You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

379 lines
9.9 KiB

<?php
/**
* CodeIgniter
*
* An open source application development framework for PHP
*
* This content is released under the MIT License (MIT)
*
* Copyright (c) 2014 - 2016, British Columbia Institute of Technology
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
* @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/)
* @license http://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 3.0.0
* @filesource
*/
defined('BASEPATH') OR exit('No direct script access allowed');
/**
* CodeIgniter Session Files Driver
*
* @package CodeIgniter
* @subpackage Libraries
* @category Sessions
* @author Andrey Andreev
* @link https://codeigniter.com/user_guide/libraries/sessions.html
*/
class CI_Session_files_driver extends CI_Session_driver implements SessionHandlerInterface {
/**
* Save path
*
* @var string
*/
protected $_save_path;
/**
* File handle
*
* @var resource
*/
protected $_file_handle;
/**
* File name
*
* @var resource
*/
protected $_file_path;
/**
* File new flag
*
* @var bool
*/
protected $_file_new;
// ------------------------------------------------------------------------
/**
* Class constructor
*
* @param array $params Configuration parameters
* @return void
*/
public function __construct(&$params)
{
parent::__construct($params);
if (isset($this->_config['save_path']))
{
$this->_config['save_path'] = rtrim($this->_config['save_path'], '/\\');
ini_set('session.save_path', $this->_config['save_path']);
}
else
{
$this->_config['save_path'] = rtrim(ini_get('session.save_path'), '/\\');
}
}
// ------------------------------------------------------------------------
/**
* Open
*
* Sanitizes the save_path directory.
*
* @param string $save_path Path to session files' directory
* @param string $name Session cookie name
* @return bool
*/
public function open($save_path, $name)
{
if ( ! is_dir($save_path))
{
if ( ! mkdir($save_path, 0700, TRUE))
{
throw new Exception("Session: Configured save path '".$this->_config['save_path']."' is not a directory, doesn't exist or cannot be created.");
}
}
elseif ( ! is_writable($save_path))
{
throw new Exception("Session: Configured save path '".$this->_config['save_path']."' is not writable by the PHP process.");
}
$this->_config['save_path'] = $save_path;
$this->_file_path = $this->_config['save_path'].DIRECTORY_SEPARATOR
.$name // we'll use the session cookie name as a prefix to avoid collisions
.($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : '');
return $this->_success;
}
// ------------------------------------------------------------------------
/**
* Read
*
* Reads session data and acquires a lock
*
* @param string $session_id Session ID
* @return string Serialized session data
*/
public function read($session_id)
{
// This might seem weird, but PHP 5.6 introduces session_reset(),
// which re-reads session data
if ($this->_file_handle === NULL)
{
// Just using fopen() with 'c+b' mode would be perfect, but it is only
// available since PHP 5.2.6 and we have to set permissions for new files,
// so we'd have to hack around this ...
if (($this->_file_new = ! file_exists($this->_file_path.$session_id)) === TRUE)
{
if (($this->_file_handle = fopen($this->_file_path.$session_id, 'w+b')) === FALSE)
{
log_message('error', "Session: File '".$this->_file_path.$session_id."' doesn't exist and cannot be created.");
return $this->_failure;
}
}
elseif (($this->_file_handle = fopen($this->_file_path.$session_id, 'r+b')) === FALSE)
{
log_message('error', "Session: Unable to open file '".$this->_file_path.$session_id."'.");
return $this->_failure;
}
if (flock($this->_file_handle, LOCK_EX) === FALSE)
{
log_message('error', "Session: Unable to obtain lock for file '".$this->_file_path.$session_id."'.");
fclose($this->_file_handle);
$this->_file_handle = NULL;
return $this->_failure;
}
// Needed by write() to detect session_regenerate_id() calls
$this->_session_id = $session_id;
if ($this->_file_new)
{
chmod($this->_file_path.$session_id, 0600);
$this->_fingerprint = md5('');
return '';
}
}
// We shouldn't need this, but apparently we do ...
