is_dir($save_path))
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300117 {
Andrey Andreev5f4d01a2015-02-02 18:38:00 +0200118 if ( ! mkdir($save_path, 0700, TRUE))
119 {
120 throw new Exception("Session: Configured save path '".$this->_config['save_path']."' is not a directory, doesn't exist or cannot be created.");
121 }
122 }
123 elseif ( ! is_writable($save_path))
124 {
125 throw new Exception("Session: Configured save path '".$this->_config['save_path']."' is not writable by the PHP process.");
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300126 }
127
Andrey Andreevdfb39be2014-10-06 01:50:14 +0300128 $this->_config['save_path'] = $save_path;
129 $this->_file_path = $this->_config['save_path'].DIRECTORY_SEPARATOR
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300130 .$name // we'll use the session cookie name as a prefix to avoid collisions
Andrey Andreevdfb39be2014-10-06 01:50:14 +0300131 .($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : '');
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300132
Andrey Andreevaf849692015-12-12 14:07:39 +0200133 return $this->_success;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300134 }
135
136 // ------------------------------------------------------------------------
137
Andrey Andreev10411fc2015-01-19 13:54:53 +0200138 /**
139 * Read
140 *
141 * Reads session data and acquires a lock
142 *
143 * @param string $session_id Session ID
144 * @return string Serialized session data
145 */
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300146 public function read($session_id)
147 {
148 // This might seem weird, but PHP 5.6 introduces session_reset(),
149 // which re-reads session data
150 if ($this->_file_handle === NULL)
151 {
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300152 // Just using fopen() with 'c+b' mode would be perfect, but it is only
153 // available since PHP 5.2.6 and we have to set permissions for new files,
154 // so we'd have to hack around this ...
Andrey Andreev7474a672014-10-31 23:35:32 +0200155 if (($this->_file_new = ! file_exists($this->_file_path.$session_id)) === TRUE)
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300156 {
Andrey Andreev7474a672014-10-31 23:35:32 +0200157 if (($this->_file_handle = fopen($this->_file_path.$session_id, 'w+b')) === FALSE)
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300158 {
Andrey Andreev7474a672014-10-31 23:35:32 +0200159 log_message('error', "Session: File '".$this->_file_path.$session_id."' doesn't exist and cannot be created.");
Andrey Andreevaf849692015-12-12 14:07:39 +0200160 return $this->_failure;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300161 }
162 }
Andrey Andreev7474a672014-10-31 23:35:32 +0200163 elseif (($this->_file_handle = fopen($this->_file_path.$session_id, 'r+b')) === FALSE)
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300164 {
Andrey Andreev7474a672014-10-31 23:35:32 +0200165 log_message('error', "Session: Unable to open file '".$this->_file_path.$session_id."'.");
Andrey Andreevaf849692015-12-12 14:07:39 +0200166 return $this->_failure;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300167 }
168
169 if (flock($this->_file_handle, LOCK_EX) === FALSE)
170 {
Andrey Andreev7474a672014-10-31 23:35:32 +0200171 log_message('error', "Session: Unable to obtain lock for file '".$this->_file_path.$session_id."'.");
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300172 fclose($this->_file_handle);
173 $this->_file_handle = NULL;
Andrey Andreevaf849692015-12-12 14:07:39 +0200174 return $this->_failure;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300175 }
176
Andrey Andreev7474a672014-10-31 23:35:32 +0200177 // Needed by write() to detect session_regenerate_id() calls
178 $this->_session_id = $session_id;
179
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300180 if ($this->_file_new)
181 {
Andrey Andreev7474a672014-10-31 23:35:32 +0200182 chmod($this->_file_path.$session_id, 0600);
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300183 $this->_fingerprint = md5('');
184 return '';
185 }
186 }
Andrey Andreev8df6efd2015-12-11 17:55:55 +0200187 // We shouldn't need this, but apparently we do ...
