static function start()
{
include_once __DIR__ . '/sessionDrivers/' . Settings::$sessionDriver . '.php';
//self::$driver = new Settings::$sessionDriver();
//session_set_save_handler(array(self::$driver, 'open'),array(self::$driver, 'close'),array(self::$driver, 'read'),
// array(self::$driver, 'write'),array(self::$driver, 'destroy'),array(self::$driver, 'gc'));
register_shutdown_function('session_write_close');
if (in_array(Settings::$session_hash, hash_algos())) {
ini_set('session.hash_function', Settings::$session_hash);
}
ini_set('session.hash_bits_per_character', Settings::$hash_bits_per_character);
$cookieParams = session_get_cookie_params();
session_set_cookie_params(Settings::$sessionLifetime, $cookieParams["path"], $cookieParams["domain"], Settings::$secure, Settings::$httpOnly);
session_name(Settings::$NAME);
//буферизуем заголовок
ob_start();
//включаем CORS, если указано в настройках /*
if (isset(Settings::$CORS) && Settings::$CORS && !empty($_SERVER['HTTP_ORIGIN'])) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
}
//включаем сессию
session_start();
ob_end_flush();
//посылаем заголовок
}
/**
* Initialize session
*/
public static function init()
{
// Force cookie path (but do not change lifetime)
$cookie = session_get_cookie_params();
// Default cookie expiration and path.
$cookiedir = '';
if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
$cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/';
}
$ssl = false;
if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
$ssl = true;
}
session_set_cookie_params($cookie['lifetime'], $cookiedir, $cookie['domain'], $ssl);
// Use cookies to store session.
ini_set('session.use_cookies', 1);
// Force cookies for session (phpsessionID forbidden in URL)
ini_set('session.use_only_cookies', 1);
if (!session_id()) {
// Prevent php to use sessionID in URL if cookies are disabled.
ini_set('session.use_trans_sid', false);
if (!empty(self::$sessionName)) {
session_name(self::$sessionName);
}
session_start();
}
}
function _set_session_start_()
{
global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
$var_session = true;
if (isset($HTTP_GET_VARS[_set_session_name_()])) {
if (preg_match("/^[a-zA-Z0-9]+\$/", $HTTP_GET_VARS[_set_session_name_()]) == false) {
unset($HTTP_GET_VARS[_set_session_name_()]);
$var_session = false;
}
} elseif (isset($HTTP_POST_VARS[_set_session_name_()])) {
if (preg_match("/^[a-zA-Z0-9]+\$/", $HTTP_POST_VARS[_set_session_name_()]) == false) {
unset($HTTP_POST_VARS[_set_session_name_()]);
$var_session = false;
}
} elseif (isset($HTTP_COOKIE_VARS[_set_session_name_()])) {
if (preg_match("/^[a-zA-Z0-9]+\$/", $HTTP_COOKIE_VARS[_set_session_name_()]) == false) {
$var_session_data = session_get_cookie_params();
setcookie(_set_session_name_(), "", time() - 42000, $var_session_data["path"], $var_session_data["domain"]);
$var_session = false;
}
}
if ($var_session == false) {
_set_location_(def_application_home);
}
return session_start();
}
function iniciarSesion($session_name, $secure)
{
// Make sure the session cookie is not accessable via javascript.
$httpunico = true;
// Hash algorithm to use for the sessionid. (use hash_algos() to get a list of available hashes.)
$sesion_hash = 'sha512';
// Check if hash is available
if (in_array($sesion_hash, hash_algos())) {
// Set the has function.
ini_set('session.hash_function', $sesion_hash);
}
// How many bits per character of the hash.
// The possible values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",").
ini_set('session.hash_bits_per_character', 5);
// Force the session to only use cookies, not URL variables.
ini_set('session.use_only_cookies', 1);
// Get session cookie parameters
$cookieParams = session_get_cookie_params();
// Set the parameters
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httpunico);
// Change the session name
session_name($session_name);
// Now we cat start the session
session_start();
// This line regenerates the session and delete the old one.
// It also generates a new encryption key in the database.