// See https://github.com/bcit-ci/CodeIgniter/issues/4039
elseif ($this->_file_handle === FALSE)
{
return $this->_failure;
}
else
{
rewind($this->_file_handle);
}
$session_data = '';
for ($read = 0, $length = filesize($this->_file_path.$session_id); $read < $length; $read += strlen($buffer))
{
if (($buffer = fread($this->_file_handle, $length - $read)) === FALSE)
{
break;
}
$session_data .= $buffer;
}
$this->_fingerprint = md5($session_data);
return $session_data;
}
// ------------------------------------------------------------------------
/**
* Write
*
* Writes (create / update) session data
*
* @param string $session_id Session ID
* @param string $session_data Serialized session data
* @return bool
*/
public function write($session_id, $session_data)
{
// If the two IDs don't match, we have a session_regenerate_id() call
// and we need to close the old handle and open a new one
if ($session_id !== $this->_session_id && ($this->close() === $this->_failure OR $this->read($session_id) === $this->_failure))
{
return $this->_failure;
}
if ( ! is_resource($this->_file_handle))
{
return $this->_failure;
}
elseif ($this->_fingerprint === md5($session_data))
{
return ( ! $this->_file_new && ! touch($this->_file_path.$session_id))
? $this->_failure
: $this->_success;
}
if ( ! $this->_file_new)
{
ftruncate($this->_file_handle, 0);
rewind($this->_file_handle);
}
if (($length = strlen($session_data)) > 0)
{
for ($written = 0; $written < $length; $written += $result)
{
if (($result = fwrite($this->_file_handle, substr($session_data, $written))) === FALSE)
{
break;
}
}
if ( ! is_int($result))
{
$this->_fingerprint = md5(substr($session_data, 0, $written));
log_message('error', 'Session: Unable to write data.');
return $this->_failure;
}
}
$this->_fingerprint = md5($session_data);
return $this->_success;
}
// ------------------------------------------------------------------------
/**
* Close
*
* Releases locks and closes file descriptor.
*
* @return bool
*/
public function close()
{
if (is_resource($this->_file_handle))
{
flock($this->_file_handle, LOCK_UN);
fclose($this->_file_handle);
$this->_file_handle = $this->_file_new = $this->_session_id = NULL;
}
return $this->_success;
}
// ------------------------------------------------------------------------
/**
* Destroy
*
* Destroys the current session.
*
* @param string $session_id Session ID
* @return bool
*/
public function destroy($session_id)
{
if ($this->close() === $this->_success)
{
if (file_exists($this->_file_path.$session_id))
{
$this->_cookie_destroy();
return unlink($this->_file_path.$session_id)
? $this->_success
: $this->_failure;
}
return $this->_success;
}
elseif ($this->_file_path !== NULL)
{
clearstatcache();
if (file_exists($this->_file_path.$session_id))
{
$this->_cookie_destroy();
return unlink($this->_file_path.$session_id)
? $this->_success
: $this->_failure;
}
return $this->_success;
}
return $this->_failure;
}
// ------------------------------------------------------------------------
/**
* Garbage Collector
*
* Deletes expired sessions
*
* @param int $maxlifetime Maximum lifetime of sessions
* @return bool
*/
public function gc($maxlifetime)
{
if ( ! is_dir($this->_config['save_path']) OR ($directory = opendir($this->_config['save_path'])) === FALSE)
{
log_message('debug', "Session: Garbage collector couldn't list files under directory '".$this->_config['save_path']."'.");
return $this->_failure;
}
$ts = time() - $maxlifetime;
$pattern = sprintf(
'/^%s[0-9a-f]{%d}$/',
preg_quote($this->_config['cookie_name'], '/'),
($this->_config['match_ip'] === TRUE ? 72 : 40)
);
while (($file = readdir($directory)) !== FALSE)
{
// If the filename doesn't match this pattern, it's either not a session file or is not ours
if ( ! preg_match($pattern, $file)
OR ! is_file($this->_config['save_path'].DIRECTORY_SEPARATOR.$file)
OR ($mtime = filemtime($this->_config['save_path'].DIRECTORY_SEPARATOR.$file)) === FALSE
OR $mtime > $ts)
{
continue;
}
unlink($this->_config['save_path'].DIRECTORY_SEPARATOR.$file);
}
closedir($directory);
return $this->_success;
}
}