| commit | author | age | ||
| 4e17e6 | 1 | <?php |
| T | 2 | |
| 3 | /* | |
| 4 | +-----------------------------------------------------------------------+ | |
| 5 | | program/include/session.inc | | |
| 6 | | | | |
| 7 | | This file is part of the RoundCube Webmail client | | |
| 2e3ce3 | 8 | | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland | |
| 30233b | 9 | | Licensed under the GNU GPL | |
| 4e17e6 | 10 | | | |
| T | 11 | | PURPOSE: | |
| 12 | | Provide database supported session management | | |
| 13 | | | | |
| 14 | +-----------------------------------------------------------------------+ | |
| 15 | | Author: Thomas Bruederli <roundcube@gmail.com> | | |
| 16 | +-----------------------------------------------------------------------+ | |
| 17 | ||
| 18 | $Id$ | |
| 19 | ||
| 20 | */ | |
| 21 | ||
| 22 | ||
| 2e3ce3 | 23 | function rcube_sess_open($save_path, $session_name) |
| T | 24 | { |
| 25 | return true; | |
| 26 | } | |
| 4e17e6 | 27 | |
| T | 28 | |
| 2e3ce3 | 29 | function rcube_sess_close() |
| T | 30 | { |
| 31 | return true; | |
| 32 | } | |
| 4e17e6 | 33 | |
| T | 34 | |
| 35 | // read session data | |
| 2e3ce3 | 36 | function rcube_sess_read($key) |
| T | 37 | { |
| 38 | global $SESS_CHANGED, $SESS_CLIENT_IP; | |
| aad6e2 | 39 | |
| 2e3ce3 | 40 | $DB = rcmail::get_instance()->get_dbh(); |
| 4e17e6 | 41 | |
| 2e3ce3 | 42 | if ($DB->is_error()) { |
| T | 43 | return false; |
| 44 | } | |
| 45 | ||
| 46 | $sql_result = $DB->query( | |
| 47 | "SELECT vars, ip, " . $DB->unixtimestamp('changed') . " AS changed | |
| 48 | FROM " . get_table_name('session') . " | |
| 49 | WHERE sess_id=?", | |
| 50 | $key); | |
| 4e17e6 | 51 | |
| 2e3ce3 | 52 | if ($sql_arr = $DB->fetch_assoc($sql_result)) { |
| e170b4 | 53 | $SESS_CHANGED = $sql_arr['changed']; |
| aad6e2 | 54 | $SESS_CLIENT_IP = $sql_arr['ip']; |
| 4e17e6 | 55 | |
| T | 56 | if (strlen($sql_arr['vars'])) |
| 57 | return $sql_arr['vars']; | |
| 58 | } | |
| 2e3ce3 | 59 | |
| T | 60 | return false; |
| 61 | } | |
| 4e17e6 | 62 | |
| T | 63 | |
| 64 | // save session data | |
| 2e3ce3 | 65 | function rcube_sess_write($key, $vars) |
| T | 66 | { |
| 67 | $DB = rcmail::get_instance()->get_dbh(); | |
| aad6e2 | 68 | |
| 2e3ce3 | 69 | if ($DB->is_error()) { |
| T | 70 | return false; |
| 4e17e6 | 71 | } |
| 2e3ce3 | 72 | |
| T | 73 | $sql_result = $DB->query( |
| 74 | "SELECT 1 FROM " . get_table_name('session') . " | |
| 75 | WHERE sess_id=?", | |
| 76 | $key); | |
| 77 | ||
| 78 | if ($DB->num_rows($sql_result)) { | |
| 79 | $DB->query( | |
| 80 | "UPDATE " . get_table_name('session') . " | |
| 81 | SET vars=?, changed=" . $DB->now() . " | |
| 82 | WHERE sess_id=?", | |
| 83 | $vars, | |
| 84 | $key); | |
| 85 | } | |
| 86 | else { | |
| 87 | $DB->query( | |
| 88 | "INSERT INTO " . get_table_name('session') . " | |
| 89 | (sess_id, vars, ip, created, changed) | |
| 90 | VALUES (?, ?, ?, ".$DB->now().", ".$DB->now().")", | |
| 91 | $key, | |
| 92 | $vars, | |
| 93 | (string)$_SERVER['REMOTE_ADDR']); | |
| 94 | } | |
| 95 | ||
| 96 | return true; | |
| 97 | } | |
| 4e17e6 | 98 | |
| T | 99 | |
| 100 | // handler for session_destroy() | |
| 2e3ce3 | 101 | function rcube_sess_destroy($key) |
| T | 102 | { |
| 103 | $rcmail = rcmail::get_instance(); | |
| 104 | $DB = $rcmail->get_dbh(); | |
| 4e17e6 | 105 | |
| 2e3ce3 | 106 | if ($DB->is_error()) { |
| T | 107 | return false; |
| 4e17e6 | 108 | } |
| 2e3ce3 | 109 | |
| T | 110 | // delete session entries in cache table |
