summaryrefslogtreecommitdiffstats
path: root/system/libraries/Session
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries/Session')
-rw-r--r--system/libraries/Session/Session.php846
-rw-r--r--system/libraries/Session/SessionHandlerInterface.php51
-rw-r--r--system/libraries/Session/Session_driver.php202
-rw-r--r--system/libraries/Session/drivers/Session_cookie.php805
-rw-r--r--system/libraries/Session/drivers/Session_database_driver.php317
-rw-r--r--system/libraries/Session/drivers/Session_files_driver.php276
-rw-r--r--system/libraries/Session/drivers/Session_native.php246
7 files changed, 1255 insertions, 1488 deletions
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 905352bb3..0d444e8ca 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -29,729 +29,701 @@ defined('BASEPATH') OR exit('No direct script access allowed');
/**
* CodeIgniter Session Class
*
- * The user interface defined by EllisLabs, now with puggable drivers to manage different storage mechanisms.
- * By default, the cookie session driver will load, but the 'sess_driver' config/param item (see above) can be
- * used to specify the 'native' driver, or any other you might create.
- * Once loaded, this driver setup is a drop-in replacement for the former CI_Session library, taking its place as the
- * 'session' member of the global controller framework (e.g.: $CI->session or $this->session).
- * In keeping with the CI_Driver methodology, multiple drivers may be loaded, although this might be a bit confusing.
- * The CI_Session library class keeps track of the most recently loaded driver as "current" to call for driver methods.
- * Ideally, one driver is loaded and all calls go directly through the main library interface. However, any methods
- * called through the specific driver will switch the "current" driver to itself before invoking the library method
- * (which will then call back into the driver for low-level operations). So, alternation between two drivers can be
- * achieved by specifying which driver to use for each call (e.g.: $this->session->native->set_userdata('foo', 'bar');
- * $this->session->cookie->userdata('foo'); $this->session->native->unset_userdata('foo');). Notice in the previous
- * example that the _native_ userdata value 'foo' would be set to 'bar', which would NOT be returned by the call for
- * the _cookie_ userdata 'foo', nor would the _cookie_ value be unset by the call to unset the _native_ 'foo' value.
- *
* @package CodeIgniter
* @subpackage Libraries
* @category Sessions
- * @author EllisLab Dev Team
+ * @author Andrey Andreev
* @link http://codeigniter.com/user_guide/libraries/sessions.html
*/
-class CI_Session extends CI_Driver_Library {
-
- /**
- * Initialization parameters
- *
- * @var array
- */
- public $params = array();
-
- /**
- * Valid drivers list
- *
- * @var array
- */
- public $valid_drivers = array('native', 'cookie');
+class CI_Session {
- /**
- * Current driver in use
- *
- * @var string
- */
- public $current = NULL;
-
- /**
- * User data
- *
- * @var array
- */
- protected $userdata = array();
-
- // ------------------------------------------------------------------------
-
- const FLASHDATA_KEY = 'flash';
- const FLASHDATA_NEW = ':new:';
- const FLASHDATA_OLD = ':old:';
- const FLASHDATA_EXP = ':exp:';
- const EXPIRATION_KEY = '__expirations';
- const TEMP_EXP_DEF = 300;
+ protected $_driver = 'files';
// ------------------------------------------------------------------------
/**
- * CI_Session constructor
- *
- * The constructor loads the configured driver ('sess_driver' in config.php or as a parameter), running
- * routines in its constructor, and manages flashdata aging.
+ * Class constructor
*
- * @param array Configuration parameters
+ * @param array $params Configuration parameters
* @return void
*/
public function __construct(array $params = array())
{
- $_config =& get_instance()->config;
// No sessions under CLI
if (is_cli())
{
+ log_message('debug', 'Session: Initialization under CLI aborted.');
return;
}
-
- log_message('debug', 'CI_Session Class Initialized');
-
- // Add possible extra entries to our valid drivers list
- $drivers = isset($params['sess_valid_drivers']) ? $params['sess_valid_drivers'] : $_config->item('sess_valid_drivers');
- if ( ! empty($drivers))
+ elseif ((bool) ini_get('session.auto_start'))
{
- $drivers = array_map('strtolower', (array) $drivers);
- $this->valid_drivers = array_merge($this->valid_drivers, array_diff($drivers, $this->valid_drivers));
+ log_message('error', 'Session: session.auto_start is enabled in php.ini. Aborting.');
+ return;
+ }
+ elseif ( ! empty($params['driver']))
+ {
+ $this->_driver = $params['driver'];
+ unset($params['driver']);
}
- // Get driver to load
- $driver = isset($params['sess_driver']) ? $params['sess_driver'] : $_config->item('sess_driver');
- if ( ! $driver)
+ if (($class = $this->_ci_load_classes($this->_driver)) === FALSE)
{
- log_message('debug', "Session: No driver name is configured, defaulting to 'cookie'.");
- $driver = 'cookie';
+ return;
}
- if ( ! in_array($driver, $this->valid_drivers))
+ $class = new $class($params);
+ if ($class instanceof SessionHandlerInterface)
{
- log_message('error', 'Session: Configured driver name is not valid, aborting.');
+ if (is_php('5.4'))
+ {
+ session_set_save_handler($class, TRUE);
+ }
+ else
+ {
+ session_set_save_handler(
+ array($class, 'open'),
+ array($class, 'close'),
+ array($class, 'read'),
+ array($class, 'write'),
+ array($class, 'destroy'),
+ array($class, 'gc')
+ );
+
+ register_shutdown_function('session_write_close');
+ }
+ }
+ else
+ {
+ log_message('error', "Session: Driver '".$this->_driver."' doesn't implement SessionHandlerInterface. Aborting.");
return;
}
- // Save a copy of parameters in case drivers need access
- $this->params = $params;
+ session_start();
+ $this->_ci_init_vars();
- // Load driver and get array reference
- $this->load_driver($driver);
+ log_message('debug', "Session: Class initialized using '".$this->_driver."' driver.");
+ }
- // Delete 'old' flashdata (from last request)
- $this->_flashdata_sweep();
+ // ------------------------------------------------------------------------
- // Mark all new flashdata as old (data will be deleted before next request)
- $this->_flashdata_mark();
+ protected function _ci_load_classes($driver)
+ {
+ // PHP 5.4 compatibility
+ interface_exists('SessionHandlerInterface', FALSE) OR require_once(BASEPATH.'libraries/Session/SessionHandlerInterface.php');
- // Delete expired tempdata
- $this->_tempdata_sweep();
+ $prefix = config_item('subclass_prefix');
- log_message('debug', 'CI_Session routines successfully run');
- }
+ if ( ! class_exists('CI_Session_driver', FALSE))
+ {
+ if (file_exists($file_path = APPPATH.'libraries/Session/Session_driver.php') OR file_exists($file_path = BASEPATH.'libraries/Session/Session_driver.php'))
+ {
+ require_once($file_path);
+ }
- // ------------------------------------------------------------------------
+ if (file_exists($file_path = APPPATH.'libraries/Session/'.$prefix.'Session_driver.php'))
+ {
+ require_once($file_path);
+ }
+ }
- /**
- * Loads session storage driver
- *
- * @param string Driver classname
- * @return object Loaded driver object
- */
- public function load_driver($driver)
- {
- // Save reference to most recently loaded driver as library default and sync userdata
- $this->current = parent::load_driver($driver);
- $this->userdata =& $this->current->get_userdata();
- return $this->current;
- }
+ $class = 'Session_'.$driver.'_driver';
- // ------------------------------------------------------------------------
+ if ( ! class_exists('CI_'.$class, FALSE))
+ {
+ if (file_exists($file_path = APPPATH.'libraries/Session/drivers/'.$class.'.php') OR file_exists($file_path = BASEPATH.'libraries/Session/drivers/'.$class.'.php'))
+ {
+ require_once($file_path);
+ }
- /**
- * Select default session storage driver
- *
- * @param string Driver name
- * @return void
- */
- public function select_driver($driver)
- {
- // Validate driver name
- $prefix = (string) get_instance()->config->item('subclass_prefix');
- $child = strtolower(str_replace(array('CI_', $prefix, $this->lib_name.'_'), '', $driver));
- if (in_array($child, array_map('strtolower', $this->valid_drivers)))
+ if ( ! class_exists('CI_'.$class, FALSE))
+ {
+ log_message('error', "Session: Configured driver '".$driver."' was not found. Aborting.");
+ return FALSE;
+ }
+ }
+
+ if ( ! class_exists($prefix.$class) && file_exists($file_path = APPPATH.'libraries/Session/drivers/'.$prefix.$class.'.php'))
{
- // See if driver is loaded
- if (isset($this->$child))
+ require_once($file_path);
+ if (class_exists($prefix.$class, FALSE))
{
- // See if driver is already current
- if ($this->$child !== $this->current)
- {
- // Make driver current and sync userdata
- $this->current = $this->$child;
- $this->userdata =& $this->current->get_userdata();
- }
+ return $prefix.$class;
}
else
{
- // Load new driver
- $this->load_driver($child);
+ log_message('debug', 'Session: '.$prefix.$class.".php found but it doesn't declare class ".$prefix.$class.'.');
}
}
+
+ return 'CI_'.$class;
}
// ------------------------------------------------------------------------
/**
- * Destroy the current session
+ * Handle temporary variables
+ *
+ * Clears old "flash" data, marks the new one for deletion and handles
+ * "temp" data deletion.
