summaryrefslogtreecommitdiffstats
path: root/system/libraries/Session/drivers
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries/Session/drivers')
-rwxr-xr-xsystem/libraries/Session/drivers/Session_cookie.php149
-rwxr-xr-xsystem/libraries/Session/drivers/Session_native.php74
2 files changed, 129 insertions, 94 deletions
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index 69e5fde14..fb62c7ec4 100755
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -37,6 +37,7 @@
* @link http://codeigniter.com/user_guide/libraries/sessions.html
*/
class CI_Session_cookie extends CI_Session_driver {
+
/**
* Whether to encrypt the session cookie
*
@@ -157,13 +158,6 @@ class CI_Session_cookie extends CI_Session_driver {
public $userdata = array();
/**
- * Reference to CodeIgniter instance
- *
- * @var object
- */
- public $CI;
-
- /**
* Current time
*
* @var int
@@ -192,14 +186,10 @@ class CI_Session_cookie extends CI_Session_driver {
/**
* Initialize session driver object
*
- * @access protected
* @return void
*/
protected function initialize()
{
- // Set the super object to a local variable for use throughout the class
- $this->CI =& get_instance();
-
// Set all the session preferences, which can either be set
// manually via the $params array or via the config file
$prefs = array(
@@ -220,16 +210,17 @@ class CI_Session_cookie extends CI_Session_driver {
'cookie_prefix',
'encryption_key'
);
+
foreach ($prefs as $key)
{
- $this->$key = isset($this->_parent->params[$key]) ? $this->_parent->params[$key] :
- $this->CI->config->item($key);
+ $this->$key = isset($this->_parent->params[$key])
+ ? $this->_parent->params[$key]
+ : $this->CI->config->item($key);
}
if ($this->encryption_key === '')
{
- show_error('In order to use the Cookie Session driver you are required to set an encryption key '.
- 'in your config file.');
+ show_error('In order to use the Cookie Session driver you are required to set an encryption key in your config file.');
}
// Load the string helper so we can use the strip_slashes() function
@@ -280,6 +271,8 @@ class CI_Session_cookie extends CI_Session_driver {
$this->_sess_gc();
}
+ // ------------------------------------------------------------------------
+
/**
* Write the session data
*
@@ -298,6 +291,8 @@ class CI_Session_cookie extends CI_Session_driver {
$this->_set_cookie();
}
+ // ------------------------------------------------------------------------
+
/**
* Destroy the current session
*
@@ -309,6 +304,7 @@ class CI_Session_cookie extends CI_Session_driver {
if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
{
$this->CI->db->delete($this->sess_table_name, array('session_id' => $this->userdata['session_id']));
+ $this->data_dirty = FALSE;
}
// Kill the cookie
@@ -319,15 +315,17 @@ class CI_Session_cookie extends CI_Session_driver {
$this->userdata = array();
}
+ // ------------------------------------------------------------------------
+
/**
* Regenerate the current session
*
* Regenerate the session id
*
- * @param boolean Destroy session data flag (default: false)
+ * @param bool Destroy session data flag (default: false)
* @return void
*/
- public function sess_regenerate($destroy = false)
+ public function sess_regenerate($destroy = FALSE)
{
// Check destroy flag
if ($destroy)
@@ -339,25 +337,27 @@ class CI_Session_cookie extends CI_Session_driver {
else
{
// Just force an update to recreate the id
- $this->_sess_update(true);
+ $this->_sess_update(TRUE);
}
}
+ // ------------------------------------------------------------------------
+
/**
* Get a reference to user data array
*
- * @return array - Reference to userdata
+ * @return array Reference to userdata
*/
public function &get_userdata()
{
- // Return reference to array
return $this->userdata;
}
+ // ------------------------------------------------------------------------
+
/**
* Fetch the current session data if it exists
*
- * @access protected
* @return bool
*/
protected function _sess_read()
@@ -388,8 +388,7 @@ class CI_Session_cookie extends CI_Session_driver {
// Does the md5 hash match? This is to prevent manipulation of session data in userspace
if ($hash !== md5($session.$this->encryption_key))
{
- log_message('error', 'The session cookie data did not match what was expected. '.
- 'This could be a possible hacking attempt.');
+ log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
$this->sess_destroy();
return FALSE;
}
@@ -399,8 +398,7 @@ class CI_Session_cookie extends CI_Session_driver {
$session = $this->_unserialize($session);
// Is the session data we unserialized an array with the correct format?
