/**
* 初始化session
*/
private static function session()
{
//init session save type
if (extension_loaded('memcache') && self::$_conf['SESSION_SAVE_TYPE'] == 'm') {
ini_set('session.save_handler', 'memcache');
ini_set('session.save_path', 'tcp://' . self::$_conf['MEM_HOST'] . ':' . self::$_conf['MEM_PORT']);
}
Session::sid(self::$_conf['S_ID']);
Session::name(self::$_conf['S_NAME']);
Session::expire(self::$_conf['S_EXPIRE']);
session_start();
}
/**
+----------------------------------------------------------
* Session 初始化
+----------------------------------------------------------
* @static
* @access private
+----------------------------------------------------------
* @return boolean
+----------------------------------------------------------
*/
static function _init()
{
ini_set('session.auto_start', 0);
if (is_null(Session::detectID())) {
Session::id(uniqid(dechex(mt_rand())));
}
// 设置Session有效域名
Session::setCookieDomain(C('COOKIE_DOMAIN'));
//设置当前项目运行脚本作为Session本地名
Session::localName(APP_NAME);
Session::name(C('SESSION_NAME'));
Session::path(C('SESSION_PATH'));
Session::setCallback(C('SESSION_CALLBACK'));
}
}
// Security : The session is wiped if the user-agent change
if (Session::exists('HTTP_USER_AGENT')) {
if (Session::read('HTTP_USER_AGENT') != $_SERVER['HTTP_USER_AGENT']) {
Session::regenerate_id();
Session::wipe();
Session::write('HTTP_USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
}
} else {
Session::write('HTTP_USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
}
// Security : The page is reloaded without session id in the URL if the session id is present in the URL
if (strpos($_SERVER['REQUEST_URI'], Session::name()) && count($_POST) == 0) {
Session::close();
setcookie(Session::name(), Session::id(), null, '/', '.' . $domaine);
$page_address = preg_replace('#(?<=&|\\?)' . Session::name() . '=[^&]+(?:&|$)#', '', $_SERVER['REQUEST_URI']);
$page_address = rtrim($page_address, '?&');
header('Location: http://' . $_SERVER['HTTP_HOST'] . $page_address);
exit;
}
// Security : The $_POST variables are wiped if the referer domain is different from the current domain
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '' && !preg_match('#^https?://' . preg_quote($_SERVER['SERVER_NAME']) . '#', $_SERVER['HTTP_REFERER'])) {
// On vide $_POST
$_POST = array();
}
// Removing special characters from $_POST variables (they may be a problem with DB or AJAX)
foreach ($_POST as $key => $value) {
if (!is_array($value)) {
$value = preg_replace('#[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F]#', '', $value);
}
}
public function name()
{
return Session::name();
}
/**
* Returns the <input type="text" tag
*
* @param array $attr
* Optionals attributes to add to input tag
*
* @return string
*/
public static function input(array $attr = array())
{
return self::tag(array_merge(array('input', 'type' => 'text', 'name' => Session::name(), 'required'), $attr));
}
/**
+----------------------------------------------------------
* 检测SessionID
+----------------------------------------------------------
* @static
* @access public
+----------------------------------------------------------
* @return void
+----------------------------------------------------------
*/
static function detectID()
{
if (session_id() != '') {
return session_id();
}
if (Session::useCookies()) {
if (isset($_COOKIE[Session::name()])) {
return $_COOKIE[Session::name()];
}
} else {
if (isset($_GET[Session::name()])) {
return $_GET[Session::name()];
}
if (isset($_POST[Session::name()])) {
return $_POST[Session::name()];
}
}
return null;
}
static function setExpire($time)
{
setcookie(Session::name(), Session::id(), time() + $time, '/');
}
