Roundcubemail devel
view | history | commit | commitdiff
till
2008-02-20 d4517648ad79cc62e590b851afa69858393cf8dc
commit | author | age
4e17e6 1 <?php
T 2
3 /*
4  +-----------------------------------------------------------------------+
5  | program/include/session.inc                                           |
6  |                                                                       |
7  | This file is part of the RoundCube Webmail client                     |
5349b7 8  | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland                 |
30233b 9  | Licensed under the GNU GPL                                            |
4e17e6 10  |                                                                       |
T 11  | PURPOSE:                                                              |
12  |   Provide database supported session management                       |
13  |                                                                       |
14  +-----------------------------------------------------------------------+
15  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
16  +-----------------------------------------------------------------------+
17
18  $Id$
19
20 */
21
22
23 function sess_open($save_path, $session_name)
24   {
25   return TRUE;
26   }
27
28
29
30 function sess_close()
31   {
32   return TRUE;
33   }
34
35
36 // read session data
37 function sess_read($key)
38   {
aad6e2 39   global $DB, $SESS_CHANGED, $SESS_CLIENT_IP;
T 40   
41   if ($DB->is_error())
42     return FALSE;
4e17e6 43   
d7cb77 44   $sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed
S 45                             FROM ".get_table_name('session')."
46                             WHERE  sess_id=?",
47                             $key);
4e17e6 48
T 49   if ($sql_arr = $DB->fetch_assoc($sql_result))
50     {
e170b4 51     $SESS_CHANGED = $sql_arr['changed'];
aad6e2 52     $SESS_CLIENT_IP = $sql_arr['ip'];
4e17e6 53
T 54     if (strlen($sql_arr['vars']))
55       return $sql_arr['vars'];
56     }
57
58   return FALSE;
59   }
60   
61
62 // save session data
63 function sess_write($key, $vars)
64   {
65   global $DB;
aad6e2 66   
T 67   if ($DB->is_error())
68     return FALSE;
1cded8 69
d7cb77 70   $sql_result = $DB->query("SELECT 1
S 71                             FROM ".get_table_name('session')."
72                             WHERE  sess_id=?",
73                             $key);
4e17e6 74
T 75   if ($DB->num_rows($sql_result))
76     {
77     session_decode($vars);
d7cb77 78     $DB->query("UPDATE ".get_table_name('session')."
S 79                 SET    vars=?,
107bde 80                        changed=".$DB->now()."
d7cb77 81                 WHERE  sess_id=?",
S 82                 $vars,
83                 $key);
4e17e6 84     }
T 85   else
86     {
d7cb77 87     $DB->query("INSERT INTO ".get_table_name('session')."
S 88                 (sess_id, vars, ip, created, changed)
107bde 89                 VALUES (?, ?, ?, ".$DB->now().", ".$DB->now().")",
d7cb77 90                 $key,
S 91                 $vars,
92                 $_SERVER['REMOTE_ADDR']);
1cded8 93                 
T 94
4e17e6 95     }
T 96
97   return TRUE;
98   }
99
100
101 // handler for session_destroy()
102 function sess_destroy($key)
103   {
104   global $DB;
105   
aad6e2 106   if ($DB->is_error())
T 107     return FALSE;
108   
d7cb77 109   // delete session entries in cache table
S 110   $DB->query("DELETE FROM ".get_table_name('cache')."
111               WHERE  session_id=?",
112               $key);
113               
114   $DB->query("DELETE FROM ".get_table_name('session')."
115               WHERE sess_id=?",
116               $key);
1cded8 117
4e17e6 118   return TRUE;
T 119   }
120
121
122 // garbage collecting function
123 function sess_gc($maxlifetime)
124   {
125   global $DB;
aad6e2 126
T 127   if ($DB->is_error())
128     return FALSE;
4e17e6 129
T 130   // get all expired sessions  
d7cb77 131   $sql_result = $DB->query("SELECT sess_id
S 132                             FROM ".get_table_name('session')."
107bde 133                             WHERE ".$DB->unixtimestamp($DB->now())."-".$DB->unixtimestamp('changed')." > ?",
d7cb77 134                             $maxlifetime);
4e17e6 135                                    
T 136   $a_exp_sessions = array();
137   while ($sql_arr = $DB->fetch_assoc($sql_result))
138     $a_exp_sessions[] = $sql_arr['sess_id'];
139
140   
141   if (sizeof($a_exp_sessions))
142     {
d7cb77 143     // delete session cache records
S 144     $DB->query("DELETE FROM ".get_table_name('cache')."
145                 WHERE  session_id IN ('".join("','", $a_exp_sessions)."')");
146                 
4e17e6 147     // delete session records
d7cb77 148     $DB->query("DELETE FROM ".get_table_name('session')."
S 149                 WHERE sess_id IN ('".join("','", $a_exp_sessions)."')");
4e17e6 150     }
T 151
cc9570 152   // also run message cache GC
T 153   rcmail_message_cache_gc();
70d4b9 154   rcmail_temp_gc();
cc9570 155
4e17e6 156   return TRUE;
T 157   }
158
159
aad6e2 160 function sess_regenerate_id()
T 161   {
162   $randlen = 32;
163   $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
164   $random = "";
165   for ($i=1; $i <= $randlen; $i++)
166     $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1);
167
168   // use md5 value for id or remove capitals from string $randval
169   $random = md5($random);
170
171   // delete old session record
172   sess_destroy(session_id());
173
174   session_id($random);
2912db 175
T 176   $cookie    = session_get_cookie_params();
177   $_lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0;
178
179   setcookie(session_name(), '', time() - 3600);
180   setcookie(session_name(), $random, $_lifetime, $cookie['path'],
181     $cookie['domain']);
aad6e2 182
T 183   return true;
184   }
185
186
4e17e6 187 // set custom functions for PHP session management
T 188 session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy', 'sess_gc');
189
190 ?>