summaryrefslogtreecommitdiffstats
path: root/system/libraries/Session/drivers
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries/Session/drivers')
-rw-r--r--system/libraries/Session/drivers/Session_cookie.php816
-rw-r--r--system/libraries/Session/drivers/Session_database_driver.php292
-rw-r--r--system/libraries/Session/drivers/Session_files_driver.php287
-rw-r--r--system/libraries/Session/drivers/Session_memcached_driver.php301
-rw-r--r--system/libraries/Session/drivers/Session_native.php257
-rw-r--r--system/libraries/Session/drivers/Session_redis_driver.php321
6 files changed, 1201 insertions, 1073 deletions
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
deleted file mode 100644
index 0001dc2d8..000000000
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ /dev/null
@@ -1,816 +0,0 @@
-<?php
-/**
- * CodeIgniter
- *
- * An open source application development framework for PHP 5.2.4 or newer
- *
- * This content is released under the MIT License (MIT)
- *
- * Copyright (c) 2014, British Columbia Institute of Technology
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- * @package CodeIgniter
- * @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
- * @copyright Copyright (c) 2014, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
- * @link http://codeigniter.com
- * @since Version 1.0.0
- * @filesource
- */
-defined('BASEPATH') OR exit('No direct script access allowed');
-
-/**
- * Cookie-based session management driver
- *
- * This is the classic CI_Session functionality, as written by EllisLab, abstracted out to a driver.
- *
- * @package CodeIgniter
- * @subpackage Libraries
- * @category Sessions
- * @author EllisLab Dev Team
- * @link http://codeigniter.com/user_guide/libraries/sessions.html
- */
-class CI_Session_cookie extends CI_Session_driver {
-
- /**
- * Whether to encrypt the session cookie
- *
- * @var bool
- */
- public $sess_encrypt_cookie = FALSE;
-
- /**
- * Whether to use to the database for session storage
- *
- * @var bool
- */
- public $sess_use_database = FALSE;
-
- /**
- * Name of the database table in which to store sessions
- *
- * @var string
- */
- public $sess_table_name = '';
-
- /**
- * Length of time (in seconds) for sessions to expire
- *
- * @var int
- */
- public $sess_expiration = 7200;
-
- /**
- * Whether to kill session on close of browser window
- *
- * @var bool
- */
- public $sess_expire_on_close = FALSE;
-
- /**
- * Whether to match session on ip address
- *
- * @var bool
- */
- public $sess_match_ip = FALSE;
-
- /**
- * Whether to match session on user-agent
- *
- * @var bool
- */
- public $sess_match_useragent = TRUE;
-
- /**
- * Name of session cookie
- *
- * @var string
- */
- public $sess_cookie_name = 'ci_session';
-
- /**
- * Session cookie prefix
- *
- * @var string
- */
- public $cookie_prefix = '';
-
- /**
- * Session cookie path
- *
- * @var string
- */
- public $cookie_path = '';
-
- /**
- * Session cookie domain
- *
- * @var string
- */
- public $cookie_domain = '';
-
- /**
- * Whether to set the cookie only on HTTPS connections
- *
- * @var bool
- */
- public $cookie_secure = FALSE;
-
- /**
- * Whether cookie should be allowed only to be sent by the server
- *
- * @var bool
- */
- public $cookie_httponly = FALSE;
-
- /**
- * Interval at which to update session
- *
- * @var int
- */
- public $sess_time_to_update = 300;
-
- /**
- * Key with which to encrypt the session cookie
- *
- * @var string
- */
- public $encryption_key = '';
-
- /**
- * Timezone to use for the current time
- *
- * @var string
- */
- public $time_reference = 'local';
-
- /**
- * Session data
- *
- * @var array
- */
- public $userdata = array();
-
- /**
- * Current time
- *
- * @var int
- */
- public $now;
-
- // ------------------------------------------------------------------------
-
- /**
- * Default userdata keys
- *
- * @var array
- */
- protected $defaults = array(
- 'session_id' => NULL,
- 'ip_address' => NULL,
- 'user_agent' => NULL,
- 'last_activity' => NULL
- );
-
- /**
- * Data needs DB update flag
- *
- * @var bool
- */
- protected $data_dirty = FALSE;
-
- /**
- * Standardize newlines flag
- *
- * @var bool
- */
- protected $_standardize_newlines;
-
- // ------------------------------------------------------------------------
-
- /**
- * Initialize session driver object
- *
- * @return void
- */
- protected function initialize()
- {
- // Set all the session preferences, which can either be set
- // manually via the $params array or via the config file
- $prefs = array(
- 'sess_encrypt_cookie',
- 'sess_use_database',
- 'sess_table_name',
- 'sess_expiration',
- 'sess_expire_on_close',
- 'sess_match_ip',
- 'sess_match_useragent',
- 'sess_cookie_name',
- 'cookie_path',
- 'cookie_domain',
- 'cookie_secure',
- 'cookie_httponly',
- 'sess_time_to_update',
- 'time_reference',
- 'cookie_prefix',
- 'encryption_key',
- );
-
- $this->_standardize_newlines = (bool) config_item('standardize_newlines');
-
- foreach ($prefs as $key)
- {
- $this->$key = isset($this->_parent->params[$key])
- ? $this->_parent->params[$key]
- : $this->CI->config->item($key);
- }
-
- if (empty($this->encryption_key))
- {
- show_error('In order to use the Cookie Session driver you are required to set an encryption key in your config file.');
- }
-
- // Do we need encryption? If so, load the encryption class
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $this->CI->load->library('encryption');
- }
-
- // Check for database
- if ($this->sess_use_database === TRUE && $this->sess_table_name !== '')
- {
- // Load database driver
- $this->CI->load->database();
-
- // Register shutdown function
- register_shutdown_function(array($this, '_update_db'));
- }
-
- // Set the "now" time. Can either be GMT or server time, based on the config prefs.
- // We use this to set the "last activity" time
- $this->now = $this->_get_time();
-
- // Set the session length. If the session expiration is
- // set to zero we'll set the expiration two years from now.
- if ($this->sess_expiration === 0)
- {
- $this->sess_expiration = (60*60*24*365*2);
- }
-
- // Set the cookie name
- $this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;
-
- // Run the Session routine. If a session doesn't exist we'll
- // create a new one. If it does, we'll update it.
