kmj1996
/
Practice
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50 Commits
1 Branch
0 Tags
31 MiB
Tree: b2fab6b14c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b2fab6b14c'
${ noResults }
Practice/wheeparam/system/libraries/Session/drivers/Session_database_driver.php

420 lines
10 KiB
Raw Normal View History

v1.0.0
7 years ago
  1. <?php
  2. /**
  3. * CodeIgniter
  4. *
  5. * An open source application development framework for PHP
  6. *
  7. * This content is released under the MIT License (MIT)
  8. *
  9. * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
  10. *
  11. * Permission is hereby granted, free of charge, to any person obtaining a copy
  12. * of this software and associated documentation files (the "Software"), to deal
  13. * in the Software without restriction, including without limitation the rights
  14. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  15. * copies of the Software, and to permit persons to whom the Software is
  16. * furnished to do so, subject to the following conditions:
  17. *
  18. * The above copyright notice and this permission notice shall be included in
  19. * all copies or substantial portions of the Software.
  20. *
  21. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  22. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  23. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  24. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  25. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  26. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  27. * THE SOFTWARE.
  28. *
  29. * @package CodeIgniter
  30. * @author EllisLab Dev Team
  31. * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
  32. * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
  33. * @license http://opensource.org/licenses/MIT MIT License
  34. * @link https://codeigniter.com
  35. * @since Version 3.0.0
  36. * @filesource
  37. */
  38. defined('BASEPATH') OR exit('No direct script access allowed');
  40. /**
  41. * CodeIgniter Session Database Driver
  42. *
  43. * @package CodeIgniter
  44. * @subpackage Libraries
  45. * @category Sessions
  46. * @author Andrey Andreev
  47. * @link https://codeigniter.com/user_guide/libraries/sessions.html
  48. */
  49. class CI_Session_database_driver extends CI_Session_driver implements SessionHandlerInterface {
  51. /**
  52. * DB object
  53. *
  54. * @var object
  55. */
  56. protected $_db;
  58. /**
  59. * Row exists flag
  60. *
  61. * @var bool
  62. */
  63. protected $_row_exists = FALSE;
  65. /**
  66. * Lock "driver" flag
  67. *
  68. * @var string
  69. */
  70. protected $_platform;
  72. // ------------------------------------------------------------------------
  74. /**
  75. * Class constructor
  76. *
  77. * @param array $params Configuration parameters
  78. * @return void
  79. */
  80. public function __construct(&$params)
  81. {
  82. parent::__construct($params);
  84. $CI =& get_instance();
  85. isset($CI->db) OR $CI->load->database();
  86. $this->_db = $CI->db;
  88. if ( ! $this->_db instanceof CI_DB_query_builder)
  89. {
  90. throw new Exception('Query Builder not enabled for the configured database. Aborting.');
  91. }
  92. elseif ($this->_db->pconnect)
  93. {
  94. throw new Exception('Configured database connection is persistent. Aborting.');
  95. }
  96. elseif ($this->_db->cache_on)
  97. {
  98. throw new Exception('Configured database connection has cache enabled. Aborting.');
  99. }
  101. $db_driver = $this->_db->dbdriver.(empty($this->_db->subdriver) ? '' : '_'.$this->_db->subdriver);
  102. if (strpos($db_driver, 'mysql') !== FALSE)
  103. {
  104. $this->_platform = 'mysql';
  105. }
  106. elseif (in_array($db_driver, array('postgre', 'pdo_pgsql'), TRUE))
  107. {
  108. $this->_platform = 'postgre';
  109. }
  111. // Note: BC work-around for the old 'sess_table_name' setting, should be removed in the future.
