summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/autoload.php29
-rw-r--r--application/config/config.php5
-rw-r--r--application/config/database.php2
-rw-r--r--application/config/mimes.php2
-rw-r--r--composer.json5
-rw-r--r--system/core/Loader.php47
-rw-r--r--system/database/DB_driver.php1
-rw-r--r--system/database/drivers/mysql/mysql_driver.php18
-rw-r--r--system/database/drivers/mysqli/mysqli_driver.php22
-rw-r--r--system/helpers/captcha_helper.php3
-rw-r--r--system/language/english/date_lang.php28
-rw-r--r--system/libraries/Driver.php22
-rw-r--r--system/libraries/Session.php955
-rwxr-xr-xsystem/libraries/Session/Session.php630
-rwxr-xr-xsystem/libraries/Session/drivers/Session_cookie.php799
-rwxr-xr-xsystem/libraries/Session/drivers/Session_native.php211
-rw-r--r--tests/codeigniter/libraries/Session_test.php405
-rw-r--r--tests/codeigniter/libraries/Upload_test.php270
-rw-r--r--tests/mocks/autoloader.php23
-rw-r--r--tests/mocks/core/lang.php15
-rw-r--r--tests/mocks/libraries/session.php43
-rw-r--r--tests/mocks/libraries/upload.php3
-rw-r--r--tests/mocks/uploads/ci_logo.gifbin0 -> 3270 bytes
-rw-r--r--user_guide_src/source/_themes/eldocs/layout.html16
-rw-r--r--user_guide_src/source/_themes/eldocs/searchbox.html21
-rw-r--r--user_guide_src/source/_themes/eldocs/static/asset/css/common.css6
-rw-r--r--user_guide_src/source/changelog.rst28
-rw-r--r--user_guide_src/source/conf.py1
-rw-r--r--user_guide_src/source/database/configuration.rst7
-rw-r--r--user_guide_src/source/index.rst3
-rw-r--r--user_guide_src/source/installation/upgrade_300.rst27
-rw-r--r--user_guide_src/source/libraries/loader.rst71
-rw-r--r--user_guide_src/source/libraries/sessions.rst338
33 files changed, 2945 insertions, 1111 deletions
diff --git a/application/config/autoload.php b/application/config/autoload.php
index b3e63cbf6..ff153fb48 100644
--- a/application/config/autoload.php
+++ b/application/config/autoload.php
@@ -46,10 +46,11 @@
|
| 1. Packages
| 2. Libraries
-| 3. Helper files
-| 4. Custom config files
-| 5. Language files
-| 6. Models
+| 3. Drivers
+| 4. Helper files
+| 5. Custom config files
+| 6. Language files
+| 7. Models
|
*/
@@ -75,7 +76,7 @@ $autoload['packages'] = array();
|
| Prototype:
|
-| $autoload['libraries'] = array('database', 'session', 'xmlrpc');
+| $autoload['libraries'] = array('database', 'email', 'xmlrpc');
*/
$autoload['libraries'] = array();
@@ -83,6 +84,22 @@ $autoload['libraries'] = array();
/*
| -------------------------------------------------------------------
+| Auto-load Drivers
+| -------------------------------------------------------------------
+| These classes are located in the system/libraries folder or in your
+| application/libraries folder within their own subdirectory. They
+| offer multiple interchangeable driver options.
+|
+| Prototype:
+|
+| $autoload['drivers'] = array('session', 'cache');
+*/
+
+$autoload['drivers'] = array();
+
+
+/*
+| -------------------------------------------------------------------
| Auto-load Helper Files
| -------------------------------------------------------------------
| Prototype:
@@ -139,4 +156,4 @@ $autoload['model'] = array();
/* End of file autoload.php */
-/* Location: ./application/config/autoload.php */ \ No newline at end of file
+/* Location: ./application/config/autoload.php */
diff --git a/application/config/config.php b/application/config/config.php
index 28fc406d1..eaccbf75e 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -265,6 +265,9 @@ $config['encryption_key'] = '';
| Session Variables
|--------------------------------------------------------------------------
|
+| 'sess_driver' = the driver to load: cookie (Classic), native (PHP sessions),
+| or your custom driver name
+| 'sess_valid_drivers' = additional valid drivers which may be loaded
| 'sess_cookie_name' = the name you want for the cookie
| 'sess_expiration' = the number of SECONDS you want the session to last.
| by default sessions last 7200 seconds (two hours). Set to zero for no expiration.
@@ -278,6 +281,8 @@ $config['encryption_key'] = '';
| 'sess_time_to_update' = how many seconds between CI refreshing Session Information
|
*/
+$config['sess_driver'] = 'cookie';
+$config['sess_valid_drivers'] = array();
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
diff --git a/application/config/database.php b/application/config/database.php
index bb0d87be0..4c5cad03f 100644
--- a/application/config/database.php
+++ b/application/config/database.php
@@ -63,6 +63,7 @@
| Sites using Latin-1 or UTF-8 database character set and collation are unaffected.
| ['swap_pre'] A default table prefix that should be swapped with the dbprefix
| ['autoinit'] Whether or not to automatically initialize the database.
+| ['compress'] Whether or not to use client compression (only MySQL and MySQLi)
| ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections
| - good for ensuring strict SQL while developing
| ['failover'] array - A array with 0 or more data for connections if the main should fail.
@@ -93,6 +94,7 @@ $db['default'] = array(
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'autoinit' => TRUE,
+ 'compress' => TRUE,
'stricton' => FALSE,
'failover' => array()
);
diff --git a/application/config/mimes.php b/application/config/mimes.php
index 1917b11de..48771dc15 100644
--- a/application/config/mimes.php
+++ b/application/config/mimes.php
@@ -123,7 +123,7 @@ return array(
'avi' => array('video/x-msvideo', 'video/msvideo', 'video/avi', 'application/x-troff-msvideo'),
'movie' => 'video/x-sgi-movie',
'doc' => array('application/msword', 'application/vnd.ms-office'),
- 'docx' => array('application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/zip'),
+ 'docx' => array('application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/zip', 'application/msword'),
'xlsx' => array('application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/zip', 'application/vnd.ms-excel', 'application/msword'),
'word' => array('application/msword', 'application/octet-stream'),
'xl' => 'application/excel',
diff --git a/composer.json b/composer.json
index fa6dc02e4..dc098acc3 100644
--- a/composer.json
+++ b/composer.json
@@ -1,5 +1,8 @@
{
"require": {
"mikey179/vfsStream": "*"
- }
+ },
+ "require-dev": {
+ "EHER/PHPUnit": "*"
+ }
} \ No newline at end of file
diff --git a/system/core/Loader.php b/system/core/Loader.php
index 656934c87..89b2028bf 100644
--- a/system/core/Loader.php
+++ b/system/core/Loader.php
@@ -409,8 +409,8 @@ class CI_Loader {
* 1. The name of the "view" file to be included.
* 2. An associative array of data to be extracted for use in the view.
* 3. TRUE/FALSE - whether to return the data or load it. In
- * some cases it's advantageous to be able to return data so that
- * a developer can process it in some way.
+ * some cases it's advantageous to be able to return data so that
+ * a developer can process it in some way.
*
* @param string
* @param array
@@ -633,13 +633,7 @@ class CI_Loader {
{
$this->driver($driver);
}
- return FALSE;
- }
-
- if ( ! class_exists('CI_Driver_Library'))
- {
- // we aren't instantiating an object here, that'll be done by the Library itself
- require BASEPATH.'libraries/Driver.php';
+ return;
}
if ($library === '')
@@ -837,10 +831,10 @@ class CI_Loader {
* We buffer the output for two reasons:
* 1. Speed. You get a significant speed boost.
* 2. So that the final rendered template can be post-processed by
- * the output class. Why do we need post processing? For one thing,
- * in order to show the elapsed page load time. Unless we can
- * intercept the content right before it's sent to the browser and
- * then stop the timer it won't be accurate.
+ * the output class. Why do we need post processing? For one thing,
+ * in order to show the elapsed page load time. Unless we can
+ * intercept the content right before it's sent to the browser and
+ * then stop the timer it won't be accurate.
*/
ob_start();
@@ -915,6 +909,13 @@ class CI_Loader {
// Get the filename from the path
$class = substr($class, $last_slash);
+
+ // Check for match and driver base class
+ if (strtolower(trim($subdir, '/')) == strtolower($class) && ! class_exists('CI_Driver_Library'))
+ {
+ // We aren't instantiating an object here, just making the base class available
+ require BASEPATH.'libraries/Driver.php';
+ }
}
// We'll test for both lowercase and capitalized versions of the file name
@@ -996,14 +997,19 @@ class CI_Loader {
$this->_ci_loaded_files[] = $filepath;
return $this->_ci_init_class($class, '', $params, $object_name);
}
-
} // END FOREACH
// One last attempt. Maybe the library is in a subdirectory, but it wasn't specified?
if ($subdir === '')
{
$path = strtolower($class).'/'.$class;
- return $this->_ci_load_class($path, $params);
+ return $this->_ci_load_class($path, $params, $object_name);
+ }
+ else if (ucfirst($subdir) != $subdir)
+ {
+ // Lowercase subdir failed - retry capitalized
+ $path = ucfirst($subdir).$class;
+ return $this->_ci_load_class($path, $params, $object_name);
}
// If we got this far we were unable to find the requested class.
@@ -1193,6 +1199,15 @@ class CI_Loader {
}
}
+ // Autoload drivers
+ if (isset($autoload['drivers']))
+ {
+ foreach ($autoload['drivers'] as $item)
+ {
+ $this->driver($item);
+ }
+ }
+
// Autoload models
if (isset($autoload['model']))
{
@@ -1260,4 +1275,4 @@ class CI_Loader {
}
/* End of file Loader.php */
-/* Location: ./system/core/Loader.php */ \ No newline at end of file
+/* Location: ./system/core/Loader.php */
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php
index d63a1d955..4296815f8 100644
--- a/system/database/DB_driver.php
+++ b/system/database/DB_driver.php
@@ -51,6 +51,7 @@ abstract class CI_DB_driver {
public $char_set = 'utf8';
public $dbcollat = 'utf8_general_ci';
public $autoinit = TRUE; // Whether to automatically initialize the DB
+ public $compress = TRUE;
public $swap_pre = '';
public $port = '';
public $pconnect = FALSE;
diff --git a/system/database/drivers/mysql/mysql_driver.php b/system/database/drivers/mysql/mysql_driver.php
index 29db90408..35473016f 100644
--- a/system/database/drivers/mysql/mysql_driver.php
+++ b/system/database/drivers/mysql/mysql_driver.php
@@ -83,7 +83,14 @@ class CI_DB_mysql_driver extends CI_DB {
*/
public function db_connect()
{
- return @mysql_connect($this->hostname, $this->username, $this->password, TRUE);
+ if ($this->compress === TRUE)
+ {
+ return @mysql_connect($this->hostname, $this->username, $this->password, TRUE, MYSQL_CLIENT_COMPRESS);
+ }
+ else
+ {
+ return @mysql_connect($this->hostname, $this->username, $this->password, TRUE);
+ }
}
// --------------------------------------------------------------------
@@ -95,7 +102,14 @@ class CI_DB_mysql_driver extends CI_DB {
*/
public function db_pconnect()
{
- return @mysql_pconnect($this->hostname, $this->username, $this->password);
+ if ($this->compress === TRUE)
+ {
+ return @mysql_pconnect($this->hostname, $this->username, $this->password, MYSQL_CLIENT_COMPRESS);
+ }
+ else
+ {
+ return @mysql_pconnect($this->hostname, $this->username, $this->password);
+ }
}
// --------------------------------------------------------------------
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index be61aab20..9558dfd86 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -65,6 +65,17 @@ class CI_DB_mysqli_driver extends CI_DB {
*/
public function db_connect()
{
+ // Use MySQL client compression?
+ if ($this->compress === TRUE)
+ {
+ $port = empty($this->port) ? NULL : $this->port;
+
+ $mysqli = mysqli_init();
+ $mysqli->real_connect($this->hostname, $this->username, $this->password, $this->database, $port, NULL, MYSQLI_CLIENT_COMPRESS);
+
+ return $mysqli;
+ }
+
return empty($this->port)
? @new mysqli($this->hostname, $this->username, $this->password, $this->database)
: @new mysqli($this->hostname, $this->username, $this->password, $this->database, $this->port);
@@ -85,6 +96,17 @@ class CI_DB_mysqli_driver extends CI_DB {
return $this->db_connect();
}
+ // Use MySQL client compression?
+ if ($this->compress === TRUE)
+ {
+ $port = empty($this->port) ? NULL : $this->port;
+
+ $mysqli = mysqli_init();
+ $mysqli->real_connect('p:'.$this->hostname, $this->username, $this->password, $this->database, $port, NULL, MYSQLI_CLIENT_COMPRESS);
+
+ return $mysqli;
+ }
+
return empty($this->port)
? @new mysqli('p:'.$this->hostname, $this->username, $this->password, $this->database)
: @new mysqli('p:'.$this->hostname, $this->username, $this->password, $this->database, $this->port);
diff --git a/system/helpers/captcha_helper.php b/system/helpers/captcha_helper.php
index a4383c9d3..57ef9e2fa 100644
--- a/system/helpers/captcha_helper.php
+++ b/system/helpers/captcha_helper.php
@@ -80,8 +80,7 @@ if ( ! function_exists('create_captcha'))
$current_dir = @opendir($img_path);
while ($filename = @readdir($current_dir))
{
- if ($filename !== '.' && $filename !== '..' && $filename !== 'index.html'
- && (str_replace('.jpg', '', $filename) + $expiration) < $now)
+ if (strpos($filename, ".jpg") !== FALSE && (str_replace('.jpg', '', $filename) + $expiration) < $now)
{
@unlink($img_path.$filename);
}
diff --git a/system/language/english/date_lang.php b/system/language/english/date_lang.php
index 229d33d2e..6683e4c69 100644
--- a/system/language/english/date_lang.php
+++ b/system/language/english/date_lang.php
@@ -25,20 +25,20 @@
* @filesource
*/
-$lang['date_year'] = "Year";
-$lang['date_years'] = "Years";
-$lang['date_month'] = "Month";
-$lang['date_months'] = "Months";
-$lang['date_week'] = "Week";
-$lang['date_weeks'] = "Weeks";
-$lang['date_day'] = "Day";
-$lang['date_days'] = "Days";
-$lang['date_hour'] = "Hour";
-$lang['date_hours'] = "Hours";
-$lang['date_minute'] = "Minute";
-$lang['date_minutes'] = "Minutes";
-$lang['date_second'] = "Second";
-$lang['date_seconds'] = "Seconds";
+$lang['date_year'] = 'Year';
+$lang['date_years'] = 'Years';
+$lang['date_month'] = 'Month';
+$lang['date_months'] = 'Months';
+$lang['date_week'] = 'Week';
+$lang['date_weeks'] = 'Weeks';
+$lang['date_day'] = 'Day';
+$lang['date_days'] = 'Days';
+$lang['date_hour'] = 'Hour';
+$lang['date_hours'] = 'Hours';
+$lang['date_minute'] = 'Minute';
+$lang['date_minutes'] = 'Minutes';
+$lang['date_second'] = 'Second';
+$lang['date_seconds'] = 'Seconds';
$lang['UM12'] = '(UTC -12:00) Baker/Howland Island';
$lang['UM11'] = '(UTC -11:00) Niue';
diff --git a/system/libraries/Driver.php b/system/libraries/Driver.php
index d67ee2549..1d084c8e4 100644
--- a/system/libraries/Driver.php
+++ b/system/libraries/Driver.php
@@ -54,13 +54,29 @@ class CI_Driver_Library {
protected $lib_name;
/**
+ * Get magic method
+ *
* The first time a child is used it won't exist, so we instantiate it
* subsequents calls will go straight to the proper child.
*
- * @param mixed $child
- * @return mixed
+ * @param string Child class name
+ * @return object Child class
*/
public function __get($child)
+ {
+ // Try to load the driver
+ return $this->load_driver($child);
+ }
+
+ /**
+ * Load driver
+ *
+ * Separate load_driver call to support explicit driver load by library or user
+ *
+ * @param string Child class name
+ * @return object Child class
+ */
+ public function load_driver($child)
{
if ( ! isset($this->lib_name))
{
@@ -268,4 +284,4 @@ class CI_Driver {
}
/* End of file Driver.php */
-/* Location: ./system/libraries/Driver.php */ \ No newline at end of file
+/* Location: ./system/libraries/Driver.php */
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
deleted file mode 100644
index af38dc366..000000000
--- a/system/libraries/Session.php
+++ /dev/null
@@ -1,955 +0,0 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
-/**
- * CodeIgniter
- *
- * An open source application development framework for PHP 5.2.4 or newer
- *
- * NOTICE OF LICENSE
- *
- * Licensed under the Open Software License version 3.0
- *
- * This source file is subject to the Open Software License (OSL 3.0) that is
- * bundled with this package in the files license.txt / license.rst. It is
- * also available through the world wide web at this URL:
- * http://opensource.org/licenses/OSL-3.0
- * If you did not receive a copy of the license and are unable to obtain it
- * through the world wide web, please send an email to
- * licensing@ellislab.com so we can send you a copy immediately.