- if ( ! $this->_sess_read())
- {
- $this->_sess_create();
- }
- else
- {
- $this->_sess_update();
- }
-
- // Delete expired sessions if necessary
- $this->_sess_gc();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Write the session data
- *
- * @return void
- */
- public function sess_save()
- {
- // Check for database
- if ($this->sess_use_database === TRUE)
- {
- // Mark custom data as dirty so we know to update the DB
- $this->data_dirty = TRUE;
- }
-
- // Write the cookie
- $this->_set_cookie();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Destroy the current session
- *
- * @return void
- */
- public function sess_destroy()
- {
- // Kill the session DB row
- if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
- {
- $this->CI->db->delete($this->sess_table_name, array('session_id' => $this->userdata['session_id']));
- $this->data_dirty = FALSE;
- }
-
- // Kill the cookie
- $this->_setcookie($this->sess_cookie_name, '', ($this->now - 31500000),
- $this->cookie_path, $this->cookie_domain, 0);
-
- // Kill session data
- $this->userdata = array();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Regenerate the current session
- *
- * Regenerate the session id
- *
- * @param bool Destroy session data flag (default: false)
- * @return void
- */
- public function sess_regenerate($destroy = FALSE)
- {
- // Check destroy flag
- if ($destroy)
- {
- // Destroy old session and create new one
- $this->sess_destroy();
- $this->_sess_create();
- }
- else
- {
- // Just force an update to recreate the id
- $this->_sess_update(TRUE);
- }
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Get a reference to user data array
- *
- * @return array Reference to userdata
- */
- public function &get_userdata()
- {
- return $this->userdata;
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Fetch the current session data if it exists
- *
- * @return bool
- */
- protected function _sess_read()
- {
- // Fetch the cookie
- $session = $this->CI->input->cookie($this->sess_cookie_name);
-
- // No cookie? Goodbye cruel world!...
- if ($session === NULL)
- {
- log_message('debug', 'A session cookie was not found.');
- return FALSE;
- }
-
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $session = $this->CI->encryption->decrypt($session);
- if ($session === FALSE)
- {
- log_message('error', 'Session: Unable to decrypt the session cookie, possibly due to a HMAC mismatch.');
- return FALSE;
- }
- }
- else
- {
- if (($len = strlen($session) - 40) <= 0)
- {
- log_message('error', 'Session: The session cookie was not signed.');
- return FALSE;
- }
-
- // Check cookie authentication
- $hmac = substr($session, $len);
- $session = substr($session, 0, $len);
-
- // Time-attack-safe comparison
- $hmac_check = hash_hmac('sha1', $session, $this->encryption_key);
- $diff = 0;
- for ($i = 0; $i < 40; $i++)
- {
- $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]);
- }
-
- if ($diff !== 0)
- {
- log_message('error', 'Session: HMAC mismatch. The session cookie data did not match what was expected.');
- $this->sess_destroy();
- return FALSE;
- }
- }
-
- // Unserialize the session array
- $session = @unserialize($session);
-
- // Is the session data we unserialized an array with the correct format?
- if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))
- {
- log_message('debug', 'Session: Wrong cookie data format');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is the session current?
- if (($session['last_activity'] + $this->sess_expiration) < $this->now OR $session['last_activity'] > $this->now)
- {
- log_message('debug', 'Session: Expired');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Does the IP match?
- if ($this->sess_match_ip === TRUE && $session['ip_address'] !== $this->CI->input->ip_address())
- {
- log_message('debug', 'Session: IP address mismatch');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Does the User Agent Match?
- if ($this->sess_match_useragent === TRUE &&
- trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
- {
- log_message('debug', 'Session: User Agent string mismatch');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is there a corresponding session in the DB?
- if ($this->sess_use_database === TRUE)
- {
- $this->CI->db->where('session_id', $session['session_id']);
-
- if ($this->sess_match_ip === TRUE)
- {
- $this->CI->db->where('ip_address', $session['ip_address']);
- }
-
- if ($this->sess_match_useragent === TRUE)
- {
- $this->CI->db->where('user_agent', $session['user_agent']);
- }
-
- // Is caching in effect? Turn it off
- $db_cache = $this->CI->db->cache_on;
- $this->CI->db->cache_off();
-
- $query = $this->CI->db->limit(1)->get($this->sess_table_name);
-
- // Was caching in effect?
- if ($db_cache)
- {
- // Turn it back on
- $this->CI->db->cache_on();
- }
-
- // No result? Kill it!
- if (empty($query) OR $query->num_rows() === 0)
- {
- log_message('debug', 'Session: No match found in our database');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is there custom data? If so, add it to the main session array
- $row = $query->row();
- if ( ! empty($row->user_data))
- {
- $custom_data = unserialize(trim($row->user_data));
-
- if (is_array($custom_data))
- {
- $session = $session + $custom_data;
- }
- }
- }
-
- // Session is valid!
- $this->userdata = $session;
- return TRUE;
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Create a new session
- *
- * @return void
- */
- protected function _sess_create()
- {
- // Initialize userdata
- $this->userdata = array(
- 'session_id' => $this->_make_sess_id(),
- 'ip_address' => $this->CI->input->ip_address(),
- 'user_agent' => trim(substr($this->CI->input->user_agent(), 0, 120)),
- 'last_activity' => $this->now,
- );
-
- log_message('debug', 'Session: Creating new session ('.$this->userdata['session_id'].')');
-
- // Check for database
- if ($this->sess_use_database === TRUE)
- {
- // Add empty user_data field and save the data to the DB
- $this->CI->db->set('user_data', '')->insert($this->sess_table_name, $this->userdata);
- }
-
- // Write the cookie
- $this->_set_cookie();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Update an existing session
- *
- * @param bool Force update flag (default: false)
- * @return void
- */
- protected function _sess_update($force = FALSE)
- {
- // We only update the session every five minutes by default (unless forced)
- if ( ! $force && ($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
- {
- return;
- }
-
- // Update last activity to now
- $this->userdata['last_activity'] = $this->now;
-
- // Save the old session id so we know which DB record to update
- $old_sessid = $this->userdata['session_id'];
-
- // Changing the session ID during an AJAX call causes problems
- if ( ! $this->CI->input->is_ajax_request())
- {
- // Get new id
- $this->userdata['session_id'] = $this->_make_sess_id();
-
- log_message('debug', 'Session: Regenerate ID');
- }
-
- // Check for database
- if ($this->sess_use_database === TRUE)
- {
- $this->CI->db->where('session_id', $old_sessid);
-
- if ($this->sess_match_ip === TRUE)
- {
- $this->CI->db->where('ip_address', $this->CI->input->ip_address());
- }
-
- if ($this->sess_match_useragent === TRUE)
- {
- $this->CI->db->where('user_agent', trim(substr($this->CI->input->user_agent(), 0, 120)));
- }
-
- // Update the session ID and last_activity field in the DB
- $this->CI->db->update($this->sess_table_name,
- array(
- 'last_activity' => $this->now,
- 'session_id' => $this->userdata['session_id']
- )
- );
- }
-
- // Write the cookie
- $this->_set_cookie();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Update database with current data
- *
- * This gets called from the shutdown function and also
- * registered with PHP to run at the end of the request
- * so it's guaranteed to update even when a fatal error
- * occurs. The first call makes the update and clears the
- * dirty flag so it won't happen twice.
