function sec_session_start()
{
$session_name = 'exatest_session_id';
//Asignamos un nombre de sesión
$secure = false;
//mejor en config.php Lo ideal sería true para trabajar con https
$httponly = true;
// Obliga a la sesión a utilizar solo cookies.
// Habilitar este ajuste previene ataques que impican pasar el id de sesión en la URL.
if (ini_set('session.use_only_cookies', 1) === FALSE) {
$action = "error";
$error = "No puedo iniciar una sesion segura (ini_set)";
}
// Obtener los parámetros de la cookie de sesión
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
//Marca la cookie como accesible sólo a través del protocolo HTTP.
//Esto siginifica que la cookie no será accesible por lenguajes de script,
// tales como JavaScript.
//Este ajuste puede ayudar de manera efectiva a reducir robos de
//indentidad a través de ataques
// Incia la sesión PHP
session_name($session_name);
session_start();
// Actualiza el id de sesión actual con uno generado más reciente
//Ayuda a evitar ataques de fijación de sesión
session_regenerate_id(true);
}
public static function start($lifetime = 0, $path = '/', $domain = NULL)
{
if (!self::$_initialized) {
if (!is_object(Symphony::Database()) || !Symphony::Database()->connected()) {
return false;
}
$cache = Cache::instance()->read('_session_config');
if (is_null($cache) || $cache === false) {
self::create();
Cache::instance()->write('_session_config', true);
}
if (!session_id()) {
ini_set('session.save_handler', 'user');
ini_set('session.gc_maxlifetime', $lifetime);
ini_set('session.gc_probability', '1');
ini_set('session.gc_divisor', '3');
}
session_set_save_handler(array('Session', 'open'), array('Session', 'close'), array('Session', 'read'), array('Session', 'write'), array('Session', 'destroy'), array('Session', 'gc'));
session_set_cookie_params($lifetime, $path, $domain ? $domain : self::getDomain(), false, false);
if (strlen(session_id()) == 0) {
if (headers_sent()) {
throw new Exception('Headers already sent. Cannot start session.');
}
session_start();
}
self::$_initialized = true;
}
return session_id();
}
function osTicketSession($ttl = 0)
{
$this->ttl = $ttl ?: ini_get('session.gc_maxlifetime') ?: SESSION_TTL;
// Set osTicket specific session name.
session_name('OSTSESSID');
// Forced cleanup on shutdown
register_shutdown_function('session_write_close');
// Set session cleanup time to match TTL
ini_set('session.gc_maxlifetime', $ttl);
if (OsticketConfig::getDBVersion()) {
return session_start();
}
# Cookies
// Avoid setting a cookie domain without a dot, thanks
// http://stackoverflow.com/a/1188145
$domain = null;
if (isset($_SERVER['HTTP_HOST']) && strpos($_SERVER['HTTP_HOST'], '.') !== false && !Validator::is_ip($_SERVER['HTTP_HOST'])) {
// Remote port specification, as it will make an invalid domain
list($domain) = explode(':', $_SERVER['HTTP_HOST']);
}
session_set_cookie_params($ttl, ROOT_PATH, $domain, osTicket::is_https());
//Set handlers.
session_set_save_handler(array(&$this, 'open'), array(&$this, 'close'), array(&$this, 'read'), array(&$this, 'write'), array(&$this, 'destroy'), array(&$this, 'gc'));
//Start the session.
session_start();
}
/**
* Initialize session
*/
public static function init()
{
// Force cookie path (but do not change lifetime)
$cookie = session_get_cookie_params();
// Default cookie expiration and path.