- *
- * @package CodeIgniter
- * @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/)
- * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
- * @link http://codeigniter.com
- * @since Version 1.0
- * @filesource
- */
-
-/**
- * Session Class
- *
- * @package CodeIgniter
- * @subpackage Libraries
- * @category Sessions
- * @author EllisLab Dev Team
- * @link http://codeigniter.com/user_guide/libraries/sessions.html
- */
-class CI_Session {
-
- /**
- * Whether to encrypt the session cookie
- *
- * @var bool
- */
- public $sess_encrypt_cookie = FALSE;
-
- /**
- * Whether to use to the database for session storage
- *
- * @var bool
- */
- public $sess_use_database = FALSE;
-
- /**
- * Name of the database table in which to store sessions
- *
- * @var string
- */
- public $sess_table_name = '';
-
- /**
- * Length of time (in seconds) for sessions to expire
- *
- * @var int
- */
- public $sess_expiration = 7200;
-
- /**
- * Whether to kill session on close of browser window
- *
- * @var bool
- */
- public $sess_expire_on_close = FALSE;
-
- /**
- * Whether to match session on ip address
- *
- * @var bool
- */
- public $sess_match_ip = FALSE;
-
- /**
- * Whether to match session on user-agent
- *
- * @var bool
- */
- public $sess_match_useragent = TRUE;
-
- /**
- * Name of session cookie
- *
- * @var string
- */
- public $sess_cookie_name = 'ci_session';
-
- /**
- * Session cookie prefix
- *
- * @var string
- */
- public $cookie_prefix = '';
-
- /**
- * Session cookie path
- *
- * @var string
- */
- public $cookie_path = '';
-
- /**
- * Session cookie domain
- *
- * @var string
- */
- public $cookie_domain = '';
-
- /**
- * Whether to set the cookie only on HTTPS connections
- *
- * @var bool
- */
- public $cookie_secure = FALSE;
-
- /**
- * Whether cookie should be allowed only to be sent by the server
- *
- * @var bool
- */
- public $cookie_httponly = FALSE;
-
- /**
- * Interval at which to update session
- *
- * @var int
- */
- public $sess_time_to_update = 300;
-
- /**
- * Key with which to encrypt the session cookie
- *
- * @var string
- */
- public $encryption_key = '';
-
- /**
- * String to indicate flash data cookies
- *
- * @var string
- */
- public $flashdata_key = 'flash';
-
- /**
- * Timezone to use for the current time
- *
- * @var string
- */
- public $time_reference = 'local';
-
-
- /**
- * Session data
- *
- * @var array
- */
- public $userdata = array();
-
- /**
- * Reference to CodeIgniter instance
- *
- * @var object
- */
- public $CI;
-
- /**
- * Current time
- *
- * @var int
- */
- public $now;
-
- /**
- * Session Constructor
- *
- * The constructor runs the session routines automatically
- * whenever the class is instantiated.
- *
- * @param array
- * @return void
- */
- public function __construct($params = array())
- {
- log_message('debug', 'Session Class Initialized');
-
- // Set the super object to a local variable for use throughout the class
- $this->CI =& get_instance();
-
- // Set all the session preferences, which can either be set
- // manually via the $params array above or via the config file
- foreach (array('sess_encrypt_cookie', 'sess_use_database', 'sess_table_name', 'sess_expiration', 'sess_expire_on_close', 'sess_match_ip', 'sess_match_useragent', 'sess_cookie_name', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'sess_time_to_update', 'time_reference', 'cookie_prefix', 'encryption_key') as $key)
- {
- $this->$key = isset($params[$key]) ? $params[$key] : $this->CI->config->item($key);
- }
-
- if ($this->encryption_key === '')
- {
- show_error('In order to use the Session class you are required to set an encryption key in your config file.');
- }
-
- // Load the string helper so we can use the strip_slashes() function
- $this->CI->load->helper('string');
-
- // Do we need encryption? If so, load the encryption class
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $this->CI->load->library('encrypt');
- }
-
- // Are we using a database? If so, load it
- if ($this->sess_use_database === TRUE && $this->sess_table_name !== '')
- {
- $this->CI->load->database();
- }
-
- // Set the "now" time. Can either be GMT or server time, based on the
- // config prefs. We use this to set the "last activity" time
- $this->now = $this->_get_time();
-
- // Set the session length. If the session expiration is
- // set to zero we'll set the expiration two years from now.
- if ($this->sess_expiration === 0)
- {
- $this->sess_expiration = (60*60*24*365*2);
- }
-
- // Set the cookie name
- $this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;
-
- // Run the Session routine. If a session doesn't exist we'll
- // create a new one. If it does, we'll update it.
- if ( ! $this->sess_read())
- {
- $this->sess_create();
- }
- else
- {
- $this->sess_update();
- }
-
- // Delete 'old' flashdata (from last request)
- $this->_flashdata_sweep();
-
- // Mark all new flashdata as old (data will be deleted before next request)
- $this->_flashdata_mark();
-
- // Delete expired sessions if necessary
- $this->_sess_gc();
-
- log_message('debug', 'Session routines successfully run');
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Fetch the current session data if it exists
- *
- * @return bool
- */
- public function sess_read()
- {
- // Fetch the cookie
- $session = $this->CI->input->cookie($this->sess_cookie_name);
-
- // No cookie? Goodbye cruel world!...
- if ($session === NULL)
- {
- log_message('debug', 'A session cookie was not found.');
- return FALSE;
- }
-
- // Decrypt the cookie data
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $session = $this->CI->encrypt->decode($session);
- }
- else
- {
- // encryption was not used, so we need to check the md5 hash
- $hash = substr($session, strlen($session)-32); // get last 32 chars
- $session = substr($session, 0, strlen($session)-32);
-
- // Does the md5 hash match? This is to prevent manipulation of session data in userspace
- if ($hash !== md5($session.$this->encryption_key))
- {
- log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
- $this->sess_destroy();
- return FALSE;
- }
- }
-
- // Unserialize the session array
- $session = $this->_unserialize($session);
-
- // Is the session data we unserialized an array with the correct format?
- if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))
- {
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is the session current?
- if (($session['last_activity'] + $this->sess_expiration) < $this->now)
- {
- $this->sess_destroy();
- return FALSE;
- }
-
- // Does the IP match?
- if ($this->sess_match_ip === TRUE && $session['ip_address'] !== $this->CI->input->ip_address())
- {
- $this->sess_destroy();
- return FALSE;
- }
-
- // Does the User Agent Match?
- if ($this->sess_match_useragent === TRUE && trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
- {
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is there a corresponding session in the DB?
- if ($this->sess_use_database === TRUE)
- {
- $this->CI->db->where('session_id', $session['session_id']);
-
- if ($this->sess_match_ip === TRUE)
- {
- $this->CI->db->where('ip_address', $session['ip_address']);
- }
-
- if ($this->sess_match_useragent === TRUE)
- {
- $this->CI->db->where('user_agent', $session['user_agent']);
- }
-
- $query = $this->CI->db->limit(1)->get($this->sess_table_name);
-
- // No result? Kill it!
- if ($query->num_rows() === 0)
- {
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is there custom data? If so, add it to the main session array
- $row = $query->row();
- if ( ! empty($row->user_data))
- {
- $custom_data = $this->_unserialize($row->user_data);
-
- if (is_array($custom_data))
- {
- foreach ($custom_data as $key => $val)
- {
- $session[$key] = $val;
- }
- }
- }
- }
-
- // Session is valid!
- $this->userdata = $session;
- unset($session);
-
- return TRUE;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Write the session data
- *
- * @return void
- */
- public function sess_write()
- {
- // Are we saving custom data to the DB? If not, all we do is update the cookie
- if ($this->sess_use_database === FALSE)
- {
- $this->_set_cookie();
- return;
- }
-
- // set the custom userdata, the session data we will set in a second
- $custom_userdata = $this->userdata;
- $cookie_userdata = array();
-
- // Before continuing, we need to determine if there is any custom data to deal with.
- // Let's determine this by removing the default indexes to see if there's anything left in the array
- // and set the session data while we're at it
- foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
- {
- unset($custom_userdata[$val]);
- $cookie_userdata[$val] = $this->userdata[$val];
- }
-
- // Did we find any custom data? If not, we turn the empty array into a string
- // since there's no reason to serialize and store an empty array in the DB
- if (count($custom_userdata) === 0)
- {
- $custom_userdata = '';
- }
- else
- {
- // Serialize the custom data array so we can store it
- $custom_userdata = $this->_serialize($custom_userdata);
- }
-
- // Run the update query
- $this->CI->db->where('session_id', $this->userdata['session_id']);
- $this->CI->db->update($this->sess_table_name, array('last_activity' => $this->userdata['last_activity'], 'user_data' => $custom_userdata));
-
- // Write the cookie. Notice that we manually pass the cookie data array to the
- // _set_cookie() function. Normally that function will store $this->userdata, but
- // in this case that array contains custom data, which we do not want in the cookie.
- $this->_set_cookie($cookie_userdata);
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Create a new session
- *
- * @return void
- */
- public function sess_create()
- {
- $sessid = '';
- do
- {
- $sessid .= mt_rand(0, mt_getrandmax());
- }
- while (strlen($sessid) < 32);
-
- // To make the session ID even more secure we'll combine it with the user's IP
- $sessid .= $this->CI->input->ip_address();
-
- $this->userdata = array(
- 'session_id' => md5(uniqid($sessid, TRUE)),
- 'ip_address' => $this->CI->input->ip_address(),
- 'user_agent' => substr($this->CI->input->user_agent(), 0, 120),
- 'last_activity' => $this->now,
- 'user_data' => ''
- );
-
- // Save the data to the DB if needed
- if ($this->sess_use_database === TRUE)
- {
- $this->CI->db->query($this->CI->db->insert_string($this->sess_table_name, $this->userdata));
- }
-
- // Write the cookie
- $this->_set_cookie();
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Update an existing session
- *
- * @return void
- */
- public function sess_update()
- {
- // We only update the session every five minutes by default
- if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
- {
- return;
- }
-
- // _set_cookie() will handle this for us if we aren't using database sessions
- // by pushing all userdata to the cookie.
- $cookie_data = NULL;
-
- /* Changing the session ID during an AJAX call causes problems,
- * so we'll only update our last_activity
- */
- if ($this->CI->input->is_ajax_request())
- {
- $this->userdata['last_activity'] = $this->now;
-
- // Update the session ID and last_activity field in the DB if needed
- if ($this->sess_use_database === TRUE)
- {
- // set cookie explicitly to only have our session data
- $cookie_data = array();
- foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
- {
- $cookie_data[$val] = $this->userdata[$val];
- }
-
- $this->CI->db->query($this->CI->db->update_string($this->sess_table_name,
- array('last_activity' => $this->userdata['last_activity']),
- array('session_id' => $this->userdata['session_id'])));
- }
-
- return $this->_set_cookie($cookie_data);
- }
-
- // Save the old session id so we know which record to
- // update in the database if we need it
- $old_sessid = $this->userdata['session_id'];
- $new_sessid = '';
- do
- {
- $new_sessid .= mt_rand(0, mt_getrandmax());
- }
- while (strlen($new_sessid) < 32);
-
- // To make the session ID even more secure we'll combine it with the user's IP
- $new_sessid .= $this->CI->input->ip_address();
-
- // Turn it into a hash and update the session data array
- $this->userdata['session_id'] = $new_sessid = md5(uniqid($new_sessid, TRUE));
- $this->userdata['last_activity'] = $this->now;
-
- // Update the session ID and last_activity field in the DB if needed
- if ($this->sess_use_database === TRUE)
- {
- // set cookie explicitly to only have our session data
- $cookie_data = array();
- foreach (array('session_id','ip_address','user_agent','last_activity') as $val)
- {
- $cookie_data[$val] = $this->userdata[$val];
- }
-
- $this->CI->db->query($this->CI->db->update_string($this->sess_table_name, array('last_activity' => $this->now, 'session_id' => $new_sessid), array('session_id' => $old_sessid)));
- }
-
- // Write the cookie
- $this->_set_cookie($cookie_data);
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Destroy the current session
- *
- * @return void
- */
- public function sess_destroy()
- {
- // Kill the session DB row
- if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
- {
- $this->CI->db->where('session_id', $this->userdata['session_id']);
- $this->CI->db->delete($this->sess_table_name);
- }
-
- // Kill the cookie
- setcookie(
- $this->sess_cookie_name,
- addslashes(serialize(array())),
- ($this->now - 31500000),
- $this->cookie_path,
- $this->cookie_domain,
- 0
- );
-
- // Kill session data
- $this->userdata = array();
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Fetch a specific item from the session array
- *
- * @param string
- * @return string
- */
- public function userdata($item)
- {
- return isset($this->userdata[$item]) ? $this->userdata[$item] : NULL;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Fetch all session data
- *
- * @return array
- */
- public function all_userdata()
- {
- return $this->userdata;
- }
-
- // --------------------------------------------------------------------------
-
- /**
- * Fetch all flashdata
- *
- * @return array
- */
- public function all_flashdata()
- {
- $out = array();
-
- // loop through all userdata
- foreach ($this->all_userdata() as $key => $val)
- {
- // if it contains flashdata, add it
- if (strpos($key, 'flash:old:') !== FALSE)
- {
- $out[$key] = $val;
- }
- }
- return $out;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Add or change data in the "userdata" array
- *
- * @param mixed
- * @param string
- * @return void
- */
- public function set_userdata($newdata = array(), $newval = '')
- {
- if (is_string($newdata))
- {
- $newdata = array($newdata => $newval);
- }
-
- if (count($newdata) > 0)
- {
- foreach ($newdata as $key => $val)
- {
- $this->userdata[$key] = $val;
- }
- }
-
- $this->sess_write();
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Delete a session variable from the "userdata" array
- *
- * @param array
- * @return void
- */
- public function unset_userdata($newdata = array())
- {
- if (is_string($newdata))
- {
- $newdata = array($newdata => '');
- }
-
- if (count($newdata) > 0)
- {
- foreach ($newdata as $key => $val)
- {
- unset($this->userdata[$key]);
- }
- }
-
- $this->sess_write();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Add or change flashdata, only available
- * until the next request
- *
- * @param mixed
- * @param string
- * @return void
- */
- public function set_flashdata($newdata = array(), $newval = '')
- {
- if (is_string($newdata))
- {
- $newdata = array($newdata => $newval);
- }
-
- if (count($newdata) > 0)
- {
- foreach ($newdata as $key => $val)
- {
- $this->set_userdata($this->flashdata_key.':new:'.$key, $val);
- }
- }
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Keeps existing flashdata available to next request.
- *
- * @param string
- * @return void
- */
- public function keep_flashdata($key)
- {
- // 'old' flashdata gets removed. Here we mark all
- // flashdata as 'new' to preserve it from _flashdata_sweep()
- // Note the function will return NULL if the $key
- // provided cannot be found
- $value = $this->userdata($this->flashdata_key.':old:'.$key);
-
- $this->set_userdata($this->flashdata_key.':new:'.$key, $value);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Fetch a specific flashdata item from the session array
- *
- * @param string
- * @return string
- */
- public function flashdata($key)
- {
- return $this->userdata($this->flashdata_key.':old:'.$key);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Identifies flashdata as 'old' for removal
- * when _flashdata_sweep() runs.
- *
- * @return void
- */
- protected function _flashdata_mark()
- {
- $userdata = $this->all_userdata();
- foreach ($userdata as $name => $value)
- {
- $parts = explode(':new:', $name);
- if (is_array($parts) && count($parts) === 2)
- {
- $this->set_userdata($this->flashdata_key.':old:'.$parts[1], $value);
- $this->unset_userdata($name);
- }
- }
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Removes all flashdata marked as 'old'
- *
- * @return void
- */
- protected function _flashdata_sweep()
- {
- $userdata = $this->all_userdata();
- foreach ($userdata as $key => $value)
- {
- if (strpos($key, ':old:'))
- {
- $this->unset_userdata($key);
- }
- }
-
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Get the "now" time
- *
- * @return string
- */
- protected function _get_time()
- {
- if ($this->time_reference === 'local' OR $this->time_reference === date_default_timezone_get())
- {
- return time();
- }
-
- $datetime = new DateTime('now', new DateTimeZone($this->time_reference));
- sscanf($datetime->format('j-n-Y G:i:s'), '%d-%d-%d %d:%d:%d', $day, $month, $year, $hour, $minute, $second);
-
- return mktime($hour, $minute, $second, $month, $day, $year);
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Write the session cookie
- *
- * @param mixed
- * @return void
- */
- protected function _set_cookie($cookie_data = NULL)
- {
- if (is_null($cookie_data))
- {
- $cookie_data = $this->userdata;
- }
-
- // Serialize the userdata for the cookie
- $cookie_data = $this->_serialize($cookie_data);
-
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $cookie_data = $this->CI->encrypt->encode($cookie_data);
- }
- else
- {
- // if encryption is not used, we provide an md5 hash to prevent userside tampering
- $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key);
- }
-
- $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
-
- // Set the cookie
- setcookie(
- $this->sess_cookie_name,
- $cookie_data,
- $expire,
- $this->cookie_path,
- $this->cookie_domain,
- $this->cookie_secure,
- $this->cookie_httponly
- );
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Serialize an array
- *
- * This function first converts any slashes found in the array to a temporary
- * marker, so when it gets unserialized the slashes will be preserved
- *
- * @param array
- * @return string
- */
- protected function _serialize($data)
- {
- if (is_array($data))
- {
- array_walk_recursive($data, array(&$this, '_escape_slashes'));
- }
- elseif (is_string($data))
- {
- $data = str_replace('\\', '{{slash}}', $data);
- }
- return serialize($data);
- }
-
- /**
- * Escape slashes
- *
- * This function converts any slashes found into a temporary marker
- *
- * @param string
- * @param string
- * @return void
- */
- protected function _escape_slashes(&$val, $key)
- {
- if (is_string($val))
- {
- $val = str_replace('\\', '{{slash}}', $val);
- }
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Unserialize
- *
- * This function unserializes a data string, then converts any
- * temporary slash markers back to actual slashes
- *
- * @param array
- * @return string
- */
- protected function _unserialize($data)
- {
- $data = @unserialize(strip_slashes(trim($data)));
-
- if (is_array($data))
- {
- array_walk_recursive($data, array(&$this, '_unescape_slashes'));
- return $data;
- }
-
- return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Unescape slashes
- *
- * This function converts any slash markers back into actual slashes
- *
- * @param string
- * @param string
- * @return void
- */
- protected function _unescape_slashes(&$val, $key)
- {
- if (is_string($val))
- {
- $val= str_replace('{{slash}}', '\\', $val);
- }
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Garbage collection
- *
- * This deletes expired session rows from database
- * if the probability percentage is met
- *
- * @return void
- */
- protected function _sess_gc()
- {
- if ($this->sess_use_database !== TRUE)
- {
- return;
- }
-
- $probability = ini_get('session.gc_probability');
- $divisor = ini_get('session.gc_divisor');
-
- srand(time());
- if ((mt_rand(0, $divisor) / $divisor) < $probability)
- {
- $expire = $this->now - $this->sess_expiration;
-
- $this->CI->db->where('last_activity < '.$expire);
- $this->CI->db->delete($this->sess_table_name);
-
- log_message('debug', 'Session garbage collection performed.');
- }
- }
-
-}
-
-/* End of file Session.php */
-/* Location: ./system/libraries/Session.php */ \ No newline at end of file
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
new file mode 100755
index 000000000..1f24456a4
--- /dev/null
+++ b/system/libraries/Session/Session.php
@@ -0,0 +1,630 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.1.6 or newer
+ *
+ * @package CodeIgniter
+ * @author ExpressionEngine Dev Team
+ * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
+ * @license http://codeigniter.com/user_guide/license.html
+ * @link http://codeigniter.com
+ * @since Version 2.0
+ * @filesource
+ */
+
+
+/**
+ * CI_Session Class
+ *
+ * The user interface defined by EllisLabs, now with puggable drivers to manage different storage mechanisms.