- *
- * @return void
- */
- public function _update_db()
- {
- // Check for database and dirty flag and unsaved
- if ($this->sess_use_database === TRUE && $this->data_dirty === TRUE)
- {
- // Set up activity and data fields to be set
- // If we don't find custom data, user_data will remain an empty string
- $set = array(
- 'last_activity' => $this->userdata['last_activity'],
- 'user_data' => ''
- );
-
- // Get the custom userdata, leaving out the defaults
- // (which get stored in the cookie)
- $userdata = array_diff_key($this->userdata, $this->defaults);
-
- // Did we find any custom data?
- if ( ! empty($userdata))
- {
- // Serialize the custom data array so we can store it
- $set['user_data'] = serialize($userdata);
- }
-
- // Reset query builder values.
- $this->CI->db->reset_query();
-
- // Run the update query
- // Any time we change the session id, it gets updated immediately,
- // so our where clause below is always safe
- $this->CI->db->where('session_id', $this->userdata['session_id']);
-
- if ($this->sess_match_ip === TRUE)
- {
- $this->CI->db->where('ip_address', $this->CI->input->ip_address());
- }
-
- if ($this->sess_match_useragent === TRUE)
- {
- $this->CI->db->where('user_agent', trim(substr($this->CI->input->user_agent(), 0, 120)));
- }
-
- $this->CI->db->update($this->sess_table_name, $set);
-
- // Clear dirty flag to prevent double updates
- $this->data_dirty = FALSE;
-
- log_message('debug', 'CI_Session Data Saved To DB');
- }
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Generate a new session id
- *
- * @return string Hashed session id
- */
- protected function _make_sess_id()
- {
- $new_sessid = '';
- do
- {
- $new_sessid .= mt_rand();
- }
- while (strlen($new_sessid) < 32);
-
- // To make the session ID even more secure we'll combine it with the user's IP
- $new_sessid .= $this->CI->input->ip_address();
-
- // Turn it into a hash and return
- return md5(uniqid($new_sessid, TRUE));
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Get the "now" time
- *
- * @return int Time
- */
- protected function _get_time()
- {
- if ($this->time_reference === 'local' OR $this->time_reference === date_default_timezone_get())
- {
- return time();
- }
-
- $datetime = new DateTime('now', new DateTimeZone($this->time_reference));
- sscanf($datetime->format('j-n-Y G:i:s'), '%d-%d-%d %d:%d:%d', $day, $month, $year, $hour, $minute, $second);
-
- return mktime($hour, $minute, $second, $month, $day, $year);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Write the session cookie
- *
- * @return void
- */
- protected function _set_cookie()
- {
- // Get userdata (only defaults if database)
- $cookie_data = ($this->sess_use_database === TRUE)
- ? array_intersect_key($this->userdata, $this->defaults)
- : $this->userdata;
-
- // The Input class will do this and since we use HMAC verification,
- // unless we standardize here as well, the hash won't match.
- if ($this->_standardize_newlines)
- {
- foreach (array_keys($this->userdata) as $key)
- {
- $this->userdata[$key] = preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $this->userdata[$key]);
- }
- }
-
- // Serialize the userdata for the cookie
- $cookie_data = serialize($cookie_data);
-
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $cookie_data = $this->CI->encryption->encrypt($cookie_data);
- }
- else
- {
- // Require message authentication
- $cookie_data .= hash_hmac('sha1', $cookie_data, $this->encryption_key);
- }
-
- $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
-
- // Set the cookie
- $this->_setcookie($this->sess_cookie_name, $cookie_data, $expire, $this->cookie_path, $this->cookie_domain,
- $this->cookie_secure, $this->cookie_httponly);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Set a cookie with the system
- *
- * This abstraction of the setcookie call allows overriding for unit testing
- *
- * @param string Cookie name
- * @param string Cookie value
- * @param int Expiration time
- * @param string Cookie path
- * @param string Cookie domain
- * @param bool Secure connection flag
- * @param bool HTTP protocol only flag
- * @return void
- */
- protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = FALSE, $httponly = FALSE)
- {
- setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Garbage collection
- *
- * This deletes expired session rows from database
- * if the probability percentage is met
- *
- * @return void
- */
- protected function _sess_gc()
- {
- if ($this->sess_use_database !== TRUE)
- {
- return;
- }
-
- $probability = ini_get('session.gc_probability');
- $divisor = ini_get('session.gc_divisor');
-
- if (mt_rand(1, $divisor) <= $probability)
- {
- $expire = $this->now - $this->sess_expiration;
- $this->CI->db->delete($this->sess_table_name, 'last_activity < '.$expire);
-
- log_message('debug', 'Session garbage collection performed.');
- }
- }
-
-}
-
-/* End of file Session_cookie.php */
-/* Location: ./system/libraries/Session/drivers/Session_cookie.php */ \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
new file mode 100644
index 000000000..efdec40e5
--- /dev/null
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -0,0 +1,292 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author Andrey Andreev
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 3.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * CodeIgniter Session Database Driver
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+class CI_Session_database_driver extends CI_Session_driver implements SessionHandlerInterface {
+
+ /**
+ * DB object
+ *
+ * @var object
+ */
+ protected $_db;
+
+ /**
+ * Row exists flag
+ *
+ * @var bool
+ */
+ protected $_row_exists = FALSE;
+
+ /**
+ * Lock "driver" flag
+ *
+ * @var string
+ */
+ protected $_lock_driver = 'semaphore';
+
+ // ------------------------------------------------------------------------
+
+ /**
+ * Class constructor
+ *
+ * @param array $params Configuration parameters
+ * @return void
+ */
+ public function __construct(&$params)
+ {
+ parent::__construct($params);
+
+ $CI =& get_instance();
+ isset($CI->db) OR $CI->load->database();
+ $this->_db =& $CI->db;
+
+ if ( ! $this->_db instanceof CI_DB_query_builder)
+ {
+ throw new Exception('Query Builder not enabled for the configured database. Aborting.');
+ }
+ elseif ($this->_db->pconnect)
+ {
+ throw new Exception('Configured database connection is persistent. Aborting.');
+ }
+
+ $db_driver = $this->_db->dbdriver.(empty($this->_db->subdriver) ? '' : '_'.$this->_db->subdriver);
+ if (strpos($db_driver, 'mysql') !== FALSE)
+ {
+ $this->_lock_driver = 'mysql';
+ }
+ elseif (in_array($db_driver, array('postgre', 'pdo_pgsql'), TRUE))
+ {
+ $this->_lock_driver = 'postgre';
+ }
+
+ isset($this->_config['save_path']) OR $this->_config['save_path'] = config_item('sess_table_name');
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function open($save_path, $name)
+ {
+ return empty($this->_db->conn_id)
+ ? ( ! $this->_db->autoinit && $this->_db->db_connect())
+ : TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function read($session_id)
+ {
+ if ($this->_get_lock($session_id) !== FALSE)
+ {
+ // Needed by write() to detect session_regenerate_id() calls
+ $this->_session_id = $session_id;
+
+ $this->_db
+ ->select('data')
+ ->from($this->_config['save_path'])
+ ->where('id', $session_id);
+
+ if ($this->_config['match_ip'])
+ {
+ $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ }
+
+ if (($result = $this->_db->get()->row()) === NULL)
+ {
+ $this->_fingerprint = md5('');
+ return '';
+ }
+
+ $this->_fingerprint = md5(rtrim($result->data));
+ $this->_row_exists = TRUE;
+ return $result->data;
+ }
+
+ $this->_fingerprint = md5('');
+ return '';
+ }
+
+ public function write($session_id, $session_data)
+ {
+ // Was the ID regenerated?
