-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
148 additions
and
142 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,90 +1,59 @@ | ||
| <?php | ||
| /** | ||
| * @package OpenCart | ||
| * @author Daniel Kerr | ||
| * @copyright Copyright (c) 2005 - 2024, OpenCart, Ltd. (https://www.opencart.com/) | ||
| * @license https://opensource.org/licenses/GPL-3.0 | ||
| * @link https://www.opencart.com | ||
| */ | ||
| namespace Session; | ||
|
|
||
| /** | ||
| * Session class | ||
| */ | ||
| class Session { | ||
| protected $adaptor; | ||
| protected $session_id; | ||
| public $data = array(); | ||
| final class DB { | ||
| public $maxlifetime; | ||
| public $db; | ||
|
|
||
| /** | ||
| * Constructor | ||
| * | ||
| * @param string $adaptor | ||
| * @param object $registry | ||
| */ | ||
| public function __construct($adaptor, $registry = '') { | ||
| $class = 'Session\\' . $adaptor; | ||
|
|
||
| if (class_exists($class)) { | ||
| if ($registry) { | ||
| $this->adaptor = new $class($registry); | ||
| } else { | ||
| $this->adaptor = new $class(); | ||
| } | ||
|
|
||
| register_shutdown_function(array($this, 'close')); | ||
| public function __construct($registry) { | ||
| $this->db = $registry->get('db'); | ||
|
|
||
| $this->maxlifetime = ini_get('session.gc_maxlifetime') !== null ? (int)ini_get('session.gc_maxlifetime') : 1440; | ||
|
|
||
| $this->gc(); | ||
| } | ||
|
|
||
| public function read($session_id) { | ||
| $query = $this->db->query("SELECT `data` FROM `" . DB_PREFIX . "session` WHERE `session_id` = '" . $this->db->escape($session_id) . "' AND `expire` > '" . $this->db->escape(gmdate('Y-m-d H:i:s', time())) . "'"); | ||
|
|
||
| if ($query->num_rows) { | ||
| return json_decode($query->row['data'], true); | ||
| } else { | ||
| trigger_error('Error: Could not load cache adaptor ' . $adaptor . ' session!'); | ||
| exit(); | ||
| } | ||
| return array(); | ||
| } | ||
| } | ||
|
|
||
| public function write($session_id, $data) { | ||
| if ($session_id) { | ||
| $this->db->query("REPLACE INTO `" . DB_PREFIX . "session` SET `session_id` = '" . $this->db->escape($session_id) . "', `data` = '" . $this->db->escape(json_encode($data)) . "', `expire` = '" . $this->db->escape(gmdate('Y-m-d H:i:s', time() + (int)$this->maxlifetime)) . "'"); | ||
| } | ||
|
|
||
| return true; | ||
| } | ||
|
|
||
| /** | ||
| * | ||
| * | ||
| * @return string | ||
| */ | ||
| public function getId() { | ||
| return $this->session_id; | ||
|
|
||
| public function destroy($session_id) { | ||
| $this->db->query("DELETE FROM `" . DB_PREFIX . "session` WHERE `session_id` = '" . $this->db->escape($session_id) . "'"); | ||
|
|
||
| return true; | ||
| } | ||
|
|
||
| /** | ||
| * | ||
| * | ||
| * @param string $session_id | ||
| * | ||
| * @return string | ||
| */ | ||
| public function start($session_id = '') { | ||
| if (!$session_id) { | ||
| if (function_exists('random_bytes')) { | ||
| $session_id = substr(bin2hex(random_bytes(26)), 0, 26); | ||
| } else { | ||
| $session_id = substr(bin2hex(openssl_random_pseudo_bytes(26)), 0, 26); | ||
| } | ||
| public function gc() { | ||
| if (ini_get('session.gc_divisor') && $gc_divisor = (int)ini_get('session.gc_divisor')) { | ||
| $gc_divisor = $gc_divisor === 0 ? 100 : $gc_divisor; | ||
| } else { | ||
| $gc_divisor = 100; | ||
| } | ||
|
|
||
| if (preg_match('/^[a-zA-Z0-9,\-]{22,52}$/', $session_id)) { | ||
| $this->session_id = $session_id; | ||
| if (ini_get('session.gc_probability')) { | ||
| $gc_probability = (int)ini_get('session.gc_probability'); | ||
| } else { | ||
| exit('Error: Invalid session ID!'); | ||
| $gc_probability = 1; | ||
| } | ||
|
|
||
| if (mt_rand() / mt_getrandmax() < $gc_probability / $gc_divisor) { | ||
| $this->db->query("DELETE FROM `" . DB_PREFIX . "session` WHERE `expire` < '" . $this->db->escape(gmdate('Y-m-d H:i:s', time())) . "'"); | ||
|
|
||
| return true; | ||
| } | ||
|
|
||
| $this->data = $this->adaptor->read($session_id); | ||
|
|
||
| return $session_id; | ||
| } | ||
|
|
||
| /** | ||
| * | ||
| */ | ||
| public function close() { | ||
| $this->adaptor->write($this->session_id, $this->data); | ||
| } | ||
|
|
||
| /** | ||
| * | ||
| */ | ||
| public function destroy() { | ||
| $this->adaptor->destroy($this->session_id); | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,78 +1,90 @@ | ||
| <?php | ||
| /** | ||
