/**
* @runInSeparateProcess
*/
public function testSetAndGetAndRegenerateId()
{
Session::start();
Session::setId('1ab2c3d4e5f6g7h8i9');
$this->assertEquals('1ab2c3d4e5f6g7h8i9', Session::getId());
Session::regenerateId();
$this->assertNotEquals('1ab2c3d4e5f6g7h8i9', Session::getId());
}
/**
* Retrieve a session by ID.
* @param $sessionId string
* @return Session
*/
function &getSession($sessionId)
{
$result =& $this->retrieve('SELECT * FROM sessions WHERE session_id = ?', array($sessionId));
$session = null;
if ($result->RecordCount() != 0) {
$row =& $result->GetRowAssoc(false);
$session = new Session();
$session->setId($row['session_id']);
$session->setUserId($row['user_id']);
$session->setIpAddress($row['ip_address']);
$session->setUserAgent($row['user_agent']);
$session->setSecondsCreated($row['created']);
$session->setSecondsLastUsed($row['last_used']);
$session->setRemember($row['remember']);
$session->setSessionData($row['data']);
}
$result->Close();
unset($result);
return $session;
}
public function index()
{
$this->load->language('api/login');
// Delete old login so not to cause any issues if there is an error
unset($this->session->data['api_id']);
$keys = array('username', 'password');
foreach ($keys as $key) {
if (!isset($this->request->post[$key])) {
$this->request->post[$key] = '';
}
}
$json = array();
$this->load->model('account/api');
// Login with username and password
$api_info = $this->model_account_api->login($this->request->post['username'], $this->request->post['password']);
if ($api_info) {
$json['success'] = $this->language->get('text_success');
echo $this->session->getId() . '<br>';
$this->session->close();
$session = new Session();
$session->setName('PHPSESSID_' . uniqid());
$session->setId();
$session->start();
$session->data['api_id'] = $api_info['api_id'];
// Create Token
$json['token'] = $this->model_account_api->addSession($api_info['api_id'], $this->session->getName(), $this->session->getId(), $this->request->server['REMOTE_ADDR']);
} else {
$json['error'] = $this->language->get('error_login');
}
if (isset($this->request->server['HTTP_ORIGIN'])) {
$this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
$this->response->addHeader('Access-Control-Allow-Credentials: true');
$this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
$this->response->addHeader('Access-Control-Max-Age: 1000');
$this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
}
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
$cache = new Cache('file');
$registry->set('cache', $cache);
//wechat
$wechat = new Wechat($registry);
$registry->set('wechat', $wechat);
// Session
$session = new Session();
//
$msg = new UsaysMessager($registry);
$registry->set('msg', $msg);
// For API requests we need to create a separate cookie
if (isset($request->get['token']) && isset($request->get['route']) && substr($request->get['route'], 0, 4) == 'api/') {
$db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, date_modified) < NOW()");
$query = $db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api_session` a LEFT JOIN `" . DB_PREFIX . "api_ip` ai ON (a.api_id = ai.api_id) WHERE a.token = '" . $db->escape($request->get['token']) . "' AND ai.ip = '" . $db->escape($request->server['REMOTE_ADDR']) . "'");
if ($query->num_row) {
$session->setId($session_info['session_id']);
$session->setName($session_info['session_name']);
}
}
$session->start();
$registry->set('session', $session);
//open hours
$openhours = new OpenHours($registry);
$registry->set('openhours', $openhours);
// Language Detection
$languages = array();
$query = $db->query("SELECT * FROM `" . DB_PREFIX . "language` WHERE status = '1'");
foreach ($query->rows as $result) {
$languages[$result['code']] = $result;
}
if (isset($session->data['language']) && array_key_exists($session->data['language'], $languages)) {
// Response
$response = new Response();
$response->addHeader('Content-Type: text/html; charset=utf-8');
$response->setCompression($config->get('config_compression'));
$registry->set('response', $response);
// Cache
$cache = new Cache('file');
$registry->set('cache', $cache);
// Session
$session = new Session();
// For API requests we need to create a separate cookie
if (isset($request->get['token']) && isset($request->get['route']) && substr($request->get['route'], 0, 4) == 'api/') {
$db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, date_modified) < NOW()");
$query = $db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api_session` as LEFT JOIN api_ip ai ON (as.api_id = ai.api_id) WHERE as.token = '" . $db->escape($request->get['token']) . "' AND ai.ip = '" . $db->escape($request->server['REMOTE_ADDR']) . "'");
if ($query->num_row) {
$session->setId($query->row['session_id']);
$session->setName($query->row['session_name']);
$db->query("UPDATE `" . DB_PREFIX . "api_session` SET date_modified = NOW() WHERE api_session_id = '" . $query->row['api_session_id'] . "'");
}
}
$session->start();
$registry->set('session', $session);
// Language Detection
$languages = array();
$query = $db->query("SELECT * FROM `" . DB_PREFIX . "language` WHERE status = '1'");
foreach ($query->rows as $result) {
$languages[$result['code']] = $result;
}
if (isset($session->data['language']) && array_key_exists($session->data['language'], $languages)) {
$code = $session->data['language'];
} elseif (isset($request->cookie['language']) && array_key_exists($request->cookie['language'], $languages)) {