+ if ($session_id !== $this->_session_id)
+ {
+ if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id))
+ {
+ return FALSE;
+ }
+
+ $this->_row_exists = FALSE;
+ $this->_session_id = $session_id;
+ }
+ elseif ($this->_lock === FALSE)
+ {
+ return FALSE;
+ }
+
+ if ($this->_row_exists === FALSE)
+ {
+ if ($this->_db->insert($this->_config['save_path'], array('id' => $session_id, 'ip_address' => $_SERVER['REMOTE_ADDR'], 'timestamp' => time(), 'data' => $session_data)))
+ {
+ $this->_fingerprint = md5($session_data);
+ return $this->_row_exists = TRUE;
+ }
+
+ return FALSE;
+ }
+
+ $this->_db->where('id', $session_id);
+ if ($this->_config['match_ip'])
+ {
+ $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ }
+
+ $update_data = ($this->_fingerprint === md5($session_data))
+ ? array('timestamp' => time())
+ : array('timestamp' => time(), 'data' => $session_data);
+
+ if ($this->_db->update($this->_config['save_path'], $update_data))
+ {
+ $this->_fingerprint = md5($session_data);
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function close()
+ {
+ return ($this->_lock)
+ ? $this->_release_lock()
+ : TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function destroy($session_id)
+ {
+ if ($this->_lock)
+ {
+ $this->_db->where('id', $session_id);
+ if ($this->_config['match_ip'])
+ {
+ $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ }
+
+ return $this->_db->delete($this->_config['save_path'])
+ ? ($this->close() && $this->_cookie_destroy())
+ : FALSE;
+ }
+
+ return ($this->close() && $this->_cookie_destroy());
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function gc($maxlifetime)
+ {
+ return $this->_db->delete($this->_config['save_path'], 'timestamp < '.(time() - $maxlifetime));
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _get_lock($session_id)
+ {
+ if ($this->_lock_driver === 'mysql')
+ {
+ $arg = $session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : '');
+ if ($this->_db->query("SELECT GET_LOCK('".$arg."', 10) AS ci_session_lock")->row()->ci_session_lock)
+ {
+ $this->_lock = $arg;
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+ elseif ($this->_lock_driver === 'postgre')
+ {
+ $arg = "hashtext('".$session_id."')".($this->_config['match_ip'] ? ", hashtext('".$_SERVER['REMOTE_ADDR']."')" : '');
+ if ($this->_db->simple_query('SELECT pg_advisory_lock('.$arg.')'))
+ {
+ $this->_lock = $arg;
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ return parent::_get_lock($session_id);
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _release_lock()
+ {
+ if ( ! $this->_lock)
+ {
+ return TRUE;
+ }
+
+ if ($this->_lock_driver === 'mysql')
+ {
+ if ($this->_db->query("SELECT RELEASE_LOCK('".$this->_lock."') AS ci_session_lock")->row()->ci_session_lock)
+ {
+ $this->_lock = FALSE;
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+ elseif ($this->_lock_driver === 'postgre')
+ {
+ if ($this->_db->simple_query('SELECT pg_advisory_unlock('.$this->_lock.')'))
+ {
+ $this->_lock = FALSE;
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ return parent::_release_lock();
+ }
+
+}
+
+/* End of file Session_database_driver.php */
+/* Location: ./system/libraries/Session/drivers/Session_database_driver.php */ \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
new file mode 100644
index 000000000..973337753
--- /dev/null
+++ b/system/libraries/Session/drivers/Session_files_driver.php
@@ -0,0 +1,287 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author Andrey Andreev
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 3.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * CodeIgniter Session Files Driver
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+class CI_Session_files_driver extends CI_Session_driver implements SessionHandlerInterface {
+
+ /**
+ * Save path
+ *
+ * @var string
+ */
+ protected $_save_path;
+
+ /**
+ * File handle
+ *
+ * @var resource
+ */
+ protected $_file_handle;
+
+ /**
+ * File name
+ *
+ * @var resource
+ */
+ protected $_file_path;
+
+ /**
+ * File new flag
+ *
+ * @var bool
+ */
+ protected $_file_new;
+
+ // ------------------------------------------------------------------------
+
+ /**
+ * Class constructor
+ *
+ * @param array $params Configuration parameters
+ * @return void
+ */
+ public function __construct(&$params)
+ {
+ parent::__construct($params);
+
+ if (isset($this->_config['save_path']))
+ {
+ $this->_config['save_path'] = rtrim($this->_config['save_path'], '/\\');
+ ini_set('session.save_path', $this->_config['save_path']);
+ }
+ else
+ {
+ $this->_config['save_path'] = rtrim(ini_get('session.save_path'), '/\\');
+ }
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function open($save_path, $name)
+ {
+ if ( ! is_dir($save_path) && ! mkdir($save_path, 0700, TRUE))
+ {
+ log_message('error', "Session: Configured save path '".$this->_config['save_path']."' is not a directory, doesn't exist or cannot be created.");
+ return FALSE;
+ }
+
+ $this->_config['save_path'] = $save_path;
+ $this->_file_path = $this->_config['save_path'].DIRECTORY_SEPARATOR
+ .$name // we'll use the session cookie name as a prefix to avoid collisions
+ .($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : '');
+
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function read($session_id)
+ {
+ // This might seem weird, but PHP 5.6 introduces session_reset(),
+ // which re-reads session data
+ if ($this->_file_handle === NULL)
+ {
+ // Just using fopen() with 'c+b' mode would be perfect, but it is only
+ // available since PHP 5.2.6 and we have to set permissions for new files,
+ // so we'd have to hack around this ...