$cookiedir = '';
if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
$cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/';
}
$ssl = false;
if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
$ssl = true;
}
session_set_cookie_params($cookie['lifetime'], $cookiedir, $cookie['domain'], $ssl);
// Use cookies to store session.
ini_set('session.use_cookies', 1);
// Force cookies for session (phpsessionID forbidden in URL)
ini_set('session.use_only_cookies', 1);
if (!session_id()) {
// Prevent php to use sessionID in URL if cookies are disabled.
ini_set('session.use_trans_sid', false);
if (!empty(self::$sessionName)) {
session_name(self::$sessionName);
}
session_start();
}
}
static function start()
{
include_once __DIR__ . '/sessionDrivers/' . Settings::$sessionDriver . '.php';
//self::$driver = new Settings::$sessionDriver();
//session_set_save_handler(array(self::$driver, 'open'),array(self::$driver, 'close'),array(self::$driver, 'read'),
// array(self::$driver, 'write'),array(self::$driver, 'destroy'),array(self::$driver, 'gc'));
register_shutdown_function('session_write_close');
if (in_array(Settings::$session_hash, hash_algos())) {
ini_set('session.hash_function', Settings::$session_hash);
}
ini_set('session.hash_bits_per_character', Settings::$hash_bits_per_character);
$cookieParams = session_get_cookie_params();
session_set_cookie_params(Settings::$sessionLifetime, $cookieParams["path"], $cookieParams["domain"], Settings::$secure, Settings::$httpOnly);
session_name(Settings::$NAME);
//буферизуем заголовок
ob_start();
//включаем CORS, если указано в настройках /*
if (isset(Settings::$CORS) && Settings::$CORS && !empty($_SERVER['HTTP_ORIGIN'])) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
}
//включаем сессию
session_start();
ob_end_flush();
//посылаем заголовок
}
public function init()
{
session_set_cookie_params($this->expire, $this->path, $this->domain, $this->secure, $this->httpOnly);
if ($this->autoStart) {
$this->open();
}
}
/**
* Default constructor.
*
* @access public
* @param array $config
*/
public function __construct($config = array())
{
// initialize the database
$this->_init(empty($config) ? $this->_config : $config);
// set object as the save handler
session_set_save_handler(array(&$this, 'open'), array(&$this, 'close'), array(&$this, 'read'), array(&$this, 'write'), array(&$this, 'destroy'), array(&$this, 'gc'));
// set some important session vars
ini_set('session.auto_start', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
ini_set('session.gc_maxlifetime', $this->_config['lifetime']);
ini_set('session.referer_check', '');
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', 16);
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('session.hash_function', 1);
ini_set('session.hash_bits_per_character', 5);
// disable client/proxy caching
session_cache_limiter('nocache');
// set the cookie parameters
session_set_cookie_params($this->_config['lifetime'], $this->_config['cookie_path'], $this->_config['cookie_domain']);
// name the session
session_name('mongo_sess');
// start it up
session_start();
}
function pathos_sessions_initialize()
{
$sessid = '';
if (isset($_GET['expid'])) {
$sessid = $_GET['expid'];
} else {
if (isset($_POST['expid'])) {
$sessid = $_POST['expid'];
} else {
if (!isset($_COOKIE[SYS_SESSION_COOKIE])) {
$sessid = md5(uniqid(rand(), true));
} else {
$sessid = $_COOKIE[SYS_SESSION_COOKIE];
}
}
}
session_name(SYS_SESSION_COOKIE);
session_id($sessid);
$_COOKIE['PHPSESSID'] = $sessid;
session_set_cookie_params(SESSION_TIMEOUT * 2);
// Full cookie lasts twice as long as the login session.