*
* @return void
*/
- public function sess_destroy()
+ protected function _ci_init_vars()
{
- // Just call destroy on driver
- $this->current->sess_destroy();
- }
+ if ( ! empty($_SESSION['__ci_vars']))
+ {
+ $current_time = time();
- // ------------------------------------------------------------------------
+ foreach ($_SESSION['__ci_vars'] as $key => &$value)
+ {
+ if ($value === 'new')
+ {
+ $_SESSION['__ci_vars'][$key] = 'old';
+ }
+ // Hacky, but 'old' will (implicitly) always be less than time() ;)
+ // DO NOT move this above the 'new' check!
+ elseif ($value < $current_time)
+ {
+ unset($_SESSION[$key], $_SESSION['__ci_vars'][$key]);
+ }
+ }
- /**
- * Regenerate the current session
- *
- * @param bool Destroy session data flag (default: false)
- * @return void
- */
- public function sess_regenerate($destroy = FALSE)
- {
- // Call regenerate on driver and resync userdata
- $this->current->sess_regenerate($destroy);
- $this->userdata =& $this->current->get_userdata();
+ if (empty($_SESSION['__ci_vars']))
+ {
+ unset($_SESSION['__ci_vars']);
+ }
+ }
}
// ------------------------------------------------------------------------
/**
- * Fetch a specific item from the session array
+ * Mark as flash
*
- * @param string Item key
- * @return string Item value or NULL if not found
+ * @param mixed $key Session data key(s)
+ * @return bool
*/
- public function userdata($item = NULL)
+ public function mark_as_flash($key)
{
- if (isset($item))
+ if (is_array($key))
{
- return isset($this->userdata[$item]) ? $this->userdata[$item] : NULL;
- }
+ for ($i = 0, $c = count($key); $i < $c; $i++)
+ {
+ if ( ! isset($_SESSION[$key[$i]]))
+ {
+ return FALSE;
+ }
+ }
- return isset($this->userdata) ? $this->userdata : array();
- }
+ $new = array_fill_keys($key, 'new');
- // ------------------------------------------------------------------------
+ $_SESSION['__ci_vars'] = isset($_SESSION['__ci_vars'])
+ ? array_merge($_SESSION['__ci_vars'], $new)
+ : $new;
- /**
- * Fetch all session data
- *
- * @deprecated 3.0.0 Use userdata() with no parameters instead
- * @return array User data array
- */
- public function all_userdata()
- {
- return isset($this->userdata) ? $this->userdata : array();
+ return TRUE;
+ }
+
+ if ( ! isset($_SESSION[$key]))
+ {
+ return FALSE;
+ }
+
+ $_SESSION['__ci_vars'][$key] = 'new';
+ return TRUE;
}
// ------------------------------------------------------------------------
/**
- * Add or change data in the "userdata" array
+ * Get flash keys
*
- * @param mixed Item name or array of items
- * @param string Item value or empty string
- * @return void
+ * @return array
*/
- public function set_userdata($newdata, $newval = '')
+ public function get_flash_keys()
{
- // Wrap params as array if singular
- if (is_string($newdata))
+ if ( ! isset($_SESSION['__ci_vars']))
{
- $newdata = array($newdata => $newval);
+ return array();
}
- // Set each name/value pair
- if (count($newdata) > 0)
+ $keys = array();
+ foreach (array_keys($_SESSION['__ci_vars']) as $key)
{
- foreach ($newdata as $key => $val)
- {
- $this->userdata[$key] = $val;
- }
+ is_int($_SESSION['__ci_vars'][$key]) OR $keys[] = $key;
}
- // Tell driver data changed
- $this->current->sess_save();
+ return $keys;
}
// ------------------------------------------------------------------------
/**
- * Delete a session variable from the "userdata" array
+ * Unmark flash
*
- * @param mixed Item name or array of item names
+ * @param mixed $key Session data key(s)
* @return void
*/
- public function unset_userdata($newdata)
+ public function unmark_flash($key)
{
- // Wrap single name as array
- if (is_string($newdata))
+ if (empty($_SESSION['__ci_vars']))
{
- $newdata = array($newdata => '');
+ return;
}
- // Unset each item name
- if (count($newdata) > 0)
+ is_array($key) OR $key = array($key);
+
+ foreach ($key as $k)
{
- foreach (array_keys($newdata) as $key)
+ if (isset($_SESSION['__ci_vars'][$k]) && ! is_int($_SESSION['__ci_vars'][$k]))
{
- unset($this->userdata[$key]);
+ unset($_SESSION['__ci_vars'][$k]);
}
}
- // Tell driver data changed
- $this->current->sess_save();
+ if (empty($_SESSION['__ci_vars']))
+ {
+ unset($_SESSION['__ci_vars']);
+ }
}
// ------------------------------------------------------------------------
/**
- * Determine if an item exists
+ * Mark as temp
*
- * @param string Item name
+ * @param mixed $key Session data key(s)
+ * @param int $ttl Time-to-live in seconds
* @return bool
*/
- public function has_userdata($item)
+ public function mark_as_temp($key, $ttl = 300)
{
- return isset($this->userdata[$item]);
+ $ttl += time();
+
+ if (is_array($key))
+ {
+ $temp = array();
+
+ foreach ($key as $k => $v)
+ {
+ // Do we have a key => ttl pair, or just a key?
+ if (is_int($k))
+ {
+ $k = $v;
+ $v = $ttl;
+ }
+ else
+ {
+ $v += time();
+ }
+
+ if ( ! isset($_SESSION[$k]))
+ {
+ return FALSE;
+ }
+
+ $temp[$k] = $ts;
+ }
+
+ $_SESSION['__ci_vars'] = isset($_SESSION['__ci_vars'])
+ ? array_merge($_SESSION['__ci_vars'], $temp)
+ : $temp;
+
+ return TRUE;
+ }
+
+ if ( ! isset($_SESSION[$key]))
+ {
+ return FALSE;
+ }
+
+ $_SESSION['__ci_vars'][$key] = $ttl;
+ return TRUE;
}
// ------------------------------------------------------------------------
/**
- * Add or change flashdata, only available until the next request
+ * Get temp keys
*
- * @param mixed Item name or array of items
- * @param string Item value or empty string
- * @return void
+ * @return array
*/
- public function set_flashdata($newdata, $newval = '')
+ public function get_temp_keys()
{
- // Wrap item as array if singular
- if (is_string($newdata))
+ if ( ! isset($_SESSION['__ci_vars']))
{
- $newdata = array($newdata => $newval);
+ return array();
}
- // Prepend each key name and set value
- if (count($newdata) > 0)
+ $keys = array();
+ foreach (array_keys($_SESSION['__ci_vars']) as $key)
{
- foreach ($newdata as $key => $val)
- {
- $flashdata_key = self::FLASHDATA_KEY.self::FLASHDATA_NEW.$key;
- $this->set_userdata($flashdata_key, $val);
- }
+ is_int($_SESSION['__ci_vars'][$key]) && $keys[] = $key;
}
+
+ return $keys;
}
// ------------------------------------------------------------------------
/**
- * Keeps existing flashdata available to next request.