+ if (($this->_file_new = ! file_exists($this->_file_path.$session_id)) === TRUE)
+ {
+ if (($this->_file_handle = fopen($this->_file_path.$session_id, 'w+b')) === FALSE)
+ {
+ log_message('error', "Session: File '".$this->_file_path.$session_id."' doesn't exist and cannot be created.");
+ return FALSE;
+ }
+ }
+ elseif (($this->_file_handle = fopen($this->_file_path.$session_id, 'r+b')) === FALSE)
+ {
+ log_message('error', "Session: Unable to open file '".$this->_file_path.$session_id."'.");
+ return FALSE;
+ }
+
+ if (flock($this->_file_handle, LOCK_EX) === FALSE)
+ {
+ log_message('error', "Session: Unable to obtain lock for file '".$this->_file_path.$session_id."'.");
+ fclose($this->_file_handle);
+ $this->_file_handle = NULL;
+ return FALSE;
+ }
+
+ // Needed by write() to detect session_regenerate_id() calls
+ $this->_session_id = $session_id;
+
+ if ($this->_file_new)
+ {
+ chmod($this->_file_path.$session_id, 0600);
+ $this->_fingerprint = md5('');
+ return '';
+ }
+ }
+ else
+ {
+ rewind($this->_file_handle);
+ }
+
+ $session_data = '';
+ for ($read = 0, $length = filesize($this->_file_path.$session_id); $read < $length; $read += strlen($buffer))
+ {
+ if (($buffer = fread($this->_file_handle, $length - $read)) === FALSE)
+ {
+ break;
+ }
+
+ $session_data .= $buffer;
+ }
+
+ $this->_fingerprint = md5($session_data);
+ return $session_data;
+ }
+
+ public function write($session_id, $session_data)
+ {
+ // If the two IDs don't match, we have a session_regenerate_id() call
+ // and we need to close the old handle and open a new one
+ if ($session_id !== $this->_session_id && ( ! $this->close() OR $this->read($session_id) === FALSE))
+ {
+ return FALSE;
+ }
+
+ if ( ! is_resource($this->_file_handle))
+ {
+ return FALSE;
+ }
+ elseif ($this->_fingerprint === md5($session_data))
+ {
+ return ($this->_file_new)
+ ? TRUE
+ : touch($this->_file_path.$session_id);
+ }
+
+ if ( ! $this->_file_new)
+ {
+ ftruncate($this->_file_handle, 0);
+ rewind($this->_file_handle);
+ }
+
+ if (($length = strlen($session_data)) > 0)
+ {
+ for ($written = 0; $written < $length; $written += $result)
+ {
+ if (($result = fwrite($this->_file_handle, substr($session_data, $written))) === FALSE)
+ {
+ break;
+ }
+ }
+
+ if ( ! is_int($result))
+ {
+ $this->_fingerprint = md5(substr($session_data, 0, $written));
+ log_message('error', 'Session: Unable to write data.');
+ return FALSE;
+ }
+ }
+
+ $this->_fingerprint = md5($session_data);
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function close()
+ {
+ if (is_resource($this->_file_handle))
+ {
+ flock($this->_file_handle, LOCK_UN);
+ fclose($this->_file_handle);
+
+ $this->_file_handle = $this->_file_new = $this->_session_id = NULL;
+ return TRUE;
+ }
+
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function destroy($session_id)
+ {
+ if ($this->close())
+ {
+ return unlink($this->_file_path.$session_id) && $this->_cookie_destroy();
+ }
+ elseif ($this->_file_path !== NULL)
+ {
+ clearstatcache();
+ return file_exists($this->_file_path.$session_id)
+ ? (unlink($this->_file_path.$session_id) && $this->_cookie_destroy())
+ : TRUE;
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function gc($maxlifetime)
+ {
+ if ( ! is_dir($this->_config['save_path']) OR ($files = scandir($this->_config['save_path'])) === FALSE)
+ {
+ log_message('debug', "Session: Garbage collector couldn't list files under directory '".$this->_config['save_path']."'.");
+ return FALSE;
+ }
+
+ $ts = time() - $maxlifetime;
+
+ foreach ($files as $file)
+ {
+ // If the filename doesn't match this pattern, it's either not a session file or is not ours
+ if ( ! preg_match('/(?:[0-9a-f]{32})?[0-9a-f]{40}$/i', $file)
+ OR ! is_file($this->_config['save_path'].DIRECTORY_SEPARATOR.$file)
+ OR ($mtime = filemtime($this->_config['save_path'].DIRECTORY_SEPARATOR.$file)) === FALSE
+ OR $mtime > $ts)
+ {
+ continue;
+ }
+
+ unlink($this->_config['save_path'].DIRECTORY_SEPARATOR.$file);
+ }
+
+ return TRUE;
+ }
+
+}
+
+/* End of file Session_files_driver.php */
+/* Location: ./system/libraries/Session/drivers/Session_files_driver.php */ \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
new file mode 100644
index 000000000..6652addee
--- /dev/null
+++ b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -0,0 +1,301 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author Andrey Andreev
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 3.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * CodeIgniter Session Memcached Driver
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+class CI_Session_memcached_driver extends CI_Session_driver implements SessionHandlerInterface {
+
+ /**
+ * Memcached instance
+ *
+ * @var Memcached
+ */
+ protected $_memcached;
+
+ /**
+ * Key prefix
+ *
+ * @var string
+ */
+ protected $_key_prefix = 'ci_session:';
+
+ /**
+ * Lock key
+ *
+ * @var string
+ */
+ protected $_lock_key;
+
+ // ------------------------------------------------------------------------
+
+ /**
+ * Class constructor
+ *
+ * @param array $params Configuration parameters
+ * @return void
+ */
+ public function __construct(&$params)
+ {
+ parent::__construct($params);
+
+ if (empty($this->_config['save_path']))
+ {
+ log_message('error', 'Session: No Memcached save path configured.');
+ }
+
+ if ($this->_config['match_ip'] === TRUE)
+ {
+ $this->_key_prefix .= $_SERVER['REMOTE_ADDR'].':';
+ }
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function open($save_path, $name)
+ {
+ $this->_memcached = new Memcached();
+ $this->_memcached->setOption(Memcached::OPT_BINARY_PROTOCOL, TRUE); // required for touch() usage