+ * By default, the cookie session driver will load, but the 'sess_driver' config/param item (see above) can be
+ * used to specify the 'native' driver, or any other you might create.
+ * Once loaded, this driver setup is a drop-in replacement for the former CI_Session library, taking its place as the
+ * 'session' member of the global controller framework (e.g.: $CI->session or $this->session).
+ * In keeping with the CI_Driver methodology, multiple drivers may be loaded, although this might be a bit confusing.
+ * The CI_Session library class keeps track of the most recently loaded driver as "current" to call for driver methods.
+ * Ideally, one driver is loaded and all calls go directly through the main library interface. However, any methods
+ * called through the specific driver will switch the "current" driver to itself before invoking the library method
+ * (which will then call back into the driver for low-level operations). So, alternation between two drivers can be
+ * achieved by specifying which driver to use for each call (e.g.: $this->session->native->set_userdata('foo', 'bar');
+ * $this->session->cookie->userdata('foo'); $this->session->native->unset_userdata('foo');). Notice in the previous
+ * example that the _native_ userdata value 'foo' would be set to 'bar', which would NOT be returned by the call for
+ * the _cookie_ userdata 'foo', nor would the _cookie_ value be unset by the call to unset the _native_ 'foo' value.
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author ExpressionEngine Dev Team
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+class CI_Session extends CI_Driver_Library {
+ public $params = array();
+ protected $current = null;
+ protected $userdata = array();
+
+ const FLASHDATA_KEY = 'flash';
+ const FLASHDATA_NEW = ':new:';
+ const FLASHDATA_OLD = ':old:';
+ const FLASHDATA_EXP = ':exp:';
+ const EXPIRATION_KEY = '__expirations';
+ const TEMP_EXP_DEF = 300;
+
+ /**
+ * CI_Session constructor
+ *
+ * The constructor loads the configured driver ('sess_driver' in config.php or as a parameter), running
+ * routines in its constructor, and manages flashdata aging.
+ *
+ * @param array Configuration parameters
+ */
+ public function __construct(array $params = array())
+ {
+ log_message('debug', 'CI_Session Class Initialized');
+
+ // Get valid drivers list
+ $CI =& get_instance();
+ $this->valid_drivers = array(
+ 'Session_native',
+ 'Session_cookie'
+ );
+ $key = 'sess_valid_drivers';
+ $drivers = (isset($params[$key])) ? $params[$key] : $CI->config->item($key);
+ if ($drivers)
+ {
+ if ( ! is_array($drivers)) $drivers = array($drivers);
+
+ // Add driver names to valid list
+ foreach ($drivers as $driver)
+ {
+ if ( ! in_array(strtolower($driver), array_map('strtolower', $this->valid_drivers)))
+ {
+ $this->valid_drivers[] = $driver;
+ }
+ }
+ }
+
+ // Get driver to load
+ $key = 'sess_driver';
+ $driver = (isset($params[$key])) ? $params[$key] : $CI->config->item($key);
+ if ( ! $driver) $driver = 'cookie';
+ if ( ! in_array('session_'.strtolower($driver), array_map('strtolower', $this->valid_drivers)))
+ {
+ $this->valid_drivers[] = 'Session_'.$driver;
+ }
+
+ // Save a copy of parameters in case drivers need access
+ $this->params = $params;
+
+ // Load driver and get array reference
+ $this->load_driver($driver);
+
+ // Delete 'old' flashdata (from last request)
+ $this->_flashdata_sweep();
+
+ // Mark all new flashdata as old (data will be deleted before next request)
+ $this->_flashdata_mark();
+
+ // Delete expired tempdata
+ $this->_tempdata_sweep();
+
+ log_message('debug', 'CI_Session routines successfully run');
+ }
+
+ /**
+ * Loads session storage driver
+ *
+ * @param string Driver classname
+ * @return object Loaded driver object
+ */
+ public function load_driver($driver)
+ {
+ // Save reference to most recently loaded driver as library default and sync userdata
+ $this->current = parent::load_driver($driver);
+ $this->userdata =& $this->current->get_userdata();
+ return $this->current;
+ }
+
+ /**
+ * Select default session storage driver
+ *
+ * @param string Driver classname
+ * @return void
+ */
+ public function select_driver($driver)
+ {
+ // Validate driver name
+ $lowername = strtolower(str_replace('CI_', '', $driver));
+ if (in_array($lowername, array_map('strtolower', $this->valid_drivers)))
+ {
+ // See if driver is loaded
+ $child = str_replace($this->lib_name.'_', '', $driver);
+ if (isset($this->$child))
+ {
+ // See if driver is already current
+ if ($this->$child !== $this->current) {
+ // Make driver current and sync userdata
+ $this->current = $this->$child;
+ $this->userdata =& $this->current->get_userdata();
+ }
+ }
+ else
+ {
+ // Load new driver
+ $this->load_driver($child);
+ }
+ }
+ }
+
+ /**
+ * Destroy the current session
+ *
+ * @return void
+ */
+ public function sess_destroy()
+ {
+ // Just call destroy on driver
+ $this->current->sess_destroy();
+ }
+
+ /**
+ * Regenerate the current session
+ *
+ * @param boolean Destroy session data flag (default: false)
+ * @return void
+ */
+ public function sess_regenerate($destroy = false)
+ {
+ // Call regenerate on driver and resync userdata
+ $this->current->sess_regenerate($destroy);
+ $this->userdata =& $this->current->get_userdata();
+ }
+
+ /**
+ * Fetch a specific item from the session array
+ *
+ * @param string Item key
+ * @return string Item value or NULL if not found
+ */
+ public function userdata($item)
+ {
+ // Return value or NULL if not found
+ return ( ! isset($this->userdata[$item])) ? NULL : $this->userdata[$item];
+ }
+
+ /**
+ * Fetch all session data
+ *
+ * @return array User data array
+ */
+ public function all_userdata()
+ {
+ // Return entire array
+ return ( ! isset($this->userdata)) ? NULL : $this->userdata;
+ }
+
+ /**
+ * Fetch all flashdata
+ *
+ * @return array Flash data array
+ */
+ public function all_flashdata()
+ {
+ $out = array();
+
+ // loop through all userdata
+ foreach ($this->all_userdata() as $key => $val)
+ {
+ // if it contains flashdata, add it
+ if (strpos($key, self::FLASHDATA_KEY.self::FLASHDATA_OLD) !== FALSE)
+ {
+ $key = str_replace(self::FLASHDATA_KEY.self::FLASHDATA_OLD, '', $key);
+ $out[$key] = $val;
+ }
+ }
+ return $out;
+ }
+
+ /**
+ * Add or change data in the "userdata" array
+ *
+ * @param mixed Item name or array of items
+ * @param string Item value or empty string
+ * @return void
+ */
+ public function set_userdata($newdata = array(), $newval = '')
+ {
+ // Wrap params as array if singular
+ if (is_string($newdata))
+ {
+ $newdata = array($newdata => $newval);
+ }
+
+ // Set each name/value pair
+ if (count($newdata) > 0)
+ {
+ foreach ($newdata as $key => $val)
+ {
+ $this->userdata[$key] = $val;
+ }
+ }
+
+ // Tell driver data changed
+ $this->current->sess_save();
+ }
+
+ /**
+ * Delete a session variable from the "userdata" array
+ *
+ * @param mixed Item name or array of item names
+ * @return void
+ */
+ public function unset_userdata($newdata = array())
+ {
+ // Wrap single name as array
+ if (is_string($newdata))
+ {
+ $newdata = array($newdata => '');
+ }
+
+ // Unset each item name
+ if (count($newdata) > 0)
+ {
+ foreach ($newdata as $key => $val)
+ {
+ unset($this->userdata[$key]);
+ }
+ }
+
+ // Tell driver data changed
+ $this->current->sess_save();
+ }
+
+ /**
+ * Determine if an item exists
+ *
+ * @param string Item name
+ * @return boolean
+ */
+ public function has_userdata($item)
+ {
+ // Check for item name
+ return isset($this->userdata[$item]);
+ }
+
+ /**
+ * Add or change flashdata, only available until the next request
+ *
+ * @param mixed Item name or array of items
+ * @param string Item value or empty string
+ * @return void
+ */
+ public function set_flashdata($newdata = array(), $newval = '')
+ {
+ // Wrap item as array if singular
+ if (is_string($newdata))
+ {
+ $newdata = array($newdata => $newval);
+ }
+
+ // Prepend each key name and set value
+ if (count($newdata) > 0)
+ {
+ foreach ($newdata as $key => $val)
+ {
+ $flashdata_key = self::FLASHDATA_KEY.self::FLASHDATA_NEW.$key;
+ $this->set_userdata($flashdata_key, $val);
+ }
+ }
+ }
+
+ /**
+ * Keeps existing flashdata available to next request.
+ *
+ * @param string Item key
+ * @return void
+ */
+ public function keep_flashdata($key)
+ {
+ // 'old' flashdata gets removed. Here we mark all flashdata as 'new' to preserve it from _flashdata_sweep()
+ // Note the function will return NULL if the $key provided cannot be found
+ $old_flashdata_key = self::FLASHDATA_KEY.self::FLASHDATA_OLD.$key;
+ $value = $this->userdata($old_flashdata_key);
+
+ $new_flashdata_key = self::FLASHDATA_KEY.self::FLASHDATA_NEW.$key;
+ $this->set_userdata($new_flashdata_key, $value);
+ }
+
+ /**
+ * Fetch a specific flashdata item from the session array
+ *
+ * @param string Item key
+ * @return string
+ */
+ public function flashdata($key)
+ {
+ // Prepend key and retrieve value
+ $flashdata_key = self::FLASHDATA_KEY.self::FLASHDATA_OLD.$key;
+ return $this->userdata($flashdata_key);
+ }
+
+ /**
+ * Add or change tempdata, only available
+ * until expiration
+ *
+ * @param mixed Item name or array of items
+ * @param string Item value or empty string
+ * @param int Item lifetime in seconds or 0 for default
+ * @return void
+ */
+ public function set_tempdata($newdata = array(), $newval = '', $expire = 0)
+ {
+ // Set expiration time
+ $expire = time() + ($expire ? $expire : self::TEMP_EXP_DEF);
+
+ // Wrap item as array if singular
+ if (is_string($newdata))
+ {
+ $newdata = array($newdata => $newval);
+ }
+
+ // Get or create expiration list
+ $expirations = $this->userdata(self::EXPIRATION_KEY);
+ if ( ! $expirations)
+ {
+ $expirations = array();
+ }
+
+ // Prepend each key name and set value
+ if (count($newdata) > 0)
+ {
+ foreach ($newdata as $key => $val)
+ {
+ $tempdata_key = self::FLASHDATA_KEY.self::FLASHDATA_EXP.$key;
+ $expirations[$tempdata_key] = $expire;
+ $this->set_userdata($tempdata_key, $val);
+ }
+ }
+
+ // Update expiration list
+ $this->set_userdata(self::EXPIRATION_KEY, $expirations);
+ }
+
+ /**
+ * Delete a temporary session variable from the "userdata" array
+ *
+ * @param mixed Item name or array of item names
+ * @return void
+ */
+ public function unset_tempdata($newdata = array())
+ {
+ // Get expirations list
+ $expirations = $this->userdata(self::EXPIRATION_KEY);
+ if ( ! $expirations || ! count($expirations))
+ {
+ // Nothing to do
+ return;
+ }
+
+ // Wrap single name as array
+ if (is_string($newdata))
+ {
+ $newdata = array($newdata => '');
+ }
+
+ // Prepend each item name and unset
+ if (count($newdata) > 0)
+ {
+ foreach ($newdata as $key => $val)
+ {
+ $tempdata_key = self::FLASHDATA_KEY.self::FLASHDATA_EXP.$key;
+ unset($expirations[$tempdata_key]);
+ $this->unset_userdata($tempdata_key);
+ }
+ }
+
+ // Update expiration list
+ $this->set_userdata(self::EXPIRATION_KEY, $expirations);
+ }
+
+ /**
+ * Fetch a specific tempdata item from the session array
+ *
+ * @param string Item key
+ * @return string
+ */
+ public function tempdata($key)
+ {
+ // Prepend key and return value
+ $tempdata_key = self::FLASHDATA_KEY.self::FLASHDATA_EXP.$key;
+ return $this->userdata($tempdata_key);
+ }
+
+ /**
+ * Identifies flashdata as 'old' for removal
+ * when _flashdata_sweep() runs.
+ *
+ * @access protected
+ * @return void
+ */
+ protected function _flashdata_mark()
+ {
+ $userdata = $this->all_userdata();
+ foreach ($userdata as $name => $value)
+ {
+ $parts = explode(self::FLASHDATA_NEW, $name);
+ if (is_array($parts) && count($parts) === 2)
+ {
+ $new_name = self::FLASHDATA_KEY.self::FLASHDATA_OLD.$parts[1];
+ $this->set_userdata($new_name, $value);
+ $this->unset_userdata($name);
+ }
+ }
+ }
+
+ /**
+ * Removes all flashdata marked as 'old'
+ *
+ * @access protected
+ * @return void
+ */
+ protected function _flashdata_sweep()
+ {
+ $userdata = $this->all_userdata();
+ foreach ($userdata as $key => $value)
+ {
+ if (strpos($key, self::FLASHDATA_OLD))
+ {
+ $this->unset_userdata($key);
+ }
+ }
+ }
+
+ /**
+ * Removes all expired tempdata
+ *
+ * @access protected
+ * @return void
+ */
+ protected function _tempdata_sweep()
+ {
+ // Get expirations list
+ $expirations = $this->userdata(self::EXPIRATION_KEY);
+ if ( ! $expirations || ! count($expirations))
+ {
+ // Nothing to do
+ return;
+ }
+
+ // Unset expired elements
+ $now = time();
+ $userdata = $this->all_userdata();
+ foreach ($userdata as $key => $value)
+ {
+ if (strpos($key, self::FLASHDATA_EXP) && $expirations[$key] < $now)
+ {
+ unset($expirations[$key]);
+ $this->unset_userdata($key);
+ }
+ }
+
+ // Update expiration list
+ $this->set_userdata(self::EXPIRATION_KEY, $expirations);
+ }
+}
+// END CI_Session Class
+
+
+/**
+ * CI_Session_driver Class
+ *
+ * Extend this class to make a new CI_Session driver.
+ * A CI_Session driver basically manages an array of name/value pairs with some sort of storage mechanism.
+ * To make a new driver, derive from (extend) CI_Session_driver. Overload the initialize method and read or create
+ * session data. Then implement a save handler to write changed data to storage (sess_save), a destroy handler
+ * to remove deleted data (sess_destroy), and an access handler to expose the data (get_userdata).
+ * Put your driver in the libraries/Session/drivers folder anywhere in the loader paths. This includes the
+ * application directory, the system directory, or any path you add with $CI->load->add_package_path().
+ * Your driver must be named CI_Session_<name>, and your filename must be Session_<name>.php,
+ * preferably also capitalized. (e.g.: CI_Session_foo in libraries/Session/drivers/Session_foo.php)
+ * Then specify the driver by setting 'sess_driver' in your config file or as a parameter when loading the CI_Session
+ * object. (e.g.: $config['sess_driver'] = 'foo'; OR $CI->load->driver('session', array('sess_driver' => 'foo')); )
+ * Already provided are the Native driver, which manages the native PHP $_SESSION array, and
+ * the Cookie driver, which manages the data in a browser cookie, with optional extra storage in a database table.