| * @package OpenCart | ||
| * @author Daniel Kerr | ||
| * @copyright Copyright (c) 2005 - 2017, OpenCart, Ltd. (https://www.opencart.com/) | ||
| * @license https://opensource.org/licenses/GPL-3.0 | ||
| * @link https://www.opencart.com | ||
| */ | ||
|
|
||
| /** | ||
| * Session class | ||
| */ | ||
| class Session { | ||
| public $session_id = ''; | ||
| public $data = []; | ||
| public $adaptor; | ||
| protected $adaptor; | ||
| protected $session_id; | ||
| public $data = array(); | ||
|
|
||
| public function __construct($adaptor = 'native') { | ||
| /** | ||
| * Constructor | ||
| * | ||
| * @param string $adaptor | ||
| * @param object $registry | ||
| */ | ||
| public function __construct($adaptor, $registry = '') { | ||
| $class = 'Session\\' . $adaptor; | ||
|
|
||
| if (class_exists($class)) { | ||
| $this->adaptor = new $class($this); | ||
| } else { | ||
| throw new \Exception('Error: Could not load session adaptor ' . $adaptor . ' session!'); | ||
| } | ||
|
|
||
| if ($this->adaptor) { | ||
| session_set_save_handler($this->adaptor); | ||
| } | ||
|
|
||
| if ($this->adaptor && !session_id()) { | ||
| ini_set('session.use_only_cookies', 'Off'); | ||
| ini_set('session.use_cookies', 'On'); | ||
| ini_set('session.use_trans_sid', 'Off'); | ||
| ini_set('session.cookie_httponly', 'On'); | ||
|
|
||
| if (isset($_COOKIE[session_name()]) && !preg_match('/^[a-zA-Z0-9,\-]{22,52}$/', $_COOKIE[session_name()])) { | ||
| exit('Error: Invalid session ID!'); | ||
| } | ||
|
|
||
| session_set_cookie_params(0, '/'); | ||
| session_start(); | ||
| } | ||
| } | ||
|
|
||
| public function start($key = 'default', $value = '') { | ||
| if ($value) { | ||
| $this->session_id = $value; | ||
| } elseif (isset($_COOKIE[$key])) { | ||
| $this->session_id = $_COOKIE[$key]; | ||
| if ($registry) { | ||
| $this->adaptor = new $class($registry); | ||
| } else { | ||
| $this->adaptor = new $class(); | ||
| } | ||
|
|
||
| register_shutdown_function(array($this, 'close')); | ||
| } else { | ||
| $this->session_id = $this->createId(); | ||
| } | ||
|
|
||
| if (!isset($_SESSION[$this->session_id])) { | ||
| $_SESSION[$this->session_id] = []; | ||
| } | ||
|
|
||
| $this->data = &$_SESSION[$this->session_id]; | ||
|
|
||
| if ($key != 'PHPSESSID') { | ||
| setcookie($key, $this->session_id, ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly')); | ||
| } | ||
|
|
||
| return $this->session_id; | ||
| trigger_error('Error: Could not load cache adaptor ' . $adaptor . ' session!'); | ||
| exit(); | ||
| } | ||
| } | ||
|
|
||
|
|
||
| /** | ||
| * | ||
| * | ||
| * @return string | ||
| */ | ||
| public function getId() { | ||
| return $this->session_id; | ||
| } | ||
|
|
||
| public function createId() { | ||
| if (version_compare(PHP_VERSION, '5.5.4', '>') == true && method_exists($this->adaptor, 'create_sid')) { | ||
| return $this->adaptor->create_sid(); | ||
| } elseif (function_exists('random_bytes')) { | ||
| return substr(bin2hex(random_bytes(26)), 0, 26); | ||
| } elseif (function_exists('openssl_random_pseudo_bytes')) { | ||
| return substr(bin2hex(openssl_random_pseudo_bytes(26)), 0, 26); | ||
| /** | ||
| * | ||
| * | ||
| * @param string $session_id | ||
| * | ||
| * @return string | ||
| */ | ||
| public function start($session_id = '') { | ||
| if (!$session_id) { | ||
| if (function_exists('random_bytes')) { | ||
| $session_id = substr(bin2hex(random_bytes(26)), 0, 26); | ||
| } else { | ||
| $session_id = substr(bin2hex(openssl_random_pseudo_bytes(26)), 0, 26); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| public function destroy($key = 'default'): void { | ||
| if (isset($_SESSION[$key])) { | ||
| unset($_SESSION[$key]); | ||
| if (preg_match('/^[a-zA-Z0-9,\-]{22,52}$/', $session_id)) { | ||
| $this->session_id = $session_id; | ||
| } else { | ||
| exit('Error: Invalid session ID!'); | ||
| } | ||
|
|
||
| setcookie($key, '', time() - 42000, ini_get('session.cookie_path'), ini_get('session.cookie_domain')); | ||
|
|
||
| $this->data = $this->adaptor->read($session_id); | ||
|
|
||
| return $session_id; | ||
| } | ||
|
|
||
| /** | ||
| * | ||
| */ | ||
| public function close() { | ||
| $this->adaptor->write($this->session_id, $this->data); | ||
| } | ||
|
|
||
| /** | ||
| * | ||
| */ | ||
| public function destroy() { | ||
| $this->adaptor->destroy($this->session_id); | ||
| } | ||
| } | ||
| } |