}
/**
* Available options:
*
* * session_name: The cookie name (symfony by default)
* * session_id: The session id (null by default)
* * auto_start: Whether to start the session (true by default)
* * session_cookie_lifetime: Cookie lifetime
* * session_cookie_path: Cookie path
* * session_cookie_domain: Cookie domain
* * session_cookie_secure: Cookie secure
* * session_cookie_httponly: Cookie http only (only for PHP >= 5.2)
*
* The default values for all 'session_cookie_*' options are those returned by the session_get_cookie_params() function
*
* @param array $options An associative array of options
*
* @see sfStorage
*/
public function initialize($options = null)
{
$cookieDefaults = session_get_cookie_params();
$options = array_merge(array('session_name' => 'symfony', 'session_id' => null, 'auto_start' => true, 'session_cookie_lifetime' => $cookieDefaults['lifetime'], 'session_cookie_path' => $cookieDefaults['path'], 'session_cookie_domain' => $cookieDefaults['domain'], 'session_cookie_secure' => $cookieDefaults['secure'], 'session_cookie_httponly' => isset($cookieDefaults['httponly']) ? $cookieDefaults['httponly'] : false, 'session_cache_limiter' => 'none'), $options);
// initialize parent
parent::initialize($options);
// set session name
$sessionName = $this->options['session_name'];
session_name($sessionName);
if (!(bool) ini_get('session.use_cookies') && ($sessionId = $this->options['session_id'])) {
session_id($sessionId);
}
$lifetime = $this->options['session_cookie_lifetime'];
$path = $this->options['session_cookie_path'];
$domain = $this->options['session_cookie_domain'];
$secure = $this->options['session_cookie_secure'];
$httpOnly = $this->options['session_cookie_httponly'];
session_set_cookie_params($lifetime, $path, $domain, $secure, $httpOnly);
if (!is_null($this->options['session_cache_limiter'])) {
session_cache_limiter($this->options['session_cache_limiter']);
}
if ($this->options['auto_start'] && !self::$sessionStarted) {
session_start();
self::$sessionStarted = true;
}
}
public function init($options = null)
{
$cookie_defaults = session_get_cookie_params();
if (!isset($options['session_cookie_path']) && class_exists("waSystem")) {
$options['session_cookie_path'] = waSystem::getInstance()->getRootUrl();
}
$options = array_merge(array('session_id' => null, 'auto_start' => true, 'session_cookie_lifetime' => $cookie_defaults['lifetime'], 'session_cookie_path' => $cookie_defaults['path'], 'session_cookie_domain' => $cookie_defaults['domain'], 'session_cookie_secure' => $cookie_defaults['secure'], 'session_cookie_httponly' => true, 'session_cache_limiter' => 'none'), $options);
// initialize parent
parent::init($options);
if (isset($this->options['session_name'])) {
session_name($this->options['session_name']);
}
if (!(bool) ini_get('session.use_cookies') && ($session_id = $this->options['session_id'])) {
session_id($session_id);
}
$lifetime = $this->options['session_cookie_lifetime'];
$path = $this->options['session_cookie_path'];
$domain = $this->options['session_cookie_domain'];
$secure = $this->options['session_cookie_secure'];
$http_only = $this->options['session_cookie_httponly'];
session_set_cookie_params($lifetime, $path, $domain, $secure, $http_only);
if (null !== $this->options['session_cache_limiter']) {
session_cache_limiter($this->options['session_cache_limiter']);
}
if ($this->options['auto_start']) {
if (isset($_COOKIE[session_name()])) {
$this->open();
}
}
}
function ensure_session()
{
if (session_id() !== "") {
return true;
}
if (!($sn = make_session_name(opt("sessionName")))) {
return false;
}
// maybe upgrade from an old session name to this one
if (!isset($_COOKIE[$sn]) && ($upgrade_sn = opt("sessionUpgrade")) && ($upgrade_sn = make_session_name($upgrade_sn)) && isset($_COOKIE[$upgrade_sn])) {
session_id($_COOKIE[$upgrade_sn]);
setcookie($upgrade_sn, "", time() - 3600, "/", opt("sessionUpgradeDomain", opt("sessionDomain", "")), opt("sessionSecure", false));
}
$secure = opt("sessionSecure");
$domain = opt("sessionDomain");
if ($secure !== null || $domain !== null) {
$params = session_get_cookie_params();
if ($secure !== null) {
$params["secure"] = !!$secure;
}
if ($domain !== null) {
$params["domain"] = $domain;
}
session_set_cookie_params($params["lifetime"], $params["path"], $params["domain"], $params["secure"]);
}
session_name($sn);
session_cache_limiter("");
if (isset($_COOKIE[$sn]) && !preg_match(';\\A[-a-zA-Z0-9,]{1,128}\\z;', $_COOKIE[$sn])) {
error_log("unexpected session ID <" . $_COOKIE[$sn] . ">");
unset($_COOKIE[$sn]);
}
session_start();
return true;
}
/**
*
* Constructor
*
* @param SegmentFactory $segment_factory A session segment factory.