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author ExpressionEngine Dev Team
+ */
+abstract class CI_Session_driver extends CI_Driver {
+ /**
+ * Decorate
+ *
+ * Decorates the child with the parent driver lib's methods and properties
+ *
+ * @param object Parent library object
+ * @return void
+ */
+ public function decorate($parent)
+ {
+ // Call base class decorate first
+ parent::decorate($parent);
+
+ // Call initialize method now that driver has access to $this->_parent
+ $this->initialize();
+ }
+
+ /**
+ * __call magic method
+ *
+ * Handles access to the parent driver library's methods
+ *
+ * @param string Library method name
+ * @param array Method arguments (default: none)
+ * @return mixed
+ */
+ public function __call($method, $args = array())
+ {
+ // Make sure the parent library uses this driver
+ $this->_parent->select_driver(get_class($this));
+ return parent::__call($method, $args);
+ }
+
+ /**
+ * Initialize driver
+ *
+ * @return void
+ */
+ protected function initialize()
+ {
+ // Overload this method to implement initialization
+ }
+
+ /**
+ * Save the session data
+ *
+ * Data in the array has changed - perform any storage synchronization necessary
+ * The child class MUST implement this abstract method!
+ *
+ * @return void
+ */
+ abstract public function sess_save();
+
+ /**
+ * Destroy the current session
+ *
+ * Clean up storage for this session - it has been terminated
+ * The child class MUST implement this abstract method!
+ *
+ * @return void
+ */
+ abstract public function sess_destroy();
+
+ /**
+ * Regenerate the current session
+ *
+ * Regenerate the session id
+ * The child class MUST implement this abstract method!
+ *
+ * @param boolean Destroy session data flag (default: false)
+ * @return void
+ */
+ abstract public function sess_regenerate($destroy = false);
+
+ /**
+ * Get a reference to user data array
+ *
+ * Give array access to the main CI_Session object
+ * The child class MUST implement this abstract method!
+ *
+ * @return array Reference to userdata
+ */
+ abstract public function &get_userdata();
+}
+// END CI_Session_driver Class
+
+
+/* End of file Session.php */
+/* Location: ./system/libraries/Session/Session.php */
+?>
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
new file mode 100755
index 000000000..69e5fde14
--- /dev/null
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -0,0 +1,799 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 1.0
+ * @filesource
+ */
+
+/**
+ * Cookie-based session management driver
+ *
+ * This is the classic CI_Session functionality, as written by EllisLab, abstracted out to a driver.
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author EllisLab Dev Team
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+class CI_Session_cookie extends CI_Session_driver {
+ /**
+ * Whether to encrypt the session cookie
+ *
+ * @var bool
+ */
+ public $sess_encrypt_cookie = FALSE;
+
+ /**
+ * Whether to use to the database for session storage
+ *
+ * @var bool
+ */
+ public $sess_use_database = FALSE;
+
+ /**
+ * Name of the database table in which to store sessions
+ *
+ * @var string
+ */
+ public $sess_table_name = '';
+
+ /**
+ * Length of time (in seconds) for sessions to expire
+ *
+ * @var int
+ */
+ public $sess_expiration = 7200;
+
+ /**
+ * Whether to kill session on close of browser window
+ *
+ * @var bool
+ */
+ public $sess_expire_on_close = FALSE;
+
+ /**
+ * Whether to match session on ip address
+ *
+ * @var bool
+ */
+ public $sess_match_ip = FALSE;
+
+ /**
+ * Whether to match session on user-agent
+ *
+ * @var bool
+ */
+ public $sess_match_useragent = TRUE;
+
+ /**
+ * Name of session cookie
+ *
+ * @var string
+ */
+ public $sess_cookie_name = 'ci_session';
+
+ /**
+ * Session cookie prefix
+ *
+ * @var string
+ */
+ public $cookie_prefix = '';
+
+ /**
+ * Session cookie path
+ *
+ * @var string
+ */
+ public $cookie_path = '';
+
+ /**
+ * Session cookie domain
+ *
+ * @var string
+ */
+ public $cookie_domain = '';
+
+ /**
+ * Whether to set the cookie only on HTTPS connections
+ *
+ * @var bool
+ */
+ public $cookie_secure = FALSE;
+
+ /**
+ * Whether cookie should be allowed only to be sent by the server
+ *
+ * @var bool
+ */
+ public $cookie_httponly = FALSE;
+
+ /**
+ * Interval at which to update session
+ *
+ * @var int
+ */
+ public $sess_time_to_update = 300;
+
+ /**
+ * Key with which to encrypt the session cookie
+ *
+ * @var string
+ */
+ public $encryption_key = '';
+
+ /**
+ * Timezone to use for the current time
+ *
+ * @var string
+ */
+ public $time_reference = 'local';
+
+ /**
+ * Session data
+ *
+ * @var array
+ */
+ public $userdata = array();
+
+ /**
+ * Reference to CodeIgniter instance
+ *
+ * @var object
+ */
+ public $CI;
+
+ /**
+ * Current time
+ *
+ * @var int
+ */
+ public $now;
+
+ /**
+ * Default userdata keys
+ *
+ * @var array
+ */
+ protected $defaults = array(
+ 'session_id' => NULL,
+ 'ip_address' => NULL,
+ 'user_agent' => NULL,
+ 'last_activity' => NULL
+ );
+
+ /**
+ * Data needs DB update flag
+ *
+ * @var bool
+ */
+ protected $data_dirty = FALSE;
+
+ /**
+ * Initialize session driver object
+ *
+ * @access protected
+ * @return void
+ */
+ protected function initialize()
+ {
+ // Set the super object to a local variable for use throughout the class
+ $this->CI =& get_instance();
+
+ // Set all the session preferences, which can either be set
+ // manually via the $params array or via the config file
+ $prefs = array(
+ 'sess_encrypt_cookie',
+ 'sess_use_database',
+ 'sess_table_name',
+ 'sess_expiration',
+ 'sess_expire_on_close',
+ 'sess_match_ip',
+ 'sess_match_useragent',
+ 'sess_cookie_name',
+ 'cookie_path',
+ 'cookie_domain',
+ 'cookie_secure',
+ 'cookie_httponly',
+ 'sess_time_to_update',
+ 'time_reference',
+ 'cookie_prefix',
+ 'encryption_key'
+ );
+ foreach ($prefs as $key)
+ {
+ $this->$key = isset($this->_parent->params[$key]) ? $this->_parent->params[$key] :
+ $this->CI->config->item($key);
+ }
+
+ if ($this->encryption_key === '')
+ {
+ show_error('In order to use the Cookie Session driver you are required to set an encryption key '.
+ 'in your config file.');
+ }
+
+ // Load the string helper so we can use the strip_slashes() function
+ $this->CI->load->helper('string');
+
+ // Do we need encryption? If so, load the encryption class
+ if ($this->sess_encrypt_cookie === TRUE)
+ {
+ $this->CI->load->library('encrypt');
+ }
+
+ // Check for database
+ if ($this->sess_use_database === TRUE && $this->sess_table_name !== '')
+ {
+ // Load database driver
+ $this->CI->load->database();
+
+ // Register shutdown function
+ register_shutdown_function(array($this, '_update_db'));
+ }
+
+ // Set the "now" time. Can either be GMT or server time, based on the config prefs.
+ // We use this to set the "last activity" time
+ $this->now = $this->_get_time();
+
+ // Set the session length. If the session expiration is
+ // set to zero we'll set the expiration two years from now.
+ if ($this->sess_expiration === 0)
+ {
+ $this->sess_expiration = (60*60*24*365*2);
+ }
+
+ // Set the cookie name
+ $this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;
+
+ // Run the Session routine. If a session doesn't exist we'll
+ // create a new one. If it does, we'll update it.
+ if ( ! $this->_sess_read())
+ {
+ $this->_sess_create();
+ }
+ else
+ {
+ $this->_sess_update();
+ }
+
+ // Delete expired sessions if necessary
+ $this->_sess_gc();
+ }
+
+ /**
+ * Write the session data
+ *
+ * @return void
+ */
+ public function sess_save()
+ {
+ // Check for database
+ if ($this->sess_use_database === TRUE)
+ {
+ // Mark custom data as dirty so we know to update the DB
+ $this->data_dirty = TRUE;
+ }
+
+ // Write the cookie
+ $this->_set_cookie();
+ }
+
+ /**
+ * Destroy the current session
+ *
+ * @return void
+ */
+ public function sess_destroy()
+ {
+ // Kill the session DB row
+ if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
+ {
+ $this->CI->db->delete($this->sess_table_name, array('session_id' => $this->userdata['session_id']));
+ }
+
+ // Kill the cookie
+ $this->_setcookie($this->sess_cookie_name, addslashes(serialize(array())), ($this->now - 31500000),
+ $this->cookie_path, $this->cookie_domain, 0);
+
+ // Kill session data
+ $this->userdata = array();
+ }
+
+ /**
+ * Regenerate the current session
+ *
+ * Regenerate the session id
+ *
+ * @param boolean Destroy session data flag (default: false)
+ * @return void
+ */
+ public function sess_regenerate($destroy = false)
+ {
+ // Check destroy flag
+ if ($destroy)
+ {
+ // Destroy old session and create new one
+ $this->sess_destroy();
+ $this->_sess_create();
+ }
+ else
+ {
+ // Just force an update to recreate the id
+ $this->_sess_update(true);
+ }
+ }
+
+ /**
+ * Get a reference to user data array
+ *
+ * @return array - Reference to userdata
+ */
+ public function &get_userdata()
+ {
+ // Return reference to array
+ return $this->userdata;
+ }
+
+ /**
+ * Fetch the current session data if it exists
+ *
+ * @access protected
+ * @return bool
+ */
+ protected function _sess_read()
+ {
+ // Fetch the cookie
+ $session = $this->CI->input->cookie($this->sess_cookie_name);
+
+ // No cookie? Goodbye cruel world!...
+ if ($session === NULL)
+ {
+ log_message('debug', 'A session cookie was not found.');
+ return FALSE;
+ }
+
+ // Check for encryption
+ if ($this->sess_encrypt_cookie === TRUE)
+ {
+ // Decrypt the cookie data
+ $session = $this->CI->encrypt->decode($session);
+ }
+ else
+ {
+ // Encryption was not used, so we need to check the md5 hash in the last 32 chars
+ $len = strlen($session)-32;
+ $hash = substr($session, $len);
+ $session = substr($session, 0, $len);
+
+ // Does the md5 hash match? This is to prevent manipulation of session data in userspace
+ if ($hash !== md5($session.$this->encryption_key))
+ {
+ log_message('error', 'The session cookie data did not match what was expected. '.
+ 'This could be a possible hacking attempt.');
+ $this->sess_destroy();
+ return FALSE;
+ }
+ }
+
+ // Unserialize the session array
+ $session = $this->_unserialize($session);
+
+ // Is the session data we unserialized an array with the correct format?
+ if ( ! is_array($session) || ! isset($session['session_id'], $session['ip_address'], $session['user_agent'],
+ $session['last_activity']))
+ {
+ $this->sess_destroy();
+ return FALSE;
+ }
+
+ // Is the session current?
+ if (($session['last_activity'] + $this->sess_expiration) < $this->now)
+ {
+ $this->sess_destroy();
+ return FALSE;
+ }
+
+ // Does the IP match?
+ if ($this->sess_match_ip === TRUE && $session['ip_address'] !== $this->CI->input->ip_address())
+ {
+ $this->sess_destroy();
+ return FALSE;
+ }
+
+ // Does the User Agent Match?
+ if ($this->sess_match_useragent === TRUE &&
+ trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
+ {
+ $this->sess_destroy();
+ return FALSE;
+ }
+
+ // Is there a corresponding session in the DB?
+ if ($this->sess_use_database === TRUE)
+ {
+ $this->CI->db->where('session_id', $session['session_id']);
+
+ if ($this->sess_match_ip === TRUE)
+ {
+ $this->CI->db->where('ip_address', $session['ip_address']);
+ }
+
+ if ($this->sess_match_useragent === TRUE)
+ {
+ $this->CI->db->where('user_agent', $session['user_agent']);
+ }
+
+ $query = $this->CI->db->limit(1)->get($this->sess_table_name);
+
+ // No result? Kill it!
+ if ($query->num_rows() === 0)
+ {
+ $this->sess_destroy();
+ return FALSE;
+ }
+
+ // Is there custom data? If so, add it to the main session array
+ $row = $query->row();
+ if ( ! empty($row->user_data))
+ {
+ $custom_data = $this->_unserialize($row->user_data);
+
+ if (is_array($custom_data))
+ {
+ $session = $session + $custom_data;
+ }
+ }
+ }
+
+ // Session is valid!
+ $this->userdata = $session;
+ return TRUE;
+ }
+
+ /**
+ * Create a new session
+ *
+ * @access protected
+ * @return void
+ */
+ protected function _sess_create()
+ {
+ // Initialize userdata
+ $this->userdata = array(
+ 'session_id' => $this->_make_sess_id(),
+ 'ip_address' => $this->CI->input->ip_address(),
+ 'user_agent' => substr($this->CI->input->user_agent(), 0, 120),
+ 'last_activity' => $this->now,
+ );
+
+ // Check for database
+ if ($this->sess_use_database === TRUE)
+ {
+ // Add empty user_data field and save the data to the DB
+ $this->CI->db->set('user_data', '')->insert($this->sess_table_name, $this->userdata);
+ }
+
+ // Write the cookie
+ $this->_set_cookie();
+ }
+
+ /**
+ * Update an existing session
+ *
+ * @access protected
+ * @param boolean Force update flag (default: false)
+ * @return void
+ */
+ protected function _sess_update($force = FALSE)
+ {
+ // We only update the session every five minutes by default (unless forced)
+ if ( ! $force && ($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
+ {
+ return;
+ }
+
+ // Update last activity to now
+ $this->userdata['last_activity'] = $this->now;
+
+ // Save the old session id so we know which DB record to update
+ $old_sessid = $this->userdata['session_id'];
+
+ // Changing the session ID during an AJAX call causes problems
+ if ( ! $this->CI->input->is_ajax_request())
+ {
+ // Get new id
+ $this->userdata['session_id'] = $this->_make_sess_id();
+ }
+
+ // Check for database
+ if ($this->sess_use_database === TRUE)
+ {
+ // Update the session ID and last_activity field in the DB
+ $this->CI->db->update($this->sess_table_name, array(
+ 'last_activity' => $this->now,
+ 'session_id' => $this->userdata['session_id']
+ ), array('session_id' => $old_sessid));
+ }
+
+ // Write the cookie
+ $this->_set_cookie();
+ }
+
+ /**
+ * Update database with current data
+ *
+ * This gets called from the shutdown function and also
+ * registered with PHP to run at the end of the request
+ * so it's guaranteed to update even when a fatal error
+ * occurs. The first call makes the update and clears the
+ * dirty flag so it won't happen twice.
+ */
+ public function _update_db()
+ {
+ // Check for database and dirty flag and unsaved
+ if ($this->sess_use_database === TRUE && $this->data_dirty === TRUE)
+ {
+ // Set up activity and data fields to be set
+ // If we don't find custom data, user_data will remain an empty string
+ $set = array(
+ 'last_activity' => $this->userdata['last_activity'],
+ 'user_data' => ''
+ );
+
+ // Get the custom userdata, leaving out the defaults
+ // (which get stored in the cookie)
+ $userdata = array_diff_key($this->userdata, $this->defaults);
+
+ // Did we find any custom data?