  112. if ( ! isset($this->_config['save_path']) && ($this->_config['save_path'] = config_item('sess_table_name')))
  113. {
  114. log_message('debug', 'Session: "sess_save_path" is empty; using BC fallback to "sess_table_name".');
  115. }
  116. }
  118. // ------------------------------------------------------------------------
  120. /**
  121. * Open
  122. *
  123. * Initializes the database connection
  124. *
  125. * @param string $save_path Table name
  126. * @param string $name Session cookie name, unused
  127. * @return bool
  128. */
  129. public function open($save_path, $name)
  130. {
  131. if (empty($this->_db->conn_id) && ! $this->_db->db_connect())
  132. {
  133. return $this->_fail();
  134. }
  136. return $this->_success;
  137. }
  139. // ------------------------------------------------------------------------
  141. /**
  142. * Read
  143. *
  144. * Reads session data and acquires a lock
  145. *
  146. * @param string $session_id Session ID
  147. * @return string Serialized session data
  148. */
  149. public function read($session_id)
  150. {
  151. if ($this->_get_lock($session_id) !== FALSE)
  152. {
  153. // Prevent previous QB calls from messing with our queries
  154. $this->_db->reset_query();
  156. // Needed by write() to detect session_regenerate_id() calls
  157. $this->_session_id = $session_id;
  159. $this->_db
  160. ->select('data')
  161. ->from($this->_config['save_path'])
  162. ->where('id', $session_id);
  164. if ($this->_config['match_ip'])
  165. {
  166. $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
  167. }
  169. if ( ! ($result = $this->_db->get()) OR ($result = $result->row()) === NULL)
  170. {
  171. // PHP7 will reuse the same SessionHandler object after
  172. // ID regeneration, so we need to explicitly set this to
  173. // FALSE instead of relying on the default ...
  174. $this->_row_exists = FALSE;
  175. $this->_fingerprint = md5('');
  176. return '';
  177. }
  179. // PostgreSQL's variant of a BLOB datatype is Bytea, which is a
  180. // PITA to work with, so we use base64-encoded data in a TEXT
  181. // field instead.
  182. $result = ($this->_platform === 'postgre')
  183. ? base64_decode(rtrim($result->data))
  184. : $result->data;
  186. $this->_fingerprint = md5($result);
  187. $this->_row_exists = TRUE;
  188. return $result;
  189. }
  191. $this->_fingerprint = md5('');
  192. return '';
  193. }
  195. // ------------------------------------------------------------------------
  197. /**
  198. * Write
  199. *
  200. * Writes (create / update) session data
  201. *
  202. * @param string $session_id Session ID
  203. * @param string $session_data Serialized session data
  204. * @return bool
  205. */
  206. public function write($session_id, $session_data)
  207. {
  208. // Prevent previous QB calls from messing with our queries
  209. $this->_db->reset_query();
  211. // Was the ID regenerated?
  212. if (isset($this->_session_id) && $session_id !== $this->_session_id)
  213. {
  214. if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id))
  215. {
  216. return $this->_fail();
  217. }
  219. $this->_row_exists = FALSE;
  220. $this->_session_id = $session_id;
  221. }
  222. elseif ($this->_lock === FALSE)
  223. {
  224. return $this->_fail();
  225. }
  227. if ($this->_row_exists === FALSE)
  228. {
  229. $insert_data = array(
  230. 'id' => $session_id,
  231. 'ip_address' => $_SERVER['REMOTE_ADDR'],
  232. 'timestamp' => time(),
  233. 'data' => ($this->_platform === 'postgre' ? base64_encode($session_data) : $session_data)
  234. );
  236. if ($this->_db->insert($this->_config['save_path'], $insert_data))
  237. {
  238. $this->_fingerprint = md5($session_data);
  239. $this->_row_exists = TRUE;
  240. return $this->_success;
  241. }
  243. return $this->_fail();
  244. }
  246. $this->_db->where('id', $session_id);
  247. if ($this->_config['match_ip'])
  248. {
  249. $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
  250. }
  252. $update_data = array('timestamp' => time());
  253. if ($this->_fingerprint !== md5($session_data))
  254. {
  255. $update_data['data'] = ($this->_platform === 'postgre')
  256. ? base64_encode($session_data)
  257. : $session_data;
  258. }
  260. if ($this->_db->update($this->_config['save_path'], $update_data))
  261. {
  262. $this->_fingerprint = md5($session_data);
  263. return $this->_success;
  264. }
  266. return $this->_fail();
  267. }
  269. // ------------------------------------------------------------------------
  271. /**
  272. * Close
  273. *
  274. * Releases locks
  275. *
  276. * @return bool
  277. */
  278. public function close()
  279. {
  280. return ($this->_lock && ! $this->_release_lock())
  281. ? $this->_fail()
  282. : $this->_success;
  283. }
  285. // ------------------------------------------------------------------------
  287. /**
  288. * Destroy
  289. *
  290. * Destroys the current session.
