- Timestamp:
- 06/08/04 22:10:06 (5 years ago)
- Files:
-
- trunk/autopackage.php (modified) (4 diffs)
- trunk/docs/readme.txt (modified) (2 diffs)
- trunk/examples/destroy.php (deleted)
- trunk/examples/example_basic_first.php (modified) (2 diffs)
- trunk/examples/example_secure_expire.php (modified) (1 diff)
- trunk/examples/example_secure_fork.php (added)
- trunk/patSession/Storage.php (modified) (11 diffs)
- trunk/patSession/Storage/Native.php (modified) (11 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/autopackage.php
r14 r16 14 14 */ 15 15 16 $baseVersion = '1.0. 0';16 $baseVersion = '1.0.1'; 17 17 18 18 /** … … 50 50 $package = new PEAR_PackageFileManager(); 51 51 52 $result = $package->setOptions( array(52 $result = $package->setOptions( array( 53 53 'package' => 'patSession', 54 54 'summary' => 'Session management package.', … … 68 68 'tests' => 'test', 69 69 ) 70 ) );70 ) ); 71 71 72 if (PEAR::isError($result)) { 72 if (PEAR::isError($result)) 73 { 73 74 echo $result->getMessage(); 74 75 die(); 75 76 } 76 77 77 $package->addMaintainer('gerd', 'lead', ' GerdSchaufelberger', 'gerd@php-tools.net');78 $package->addMaintainer('gerd', 'lead', 'gERD Schaufelberger', 'gerd@php-tools.net'); 78 79 79 80 $package->addDependency('patError', '', 'has', 'pkg', false); … … 82 83 $result = $package->writePackageFile(); 83 84 84 if (PEAR::isError($result)) { 85 if (PEAR::isError($result)) 86 { 85 87 echo $result->getMessage(); 86 88 die(); trunk/docs/readme.txt
r2 r16 10 10 * @link http://www.php-tools.net 11 11 * @todo more detailed information 12 * @todo 12 * @todo write a lot :-) 13 13 */ 14 14 … … 20 20 WHAT IS PATSESSION? 21 21 =================== 22 23 hm? Guess what it is :-) 22 patSession is an abstraction layer for session-management. Therefore patSession can be used 23 if you need session support. patSession comes with some with some security-features for 24 session-fixiation. Also the patSession storage-containers are based on drivers. Currently 25 only the native-driver is implemented (it used the native php session support). 24 26 25 27 Sorry, no text here... trunk/examples/example_basic_first.php
r9 r16 23 23 // most easy way to create a session object 24 24 $sess =& patSession::singleton( 'ham' ); 25 25 26 26 // store a value 27 27 echo '<br/>Store some values into session...<br/>'; … … 41 41 echo 'Query-string <i>' . $queryString . '</i> from this session.<br />'; 42 42 echo 'This <a href="' . $_SERVER['PHP_SELF'] . '?' . $queryString . '" title="'. $_SERVER['PHP_SELF'] . '?' . $queryString .'">URL</a> contains the query-string<br />'; 43 43 44 ?> trunk/examples/example_secure_expire.php
r10 r16 29 29 $sess =& patSession::singleton( 'ham', 'Native', $options ); 30 30 31 // recieve query string from session 31 32 $queryString = $sess->getQueryString(); 33 32 34 echo 'This session will expire within one minute idle time.<br><br>'; 33 35 echo 'Just wait one minute until you follow '; trunk/patSession/Storage.php
r15 r16 28 28 29 29 /** 30 * internal session name31 * @var string $_name32 */33 var $_name = null;34 35 /**36 * internal session id37 * @var string $_id38 */39 var $_id = null;40 41 /**42 30 * maximum age of unused session 43 31 * @var string $_expire minutes 44 32 */ 45 33 var $_expire = null; 46 47 /**48 * cookie behaviour options49 * Decide either to use cookies, force the usage or deny it or let50 * the value of php-ini-file decide how if cookies should be used.51 * @var string $_cookie named behaviour for cookie-management52 */53 var $_cookie = 'ini';54 34 55 35 /** … … 105 85 * recieve name of this session 106 86 * 107 * @ final87 * @abstract 108 88 * @access private 109 89 * @return string $name session name … … 111 91 function getName() 112 92 { 113 return $this->_name;93 return null; 114 94 } 115 95 … … 117 97 * recieve id of this session 118 98 * 119 * @ final99 * @abstract 120 100 * @access private 121 101 * @return string $id session id … … 123 103 function getId() 124 104 { 125 if( $this->_state === 'destroyed' ) 126 { 127 patErrorManager::raiseNotice( 'patSession:Storage:' . PATSESSION_ERROR_NOT_ACTIVE, 128 'Session is not active - nothing to clear', 129 'The session was destroyed before.' 