session_start();
if (!isset($_SESSION[SYS_SESSION_KEY])) {
$_SESSION[SYS_SESSION_KEY] = array();
}
if (!isset($_SESSION[SYS_SESSION_KEY]['vars'])) {
$_SESSION[SYS_SESSION_KEY]['vars'] = array();
}
if (isset($_SESSION[SYS_SESSION_KEY]['vars']['display_theme'])) {
define('DISPLAY_THEME', $_SESSION[SYS_SESSION_KEY]['vars']['display_theme']);
}
}
/** startInit() initiates the environment
* @return void
*/
public static function startInit()
{
@set_time_limit(0);
@error_reporting(E_ALL & ~E_DEPRECATED & ~E_NOTICE);
@ini_set('session.save_handler', 'mm');
@ini_set('session.cookie_httponly', true);
@ob_start('sanitize_output');
@session_start();
@session_cache_limiter('no-cache');
@session_set_cookie_params(0, null, null, true, true);
@set_magic_quotes_runtime(0);
self::verCheck();
self::extCheck();
foreach ($_REQUEST as $key => $val) {
$_REQUEST[$key] = is_array($val) ? filter_var_array($val, FILTER_SANITIZE_STRING) : filter_var($val, FILTER_SANITIZE_STRING);
}
foreach ($_GET as $key => $val) {
$_GET[$key] = is_array($val) ? filter_var_array($val, FILTER_SANITIZE_STRING) : filter_var($val, FILTER_SANITIZE_STRING);
}
foreach ($_POST as $key => $val) {
$_POST[$key] = is_array($val) ? filter_var_array($val, FILTER_SANITIZE_STRING) : filter_var($val, FILTER_SANITIZE_STRING);
}
foreach (array('node', 'sub', 'printertype', 'id', 'sub', 'crit', 'sort', 'confirm', 'tab') as $x) {
global ${$x};
${$x} = isset($_REQUEST[$x]) ? filter_var($_REQUEST[$x], FILTER_SANITIZE_STRING) : '';
}
unset($x);
new System();
new Config();
}
protected function __construct()
{
/* Call the parent constructor in case it should become
* necessary in the future.
*/
parent::__construct();
/* Initialize the php session handling.
*
* If session_id() returns a blank string, then we need
* to call session start. Otherwise the session is already
* started, and we should avoid calling session_start().
*/
if (session_id() === '') {
$config = SimpleSAML_Configuration::getInstance();
$params = $this->getCookieParams();
$version = explode('.', PHP_VERSION);
if ((int) $version[0] === 5 && (int) $version[1] < 2) {
session_set_cookie_params($params['lifetime'], $params['path'], $params['domain'], $params['secure']);
} else {
session_set_cookie_params($params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
$this->cookie_name = $config->getString('session.phpsession.cookiename', NULL);
if (!empty($this->cookie_name)) {
session_name($this->cookie_name);
} else {
$this->cookie_name = session_name();
}
$savepath = $config->getString('session.phpsession.savepath', NULL);
if (!empty($savepath)) {
session_save_path($savepath);
}
}
}
static function sessionStart($name, $limit = 0, $path = '/', $domain = null, $secure = null)
{
// Set the cookie name before we start.
session_name($name . '_Session');
// Set the domain to default to the current domain.
$domain = isset($domain) ? $domain : isset($_SERVER['SERVER_NAME']);
// Set the default secure value to whether the site is being accessed with SSL
$https = isset($secure) ? $secure : isset($_SERVER['HTTPS']);
// Set the cookie settings and start the session
session_set_cookie_params($limit, $path, $domain, $secure, true);
session_start();
// Make sure the session hasn't expired, and destroy it if it has
if (self::validateSession()) {
// Check to see if the session is new or a hijacking attempt
if (!self::preventHijacking()) {
// Reset session data and regenerate id
$_SESSION = array();
$_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
self::regenerateSession();
// Give a 5% chance of the session id changing on any request
} elseif (rand(1, 100) <= 5) {
self::regenerateSession();
}
} else {
$_SESSION = array();
session_destroy();
session_start();
}
}
/**
* Starts a Session object, only if one doesn't already exist. This function maps
* the Session Handler functions to this classes methods by reading the default
* information from the PHP ini file.
*
* @link http://php.net/manual/en/function.session-set-save-handler.php
* @link http://php.net/manual/en/function.session-set-cookie-params.php
* @param integer $lifetime
* How long a Session is valid for, by default this is 0, which means it
* never expires
* @param string $path
* The path the cookie is valid for on the domain
* @param string $domain
* The domain this cookie is valid for
* @param boolean $httpOnly
* Whether this cookie can be read by Javascript. By default the cookie
* cannot be read by Javascript
* @param boolean $secure
* Whether this cookie should only be sent on secure servers. By default this is
* false, which means the cookie can be sent over HTTP and HTTPS
* @throws Exception
* @return string|boolean
* Returns the Session ID on success, or false on error.