+ if ( ! empty($userdata))
+ {
+ // Serialize the custom data array so we can store it
+ $set['user_data'] = $this->_serialize($userdata);
+ }
+
+ // Run the update query
+ // Any time we change the session id, it gets updated immediately,
+ // so our where clause below is always safe
+ $this->CI->db->update($this->sess_table_name, $set, array('session_id' => $this->userdata['session_id']));
+
+ // Clear dirty flag to prevent double updates
+ $this->data_dirty = FALSE;
+
+ log_message('debug', 'CI_Session Data Saved To DB');
+ }
+ }
+
+ /**
+ * Generate a new session id
+ *
+ * @return string Hashed session id
+ */
+ protected function _make_sess_id()
+ {
+ $new_sessid = '';
+ do
+ {
+ $new_sessid .= mt_rand(0, mt_getrandmax());
+ }
+ while (strlen($new_sessid) < 32);
+
+ // To make the session ID even more secure we'll combine it with the user's IP
+ $new_sessid .= $this->CI->input->ip_address();
+
+ // Turn it into a hash and return
+ return md5(uniqid($new_sessid, TRUE));
+ }
+
+ /**
+ * Get the "now" time
+ *
+ * @access protected
+ * @return int Time
+ */
+ protected function _get_time()
+ {
+ if ($this->time_reference === 'local' || $this->time_reference === date_default_timezone_get())
+ {
+ return time();
+ }
+
+ $datetime = new DateTime('now', new DateTimeZone($this->time_reference));
+ sscanf($datetime->format('j-n-Y G:i:s'), '%d-%d-%d %d:%d:%d', $day, $month, $year, $hour, $minute, $second);
+
+ return mktime($hour, $minute, $second, $month, $day, $year);
+ }
+
+ /**
+ * Write the session cookie
+ *
+ * @access protected
+ * @return void
+ */
+ protected function _set_cookie()
+ {
+ // Get userdata (only defaults if database)
+ if ($this->sess_use_database === TRUE)
+ {
+ $cookie_data = array_intersect_key($this->userdata, $this->defaults);
+ }
+ else
+ {
+ $cookie_data = $this->userdata;
+ }
+
+ // Serialize the userdata for the cookie
+ $cookie_data = $this->_serialize($cookie_data);
+
+ if ($this->sess_encrypt_cookie === TRUE)
+ {
+ $cookie_data = $this->CI->encrypt->encode($cookie_data);
+ }
+ else
+ {
+ // if encryption is not used, we provide an md5 hash to prevent userside tampering
+ $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key);
+ }
+
+ $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
+
+ // Set the cookie
+ $this->_setcookie($this->sess_cookie_name, $cookie_data, $expire, $this->cookie_path, $this->cookie_domain,
+ $this->cookie_secure, $this->cookie_httponly);
+ }
+
+ /**
+ * Set a cookie with the system
+ *
+ * This abstraction of the setcookie call allows overriding for unit testing
+ *
+ * @access protected
+ * @param string Cookie name
+ * @param string Cookie value
+ * @param int Expiration time
+ * @param string Cookie path
+ * @param string Cookie domain
+ * @param bool Secure connection flag
+ * @param bool HTTP protocol only flag
+ * @return void
+ */
+ protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = false,
+ $httponly = false)
+ {
+ // Set the cookie
+ setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
+ }
+
+ /**
+ * Serialize an array
+ *
+ * This function first converts any slashes found in the array to a temporary
+ * marker, so when it gets unserialized the slashes will be preserved
+ *
+ * @access protected
+ * @param mixed Data to serialize
+ * @return string Serialized data
+ */
+ protected function _serialize($data)
+ {
+ if (is_array($data))
+ {
+ array_walk_recursive($data, array(&$this, '_escape_slashes'));
+ }
+ elseif (is_string($data))
+ {
+ $data = str_replace('\\', '{{slash}}', $data);
+ }
+ return serialize($data);
+ }
+
+ /**
+ * Escape slashes
+ *
+ * This function converts any slashes found into a temporary marker
+ *
+ * @access protected
+ * @param string Value
+ * @param string Key
+ * @return void
+ */
+ protected function _escape_slashes(&$val, $key)
+ {
+ if (is_string($val))
+ {
+ $val = str_replace('\\', '{{slash}}', $val);
+ }
+ }
+
+ /**
+ * Unserialize
+ *
+ * This function unserializes a data string, then converts any
+ * temporary slash markers back to actual slashes
+ *
+ * @access protected
+ * @param mixed Data to unserialize
+ * @return mixed Unserialized data
+ */
+ protected function _unserialize($data)
+ {
+ $data = @unserialize(strip_slashes(trim($data)));
+
+ if (is_array($data))
+ {
+ array_walk_recursive($data, array(&$this, '_unescape_slashes'));
+ return $data;
+ }
+
+ return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data;
+ }
+
+ /**
+ * Unescape slashes
+ *
+ * This function converts any slash markers back into actual slashes
+ *
+ * @access protected
+ * @param string Value
+ * @param string Key
+ * @return void
+ */
+ protected function _unescape_slashes(&$val, $key)
+ {
+ if (is_string($val))
+ {
+ $val= str_replace('{{slash}}', '\\', $val);
+ }
+ }
+
+ /**
+ * Garbage collection
+ *
+ * This deletes expired session rows from database
+ * if the probability percentage is met
+ *
+ * @access protected
+ * @return void
+ */
+ protected function _sess_gc()
+ {
+ if ($this->sess_use_database !== TRUE)
+ {
+ return;
+ }
+
+ $probability = ini_get('session.gc_probability');
+ $divisor = ini_get('session.gc_divisor');
+
+ srand(time());
+ if ((mt_rand(0, $divisor) / $divisor) < $probability)
+ {
+ $expire = $this->now - $this->sess_expiration;
+ $this->CI->db->delete($this->sess_table_name, 'last_activity < '.$expire);
+
+ log_message('debug', 'Session garbage collection performed.');
+ }
+ }
+}
+
+/* End of file Session_cookie.php */
+/* Location: ./system/libraries/Session/drivers/Session_cookie.php */
diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
new file mode 100755
index 000000000..8ba8e749a
--- /dev/null
+++ b/system/libraries/Session/drivers/Session_native.php
@@ -0,0 +1,211 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.1.6 or newer
+ *
+ * @package CodeIgniter
+ * @author ExpressionEngine Dev Team
+ * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
+ * @license http://codeigniter.com/user_guide/license.html
+ * @link http://codeigniter.com
+ * @since Version 2.0
+ * @filesource
+ */
+
+
+/**
+ * Native PHP session management driver
+ *
+ * This is the driver that uses the native PHP $_SESSION array through the Session driver library.
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author ExpressionEngine Dev Team
+ */
+class CI_Session_native extends CI_Session_driver {
+ /**
+ * Initialize session driver object
+ *
+ * @access protected
+ * @return void
+ */
+ protected function initialize()
+ {
+ // Get config parameters
+ $config = array();
+ $CI =& get_instance();
+ $prefs = array(
+ 'sess_cookie_name',
+ 'sess_expire_on_close',
+ 'sess_expiration',
+ 'sess_match_ip',
+ 'sess_match_useragent',
+ 'sess_time_to_update',
+ 'cookie_prefix',
+ 'cookie_path',
+ 'cookie_domain'
+ );
+ foreach ($prefs as $key)
+ {
+ $config[$key] = isset($this->_parent->params[$key]) ? $this->_parent->params[$key] :
+ $CI->config->item($key);
+ }
+
+ // Set session name, if specified
+ if ($config['sess_cookie_name'])
+ {
+ // Differentiate name from cookie driver with '_id' suffix
+ $name = $config['sess_cookie_name'].'_id';
+ if ($config['cookie_prefix'])
+ {
+ // Prepend cookie prefix
+ $name = $config['cookie_prefix'].$name;
+ }
+ session_name($name);
+ }
+
+ // Set expiration, path, and domain
+ $expire = 7200;
+ $path = '/';
+ $domain = '';
+ if ($config['sess_expiration'] !== FALSE)
+ {
+ // Default to 2 years if expiration is "0"
+ $expire = ($config['sess_expiration'] == 0) ? (60*60*24*365*2) : $config['sess_expiration'];
+ }
+ if ($config['cookie_path'])
+ {
+ // Use specified path
+ $path = $config['cookie_path'];
+ }
+ if ($config['cookie_domain'])
+ {
+ // Use specified domain
+ $domain = $config['cookie_domain'];
+ }
+ session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain);
+
+ // Start session
+ session_start();
+
+ // Check session expiration, ip, and agent
+ $now = time();
+ $destroy = FALSE;
+ if (isset($_SESSION['last_activity']) && ($_SESSION['last_activity'] + $expire) < $now)
+ {
+ // Expired - destroy
+ $destroy = TRUE;
+ }
+ else if ($config['sess_match_ip'] == TRUE && isset($_SESSION['ip_address']) &&
+ $_SESSION['ip_address'] != $CI->input->ip_address())
+ {
+ // IP doesn't match - destroy
+ $destroy = TRUE;
+ }
+ else if ($config['sess_match_useragent'] == TRUE && isset($_SESSION['user_agent']) &&
+ $_SESSION['user_agent'] != trim(substr($CI->input->user_agent(), 0, 50)))
+ {
+ // Agent doesn't match - destroy
+ $destroy = TRUE;
+ }
+
+ // Destroy expired or invalid session
+ if ($destroy)
+ {
+ // Clear old session and start new
+ $this->sess_destroy();
+ session_start();
+ }
+
+ // Check for update time
+ if ($config['sess_time_to_update'] && isset($_SESSION['last_activity']) &&
+ ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now)
+ {
+ // Regenerate ID, but don't destroy session
+ $this->sess_regenerate(FALSE);
+ }
+
+ // Set activity time
+ $_SESSION['last_activity'] = $now;
+
+ // Set matching values as required
+ if ($config['sess_match_ip'] == TRUE && !isset($_SESSION['ip_address']))
+ {
+ // Store user IP address
+ $_SESSION['ip_address'] = $CI->input->ip_address();
+ }
+ if ($config['sess_match_useragent'] == TRUE && !isset($_SESSION['user_agent']))
+ {
+ // Store user agent string
+ $_SESSION['user_agent'] = trim(substr($CI->input->user_agent(), 0, 50));
+ }
+
+ // Make session ID available
+ $_SESSION['session_id'] = session_id();
+ }
+
+ /**
+ * Save the session data
+ *
+ * @access public
+ * @return void
+ */
+ public function sess_save()
+ {
+ // Nothing to do - changes to $_SESSION are automatically saved
+ }
+
+ /**
+ * Destroy the current session
+ *
+ * @access public
+ * @return void
+ */
+ public function sess_destroy()
+ {
+ // Cleanup session
+ $_SESSION = array();
+ $name = session_name();
+ if (isset($_COOKIE[$name]))
+ {
+ // Clear session cookie
+ $params = session_get_cookie_params();
+ setcookie($name, '', time() - 42000, $params['path'], $params['domain']);
+ unset($_COOKIE[$name]);
+ }
+ session_destroy();
+ }
+
+ /**
+ * Regenerate the current session
+ *
+ * Regenerate the session id
+ *
+ * @access public
+ * @param boolean Destroy session data flag (default: FALSE)
+ * @return void
+ */
+ public function sess_regenerate($destroy = FALSE)
+ {
+ // Just regenerate id, passing destroy flag
+ session_regenerate_id($destroy);
+ $_SESSION['session_id'] = session_id();
+ }
+
+ /**
+ * Get a reference to user data array
+ *
+ * @access public
+ * @return array Reference to userdata
+ */
+ public function &get_userdata()
+ {
+ // Just return reference to $_SESSION
+ return $_SESSION;
+ }
+}
+
+/* End of file Session_native.php */
+/* Location: ./system/libraries/Session/drivers/Session_native.php */
diff --git a/tests/codeigniter/libraries/Session_test.php b/tests/codeigniter/libraries/Session_test.php
new file mode 100644
index 000000000..135f71806
--- /dev/null
+++ b/tests/codeigniter/libraries/Session_test.php
@@ -0,0 +1,405 @@
+<?php
+
+/**
+ * Session driver library unit test
+ */
+class Session_test extends CI_TestCase {
+ protected $settings = array(
+ 'use_cookies' => 0,
+ 'use_only_cookies' => 0,
+ 'cache_limiter' => false
+ );
+ protected $setting_vals = array();
+ protected $cookie_vals;
+ protected $session;
+
+ /**
+ * Set up test framework
+ */
+ public function set_up()
+ {
+ // Override settings
+ foreach ($this->settings as $name => $value) {
+ $this->setting_vals[$name] = ini_get('session.'.$name);
+ ini_set('session.'.$name, $value);
+ }
+
+ // Start with clean environment
+ $this->cookie_vals = $_COOKIE;
+ $_COOKIE = array();
+
+ // Establish necessary support classes
+ $obj = new stdClass;
+ $classes = array(
+ 'config' => 'cfg',
+ 'load' => 'load',
+ 'input' => 'in'
+ );
+ foreach ($classes as $name => $abbr) {
+ $class = $this->ci_core_class($abbr);
+ $obj->$name = new $class;
+ }
+ $this->ci_instance($obj);
+
+ // Attach session instance locally
+ $config = array(
+ 'sess_encrypt_cookie' => FALSE,
+ 'sess_use_database' => FALSE,
+ 'sess_table_name' => '',
+ 'sess_expiration' => 7200,
+ 'sess_expire_on_close' => FALSE,
+ 'sess_match_ip' => FALSE,
+ 'sess_match_useragent' => TRUE,
+ 'sess_cookie_name' => 'ci_session',
+ 'cookie_path' => '',
+ 'cookie_domain' => '',
+ 'cookie_secure' => FALSE,
+ 'cookie_httponly' => FALSE,
+ 'sess_time_to_update' => 300,
+ 'time_reference' => 'local',
+ 'cookie_prefix' => '',
+ 'encryption_key' => 'foobar',
+ 'sess_valid_drivers' => array(
+ 'Mock_Libraries_Session_native',
+ 'Mock_Libraries_Session_cookie'
+ )
+ );
+ $this->session = new Mock_Libraries_Session($config);
+ }
+
+ /**
+ * Tear down test framework
+ */
+ public function tear_down()
+ {
+ // Restore environment
+ if (session_id()) session_destroy();
+ $_SESSION = array();
+ $_COOKIE = $this->cookie_vals;
+
+ // Restore settings
+ foreach ($this->settings as $name => $value) {
+ ini_set('session.'.$name, $this->setting_vals[$name]);
+ }
+ }
+
+ /**
+ * Test set_userdata() function
+ *
+ * @covers CI_Session::set_userdata
+ * @covers CI_Session::userdata
+ */
+ public function test_set_userdata()
+ {
+ // Set userdata values for each driver
+ $key1 = 'test1';
+ $ckey2 = 'test2';
+ $nkey2 = 'test3';
+ $cmsg1 = 'Some test data';
+ $cmsg2 = 42;
+ $nmsg1 = 'Other test data';
+ $nmsg2 = true;
+ $this->session->cookie->set_userdata($key1, $cmsg1);
+ $this->session->set_userdata($ckey2, $cmsg2);
+ $this->session->native->set_userdata($key1, $nmsg1);
+ $this->session->set_userdata($nkey2, $nmsg2);
+
+ // Verify independent messages
+ $this->assertEquals($cmsg1, $this->session->cookie->userdata($key1));
+ $this->assertEquals($nmsg1, $this->session->native->userdata($key1));
+
+ // Verify pre-selected driver sets
+ $this->assertEquals($cmsg2, $this->session->cookie->userdata($ckey2));
+ $this->assertEquals($nmsg2, $this->session->native->userdata($nkey2));
+
+ // Verify no crossover
+ $this->assertNull($this->session->cookie->userdata($nkey2));
+ $this->assertNull($this->session->native->userdata($ckey2));
+ }
+
+ /**
+ * Test the has_userdata() function
+ *
+ * @covers CI_Session::has_userdata
+ */
+ public function test_has_userdata()
+ {
+ // Set a userdata value for each driver
+ $key = 'hastest';
+ $cmsg = 'My test data';
+ $this->session->cookie->set_userdata($key, $cmsg);
+ $nmsg = 'Your test data';
+ $this->session->native->set_userdata($key, $nmsg);
+
+ // Verify values exist
+ $this->assertTrue($this->session->cookie->has_userdata($key));
+ $this->assertTrue($this->session->native->has_userdata($key));
+
+ // Verify non-existent values
+ $nokey = 'hasnot';
+ $this->assertFalse($this->session->cookie->has_userdata($nokey));
+ $this->assertFalse($this->session->native->has_userdata($nokey));
+ }
+
+ /**
+ * Test the all_userdata() function
+ *
+ * @covers CI_Session::all_userdata
+ */
+ public function test_all_userdata()
+ {
+ // Set a specific series of data for each driver
+ $cdata = array(
+ 'one' => 'first',
+ 'two' => 'second',
+ 'three' => 'third',
+ 'foo' => 'bar',
+ 'bar' => 'baz'
+ );
+ $ndata = array(
+ 'one' => 'gold',
+ 'two' => 'silver',
+ 'three' => 'bronze',
+ 'foo' => 'baz',
