From 57ffbbb98558be7dd4639b47e637c09fffb37dcb Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Sun, 25 Dec 2011 04:48:47 +0200
Subject: Improve the Session library

---
 system/libraries/Session.php | 149 +++++++++++++++++++------------------------
 1 file changed, 66 insertions(+), 83 deletions(-)

(limited to 'system')

diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 08d2ba4ba..ada97a032 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -1,13 +1,13 @@
-<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 /**
  * CodeIgniter
  *
  * An open source application development framework for PHP 5.1.6 or newer
  *
  * NOTICE OF LICENSE
- * 
+ *
  * Licensed under the Open Software License version 3.0
- * 
+ *
  * This source file is subject to the Open Software License (OSL 3.0) that is
  * bundled with this package in the files license.txt / license.rst.  It is
  * also available through the world wide web at this URL:
@@ -38,26 +38,26 @@
  */
 class CI_Session {
 
-	var $sess_encrypt_cookie		= FALSE;
-	var $sess_use_database			= FALSE;
-	var $sess_table_name			= '';
-	var $sess_expiration			= 7200;
-	var $sess_expire_on_close		= FALSE;
-	var $sess_match_ip				= FALSE;
-	var $sess_match_useragent		= TRUE;
-	var $sess_cookie_name			= 'ci_session';
-	var $cookie_prefix				= '';
-	var $cookie_path				= '';
-	var $cookie_domain				= '';
-	var $cookie_secure				= FALSE;
-	var $sess_time_to_update		= 300;
-	var $encryption_key				= '';
-	var $flashdata_key				= 'flash';
-	var $time_reference				= 'time';
-	var $gc_probability				= 5;
-	var $userdata					= array();
-	var $CI;
-	var $now;
+	public $sess_encrypt_cookie		= FALSE;
+	public $sess_use_database		= FALSE;
+	public $sess_table_name			= '';
+	public $sess_expiration			= 7200;
+	public $sess_expire_on_close		= FALSE;
+	public $sess_match_ip			= FALSE;
+	public $sess_match_useragent		= TRUE;
+	public $sess_cookie_name		= 'ci_session';
+	public $cookie_prefix			= '';
+	public $cookie_path			= '';
+	public $cookie_domain			= '';
+	public $cookie_secure			= FALSE;
+	public $sess_time_to_update		= 300;
+	public $encryption_key			= '';
+	public $flashdata_key			= 'flash';
+	public $time_reference			= 'time';
+	public $gc_probability			= 5;
+	public $userdata			= array();
+	public $CI;
+	public $now;
 
 	/**
 	 * Session Constructor
@@ -109,7 +109,7 @@ class CI_Session {
 		{
 			$this->sess_expiration = (60*60*24*365*2);
 		}
-		
+
 		// Set the cookie name
 		$this->sess_cookie_name = $this->cookie_prefix.$this->sess_cookie_name;
 
@@ -144,7 +144,7 @@ class CI_Session {
 	 * @access	public
 	 * @return	bool
 	 */
-	function sess_read()
+	public function sess_read()
 	{
 		// Fetch the cookie
 		$session = $this->CI->input->cookie($this->sess_cookie_name);
@@ -194,14 +194,14 @@ class CI_Session {
 		}
 
 		// Does the IP Match?
-		if ($this->sess_match_ip == TRUE AND $session['ip_address'] != $this->CI->input->ip_address())
+		if ($this->sess_match_ip == TRUE AND $session['ip_address'] !== $this->CI->input->ip_address())
 		{
 			$this->sess_destroy();
 			return FALSE;
 		}
 
 		// Does the User Agent Match?
-		if ($this->sess_match_useragent == TRUE AND trim($session['user_agent']) != trim(substr($this->CI->input->user_agent(), 0, 120)))
+		if ($this->sess_match_useragent == TRUE AND trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120)))
 		{
 			$this->sess_destroy();
 			return FALSE;
@@ -225,7 +225,7 @@ class CI_Session {
 			$query = $this->CI->db->get($this->sess_table_name);
 
 			// No result?  Kill it!
-			if ($query->num_rows() == 0)
+			if ($query->num_rows() === 0)
 			{
 				$this->sess_destroy();
 				return FALSE;
@@ -262,7 +262,7 @@ class CI_Session {
 	 * @access	public
 	 * @return	void
 	 */
-	function sess_write()
+	public function sess_write()
 	{
 		// Are we saving custom data to the DB?  If not, all we do is update the cookie
 		if ($this->sess_use_database === FALSE)
@@ -314,13 +314,14 @@ class CI_Session {
 	 * @access	public
 	 * @return	void
 	 */
-	function sess_create()
+	public function sess_create()
 	{
 		$sessid = '';
-		while (strlen($sessid) < 32)
+		do
 		{
 			$sessid .= mt_rand(0, mt_getrandmax());
 		}
+		while (strlen($sessid) < 32);
 
