-
Notifications
You must be signed in to change notification settings - Fork 7.6k
RA session
Category:Libraries::Session A session library from systemsos; Version 2.0 - Updated 17/02/2008 Working
Welcome to RA_Session, using native PHP sessions and two great features.
-> A Remember me setting, to store the viewer's username or email address - ready to be automatically placed on a login form for when they return. -> Persistant Session, is the function to define if the user wants to "Keep me Logged In", where everyone else is automatically logged out after they close their brower. This can be set on a PER USER basis, giving you the option to ask users to keep logged in for 1 hour, 2 hours, 1 week, etc. or whatever you can come up with.
I've tried to keep the CI's function names in tact so it will work with all your current scripts - without having to change and modify mass amounts of code [posted below].
Functions [code] $this->load->library('RA_Session'); //To start a sesssion $this->ra_session->sess_destroy; //Destory the session (or log out the user) - Removes persistant_session state but NOT the remember me state
//The following functions have been kept (keep using them if you want to encrypt your data $this->ra_session->userdata $this->ra_session->all_userdata $this->ra_session->set_userdata $this->ra_session->unset_userdata
SPECIAL FUNCTIONS $this->ra_session->sess_id() //Returns the Native Session ID $this->ra_session->set_remember_me('Value to Remember') //Sets the value of Remember Me $this->ra_session->get_remember_me() //Returns the value of Remember Me $this->ra_session->unset_remember_me() //Kill the Remember me value/setting
$this->ra_session->persistant_session() //Returns the value of the time this session should stay active. $this->ra_session->persistant_session('3200') //Defines this session should stay open for 3200 seconds $this->ra_session->persistant_session(TRUE) //Defines this session should stay open for the library's default (which is two years) [/code]
If you wish to use the Persistant Session option - you should consider having your $sess_length (at the top of this file, or set in your config.php file) to 0. Zero defaults to close this session on browser exit. Anything higher and you'll get some unexpected results.
****Things To Do *The persistant session cookie (to which holds the time to stay active) needs to save the cookie as the session_name + '_persist' - rather than just 'persistant_session'. *Session cookies don't seem to reset the expiry time upon each page load, so a function should be written to randomly check the session expiry, kill the session (so we can send a new cookie with the right expiry), and recreate the session with the same deatails. Setting the Persistant Session value does just this, but only when the value of the time to stay active changes.
[code] <?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
- CodeIgniter
- @package RA_Session
- @author Darren Nolan -of Rapid Hosting
- @link http://www.rapidhosting.com.au
- @since Version 1.0
- @filesource */
class RA_Session { var $CI; var $now; var $sess_encryption = TRUE; //Don't turn me off if you are using non-native sessions please. That'd be silly. var $sess_match_ip = TRUE; //I gotta come from the same IP as the associated session - OR I WON'T LIKE YOU var $sess_match_useragent = TRUE; //I gotta come from the same USERAGENT as the associated session - OR I WON'T LIKE YOU var $sess_name = 'ra_session'; //Name our session cookie. The Remember cookie with be that + 'remember' var $sess_length = 0; //You'll want to keep this as 0 if you want to use the "persistant_session" option //Anything over 0 will stop a user from choosing themselves var $userdata = array(); //The User's data to store
function RA_Session()
{
$this->CI =& get_instance();
log_message('debug', "RA Session Class Initialized");
//Shouldn't the next three lines be in the normal session library too? Other wise I can't see a point setting a default value in the "class".
if ($this->CI->config->item('sess_encryption') != FALSE) {
$this->sess_encryption = $this->CI->config->item('sess_encryption');
}
if ($this->sess_encryption) {
$this->CI->load->library('encrypt');
}
//End my little changes to the encryption bit
$this->sess_run();
}
function sess_run()
{
$expiration = $this->CI->config->item('sess_expiration');
if (is_numeric($expiration)) {
if ($expiration > 0) {
$this->sess_length = $this->CI->config->item('sess_expiration');
} else {
$this->sess_length = (60*60*24*365); //default cookie length if config was incorrectly setup
}
}
if ($this->CI->config->item('sess_name') != FALSE) {
$this->sess_name = $this->CI->config->item['cookie_prefix'] . $this->CI->config->item['sess_name'];
}
if ($this->persistant_session()!=FALSE) {
$this->sess_length = $this->persistant_session();
}
$this->sess_length;
session_name($this->sess_name);
ini_set('session.cookie_lifetime', $this->sess_length);
ini_set('session.gc_maxlifetime', $this->sess_length);
session_start();
//Lets do our session check against IP here... I mean - what better time to check?....
