From 9ffcee60140b20ca3ec4e7688f83a039c7c080f7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 5 Sep 2012 16:25:16 +0300 Subject: Cleanup and optimize new Session classes --- .../libraries/Session/drivers/Session_cookie.php | 125 ++++++++++++--------- .../libraries/Session/drivers/Session_native.php | 69 ++++++++---- 2 files changed, 114 insertions(+), 80 deletions(-) (limited to 'system/libraries/Session/drivers') diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 52eeddbc4..6d931c16c 100755 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -37,6 +37,7 @@ * @link http://codeigniter.com/user_guide/libraries/sessions.html */ class CI_Session_cookie extends CI_Session_driver { + /** * Whether to encrypt the session cookie * @@ -192,7 +193,6 @@ class CI_Session_cookie extends CI_Session_driver { /** * Initialize session driver object * - * @access protected * @return void */ protected function initialize() @@ -220,16 +220,17 @@ class CI_Session_cookie extends CI_Session_driver { 'cookie_prefix', 'encryption_key' ); + foreach ($prefs as $key) { - $this->$key = isset($this->_parent->params[$key]) ? $this->_parent->params[$key] : - $this->CI->config->item($key); + $this->$key = isset($this->_parent->params[$key]) + ? $this->_parent->params[$key] + : $this->CI->config->item($key); } if ($this->encryption_key === '') { - show_error('In order to use the Cookie Session driver you are required to set an encryption key '. - 'in your config file.'); + show_error('In order to use the Cookie Session driver you are required to set an encryption key in your config file.'); } // Load the string helper so we can use the strip_slashes() function @@ -280,6 +281,8 @@ class CI_Session_cookie extends CI_Session_driver { $this->_sess_gc(); } + // ------------------------------------------------------------------------ + /** * Write the session data * @@ -298,6 +301,8 @@ class CI_Session_cookie extends CI_Session_driver { $this->_set_cookie(); } + // ------------------------------------------------------------------------ + /** * Destroy the current session * @@ -320,15 +325,17 @@ class CI_Session_cookie extends CI_Session_driver { $this->userdata = array(); } + // ------------------------------------------------------------------------ + /** * Regenerate the current session * * Regenerate the session id * - * @param boolean Destroy session data flag (default: false) + * @param bool Destroy session data flag (default: false) * @return void */ - public function sess_regenerate($destroy = false) + public function sess_regenerate($destroy = FALSE) { // Check destroy flag if ($destroy) @@ -344,21 +351,23 @@ class CI_Session_cookie extends CI_Session_driver { } } + // ------------------------------------------------------------------------ + /** * Get a reference to user data array * - * @return array - Reference to userdata + * @return array Reference to userdata */ public function &get_userdata() { - // Return reference to array return $this->userdata; } + // ------------------------------------------------------------------------ + /** * Fetch the current session data if it exists * - * @access protected * @return bool */ protected function _sess_read() @@ -389,8 +398,7 @@ class CI_Session_cookie extends CI_Session_driver { // Does the md5 hash match? This is to prevent manipulation of session data in userspace if ($hash !== md5($session.$this->encryption_key)) { - log_message('error', 'The session cookie data did not match what was expected. '. - 'This could be a possible hacking attempt.'); + log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.'); $this->sess_destroy(); return FALSE; } @@ -400,8 +408,7 @@ class CI_Session_cookie extends CI_Session_driver { $session = $this->_unserialize($session); // Is the session data we unserialized an array with the correct format? - if ( ! is_array($session) || ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], - $session['last_activity'])) + if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity'])) { $this->sess_destroy(); return FALSE; @@ -423,7 +430,7 @@ class CI_Session_cookie extends CI_Session_driver { // Does the User Agent Match? if ($this->sess_match_useragent === TRUE && - trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120))) + trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120))) { $this->sess_destroy(); return FALSE; @@ -482,10 +489,11 @@ class CI_Session_cookie extends CI_Session_driver { return TRUE; } + // ------------------------------------------------------------------------ + /** * Create a new session * - * @access protected * @return void */ protected function _sess_create() @@ -509,11 +517,12 @@ class CI_Session_cookie extends CI_Session_driver { $this->_set_cookie(); } + // ------------------------------------------------------------------------ + /** * Update an existing session * - * @access protected - * @param boolean Force update flag (default: false) + * @param bool Force update flag (default: false) * @return void */ protected function _sess_update($force = FALSE) @@ -551,6 +560,8 @@ class CI_Session_cookie extends CI_Session_driver { $this->_set_cookie(); } + // ------------------------------------------------------------------------ + /** * Update database with current data * @@ -559,6 +570,8 @@ class CI_Session_cookie extends CI_Session_driver { * so it's guaranteed to update even when a fatal error * occurs. The first call makes the update and clears the * dirty flag so it won't happen twice. + * + * @return void */ public function _update_db() { @@ -595,6 +608,8 @@ class CI_Session_cookie extends CI_Session_driver { } } + // ------------------------------------------------------------------------ + /** * Generate a new session id * @@ -616,15 +631,16 @@ class CI_Session_cookie extends CI_Session_driver { return md5(uniqid($new_sessid, TRUE)); } + // ------------------------------------------------------------------------ + /** * Get the "now" time * - * @access protected * @return int Time */ protected function _get_time() { - if ($this->time_reference === 'local' || $this->time_reference === date_default_timezone_get()) + if ($this->time_reference === 'local' OR $this->time_reference === date_default_timezone_get()) { return time(); } @@ -635,36 +651,27 @@ class CI_Session_cookie extends CI_Session_driver { return mktime($hour, $minute, $second, $month, $day, $year); } + // ------------------------------------------------------------------------ + /** * Write the session cookie * - * @access protected * @return void */ protected function _set_cookie() { // Get userdata (only defaults if database) - if ($this->sess_use_database === TRUE) - { - $cookie_data = array_intersect_key($this->userdata, $this->defaults); - } - else - { - $cookie_data = $this->userdata; - } + $cookie_data = ($this->sess_use_database === TRUE) + ? array_intersect_key($this->userdata, $this->defaults) + : $this->userdata; // Serialize the userdata for the cookie $cookie_data = $this->_serialize($cookie_data); - if ($this->sess_encrypt_cookie === TRUE) - { - $cookie_data = $this->CI->encrypt->encode($cookie_data); - } - else - { + $cookie_data = ($this->sess_encrypt_cookie === TRUE) + ? $this->CI->encrypt->encode($cookie_data) // if encryption is not used, we provide an md5 hash to prevent userside tampering - $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key); - } + : $cookie_data.md5($cookie_data.$this->encryption_key); $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time(); @@ -673,35 +680,35 @@ class CI_Session_cookie extends CI_Session_driver { $this->cookie_secure, $this->cookie_httponly); } + // ------------------------------------------------------------------------ + /** * Set a cookie with the system * * This abstraction of the setcookie call allows overriding for unit testing * - * @access protected - * @param string Cookie name - * @param string Cookie value - * @param int Expiration time - * @param string Cookie path - * @param string Cookie domain - * @param bool Secure connection flag - * @param bool HTTP protocol only flag - * @return void - */ - protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = false, - $httponly = false) + * @param string Cookie name + * @param string Cookie value + * @param int Expiration time + * @param string Cookie path + * @param string Cookie domain + * @param bool Secure connection flag + * @param bool HTTP protocol only flag + * @return void + */ + protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = FALSE, $httponly = FALSE) { - // Set the cookie setcookie($name, $value, $expire, $path, $domain, $secure, $httponly); } + // ------------------------------------------------------------------------ + /** * Serialize an array * * This function first converts any slashes found in the array to a temporary * marker, so when it gets unserialized the slashes will be preserved * - * @access protected * @param mixed Data to serialize * @return string Serialized data */ @@ -715,15 +722,17 @@ class CI_Session_cookie extends CI_Session_driver { { $data = str_replace('\\', '{{slash}}', $data); } + return serialize($data); } + // ------------------------------------------------------------------------ + /** * Escape slashes * * This function converts any slashes found into a temporary marker * - * @access protected * @param string Value * @param string Key * @return void @@ -736,13 +745,14 @@ class CI_Session_cookie extends CI_Session_driver { } } + // ------------------------------------------------------------------------ + /** * Unserialize * * This function unserializes a data string, then converts any * temporary slash markers back to actual slashes * - * @access protected * @param mixed Data to unserialize * @return mixed Unserialized data */ @@ -759,12 +769,13 @@ class CI_Session_cookie extends CI_Session_driver { return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data; } + // ------------------------------------------------------------------------ + /** * Unescape slashes * * This function converts any slash markers back into actual slashes * - * @access protected * @param string Value * @param string Key * @return void @@ -777,13 +788,14 @@ class CI_Session_cookie extends CI_Session_driver { } } + // ------------------------------------------------------------------------ + /** * Garbage collection * * This deletes expired session rows from database * if the probability percentage is met * - * @access protected * @return void */ protected function _sess_gc() @@ -805,7 +817,8 @@ class CI_Session_cookie extends CI_Session_driver { log_message('debug', 'Session garbage collection performed.'); } } + } /* End of file