 		// To make the session ID even more secure we'll combine it with the user's IP
 		$sessid .= $this->CI->input->ip_address();
@@ -352,7 +353,7 @@ class CI_Session {
 	 * @access	public
 	 * @return	void
 	 */
-	function sess_update()
+	public function sess_update()
 	{
 		// We only update the session every five minutes by default
 		if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
@@ -364,19 +365,17 @@ class CI_Session {
 		// update in the database if we need it
 		$old_sessid = $this->userdata['session_id'];
 		$new_sessid = '';
-		while (strlen($new_sessid) < 32)
+		do
 		{
 			$new_sessid .= mt_rand(0, mt_getrandmax());
 		}
+		while (strlen($new_sessid) < 32);
 
 		// To make the session ID even more secure we'll combine it with the user's IP
 		$new_sessid .= $this->CI->input->ip_address();
 
-		// Turn it into a hash
-		$new_sessid = md5(uniqid($new_sessid, TRUE));
-
-		// Update the session data in the session data array
-		$this->userdata['session_id'] = $new_sessid;
+		// Turn it into a hash and update the session data array
+		$this->userdata['session_id'] = $new_sessid = md5(uniqid($new_sessid, TRUE));
 		$this->userdata['last_activity'] = $this->now;
 
 		// _set_cookie() will handle this for us if we aren't using database sessions
@@ -408,7 +407,7 @@ class CI_Session {
 	 * @access	public
 	 * @return	void
 	 */
-	function sess_destroy()
+	public function sess_destroy()
 	{
 		// Kill the session DB row
 		if ($this->sess_use_database === TRUE AND isset($this->userdata['session_id']))
@@ -437,7 +436,7 @@ class CI_Session {
 	 * @param	string
 	 * @return	string
 	 */
-	function userdata($item)
+	public function userdata($item)
 	{
 		return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item];
 	}
@@ -450,7 +449,7 @@ class CI_Session {
 	 * @access	public
 	 * @return	array
 	 */
-	function all_userdata()
+	public function all_userdata()
 	{
 		return $this->userdata;
 	}
@@ -465,7 +464,7 @@ class CI_Session {
 	 * @param	string
 	 * @return	void
 	 */
-	function set_userdata($newdata = array(), $newval = '')
+	public function set_userdata($newdata = array(), $newval = '')
 	{
 		if (is_string($newdata))
 		{
@@ -491,7 +490,7 @@ class CI_Session {
 	 * @access	array
 	 * @return	void
 	 */
-	function unset_userdata($newdata = array())
+	public function unset_userdata($newdata = array())
 	{
 		if (is_string($newdata))
 		{
@@ -520,7 +519,7 @@ class CI_Session {
 	 * @param	string
 	 * @return	void
 	 */
-	function set_flashdata($newdata = array(), $newval = '')
+	public function set_flashdata($newdata = array(), $newval = '')
 	{
 		if (is_string($newdata))
 		{
@@ -531,8 +530,7 @@ class CI_Session {
 		{
 			foreach ($newdata as $key => $val)
 			{
-				$flashdata_key = $this->flashdata_key.':new:'.$key;
-				$this->set_userdata($flashdata_key, $val);
+				$this->set_userdata($this->flashdata_key.':new:'.$key, $val);
 			}
 		}
 	}
@@ -546,17 +544,15 @@ class CI_Session {
 	 * @param	string
 	 * @return	void
 	 */
-	function keep_flashdata($key)
+	public function keep_flashdata($key)
 	{
 		// 'old' flashdata gets removed.  Here we mark all
 		// flashdata as 'new' to preserve it from _flashdata_sweep()
 		// Note the function will return FALSE if the $key
 		// provided cannot be found
-		$old_flashdata_key = $this->flashdata_key.':old:'.$key;
-		$value = $this->userdata($old_flashdata_key);
+		$value = $this->userdata($this->flashdata_key.':old:'.$key);
 
-		$new_flashdata_key = $this->flashdata_key.':new:'.$key;
-		$this->set_userdata($new_flashdata_key, $value);
+		$this->set_userdata($this->flashdata_key.':new:'.$key, $value);
 	}
 