if ($this->CI->config->item('sess_match_ip') != FALSE) {
$this->sess_match_ip = $this->CI->config->item('sess_match_ip');
}
if ($this->sess_match_ip == TRUE) {
if (!isset($_SESSION['ip_address'])) {
//If the session doesn't contain the IP address, this is their first visit, lets GRAB IT!
$_SESSION['ip_address'] = $this->_ra_encode($this->CI->input->ip_address());
} else {
//There is no need to check is 1=1 right? We'll stick this part in the else statement to speed things up
if ($this->_ra_decode($_SESSION['ip_address']) != $this->CI->input->ip_address()) {
//Uoh - We're matching IPs here and they don't match to your session... That's not good....
$this->sess_destroy();
return FALSE;
}
}
}
//Lets do our session check against USERAGENT here... I mean - what better time to check?....
if ($this->CI->config->item('sess_match_useragent') != FALSE) {
$this->sess_match_useragent = $this->CI->config->item('sess_match_useragent');
}
if ($this->sess_match_useragent == TRUE) {
if (!isset($_SESSION['user_agent'])) {
//If the session doesn't contain the user_agent yet - this is their first visit, lets GRAB IT!
$_SESSION['user_agent'] = $this->_ra_encode(trim(substr($this->CI->input->user_agent(), 0, 50)));
} else {
//There is no need to check is 1=1 right? We'll stick this part in the else statement to speed things up
if ($this->_ra_decode($_SESSION['user_agent']) != trim(substr($this->CI->input->user_agent(), 0, 50))) {
//Uoh - We're matching IPs here and they don't match to your session... That's not good....
$this->sess_destory();
return FALSE;
}
}
}
//So we've made it past the validation stuff
if ($this->sess_encryption) {
$this->userdata = $this->_ra_decode($_SESSION);
} else {
$this->userdata = $_SESSION;
}
return TRUE;
}
function sess_destroy ()
{
//Kill off their cookie!
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', (time()-42000), '/');
}
if (isset($_COOKIE['persistant_session'])) {
setcookie('persistant_session', '', (time()-42000), '/');
}
//Now the session data!
$_SESSION = array(); //Clear the array of session data, for justin (just in case.. hehe)
session_destroy();
}
function userdata($item)
{
return ( ! isset($this->userdata[$item])) ? FALSE : $this->userdata[$item];
//Or one could just start using $_SESSION['my stuff'] - but we'll try to make it so this library can simply replace the core library,
//without the need for users (yes, I mean you) to rewrite their code :-) HOW NICE AM I?!?!?! (And tired at this stage)
}
function all_userdata()
{
return ( ! isset($this->userdata)) ? FALSE : $this->userdata;
//Same as above
}
function set_userdata($newdata = array(), $newval = '')
{
if (is_string($newdata)) {
$newdata = array($newdata => $newval);
}
if (count($newdata) > 0) {
foreach ($newdata as $key => $val) {
$this->userdata[$key] = $val;
$_SESSION[$key] = $this->_ra_encode($val);
}
}
}
function unset_userdata($newdata = array())
{
if (is_string($newdata)) {
$newdata = array($newdata => '');
}
if (count($newdata) > 0) {
foreach ($newdata as $key => $val) {
unset($this->userdata[$key]);
unset($_SESSION[$key]);
}
}
}
function set_remember_me ($newdata)
{
//OUR NEW FUNCTION FOR IF THIS USER SHOULD BE REMEMBER, AND WHAT VALUE IT SHOULD HOLD!