+ * Unmark flash
*
- * @param mixed Item key(s)
+ * @param mixed $key Session data key(s)
* @return void
*/
- public function keep_flashdata($key)
+ public function unmark_temp($key)
{
+ if (empty($_SESSION['__ci_vars']))
+ {
+ return;
+ }
- if (is_array($key))
+ is_array($key) OR $key = array($key);
+
+ foreach ($key as $k)
{
- foreach ($key as $k)
+ if (isset($_SESSION['__ci_vars'][$k]) && is_int($_SESSION['__ci_vars'][$k]))
{
- $this->keep_flashdata($k);
+ unset($_SESSION['__ci_vars'][$k]);
}
-
- return;
}
- // 'old' flashdata gets removed. Here we mark all flashdata as 'new' to preserve it from _flashdata_sweep()
- // Note the function will return NULL if the $key provided cannot be found
- $old_flashdata_key = self::FLASHDATA_KEY.self::FLASHDATA_OLD.$key;
- $value = $this->userdata($old_flashdata_key);
-
- $new_flashdata_key = self::FLASHDATA_KEY.self::FLASHDATA_NEW.$key;
- $this->set_userdata($new_flashdata_key, $value);
+ if (empty($_SESSION['__ci_vars']))
+ {
+ unset($_SESSION['__ci_vars']);
+ }
}
// ------------------------------------------------------------------------
/**
- * Fetch a specific flashdata item from the session array
+ * __get()
*
- * @param string Item key
- * @return string
+ * @param string $key 'session_id' or a session data key
+ * @return mixed
*/
- public function flashdata($key = NULL)
+ public function __get($key)
{
- if (isset($key))
+ // Note: Keep this order the same, just in case somebody wants to
+ // use 'session_id' as a session data key, for whatever reason
+ if (isset($_SESSION[$key]))
{
- return $this->userdata(self::FLASHDATA_KEY.self::FLASHDATA_OLD.$key);
+ return $_SESSION[$key];
}
-
- // Get our flashdata items from userdata
- $out = array();
- foreach ($this->userdata() as $key => $val)
+ elseif ($key === 'session_id')
{
- if (strpos($key, self::FLASHDATA_KEY.self::FLASHDATA_OLD) !== FALSE)
- {
- $key = str_replace(self::FLASHDATA_KEY.self::FLASHDATA_OLD, '', $key);
- $out[$key] = $val;
- }
+ return session_id();
}
- return $out;
+ return NULL;
}
// ------------------------------------------------------------------------
/**
- * Add or change tempdata, only available until expiration
+ * __set()
*
- * @param mixed Item name or array of items
- * @param string Item value or empty string
- * @param int Item lifetime in seconds or 0 for default
+ * @param string $key Session data key
+ * @param mixed $value Session data value
* @return void
*/
- public function set_tempdata($newdata, $newval = '', $expire = 0)
+ public function __set($key, $value)
{
- // Set expiration time
- $expire = time() + ($expire ? $expire : self::TEMP_EXP_DEF);
-
- // Wrap item as array if singular
- if (is_string($newdata))
- {
- $newdata = array($newdata => $newval);
- }
-
- // Get or create expiration list
- $expirations = $this->userdata(self::EXPIRATION_KEY);
- if ( ! $expirations)
- {
- $expirations = array();
- }
+ $_SESSION[$key] = $value;
+ }
- // Prepend each key name and set value
- if (count($newdata) > 0)
- {
- foreach ($newdata as $key => $val)
- {
- $tempdata_key = self::FLASHDATA_KEY.self::FLASHDATA_EXP.$key;
- $expirations[$tempdata_key] = $expire;
- $this->set_userdata($tempdata_key, $val);
- }
- }
+ // ------------------------------------------------------------------------
- // Update expiration list
- $this->set_userdata(self::EXPIRATION_KEY, $expirations);
+ /**
+ * Session destroy
+ *
+ * Legacy CI_Session compatibility method
+ *
+ * @return void
+ */
+ public function sess_destroy()
+ {
+ session_destroy();
}
// ------------------------------------------------------------------------
/**
- * Delete a temporary session variable from the "userdata" array
+ * Session regenerate
+ *
+ * Legacy CI_Session compatibility method
*
- * @param mixed Item name or array of item names
+ * @param bool $destroy Destroy old session data flag
* @return void
*/
- public function unset_tempdata($newdata)
+ public function sess_regenerate($destroy = FALSE)
{
- // Get expirations list
- $expirations = $this->userdata(self::EXPIRATION_KEY);
- if (empty($expirations))
- {
- // Nothing to do
- return;
- }
-
- // Wrap single name as array
- if (is_string($newdata))
- {
- $newdata = array($newdata => '');
- }
+ session_regenerate_id($destroy);
+ }
- // Prepend each item name and unset
- if (count($newdata) > 0)
- {
- foreach (array_keys($newdata) as $key)
- {
- $tempdata_key = self::FLASHDATA_KEY.self::FLASHDATA_EXP.$key;
- unset($expirations[$tempdata_key]);
- $this->unset_userdata($tempdata_key);
- }
- }
+ // ------------------------------------------------------------------------
- // Update expiration list
- $this->set_userdata(self::EXPIRATION_KEY, $expirations);
+ /**
+ * Get userdata reference
+ *
+ * Legacy CI_Session compatibility method
+ *
+ * @returns array
+ */
+ public function &get_userdata()
+ {
+ return $_SESSION;
}
// ------------------------------------------------------------------------
/**
- * Fetch a specific tempdata item from the session array
+ * Userdata (fetch)
*
- * @param string Item key
- * @return string
+ * Legacy CI_Session compatibility method
+ *
+ * @param string $key Session data key
+ * @return mixed Session data value or NULL if not found
*/
- public function tempdata($key = NULL)
+ public function userdata($key = NULL)
{
if (isset($key))
{
- return $this->userdata(self::FLASHDATA_KEY.self::FLASHDATA_EXP.$key);
+ return isset($_SESSION[$key]) ? $_SESSION[$key] : NULL;
}
-
- // Get our tempdata items from userdata
- $out = array();
- foreach ($this->userdata() as $key => $val)
+ elseif (empty($_SESSION))
{
- if (strpos($key, self::FLASHDATA_KEY.self::FLASHDATA_EXP) !== FALSE)
- {
- $key = str_replace(self::FLASHDATA_KEY.self::FLASHDATA_EXP, '', $key);
- $out[$key] = $val;
- }
+ return array();
}
- return $out;
- }
+ $userdata = array();
+ $_exclude = array_merge(
+ array('__ci_f', '__ci_t'),
+ $this->get_flash_keys(),
+ $this->get_temp_keys()
+ );
- // ------------------------------------------------------------------------
-
- /**
- * Identifies flashdata as 'old' for removal
- * when _flashdata_sweep() runs.
- *
- * @return void
- */
- protected function _flashdata_mark()
- {
- foreach ($this->userdata() as $name => $value)
+ foreach (array_keys($_SESSION) as $key)
{
- $parts = explode(self::FLASHDATA_NEW, $name);
- if (count($parts) === 2)
+ if ( ! in_array($key, $_exclude, TRUE))
{
- $this->set_userdata(self::FLASHDATA_KEY.self::FLASHDATA_OLD.$parts[1], $value);
- $this->unset_userdata($name);
+ $userdata[$key] = $_SESSION[$key];
}
}
+
+ return $userdata;
}
// ------------------------------------------------------------------------
/**
- * Removes all flashdata marked as 'old'
+ * Set userdata
*
+ * Legacy CI_Session compatibility method
+ *
+ * @param mixed $data Session data key or an associative array
+ * @param mixed $value Value to store
* @return void
*/
- protected function _flashdata_sweep()
+ public function set_userdata($data, $value = NULL)
{
- $userdata = $this->userdata();
- foreach (array_keys($userdata) as $key)
+ if (is_array($data))
{
- if (strpos($key, self::FLASHDATA_OLD))
+ foreach ($data as $key => &$value)
{
- $this->unset_userdata($key);
+ $_SESSION[$key] = $value;
}
+
+ return;
}
+
+ $_SESSION[$data] = $value;
}
// ------------------------------------------------------------------------
/**
- * Removes all expired tempdata
+ * Unset userdata
+ *
+ * Legacy CI_Session compatibility method
*
+ * @param mixed $data Session data key(s)
* @return void
*/
- protected function _tempdata_sweep()
+ public function unset_userdata($key)
{
- // Get expirations list
- $expirations = $this->userdata(self::EXPIRATION_KEY);
- if (empty($expirations))
- {
- // Nothing to do
- return;
- }
-
- // Unset expired elements
- $now = time();
- $userdata = $this->userdata();
- foreach (array_keys($userdata) as $key)
+ if (is_array($key))
{
- if (strpos($key, self::FLASHDATA_EXP) && $expirations[$key] < $now)
+ foreach ($key as $k)
{
- unset($expirations[$key]);
- $this->unset_userdata($key);
+ unset($_SESSION[$key]);
}
+
+ return;
}
- // Update expiration list
- $this->set_userdata(self::EXPIRATION_KEY, $expirations);
+ unset($_SESSION[$key]);
}
-}
-
-// ------------------------------------------------------------------------
-
-/**
- * CI_Session_driver Class
- *
- * Extend this class to make a new CI_Session driver.
- * A CI_Session driver basically manages an array of name/value pairs with some sort of storage mechanism.
- * To make a new driver, derive from (extend) CI_Session_driver. Overload the initialize method and read or create
- * session data. Then implement a save handler to write changed data to storage (sess_save), a destroy handler
- * to remove deleted data (sess_destroy), and an access handler to expose the data (get_userdata).
- * Put your driver in the libraries/Session/drivers folder anywhere in the loader paths. This includes the
- * application directory, the system directory, or any path you add with $CI->load->add_package_path().
- * Your driver must be named CI_Session_<name>, and your filename must be Session_<name>.php,
- * preferably also capitalized. (e.g.: CI_Session_foo in libraries/Session/drivers/Session_foo.php)
- * Then specify the driver by setting 'sess_driver' in your config file or as a parameter when loading the CI_Session
- * object. (e.g.: $config['sess_driver'] = 'foo'; OR $CI->load->driver('session', array('sess_driver' => 'foo')); )
- * Already provided are the Native driver, which manages the native PHP $_SESSION array, and
- * the Cookie driver, which manages the data in a browser cookie, with optional extra storage in a database table.
- *
- * @package CodeIgniter
- * @subpackage Libraries
- * @category Sessions
- * @author EllisLab Dev Team
- */
-abstract class CI_Session_driver extends CI_Driver {
-
- /**
- * CI Singleton
- *
- * @see get_instance()
- * @var object
- */
- protected $CI;
-
// ------------------------------------------------------------------------
/**
- * Constructor
+ * All userdata (fetch)
*
- * Gets the CI singleton, so that individual drivers
- * don't have to do it separately.
+ * Legacy CI_Session compatibility method
*
- * @return void
+ * @return array $_SESSION, excluding flash data items
*/
- public function __construct()
+ public function all_userdata()
{
- $this->CI =& get_instance();
+ return $this->userdata();
}
// ------------------------------------------------------------------------
/**
- * Decorate
+ * Has userdata
*
- * Decorates the child with the parent driver lib's methods and properties
+ * Legacy CI_Session compatibility method
*
- * @param object Parent library object
- * @return void
+ * @param string $key Session data key
+ * @return bool
*/
- public function decorate($parent)
+ public function has_userdata($key)
{
- // Call base class decorate first
- parent::decorate($parent);
-
- // Call initialize method now that driver has access to $this->_parent
- $this->initialize();
+ return isset($_SESSION[$key]);
}
// ------------------------------------------------------------------------
/**
- * __call magic method
+ * Flashdata (fetch)
*
- * Handles access to the parent driver library's methods
+ * Legacy CI_Session compatibility method
*
- * @param string Library method name
- * @param array Method arguments (default: none)
- * @return mixed
+ * @param string $key Session data key
+ * @return mixed Session data value or NULL if not found
*/
- public function __call($method, $args = array())
+ public function flashdata($key = NULL)
{
- // Make sure the parent library uses this driver
- $this->_parent->select_driver(get_class($this));
- return parent::__call($method, $args);
+ if (isset($key))
+ {
+ return isset($_SESSION['__ci_f'], $_SESSION['__ci_f'][$key], $_SESSION[$key])
+ ? $_SESSION[$key]
+ : NULL;
+ }
+
+ $flashdata = array();
+
+ if ( ! empty($_SESSION['__ci_f']))
+ {
+ foreach (array_keys($_SESSION['__ci_f']) as $key)
+ {
+ $flashdata[$key] = $_SESSION[$key];
+ }
+ }
+
+ return $flashdata;
}
// ------------------------------------------------------------------------
/**
- * Initialize driver
+ * Set flashdata
*
+ * Legacy CI_Session compatibiliy method
+ *
+ * @param mixed $data Session data key or an associative array
+ * @param mixed $value Value to store
* @return void
*/
- protected function initialize()
+ public function set_flashdata($data, $value = NULL)
{
- // Overload this method to implement initialization
+ $this->set_userdata($data, $value);
+ $this->mark_as_flash($data);
}
// ------------------------------------------------------------------------
/**
- * Save the session data
+ * Keep flashdata
*
- * Data in the array has changed - perform any storage synchronization
- * necessary. The child class MUST implement this abstract method!
