2010-07-01 19:48:07 -04:00
|
|
|
<?php
|
|
|
|
// Session management functions. These provide database storage of PHP
|
|
|
|
// session info.
|
|
|
|
|
2017-09-14 01:40:23 -04:00
|
|
|
use Friendica\Core\Config;
|
2017-11-07 22:57:46 -05:00
|
|
|
use Friendica\Database\DBM;
|
2017-09-14 01:40:23 -04:00
|
|
|
|
2016-10-23 17:59:40 -04:00
|
|
|
require_once('include/cache.php');
|
|
|
|
|
2010-07-01 19:48:07 -04:00
|
|
|
$session_exists = 0;
|
|
|
|
$session_expire = 180000;
|
|
|
|
|
2016-10-23 17:59:40 -04:00
|
|
|
function ref_session_open($s, $n) {
|
2015-12-07 15:52:42 -05:00
|
|
|
return true;
|
2016-10-23 17:59:40 -04:00
|
|
|
}
|
2010-07-01 19:48:07 -04:00
|
|
|
|
2016-10-23 17:59:40 -04:00
|
|
|
function ref_session_read($id) {
|
2015-12-07 15:52:42 -05:00
|
|
|
global $session_exists;
|
|
|
|
|
2016-10-23 17:59:40 -04:00
|
|
|
if (!x($id)) {
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
|
|
|
$memcache = cache::memcache();
|
|
|
|
if (is_object($memcache)) {
|
|
|
|
$data = $memcache->get(get_app()->get_hostname().":session:".$id);
|
|
|
|
if (!is_bool($data)) {
|
2017-10-31 12:03:01 -04:00
|
|
|
$session_exists = true;
|
2016-10-23 17:59:40 -04:00
|
|
|
return $data;
|
|
|
|
}
|
|
|
|
logger("no data for session $id", LOGGER_TRACE);
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
2017-10-31 12:03:01 -04:00
|
|
|
$r = dba::select('session', array('data'), array('sid' => $id), array('limit' => 1));
|
2017-11-07 22:57:46 -05:00
|
|
|
if (DBM::is_result($r)) {
|
2015-12-07 15:52:42 -05:00
|
|
|
$session_exists = true;
|
2017-10-31 12:03:01 -04:00
|
|
|
return $r['data'];
|
2015-12-07 15:52:42 -05:00
|
|
|
} else {
|
|
|
|
logger("no data for session $id", LOGGER_TRACE);
|
|
|
|
}
|
2016-10-23 17:59:40 -04:00
|
|
|
|
2015-12-07 15:52:42 -05:00
|
|
|
return '';
|
2016-10-23 17:59:40 -04:00
|
|
|
}
|
2010-07-01 19:48:07 -04:00
|
|
|
|
2016-10-28 22:14:51 -04:00
|
|
|
/**
|
|
|
|
* @brief Standard PHP session write callback
|
|
|
|
*
|
|
|
|
* This callback updates the DB-stored session data and/or the expiration depending
|
|
|
|
* on the case. Uses the $session_expire global for existing session, 5 minutes
|
|
|
|
* for newly created session.