*/
public static function start($lifetime = 0, $path = '/', $domain = null, $httpOnly = true, $secure = false)
{
if (!self::$_initialized) {
if (!is_object(Symphony::Database()) || !Symphony::Database()->isConnected()) {
return false;
}
if (session_id() == '') {
ini_set('session.save_handler', 'user');
ini_set('session.gc_maxlifetime', $lifetime);
ini_set('session.gc_probability', '1');
ini_set('session.gc_divisor', Symphony::Configuration()->get('session_gc_divisor', 'symphony'));
}
session_set_save_handler(array('Session', 'open'), array('Session', 'close'), array('Session', 'read'), array('Session', 'write'), array('Session', 'destroy'), array('Session', 'gc'));
session_set_cookie_params($lifetime, $path, $domain ? $domain : self::getDomain(), $secure, $httpOnly);
session_cache_limiter('');
if (session_id() == '') {
if (headers_sent()) {
throw new Exception('Headers already sent. Cannot start session.');
}
register_shutdown_function('session_write_close');
session_start();
}
self::$_initialized = true;
}
return session_id();
}
static function sessionStart($name, $limit = 0, $secure = null)
{
# definovani jmena
session_name($name . '_session');
# zjisteni sifrovani
$https = isset($secure) ? $secure : isset($_SERVER['HTTPS']);
# vlozeni nastaveni do sessionu
session_set_cookie_params($limit, '/', '.' . $_SERVER['SERVER_NAME'], $secure, true);
session_start();
if (self::validateSession()) {
# kontrola parametru uzivatele a sessionu
if (!self::preventHijacking()) {
$_SESSION = array();
$_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
} elseif (rand(1, 100) <= 5) {
# nahodne regeneruje sessiony 5% pripadu
self::regenerateSession();
}
} else {
# pokud session neproleze validaci, je zrusen
$_SESSION = array();
session_destroy();
session_start();
}
}
function init_session()
{
global $opt;
if ($this->session_initalized != true) {
session_name('SESSION');
session_set_cookie_params($opt['session']['expire']['cookie'], $opt['session']['path'], $opt['session']['domain']);
session_start();
if ($opt['session']['check_referer']) {
if (isset($_SERVER['REFERER'])) {
if (strtolower(substr($_SERVER['REFERER'], 0, strlen($opt['page']['absolute_url']))) != strtolower($opt['page']['absolute_url'])) {
$this->createNewSession();
}
}
}
if ((isset($_GET['SESSION']) || isset($_POST['SESSION'])) && count($_SESSION) > 0) {
// comapre and set timestamp
if (isset($_SESSION['lastcall'])) {
if (abs(time() - $_SESSION['lastcall']) > $opt['session']['expire']['url']) {
$this->createNewSession();
}
}
$_SESSION['lastcall'] = time();
}
$this->session_initalized = true;
}
}
public function __construct()
{
header('Content-type: text/xml; charset=utf-8');
header('Cache-control: no-cache, must-revalidate');
$this->db = mysql_connect(BABEL_DB_HOSTNAME . ':' . BABEL_DB_PORT, BABEL_DB_USERNAME, BABEL_DB_PASSWORD);
mysql_select_db(BABEL_DB_SCHEMATA);
mysql_query("SET NAMES utf8");
mysql_query("SET CHARACTER SET utf8");
mysql_query("SET COLLATION_CONNECTION='utf8_general_ci'");
session_set_cookie_params(2592000);
session_start();
$this->User = new User('', '', $this->db);
global $CACHE_LITE_OPTIONS_SHORT;
$this->cs = new Cache_Lite($CACHE_LITE_OPTIONS_SHORT);
/* legacy long cache:
global $CACHE_LITE_OPTIONS_LONG;
$this->cl = new Cache_Lite($CACHE_LITE_OPTIONS_LONG);
*/
global $ZEND_CACHE_OPTIONS_LONG_FRONTEND;
global $ZEND_CACHE_OPTIONS_LONG_BACKEND;
global $ZEND_CACHE_OPTIONS_MEMCACHED;
if (ZEND_CACHE_MEMCACHED_ENABLED == 'yes') {
$this->cl = Zend_Cache::factory('Core', 'Memcached', $ZEND_CACHE_OPTIONS_LONG_FRONTEND, $ZEND_CACHE_OPTIONS_MEMCACHED);
} else {
$this->cl = Zend_Cache::factory('Core', ZEND_CACHE_TYPE_LONG, $ZEND_CACHE_OPTIONS_LONG_FRONTEND, $ZEND_CACHE_OPTIONS_LONG_BACKEND[ZEND_CACHE_TYPE_LONG]);
}
$this->Validator = new Validator($this->db, $this->User);