+ * Legacy CI_Session compatibility method
*
+ * @param mixed $key Session data key(s)
* @return void
*/
- abstract public function sess_save();
+ public function keep_flashdata($key)
+ {
+ $this->mark_as_flash($key);
+ }
// ------------------------------------------------------------------------
/**
- * Destroy the current session
+ * Temp data (fetch)
*
- * Clean up storage for this session - it has been terminated.
- * The child class MUST implement this abstract method!
+ * Legacy CI_Session compatibility method
*
- * @return void
+ * @param string $key Session data key
+ * @return mixed Session data value or NULL if not found
*/
- abstract public function sess_destroy();
+ public function tempdata($key = NULL)
+ {
+ if (isset($key))
+ {
+ return isset($_SESSION['__ci_t'], $_SESSION['__ci_t'][$key], $_SESSION[$key])
+ ? $_SESSION[$key]
+ : NULL;
+ }
+
+ $tempdata = array();
+
+ if ( ! empty($_SESSION['__ci_t']))
+ {
+ foreach (array_keys($_SESSION['__ci_t']) as $key)
+ {
+ $tempdata[$key] = $_SESSION[$key];
+ }
+ }
+
+ return $tempdata;
+ }
// ------------------------------------------------------------------------
/**
- * Regenerate the current session
+ * Set tempdata
*
- * Regenerate the session ID.
- * The child class MUST implement this abstract method!
+ * Legacy CI_Session compatibility method
*
- * @param bool Destroy session data flag (default: false)
+ * @param mixed $data Session data key or an associative array of items
+ * @param mixed $value Value to store
+ * @param int $ttl Time-to-live in seconds
* @return void
*/
- abstract public function sess_regenerate($destroy = FALSE);
+ public function set_tempdata($data, $value = NULL, $ttl = 300)
+ {
+ $this->set_userdata($data, $value);
+ $this->mark_as_temp($data, $ttl);
+ }
// ------------------------------------------------------------------------
/**
- * Get a reference to user data array
+ * Unset tempdata
*
- * Give array access to the main CI_Session object.
- * The child class MUST implement this abstract method!
+ * Legacy CI_Session compatibility method
*
- * @return array Reference to userdata
+ * @param mixed $data Session data key(s)
+ * @return void
*/
- abstract public function &get_userdata();
+ public function unset_tempdata($key)
+ {
+ $this->unmark_temp($key);
+ }
}
diff --git a/system/libraries/Session/SessionHandlerInterface.php b/system/libraries/Session/SessionHandlerInterface.php
new file mode 100644
index 000000000..7473ff8ec
--- /dev/null
+++ b/system/libraries/Session/SessionHandlerInterface.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 3.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * SessionHandlerInterface
+ *
+ * PHP 5.4 compatibility interface
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+interface SessionHandlerInterface {
+
+ public function open($save_path, $name);
+ public function close();
+ public function read($session_id);
+ public function write($session_id, $session_data);
+ public function destroy($session_id);
+ public function gc($maxlifetime);
+}
+
+/* End of file SessionHandlerInterface.php */
+/* Location: ./system/libraries/Session/SessionHandlerInterface.php */ \ No newline at end of file
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
new file mode 100644
index 000000000..c46ca3a34
--- /dev/null
+++ b/system/libraries/Session/Session_driver.php
@@ -0,0 +1,202 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author EllisLab Dev Team
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 3.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * CodeIgniter Session Driver Class
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+abstract class CI_Session_driver implements SessionHandlerInterface {
+
+ // WARNING! Setting default values to properties will
+ // prevent using the configuration file values.
+
+ /**
+ * Expiration time
+ *
+ * @var int
+ */
+ protected $_expiration;
+
+ /**
+ * Cookie name
+ *
+ * @var string
+ */
+ protected $_cookie_name;
+
+ /**
+ * Cookie domain
+ *
+ * @var string
+ */
+ protected $_cookie_domain;
+
+ /**
+ * Cookie path
+ *
+ * @var string
+ */
+ protected $_cookie_path;
+
+ /**
+ * Cookie secure flag
+ *
+ * @var bool
+ */
+ protected $_cookie_secure;
+
+ /**
+ * Cookie HTTP-only flag
+ *
+ * @var bool
+ */
+ protected $_cookie_httponly;
+
+ /**
+ * Match IP addresses flag
+ *
+ * @var bool
+ */
+ protected $_match_ip;
+
+ /**
+ * Data dash
+ *
+ * @var bool
+ */
+ protected $_fingerprint;
+
+ // ------------------------------------------------------------------------
+
+ /**
+ * Class constructor
+ *
+ * @param array $params Configuration parameters
+ * @return void
+ */
+ public function __construct($params)
+ {
+ foreach ($params as $key => &$value)
+ {
+ $key = (strncmp($key, 'sess_', 5) === 0)
+ ? substr($key, 4)
+ : '_'.$key;
+
+ property_exists($this, $key) && $this->$key = $value;
+ }
+
+ isset($this->_expiration) OR $this->_expiration = (int) config_item('sess_expiration');
+ isset($this->_cookie_name) OR $this->_cookie_name = config_item('sess_cookie_name');
+ isset($this->_cookie_domain) OR $this->_cookie_domain = config_item('cookie_domain');
+ isset($this->_cookie_path) OR $this->_cookie_path = config_item('cookie_path');
+ isset($this->_cookie_secure) OR $this->_cookie_secure = config_item('cookie_secure');
+ isset($this->_cookie_httponly) OR $this->_cookie_httponly = config_item('cookie_httponly');
+ isset($this->_match_ip) OR $this->_match_ip = config_item('sess_match_ip');
+
+ // Pass our configuration to php.ini, when appropriate
+ ini_set('session.name', $this->_cookie_name);
+ isset($this->_cookie_domain) && ini_set('session.cookie_domain', $this->_cookie_domain);
+ isset($this->_cookie_path) && ini_set('session.cookie_path', $this->_cookie_path);
+ isset($this->_cookie_secure) && ini_set('session.cookie_secure', $this->_cookie_secure);
+ isset($this->_cookie_httponly) && ini_set('session.cookie_httponly', $this->_cookie_httponly);
+
+ if ($this->_expiration)
+ {
+ ini_set('session.gc_maxlifetime', $this->_expiration);
+ }
+
+ // Security is king
+ ini_set('session.use_trans_id', 0);
+ ini_set('session.use_strict_mode', 1);
+ ini_set('session.use_cookies', 1);
+ ini_set('session.use_only_cookies', 1);
+ ini_set('session.hash_function', 1);
+ ini_set('session.hash_bits_per_character', 4);
+
+ // Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827)
+ //
+ // The session ID sanitizer doesn't check for the value type and blindly does
+ // an implicit cast to string, which triggers an 'Array to string' E_NOTICE.
+ if (isset($_COOKIE[$this->_cookie_name]) && ! is_string($_COOKIE[$this->_cookie_name]))
+ {
+ unset($_COOKIE[$this->_cookie_name]);
+ }
+
+/*
+ Need to test if this is necessary for a custom driver or if it's only
+ relevant to PHP's own files handler.
+
+ https://bugs.php.net/bug.php?id=65475
+ do this after session is started:
+ if (is_php('5.5.2') && ! is_php('5.5.4'))
+ {
+ $session_id = session_id();
+ if ($_COOKIE[$this->_cookie_name] !== $session_id && file_exists(teh file))
+ {
+ unlink(<teh file>);
+ }
+
+ setcookie(
+ $this->_cookie_name,
+ $session_id,
+ $this->_expiration
+ ? time() + $this->_expiration
+ : 0,
+ $this->_cookie_path,
+ $this->_cookie_domain,
+ $this->_cookie_secure,
+ $this->_cookie_httponly
+ );
+ }
+*/
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _cookie_destroy()
+ {
+ return setcookie(
+ $this->_cookie_name,
+ NULL,
+ 1,
+ $this->_cookie_path,
+ $this->_cookie_domain,
+ $this->_cookie_secure,
+ $this->_cookie_httponly
+ );
+ }
+
+}
+
+/* End of file Session_driver.php */
+/* Location: ./system/libraries/Session/Session_driver.php */ \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
deleted file mode 100644
index 566c40bd8..000000000
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ /dev/null
@@ -1,805 +0,0 @@
-<?php
-/**
- * CodeIgniter
- *
- * An open source application development framework for PHP 5.2.4 or newer
- *
- * NOTICE OF LICENSE
- *
- * Licensed under the Open Software License version 3.0
- *
- * This source file is subject to the Open Software License (OSL 3.0) that is
- * bundled with this package in the files license.txt / license.rst. It is
- * also available through the world wide web at this URL:
- * http://opensource.org/licenses/OSL-3.0
- * If you did not receive a copy of the license and are unable to obtain it
- * through the world wide web, please send an email to
- * licensing@ellislab.com so we can send you a copy immediately.