*
* @param CsrfTokenFactory A CSRF token factory.
*
* @param array $cookies An arry of cookies from the client, typically a
* copy of $_COOKIE.
*
*/
public function __construct(SegmentFactory $segment_factory, CsrfTokenFactory $csrf_token_factory, array $cookies = array())
{
$this->segment_factory = $segment_factory;
$this->csrf_token_factory = $csrf_token_factory;
$this->cookies = $cookies;
$this->cookie_params = session_get_cookie_params();
}
/**
*
*/
public function destroyCookie()
{
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
}
/**
* Logs out a user and resets the complete session
* @author Clemens John <*****@*****.**>
* @return boolean true if the logout was successfull
*/
public function user_logout()
{
if (!isset($_SESSION['user_id'])) {
$messages[] = array("Sie können sich nicht ausloggen, wenn Sie nicht eingeloggt sind", 2);
Message::setMessage($messages);
return false;
} else {
//destroy current session
//to correctly destroy a session look at http://php.net/manual/de/function.session-destroy.php
$stmt = DB::getInstance()->prepare("UPDATE users SET session_id = ? WHERE id = ?");
$stmt->execute(array('', $_SESSION['user_id']));
//delete all Remember-Mes from the database (TODO: this could be improved by storing
//the current session id along with the remember me and then delete only the remember me
//coresponding to the current session.
$user_remember_me_list = new UserRememberMeList($_SESSION['user_id']);
$user_remember_me_list->delete();
unset($_SESSION);
unset($_COOKIE);
setcookie("remember_me", "", time() - 60 * 60 * 24 * 14);
setcookie(session_name(), '', time() - 3600, '/');
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
session_destroy();
session_start();
$messages[] = array("Sie wurden ausgeloggt und ihre Benutzersession wurde gelöscht!", 1);
Message::setMessage($messages);
return true;
}
}
public function indexAction()
{
$this->_helper->layout()->disableLayout();
if (isset($_COOKIE['icingaweb2-session'])) {
$last = (int) $_COOKIE['icingaweb2-session'];
} else {
$last = 0;
}
$now = time();
if ($last + 600 < $now) {
Session::getSession()->write();
$params = session_get_cookie_params();
setcookie('icingaweb2-session', $now, null, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
$_COOKIE['icingaweb2-session'] = $now;
}
$announcementCookie = new AnnouncementCookie();
$announcementRepo = new AnnouncementIniRepository();
if ($announcementCookie->getEtag() !== $announcementRepo->getEtag()) {
$announcementCookie->setEtag($announcementRepo->getEtag())->setNextActive($announcementRepo->findNextActive());
$this->getResponse()->setCookie($announcementCookie);
$this->getResponse()->setHeader('X-Icinga-Announcements', 'refresh', true);
} else {
$nextActive = $announcementCookie->getNextActive();
if ($nextActive && $nextActive <= $now) {
$announcementCookie->setNextActive($announcementRepo->findNextActive());
$this->getResponse()->setCookie($announcementCookie);
$this->getResponse()->setHeader('X-Icinga-Announcements', 'refresh', true);
}
}
$this->getResponse()->setHeader('X-Icinga-Container', 'ignore', true);
}
/**
* @param array $config
*/
public function __construct(array $config = [])
{
// make sure we've got all config elements for this driver
$config['native'] = array_merge($this->defaults, isset($config['native']) ? $config['native'] : array());
// call the parent to process the global config
parent::__construct($config);
// get default the cookie params
$params = session_get_cookie_params();
// update them with any config passed
if (isset($config['cookie_domain'])) {
$params['domain'] = $config['cookie_domain'];
}
if (isset($config['cookie_path'])) {
$params['path'] = $config['cookie_path'];
}
if (isset($config['cookie_secure']) and $config['cookie_secure']) {
$params['secure'] = true;
}
if (isset($config['cookie_http_only']) and $config['cookie_http_only']) {
$params['httponly'] = true;
}
if (isset($config['expire_on_close']) and $config['expire_on_close']) {
$params['lifetime'] = 0;
}
session_set_cookie_params($this->expiration, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
// store the defined name
if (isset($config['native']['cookie_name'])) {
$this->name = $config['native']['cookie_name'];
}
}
protected function setCookie()
{
$data = json_encode($this->_data);
$sig = $this->_sig($data . $this->_getCookieDomain(), $this->getOption('secret'));
$params = session_get_cookie_params();
Pix_HttpResponse::setcookie($this->_getCookieKey(), $sig . '|' . $data, $this->_getTimeout() ? time() + $this->_getTimeout() : null, $this->_getCookiePath(), $this->_getCookieDomain());
}
/**
* Index Page for this controller.