+ $server_list = array();
+ foreach ($this->_memcached->getServerList() as $server)
+ {
+ $server_list[] = $server['host'].':'.$server['port'];
+ }
+
+ if ( ! preg_match_all('#,?([^,:]+)\:(\d{1,5})(?:\:(\d+))?#', $this->_config['save_path'], $matches, PREG_SET_ORDER))
+ {
+ $this->_memcached = NULL;
+ log_message('error', 'Session: Invalid Memcached save path format: '.$this->_config['save_path']);
+ return FALSE;
+ }
+
+ foreach ($matches as $match)
+ {
+ // If Memcached already has this server (or if the port is invalid), skip it
+ if (in_array($match[1].':'.$match[2], $server_list, TRUE))
+ {
+ log_message('debug', 'Session: Memcached server pool already has '.$match[1].':'.$match[2]);
+ continue;
+ }
+
+ if ( ! $this->_memcached->addServer($match[1], $match[2], isset($match[3]) ? $match[3] : 0))
+ {
+ log_message('error', 'Could not add '.$match[1].':'.$match[2].' to Memcached server pool.');
+ }
+ else
+ {
+ $server_list[] = $match[1].':'.$match[2];
+ }
+ }
+
+ if (empty($server_list))
+ {
+ log_message('error', 'Session: Memcached server pool is empty.');
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function read($session_id)
+ {
+ if (isset($this->_memcached) && $this->_get_lock($session_id))
+ {
+ // Needed by write() to detect session_regenerate_id() calls
+ $this->_session_id = $session_id;
+
+ $session_data = (string) $this->_memcached->get($this->_key_prefix.$session_id);
+ $this->_fingerprint = md5($session_data);
+ return $session_data;
+ }
+
+ return FALSE;
+ }
+
+ public function write($session_id, $session_data)
+ {
+ if ( ! isset($this->_memcached))
+ {
+ return FALSE;
+ }
+ // Was the ID regenerated?
+ elseif ($session_id !== $this->_session_id)
+ {
+ if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id))
+ {
+ return FALSE;
+ }
+
+ $this->_fingerprint = md5('');
+ $this->_session_id = $session_id;
+ }
+
+ if (isset($this->_lock_key))
+ {
+ $this->_memcached->replace($this->_lock_key, time(), 5);
+ if ($this->_fingerprint !== ($fingerprint = md5($session_data)))
+ {
+ if ($this->_memcached->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration']))
+ {
+ $this->_fingerprint = $fingerprint;
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ return $this->_memcached->touch($this->_key_prefix.$session_id, $this->_config['expiration']);
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function close()
+ {
+ if (isset($this->_memcached))
+ {
+ isset($this->_lock_key) && $this->_memcached->delete($this->_lock_key);
+ if ( ! $this->_memcached->quit())
+ {
+ return FALSE;
+ }
+
+ $this->_memcached = NULL;
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function destroy($session_id)
+ {
+ if (isset($this->_memcached, $this->_lock_key))
+ {
+ $this->_memcached->delete($this->_key_prefix.$session_id);
+ return $this->_cookie_destroy();
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function gc($maxlifetime)
+ {
+ // Not necessary, Memcached takes care of that.
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _get_lock($session_id)
+ {
+ if (isset($this->_lock_key))
+ {
+ return $this->_memcached->replace($this->_lock_key, time(), 5);
+ }
+
+ $lock_key = $this->_key_prefix.$session_id.':lock';
+ if ( ! ($ts = $this->_memcached->get($lock_key)))
+ {
+ if ( ! $this->_memcached->set($lock_key, TRUE, 5))
+ {
+ log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id);
+ return FALSE;
+ }
+
+ $this->_lock_key = $lock_key;
+ $this->_lock = TRUE;
+ return TRUE;
+ }
+
+ // Another process has the lock, we'll try to wait for it to free itself ...
+ $attempt = 0;
+ while ($attempt++ < 5)
+ {
+ usleep(((time() - $ts) * 1000000) - 20000);
+ if (($ts = $this->_memcached->get($lock_key)) < time())
+ {
+ continue;
+ }
+
+ if ( ! $this->_memcached->set($lock_key, time(), 5))
+ {
+ log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id);
+ return FALSE;
+ }
+
+ $this->_lock_key = $lock_key;
+ break;
+ }
+
+ if ($attempt === 5)
+ {
+ log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 5 attempts, aborting.');
+ return FALSE;
+ }
+
+ $this->_lock = TRUE;
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _release_lock()
+ {
+ if (isset($this->_memcached, $this->_lock_key) && $this->_lock)
+ {
+ if ( ! $this->_memcached->delete($this->_lock_key) && $this->_memcached->getResultCode() !== Memcached::RES_NOTFOUND)
+ {
+ log_message('error', 'Session: Error while trying to free lock for '.$this->_key_prefix.$session_id);
+ return FALSE;
+ }
+
+ $this->_lock_key = NULL;
+ $this->_lock = FALSE;
+ }
+
+ return TRUE;
+ }
+
+}
+
+/* End of file Session_memcached_driver.php */
+/* Location: ./system/libraries/Session/drivers/Session_memcached_driver.php */ \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
deleted file mode 100644
index 995f5a768..000000000
--- a/system/libraries/Session/drivers/Session_native.php
+++ /dev/null
@@ -1,257 +0,0 @@
-<?php
-/**
- * CodeIgniter
- *
- * An open source application development framework for PHP 5.2.4 or newer
- *
- * This content is released under the MIT License (MIT)
- *
- * Copyright (c) 2014, British Columbia Institute of Technology
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- * @package CodeIgniter
- * @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
- * @copyright Copyright (c) 2014, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
- * @link http://codeigniter.com
- * @since Version 1.0.0
- * @filesource
- */
-defined('BASEPATH') OR exit('No direct script access allowed');
-
-/**
- * Native PHP session management driver
- *
- * This is the driver that uses the native PHP $_SESSION array through the Session driver library.