- *
- * @package CodeIgniter
- * @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
- * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
- * @link http://codeigniter.com
- * @since Version 1.0
- * @filesource
- */
-defined('BASEPATH') OR exit('No direct script access allowed');
-
-/**
- * Cookie-based session management driver
- *
- * This is the classic CI_Session functionality, as written by EllisLab, abstracted out to a driver.
- *
- * @package CodeIgniter
- * @subpackage Libraries
- * @category Sessions
- * @author EllisLab Dev Team
- * @link http://codeigniter.com/user_guide/libraries/sessions.html
- */
-class CI_Session_cookie extends CI_Session_driver {
-
- /**
- * Whether to encrypt the session cookie
- *
- * @var bool
- */
- public $sess_encrypt_cookie = FALSE;
-
- /**
- * Whether to use to the database for session storage
- *
- * @var bool
- */
- public $sess_use_database = FALSE;
-
- /**
- * Name of the database table in which to store sessions
- *
- * @var string
- */
- public $sess_table_name = '';
-
- /**
- * Length of time (in seconds) for sessions to expire
- *
- * @var int
- */
- public $sess_expiration = 7200;
-
- /**
- * Whether to kill session on close of browser window
- *
- * @var bool
- */
- public $sess_expire_on_close = FALSE;
-
- /**
- * Whether to match session on ip address
- *
- * @var bool
- */
- public $sess_match_ip = FALSE;
-
- /**
- * Whether to match session on user-agent
- *
- * @var bool
- */
- public $sess_match_useragent = TRUE;
-
- /**
- * Name of session cookie
- *
- * @var string
- */
- public $sess_cookie_name = 'ci_session';
-
- /**
- * Session cookie prefix
- *
- * @var string
- */
- public $cookie_prefix = '';
-
- /**
- * Session cookie path
- *
- * @var string
- */
- public $cookie_path = '';
-
- /**
- * Session cookie domain
- *
- * @var string
- */
- public $cookie_domain = '';
-
- /**
- * Whether to set the cookie only on HTTPS connections
- *
- * @var bool
- */
- public $cookie_secure = FALSE;
-
- /**
- * Whether cookie should be allowed only to be sent by the server
- *
- * @var bool
- */
- public $cookie_httponly = FALSE;
-
- /**
- * Interval at which to update session
- *
- * @var int
- */
- public $sess_time_to_update = 300;
-
- /**
- * Key with which to encrypt the session cookie
- *
- * @var string
- */
- public $encryption_key = '';
-
- /**
- * Timezone to use for the current time
- *
- * @var string
- */
- public $time_reference = 'local';
-
- /**
- * Session data
- *
- * @var array
- */
- public $userdata = array();
-
- /**
- * Current time
- *
- * @var int
- */
- public $now;
-
- // ------------------------------------------------------------------------
-
- /**
- * Default userdata keys
- *
- * @var array
- */
- protected $defaults = array(
- 'session_id' => NULL,
- 'ip_address' => NULL,
- 'user_agent' => NULL,
- 'last_activity' => NULL
- );
-
- /**
- * Data needs DB update flag
- *
- * @var bool
- */
- protected $data_dirty = FALSE;
-
- /**
- * Standardize newlines flag
- *
- * @var bool
- */
- protected $_standardize_newlines;
-
- // ------------------------------------------------------------------------
-
- /**
- * Initialize session driver object
- *
- * @return void
- */
- protected function initialize()
- {
- // Set all the session preferences, which can either be set
- // manually via the $params array or via the config file
- $prefs = array(
- 'sess_encrypt_cookie',
- 'sess_use_database',
- 'sess_table_name',
- 'sess_expiration',
- 'sess_expire_on_close',
- 'sess_match_ip',
- 'sess_match_useragent',
- 'sess_cookie_name',
- 'cookie_path',
- 'cookie_domain',
- 'cookie_secure',
- 'cookie_httponly',
- 'sess_time_to_update',
- 'time_reference',
- 'cookie_prefix',
- 'encryption_key',
- );
-
- $this->_standardize_newlines = (bool) config_item('standardize_newlines');
-
- foreach ($prefs as $key)
- {
- $this->$key = isset($this->_parent->params[$key])
- ? $this->_parent->params[$key]
- : $this->CI->config->item($key);
- }
-
- if (empty($this->encryption_key))
- {
- show_error('In order to use the Cookie Session driver you are required to set an encryption key in your config file.');
- }
-
- // Do we need encryption? If so, load the encryption class
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $this->CI->load->library('encryption');
- }
-
- // Check for database
- if ($this->sess_use_database === TRUE && $this->sess_table_name !== '')
- {
- // Load database driver
- $this->CI->load->database();
-
- // Register shutdown function
- register_shutdown_function(array($this, '_update_db'));
- }
-
- // Set the "now" time. Can either be GMT or server time, based on the config prefs.
- // We use this to set the "last activity" time
- $this->now = $this->_get_time();
-
- // Set the session length. If the session expiration is
- // set to zero we'll set the expiration two years from now.
- if ($this->sess_expiration === 0)
- {
- $this->sess_expiration = (60*60*24*365*2);
- }
-
- // Set the cookie name
- $this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;
-
- // Run the Session routine. If a session doesn't exist we'll
- // create a new one. If it does, we'll update it.
- if ( ! $this->_sess_read())
- {
- $this->_sess_create();
- }
- else
- {
- $this->_sess_update();
- }
-
- // Delete expired sessions if necessary
- $this->_sess_gc();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Write the session data
- *
- * @return void
- */
- public function sess_save()
- {
- // Check for database
- if ($this->sess_use_database === TRUE)
- {
- // Mark custom data as dirty so we know to update the DB
- $this->data_dirty = TRUE;
- }
-
- // Write the cookie
- $this->_set_cookie();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Destroy the current session
- *
- * @return void
- */
- public function sess_destroy()
- {
- // Kill the session DB row
- if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
- {
- $this->CI->db->delete($this->sess_table_name, array('session_id' => $this->userdata['session_id']));
- $this->data_dirty = FALSE;
- }
-
- // Kill the cookie
- $this->_setcookie($this->sess_cookie_name, '', ($this->now - 31500000),
- $this->cookie_path, $this->cookie_domain, 0);
-
- // Kill session data
- $this->userdata = array();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Regenerate the current session
- *
- * Regenerate the session id
- *
- * @param bool Destroy session data flag (default: false)
- * @return void
- */
- public function sess_regenerate($destroy = FALSE)
- {
- // Check destroy flag
- if ($destroy)
- {
- // Destroy old session and create new one
- $this->sess_destroy();
- $this->_sess_create();
- }
- else
- {
- // Just force an update to recreate the id
- $this->_sess_update(TRUE);
- }
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Get a reference to user data array
- *
- * @return array Reference to userdata
- */
- public function &get_userdata()
- {
- return $this->userdata;
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Fetch the current session data if it exists
- *
- * @return bool
- */
- protected function _sess_read()
- {
- // Fetch the cookie
- $session = $this->CI->input->cookie($this->sess_cookie_name);
-
- // No cookie? Goodbye cruel world!...
- if ($session === NULL)
- {
- log_message('debug', 'A session cookie was not found.');
- return FALSE;
- }
-
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $session = $this->CI->encryption->decrypt($session);
- if ($session === FALSE)
- {
- log_message('error', 'Session: Unable to decrypt the session cookie, possibly due to a HMAC mismatch.');
- return FALSE;
- }
- }
- else
- {
- if (($len = strlen($session) - 40) <= 0)
- {
- log_message('error', 'Session: The session cookie was not signed.');
- return FALSE;
- }
-
- // Check cookie authentication
- $hmac = substr($session, $len);
- $session = substr($session, 0, $len);
-
- // Time-attack-safe comparison
- $hmac_check = hash_hmac('sha1', $session, $this->encryption_key);
- $diff = 0;
- for ($i = 0; $i < 40; $i++)
- {
- $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]);
- }
-
- if ($diff !== 0)
- {
- log_message('error', 'Session: HMAC mismatch. The session cookie data did not match what was expected.');
- $this->sess_destroy();
- return FALSE;
- }
- }
-
- // Unserialize the session array
- $session = @unserialize($session);
-
- // Is the session data we unserialized an array with the correct format?
- if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))
- {
- log_message('debug', 'Session: Wrong cookie data format');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is the session current?
- if (($session['last_activity'] + $this->sess_expiration) < $this->now OR $session['last_activity'] > $this->now)
- {
- log_message('debug', 'Session: Expired');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Does the IP match?
- if ($this->sess_match_ip === TRUE && $session['ip_address'] !== $this->CI->input->ip_address())
- {
- log_message('debug', 'Session: IP address mismatch');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Does the User Agent Match?
- if ($this->sess_match_useragent === TRUE &&
- trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
- {
- log_message('debug', 'Session: User Agent string mismatch');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is there a corresponding session in the DB?
- if ($this->sess_use_database === TRUE)
- {
- $this->CI->db->where('session_id', $session['session_id']);
-
- if ($this->sess_match_ip === TRUE)
- {
- $this->CI->db->where('ip_address', $session['ip_address']);
- }
-
- if ($this->sess_match_useragent === TRUE)
- {
- $this->CI->db->where('user_agent', $session['user_agent']);
- }
-
- // Is caching in effect? Turn it off
- $db_cache = $this->CI->db->cache_on;
- $this->CI->db->cache_off();
-
- $query = $this->CI->db->limit(1)->get($this->sess_table_name);
-
- // Was caching in effect?