+ 'bar' => 'foo'
+ );
+ $this->session->cookie->set_userdata($cdata);
+ $this->session->native->set_userdata($ndata);
+
+ // Make sure all values are present
+ $call = $this->session->cookie->all_userdata();
+ foreach ($cdata as $key => $value) {
+ $this->assertEquals($value, $call[$key]);
+ }
+ $nall = $this->session->native->all_userdata();
+ foreach ($ndata as $key => $value) {
+ $this->assertEquals($value, $nall[$key]);
+ }
+ }
+
+ /**
+ * Test the unset_userdata() function
+ *
+ * @covers CI_Session::unset_userdata
+ */
+ public function test_unset_userdata()
+ {
+ // Set a userdata message for each driver
+ $key = 'untest';
+ $cmsg = 'Other test data';
+ $this->session->cookie->set_userdata($key, $cmsg);
+ $nmsg = 'Sundry test data';
+ $this->session->native->set_userdata($key, $nmsg);
+
+ // Verify independent messages
+ $this->assertEquals($this->session->cookie->userdata($key), $cmsg);
+ $this->assertEquals($this->session->native->userdata($key), $nmsg);
+
+ // Unset them and verify absence
+ $this->session->cookie->unset_userdata($key);
+ $this->session->native->unset_userdata($key);
+ $this->assertNull($this->session->cookie->userdata($key));
+ $this->assertNull($this->session->native->userdata($key));
+ }
+
+ /**
+ * Test the flashdata() functions
+ *
+ * @covers CI_Session::set_flashdata
+ * @covers CI_Session::flashdata
+ */
+ public function test_flashdata()
+ {
+ // Set flashdata message for each driver
+ $key = 'fltest';
+ $cmsg = 'Some flash data';
+ $this->session->cookie->set_flashdata($key, $cmsg);
+ $nmsg = 'Other flash data';
+ $this->session->native->set_flashdata($key, $nmsg);
+
+ // Simulate page reload
+ $this->session->cookie->reload();
+ $this->session->native->reload();
+
+ // Verify independent messages
+ $this->assertEquals($cmsg, $this->session->cookie->flashdata($key));
+ $this->assertEquals($nmsg, $this->session->native->flashdata($key));
+
+ // Simulate next page reload
+ $this->session->cookie->reload();
+ $this->session->native->reload();
+
+ // Verify absence of messages
+ $this->assertNull($this->session->cookie->flashdata($key));
+ $this->assertNull($this->session->native->flashdata($key));
+ }
+
+ /**
+ * Test the keep_flashdata() function
+ *
+ * @covers CI_Session::keep_flashdata
+ */
+ public function test_keep_flashdata()
+ {
+ // Set flashdata message for each driver
+ $key = 'kfltest';
+ $cmsg = 'My flash data';
+ $this->session->cookie->set_flashdata($key, $cmsg);
+ $nmsg = 'Your flash data';
+ $this->session->native->set_flashdata($key, $nmsg);
+
+ // Simulate page reload and verify independent messages
+ $this->session->cookie->reload();
+ $this->session->native->reload();
+ $this->assertEquals($cmsg, $this->session->cookie->flashdata($key));
+ $this->assertEquals($nmsg, $this->session->native->flashdata($key));
+
+ // Keep messages
+ $this->session->cookie->keep_flashdata($key);
+ $this->session->native->keep_flashdata($key);
+
+ // Simulate next page reload and verify message persistence
+ $this->session->cookie->reload();
+ $this->session->native->reload();
+ $this->assertEquals($cmsg, $this->session->cookie->flashdata($key));
+ $this->assertEquals($nmsg, $this->session->native->flashdata($key));
+
+ // Simulate next page reload and verify absence of messages
+ $this->session->cookie->reload();
+ $this->session->native->reload();
+ $this->assertNull($this->session->cookie->flashdata($key));
+ $this->assertNull($this->session->native->flashdata($key));
+ }
+
+ /**
+ * Test the all_flashdata() function
+ *
+ * @covers CI_Session::all_flashdata
+ */
+ public function test_all_flashdata()
+ {
+ // Set a specific series of data for each driver
+ $cdata = array(
+ 'one' => 'first',
+ 'two' => 'second',
+ 'three' => 'third',
+ 'foo' => 'bar',
+ 'bar' => 'baz'
+ );
+ $ndata = array(
+ 'one' => 'gold',
+ 'two' => 'silver',
+ 'three' => 'bronze',
+ 'foo' => 'baz',
+ 'bar' => 'foo'
+ );
+ $this->session->cookie->set_flashdata($cdata);
+ $this->session->native->set_flashdata($ndata);
+
+ // Simulate page reload and make sure all values are present
+ $this->session->cookie->reload();
+ $this->session->native->reload();
+ $this->assertEquals($cdata, $this->session->cookie->all_flashdata());
+ $this->assertEquals($ndata, $this->session->native->all_flashdata());
+ }
+
+ /**
+ * Test the tempdata() functions
+ *
+ * @covers CI_Session::set_tempdata
+ * @covers CI_Session::tempdata
+ */
+ public function test_set_tempdata()
+ {
+ // Set tempdata message for each driver - 1 second timeout
+ $key = 'tmptest';
+ $cmsg = 'Some temp data';
+ $this->session->cookie->set_tempdata($key, $cmsg, 1);
+ $nmsg = 'Other temp data';
+ $this->session->native->set_tempdata($key, $nmsg, 1);
+
+ // Simulate page reload and verify independent messages
+ $this->session->cookie->reload();
+ $this->session->native->reload();
+ $this->assertEquals($cmsg, $this->session->cookie->tempdata($key));
+ $this->assertEquals($nmsg, $this->session->native->tempdata($key));
+
+ // Wait 2 seconds, simulate page reload and verify message absence
+ sleep(2);
+ $this->session->cookie->reload();
+ $this->session->native->reload();
+ $this->assertNull($this->session->cookie->tempdata($key));
+ $this->assertNull($this->session->native->tempdata($key));
+ }
+
+ /**
+ * Test the unset_tempdata() function
+ *
+ * @covers CI_Session::unset_tempdata
+ */
+ public function test_unset_tempdata()
+ {
+ // Set tempdata message for each driver - 1 second timeout
+ $key = 'utmptest';
+ $cmsg = 'My temp data';
+ $this->session->cookie->set_tempdata($key, $cmsg, 1);
+ $nmsg = 'Your temp data';
+ $this->session->native->set_tempdata($key, $nmsg, 1);
+
+ // Verify independent messages
+ $this->assertEquals($cmsg, $this->session->cookie->tempdata($key));
+ $this->assertEquals($nmsg, $this->session->native->tempdata($key));
+
+ // Unset data and verify message absence
+ $this->session->cookie->unset_tempdata($key);
+ $this->session->native->unset_tempdata($key);
+ $this->assertNull($this->session->cookie->tempdata($key));
+ $this->assertNull($this->session->native->tempdata($key));
+ }
+
+ /**
+ * Test the sess_regenerate() function
+ *
+ * @covers CI_Session::sess_regenerate
+ */
+ public function test_sess_regenerate()
+ {
+ // Get current session id, regenerate, and compare
+ // Cookie driver
+ $oldid = $this->session->cookie->userdata('session_id');
+ $this->session->cookie->sess_regenerate();
+ $newid = $this->session->cookie->userdata('session_id');
+ $this->assertNotEquals($oldid, $newid);
+
+ // Native driver - bug #55267 (https://bugs.php.net/bug.php?id=55267) prevents testing this
+ // $oldid = session_id();
+ // $this->session->native->sess_regenerate();
+ // $oldid = session_id();
+ // $this->assertNotEquals($oldid, $newid);
+ }
+
+ /**
+ * Test the sess_destroy() function
+ *
+ * @covers CI_Session::sess_destroy
+ */
+ public function test_sess_destroy()
+ {
+ // Set a userdata message, destroy session, and verify absence
+ $key = 'dsttest';
+ $msg = 'More test data';
+
+ // Cookie driver
+ $this->session->cookie->set_userdata($key, $msg);
+ $this->assertEquals($msg, $this->session->cookie->userdata($key));
+ $this->session->cookie->sess_destroy();
+ $this->assertNull($this->session->cookie->userdata($key));
+
+ // Native driver
+ $this->session->native->set_userdata($key, $msg);
+ $this->assertEquals($msg, $this->session->native->userdata($key));
+ $this->session->native->sess_destroy();
+ $this->assertNull($this->session->native->userdata($key));
+ }
+}
+
diff --git a/tests/codeigniter/libraries/Upload_test.php b/tests/codeigniter/libraries/Upload_test.php
new file mode 100644
index 000000000..d79a3ffc9
--- /dev/null
+++ b/tests/codeigniter/libraries/Upload_test.php
@@ -0,0 +1,270 @@
+<?php
+
+class Upload_test extends CI_TestCase {
+
+ function set_up()
+ {
+ $obj = new stdClass;
+ $obj->upload = new Mock_Libraries_Upload();
+ $obj->security = new Mock_Core_Security();
+ $obj->lang = new Mock_Core_Lang();
+
+ $this->ci_instance($obj);
+ $this->upload = $obj->upload;
+
+ vfsStreamWrapper::register();
+ vfsStreamWrapper::setRoot(new vfsStreamDirectory('testDir'));
+
+ $this->_test_dir = vfsStreamWrapper::getRoot();
+ }
+
+ function test_do_upload()
+ {
+ $this->markTestIncomplete('We can\'t really test this at the moment because of the call to `is_uploaded_file` in do_upload which isn\'t supported by vfsStream');
+ }
+
+ function test_data()
+ {
+ $data = array(
+ 'file_name' => 'hello.txt',
+ 'file_type' => 'text/plain',
+ 'file_path' => '/tmp/',
+ 'full_path' => '/tmp/hello.txt',
+ 'raw_name' => 'hello',
+ 'orig_name' => 'hello.txt',
+ 'client_name' => '',
+ 'file_ext' => '.txt',
+ 'file_size' => 100,
+ 'is_image' => FALSE,
+ 'image_width' => '',
+ 'image_height' => '',
+ 'image_type' => '',
+ 'image_size_str' => ''
+ );
+
+ $this->upload->set_upload_path('/tmp/');
+
+ foreach ($data as $k => $v)
+ {
+ $this->upload->{$k} = $v;
+ }
+
+ $this->assertEquals('hello.txt', $this->upload->data('file_name'));
+ $this->assertEquals($data, $this->upload->data());
+ }
+
+ function test_set_upload_path()
+ {
+ $this->upload->set_upload_path('/tmp/');
+ $this->assertEquals('/tmp/', $this->upload->upload_path);
+
+ $this->upload->set_upload_path('/tmp');
+ $this->assertEquals('/tmp/', $this->upload->upload_path);
+ }
+
+ function test_set_filename()
+ {
+ $file1 = vfsStream::newFile('hello-world.txt')->withContent('Hello world.')->at($this->_test_dir);
+ $this->upload->file_ext = '.txt';
+
+ $this->assertEquals('helloworld.txt', $this->upload->set_filename(vfsStream::url('testDir').'/', 'helloworld.txt'));
+ $this->assertEquals('hello-world1.txt', $this->upload->set_filename(vfsStream::url('testDir').'/', 'hello-world.txt'));
+ }
+
+ function test_set_max_filesize()
+ {
+ $this->upload->set_max_filesize(100);
+ $this->assertEquals(100, $this->upload->max_size);
+ }
+
+ function test_set_max_filename()
+ {
+ $this->upload->set_max_filename(100);
+ $this->assertEquals(100, $this->upload->max_filename);
+ }
+
+ function test_set_max_width()
+ {
+ $this->upload->set_max_width(100);
+ $this->assertEquals(100, $this->upload->max_width);
+ }
+
+ function test_set_max_height()
+ {
+ $this->upload->set_max_height(100);
+ $this->assertEquals(100, $this->upload->max_height);
+ }
+
+ function test_set_allowed_types()
+ {
+ $this->upload->set_allowed_types('*');
+ $this->assertEquals('*', $this->upload->allowed_types);
+
+ $this->upload->set_allowed_types('foo|bar');
+ $this->assertEquals(array('foo', 'bar'), $this->upload->allowed_types);
+ }
+
+ function test_set_image_properties()
+ {
+ $this->upload->file_type = 'image/gif';
+ $this->upload->file_temp = 'tests/mocks/uploads/ci_logo.gif';
+
+ $props = array(
+ 'image_width' => 170,
+ 'image_height' => 73,
+ 'image_type' => 'gif',
+ 'image_size_str' => 'width="170" height="73"'
+ );
+
+ $this->upload->set_image_properties($this->upload->file_temp);
+
+ $this->assertEquals($props['image_width'], $this->upload->image_width);
+ $this->assertEquals($props['image_height'], $this->upload->image_height);
+ $this->assertEquals($props['image_type'], $this->upload->image_type);
+ $this->assertEquals($props['image_size_str'], $this->upload->image_size_str);
+ }
+
+ function test_set_xss_clean()
+ {
+ $this->upload->set_xss_clean(TRUE);
+ $this->assertTrue($this->upload->xss_clean);
+
+ $this->upload->set_xss_clean(FALSE);
+ $this->assertFalse($this->upload->xss_clean);
+ }
+
+ function test_is_image()
+ {
+ $this->upload->file_type = 'image/x-png';
+ $this->assertTrue($this->upload->is_image());
+
+ $this->upload->file_type = 'text/plain';
+ $this->assertFalse($this->upload->is_image());
+ }
+
+ function test_is_allowed_filetype()
+ {
+ $this->upload->allowed_types = array('html', 'gif');
+
+ $this->upload->file_ext = '.txt';
+ $this->upload->file_type = 'text/plain';
+ $this->assertFalse($this->upload->is_allowed_filetype(FALSE));
+ $this->assertFalse($this->upload->is_allowed_filetype(TRUE));
+
+ $this->upload->file_ext = '.html';
+ $this->upload->file_type = 'text/html';
+ $this->assertTrue($this->upload->is_allowed_filetype(FALSE));
+ $this->assertTrue($this->upload->is_allowed_filetype(TRUE));
+
+ $this->upload->file_temp = 'tests/mocks/uploads/ci_logo.gif';
+ $this->upload->file_ext = '.gif';
+ $this->upload->file_type = 'image/gif';
+ $this->assertTrue($this->upload->is_allowed_filetype());
+ }
+
+ function test_is_allowed_filesize()
+ {
+ $this->upload->max_size = 100;
+ $this->upload->file_size = 99;
+
+ $this->assertTrue($this->upload->is_allowed_filesize());
+
+ $this->upload->file_size = 101;
+ $this->assertFalse($this->upload->is_allowed_filesize());
+ }
+
+ function test_is_allowed_dimensions()
+ {
+ $this->upload->file_type = 'text/plain';
+ $this->assertTrue($this->upload->is_allowed_dimensions());
+
+ $this->upload->file_type = 'image/gif';
+ $this->upload->file_temp = 'tests/mocks/uploads/ci_logo.gif';
+
+ $this->upload->max_width = 10;
+ $this->assertFalse($this->upload->is_allowed_dimensions());
+
+ $this->upload->max_width = 170;
+ $this->upload->max_height = 10;
+ $this->assertFalse($this->upload->is_allowed_dimensions());
+
+ $this->upload->max_height = 73;
+ $this->assertTrue($this->upload->is_allowed_dimensions());
+ }
+
+ function test_validate_upload_path()
+ {
+ $this->upload->upload_path = '';
+ $this->assertFalse($this->upload->validate_upload_path());
+
+ $this->upload->upload_path = vfsStream::url('testDir');
+ $this->assertTrue($this->upload->validate_upload_path());
+ }
+
+ function test_get_extension()
+ {
+ $this->assertEquals('.txt', $this->upload->get_extension('hello.txt'));
+ $this->assertEquals('.htaccess', $this->upload->get_extension('.htaccess'));
+ $this->assertEquals('', $this->upload->get_extension('hello'));
+ }
+
+ function test_clean_file_name()
+ {
+ $this->assertEquals('hello.txt', $this->upload->clean_file_name('hello.txt'));
+ $this->assertEquals('hello.txt', $this->upload->clean_file_name('%253chell>o.txt'));
+ }
+
+ function test_limit_filename_length()
+ {
+ $this->assertEquals('hello.txt', $this->upload->limit_filename_length('hello.txt', 10));
+ $this->assertEquals('hello.txt', $this->upload->limit_filename_length('hello-world.txt', 9));
+ }
+
+ function test_do_xss_clean()
+ {
+ $file1 = vfsStream::newFile('file1.txt')->withContent('The billy goat was waiting for them.')->at($this->_test_dir);
+ $file2 = vfsStream::newFile('file2.txt')->at($this->_test_dir);
+ $file3 = vfsStream::newFile('file3.txt')->withContent('<script type="text/javascript">alert("Boo! said the billy goat")</script>')->at($this->_test_dir);
+
+ $this->upload->file_temp = vfsStream::url('file1.txt');
+ $this->assertTrue($this->upload->do_xss_clean());
+
+ $this->upload->file_temp = vfsStream::url('file2.txt');
+ $this->assertFalse($this->upload->do_xss_clean());
+
+ $this->upload->file_temp = vfsStream::url('file3.txt');
+ $this->assertFalse($this->upload->do_xss_clean());
+
+ $this->upload->file_temp = 'tests/mocks/uploads/ci_logo.gif';
+ $this->assertTrue($this->upload->do_xss_clean());
+ }
+
+ function test_set_error()
+ {
+ $errors = array(
+ 'An error!'