 	// ------------------------------------------------------------------------
@@ -568,10 +564,9 @@ class CI_Session {
 	 * @param	string
 	 * @return	string
 	 */
-	function flashdata($key)
+	public function flashdata($key)
 	{
-		$flashdata_key = $this->flashdata_key.':old:'.$key;
-		return $this->userdata($flashdata_key);
+		return $this->userdata($this->flashdata_key.':old:'.$key);
 	}
 
 	// ------------------------------------------------------------------------
@@ -583,7 +578,7 @@ class CI_Session {
 	 * @access	private
 	 * @return	void
 	 */
-	function _flashdata_mark()
+	private function _flashdata_mark()
 	{
 		$userdata = $this->all_userdata();
 		foreach ($userdata as $name => $value)
@@ -591,8 +586,7 @@ class CI_Session {
 			$parts = explode(':new:', $name);
 			if (is_array($parts) && count($parts) === 2)
 			{
-				$new_name = $this->flashdata_key.':old:'.$parts[1];
-				$this->set_userdata($new_name, $value);
+				$this->set_userdata($this->flashdata_key.':old:'.$parts[1], $value);
 				$this->unset_userdata($name);
 			}
 		}
@@ -607,7 +601,7 @@ class CI_Session {
 	 * @return	void
 	 */
 
-	function _flashdata_sweep()
+	private function _flashdata_sweep()
 	{
 		$userdata = $this->all_userdata();
 		foreach ($userdata as $key => $value)
@@ -628,19 +622,11 @@ class CI_Session {
 	 * @access	private
 	 * @return	string
 	 */
-	function _get_time()
+	private function _get_time()
 	{
-		if (strtolower($this->time_reference) == 'gmt')
-		{
-			$now = time();
-			$time = mktime(gmdate("H", $now), gmdate("i", $now), gmdate("s", $now), gmdate("m", $now), gmdate("d", $now), gmdate("Y", $now));
-		}
-		else
-		{
-			$time = time();
-		}
-
-		return $time;
+		$now = time();
+		return (strtolower($this->time_reference) === 'gmt') ?
+			mktime(gmdate('H', $now), gmdate('i', $now), gmdate('s', $now), gmdate('m', $now), gmdate('d', $now), gmdate('Y', $now)) : $now;
 	}
 
 	// --------------------------------------------------------------------
@@ -651,7 +637,7 @@ class CI_Session {
 	 * @access	public
 	 * @return	void
 	 */
-	function _set_cookie($cookie_data = NULL)
+	private function _set_cookie($cookie_data = NULL)
 	{
 		if (is_null($cookie_data))
 		{
@@ -696,22 +682,19 @@ class CI_Session {
 	 * @param	array
 	 * @return	string
 	 */
-	function _serialize($data)
+	private function _serialize($data)
 	{
 		if (is_array($data))
 		{
 			array_walk_recursive($data, array(&$this, '_escape_slashes'));
 		}
-		else
+		elseif (is_string($data))
 		{
-			if (is_string($data))
-			{
-				$data = str_replace('\\', '{{slash}}', $data);
-			}
+			$data = str_replace('\\', '{{slash}}', $data);
 		}
 		return serialize($data);
 	}
-	
+
 	/**
 	 * Escape slashes
 	 *
@@ -739,7 +722,7 @@ class CI_Session {
 	 * @param	array
 	 * @return	string
 	 */
-	function _unserialize($data)
+	private function _unserialize($data)
 	{
 		$data = @unserialize(strip_slashes($data));
 
@@ -751,7 +734,7 @@ class CI_Session {
 
 		return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
 	}
-	
+
 	/**
 	 * Unescape slashes
 	 *
@@ -759,7 +742,7 @@ class CI_Session {
 	 *
 	 * @access	private
 	 */
-	function _unescape_slashes(&$val, $key)
+	private function _unescape_slashes(&$val, $key)
 	{
 		if (is_string($val))
 		{
@@ -778,7 +761,7 @@ class CI_Session {
 	 * @access	public
 	 * @return	void
 	 */
-	function _sess_gc()
+	private function _sess_gc()
 	{
 		if ($this->sess_use_database != TRUE)
 		{
@@ -802,4 +785,4 @@ class CI_Session {
 // END Session Class
 
 /* End of file Session.php */
-/* Location: ./system/libraries/Session.php */
\ No newline at end of file
+/* Location: ./system/libraries/Session.php */
-- 
cgit v1.2.3-24-g4f1b


From 2c79b76c566e96adde0ed9efc3a37e6268c64fce Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Mon, 26 Dec 2011 16:54:44 +0200
Subject: Replace private with protected, so the class can be easily extended