188 // See https://github.com/bcit-ci/CodeIgniter/issues/4039
Andrey Andreev2d6d9ab2015-12-15 12:32:50 +0200189 elseif ($this->_file_handle === FALSE)
Andrey Andreev8df6efd2015-12-11 17:55:55 +0200190 {
Andrey Andreevaf849692015-12-12 14:07:39 +0200191 return $this->_failure;
Andrey Andreev8df6efd2015-12-11 17:55:55 +0200192 }
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300193 else
194 {
195 rewind($this->_file_handle);
196 }
197
198 $session_data = '';
Andrey Andreev7474a672014-10-31 23:35:32 +0200199 for ($read = 0, $length = filesize($this->_file_path.$session_id); $read < $length; $read += strlen($buffer))
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300200 {
201 if (($buffer = fread($this->_file_handle, $length - $read)) === FALSE)
202 {
203 break;
204 }
205
206 $session_data .= $buffer;
207 }
208
209 $this->_fingerprint = md5($session_data);
210 return $session_data;
211 }
212
Andrey Andreev10411fc2015-01-19 13:54:53 +0200213 // ------------------------------------------------------------------------
214
215 /**
216 * Write
217 *
218 * Writes (create / update) session data
219 *
220 * @param string $session_id Session ID
221 * @param string $session_data Serialized session data
222 * @return bool
223 */
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300224 public function write($session_id, $session_data)
225 {
Andrey Andreev7474a672014-10-31 23:35:32 +0200226 // If the two IDs don't match, we have a session_regenerate_id() call
227 // and we need to close the old handle and open a new one
Andrey Andreevbb71dba2015-12-15 13:00:52 +0200228 if ($session_id !== $this->_session_id && ($this->close() === $this->_failure OR $this->read($session_id) === $this->_failure))
Andrey Andreev7474a672014-10-31 23:35:32 +0200229 {
Andrey Andreevaf849692015-12-12 14:07:39 +0200230 return $this->_failure;
Andrey Andreev7474a672014-10-31 23:35:32 +0200231 }
232
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300233 if ( ! is_resource($this->_file_handle))
234 {
Andrey Andreevaf849692015-12-12 14:07:39 +0200235 return $this->_failure;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300236 }
237 elseif ($this->_fingerprint === md5($session_data))
238 {
Andrey Andreevaf849692015-12-12 14:07:39 +0200239 return ( ! $this->_file_new && ! touch($this->_file_path.$session_id))
240 ? $this->_failure
241 : $this->_success;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300242 }
243
244 if ( ! $this->_file_new)
245 {
246 ftruncate($this->_file_handle, 0);
247 rewind($this->_file_handle);
248 }
249
Andrey Andreev5995e082014-06-03 15:33:51 +0300250 if (($length = strlen($session_data)) > 0)
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300251 {
Andrey Andreev5995e082014-06-03 15:33:51 +0300252 for ($written = 0; $written < $length; $written += $result)
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300253 {
Andrey Andreev5995e082014-06-03 15:33:51 +0300254 if (($result = fwrite($this->_file_handle, substr($session_data, $written))) === FALSE)
255 {
256 break;
257 }
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300258 }
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300259
Andrey Andreev5995e082014-06-03 15:33:51 +0300260 if ( ! is_int($result))
261 {
262 $this->_fingerprint = md5(substr($session_data, 0, $written));
263 log_message('error', 'Session: Unable to write data.');
Andrey Andreevaf849692015-12-12 14:07:39 +0200264 return $this->_failure;
Andrey Andreev5995e082014-06-03 15:33:51 +0300265 }
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300266 }
267
268 $this->_fingerprint = md5($session_data);
Andrey Andreevaf849692015-12-12 14:07:39 +0200269 return $this->_success;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300270 }
271
272 // ------------------------------------------------------------------------
273
Andrey Andreev10411fc2015-01-19 13:54:53 +0200274 /**
275 * Close
276 *
277 * Releases locks and closes file descriptor.