*/
public function index()
{
// Initialize the session.
if ($this->is_session_started() === FALSE) {
session_start();
}
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
// Finally, destroy the session.
if ($this->is_session_started() === TRUE) {
session_unset();
session_destroy();
}
// $session_data = $this->session->all_userdata();
//
// foreach($session_data as $key => $value) {
// $this->session->unset_userdata($key);
// }
//
// $this->session->sess_destroy();
redirect("/", 302);
}
function sec_session_start()
{
$session_name = 'examen_session_id';
// Asignamos un nombre de sesión.
$secure = false;
// Mejor en config.php Lo ideal sería true para trabajar con https.
$httponly = true;
// Obliga a la sesión a utilizar solo cookies.
// Habilitar este ajuste previene de ataques que implican pasar el id de sesión en la URL.
if (ini_set('session.use_only_cookies', 1) === FALSE) {
$action = "error";
$error = "No puedo iniciar una sesion segura (ini_set)";
}
// Obtener los parámetros de la cookie de sesión
$cookies = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
//Marca la cookie como accesible sólo a través del protocolo HTTP.
// Esto siginifica que la cookie no será accesible por lenguajes de script,
// tales como JavaScript.
// Este ajuste puede ayudar de manera efectiva a reducir robos de
// indentidad a través de ataques.
// Incia la sesión PHP
session_name($session_name);
session_start();
// Actualiza el id de sesión actual con uno generado más reciente.
// Ayuda a evitar ataques de fijación de sesión.
session_regenerate_id(true);
}
public static function start()
{
//if(self::$started)
// return true;
// DEBUG: Ver un nombre con alguna llave random al momentode instalar.
$session_name = 'Bludit-KEY';
// If TRUE cookie will only be sent over secure connections.
$secure = false;
// If set to TRUE then PHP will attempt to send the httponly flag when setting the session cookie.
$httponly = true;
// This specifies the lifetime of the cookie in seconds which is sent to the browser.
// The value 0 means until the browser is closed.
$cookieLifetime = 0;
// Gets current cookies params.
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieLifetime, $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
// Sets the session name to the one set above.
session_name($session_name);
// Start session.
self::$started = session_start();
// Regenerated the session, delete the old one. There are problems with AJAX.
//session_regenerate_id(true);
if (!self::$started) {
Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to start the session.');
}
}
/**
* Destruction coomplète de la session et des cookies
* @param boolean $rediRectToIndex Est ce que je dois rediriger vers l'index
* @param boolean $stopExec Est ce que je fais un exit après l'exécution de la
* fonction
*/
function stopSession($rediRectToIndex = TRUE, $stopExec = FALSE, $extra = 'index.php?redirect=0')
{
global $config;
if (isset($_SESSION[$config['sessionName']])) {
session_unset();
session_destroy();
// Unset all of the session variables.