- if ( ! is_array($session) || ! isset($session['session_id'], $session['ip_address'], $session['user_agent'],
- $session['last_activity']))
+ if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))
{
$this->sess_destroy();
return FALSE;
@@ -422,7 +420,7 @@ class CI_Session_cookie extends CI_Session_driver {
// Does the User Agent Match?
if ($this->sess_match_useragent === TRUE &&
- trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
+ trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
{
$this->sess_destroy();
return FALSE;
@@ -443,8 +441,19 @@ class CI_Session_cookie extends CI_Session_driver {
$this->CI->db->where('user_agent', $session['user_agent']);
}
+ // Is caching in effect? Turn it off
+ $db_cache = $this->CI->db->cache_on;
+ $this->CI->db->cache_off();
+
$query = $this->CI->db->limit(1)->get($this->sess_table_name);
+ // Was caching in effect?
+ if ($db_cache)
+ {
+ // Turn it back on
+ $this->CI->db->cache_on();
+ }
+
// No result? Kill it!
if ($query->num_rows() === 0)
{
@@ -470,10 +479,11 @@ class CI_Session_cookie extends CI_Session_driver {
return TRUE;
}
+ // ------------------------------------------------------------------------
+
/**
* Create a new session
*
- * @access protected
* @return void
*/
protected function _sess_create()
@@ -497,11 +507,12 @@ class CI_Session_cookie extends CI_Session_driver {
$this->_set_cookie();
}
+ // ------------------------------------------------------------------------
+
/**
* Update an existing session
*
- * @access protected
- * @param boolean Force update flag (default: false)
+ * @param bool Force update flag (default: false)
* @return void
*/
protected function _sess_update($force = FALSE)
@@ -539,6 +550,8 @@ class CI_Session_cookie extends CI_Session_driver {
$this->_set_cookie();
}
+ // ------------------------------------------------------------------------
+
/**
* Update database with current data
*
@@ -547,6 +560,8 @@ class CI_Session_cookie extends CI_Session_driver {
* so it's guaranteed to update even when a fatal error
* occurs. The first call makes the update and clears the
* dirty flag so it won't happen twice.
+ *
+ * @return void
*/
public function _update_db()
{
@@ -583,6 +598,8 @@ class CI_Session_cookie extends CI_Session_driver {
}
}
+ // ------------------------------------------------------------------------
+
/**
* Generate a new session id
*
@@ -604,15 +621,16 @@ class CI_Session_cookie extends CI_Session_driver {
return md5(uniqid($new_sessid, TRUE));
}
+ // ------------------------------------------------------------------------
+
/**
* Get the "now" time
*
- * @access protected
* @return int Time
*/
protected function _get_time()
{
- if ($this->time_reference === 'local' || $this->time_reference === date_default_timezone_get())
+ if ($this->time_reference === 'local' OR $this->time_reference === date_default_timezone_get())
{
return time();
}
@@ -623,36 +641,27 @@ class CI_Session_cookie extends CI_Session_driver {
return mktime($hour, $minute, $second, $month, $day, $year);
}
+ // ------------------------------------------------------------------------
+
/**
* Write the session cookie
*
- * @access protected
* @return void
*/
protected function _set_cookie()
{
// Get userdata (only defaults if database)
- if ($this->sess_use_database === TRUE)
- {
- $cookie_data = array_intersect_key($this->userdata, $this->defaults);
- }
- else
- {
- $cookie_data = $this->userdata;
- }
+ $cookie_data = ($this->sess_use_database === TRUE)
+ ? array_intersect_key($this->userdata, $this->defaults)
+ : $this->userdata;
// Serialize the userdata for the cookie
$cookie_data = $this->_serialize($cookie_data);
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $cookie_data = $this->CI->encrypt->encode($cookie_data);
- }
- else
- {
+ $cookie_data = ($this->sess_encrypt_cookie === TRUE)
+ ? $this->CI->encrypt->encode($cookie_data)
// if encryption is not used, we provide an md5 hash to prevent userside tampering
- $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key);
- }
+ : $cookie_data.md5($cookie_data.$this->encryption_key);
$expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
@@ -661,35 +670,35 @@ class CI_Session_cookie extends CI_Session_driver {
$this->cookie_secure, $this->cookie_httponly);
}
+ // ------------------------------------------------------------------------
+
/**
* Set a cookie with the system
