function write($id, $sess_data)
 {
     global $SECURITY_SESSION_OLD_ID;
     if (preg_match("/^[\\da-z]{1,32}\$/i", $id)) {
         if ($SECURITY_SESSION_OLD_ID && preg_match("/^[\\da-z]{1,32}\$/i", $SECURITY_SESSION_OLD_ID)) {
             $old_sess_id = $SECURITY_SESSION_OLD_ID;
         } else {
             $old_sess_id = $id;
         }
         CSecurityDB::Query("\n\t\t\t\tdelete from b_sec_session\n\t\t\t\twhere SESSION_ID = '" . $old_sess_id . "'\n\t\t\t", "Module: security; Class: CSecuritySession; Function: write; File: " . __FILE__ . "; Line: " . __LINE__);
         CSecurityDB::QueryBind("\n\t\t\t\tinsert into b_sec_session\n\t\t\t\t(SESSION_ID, TIMESTAMP_X, SESSION_DATA)\n\t\t\t\tvalues\n\t\t\t\t('" . $id . "', " . CSecurityDB::CurrentTimeFunction() . ", :SESSION_DATA)\n\t\t\t", array("SESSION_DATA" => base64_encode($sess_data)), "Module: security; Class: CSecuritySession; Function: write; File: " . __FILE__ . "; Line: " . __LINE__);
     }
 }
Beispiel #2
0
 /**
  * @param string $id - session id, must be valid hash
  * @param array $sessionData
  */
 public static function write($id, $sessionData)
 {
     if (!self::isValidId($id)) {
         return;
     }
     if (CSecuritySession::isOldSessionIdExist()) {
         $oldSessionId = CSecuritySession::getOldSessionId();
     } else {
         $oldSessionId = $id;
     }
     CSecurityDB::Query("\n\t\t\tdelete from b_sec_session\n\t\t\twhere SESSION_ID = '" . $oldSessionId . "'\n\t\t", "Module: security; Class: CSecuritySession; Function: write; File: " . __FILE__ . "; Line: " . __LINE__);
     CSecurityDB::QueryBind("\n\t\t\tinsert into b_sec_session\n\t\t\t(SESSION_ID, TIMESTAMP_X, SESSION_DATA)\n\t\t\tvalues\n\t\t\t('" . $id . "', " . CSecurityDB::CurrentTimeFunction() . ", :SESSION_DATA)\n\t\t", array("SESSION_DATA" => base64_encode($sessionData)), "Module: security; Class: CSecuritySession; Function: write; File: " . __FILE__ . "; Line: " . __LINE__);
 }
 function dolog()
 {
     if (defined("ANTIVIRUS_CREATE_TRACE")) {
         $this->CreateTrace();
     }
     $uniq_id = md5($this->data);
     $rsLog = CSecurityDB::Query("SELECT * FROM b_sec_virus WHERE ID = '" . $uniq_id . "'", "Module: security; Class: CSecurityAntiVirus; Function: AddEventLog; File: " . __FILE__ . "; Line: " . __LINE__);
     $arLog = CSecurityDB::Fetch($rsLog);
     if ($arLog && $arLog["SENT"] == "Y") {
         CSecurityDB::Query("DELETE FROM b_sec_virus WHERE SENT = 'Y' AND TIMESTAMP_X < " . CSecurityDB::SecondsAgo($BX_SECURITY_AV_TIMEOUT * 60) . "", "Module: security; Class: CSecurityAntiVirus; Function: AddEventLog; File: " . __FILE__ . "; Line: " . __LINE__);
         $rsLog = CSecurityDB::Query("SELECT * FROM b_sec_virus WHERE ID = '" . $uniq_id . "'", "Module: security; Class: CSecurityAntiVirus; Function: AddEventLog; File: " . __FILE__ . "; Line: " . __LINE__);
         $arLog = CSecurityDB::Fetch($rsLog);
     }
     if (!$arLog) {
         $ss = $this->data;
         if (defined("ANTIVIRUS_CREATE_TRACE")) {
             foreach ($this->resultrules as $k => $v) {
                 $ss .= "\n" . $k . "=" . $v;
             }
         }
         if (defined("SITE_ID") && !defined("ADMIN_SECTION")) {
             $SITE_ID = SITE_ID;
         } else {
             $rsDefSite = CSecurityDB::Query("SELECT LID FROM b_lang WHERE ACTIVE='Y' ORDER BY DEF desc, SORT", "Module: security; Class: CSecurityAntiVirus; Function: AddEventLog; File: " . __FILE__ . "; Line: " . __LINE__);
             $arDefSite = CSecurityDB::Fetch($rsDefSite);
             if ($arDefSite) {
                 $SITE_ID = $arDefSite["LID"];
             } else {
                 $SITE_ID = false;
             }
         }
         $s = serialize(array("SEVERITY" => "SECURITY", "AUDIT_TYPE_ID" => "SECURITY_VIRUS", "MODULE_ID" => "security", "ITEM_ID" => "UNKNOWN", "REMOTE_ADDR" => $_SERVER["REMOTE_ADDR"], "USER_AGENT" => $_SERVER["HTTP_USER_AGENT"], "REQUEST_URI" => $_SERVER["REQUEST_URI"], "SITE_ID" => defined("SITE_ID") ? SITE_ID : false, "USER_ID" => false, "GUEST_ID" => array_key_exists("SESS_GUEST_ID", $_SESSION) && $_SESSION["SESS_GUEST_ID"] > 0 ? $_SESSION["SESS_GUEST_ID"] : false, "DESCRIPTION" => "==" . base64_encode($ss)));
         CSecurityDB::QueryBind("insert into b_sec_virus (ID, TIMESTAMP_X, SITE_ID, INFO) values ('" . $uniq_id . "', " . CSecurityDB::CurrentTimeFunction() . ", " . ($SITE_ID ? "'" . $SITE_ID . "'" : "null") . ", :INFO)", array("INFO" => base64_encode($s)), "Module: security; Class: CSecurityAntiVirus; Function: AddEventLog; File: " . __FILE__ . "; Line: " . __LINE__);
         @fclose(@fopen($_SERVER["DOCUMENT_ROOT"] . BX_PERSONAL_ROOT . "/managed_cache/b_sec_virus", "w"));
     }
 }
Beispiel #4
0
	/**
	 * @param string $id - session id, must be valid hash
	 * @param array $sessionData
	 * @return bool
	 */
	public static function write($id, $sessionData)
	{
		if(!self::isValidId($id))
			return false;

		if (self::$isReadOnly)
			return true;

		if(CSecuritySession::isOldSessionIdExist())
			$oldSessionId = CSecuritySession::getOldSessionId();
		else
			$oldSessionId = $id;

		CSecurityDB::Query("
			delete from b_sec_session
			where SESSION_ID = '".$oldSessionId."'
		", "Module: security; Class: CSecuritySession; Function: write; File: ".__FILE__."; Line: ".__LINE__);

		CSecurityDB::QueryBind("
			insert into b_sec_session
			(SESSION_ID, TIMESTAMP_X, SESSION_DATA)
			values
			('".$id."', ".CSecurityDB::CurrentTimeFunction().", :SESSION_DATA)
		", array("SESSION_DATA" => base64_encode($sessionData))
		, "Module: security; Class: CSecuritySession; Function: write; File: ".__FILE__."; Line: ".__LINE__);

		return true;
	}