| 111 | if ($rcmail->config->get('enable_caching')) { | |
| 112 | $DB->query("DELETE FROM " . get_table_name('cache') . " WHERE session_id=?", $key); | |
| 113 | } | |
| 114 | ||
| 115 | $DB->query("DELETE FROM " . get_table_name('session') . " WHERE sess_id=?", $key); | |
| 116 | ||
| 117 | return true; | |
| 118 | } | |
| 4e17e6 | 119 | |
| T | 120 | |
| 121 | // garbage collecting function | |
| 2e3ce3 | 122 | function rcube_sess_gc($maxlifetime) |
| T | 123 | { |
| 124 | $rcmail = rcmail::get_instance(); | |
| 125 | $DB = $rcmail->get_dbh(); | |
| aad6e2 | 126 | |
| 2e3ce3 | 127 | if ($DB->is_error()) { |
| T | 128 | return false; |
| 4e17e6 | 129 | } |
| T | 130 | |
| a27406 | 131 | if ($rcmail->config->get('enable_caching')) { |
| A | 132 | // get all expired sessions |
| 133 | $sql_result = $DB->query( | |
| 134 | "SELECT sess_id | |
| 135 | FROM " . get_table_name('session') . " | |
| 136 | WHERE " . $DB->unixtimestamp($DB->now())."-".$DB->unixtimestamp('changed') . " > ?", | |
| 137 | $maxlifetime); | |
| 2e3ce3 | 138 | |
| a27406 | 139 | $exp_sessions = array(); |
| A | 140 | while ($sql_arr = $DB->fetch_assoc($sql_result)) { |
| 141 | $exp_sessions[] = $sql_arr['sess_id']; | |
| 2e3ce3 | 142 | } |
| T | 143 | |
| a27406 | 144 | if (sizeof($exp_sessions)) { |
| A | 145 | $exp_sessions = "'" . join("','", $exp_sessions) . "'"; |
| 146 | // delete session cache records | |
| 147 | $DB->query("DELETE FROM " . get_table_name('cache') . " | |
| 148 | WHERE session_id IN (" . $exp_sessions . ")"); | |
| 149 | ||
| 150 | // delete session records | |
| 151 | $DB->query("DELETE FROM " . get_table_name('session') . " | |
| 152 | WHERE sess_id IN (" . $exp_sessions . ")"); | |
| 153 | } | |
| 154 | ||
| 155 | // also run message cache GC | |
| 156 | rcmail_message_cache_gc(); | |
| 157 | ||
| 158 | } else { | |
| 159 | // just delete all expired sessions | |
| 2e3ce3 | 160 | $DB->query("DELETE FROM " . get_table_name('session') . " |
| a27406 | 161 | WHERE " . $DB->unixtimestamp($DB->now())."-".$DB->unixtimestamp('changed') . " > ?", |
| A | 162 | $maxlifetime); |
| 2e3ce3 | 163 | } |
| T | 164 | |
| 165 | rcmail_temp_gc(); | |
| 166 | ||
| 167 | return true; | |
| 168 | } | |
| 169 | ||
| 170 | ||
| 171 | function rcube_sess_regenerate_id() | |
| 172 | { | |
| aad6e2 | 173 | $randval = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; |
| 2e3ce3 | 174 | |
| T | 175 | for ($random = "", $i=1; $i <= 32; $i++) { |
| aad6e2 | 176 | $random .= substr($randval, rand(0,(strlen($randval) - 1)), 1); |
| 2e3ce3 | 177 | } |
| aad6e2 | 178 | |
| T | 179 | // use md5 value for id or remove capitals from string $randval |
| 180 | $random = md5($random); | |
| 181 | ||
| 182 | // delete old session record | |
| 2e3ce3 | 183 | rcube_sess_destroy(session_id()); |
| aad6e2 | 184 | |
| T | 185 | session_id($random); |
| 2912db | 186 | |
| 2e3ce3 | 187 | $cookie = session_get_cookie_params(); |
| T | 188 | $lifetime = $cookie['lifetime'] ? time() + $cookie['lifetime'] : 0; |
| 2912db | 189 | |
| cefd1d | 190 | rcmail::setcookie(session_name(), $random, $lifetime); |
| aad6e2 | 191 | |
| T | 192 | return true; |
| 2e3ce3 | 193 | } |
| aad6e2 | 194 | |
| T | 195 | |
| 4e17e6 | 196 | // set custom functions for PHP session management |
| 2e3ce3 | 197 | session_set_save_handler('rcube_sess_open', 'rcube_sess_close', 'rcube_sess_read', 'rcube_sess_write', 'rcube_sess_destroy', 'rcube_sess_gc'); |
| 4e17e6 | 198 | |
| T | 199 | ?> |