if (!isset($_SESSION['babel_ua'])) {
$_SESSION['babel_ua'] = $this->Validator->vxGetUserAgent();
}
$this->URL = new URL();
}
public static function start($lifetime = 0, $path = '/', $domain = NULL)
{
if (!self::$_initialized) {
if (!is_object(Symphony::Database()) || !Symphony::Database()->isConnected()) {
return false;
}
self::$_cache = new Cacheable(Symphony::Database());
$installed = self::$_cache->check('_session_config');
if (!$installed) {
if (!self::createTable()) {
return false;
}
self::$_cache->write('_session_config', true);
}
ini_set('session.save_handler', 'user');
ini_set('session.gc_maxlifetime', $lifetime);
session_set_save_handler(array('Session', 'open'), array('Session', 'close'), array('Session', 'read'), array('Session', 'write'), array('Session', 'destroy'), array('Session', 'gc'));
session_set_cookie_params($lifetime, $path, $domain ? $domain : self::getDomain(), false, false);
if (strlen(session_id()) == 0) {
if (headers_sent()) {
throw new Exception('Headers already sent. Cannot start session.');
}
session_start();
}
self::$_initialized = true;
}
return session_id();
}
/**
* Open a session
*
* @access public
* @param string $base_path Cookie path
*/
public function open($base_path = '/')
{
// HttpOnly and secure flags for session cookie
session_set_cookie_params(SESSION_DURATION, $base_path ?: '/', null, Request::isHTTPS(), true);
// Avoid session id in the URL
ini_set('session.use_only_cookies', '1');
// Enable strict mode
if (version_compare(PHP_VERSION, '7.0.0') < 0) {
ini_set('session.use_strict_mode', '1');
}
// Ensure session ID integrity
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', '32');
ini_set('session.hash_bits_per_character', 6);
// If the session was autostarted with session.auto_start = 1 in php.ini destroy it
if (isset($_SESSION)) {
session_destroy();
}
// Custom session name
session_name('__S');
// Start the session
session_start();
// Regenerate the session id to avoid session fixation issue
if (empty($_SESSION['__validated'])) {
session_regenerate_id(true);
$_SESSION['__validated'] = 1;
}
}
function ensure_session()
{
if (session_id() !== "") {
return true;
}
if (!($sn = make_session_name(opt("sessionName")))) {
return false;
}
// maybe upgrade from an old session name to this one
if (!isset($_COOKIE[$sn]) && ($upgrade_sn = opt("sessionUpgrade")) && ($upgrade_sn = make_session_name($upgrade_sn)) && isset($_COOKIE[$upgrade_sn])) {
session_id($_COOKIE[$upgrade_sn]);
setcookie($upgrade_sn, "", time() - 3600, "/", opt("sessionUpgradeDomain", opt("sessionDomain", "")), opt("sessionSecure", false));
}
$secure = opt("sessionSecure");
$domain = opt("sessionDomain");
if ($secure !== null || $domain !== null) {
$params = session_get_cookie_params();
if ($secure !== null) {
$params["secure"] = !!$secure;
}
if ($domain !== null) {
$params["domain"] = $domain;
}
session_set_cookie_params($params["lifetime"], $params["path"], $params["domain"], $params["secure"]);
}
session_name($sn);
session_cache_limiter("");
if (isset($_COOKIE[$sn]) && !preg_match(';\\A[-a-zA-Z0-9,]{1,128}\\z;', $_COOKIE[$sn])) {
error_log("unexpected session ID <" . $_COOKIE[$sn] . ">");
unset($_COOKIE[$sn]);
}
session_start();
return true;
}
/**
* Available options:
*
* * session_name: The cookie name (symfony by default)
* * session_id: The session id (null by default)
* * auto_start: Whether to start the session (true by default)
* * session_cookie_lifetime: Cookie lifetime
* * session_cookie_path: Cookie path
* * session_cookie_domain: Cookie domain
* * session_cookie_secure: Cookie secure
* * session_cookie_httponly: Cookie http only (only for PHP >= 5.2)
*
* The default values for all 'session_cookie_*' options are those returned by the session_get_cookie_params() function
*
* @param array $options An associative array of options