|
|
|
|
*
|
|
|
|
* @global bool $session_exists Whether a session with the given id already exists
|
|
|
|
* @global int $session_expire Session expiration delay in seconds
|
|
|
|
* @param string $id Session ID with format: [a-z0-9]{26}
|
|
|
|
* @param string $data Serialized session data
|
|
|
|
* @return boolean Returns false if parameters are missing, true otherwise
|
|
|
|
*/
|
|
|
|
function ref_session_write($id, $data) {
|
2015-12-07 15:52:42 -05:00
|
|
|
global $session_exists, $session_expire;
|
|
|
|
|
2016-10-28 22:14:51 -04:00
|
|
|
if (!$id || !$data) {
|
2015-12-07 15:52:42 -05:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$expire = time() + $session_expire;
|
|
|
|
$default_expire = time() + 300;
|
|
|
|
|
2016-10-23 17:59:40 -04:00
|
|
|
$memcache = cache::memcache();
|
2017-01-20 17:22:05 -05:00
|
|
|
$a = get_app();
|
2017-06-07 22:00:59 -04:00
|
|
|
if (is_object($memcache) && is_object($a)) {
|
2017-01-20 17:22:05 -05:00
|
|
|
$memcache->set($a->get_hostname().":session:".$id, $data, MEMCACHE_COMPRESSED, $expire);
|
2016-10-23 17:59:40 -04:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-10-28 22:14:51 -04:00
|
|
|
if ($session_exists) {
|
2017-10-31 12:03:01 -04:00
|
|
|
$fields = array('data' => $data, 'expire' => $expire);
|
2017-10-31 15:28:39 -04:00
|
|
|
$condition = array("`sid` = ? AND (`data` != ? OR `expire` != ?)", $id, $data, $expire);
|
2017-10-31 12:03:01 -04:00
|
|
|
dba::update('session', $fields, $condition);
|
2016-10-28 22:14:51 -04:00
|
|
|
} else {
|
2017-10-31 12:03:01 -04:00
|
|
|
$fields = array('sid' => $id, 'expire' => $default_expire, 'data' => $data);
|
|
|
|
dba::insert('session', $fields);
|
2016-10-28 22:14:51 -04:00
|
|
|
}
|
2015-12-07 15:52:42 -05:00
|
|
|
|
|
|
|
return true;
|
2016-10-28 22:14:51 -04:00
|
|
|
}
|
2010-07-01 19:48:07 -04:00
|
|
|
|
|
|
|
function ref_session_close() {
|
2015-12-07 15:52:42 -05:00
|
|
|
return true;
|
2016-10-23 17:59:40 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
function ref_session_destroy($id) {
|
|
|
|
$memcache = cache::memcache();
|
|
|
|
|
|
|
|
if (is_object($memcache)) {
|
|
|
|
$memcache->delete(get_app()->get_hostname().":session:".$id);
|
|
|
|
return true;
|
|
|
|
}
|
2010-07-01 19:48:07 -04:00
|
|
|
|
2017-10-31 12:03:01 -04:00
|
|
|
dba::delete('session', array('sid' => $id));
|
2015-12-07 15:52:42 -05:00
|
|
|
return true;
|
2016-10-23 17:59:40 -04:00
|
|
|
}
|
2010-07-01 19:48:07 -04:00
|
|
|
|
|
|
|
function ref_session_gc($expire) {
|
2017-10-31 12:03:01 -04:00
|
|
|
dba::delete('session', array("`expire` < ?", time()));
|
2015-12-07 15:52:42 -05:00
|
|
|
return true;
|
2016-10-23 17:59:40 -04:00
|
|
|
}
|
2010-07-01 19:48:07 -04:00
|
|
|
|
|
|
|
$gc_probability = 50;
|
|
|
|
|
|
|
|
ini_set('session.gc_probability', $gc_probability);
|
|
|
|
ini_set('session.use_only_cookies', 1);
|
|
|
|
ini_set('session.cookie_httponly', 1);
|
|
|
|
|
2017-09-14 01:40:23 -04:00
|
|
|
if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL) {
|
|
|
|
ini_set('session.cookie_secure', 1);
|
|
|
|
}
|
|
|
|
|
2017-11-06 21:22:52 -05:00
|
|
|
if (!Config::get('system', 'disable_database_session')) {
|
2015-12-22 05:25:37 -05:00
|
|
|
session_set_save_handler('ref_session_open', 'ref_session_close',
|
|
|
|
'ref_session_read', 'ref_session_write',
|
|
|
|
'ref_session_destroy', 'ref_session_gc');
|
2016-10-23 17:59:40 -04:00
|
|
|
}
|