- if ($db_cache)
- {
- // Turn it back on
- $this->CI->db->cache_on();
- }
-
- // No result? Kill it!
- if (empty($query) OR $query->num_rows() === 0)
- {
- log_message('debug', 'Session: No match found in our database');
- $this->sess_destroy();
- return FALSE;
- }
-
- // Is there custom data? If so, add it to the main session array
- $row = $query->row();
- if ( ! empty($row->user_data))
- {
- $custom_data = unserialize(trim($row->user_data));
-
- if (is_array($custom_data))
- {
- $session = $session + $custom_data;
- }
- }
- }
-
- // Session is valid!
- $this->userdata = $session;
- return TRUE;
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Create a new session
- *
- * @return void
- */
- protected function _sess_create()
- {
- // Initialize userdata
- $this->userdata = array(
- 'session_id' => $this->_make_sess_id(),
- 'ip_address' => $this->CI->input->ip_address(),
- 'user_agent' => trim(substr($this->CI->input->user_agent(), 0, 120)),
- 'last_activity' => $this->now,
- );
-
- log_message('debug', 'Session: Creating new session ('.$this->userdata['session_id'].')');
-
- // Check for database
- if ($this->sess_use_database === TRUE)
- {
- // Add empty user_data field and save the data to the DB
- $this->CI->db->set('user_data', '')->insert($this->sess_table_name, $this->userdata);
- }
-
- // Write the cookie
- $this->_set_cookie();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Update an existing session
- *
- * @param bool Force update flag (default: false)
- * @return void
- */
- protected function _sess_update($force = FALSE)
- {
- // We only update the session every five minutes by default (unless forced)
- if ( ! $force && ($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
- {
- return;
- }
-
- // Update last activity to now
- $this->userdata['last_activity'] = $this->now;
-
- // Save the old session id so we know which DB record to update
- $old_sessid = $this->userdata['session_id'];
-
- // Changing the session ID during an AJAX call causes problems
- if ( ! $this->CI->input->is_ajax_request())
- {
- // Get new id
- $this->userdata['session_id'] = $this->_make_sess_id();
-
- log_message('debug', 'Session: Regenerate ID');
- }
-
- // Check for database
- if ($this->sess_use_database === TRUE)
- {
- $this->CI->db->where('session_id', $old_sessid);
-
- if ($this->sess_match_ip === TRUE)
- {
- $this->CI->db->where('ip_address', $this->CI->input->ip_address());
- }
-
- if ($this->sess_match_useragent === TRUE)
- {
- $this->CI->db->where('user_agent', trim(substr($this->CI->input->user_agent(), 0, 120)));
- }
-
- // Update the session ID and last_activity field in the DB
- $this->CI->db->update($this->sess_table_name,
- array(
- 'last_activity' => $this->now,
- 'session_id' => $this->userdata['session_id']
- )
- );
- }
-
- // Write the cookie
- $this->_set_cookie();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Update database with current data
- *
- * This gets called from the shutdown function and also
- * registered with PHP to run at the end of the request
- * so it's guaranteed to update even when a fatal error
- * occurs. The first call makes the update and clears the
- * dirty flag so it won't happen twice.
- *
- * @return void
- */
- public function _update_db()
- {
- // Check for database and dirty flag and unsaved
- if ($this->sess_use_database === TRUE && $this->data_dirty === TRUE)
- {
- // Set up activity and data fields to be set
- // If we don't find custom data, user_data will remain an empty string
- $set = array(
- 'last_activity' => $this->userdata['last_activity'],
- 'user_data' => ''
- );
-
- // Get the custom userdata, leaving out the defaults
- // (which get stored in the cookie)
- $userdata = array_diff_key($this->userdata, $this->defaults);
-
- // Did we find any custom data?
- if ( ! empty($userdata))
- {
- // Serialize the custom data array so we can store it
- $set['user_data'] = serialize($userdata);
- }
-
- // Reset query builder values.
- $this->CI->db->reset_query();
-
- // Run the update query
- // Any time we change the session id, it gets updated immediately,
- // so our where clause below is always safe
- $this->CI->db->where('session_id', $this->userdata['session_id']);
-
- if ($this->sess_match_ip === TRUE)
- {
- $this->CI->db->where('ip_address', $this->CI->input->ip_address());
- }
-
- if ($this->sess_match_useragent === TRUE)
- {
- $this->CI->db->where('user_agent', trim(substr($this->CI->input->user_agent(), 0, 120)));
- }
-
- $this->CI->db->update($this->sess_table_name, $set);
-
- // Clear dirty flag to prevent double updates
- $this->data_dirty = FALSE;
-
- log_message('debug', 'CI_Session Data Saved To DB');
- }
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Generate a new session id
- *
- * @return string Hashed session id
- */
- protected function _make_sess_id()
- {
- $new_sessid = '';
- do
- {
- $new_sessid .= mt_rand();
- }
- while (strlen($new_sessid) < 32);
-
- // To make the session ID even more secure we'll combine it with the user's IP
- $new_sessid .= $this->CI->input->ip_address();
-
- // Turn it into a hash and return
- return md5(uniqid($new_sessid, TRUE));
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Get the "now" time
- *
- * @return int Time
- */
- protected function _get_time()
- {
- if ($this->time_reference === 'local' OR $this->time_reference === date_default_timezone_get())
- {
- return time();
- }
-
- $datetime = new DateTime('now', new DateTimeZone($this->time_reference));
- sscanf($datetime->format('j-n-Y G:i:s'), '%d-%d-%d %d:%d:%d', $day, $month, $year, $hour, $minute, $second);
-
- return mktime($hour, $minute, $second, $month, $day, $year);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Write the session cookie
- *
- * @return void
- */
- protected function _set_cookie()
- {
- // Get userdata (only defaults if database)
- $cookie_data = ($this->sess_use_database === TRUE)
- ? array_intersect_key($this->userdata, $this->defaults)
- : $this->userdata;
-
- // The Input class will do this and since we use HMAC verification,
- // unless we standardize here as well, the hash won't match.
- if ($this->_standardize_newlines)
- {
- foreach (array_keys($this->userdata) as $key)
- {
- $this->userdata[$key] = preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $this->userdata[$key]);
- }
- }
-
- // Serialize the userdata for the cookie
- $cookie_data = serialize($cookie_data);
-
- if ($this->sess_encrypt_cookie === TRUE)
- {
- $cookie_data = $this->CI->encryption->encrypt($cookie_data);
- }
- else
- {
- // Require message authentication
- $cookie_data .= hash_hmac('sha1', $cookie_data, $this->encryption_key);
- }
-
- $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time();
-
- // Set the cookie
- $this->_setcookie($this->sess_cookie_name, $cookie_data, $expire, $this->cookie_path, $this->cookie_domain,
- $this->cookie_secure, $this->cookie_httponly);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Set a cookie with the system
- *
- * This abstraction of the setcookie call allows overriding for unit testing
- *
- * @param string Cookie name
- * @param string Cookie value
- * @param int Expiration time
- * @param string Cookie path
- * @param string Cookie domain
- * @param bool Secure connection flag
- * @param bool HTTP protocol only flag
- * @return void
- */
- protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = FALSE, $httponly = FALSE)
- {
- setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Garbage collection
- *
- * This deletes expired session rows from database
- * if the probability percentage is met
- *
- * @return void
- */
- protected function _sess_gc()
- {
- if ($this->sess_use_database !== TRUE)
- {
- return;
- }
-
- $probability = ini_get('session.gc_probability');
- $divisor = ini_get('session.gc_divisor');
-
- if (mt_rand(1, $divisor) <= $probability)
- {
- $expire = $this->now - $this->sess_expiration;
- $this->CI->db->delete($this->sess_table_name, 'last_activity < '.$expire);
-
- log_message('debug', 'Session garbage collection performed.');
- }
- }
-
-}
-
-/* End of file Session_cookie.php */
-/* Location: ./system/libraries/Session/drivers/Session_cookie.php */ \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
new file mode 100644
index 000000000..24847456c
--- /dev/null
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -0,0 +1,317 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author Andrey Andreev
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 3.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * CodeIgniter Session Database Driver
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+class CI_Session_database_driver extends CI_Session_driver implements SessionHandlerInterface {