- *
- * @package CodeIgniter
- * @subpackage Libraries
- * @category Sessions
- * @author EllisLab Dev Team
- */
-class CI_Session_native extends CI_Session_driver {
-
- /**
- * Initialize session driver object
- *
- * @return void
- */
- protected function initialize()
- {
- // Get config parameters
- $config = array();
- $prefs = array(
- 'sess_cookie_name',
- 'sess_expire_on_close',
- 'sess_expiration',
- 'sess_match_ip',
- 'sess_match_useragent',
- 'sess_time_to_update',
- 'cookie_prefix',
- 'cookie_path',
- 'cookie_domain',
- 'cookie_secure',
- 'cookie_httponly'
- );
-
- foreach ($prefs as $key)
- {
- $config[$key] = isset($this->_parent->params[$key])
- ? $this->_parent->params[$key]
- : $this->CI->config->item($key);
- }
-
- // Set session name, if specified
- if ($config['sess_cookie_name'])
- {
- // Differentiate name from cookie driver with '_id' suffix
- $name = $config['sess_cookie_name'].'_id';
- if ($config['cookie_prefix'])
- {
- // Prepend cookie prefix
- $name = $config['cookie_prefix'].$name;
- }
- session_name($name);
- }
-
- // Set expiration, path, and domain
- $expire = 7200;
- $path = '/';
- $domain = '';
- $secure = (bool) $config['cookie_secure'];
- $http_only = (bool) $config['cookie_httponly'];
-
- if ($config['sess_expiration'] !== FALSE)
- {
- // Default to 2 years if expiration is "0"
- $expire = ($config['sess_expiration'] == 0) ? (60*60*24*365*2) : $config['sess_expiration'];
- }
-
- if ($config['cookie_path'])
- {
- // Use specified path
- $path = $config['cookie_path'];
- }
-
- if ($config['cookie_domain'])
- {
- // Use specified domain
- $domain = $config['cookie_domain'];
- }
-
- session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain, $secure, $http_only);
-
- // Start session
- session_start();
-
- // Check session expiration, ip, and agent
- $now = time();
- $destroy = FALSE;
- if (isset($_SESSION['last_activity']) && (($_SESSION['last_activity'] + $expire) < $now OR $_SESSION['last_activity'] > $now))
- {
- // Expired - destroy
- log_message('debug', 'Session: Expired');
- $destroy = TRUE;
- }
- elseif ($config['sess_match_ip'] === TRUE && isset($_SESSION['ip_address'])
- && $_SESSION['ip_address'] !== $this->CI->input->ip_address())
- {
- // IP doesn't match - destroy
- log_message('debug', 'Session: IP address mismatch');
- $destroy = TRUE;
- }
- elseif ($config['sess_match_useragent'] === TRUE && isset($_SESSION['user_agent'])
- && $_SESSION['user_agent'] !== trim(substr($this->CI->input->user_agent(), 0, 50)))
- {
- // Agent doesn't match - destroy
- log_message('debug', 'Session: User Agent string mismatch');
- $destroy = TRUE;
- }
-
- // Destroy expired or invalid session
- if ($destroy)
- {
- // Clear old session and start new
- $this->sess_destroy();
- session_start();
- }
-
- // Check for update time
- if ($config['sess_time_to_update'] && isset($_SESSION['last_activity'])
- && ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now)
- {
- // Changing the session ID amidst a series of AJAX calls causes problems
- if ( ! $this->CI->input->is_ajax_request())
- {
- // Regenerate ID, but don't destroy session
- log_message('debug', 'Session: Regenerate ID');
- $this->sess_regenerate(FALSE);
- }
- }
-
- // Set activity time
- $_SESSION['last_activity'] = $now;
-
- // Set matching values as required
- if ($config['sess_match_ip'] === TRUE && ! isset($_SESSION['ip_address']))
- {
- // Store user IP address
- $_SESSION['ip_address'] = $this->CI->input->ip_address();
- }
-
- if ($config['sess_match_useragent'] === TRUE && ! isset($_SESSION['user_agent']))
- {
- // Store user agent string
- $_SESSION['user_agent'] = trim(substr($this->CI->input->user_agent(), 0, 50));
- }
-
- // Make session ID available
- $_SESSION['session_id'] = session_id();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Save the session data
- *
- * @return void
- */
- public function sess_save()
- {
- // Nothing to do - changes to $_SESSION are automatically saved
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Destroy the current session
- *
- * @return void
- */
- public function sess_destroy()
- {
- // Cleanup session
- $_SESSION = array();
- $name = session_name();
- if (isset($_COOKIE[$name]))
- {
- // Clear session cookie
- $params = session_get_cookie_params();
- setcookie($name, '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
- unset($_COOKIE[$name]);
- }
- session_destroy();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Regenerate the current session
- *
- * Regenerate the session id
- *
- * @param bool Destroy session data flag (default: FALSE)
- * @return void
- */
- public function sess_regenerate($destroy = FALSE)
- {
- // Just regenerate id, passing destroy flag
- session_regenerate_id($destroy);
- $_SESSION['session_id'] = session_id();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Get a reference to user data array
- *
- * @return array Reference to userdata
- */
- public function &get_userdata()
- {
- // Just return reference to $_SESSION
- return $_SESSION;
- }
-
-}
-
-/* End of file Session_native.php */
-/* Location: ./system/libraries/Session/drivers/Session_native.php */ \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
new file mode 100644
index 000000000..bc6150d2d
--- /dev/null
+++ b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -0,0 +1,321 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author Andrey Andreev
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 3.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * CodeIgniter Session Redis Driver
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+class CI_Session_redis_driver extends CI_Session_driver implements SessionHandlerInterface {
+
+ /**
+ * phpRedis instance
+ *
+ * @var resource
+ */
+ protected $_redis;
+
+ /**
+ * Key prefix
+ *
+ * @var string
+ */
+ protected $_key_prefix = 'ci_session:';
+
+ /**
+ * Lock key
+ *
+ * @var string
+ */
+ protected $_lock_key;
+
+ // ------------------------------------------------------------------------
+
+ /**