*
* This abstraction of the setcookie call allows overriding for unit testing
*
- * @access protected
- * @param string Cookie name
- * @param string Cookie value
- * @param int Expiration time
- * @param string Cookie path
- * @param string Cookie domain
- * @param bool Secure connection flag
- * @param bool HTTP protocol only flag
- * @return void
- */
- protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = false,
- $httponly = false)
+ * @param string Cookie name
+ * @param string Cookie value
+ * @param int Expiration time
+ * @param string Cookie path
+ * @param string Cookie domain
+ * @param bool Secure connection flag
+ * @param bool HTTP protocol only flag
+ * @return void
+ */
+ protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = FALSE, $httponly = FALSE)
{
- // Set the cookie
setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
}
+ // ------------------------------------------------------------------------
+
/**
* Serialize an array
*
* This function first converts any slashes found in the array to a temporary
* marker, so when it gets unserialized the slashes will be preserved
*
- * @access protected
* @param mixed Data to serialize
* @return string Serialized data
*/
@@ -703,15 +712,17 @@ class CI_Session_cookie extends CI_Session_driver {
{
$data = str_replace('\\', '{{slash}}', $data);
}
+
return serialize($data);
}
+ // ------------------------------------------------------------------------
+
/**
* Escape slashes
*
* This function converts any slashes found into a temporary marker
*
- * @access protected
* @param string Value
* @param string Key
* @return void
@@ -724,13 +735,14 @@ class CI_Session_cookie extends CI_Session_driver {
}
}
+ // ------------------------------------------------------------------------
+
/**
* Unserialize
*
* This function unserializes a data string, then converts any
* temporary slash markers back to actual slashes
*
- * @access protected
* @param mixed Data to unserialize
* @return mixed Unserialized data
*/
@@ -747,12 +759,13 @@ class CI_Session_cookie extends CI_Session_driver {
return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data;
}
+ // ------------------------------------------------------------------------
+
/**
* Unescape slashes
*
* This function converts any slash markers back into actual slashes
*
- * @access protected
* @param string Value
* @param string Key
* @return void
@@ -765,13 +778,14 @@ class CI_Session_cookie extends CI_Session_driver {
}
}
+ // ------------------------------------------------------------------------
+
/**
* Garbage collection
*
* This deletes expired session rows from database
* if the probability percentage is met
*
- * @access protected
* @return void
*/
protected function _sess_gc()
@@ -793,7 +807,8 @@ class CI_Session_cookie extends CI_Session_driver {
log_message('debug', 'Session garbage collection performed.');
}
}
+
}
/* End of file Session_cookie.php */
-/* Location: ./system/libraries/Session/drivers/Session_cookie.php */
+/* Location: ./system/libraries/Session/drivers/Session_cookie.php */ \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
index 8ba8e749a..8d5e51546 100755
--- a/system/libraries/Session/drivers/Session_native.php
+++ b/system/libraries/Session/drivers/Session_native.php
@@ -2,18 +2,29 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 5.1.6 or newer
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
*
* @package CodeIgniter
- * @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
- * @license http://codeigniter.com/user_guide/license.html
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
* @link http://codeigniter.com
- * @since Version 2.0
+ * @since Version 1.0
* @filesource
*/
-
/**
* Native PHP session management driver
*
@@ -22,20 +33,19 @@
* @package CodeIgniter
* @subpackage Libraries
* @category Sessions
- * @author ExpressionEngine Dev Team
+ * @author EllisLab Dev Team
*/
class CI_Session_native extends CI_Session_driver {
+
/**
* Initialize session driver object
*
- * @access protected
* @return void
*/
protected function initialize()
{
// Get config parameters
$config = array();
- $CI =& get_instance();
$prefs = array(
'sess_cookie_name',
'sess_expire_on_close',
@@ -47,10 +57,12 @@ class CI_Session_native extends CI_Session_driver {
'cookie_path',
'cookie_domain'
);
+
foreach ($prefs as $key)
{