+
+ /**
+ * DB object
+ *
+ * @var object
+ */
+ protected $_db;
+
+ /**
+ * DB table
+ *
+ * @var string
+ */
+ protected $_table;
+
+ /**
+ * Session ID
+ *
+ * @var string
+ */
+ protected $_session_id;
+
+ /**
+ * Row exists flag
+ *
+ * @var bool
+ */
+ protected $_row_exists = FALSE;
+
+ /**
+ * Lock "driver" flag
+ *
+ * @var string
+ */
+ protected $_lock_driver;
+
+ /**
+ * Lock status flag
+ *
+ * @var bool
+ */
+ protected $_lock = FALSE;
+
+ /**
+ * Semaphore ID
+ *
+ * Used for locking if the database doesn't support advisory locks
+ *
+ * @var resource
+ */
+ protected $_sem;
+
+ // ------------------------------------------------------------------------
+
+ /**
+ * Class constructor
+ *
+ * @param array $params Configuration parameters
+ * @return void
+ */
+ public function __construct(&$params)
+ {
+ parent::__construct($params);
+
+ $CI =& get_instance();
+ isset($CI->db) OR $CI->load->database();
+ $this->_db =& $CI->db;
+
+ if ( ! $this->_db instanceof CI_DB_query_builder)
+ {
+ throw new Exception('Query Builder not enabled for the configured database. Aborting.');
+ }
+ elseif ($this->_db->pconnect)
+ {
+ throw new Exception('Configured database connection is persistent. Aborting.');
+ }
+
+ $db_driver = $this->_db->dbdriver.(empty($this->_db->subdriver) ? '' : '_'.$this->_db->subdriver);
+ if (strpos($db_driver, 'mysql') !== FALSE)
+ {
+ $this->_lock_type = 'mysql';
+ }
+ elseif (in_array($db_driver, array('postgre', 'pdo_pgsql'), TRUE))
+ {
+ $this->_lock_type = 'postgre';
+ }
+ elseif (extension_loaded('sysvsem'))
+ {
+ $this->_lock_type = 'semaphore';
+ }
+
+ isset($this->_table) OR $this->_table = config_item('sess_table_name');
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function open($save_path, $name)
+ {
+ return empty($this->_db->conn_id)
+ ? ( ! $this->_db->autoinit && $this->_db->db_connect())
+ : TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function read($session_id)
+ {
+ $this->_session_id = $session_id;
+ if (($this->_lock = $this->_get_lock()) !== FALSE)
+ {
+ $this->_db
+ ->select('data')
+ ->from($this->_table)
+ ->where('id', $session_id);
+
+ if ($this->_match_ip)
+ {
+ $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ }
+
+ if (($result = $this->_db->get()->row()) === NULL)
+ {
+ $this->_fingerprint = md5('');
+ return '';
+ }
+
+ $this->_fingerprint = md5(rtrim($result->data));
+ $this->_row_exists = TRUE;
+ return $result->data;
+ }
+
+ $this->_fingerprint = md5('');
+ return '';
+ }
+
+ public function write($session_id, $session_data)
+ {
+ if ($this->_lock === FALSE)
+ {
+ return FALSE;
+ }
+
+ if ($this->_row_exists === FALSE)
+ {
+ if ($this->_db->insert($this->_table, array('id' => $session_id, 'ip_address' => $_SERVER['REMOTE_ADDR'], 'timestamp' => time(), 'data' => $session_data)))
+ {
+ $this->_fingerprint = md5($session_data);
+ return $this->_row_exists = TRUE;
+ }
+
+ return FALSE;
+ }
+
+ $this->_db->where('id', $session_id);
+ if ($this->_match_ip)
+ {
+ $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ }
+
+ $update_data = ($this->_fingerprint === md5($session_data))
+ ? array('timestamp' => time())
+ : array('timestamp' => time(), 'data' => $session_data);
+
+ if ($this->_db->update($this->_table, $update_data))
+ {
+ $this->_fingerprint = md5($session_data);
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function close()
+ {
+ return ($this->_lock)
+ ? $this->_release_lock()
+ : TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function destroy($session_id)
+ {
+ if ($this->_lock)
+ {
+ $this->_db->where('id', $session_id);
+ if ($this->_match_ip)
+ {
+ $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ }
+
+ return $this->_db->delete($this->_table)
+ ? ($this->close() && $this->_cookie_destroy())
+ : FALSE;
+ }
+
+ return ($this->close() && $this->_cookie_destroy());
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function gc($maxlifetime)
+ {
+ return $this->_db->delete($this->_table, 'timestamp < '.(time() - $maxlifetime));
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _get_lock()
+ {
+ $arg = $this->_session_id
+ .($this->_match_ip ? '_'.$_SERVER['REMOTE_ADDR'] : '');
+
+ if ($this->_lock_driver === 'mysql')
+ {
+ return (bool) $this->_db
+ ->query("SELECT GET_LOCK('".$session_id."', 10) AS ci_session_lock")
+ ->row()
+ ->ci_session_lock;
+ }
+ elseif ($this->_lock_driver === 'postgre')
+ {
+ return (bool) $this->_db->simple_query('SELECT pg_advisory_lock('.$arg.')');
+ }
+ elseif ($this->_lock_driver === 'semaphore')
+ {
+ if (($this->_sem = sem_get($arg, 1, 0644)) === FALSE)
+ {
+ return FALSE;
+ }
+
+ if ( ! sem_acquire($this->_sem))
+ {
+ sem_remove($this->_sem);
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ protected function _release_lock()
+ {
+ if ($this->_lock_driver === 'mysql')
+ {
+ $arg = $this->_session_id
+ .($this->_match_ip ? '_'.$_SERVER['REMOTE_ADDR'] : '');
+
+ return (bool) $this->_db
+ ->query("SELECT RELEASE_LOCK('".$arg."') AS ci_session_lock")
+ ->row()
+ ->ci_session_lock;
+ }
+ elseif ($this->_lock_driver === 'postgre')
+ {
+ $arg = "hashtext('".$this->_session_id."')"
+ .($this->_match_ip ? ", hashtext('".$_SERVER['REMOTE_ADDR']."')" : '');
+
+ return (bool) $this->_db->simple_query('SELECT pg_advisory_unlock('.$arg.')');
+ }
+ elseif ($this->_lock_driver === 'semaphore')
+ {
+ sem_release($this->_sem);
+ sem_remove($this->_sem);
+ }
+
+ return TRUE;
+ }
+
+}
+
+/* End of file Session_database_driver.php */
+/* Location: ./system/libraries/Session/drivers/Session_database_driver.php */ \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
new file mode 100644
index 000000000..4acbcf6c5
--- /dev/null
+++ b/system/libraries/Session/drivers/Session_files_driver.php
@@ -0,0 +1,276 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 5.2.4 or newer
+ *
+ * NOTICE OF LICENSE
+ *
+ * Licensed under the Open Software License version 3.0
+ *
+ * This source file is subject to the Open Software License (OSL 3.0) that is
+ * bundled with this package in the files license.txt / license.rst. It is
+ * also available through the world wide web at this URL:
+ * http://opensource.org/licenses/OSL-3.0
+ * If you did not receive a copy of the license and are unable to obtain it
+ * through the world wide web, please send an email to
+ * licensing@ellislab.com so we can send you a copy immediately.
+ *
+ * @package CodeIgniter
+ * @author Andrey Andreev
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
+ * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
+ * @link http://codeigniter.com
+ * @since Version 3.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * CodeIgniter Session Files Driver
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Sessions
+ * @author Andrey Andreev
+ * @link http://codeigniter.com/user_guide/libraries/sessions.html
+ */
+class CI_Session_files_driver extends CI_Session_driver implements SessionHandlerInterface {
+
+ /**
+ * Save path
+ *
+ * @var string
+ */
+ protected $_save_path;
+
+ /**
+ * File handle
+ *
+ * @var resource
+ */
+ protected $_file_handle;
+
+ /**
+ * File name
+ *
+ * @var resource
+ */
+ protected $_file_path;
+
+ /**
+ * File new flag
+ *
+ * @var bool
+ */
+ protected $_file_new;
+
+ // ------------------------------------------------------------------------
+
+ /**
+ * Class constructor
+ *
+ * @param array $params Configuration parameters
+ * @return void
+ */
+ public function __construct(&$params)
+ {
+ parent::__construct($params);
+
+ if (isset($this->_save_path))
+ {
+ $this->_save_path = rtrim($this->_save_path, '/\\');
+ ini_set('session.save_path', $this->_save_path);
+ }
+ else
+ {
+ $this->_save_path = rtrim(ini_get('session.save_path'), '/\\');
+ }
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function open($save_path, $name)
+ {
+ if ( ! is_dir($save_path) && ! mkdir($save_path, 0700, TRUE))
+ {
+ log_message('error', "Session: Configured save path '".$this->_save_path."' is not a directory, doesn't exist or cannot be created.");
+ return FALSE;
+ }
+
+ $this->_save_path = $save_path;
+ $this->_file_path = $this->_save_path.DIRECTORY_SEPARATOR
+ .$name // we'll use the session cookie name as a prefix to avoid collisions
+ .($this->_match_ip ? md5($_SERVER['REMOTE_ADDR']) : '');
+
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function read($session_id)
+ {
+ // This might seem weird, but PHP 5.6 introduces session_reset(),
+ // which re-reads session data
+ if ($this->_file_handle === NULL)
+ {
+ $this->_file_path .= $session_id;
+
+ // Just using fopen() with 'c+b' mode would be perfect, but it is only
+ // available since PHP 5.2.6 and we have to set permissions for new files,
+ // so we'd have to hack around this ...