278 *
Gabriel Potkány1fb50002015-02-04 01:45:59 +0100279 * @return bool
Andrey Andreev10411fc2015-01-19 13:54:53 +0200280 */
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300281 public function close()
282 {
283 if (is_resource($this->_file_handle))
284 {
285 flock($this->_file_handle, LOCK_UN);
286 fclose($this->_file_handle);
287
Andrey Andreev7474a672014-10-31 23:35:32 +0200288 $this->_file_handle = $this->_file_new = $this->_session_id = NULL;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300289 }
290
Andrey Andreevaf849692015-12-12 14:07:39 +0200291 return $this->_success;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300292 }
293
294 // ------------------------------------------------------------------------
295
Andrey Andreev10411fc2015-01-19 13:54:53 +0200296 /**
297 * Destroy
298 *
299 * Destroys the current session.
300 *
301 * @param string $session_id Session ID
302 * @return bool
303 */
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300304 public function destroy($session_id)
305 {
Andrey Andreevbb71dba2015-12-15 13:00:52 +0200306 if ($this->close() === $this->_success)
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300307 {
Andrey Andreevaf849692015-12-12 14:07:39 +0200308 if (file_exists($this->_file_path.$session_id))
309 {
310 $this->_cookie_destroy();
311 return unlink($this->_file_path.$session_id)
312 ? $this->_success
313 : $this->_failure;
314 }
315
316 return $this->_success;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300317 }
318 elseif ($this->_file_path !== NULL)
319 {
320 clearstatcache();
Andrey Andreevaf849692015-12-12 14:07:39 +0200321 if (file_exists($this->_file_path.$session_id))
322 {
323 $this->_cookie_destroy();
324 return unlink($this->_file_path.$session_id)
325 ? $this->_success
326 : $this->_failure;
327 }
328
329 return $this->_success;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300330 }
331
Andrey Andreevaf849692015-12-12 14:07:39 +0200332 return $this->_failure;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300333 }
334
335 // ------------------------------------------------------------------------
336
Andrey Andreev10411fc2015-01-19 13:54:53 +0200337 /**
338 * Garbage Collector
339 *
340 * Deletes expired sessions
341 *
342 * @param int $maxlifetime Maximum lifetime of sessions
343 * @return bool
344 */
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300345 public function gc($maxlifetime)
346 {
Andrey Andreev2f79f9a2015-03-26 12:52:05 +0200347 if ( ! is_dir($this->_config['save_path']) OR ($directory = opendir($this->_config['save_path'])) === FALSE)
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300348 {
Andrey Andreevdfb39be2014-10-06 01:50:14 +0300349 log_message('debug', "Session: Garbage collector couldn't list files under directory '".$this->_config['save_path']."'.");
Andrey Andreevaf849692015-12-12 14:07:39 +0200350 return $this->_failure;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300351 }
352
353 $ts = time() - $maxlifetime;
354
Tom Atkinson388ce592015-02-04 17:54:52 +0100355 $pattern = sprintf(
356 '/^%s[0-9a-f]{%d}$/',
357 preg_quote($this->_config['cookie_name'], '/'),
358 ($this->_config['match_ip'] === TRUE ? 72 : 40)
359 );
360
Andrey Andreev2f79f9a2015-03-26 12:52:05 +0200361 while (($file = readdir($directory)) !== FALSE)
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300362 {
363 // If the filename doesn't match this pattern, it's either not a session file or is not ours
Tom Atkinson388ce592015-02-04 17:54:52 +0100364 if ( ! preg_match($pattern, $file)
Andrey Andreevdfb39be2014-10-06 01:50:14 +0300365 OR ! is_file($this->_config['save_path'].DIRECTORY_SEPARATOR.$file)
Andrey Andreevcd489612014-10-27 16:09:01 +0200366 OR ($mtime = filemtime($this->_config['save_path'].DIRECTORY_SEPARATOR.$file)) === FALSE
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300367 OR $mtime > $ts)
368 {
369 continue;
370 }
371
Andrey Andreevdfb39be2014-10-06 01:50:14 +0300372 unlink($this->_config['save_path'].DIRECTORY_SEPARATOR.$file);
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300373 }
374
Andrey Andreev2f79f9a2015-03-26 12:52:05 +0200375 closedir($directory);
376
Andrey Andreevaf849692015-12-12 14:07:39 +0200377 return $this->_success;
Andrey Andreev47a47fb2014-05-31 16:08:30 +0300378 }
379
Andrey Andreevaf849692015-12-12 14:07:39 +0200380}