- $config[$key] = isset($this->_parent->params[$key]) ? $this->_parent->params[$key] :
- $CI->config->item($key);
+ $config[$key] = isset($this->_parent->params[$key])
+ ? $this->_parent->params[$key]
+ : $this->CI->config->item($key);
}
// Set session name, if specified
@@ -75,11 +87,13 @@ class CI_Session_native extends CI_Session_driver {
// Default to 2 years if expiration is "0"
$expire = ($config['sess_expiration'] == 0) ? (60*60*24*365*2) : $config['sess_expiration'];
}
+
if ($config['cookie_path'])
{
// Use specified path
$path = $config['cookie_path'];
}
+
if ($config['cookie_domain'])
{
// Use specified domain
@@ -98,14 +112,14 @@ class CI_Session_native extends CI_Session_driver {
// Expired - destroy
$destroy = TRUE;
}
- else if ($config['sess_match_ip'] == TRUE && isset($_SESSION['ip_address']) &&
- $_SESSION['ip_address'] != $CI->input->ip_address())
+ elseif ($config['sess_match_ip'] === TRUE && isset($_SESSION['ip_address'])
+ && $_SESSION['ip_address'] !== $this->CI->input->ip_address())
{
// IP doesn't match - destroy
$destroy = TRUE;
}
- else if ($config['sess_match_useragent'] == TRUE && isset($_SESSION['user_agent']) &&
- $_SESSION['user_agent'] != trim(substr($CI->input->user_agent(), 0, 50)))
+ elseif ($config['sess_match_useragent'] === TRUE && isset($_SESSION['user_agent'])
+ && $_SESSION['user_agent'] !== trim(substr($this->CI->input->user_agent(), 0, 50)))
{
// Agent doesn't match - destroy
$destroy = TRUE;
@@ -120,8 +134,8 @@ class CI_Session_native extends CI_Session_driver {
}
// Check for update time
- if ($config['sess_time_to_update'] && isset($_SESSION['last_activity']) &&
- ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now)
+ if ($config['sess_time_to_update'] && isset($_SESSION['last_activity'])
+ && ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now)
{
// Regenerate ID, but don't destroy session
$this->sess_regenerate(FALSE);
@@ -131,25 +145,27 @@ class CI_Session_native extends CI_Session_driver {
$_SESSION['last_activity'] = $now;
// Set matching values as required
- if ($config['sess_match_ip'] == TRUE && !isset($_SESSION['ip_address']))
+ if ($config['sess_match_ip'] === TRUE && ! isset($_SESSION['ip_address']))
{
// Store user IP address
- $_SESSION['ip_address'] = $CI->input->ip_address();
+ $_SESSION['ip_address'] = $this->CI->input->ip_address();
}
- if ($config['sess_match_useragent'] == TRUE && !isset($_SESSION['user_agent']))
+
+ if ($config['sess_match_useragent'] === TRUE && ! isset($_SESSION['user_agent']))
{
// Store user agent string
- $_SESSION['user_agent'] = trim(substr($CI->input->user_agent(), 0, 50));
+ $_SESSION['user_agent'] = trim(substr($this->CI->input->user_agent(), 0, 50));
}
// Make session ID available
$_SESSION['session_id'] = session_id();
}
+ // ------------------------------------------------------------------------
+
/**
* Save the session data
*
- * @access public
* @return void
*/
public function sess_save()
@@ -157,10 +173,11 @@ class CI_Session_native extends CI_Session_driver {
// Nothing to do - changes to $_SESSION are automatically saved
}
+ // ------------------------------------------------------------------------
+
/**
* Destroy the current session
*
- * @access public
* @return void
*/
public function sess_destroy()
@@ -178,13 +195,14 @@ class CI_Session_native extends CI_Session_driver {
session_destroy();
}
+ // ------------------------------------------------------------------------
+
/**
* Regenerate the current session
*
* Regenerate the session id
*
- * @access public
- * @param boolean Destroy session data flag (default: FALSE)
+ * @param bool Destroy session data flag (default: FALSE)
* @return void
*/
public function sess_regenerate($destroy = FALSE)
@@ -194,10 +212,11 @@ class CI_Session_native extends CI_Session_driver {
$_SESSION['session_id'] = session_id();
}
+ // ------------------------------------------------------------------------
+
/**
* Get a reference to user data array
*
- * @access public
* @return array Reference to userdata
*/
public function &get_userdata()
@@ -205,7 +224,8 @@ class CI_Session_native extends CI_Session_driver {
// Just return reference to $_SESSION
return $_SESSION;
}
+
}
/* End of file Session_native.php */
-/* Location: ./system/libraries/Session/drivers/Session_native.php */
+/* Location: ./system/libraries/Session/drivers/Session_native.php */ \ No newline at end of file