+ * Class constructor
+ *
+ * @param array $params Configuration parameters
+ * @return void
+ */
+ public function __construct(&$params)
+ {
+ parent::__construct($params);
+
+ if (empty($this->_config['save_path']))
+ {
+ log_message('error', 'Session: No Redis save path configured.');
+ }
+ elseif (preg_match('#(?:tcp://)?([^:?]+)(?:\:(\d+))?(\?.+)?#', $this->_config['save_path'], $matches))
+ {
+ isset($matches[3]) OR $matches[3] = ''; // Just to avoid undefined index notices below
+ $this->_config['save_path'] = array(
+ 'host' => $matches[1],
+ 'port' => empty($matches[2]) ? NULL : $matches[2],
+ 'password' => preg_match('#auth=([^\s&]+)#', $matches[3], $match) ? $match[1] : NULL,
+ 'database' => preg_match('#database=(\d+)#', $matches[3], $match) ? (int) $match[1] : NULL,
+ 'timeout' => preg_match('#timeout=(\d+\.\d+)#', $matches[3], $match) ? (float) $match[1] : NULL
+ );
+
+ preg_match('#prefix=([^\s&]+)#', $matches[3], $match) && $this->_key_prefix = $match[1];
+ }
+ else
+ {
+ log_message('error', 'Session: Invalid Redis save path format: '.$this->_config['save_path']);
+ }
+
+ if ($this->_config['match_ip'] === TRUE)
+ {
+ $this->_key_prefix .= $_SERVER['REMOTE_ADDR'].':';
+ }
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function open($save_path, $name)
+ {
+ if (empty($this->_config['save_path']))
+ {
+ return FALSE;
+ }
+
+ $redis = new Redis();
+ if ( ! $redis->connect($this->_config['save_path']['host'], $this->_config['save_path']['port'], $this->_config['save_path']['timeout']))
+ {
+ log_message('error', 'Session: Unable to connect to Redis with the configured settings.');
+ }
+ elseif (isset($this->_config['save_path']['password']) && ! $redis->auth($this->_config['save_path']['password']))
+ {
+ log_message('error', 'Session: Unable to authenticate to Redis instance.');
+ }
+ elseif (isset($this->_config['save_path']['database']) && ! $redis->select($this->_config['save_path']['database']))
+ {
+ log_message('error', 'Session: Unable to select Redis database with index '.$this->_config['save_path']['database']);
+ }
+ else
+ {
+ $this->_redis = $redis;
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function read($session_id)
+ {
+ if (isset($this->_redis) && $this->_get_lock($session_id))
+ {
+ // Needed by write() to detect session_regenerate_id() calls
+ $this->_session_id = $session_id;
+
+ $session_data = (string) $this->_redis->get($this->_key_prefix.$session_id);
+ $this->_fingerprint = md5($session_data);
+ return $session_data;
+ }
+
+ return FALSE;
+ }
+
+ public function write($session_id, $session_data)
+ {
+ if ( ! isset($this->_redis))
+ {
+ return FALSE;
+ }
+ // Was the ID regenerated?
+ elseif ($session_id !== $this->_session_id)
+ {
+ if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id))
+ {
+ return FALSE;
+ }
+
+ $this->_fingerprint = md5('');
+ $this->_session_id = $session_id;
+ }
+
+ if (isset($this->_lock_key))
+ {
+ $this->_redis->setTimeout($this->_lock_key, 5);
+ if ($this->_fingerprint !== ($fingerprint = md5($session_data)))
+ {
+ if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration']))
+ {
+ $this->_fingerprint = $fingerprint;
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ return $this->_redis->setTimeout($this->_key_prefix.$session_id, $this->_config['expiration']);
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function close()
+ {
+ if (isset($this->_redis))
+ {
+ try {
+ if ($this->_redis->ping() === '+PONG')
+ {
+ isset($this->_lock_key) && $this->_redis->delete($this->_lock_key);
+ if ( ! $this->_redis->close())
+ {
+ return FALSE;
+ }
+ }
+ }
+ catch (RedisException $e)
+ {
+ log_message('error', 'Session: Got RedisException on close(): '.$e->getMessage());
+ }
+
+ $this->_redis = NULL;
+ return TRUE;
+ }
+
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function destroy($session_id)
+ {
+ if (isset($this->_redis, $this->_lock_key))
+ {
+ if ($this->_redis->delete($this->_key_prefix.$session_id) !== 1)
+ {
+ log_message('debug', 'Session: Redis::delete() expected to return 1, got '.var_export($result, TRUE).' instead.');
+ }
+
+ return $this->_cookie_destroy();
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function gc($maxlifetime)
+ {
+ // Not necessary, Redis takes care of that.
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _get_lock($session_id)
+ {
+ if (isset($this->_lock_key))
+ {
+ return $this->_redis->setTimeout($this->_lock_key, 5);
+ }
+
+ $lock_key = $this->_key_prefix.$session_id.':lock';
+ if (($ttl = $this->_redis->ttl($lock_key)) < 1)
+ {
+ if ( ! $this->_redis->setex($lock_key, 5, time()))
+ {
+ log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id);
+ return FALSE;
+ }
+
+ $this->_lock_key = $lock_key;
+
+ if ($ttl === -1)
+ {
+ log_message('debug', 'Session: Lock for '.$this->_key_prefix.$session_id.' had no TTL, overriding.');
+ }
+
+ $this->_lock = TRUE;
+ return TRUE;
+ }
+
+ // Another process has the lock, we'll try to wait for it to free itself ...
+ $attempt = 0;
+ while ($attempt++ < 5)
+ {
+ usleep(($ttl * 1000000) - 20000);
+ if (($ttl = $this->_redis->ttl($lock_key)) > 0)
+ {
+ continue;
+ }
+
+ if ( ! $this->_redis->setex($lock_key, 5, time()))
+ {
+ log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id);
+ return FALSE;
+ }
+
+ $this->_lock_key = $lock_key;
+ break;
+ }
+
+ if ($attempt === 5)
+ {
+ log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 5 attempts, aborting.');
+ return FALSE;
+ }
+
+ $this->_lock = TRUE;
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _release_lock()
+ {
+ if (isset($this->_redis, $this->_lock_key) && $this->_lock)
+ {
+ if ( ! $this->_redis->delete($this->_lock_key))
+ {
+ log_message('error', 'Session: Error while trying to free lock for '.$this->_key_prefix.$session_id);
+ return FALSE;
+ }
+
+ $this->_lock_key = NULL;
+ $this->_lock = FALSE;
+ }
+
+ return TRUE;
+ }
+
+}
+
+/* End of file Session_redis_driver.php */
+/* Location: ./system/libraries/Session/drivers/Session_redis_driver.php */ \ No newline at end of file