| | |
|---|
| | | private $prev; |
|---|
| | | private $secret = ''; |
|---|
| | | private $ip_check = false; |
|---|
| | | private $logging = false; |
|---|
| | | private $keep_alive = 0; |
|---|
| | | private $memcache; |
|---|
| | | |
|---|
| | |
|---|
| | | $this->db = $db; |
|---|
| | | $this->start = microtime(true); |
|---|
| | | $this->ip = $_SERVER['REMOTE_ADDR']; |
|---|
| | | $this->logging = $config->get('log_session', false); |
|---|
| | | |
|---|
| | | $lifetime = $config->get('session_lifetime', 1) * 60; |
|---|
| | | $this->set_lifetime($lifetime); |
|---|
| | | |
|---|
| | | // use memcache backend |
|---|
| | | if ($config->get('session_storage', 'db') == 'memcache') { |
|---|
| | | $this->memcache = new Memcache; |
|---|
| | | $mc_available = 0; |
|---|
| | | foreach ($config->get('memcache_hosts', array()) as $host) { |
|---|
| | | list($host, $port) = explode(':', $host); |
|---|
| | | if (!$port) $port = 11211; |
|---|
| | | // add server and attempt to connect if not already done yet |
|---|
| | | if ($this->memcache->addServer($host, $port) && !$mc_available) |
|---|
| | | $mc_available += intval($this->memcache->connect($host, $port)); |
|---|
| | | } |
|---|
| | | $this->memcache = rcmail::get_instance()->get_memcache(); |
|---|
| | | |
|---|
| | | // set custom functions for PHP session management if memcache is available |
|---|
| | | if ($mc_available) { |
|---|
| | | if ($this->memcache) { |
|---|
| | | session_set_save_handler( |
|---|
| | | array($this, 'open'), |
|---|
| | | array($this, 'close'), |
|---|
| | |
|---|
| | | public function db_read($key) |
|---|
| | | { |
|---|
| | | $sql_result = $this->db->query( |
|---|
| | | sprintf("SELECT vars, ip, %s AS changed FROM %s WHERE sess_id = ?", |
|---|
| | | $this->db->unixtimestamp('changed'), get_table_name('session')), |
|---|
| | | "SELECT vars, ip, changed FROM ".get_table_name('session')." WHERE sess_id = ?", |
|---|
| | | $key); |
|---|
| | | |
|---|
| | | if ($sql_arr = $this->db->fetch_assoc($sql_result)) { |
|---|
| | | $this->changed = $sql_arr['changed']; |
|---|
| | | $this->changed = strtotime($sql_arr['changed']); |
|---|
| | | $this->ip = $sql_arr['ip']; |
|---|
| | | $this->vars = base64_decode($sql_arr['vars']); |
|---|
| | | $this->key = $key; |
|---|
| | |
|---|
| | | $this->cookie = $_COOKIE[$this->cookiename]; |
|---|
| | | $result = $this->ip_check ? $_SERVER['REMOTE_ADDR'] == $this->ip : true; |
|---|
| | | |
|---|
| | | if (!$result) |
|---|
| | | $this->log("IP check failed for " . $this->key . "; expected " . $this->ip . "; got " . $_SERVER['REMOTE_ADDR']); |
|---|
| | | |
|---|
| | | if ($result && $this->_mkcookie($this->now) != $this->cookie) { |
|---|
| | | // Check if using id from previous time slot |
|---|
| | | if ($this->_mkcookie($this->prev) == $this->cookie) |
|---|
| | | if ($this->_mkcookie($this->prev) == $this->cookie) { |
|---|
| | | $this->set_auth_cookie(); |
|---|
| | | else |
|---|
| | | } |
|---|
| | | else { |
|---|
| | | $result = false; |
|---|
| | | $this->log("Session authentication failed for " . $this->key . "; invalid auth cookie sent"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $result; |
|---|
| | |
|---|
| | | $auth_string = "$this->key,$this->secret,$timeslot"; |
|---|
| | | return "S" . (function_exists('sha1') ? sha1($auth_string) : md5($auth_string)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * |
|---|
| | | */ |
|---|
| | | function log($line) |
|---|
| | | { |
|---|
| | | if ($this->logging) |
|---|
| | | write_log('session', $line); |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