---
 system/libraries/Session.php | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

(limited to 'system')

diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index ada97a032..319860794 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -575,10 +575,10 @@ class CI_Session {
 	 * Identifies flashdata as 'old' for removal
 	 * when _flashdata_sweep() runs.
 	 *
-	 * @access	private
+	 * @access	protected
 	 * @return	void
 	 */
-	private function _flashdata_mark()
+	protected function _flashdata_mark()
 	{
 		$userdata = $this->all_userdata();
 		foreach ($userdata as $name => $value)
@@ -597,11 +597,11 @@ class CI_Session {
 	/**
 	 * Removes all flashdata marked as 'old'
 	 *
-	 * @access	private
+	 * @access	protected
 	 * @return	void
 	 */
 
-	private function _flashdata_sweep()
+	protected function _flashdata_sweep()
 	{
 		$userdata = $this->all_userdata();
 		foreach ($userdata as $key => $value)
@@ -619,10 +619,10 @@ class CI_Session {
 	/**
 	 * Get the "now" time
 	 *
-	 * @access	private
+	 * @access	protected
 	 * @return	string
 	 */
-	private function _get_time()
+	protected function _get_time()
 	{
 		$now = time();
 		return (strtolower($this->time_reference) === 'gmt') ?
@@ -637,7 +637,7 @@ class CI_Session {
 	 * @access	public
 	 * @return	void
 	 */
-	private function _set_cookie($cookie_data = NULL)
+	protected function _set_cookie($cookie_data = NULL)
 	{
 		if (is_null($cookie_data))
 		{
@@ -678,11 +678,11 @@ class CI_Session {
 	 * This function first converts any slashes found in the array to a temporary
 	 * marker, so when it gets unserialized the slashes will be preserved
 	 *
-	 * @access	private
+	 * @access	protected
 	 * @param	array
 	 * @return	string
 	 */
-	private function _serialize($data)
+	protected function _serialize($data)
 	{
 		if (is_array($data))
 		{
@@ -700,7 +700,7 @@ class CI_Session {
 	 *
 	 * This function converts any slashes found into a temporary marker
 	 *
-	 * @access	private
+	 * @access	protected
 	 */
 	function _escape_slashes(&$val, $key)
 	{
@@ -718,11 +718,11 @@ class CI_Session {
 	 * This function unserializes a data string, then converts any
 	 * temporary slash markers back to actual slashes
 	 *
-	 * @access	private
+	 * @access	protected
 	 * @param	array
 	 * @return	string
 	 */
-	private function _unserialize($data)
+	protected function _unserialize($data)
 	{
 		$data = @unserialize(strip_slashes($data));
 
@@ -740,9 +740,9 @@ class CI_Session {
 	 *
 	 * This function converts any slash markers back into actual slashes
 	 *
-	 * @access	private
+	 * @access	protected
 	 */
-	private function _unescape_slashes(&$val, $key)
+	protected function _unescape_slashes(&$val, $key)
 	{
 		if (is_string($val))
 		{
@@ -761,7 +761,7 @@ class CI_Session {
 	 * @access	public
 	 * @return	void
 	 */
-	private function _sess_gc()
+	protected function _sess_gc()
 	{
 		if ($this->sess_use_database != TRUE)
 		{
-- 
cgit v1.2.3-24-g4f1b


From 85f018f7cfd7596f06c600e83f0fc9bb2e6efdbf Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Tue, 27 Dec 2011 02:52:36 +0200
Subject: Remove access lines from method descriptions and rollback a previous
 change

---
 system/libraries/Session.php | 31 +++++++------------------------
 1 file changed, 7 insertions(+), 24 deletions(-)

(limited to 'system')

diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 319860794..137b037b8 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -141,7 +141,6 @@ class CI_Session {
 	/**
 	 * Fetch the current session data if it exists
 	 *
-	 * @access	public
 	 * @return	bool
 	 */
 	public function sess_read()
@@ -259,7 +258,6 @@ class CI_Session {
 	/**
 	 * Write the session data
 	 *
-	 * @access	public
 	 * @return	void
 	 */
 	public function sess_write()
@@ -311,7 +309,6 @@ class CI_Session {
 	/**
 	 * Create a new session
 	 *
-	 * @access	public
 	 * @return	void
 	 */
 	public function sess_create()
@@ -350,7 +347,6 @@ class CI_Session {
 	/**
 	 * Update an existing session
 	 *
-	 * @access	public
 	 * @return	void
 	 */
 	public function sess_update()
@@ -404,7 +400,6 @@ class CI_Session {
 	/**
 	 * Destroy the current session
 	 *
-	 * @access	public
 	 * @return	void
 	 */
 	public function sess_destroy()
@@ -432,7 +427,6 @@ class CI_Session {
 	/**
 	 * Fetch a specific item from the session array
 	 *
-	 * @access	public
 	 * @param	string
 	 * @return	string
 	 */
@@ -446,7 +440,6 @@ class CI_Session {
 	/**
 	 * Fetch all session data
 	 *
-	 * @access	public
 	 * @return	array
 	 */
 	public function all_userdata()
@@ -459,7 +452,6 @@ class CI_Session {
 	/**
 	 * Add or change data in the "userdata" array
 	 *
-	 * @access	public
 	 * @param	mixed
 	 * @param	string
 	 * @return	void
@@ -487,7 +479,6 @@ class CI_Session {
 	/**
 	 * Delete a session variable from the "userdata" array
 	 *
-	 * @access	array
 	 * @return	void
 	 */
 	public function unset_userdata($newdata = array())
@@ -514,7 +505,6 @@ class CI_Session {
 	 * Add or change flashdata, only available
 	 * until the next request
 	 *
-	 * @access	public
 	 * @param	mixed
 	 * @param	string
 	 * @return	void
@@ -540,7 +530,6 @@ class CI_Session {
 	/**
 	 * Keeps existing flashdata available to next request.
 	 *
-	 * @access	public
 	 * @param	string
 	 * @return	void
 	 */
@@ -560,7 +549,6 @@ class CI_Session {
 	/**
 	 * Fetch a specific flashdata item from the session array
 	 *
-	 * @access	public
 	 * @param	string
 	 * @return	string
 	 */
@@ -575,7 +563,6 @@ class CI_Session {
 	 * Identifies flashdata as 'old' for removal
 	 * when _flashdata_sweep() runs.
 	 *
-	 * @access	protected
 	 * @return	void
 	 */
 	protected function _flashdata_mark()
@@ -597,7 +584,6 @@ class CI_Session {
 	/**
 	 * Removes all flashdata marked as 'old'
 	 *
-	 * @access	protected
 	 * @return	void
 	 */
 
@@ -619,14 +605,17 @@ class CI_Session {
 	/**
 	 * Get the "now" time
 	 *
-	 * @access	protected
 	 * @return	string
 	 */
 	protected function _get_time()
 	{
-		$now = time();
-		return (strtolower($this->time_reference) === 'gmt') ?
-			mktime(gmdate('H', $now), gmdate('i', $now), gmdate('s', $now), gmdate('m', $now), gmdate('d', $now), gmdate('Y', $now)) : $now;
+		if (strtolower($this->time_reference) === 'gmt')
+		{
+			$now = time();
+			return mktime(gmdate('H', $now), gmdate('i', $now), gmdate('s', $now), gmdate('m', $now), gmdate('d', $now), gmdate('Y', $now));
+		}
+
+		return time();
 	}
 
 	// --------------------------------------------------------------------
@@ -634,7 +623,6 @@ class CI_Session {
 	/**
 	 * Write the session cookie
 	 *
-	 * @access	public
 	 * @return	void
 	 */
 	protected function _set_cookie($cookie_data = NULL)
@@ -678,7 +666,6 @@ class CI_Session {
 	 * This function first converts any slashes found in the array to a temporary
 	 * marker, so when it gets unserialized the slashes will be preserved
 	 *
-	 * @access	protected
 	 * @param	array
 	 * @return	string
 	 */
@@ -700,7 +687,6 @@ class CI_Session {
 	 *
 	 * This function converts any slashes found into a temporary marker
 	 *
-	 * @access	protected
 	 */
 	function _escape_slashes(&$val, $key)
 	{
@@ -718,7 +704,6 @@ class CI_Session {
 	 * This function unserializes a data string, then converts any
 	 * temporary slash markers back to actual slashes
 	 *
-	 * @access	protected
 	 * @param	array
 	 * @return	string
 	 */
@@ -740,7 +725,6 @@ class CI_Session {
 	 *
 	 * This function converts any slash markers back into actual slashes
 	 *
-	 * @access	protected
 	 */
 	protected function _unescape_slashes(&$val, $key)
 	{
@@ -758,7 +742,6 @@ class CI_Session {
 	 * This deletes expired session rows from database
 	 * if the probability percentage is met
 	 *
-	 * @access	public
 	 * @return	void
 	 */
 	protected function _sess_gc()
-- 
cgit v1.2.3-24-g4f1b