+ if (($this->_file_new = ! file_exists($this->_file_path)) === TRUE)
+ {
+ if (($this->_file_handle = fopen($this->_file_path, 'w+b')) === FALSE)
+ {
+ log_message('error', "Session: File '".$this->_file_path."' doesn't exist and cannot be created.");
+ return FALSE;
+ }
+ }
+ elseif (($this->_file_handle = fopen($this->_file_path, 'r+b')) === FALSE)
+ {
+ log_message('error', "Session: Unable to open file '".$this->_file_path."'.");
+ return FALSE;
+ }
+
+ if (flock($this->_file_handle, LOCK_EX) === FALSE)
+ {
+ log_message('error', "Session: Unable to obtain lock for file '".$this->_file_path."'.");
+ fclose($this->_file_handle);
+ $this->_file_handle = NULL;
+ return FALSE;
+ }
+
+ if ($this->_file_new)
+ {
+ chmod($this->_file_path, 0600);
+ $this->_fingerprint = md5('');
+ return '';
+ }
+ }
+ else
+ {
+ rewind($this->_file_handle);
+ }
+
+ $session_data = '';
+ for ($read = 0, $length = filesize($this->_file_path); $read < $length; $read += strlen($buffer))
+ {
+ if (($buffer = fread($this->_file_handle, $length - $read)) === FALSE)
+ {
+ break;
+ }
+
+ $session_data .= $buffer;
+ }
+
+ $this->_fingerprint = md5($session_data);
+ return $session_data;
+ }
+
+ public function write($session_id, $session_data)
+ {
+ if ( ! is_resource($this->_file_handle))
+ {
+ return FALSE;
+ }
+ elseif ($this->_fingerprint === md5($session_data))
+ {
+ return ($this->_file_new)
+ ? TRUE
+ : touch($this->_file_path);
+ }
+
+ if ( ! $this->_file_new)
+ {
+ ftruncate($this->_file_handle, 0);
+ rewind($this->_file_handle);
+ }
+
+ for ($written = 0, $length = strlen($session_data); $written < $length; $written += $result)
+ {
+ if (($result = fwrite($this->_file_handle, substr($session_data, $written))) === FALSE)
+ {
+ break;
+ }
+ }
+
+ if ( ! is_int($result))
+ {
+ $this->_fingerprint = md5(substr($session_data, 0, $written));
+ log_message('error', 'Session: Unable to write data.');
+ return FALSE;
+ }
+
+ $this->_fingerprint = md5($session_data);
+ return TRUE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function close()
+ {
+ if (is_resource($this->_file_handle))
+ {
+ flock($this->_file_handle, LOCK_UN);
+ fclose($this->_file_handle);
+
+ $this->_file_handle = $this->_file_new = NULL;
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function destroy($session_id)
+ {
+ if ($this->close())
+ {
+ return unlink($this->_file_path) && $this->_cookie_destroy();
+ }
+ elseif ($this->_file_path !== NULL)
+ {
+ clearstatcache();
+ return file_exists($this->_file_path)
+ ? (unlink($this->_file_path) && $this->_cookie_destroy())
+ : TRUE;
+ }
+
+ return FALSE;
+ }
+
+ // ------------------------------------------------------------------------
+
+ public function gc($maxlifetime)
+ {
+ if ( ! is_dir($this->_save_path) OR ($files = scandir($this->_save_path)) === FALSE)
+ {
+ log_message('debug', "Session: Garbage collector couldn't list files under directory '".$this->_save_path."'.");
+ return FALSE;
+ }
+
+ $ts = time() - $maxlifetime;
+
+ foreach ($files as $file)
+ {
+ // If the filename doesn't match this pattern, it's either not a session file or is not ours
+ if ( ! preg_match('/(?:[0-9a-f]{32})?[0-9a-f]{40}$/i', $file)
+ OR ! is_file($this->_save_path.DIRECTORY_SEPARATOR.$file)
+ OR ($mtime = filemtime($file)) === FALSE
+ OR $mtime > $ts)
+ {
+ continue;
+ }
+
+ unlink($this->_save_path.DIRECTORY_SEPARATOR.$file);
+ }
+
+ return TRUE;
+ }
+
+}
+
+/* End of file Session_files_driver.php */
+/* Location: ./system/libraries/Session/drivers/Session_files_driver.php */ \ No newline at end of file
diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php
deleted file mode 100644
index 4104652b8..000000000
--- a/system/libraries/Session/drivers/Session_native.php
+++ /dev/null
@@ -1,246 +0,0 @@
-<?php
-/**
- * CodeIgniter
- *
- * An open source application development framework for PHP 5.2.4 or newer
- *
- * NOTICE OF LICENSE
- *
- * Licensed under the Open Software License version 3.0
- *
- * This source file is subject to the Open Software License (OSL 3.0) that is
- * bundled with this package in the files license.txt / license.rst. It is
- * also available through the world wide web at this URL:
- * http://opensource.org/licenses/OSL-3.0
- * If you did not receive a copy of the license and are unable to obtain it
- * through the world wide web, please send an email to
- * licensing@ellislab.com so we can send you a copy immediately.
- *
- * @package CodeIgniter
- * @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
- * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
- * @link http://codeigniter.com
- * @since Version 1.0
- * @filesource
- */
-defined('BASEPATH') OR exit('No direct script access allowed');
-
-/**
- * Native PHP session management driver
- *
- * This is the driver that uses the native PHP $_SESSION array through the Session driver library.
- *
- * @package CodeIgniter
- * @subpackage Libraries
- * @category Sessions
- * @author EllisLab Dev Team
- */
-class CI_Session_native extends CI_Session_driver {
-
- /**
- * Initialize session driver object
- *
- * @return void
- */
- protected function initialize()
- {
- // Get config parameters
- $config = array();
- $prefs = array(
- 'sess_cookie_name',
- 'sess_expire_on_close',
- 'sess_expiration',
- 'sess_match_ip',
- 'sess_match_useragent',
- 'sess_time_to_update',
- 'cookie_prefix',
- 'cookie_path',
- 'cookie_domain',
- 'cookie_secure',
- 'cookie_httponly'
- );
-
- foreach ($prefs as $key)
- {
- $config[$key] = isset($this->_parent->params[$key])
- ? $this->_parent->params[$key]
- : $this->CI->config->item($key);
- }
-
- // Set session name, if specified
- if ($config['sess_cookie_name'])
- {
- // Differentiate name from cookie driver with '_id' suffix
- $name = $config['sess_cookie_name'].'_id';
- if ($config['cookie_prefix'])
- {
- // Prepend cookie prefix
- $name = $config['cookie_prefix'].$name;
- }
- session_name($name);
- }
-
- // Set expiration, path, and domain
- $expire = 7200;
- $path = '/';
- $domain = '';
- $secure = (bool) $config['cookie_secure'];
- $http_only = (bool) $config['cookie_httponly'];
-
- if ($config['sess_expiration'] !== FALSE)
- {
- // Default to 2 years if expiration is "0"
- $expire = ($config['sess_expiration'] == 0) ? (60*60*24*365*2) : $config['sess_expiration'];
- }
-
- if ($config['cookie_path'])
- {
- // Use specified path
- $path = $config['cookie_path'];
- }
-
- if ($config['cookie_domain'])
- {
- // Use specified domain
- $domain = $config['cookie_domain'];
- }
-
- session_set_cookie_params($config['sess_expire_on_close'] ? 0 : $expire, $path, $domain, $secure, $http_only);
-
- // Start session
- session_start();
-
- // Check session expiration, ip, and agent
- $now = time();
- $destroy = FALSE;
- if (isset($_SESSION['last_activity']) && (($_SESSION['last_activity'] + $expire) < $now OR $_SESSION['last_activity'] > $now))
- {
- // Expired - destroy
- log_message('debug', 'Session: Expired');
- $destroy = TRUE;
- }
- elseif ($config['sess_match_ip'] === TRUE && isset($_SESSION['ip_address'])
- && $_SESSION['ip_address'] !== $this->CI->input->ip_address())
- {
- // IP doesn't match - destroy
- log_message('debug', 'Session: IP address mismatch');
- $destroy = TRUE;
- }
- elseif ($config['sess_match_useragent'] === TRUE && isset($_SESSION['user_agent'])
- && $_SESSION['user_agent'] !== trim(substr($this->CI->input->user_agent(), 0, 50)))
- {
- // Agent doesn't match - destroy
- log_message('debug', 'Session: User Agent string mismatch');
- $destroy = TRUE;
- }
-
- // Destroy expired or invalid session
- if ($destroy)
- {
- // Clear old session and start new
- $this->sess_destroy();
- session_start();
- }
-
- // Check for update time
- if ($config['sess_time_to_update'] && isset($_SESSION['last_activity'])
- && ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now)
- {
- // Changing the session ID amidst a series of AJAX calls causes problems
- if ( ! $this->CI->input->is_ajax_request())
- {
- // Regenerate ID, but don't destroy session
- log_message('debug', 'Session: Regenerate ID');
- $this->sess_regenerate(FALSE);
- }
- }
-
- // Set activity time
- $_SESSION['last_activity'] = $now;
-
- // Set matching values as required
- if ($config['sess_match_ip'] === TRUE && ! isset($_SESSION['ip_address']))
- {
- // Store user IP address
- $_SESSION['ip_address'] = $this->CI->input->ip_address();
- }
-
- if ($config['sess_match_useragent'] === TRUE && ! isset($_SESSION['user_agent']))
- {
- // Store user agent string
- $_SESSION['user_agent'] = trim(substr($this->CI->input->user_agent(), 0, 50));
- }
-
- // Make session ID available
- $_SESSION['session_id'] = session_id();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Save the session data
- *
- * @return void
- */
- public function sess_save()
- {
- // Nothing to do - changes to $_SESSION are automatically saved
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Destroy the current session
- *
- * @return void
- */
- public function sess_destroy()
- {
- // Cleanup session
- $_SESSION = array();
- $name = session_name();
- if (isset($_COOKIE[$name]))
- {
- // Clear session cookie
- $params = session_get_cookie_params();
- setcookie($name, '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
- unset($_COOKIE[$name]);
- }
- session_destroy();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Regenerate the current session
- *
- * Regenerate the session id
- *
- * @param bool Destroy session data flag (default: FALSE)
- * @return void
- */
- public function sess_regenerate($destroy = FALSE)
- {
- // Just regenerate id, passing destroy flag
- session_regenerate_id($destroy);
- $_SESSION['session_id'] = session_id();
- }
-
- // ------------------------------------------------------------------------
-
- /**
- * Get a reference to user data array
- *
- * @return array Reference to userdata
- */
- public function &get_userdata()
- {
- // Just return reference to $_SESSION
- return $_SESSION;
- }
-
-}
-
-/* End of file Session_native.php */
-/* Location: ./system/libraries/Session/drivers/Session_native.php */ \ No newline at end of file