130 ); 131 return null; 132 } 133 134 return $this->_id; 105 return null; 135 106 } 136 107 … … 209 180 * @access private 210 181 * @return boolean $result true on success 211 * @todo implement browser fixiation212 182 * @todo add network-mask feature for ip-check 213 183 * @todo add allowed referer for session-transfers 214 184 */ 215 function _checkSecurity() 216 { 185 function _checkSecurity( $rewoke = false ) 186 { 187 // allow to rewoke a session 188 if( $rewoke ) 189 { 190 $this->_state = 'active'; 191 $this->set( '_patSession_atime', null ); 192 $this->set( '_patSession_clientAddr', null ); 193 $this->set( '_patSession_clientBrowser', null ); 194 } 195 217 196 $atime = $this->get( '_patSession_atime' ); 218 197 … … 243 222 } 244 223 // else check referer 245 else if( in_array( 'fix_referer', $this->_security ) )224 else if( !empty( $this->_allowedReferer ) && in_array( 'fix_referer', $this->_security ) ) 246 225 { 247 226 // referer must match server … … 252 231 if( $ref !== $_SERVER['SERVER_NAME'] ) 253 232 { 254 if( empty( $this->_allowedReferer ) ) 233 // check allowed referers 234 $found = false; 235 foreach( $this->_allowedReferer as $allowed ) 255 236 { 256 $this->_state = 'fix_referer_failed'; 237 if( preg_match( $allowed, $ref ) ) 238 { 239 $found = true; 240 break; 241 } 242 } 243 244 if( !$found ) 245 { 246 $this->_state = 'referer_not_allowed'; 257 247 return false; 258 }259 // check allowed referers260 else261 {262 $found = false;263 foreach( $this->_allowedReferer as $allowed )264 {265 if( preg_match( $allowed, $ref ) )266 {267 $found = true;268 break;269 }270 }271 272 if( !$found )273 {274 $this->_state = 'referer_not_allowed';275 return false;276 }277 248 } 278 249 } … … 311 282 } 312 283 284 return true; 313 285 } 314 286 … … 343 315 function _setOptions( &$options ) 344 316 { 345 if( isset( $options['name'] ) )346 {347 $this->_name = $options['name'];348 }349 350 // set id351 if( isset( $options['id'] ) )352 {353 $this->_id = $options['id'];354 }355 356 317 // set expire time 357 318 if( isset( $options['expire'] ) ) … … 396 357 } 397 358 398 // select cookie-mode399 $cookieOptions = array( 'ini', 'only', 'allow', 'deny' );400 if( isset( $options['cookie'] ) && in_array( $options['cookie'], $cookieOptions ) )401 {402 $this->_cookie = $options['cookie'];403 404 // get cookie behavour from php.ini405 if( $this->_cookie === 'ini' )406 {407 $this->_cookie = 'deny';408 409 // cookies are allowed410 if( ini_get( 'session.use_cookies' ) )411 {412 $this->_cookie = 'allow';413 if( ini_get( 'session.use_only_cookies' ) )414 {415 $this->_cookie = 'only';416 }417 }418 }419 420 }421 422 359 return true; 423 360 } trunk/patSession/Storage/Native.php
r15 r16 34 34 /** 35 35 * id string 36 * @var string $_ sessId37 */ 38 var $_ sessId = null;36 * @var string $_id 37 */ 38 var $_id = null; 39 39 40 40 /** … … 56 56 function __construct( $id = 'session', $options = array() ) 57 57 { 58 $this->_ sessId = $id;58 $this->_id = $id; 59 59 $this->_setOptions( $options ); 60 61 // use options62 if( $this->_name !== null )63 {64 session_name( $this->_name );65 }66 67 if( $this->_id !== null )68 {69 session_id( $this->_id );70 }71 72 // set cookie options73 switch( $this->_cookie )74 {75 case 'deny';76 if( ini_get( 'session.use_cookies' ) )77 {78 ini_set( 'session.use_cookies', 0 );79 }80 break;81 82 case 'allow';83 if( !ini_get( 'session.use_cookies' ) )84 {85 ini_set( 'session.use_cookies', 1 );86 }87 break;88 89 case 'only';90 if( !ini_get( 'session.use_cookies' ) )91 {92 ini_set( 'session.use_cookies', 1 );93 }94 95 if( !ini_get( 'session.use_only_cookies' ) )96 {97 ini_set( 'session.use_only_cookies', 1 );98 }99 break;100 }101 102 60 103 61 // start session if not startet … … 107 65 } 108 66 109 $this->_name = session_name();110 $this->_id = session_id();111 112 67 // init session-array 113 