+ );
+
+ $another = 'Another error!';
+
+ $this->upload->set_error($errors);
+ $this->assertEquals($errors, $this->upload->error_msg);
+
+ $errors[] = $another;
+ $this->upload->set_error($another);
+ $this->assertEquals($errors, $this->upload->error_msg);
+ }
+
+ function test_display_errors()
+ {
+ $this->upload->error_msg[] = 'Error test';
+ $this->assertEquals('<p>Error test</p>', $this->upload->display_errors());
+ }
+
+ function test_mimes_types()
+ {
+ $this->assertEquals('text/plain', $this->upload->mimes_types('txt'));
+ $this->assertFalse($this->upload->mimes_types('foobar'));
+ }
+
+} \ No newline at end of file
diff --git a/tests/mocks/autoloader.php b/tests/mocks/autoloader.php
index be1c2220c..88d016bba 100644
--- a/tests/mocks/autoloader.php
+++ b/tests/mocks/autoloader.php
@@ -26,10 +26,14 @@ function autoload($class)
'Email', 'Encrypt', 'Form_validation',
'Ftp', 'Image_lib', 'Javascript',
'Log', 'Migration', 'Pagination',
- 'Parser', 'Profiler', 'Session',
- 'Table', 'Trackback', 'Typography',
- 'Unit_test', 'Upload', 'User_agent',
- 'Xmlrpc', 'Zip',
+ 'Parser', 'Profiler', 'Table',
+ 'Trackback', 'Typography', 'Unit_test',
+ 'Upload', 'User_agent', 'Xmlrpc',
+ 'Zip',
+ );
+
+ $ci_drivers = array(
+ 'Session',
);
if (strpos($class, 'Mock_') === 0)
@@ -52,6 +56,15 @@ function autoload($class)
$dir = BASEPATH.'libraries'.DIRECTORY_SEPARATOR;
$class = ($subclass === 'Driver_Library') ? 'Driver' : $subclass;
}
+ elseif (in_array($subclass, $ci_drivers))
+ {
+ $dir = BASEPATH.'libraries'.DIRECTORY_SEPARATOR.$subclass.DIRECTORY_SEPARATOR;
+ $class = $subclass;
+ }
+ elseif (in_array(($parent = strtok($subclass, '_')), $ci_drivers)) {
+ $dir = BASEPATH.'libraries'.DIRECTORY_SEPARATOR.$parent.DIRECTORY_SEPARATOR.'drivers'.DIRECTORY_SEPARATOR;
+ $class = $subclass;
+ }
elseif (preg_match('/^CI_DB_(.+)_(driver|forge|result|utility)$/', $class, $m) && count($m) === 3)
{
$driver_path = BASEPATH.'database'.DIRECTORY_SEPARATOR.'drivers'.DIRECTORY_SEPARATOR;
@@ -91,4 +104,4 @@ function autoload($class)
}
include_once($file);
-} \ No newline at end of file
+}
diff --git a/tests/mocks/core/lang.php b/tests/mocks/core/lang.php
new file mode 100644
index 000000000..1b99aedb3
--- /dev/null
+++ b/tests/mocks/core/lang.php
@@ -0,0 +1,15 @@
+<?php
+
+class Mock_Core_Lang extends CI_Lang {
+
+ function line($line = '')
+ {
+ return FALSE;
+ }
+
+ function load($langfile, $idiom = '', $return = false, $add_suffix = true, $alt_path = '')
+ {
+ return;
+ }
+
+} \ No newline at end of file
diff --git a/tests/mocks/libraries/session.php b/tests/mocks/libraries/session.php
new file mode 100644
index 000000000..9d6feee42
--- /dev/null
+++ b/tests/mocks/libraries/session.php
@@ -0,0 +1,43 @@
+<?php
+
+/**
+ * Mock library to add testing features to Session driver library
+ */
+class Mock_Libraries_Session extends CI_Session {
+ /**
+ * Simulate new page load
+ */
+ public function reload()
+ {
+ $this->_flashdata_sweep();
+ $this->_flashdata_mark();
+ $this->_tempdata_sweep();
+ }
+}
+
+/**
+ * Mock cookie driver to overload cookie setting
+ */
+class Mock_Libraries_Session_cookie extends CI_Session_cookie {
+ /**
+ * Overload _setcookie to manage $_COOKIE values, since actual cookies can't be set in unit testing
+ */
+ protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = false,
+ $httponly = false)
+ {
+ if (empty($value) || $expire <= time()) {
+ // Clear cookie
+ unset($_COOKIE[$name]);
+ }
+ else {
+ // Set cookie
+ $_COOKIE[$name] = $value;
+ }
+ }
+}
+
+/**
+ * Mock native driver (just for consistency in loading)
+ */
+class Mock_Libraries_Session_native extends CI_Session_native { }
+
diff --git a/tests/mocks/libraries/upload.php b/tests/mocks/libraries/upload.php
new file mode 100644
index 000000000..988723e45
--- /dev/null
+++ b/tests/mocks/libraries/upload.php
@@ -0,0 +1,3 @@
+<?php
+
+class Mock_Libraries_Upload extends CI_Upload {} \ No newline at end of file
diff --git a/tests/mocks/uploads/ci_logo.gif b/tests/mocks/uploads/ci_logo.gif
new file mode 100644
index 000000000..073ec14b4
--- /dev/null
+++ b/tests/mocks/uploads/ci_logo.gif
Binary files differ
diff --git a/user_guide_src/source/_themes/eldocs/layout.html b/user_guide_src/source/_themes/eldocs/layout.html
index 01db07cac..51d61b849 100644
--- a/user_guide_src/source/_themes/eldocs/layout.html
+++ b/user_guide_src/source/_themes/eldocs/layout.html
@@ -91,13 +91,7 @@
</div><!-- /#brand -->
<div id="header">
- <form method="get" action="http://www.google.com/search">
- <fieldset>
- <input type="text" name="q" id="q" value="">
- <input type="hidden" name="as_sitesearch" id="as_sitesearch" value="{{ project_domain }}/user_guide/" />
- <input class="grades" type="submit" value="search">
- </fieldset>
- </form>
+ {%- include "searchbox.html" %}
<ul>
{%- block rootrellink %}
<li><a href="{{ pathto(master_doc) }}">User Guide Home</a>{%- if pagename != 'index' %}&nbsp;&nbsp;{{ reldelim1 }}{%- endif %}</li>
@@ -113,8 +107,10 @@
</ul>
</div><!-- /#header -->
- <div class="section" id="content">
+ <div class="section body" id="content">
+ {%- block body %}
{{ body }}
+ {%- endblock %}
</div>
{%- endblock %}
@@ -125,8 +121,8 @@
{%- block footer %}
<div id="footer">
<p class="top"><a href="#header" title="Return to top">Return to top</a></p>
- <p><a href="{{ project_url }}">{{ project }}</a> &ndash; Copyright &copy; {{ copyright }}</a></p>
+ <p><a href="http://{{ project_domain }}/">{{ project }}</a> &ndash; Copyright &copy; {{ copyright }}</a></p>
</div><!-- /#footer -->
{%- endblock %}
</body>
-</html>
+</html> \ No newline at end of file
diff --git a/user_guide_src/source/_themes/eldocs/searchbox.html b/user_guide_src/source/_themes/eldocs/searchbox.html
new file mode 100644
index 000000000..039590bd9
--- /dev/null
+++ b/user_guide_src/source/_themes/eldocs/searchbox.html
@@ -0,0 +1,21 @@
+<!--
+ --------------------------------
+ Original Google search box block
+ --------------------------------
+
+<form method="get" action="http://www.google.com/search">
+ <fieldset>
+ <input type="text" name="q" id="q" value="">
+ <input type="hidden" name="as_sitesearch" id="as_sitesearch" value="{{ project_domain }}/user_guide/" />
+ <input class="grades" type="submit" value="search">
+ </fieldset>
+</form>
+-->
+
+
+<form class="search" action="{{ pathto('search') }}" method="get">
+ <input type="text" name="q" id="q" value="" />
+ <input type="submit" value="search" />
+ <input type="hidden" name="check_keywords" value="yes" />
+ <input type="hidden" name="area" value="default" />
+</form>
diff --git a/user_guide_src/source/_themes/eldocs/static/asset/css/common.css b/user_guide_src/source/_themes/eldocs/static/asset/css/common.css
index 6cabda037..0a63871c5 100644
--- a/user_guide_src/source/_themes/eldocs/static/asset/css/common.css
+++ b/user_guide_src/source/_themes/eldocs/static/asset/css/common.css
@@ -148,6 +148,8 @@ fieldset{ border: 0; }
.top{ float: right; }
+.highlight{ overflow-x: auto; }
+
.admonition,
.highlight-ee,
.highlight-ci,
@@ -166,6 +168,8 @@ fieldset{ border: 0; }
padding: 10px 10px 8px;
}
+.highlight-ci{ background-color: #FEFEFE; border-color: #E5E5E5; }
+
.admonition p{ margin: 0; }
.codeblock{ margin: 10px 0; }
@@ -181,6 +185,8 @@ fieldset{ border: 0; }
}
.admonition-title:after{ content: ': '; }
+
+.highlighted{ background-color: #FFF09B; }
#table-contents{
bottom: 0;
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 0730aafb4..578e60ec0 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -34,6 +34,7 @@ Release Date: Not Released
- Added support for rar archives to mimes.php.
- Updated support for xml ('application/xml') and xsl ('application/xml', 'text/xsl') files in mimes.php.
- Updated support for doc files in mimes.php.
+ - Updated support for docx files in mimes.php.
- Updated support for php files in mimes.php.
- Updated support for zip files in mimes.php.
- Updated support for csv files in mimes.php.
@@ -139,14 +140,27 @@ Release Date: Not Released
- Added PDO support for create_database(), drop_database and drop_table() in :doc:`Database Forge <database/forge>`.
- Added unbuffered_row() method for getting a row without prefetching whole result (consume less memory).
- Added PDO support for ``list_fields()`` in :doc:`Database Results <database/results>`.
- - Added capability for packages to hold database.php config files
+ - Added capability for packages to hold database.php config files
- Added subdrivers support (currently only used by PDO).
+ - Added client compression support for MySQL and MySQLi.
- Libraries
- - CI_Session now respects php.ini's session.gc_probability and session.gc_divisor
+ - :doc:`Session Library <libraries/sessions>` changes include:
+ - Library changed to :doc:`Driver <general/drivers>` with classic Cookie driver as default.
+ - Added Native PHP Session driver to work with $_SESSION.
+ - Custom session drivers can be added anywhere in package paths and loaded with Session library.
+ - Session drivers interchangeable on the fly.
+ - New tempdata feature allows setting user data items with an expiration time.
+ - Added default $config['sess_driver'] and $config['sess_valid_drivers'] items to config.php file.
+ - Cookie driver now respects php.ini's session.gc_probability and session.gc_divisor
+ - Changed the Cookie driver to select only one row when using database sessions.
+ - Cookie driver now only writes to database at end of request when using database.
+ - Cookie driver now uses PHP functions for faster array manipulation when using database.
+ - Added all_flashdata() method to session class. Returns an associative array of only flashdata.
+ - Added has_userdata() method to verify existence of userdata item.
+ - Added tempdata(), set_tempdata(), and unset_tempdata() methods for manipulating tempdata.
- Added max_filename_increment config setting for Upload library.
- - CI_Loader::_ci_autoloader() is now a protected method.
- :doc:`Cart library <libraries/cart>` changes include:
- It now auto-increments quantity's instead of just resetting it, this is the default behaviour of large e-commerce sites.
- Product Name strictness can be disabled via the Cart Library by switching "$product_name_safe".
@@ -170,8 +184,6 @@ Release Date: Not Released
- Native PHP functions used as rules can now accept an additional parameter, other than the data itself.
- Updated set_rules() to accept an array of rules as well as a string.
- Fields that have empty rules set no longer run through validation (and therefore are not considered erroneous).
- - Changed the :doc:`Session Library <libraries/sessions>` to select only one row when using database sessions.
- - Added all_flashdata() method to session class. Returns an associative array of only flashdata.
- Allowed for setting table class defaults in a config file.
- Added a Wincache driver to the :doc:`Caching Library <libraries/caching>`.
- Added a Redis driver to the :doc:`Caching Library <libraries/caching>`.
@@ -193,7 +205,11 @@ Release Date: Not Released
- Changed private methods in the :doc:`URI Library <libraries/uri>` to protected so MY_URI can override them.
- Removed CI_CORE boolean constant from CodeIgniter.php (no longer Reactor and Core versions).
- - Added method get_vars() to the :doc:`Loader Library <libraries/loader>` to retrieve all variables loaded with $this->load->vars().
+ - :doc:`Loader Library <libraries/loader>` changes include:
+ - Added method get_vars() to the Loader to retrieve all variables loaded with $this->load->vars().
+ - CI_Loader::_ci_autoloader() is now a protected method.
+ - Added autoloading of drivers with $autoload['drivers'].
+ - CI_Loader::library() will now load drivers as well, for backward compatibility of converted libraries (like Session).
- is_loaded() function from system/core/Commons.php now returns a reference.
- $config['rewrite_short_tags'] now has no effect when using PHP 5.4 as *<?=* will always be available.
- Added method() to the :doc:`Input Library <libraries/input>` to retrieve $_SERVER['REQUEST_METHOD'].
diff --git a/user_guide_src/source/conf.py b/user_guide_src/source/conf.py
index e972a388b..f68405b36 100644
--- a/user_guide_src/source/conf.py
+++ b/user_guide_src/source/conf.py
@@ -167,6 +167,7 @@ html_last_updated_fmt = '%b %d, %Y'
# Output file base name for HTML help builder.
htmlhelp_basename = 'CodeIgniterdoc'
+html_copy_source = False
# -- Options for LaTeX output --------------------------------------------------
diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst
index c17de600a..636b5b5b2 100644
--- a/user_guide_src/source/database/configuration.rst
+++ b/user_guide_src/source/database/configuration.rst
@@ -28,6 +28,7 @@ prototype::
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'autoinit' => TRUE,
+ 'compress' => TRUE,
'stricton' => FALSE,
'failover' => array()
);
@@ -69,6 +70,7 @@ These failovers can be specified by setting the failover for a connection like t
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'autoinit' => TRUE,
+ 'compress' => TRUE,
'stricton' => FALSE
),
array(
@@ -86,6 +88,7 @@ These failovers can be specified by setting the failover for a connection like t
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'autoinit' => TRUE,
+ 'compress' => TRUE,
'stricton' => FALSE
)
);
@@ -115,6 +118,7 @@ example, to set up a "test" environment you would do this::
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'autoinit' => TRUE,
+ 'compress' => TRUE,
'stricton' => FALSE,
'failover' => array()
);
@@ -174,11 +178,12 @@ Explanation of Values:
customizable by the end user.
**autoinit** Whether or not to automatically connect to the database when the library loads. If set to false,
the connection will take place prior to executing the first query.
+**compress** Whether or not to use client compression for MySQL or MySQLi.
**stricton** TRUE/FALSE (boolean) - Whether to force "Strict Mode" connections, good for ensuring strict SQL
while developing an application.
**port** The database port number. To use this value you have to add a line to the database config array.
::
-
+
$db['default']['port'] = 5432;
====================== ==================================================================================================
diff --git a/user_guide_src/source/index.rst b/user_guide_src/source/index.rst
index e42425bab..35089703f 100644
--- a/user_guide_src/source/index.rst
+++ b/user_guide_src/source/index.rst
@@ -80,6 +80,7 @@ Driver Reference
- :doc:`libraries/caching`
- :doc:`database/index`
- :doc:`libraries/javascript`
+- :doc:`libraries/sessions`
****************
Helper Reference
@@ -119,4 +120,4 @@ Contributing to CodeIgniter
documentation/index
tutorial/index
general/quick_reference
- general/credits \ No newline at end of file
+ general/credits
diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst
index f3a637326..31a5c0761 100644
--- a/user_guide_src/source/installation/upgrade_300.rst
+++ b/user_guide_src/source/installation/upgrade_300.rst
@@ -31,8 +31,24 @@ Step 3: Remove $autoload['core'] from your config/autoload.php
Use of the ``$autoload['core']`` config array has been deprecated as of CodeIgniter 1.4.1 and is now removed.
Move any entries that you might have listed there to ``$autoload['libraries']`` instead.
+**************************************************************
+Step 4: Add new session driver items to your config/config.php
+**************************************************************
+
+With the change from a single Session Library to the new Session Driver, two new config items have been added:
+
+ - ``$config['sess_driver']`` selects which driver to initially load. Options are:
+ - 'cookie' (the default) for classic CodeIgniter cookie-based sessions
+ - 'native' for native PHP Session support
+ - the name of a custom driver you have provided (see :doc:`Session Driver <../libraries/sessions>` for more info)
+ - ``$config['sess_valid_drivers']`` provides an array of additional custom drivers to make available for loading
+
+As the new Session Driver library loads the classic Cookie driver by default and always makes 'cookie' and 'native'
+available as valid drivers, neither of these configuration items are required. However, it is recommended that you
+add them for clarity and ease of configuration in the future.
+
***************************************
-Step 4: Update your config/database.php
+Step 5: Update your config/database.php
***************************************
Due to 3.0.0's renaming of Active Record to Query Builder, inside your `config/database.php`, you will
@@ -43,20 +59,20 @@ need to rename the `$active_record` variable to `$query_builder`.
$query_builder = TRUE;
*******************************
-Step 5: Move your errors folder
+Step 6: Move your errors folder
*******************************
In version 3.0.0, the errors folder has been moved from _application/errors* to _application/views/errors*.
****************************************************************************
-Step 6: Check the calls to Array Helper's element() and elements() functions
+Step 7: Check the calls to Array Helper's element() and elements() functions
****************************************************************************
The default return value of these functions, when the required elements
don't exist, has been changed from FALSE to NULL.
***************************************************************
-Step 7: Remove usage of (previously) deprecated functionalities
+Step 8: Remove usage of (previously) deprecated functionalities
***************************************************************
In addition to the ``$autoload['core']`` configuration setting, there's a number of other functionalities
@@ -147,7 +163,8 @@ The :doc:`Email library <../libraries/email>` will automatically clear the set p
emails. To override this behaviour, pass FALSE as the first parameter in the ``send()`` function:
::
+
if ($this->email->send(FALSE))
{
// Parameters won't be cleared
- } \ No newline at end of file
+ }
diff --git a/user_guide_src/source/libraries/loader.rst b/user_guide_src/source/libraries/loader.rst
index aadf9740a..33c1bafec 100644
--- a/user_guide_src/source/libraries/loader.rst
+++ b/user_guide_src/source/libraries/loader.rst
@@ -4,6 +4,7 @@ Loader Class
Loader, as the name suggests, is used to load elements. These elements
can be libraries (classes) :doc:`View files <../general/views>`,
+:doc:`Drivers <../general/drivers>`,
:doc:`Helpers <../general/helpers>`,
:doc:`Models <../general/models>`, or your own files.
@@ -74,6 +75,70 @@ Assigning a Library to a different object name
If the third (optional) parameter is blank, the library will usually be
assigned to an object with the same name as the library. For example, if
+the library is named Calendar, it will be assigned to a variable named
+$this->calendar.
+
+If you prefer to set your own class names you can pass its value to the
+third parameter::
+
+ $this->load->library('calendar', '', 'my_calendar');
+
+ // Calendar class is now accessed using:
+
+ $this->my_calendar
+
+Please take note, when multiple libraries are supplied in an array for
+the first parameter, this parameter is discarded.
+
+$this->load->driver('parent_name', $config, 'object name')
+===========================================================
+
+This function is used to load driver libraries. Where parent_name is the
+name of the parent class you want to load.
