| | |
| | | } |
| | | |
| | | /** |
| | | * Create session cookie from session data |
| | | * Create session cookie from session data. |
| | | * The cookie will be hashed using a method defined by session.hash_function. |
| | | * |
| | | * @param int Time slot to use |
| | | * |
| | | * @return string |
| | | */ |
| | | function _mkcookie($timeslot) |
| | | protected function _mkcookie($timeslot) |
| | | { |
| | | $auth_string = "$this->key,$this->secret,$timeslot"; |
| | | return "S" . (function_exists('sha1') ? sha1($auth_string) : md5($auth_string)); |
| | | $hash_method = (string) ini_get('session.hash_function'); |
| | | $hash_nbits = (int) ini_get('session.hash_bits_per_character'); |
| | | |
| | | if (!$hash_method) { |
| | | $hash_method = 'md5'; |
| | | } |
| | | else if ($hash_method === '1') { |
| | | $hash_method = 'sha1'; |
| | | } |
| | | |
| | | if ($hash_nbits < 4 || $hash_nbits > 6) { |
| | | $hash_nbits = 4; |
| | | } |
| | | |
| | | // Hash the authentication string |
| | | $hash = openssl_digest($auth_string, $hash_method, true); |
| | | |
| | | // Above method returns "hexits". To be really compatible |
| | | // with session hashes generated by PHP core we'll get |
| | | // a raw (binary) hash and convert it to a readable form |
| | | // as in bin_to_readable() function in ext/session/session.c. |
| | | $hextab = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-"; |
| | | $length = strlen($hash); |
| | | $result = ''; |
| | | $char = 0; |
| | | $i = 0; |
| | | $have = 0; |
| | | $mask = (1 << $hash_nbits) - 1; |
| | | |
| | | while (true) { |
| | | if ($have < $hash_nbits) { |
| | | if ($i < $length) { |
| | | $char |= ord($hash[$i++]) << $have; |
| | | $have += 8; |
| | | } |
| | | else if (!$have) { |
| | | break; |
| | | } |
| | | else { |
| | | $have = $hash_nbits; |
| | | } |
| | | } |
| | | |
| | | // consume nbits |
| | | $result .= $hextab[$char & $mask]; |
| | | $char >>= $hash_nbits; |
| | | $have -= $hash_nbits; |
| | | } |
| | | |
| | | return $result; |
| | | } |
| | | |
| | | /** |