//Returns TRUE on successful setting, FALSE on non-successful setting
if ($newdata == FALSE OR $newdata =='') {
//If you try to set remember me with a FALSE or blank entry, we don't want to be remembered do we... hehehe
$this->unset_remember_me();
return FALSE;
}
$cookie_name = $this->sess_name . '_remember';
setcookie($cookie_name, $this->_ra_encode($newdata), (time() + (60*60*24*365)), '/');
return TRUE;
}
function get_remember_me ()
{
//Returns the value of the remember_me cookie (normally a username for login)
//Returns FALSE if it's not there :-)
$cookie_name = $this->sess_name . '_remember';
if (isset($_COOKIE[$cookie_name])) {
return _ra_decode($_COOKIE[$cookie_name]);
} else {
return FALSE;
}
}
function unset_remember_me ()
{
$cookie_name = $this->sess_name . '_remember';
setcookie($cookie_name, '', time()-42000);
}
function sess_id()
{
return session_id();
}
function persistant_session ($time_to_stay_active = NULL)
{
if ($time_to_stay_active==NULL or $time_to_stay_active=='') {
//We're checking and returning if the user is meant to be persistant
if (isset($_COOKIE['persistant_session'])) {
return ($this->_ra_decode($_COOKIE['persistant_session']));
} else {
return FALSE;
}
}
//We're going to change the fact we want persistant - so the user doesn't have to log off and then back on, after we work out
//the $time_to_stay_active - we're gonna kill their current session and give them a new one - with the new expiry time on the session.
//ready?
if ($time_to_stay_active==FALSE) {
//We don't want to stay active
$this->sess_length = 0;
setcookie('persistant_session', $this->_ra_encode('0'), time() - 42000, '/');
} elseif (is_numeric($time_to_stay_active)) {
$this->sess_length = $time_to_stay_active + time();
setcookie('persistant_session', $this->_ra_encode($time_to_stay_active), time() + $time_to_stay_active, '/');
} elseif ($time_to_stay_active==TRUE) {
//We want the user to be kept logged in regards of closing their browser
//Keep this session for "2 years"
$this->sess_length = 63072000 + time();
setcookie('persistant_session', $this->_ra_encode('63072000'), time() + (60 * 60 * 24 * 365 * 2), '/');
$time_to_stay_active = 63072000;
} else {
//I can't work out what we're doing... To be safe I'm going to turn it off
$this->sess_length = 0;
setcookie('persistant_session', $this->_ra_encode('0'), time() - 42000, '/');
$time_to_stay_active = 0;
}
//Copy their current session information
$tmp_session_info = $_SESSION;
$tmp_session_id = session_id();
session_destroy();
//Ensure we have the proper details again this time
session_name($this->sess_name);
ini_set('session.cookie_lifetime', $time_to_stay_active);
ini_set('session.gc_maxlifetime', $time_to_stay_active);
session_id($tmp_session_id); //Give them back their old session ID cause we're nice.
session_start();
$_SESSION = $tmp_session_info;
unset ($tmp_session_info);
return $time_to_stay_active;
}
function _ra_encode ($value)
{
if (is_array($value)) {
$temp_array = array();
foreach ($value as $key => $val) {
if ($this->sess_encryption) {
$temp_array[$key] = $this->_ra_encode($val);
} else {
$temp_array[$key] = $val;
}
}
return $temp_array;
} else {
if ($this->sess_encryption) {
$value = $this->CI->encrypt->encode($value);
return $value;
}
return $value; //unchanged, cause we didn't need to encode it
}
}
function _ra_decode ($value)
{
if (is_array($value)) {
$temp_array = array();
foreach ($value as $key => $val) {
if ($this->sess_encryption) {
$temp_array[$key] = $this->_ra_decode($val);
} else {
$temp_array[$key] = $val;
}
}
return $temp_array;
}
if ($this->sess_encryption) {
$value = $this->CI->encrypt->decode($value);
return $value;
}
return $value; //unchanged, cause we didn't need to decode it
}
} [/code]