+
+As an example, if you would like to use sessions with CodeIgniter, the first
+step is to load the session driver within your controller::
+
+ $this->load->driver('session');
+
+Once loaded, the library will be ready for use, using
+$this->session->*some_function*().
+
+Driver files must be stored in a subdirectory within the main
+"libraries" folder, or within your personal application/libraries
+folder. The subdirectory must match the parent class name. Read the
+:doc:`Drivers <../general/drivers>` description for details.
+
+Additionally, multiple driver libraries can be loaded at the same time by
+passing an array of drivers to the load function.
+
+::
+
+ $this->load->driver(array('session', 'cache'));
+
+Setting options
+---------------
+
+The second (optional) parameter allows you to optionally pass
+configuration settings. You will typically pass these as an array::
+
+ $config = array (
+ 'sess_driver' => 'cookie',
+ 'sess_encrypt_cookie' => true,
+ 'encryption_key' => 'mysecretkey'
+ );
+
+ $this->load->driver('session', $config);
+
+Config options can usually also be set via a config file. Each library
+is explained in detail in its own page, so please read the information
+regarding each one you would like to use.
+
+Assigning a Driver to a different object name
+----------------------------------------------
+
+If the third (optional) parameter is blank, the library will be assigned
+to an object with the same name as the parent class. For example, if
the library is named Session, it will be assigned to a variable named
$this->session.
@@ -86,8 +151,8 @@ third parameter::
$this->my_session
-Please take note, when multiple libraries are supplied in an array for
-the first parameter, this parameter is discarded.
+.. note:: Driver libraries may also be loaded with the library() method,
+ but it is faster to use driver()
$this->load->view('file_name', $data, true/false)
==================================================
@@ -281,4 +346,4 @@ calling add_package_path().
// Again without the second parameter:
$this->load->add_package_path(APPPATH.'my_app', TRUE);
$this->load->view('my_app_index'); // Loads
- $this->load->view('welcome_message'); // Loads \ No newline at end of file
+ $this->load->view('welcome_message'); // Loads
diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst
index 5400524a9..dd9e8cbb4 100644
--- a/user_guide_src/source/libraries/sessions.rst
+++ b/user_guide_src/source/libraries/sessions.rst
@@ -1,29 +1,19 @@
-#############
-Session Class
-#############
+##############
+Session Driver
+##############
The Session class permits you maintain a user's "state" and track their
-activity while they browse your site. The Session class stores session
-information for each user as serialized (and optionally encrypted) data
-in a cookie. It can also store the session data in a database table for
-added security, as this permits the session ID in the user's cookie to
-be matched against the stored session ID. By default only the cookie is
-saved. If you choose to use the database option you'll need to create
-the session table as indicated below.
-
-.. note:: The Session class does **not** utilize native PHP sessions. It
- generates its own session data, offering more flexibility for
- developers.
-
-.. note:: Even if you are not using encrypted sessions, you must set
- an :doc:`encryption key <./encryption>` in your config file which is used
- to aid in preventing session data manipulation.
+activity while they browse your site. CodeIgniter offers two default
+session drivers: the classic `Cookie Driver`_, and the `Native Driver`_,
+which supports usage of the native PHP Session mechanism. In addition,
+you may create your own `Custom Drivers`_ to store session data however
+you wish, while still taking advantage of the features of the Session class.
Initializing a Session
======================
Sessions will typically run globally with each page load, so the session
-class must either be :doc:`initialized <../general/libraries>` in your
+class must either be :doc:`initialized <../general/drivers>` in your
:doc:`controller <../general/controllers>` constructors, or it can be
:doc:`auto-loaded <../general/autoloader>` by the system. For the most
part the session class will run unattended in the background, so simply
@@ -31,22 +21,25 @@ initializing the class will cause it to read, create, and update
sessions.
To initialize the Session class manually in your controller constructor,
-use the $this->load->library function::
+use the $this->load->driver function::
- $this->load->library('session');
+ $this->load->driver('session');
Once loaded, the Sessions library object will be available using:
$this->session
+.. note:: For backward compatibility, the Session class may stil be loaded
+ using the $this->load->library function, but converting your applications
+ to use $this->load->driver is strongly recommended.
+
How do Sessions work?
=====================
When a page is loaded, the session class will check to see if valid
-session data exists in the user's session cookie. If sessions data does
-**not** exist (or if it has expired) a new session will be created and
-saved in the cookie. If a session does exist, its information will be
-updated and the cookie will be updated. With each update, the
-session_id will be regenerated.
+session data exists in the user's session. If sessions data does **not**
+exist (or if it has expired) a new session will be created and saved.
+If a session does exist, its information will be updated. With each update,
+the session_id will be regenerated.
It's important for you to understand that once initialized, the Session
class runs automatically. There is nothing you need to do to cause the
@@ -79,19 +72,12 @@ prototype::
'last_activity' => timestamp
)
-If you have the encryption option enabled, the serialized array will be
-encrypted before being stored in the cookie, making the data highly
-secure and impervious to being read or altered by someone. More info
-regarding encryption can be :doc:`found here <encryption>`, although
-the Session class will take care of initializing and encrypting the data
-automatically.
-
-Note: Session cookies are only updated every five minutes by default to
-reduce processor load. If you repeatedly reload a page you'll notice
-that the "last activity" time only updates if five minutes or more has
-passed since the last time the cookie was written. This time is
-configurable by changing the $config['sess_time_to_update'] line in
-your system/config/config.php file.
+.. note:: Sessions are only updated every five minutes by default to
+ reduce processor load. If you repeatedly reload a page you'll notice
+ that the "last activity" time only updates if five minutes or more has
+ passed since the last time the cookie was written. This time is
+ configurable by changing the $config['sess_time_to_update'] line in
+ your system/config/config.php file.
Retrieving Session Data
=======================
@@ -106,7 +92,7 @@ fetch. For example, to fetch the session ID you will do this::
$session_id = $this->session->userdata('session_id');
-.. note:: The function returns FALSE (boolean) if the item you are
+.. note:: The function returns NULL if the item you are
trying to access does not exist.
Adding Custom Session Data
@@ -117,7 +103,7 @@ to it and it will be stored in the user's cookie. Why would you want to
do this? Here's one example:
Let's say a particular user logs into your site. Once authenticated, you
-could add their username and email address to the session cookie, making
+could add their username and email address to the session, making
that data globally available to you without having to run a database
query when you need it.
@@ -144,11 +130,11 @@ supports this syntax.
$this->session->set_userdata('some_name', 'some_value');
+If you want to verify that a userdata value exists, call has_userdata().
-.. note:: Cookies can only hold 4KB of data, so be careful not to exceed
- the capacity. The encryption process in particular produces a longer
- data string than the original so keep careful track of how much data you
- are storing.
+::
+
+ $this->session->has_userdata('some_name');
Retrieving All Session Data
===========================
@@ -195,8 +181,8 @@ available for the next server request, and are then automatically
cleared. These can be very useful, and are typically used for
informational or status messages (for example: "record 2 deleted").
-Note: Flash variables are prefaced with "flash\_" so avoid this prefix
-in your own session names.
+.. note:: Flash variables are prefaced with "flash\_" so avoid this prefix
+ in your own session names.
To add flashdata::
@@ -222,9 +208,162 @@ additional request, you can do so using the keep_flashdata() function.
$this->session->keep_flashdata('item');
+Tempdata
+========
+
+CodeIgniter also supports "tempdata", or session data with a specific
+expiration time. After the value expires, or the session expires or is
+deleted, the value is automatically removed.
+
+To add tempdata::
+
+ $expire = 300; // Expire in 5 minutes
+
+ $this->session->set_tempdata('item', 'value', $expire);
+
+You can also pass an array to set_tempdata()::
+
+ $tempdata = array('newuser' => TRUE, 'message' => 'Thanks for joining!');
+
+ $this->session->set_tempdata($tempdata, '', $expire);
+
+.. note:: If the expiration is omitted or set to 0, the default expiration of
+ 5 minutes will be used.
+
+To read a tempdata variable::
+
+ $this->session->tempdata('item');
+
+If you need to remove a tempdata value before it expires,
+use unset_tempdata()::
+
+ $this->session->unset_tempdata('item');
+
+Destroying a Session
+====================
+
+To clear the current session::
+
+ $this->session->sess_destroy();
+
+.. note:: This function should be the last one called, and even flash
+ variables will no longer be available. If you only want some items
+ destroyed and not all, use unset_userdata().
+
+Session Preferences
+===================
+
+You'll find the following Session related preferences in your
+application/config/config.php file:
+
+=========================== =============== =========================== ==========================================================================
+Preference Default Options Description
+=========================== =============== =========================== ==========================================================================
+**sess_driver** cookie cookie/native/*custom* The initial session driver to load.
+**sess_valid_drivers** cookie, native None Additional valid drivers which may be loaded.
+**sess_cookie_name** ci_session None The name you want the session cookie saved as (data for Cookie driver or
+ session ID for Native driver).
+**sess_expiration** 7200 None The number of seconds you would like the session to last. The default
+ value is 2 hours (7200 seconds). If you would like a non-expiring
+ session set the value to zero: 0
+**sess_expire_on_close** FALSE TRUE/FALSE (boolean) Whether to cause the session to expire automatically when the browser
+ window is closed.
+**sess_encrypt_cookie** FALSE TRUE/FALSE (boolean) Whether to encrypt the session data (Cookie driver only).
+**sess_use_database** FALSE TRUE/FALSE (boolean) Whether to save the session data to a database. You must create the
+ table before enabling this option (Cookie driver only).
+**sess_table_name** ci_sessions Any valid SQL table name The name of the session database table (Cookie driver only).
+**sess_time_to_update** 300 Time in seconds This options controls how often the session class will regenerate itself
+ and create a new session id.
+**sess_match_ip** FALSE TRUE/FALSE (boolean) Whether to match the user's IP address when reading the session data.
+ Note that some ISPs dynamically changes the IP, so if you want a
+ non-expiring session you will likely set this to FALSE.
+**sess_match_useragent** TRUE TRUE/FALSE (boolean) Whether to match the User Agent when reading the session data.
+=========================== =============== =========================== ==========================================================================
+
+In addition to the values above, the cookie and native drivers apply the
+following configuration values shared by the :doc:`Input <input>` and
+:doc:`Security <security>` classes:
+
+=========================== =============== ==========================================================================
+Preference Default Description
+=========================== =============== ==========================================================================
+**cookie_prefix** '' Set a cookie name prefix in order to avoid name collisions
+**cookie_domain** '' The domain for which the session is applicable
+**cookie_path** / The path to which the session is applicable
+=========================== =============== ==========================================================================
+
+Session Drivers
+===============
+
+By default, the `Cookie Driver`_ is loaded when a session is initialized.
+However, any valid driver may be selected with the $config['sess_driver']
+line in your config.php file.
+
+The session driver library comes with the cookie and native drivers
+installed, and `Custom Drivers`_ may also be installed by the user.
+
+Typically, only one driver will be used at a time, but CodeIgniter does
+support loading multiple drivers. If a specific valid driver is called, it
+will be automatically loaded. Or, an additional driver may be explicitly
+loaded by calling load_driver()::
+
+ $this->session->load_driver('native');
+
+The Session library keeps track of the most recently selected driver to call
+for driver methods. Normally, session class methods are called directly on
+the parent class, as illustrated above. However, any methods called through
+a specific driver will select that driver before invoking the parent method.
+
+So, alternation between multiple drivers can be achieved by specifying which
+driver to use for each call::
+
+ $this->session->native->set_userdata('foo', 'bar');
+
+ $this->session->cookie->userdata('foo');
+
+ $this->session->native->unset_userdata('foo');
+
+Notice in the previous example that the *native* userdata value 'foo'
+would be set to 'bar', which would NOT be returned by the call for
+the *cookie* userdata 'foo', nor would the *cookie* value be unset by
+the call to unset the *native* 'foo' value. The drivers maintain independent
+sets of values, regardless of key names.
+
+A specific driver may also be explicitly selected for use by pursuant
+methods with the select_driver() call::
+
+ $this->session->select_driver('native');
+
+ $this->session->userdata('item'); // Uses the native driver
+
+Cookie Driver
+-------------
+
+The Cookie driver stores session information for each user as serialized
+(and optionally encrypted) data in a cookie. It can also store the session
+data in a database table for added security, as this permits the session ID
+in the user's cookie to be matched against the stored session ID. By default
+only the cookie is saved. If you choose to use the database option you'll
+need to create the session table as indicated below.
+
+If you have the encryption option enabled, the serialized array will be
+encrypted before being stored in the cookie, making the data highly
+secure and impervious to being read or altered by someone. More info
+regarding encryption can be :doc:`found here <encryption>`, although
+the Session class will take care of initializing and encrypting the data
+automatically.
+
+.. note:: Even if you are not using encrypted sessions, you must set
+ an :doc:`encryption key <./encryption>` in your config file which is used
+ to aid in preventing session data manipulation.
+
+.. note:: Cookies can only hold 4KB of data, so be careful not to exceed
+ the capacity. The encryption process in particular produces a longer
+ data string than the original so keep careful track of how much data you
+ are storing.
Saving Session Data to a Database
-=================================
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
While the session data array stored in the user's cookie contains a
Session ID, unless you store session data in a database there is no way
@@ -267,44 +406,83 @@ session class::
$config['sess_table_name'] = 'ci_sessions';
-.. note:: The Session class has built-in garbage collection which clears
+.. note:: The Cookie driver has built-in garbage collection which clears
out expired sessions so you do not need to write your own routine to do
it.
-Destroying a Session
-====================
+Native Driver
+-------------
-To clear the current session::
+The Native driver relies on native PHP sessions to store data in the
+$_SESSION superglobal array. All stored values continue to be available
+through $_SESSION, but flash- and temp- data items carry special prefixes.
- $this->session->sess_destroy();
+Custom Drivers
+--------------
-.. note:: This function should be the last one called, and even flash
- variables will no longer be available. If you only want some items
- destroyed and not all, use unset_userdata().
+You may also :doc:`create your own <../general/creating_drivers>` custom
+session drivers. A session driver basically manages an array of name/value
+pairs with some sort of storage mechanism.
-Session Preferences
-===================
+To make a new driver, extend CI_Session_driver. Overload the initialize()
+method and read or create session data. Then implement a save handler to
+write changed data to storage (sess_save), a destroy handler to remove
+deleted data (sess_destroy), a regenerate handler to make a new session ID
+(sess_regenerate), and an access handler to expose the data (get_userdata).
+Your initial class might look like::
-You'll find the following Session related preferences in your
-application/config/config.php file:
+ class CI_Session_custom extends CI_Session_driver {
+ protected function initialize()
+ {
+ // Read existing session data or create a new one
+ }
+
+ public function sess_save()
+ {
+ // Save current data to storage
+ }
+
+ public function sess_destroy()
+ {
+ // Destroy the current session and clean up storage
+ }
+
+ public function sess_regenerate()
+ {
+ // Create new session ID
+ }
+
+ public function &get_userdata()
+ {
+ // Return a reference to your userdata array
+ }
+ }
+
+Notice that get_userdata() returns a reference so the parent library is
+accessing the same array the driver object is using. This saves memory
+and avoids synchronization issues during usage.
+
+Put your driver in the libraries/Session/drivers folder anywhere in your
+package paths. This includes the application directory, the system directory,
+or any path you add with $CI->load->add_package_path(). Your driver must be
+named CI_Session_<name>, and your filename must be Session_<name>.php,
+preferably also capitalized, such as::
+
+ CI_Session_foo in libraries/Session/drivers/Session_foo.php
+
+Then specify the driver by setting 'sess_driver' in your config.php file or as a
+parameter when loading the CI_Session object::
+
+ $config['sess_driver'] = 'foo';
+
+OR::
+
+ $CI->load->driver('session', array('sess_driver' => 'foo'));
+
+The driver specified by 'sess_driver' is automatically included as a valid
+driver. However, if you want to make a custom driver available as an option
+without making it the initially loaded driver, set 'sess_valid_drivers' in
+your config.php file to an array including your driver name::
+
+ $config['sess_valid_drivers'] = array('sess_driver');
-=========================== =============== =========================== ==========================================================================
-Preference Default Options Description
-=========================== =============== =========================== ==========================================================================
-**sess_cookie_name** ci_session None The name you want the session cookie saved as.
-**sess_expiration** 7200 None The number of seconds you would like the session to last. The default
- value is 2 hours (7200 seconds). If you would like a non-expiring
- session set the value to zero: 0
-**sess_expire_on_close** FALSE TRUE/FALSE (boolean) Whether to cause the session to expire automatically when the browser
- window is closed.
-**sess_encrypt_cookie** FALSE TRUE/FALSE (boolean) Whether to encrypt the session data.
-**sess_use_database** FALSE TRUE/FALSE (boolean) Whether to save the session data to a database. You must create the
- table before enabling this option.
-**sess_table_name** ci_sessions Any valid SQL table name The name of the session database table.
-**sess_time_to_update** 300 Time in seconds This options controls how often the session class will regenerate itself
- and create a new session id.
-**sess_match_ip** FALSE TRUE/FALSE (boolean) Whether to match the user's IP address when reading the session data.
- Note that some ISPs dynamically changes the IP, so if you want a
- non-expiring session you will likely set this to FALSE.
-**sess_match_useragent** TRUE TRUE/FALSE (boolean) Whether to match the User Agent when reading the session data.
-=========================== =============== =========================== ========================================================================== \ No newline at end of file