*
* @see sfStorage
*/
public function initialize($options = null)
{
$cookieDefaults = session_get_cookie_params();
$options = array_merge(array('session_name' => 'symfony', 'session_id' => null, 'auto_start' => true, 'session_cookie_lifetime' => $cookieDefaults['lifetime'], 'session_cookie_path' => $cookieDefaults['path'], 'session_cookie_domain' => $cookieDefaults['domain'], 'session_cookie_secure' => $cookieDefaults['secure'], 'session_cookie_httponly' => isset($cookieDefaults['httponly']) ? $cookieDefaults['httponly'] : false, 'session_cache_limiter' => 'none'), $options);
// initialize parent
parent::initialize($options);
// set session name
$sessionName = $this->options['session_name'];
session_name($sessionName);
if (!(bool) ini_get('session.use_cookies') && ($sessionId = $this->options['session_id'])) {
session_id($sessionId);
}
$lifetime = $this->options['session_cookie_lifetime'];
$path = $this->options['session_cookie_path'];
$domain = $this->options['session_cookie_domain'];
$secure = $this->options['session_cookie_secure'];
$httpOnly = $this->options['session_cookie_httponly'];
session_set_cookie_params($lifetime, $path, $domain, $secure, $httpOnly);
if (!is_null($this->options['session_cache_limiter'])) {
session_cache_limiter($this->options['session_cache_limiter']);
}
if ($this->options['auto_start'] && !self::$sessionStarted) {
session_start();
self::$sessionStarted = true;
}
}
static function sessionStart($name, $limit = 0, $path = '/', $domain = null, $secure = null)
{
// Set the cookie name
session_name($name . '_Session');
// Set SSL level
$https = isset($secure) ? $secure : isset($_SERVER['HTTPS']);
// Set session cookie options
session_set_cookie_params($limit, $path, $domain, $https, true);
session_start();
// Make sure the session hasn't expired, and destroy it if it has
if (self::validateSession()) {
// Check to see if the session is new or a hijacking attempt
if (!self::preventHijacking()) {
// Reset session data and regenerate id
$_SESSION = array();
$_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
self::regenerateSession();
// Give a 5% chance of the session id changing on any request
} elseif (rand(1, 100) <= 5) {
self::regenerateSession();
}
} else {
$_SESSION = array();
session_destroy();
session_start();
}
}
public static function start()
{
$config = Registry::get('config');
if (isset($config->session)) {
// optional parameters sent to the constructor
if (isset($config->session->params)) {
$sessionParams = $config->session->params;
}
if (is_object($config->session->handler)) {
$sessionHandler = self::factory($config->session->handler->namespace, $config->session->handler->class, $sessionParams, $config->session->lifetime);
} else {
$sessionHandler = self::factory('Nf\\Session', $config->session->handler, $sessionParams, $config->session->lifetime);
}
session_name($config->session->cookie->name);
session_set_cookie_params(0, $config->session->cookie->path, $config->session->cookie->domain, false, true);
session_set_save_handler(array(&$sessionHandler, 'open'), array(&$sessionHandler, 'close'), array(&$sessionHandler, 'read'), array(&$sessionHandler, 'write'), array(&$sessionHandler, 'destroy'), array(&$sessionHandler, 'gc'));
register_shutdown_function('session_write_close');
session_start();
// session_regenerate_id(true);
Registry::set('session', $sessionHandler);
return $sessionHandler;
} else {
return false;
}
}
/**
* Set PHP session settings
*
* @return bool
*/
public static function init()
{
if (self::$iniSet === true) {
return false;
}
self::$iniSet = true;
ini_set('session.use_cookies', '1');
ini_set('session.use_only_cookies', '1');
ini_set('session.use_trans_sid', 0);
ini_set('session.auto_start', '0');
ini_set('session.serialize_handler', 'php');