if( !isset( $_SESSION[$this->_ sessId] ) )114 { 115 $_SESSION[$this->_ sessId] = array();116 } 117 118 $this->_sess =& $_SESSION[$this->_ sessId];68 if( !isset( $_SESSION[$this->_id] ) ) 69 { 70 $_SESSION[$this->_id] = array(); 71 } 72 73 $this->_sess =& $_SESSION[$this->_id]; 119 74 $this->_state = 'active'; 120 75 … … 127 82 128 83 /** 84 * recieve name of this session 85 * 86 * @access private 87 * @return string $name session name 88 */ 89 function getName() 90 { 91 return session_name(); 92 } 93 94 /** 95 * recieve id of this session 96 * 97 * @access private 98 * @return string $id session id 99 */ 100 function getId() 101 { 102 if( $this->_state === 'destroyed' ) 103 { 104 patErrorManager::raiseNotice( 'patSession_' . PATSESSION_ERROR_NOT_ACTIVE, 105 'Session is not active - nothing to clear', 106 'The session was destroyed before.' 107 ); 108 return null; 109 } 110 111 return session_id(); 112 } 113 114 /** 129 115 * save data into session 130 116 * … … 138 124 if( $this->_state !== 'active' ) 139 125 { 140 return patErrorManager::raiseError( 'patSession :Storage:Native:' . PATSESSION_ERROR_NOT_ACTIVE,126 return patErrorManager::raiseError( 'patSession_' . PATSESSION_ERROR_NOT_ACTIVE, 141 127 'Cannot set value because session not active.', 142 128 'Either the session was destroyed, has expired or locked by security' … … 159 145 if( $this->_state !== 'active' ) 160 146 { 161 return patErrorManager::raiseWarning( 'patSession :Storage:Native:' . PATSESSION_ERROR_NOT_ACTIVE,147 return patErrorManager::raiseWarning( 'patSession_' . PATSESSION_ERROR_NOT_ACTIVE, 162 148 'Cannot recieve value because session not active.', 163 149 'Either the session was destroyed, has expired or locked because of security reasons.' … … 184 170 if( $this->_state !== 'active' ) 185 171 { 186 patErrorManager::raiseNotice( 'patSession :Storage:Native:' . PATSESSION_ERROR_NOT_ACTIVE,172 patErrorManager::raiseNotice( 'patSession_' . PATSESSION_ERROR_NOT_ACTIVE, 187 173 'Session is not active - nothing to clear', 188 174 'Either the session was destroyed, has expired or locked because of security reasons.' … … 211 197 if( $this->_state === 'destroyed' ) 212 198 { 213 patErrorManager::raiseNotice( 'patSession :Storage:Native:' . PATSESSION_ERROR_NOT_ACTIVE,199 patErrorManager::raiseNotice( 'patSession_' . PATSESSION_ERROR_NOT_ACTIVE, 214 200 'Session is not active.', 215 201 'The session was destroyed before.' … … 237 223 if( $this->_state !== 'active' ) 238 224 { 239 return patErrorManager::raiseError( 'patSession:Storage:Native:' . PATSESSION_ERROR_NOT_ACTIVE, 225 if( !$this->_checkSecurity( true ) ) 226 { 227 return patErrorManager::raiseNotice( 'patSession_' . PATSESSION_ERROR_NOT_ACTIVE, 240 228 'Session is not active.', 241 'Either the session was destroyed, has expired or locked because of security reasons.' 242 ); 229 'Either the session was destroyed, has expired or locked because of security reasons: '. $this->_state.'.' 230 ); 231 } 243 232 } 244 233 … … 254 243 $cookie = session_get_cookie_params(); 255 244 256 $ this->_id = $this->_createId( strlen( session_id() ) );245 $id = $this->_createId( strlen( session_id() ) ); 257 246 258 247 // kill session and restart it with new id 259 248 session_destroy(); 260 session_id( $ this->_id );249 session_id( $id ); 261 250 session_start(); 262 251 263 252 // restore values 264 253 $_SESSION = $values; 265 $this->_sess =& $_SESSION[$this->_ sessId];254 $this->_sess =& $_SESSION[$this->_id]; 266 255 267 256 // restore config … … 271 260 return true; 272 261 } 262 263 /** 264 * set additional session options 265 * 266 * @access private 267 * @param array $options list of parameter 268 * @return boolean $result true on success 269 */ 270 function _setOptions( &$options ) 271 { 272 // set name 273 if( isset( $options['name'] ) ) 274 { 275 session_name( $options['name'] ); 276 } 277 278 // set id 279 if( isset( $options['id'] ) ) 280 { 281 session_id( $options['id'] ); 282 } 283 284 return parent::_setOptions( $options ); 285 } 273 286 } 274 287 ?>