  291. *
  292. * @param string $session_id Session ID
  293. * @return bool
  294. */
  295. public function destroy($session_id)
  296. {
  297. if ($this->_lock)
  298. {
  299. // Prevent previous QB calls from messing with our queries
  300. $this->_db->reset_query();
  302. $this->_db->where('id', $session_id);
  303. if ($this->_config['match_ip'])
  304. {
  305. $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
  306. }
  308. if ( ! $this->_db->delete($this->_config['save_path']))
  309. {
  310. return $this->_fail();
  311. }
  312. }
  314. if ($this->close() === $this->_success)
  315. {
  316. $this->_cookie_destroy();
  317. return $this->_success;
  318. }
  320. return $this->_fail();
  321. }
  323. // ------------------------------------------------------------------------
  325. /**
  326. * Garbage Collector
  327. *
  328. * Deletes expired sessions
  329. *
  330. * @param int $maxlifetime Maximum lifetime of sessions
  331. * @return bool
  332. */
  333. public function gc($maxlifetime)
  334. {
  335. // Prevent previous QB calls from messing with our queries
  336. $this->_db->reset_query();
  338. return ($this->_db->delete($this->_config['save_path'], 'timestamp < '.(time() - $maxlifetime)))
  339. ? $this->_success
  340. : $this->_fail();
  341. }
  343. // ------------------------------------------------------------------------
  345. /**
  346. * Get lock
  347. *
  348. * Acquires a lock, depending on the underlying platform.
  349. *
  350. * @param string $session_id Session ID
  351. * @return bool
  352. */
  353. protected function _get_lock($session_id)
  354. {
  355. if ($this->_platform === 'mysql')
  356. {
  357. $arg = md5($session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : ''));
  358. if ($this->_db->query("SELECT GET_LOCK('".$arg."', 300) AS ci_session_lock")->row()->ci_session_lock)
  359. {
  360. $this->_lock = $arg;
  361. return TRUE;
  362. }
  364. return FALSE;
  365. }
  366. elseif ($this->_platform === 'postgre')
  367. {
  368. $arg = "hashtext('".$session_id."')".($this->_config['match_ip'] ? ", hashtext('".$_SERVER['REMOTE_ADDR']."')" : '');
  369. if ($this->_db->simple_query('SELECT pg_advisory_lock('.$arg.')'))
  370. {
  371. $this->_lock = $arg;
  372. return TRUE;
  373. }
  375. return FALSE;
  376. }
  378. return parent::_get_lock($session_id);
  379. }
  381. // ------------------------------------------------------------------------
  383. /**
  384. * Release lock
  385. *
  386. * Releases a previously acquired lock
  387. *
  388. * @return bool
  389. */
  390. protected function _release_lock()
  391. {
  392. if ( ! $this->_lock)
  393. {
  394. return TRUE;
  395. }
  397. if ($this->_platform === 'mysql')
  398. {
  399. if ($this->_db->query("SELECT RELEASE_LOCK('".$this->_lock."') AS ci_session_lock")->row()->ci_session_lock)
  400. {
  401. $this->_lock = FALSE;
  402. return TRUE;
  403. }
  405. return FALSE;
  406. }
  407. elseif ($this->_platform === 'postgre')
  408. {
  409. if ($this->_db->simple_query('SELECT pg_advisory_unlock('.$this->_lock.')'))
  410. {
  411. $this->_lock = FALSE;
  412. return TRUE;
  413. }
  415. return FALSE;
  416. }
  418. return parent::_release_lock();
  419. }
  420. }