ini_set('session.gc_maxlifetime', SESSION_LIFETIME);
ini_set('session.gc_probability', '1');
ini_set('session.gc_divisor', '1000');
ini_set('session.bug_compat_warn', '0');
ini_set('session.bug_compat_42', '0');
ini_set('session.cookie_httponly', true);
ini_set('session.save_path', CACHE_PATH . 'sessions');
ini_set('upload_tmp_dir', CACHE_PATH . 'sessions');
$HTTP_ROOT = MODE === 'INSTALL' ? dirname(HTTP_ROOT) : HTTP_ROOT;
session_set_cookie_params(SESSION_LIFETIME, $HTTP_ROOT, NULL, HTTPS, true);
session_cache_limiter('nocache');
session_name('2Moons');
return true;
}
/**
* Bootstrap the session.
*
* @param Config $config The session config
*/
public static function bootstrap(Config $config)
{
if (!$config->cookie_name) {
$config->cookie_name = 'session_id';
}
if (!$config->id_format) {
$config->id_format = Handler::DEFAULT_ID_FORMAT;
}
// Create and set the session save handler
static::$handler = new Handler($config);
session_set_save_handler(static::$handler, true);
// Set the session name
session_name($config->cookie_name);
// Set the cookie parameters
$app = Application::instance();
$path = $app->config->base_uri ?: '/';
$domain = $app->config->domain ?: $_SERVER['HTTP_HOST'];
$secure = $app->request->isSecure();
$lifetime = $config->lifetime ?: 2592000;
session_set_cookie_params($lifetime, $path, $domain, $secure, true);
// Start the session
session_start();
// Register session_write_close() as a shutdown function
session_register_shutdown();
}
protected function __construct()
{
$this->config = Hayate_Config::load('session');
$driver = isset($this->config->session->driver) ? $this->config->session->driver : 'native';
switch ($driver) {
case 'database':
// can we get a db connection ?
if (null === Hayate_Database::getInstance()) {
throw new Hayate_Exception(sprintf(_('%s cannot use "database" driver as it is unable' . ' to retrieve a valid database connection.'), __CLASS__));
}
$ses = Hayate_Session_Database::getInstance();
session_set_save_handler(array($ses, 'open'), array($ses, 'close'), array($ses, 'read'), array($ses, 'write'), array($ses, 'destroy'), array($ses, 'gc'));
break;
case 'native':
break;
default:
throw new Hayate_Exception(sprintf(_('Session driver: "%s" not supported.'), $driver));
}
// @see http://php.net/manual/en/function.session-write-close.php
Hayate_Event::add('hayate.shutdown', 'session_write_close');
ini_set('session.use_only_cookies', true);
ini_set('session.use_trans_sid', 0);
session_name($this->config->get('session.name', 'HayateSession'));
// session will not work with a domain without top level
$domain = $this->config->get('session.domain', $_SERVER['SERVER_NAME']);
if (preg_match('/^\\.?.+\\.[a-z]{2,4}$/i', $domain) != 1) {
$domain = '';
}
session_set_cookie_params((int) $this->config->get('session.lifetime', 0), $this->config->get('session.path', '/'), $domain, $this->config->get('session.secure', false), $this->config->get('session.httponly', false));
session_start();
Hayate_Log::info(sprintf(_('%s initialized.'), __CLASS__));
}
private function _initSession()
{
session_set_cookie_params(self::$session_lifetime, self::$session_path, self::$session_domain, self::$session_secure, self::$session_httponly);
if (!session_id()) {
session_start();
}
}
function startSession()
{
$stSession = new StoreSessionDB();
session_set_cookie_params(0, '/', '', 1);
session_name("mypics");
session_start();
}
public function init($options = null)
{
$cookie_defaults = session_get_cookie_params();
if (!isset($options['session_cookie_path']) && class_exists("waSystem")) {
$options['session_cookie_path'] = waSystem::getInstance()->getRootUrl();
}