Session_cookie.php */ -/* Location: ./system/libraries/Session/drivers/Session_cookie.php */ +/* Location: ./system/libraries/Session/drivers/Session_cookie.php */ \ No newline at end of file diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php index 8ba8e749a..c97e15356 100755 --- a/system/libraries/Session/drivers/Session_native.php +++ b/system/libraries/Session/drivers/Session_native.php @@ -2,18 +2,29 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com - * @since Version 2.0 + * @since Version 1.0 * @filesource */ - /** * Native PHP session management driver * @@ -22,13 +33,13 @@ * @package CodeIgniter * @subpackage Libraries * @category Sessions - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team */ class CI_Session_native extends CI_Session_driver { + /** * Initialize session driver object * - * @access protected * @return void */ protected function initialize() @@ -47,10 +58,12 @@ class CI_Session_native extends CI_Session_driver { 'cookie_path', 'cookie_domain' ); + foreach ($prefs as $key) { - $config[$key] = isset($this->_parent->params[$key]) ? $this->_parent->params[$key] : - $CI->config->item($key); + $config[$key] = isset($this->_parent->params[$key]) + ? $this->_parent->params[$key] + : $CI->config->item($key); } // Set session name, if specified @@ -75,11 +88,13 @@ class CI_Session_native extends CI_Session_driver { // Default to 2 years if expiration is "0" $expire = ($config['sess_expiration'] == 0) ? (60*60*24*365*2) : $config['sess_expiration']; } + if ($config['cookie_path']) { // Use specified path $path = $config['cookie_path']; } + if ($config['cookie_domain']) { // Use specified domain @@ -98,14 +113,14 @@ class CI_Session_native extends CI_Session_driver { // Expired - destroy $destroy = TRUE; } - else if ($config['sess_match_ip'] == TRUE && isset($_SESSION['ip_address']) && - $_SESSION['ip_address'] != $CI->input->ip_address()) + elseif ($config['sess_match_ip'] === TRUE && isset($_SESSION['ip_address']) + && $_SESSION['ip_address'] !== $CI->input->ip_address()) { // IP doesn't match - destroy $destroy = TRUE; } - else if ($config['sess_match_useragent'] == TRUE && isset($_SESSION['user_agent']) && - $_SESSION['user_agent'] != trim(substr($CI->input->user_agent(), 0, 50))) + elseif ($config['sess_match_useragent'] === TRUE && isset($_SESSION['user_agent']) + && $_SESSION['user_agent'] !== trim(substr($CI->input->user_agent(), 0, 50))) { // Agent doesn't match - destroy $destroy = TRUE; @@ -120,8 +135,8 @@ class CI_Session_native extends CI_Session_driver { } // Check for update time - if ($config['sess_time_to_update'] && isset($_SESSION['last_activity']) && - ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now) + if ($config['sess_time_to_update'] && isset($_SESSION['last_activity']) + && ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now) { // Regenerate ID, but don't destroy session $this->sess_regenerate(FALSE); @@ -131,12 +146,13 @@ class CI_Session_native extends CI_Session_driver { $_SESSION['last_activity'] = $now; // Set matching values as required - if ($config['sess_match_ip'] == TRUE && !isset($_SESSION['ip_address'])) + if ($config['sess_match_ip'] === TRUE && ! isset($_SESSION['ip_address'])) { // Store user IP address $_SESSION['ip_address'] = $CI->input->ip_address(); } - if ($config['sess_match_useragent'] == TRUE && !isset($_SESSION['user_agent'])) + + if ($config['sess_match_useragent'] === TRUE && ! isset($_SESSION['user_agent'])) { // Store user agent string $_SESSION['user_agent'] = trim(substr($CI->input->user_agent(), 0, 50)); @@ -146,10 +162,11 @@ class CI_Session_native extends CI_Session_driver { $_SESSION['session_id'] = session_id(); } + // ------------------------------------------------------------------------ + /** * Save the session data * - * @access public * @return void */ public function sess_save() @@ -157,10 +174,11 @@ class CI_Session_native extends CI_Session_driver { // Nothing to do - changes to $_SESSION are automatically saved } + // ------------------------------------------------------------------------ + /** * Destroy the current session * - * @access public * @return void */ public function sess_destroy() @@ -178,13 +196,14 @@ class CI_Session_native extends CI_Session_driver { session_destroy(); } + // ------------------------------------------------------------------------ + /** * Regenerate the current session * * Regenerate the session id * - * @access public - * @param boolean Destroy session data flag (default: FALSE) + * @param bool Destroy session data flag (default: FALSE) * @return void */ public function sess_regenerate($destroy = FALSE) @@ -194,10 +213,11 @@ class CI_Session_native extends CI_Session_driver { $_SESSION['session_id'] = session_id(); } + // ------------------------------------------------------------------------ + /** * Get a reference to user data array * - * @access public * @return array Reference to userdata */ public function &get_userdata() @@ -205,7 +225,8 @@ class CI_Session_native extends CI_Session_driver { // Just return reference to $_SESSION return $_SESSION; } + } /* End of file Session_native.php */ -/* Location: ./system/libraries/Session/drivers/Session_native.php */ +/* Location: ./system/libraries/Session/drivers/Session_native.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b