$options = array_merge(array('session_id' => null, 'auto_start' => true, 'session_cookie_lifetime' => $cookie_defaults['lifetime'], 'session_cookie_path' => $cookie_defaults['path'], 'session_cookie_domain' => $cookie_defaults['domain'], 'session_cookie_secure' => $cookie_defaults['secure'], 'session_cookie_httponly' => true, 'session_cache_limiter' => 'none'), $options);
// initialize parent
parent::init($options);
if (isset($this->options['session_name'])) {
session_name($this->options['session_name']);
}
if (!(bool) ini_get('session.use_cookies') && ($session_id = $this->options['session_id'])) {
session_id($session_id);
}
$lifetime = $this->options['session_cookie_lifetime'];
$path = $this->options['session_cookie_path'];
$domain = $this->options['session_cookie_domain'];
$secure = $this->options['session_cookie_secure'];
$http_only = $this->options['session_cookie_httponly'];
session_set_cookie_params($lifetime, $path, $domain, $secure, $http_only);
if (null !== $this->options['session_cache_limiter']) {
session_cache_limiter($this->options['session_cache_limiter']);
}
if ($this->options['auto_start']) {
if (isset($_COOKIE[session_name()])) {
$this->open();
}
}
}
function sec_session_start()
{
$session_name = 'sec_session_id';
// Set a custom session name
$secure = false;
// Set to true if using https.
$httponly = true;
// This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1);
// Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params();
// Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name);
// Sets the session name to the one set above.
session_start();
// Start the php session
session_regenerate_id(false);
// regenerated the session, delete the old one.
$inactive = 600;
// check to see if $_SESSION['timeout'] is set
if (isset($_SESSION['timeout'])) {
$session_life = time() - $_SESSION['timeout'];
if ($session_life > $inactive) {
echo "<script language=javascript>\n\t\talert('Sesi Telah Habis');</script>";
echo '<script type=text/javascript>
window.location = "logout.php";
</script>';
}
}
$_SESSION['timeout'] = time();
}
function iniciarSesion($session_name, $secure)
{
// Make sure the session cookie is not accessable via javascript.
$httpunico = true;
// Hash algorithm to use for the sessionid. (use hash_algos() to get a list of available hashes.)
$sesion_hash = 'sha512';
// Check if hash is available
if (in_array($sesion_hash, hash_algos())) {
// Set the has function.
ini_set('session.hash_function', $sesion_hash);
}
// How many bits per character of the hash.
// The possible values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",").
ini_set('session.hash_bits_per_character', 5);
// Force the session to only use cookies, not URL variables.
ini_set('session.use_only_cookies', 1);
// Get session cookie parameters
$cookieParams = session_get_cookie_params();
// Set the parameters
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httpunico);
// Change the session name
session_name($session_name);
// Now we cat start the session
session_start();
// This line regenerates the session and delete the old one.
// It also generates a new encryption key in the database.
}
public function login(Request $request)
{
$name = $request->name;
$password = $request->pass;
$chek = $request->ks;
$this->validate($request, ['name' => 'required', 'pass' => 'required']);
/* $user_name=user_table::find($name);
$pass= user_table::find($password);*/
$user = user_table::where('username', $name)->first();
$name = $user['username'];
$id = $user['id'];
$pass = $user['password'];
$phone = $user['phone'];
$email = $user['email'];
$type_id = $user['user_type_id'];
if ($pass == $password) {
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
if ($chek == 'true') {
session_set_cookie_params('6048000');
session_regenerate_id(true);
}
$_SESSION['logged_state'] = 1;
$_SESSION['username'] = $name;
$_SESSION['phone'] = $phone;
$_SESSION['email'] = $email;
$_SESSION['type_id'] = $type_id;
return 1;
} else {
return 0;
}
}