$_SESSION = array();
}
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
foreach ($_COOKIE as $key => $value) {
setcookie($key, '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
}
if ($rediRectToIndex == TRUE) {
/*
* Redirection vers une page différente du même dossier
* le @ permet de pouvoir appeler la fonction ans générer d'erreur
*/
$host = @$_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$curUri = rtrim(basename($_SERVER['PHP_SELF']), '/\\');
if (!isset($_GET['redirect'])) {
header("Location: http://{$host}{$uri}/{$extra}");
}
} else {
echo 'true';
}
if ($stopExec) {
exit;
}
}
function destroy_session()
{
$session_info = session_get_cookie_params();
$_SESSION = [];
setcookie(session_name(), '', 0, $session_info['path'], $session_info['domain'], $session_info['secure'], $session_info['httponly']);
session_destroy();
}
/**
* Destroy session.
*/
public static function destroySession()
{
$_SESSION = array();
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
session_destroy();
}
/**
* @param Request $request
* @param int $type
* @param bool $catch
*
* @return Response
* @throws \Exception
*/
public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = true)
{
if ($type === HttpKernelInterface::SUB_REQUEST) {
return $this->app->handle($request, $type, $catch);
}
$parameters = $this->config->get('cookie_parameters');
if (!isset($parameters[$this->config->get('current_locale')])) {
throw new \Exception(sprintf('Domain %s not available', $this->config->get('current_locale')));
}
$cookieParams = $parameters[$this->config->get('current_locale')];
$this->config->set('current_cookie_domain', $cookieParams['domain']);
if (HttpKernelInterface::MASTER_REQUEST !== $type) {
return $this->app->handle($request, $type, $catch);
}
$session = new Session();
$request->setSession($session);
$cookies = $request->cookies;
if ($cookies->has($session->getName())) {
$session->setId($cookies->get($session->getName()));
} else {
//starts the session if no session exists
$session->start();
$session->migrate(false);
}
$session->start();
$response = $this->app->handle($request, $type, $catch);
if ($session && $session->isStarted()) {
$session->save();
$params = array_merge(session_get_cookie_params(), $cookieParams);
$cookie = new Cookie($session->getName(), $session->getId(), 0 === $params['lifetime'] ? 0 : $request->server->get('REQUEST_TIME') + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
$response->headers->setCookie($cookie);
}
return $response;
}
function pageController()
{
require_once '../php/parks_login.php';
require_once '../php/db_connect.php';
$page = isset($_GET['page']) && $_GET['page'] > -1 ? $_GET['page'] : 0;
$limit = isset($_GET['limit']) ? $_GET['limit'] : 5;
$offset = isset($_GET['offset']) ? $_GET['offset'] : $page * $limit;
$newoffset = $limit === '10' ? '5' : '10';
$stmt = $dbc->prepare("SELECT * FROM national_parks LIMIT :limit OFFSET :offset");
$stmt->bindValue(':limit', (int) $limit, PDO::PARAM_INT);
$stmt->bindValue(':offset', (int) $offset, PDO::PARAM_INT);
$stmt->execute();
if (isset($_GET['admin']) && $_GET['admin'] === 'true') {
$_SESSION['admin'] = true;
}
if (isset($_GET['logout']) && $_GET['logout'] === 'true') {
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
// Finally, destroy the session.
session_destroy();
}
$results = $stmt->fetchall(PDO::FETCH_ASSOC);
return array('page' => $page, 'limit' => $limit, 'offset' => $offset, 'newoffset' => $newoffset, 'results' => $results);
}
public function regenerate()
{
global $user;
if (!$this->sessionIsEmpty()) {
$currentData = $_SESSION;
}
if ($this->started) {
$this->started = FALSE;
session_destroy();
// Remove potential remaining cookie.
setcookie($this->sessionName, FALSE);
}
$this->generateSessionIdentifier();
if (isset($currentData) && !empty($currentData)) {
$_SESSION = $currentData;
$this->start();
if ($user->uid) {
$_SESSION['uid'] = $user->uid;
}
} else {
if ($user->uid) {
$this->start();
$_SESSION['uid'] = $user->uid;
}
}
if ($this->started) {
// Some PHP versions won't reset correctly the cookie.
$params = session_get_cookie_params();
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
setcookie($this->sessionName, $this->sessionIdentifier, $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
$this->refreshAfterSessionChange();
}
function sec_session_start()
{
$session_name = 'sec_session_id';
// Set a custom session name
$secure = false;
// Set to true if using https.
$httponly = true;
// This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1);
// Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params();
// Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name);
// Sets the session name to the one set above.
session_start();
// Start the php session
session_regenerate_id(false);
// regenerated the session, delete the old one.
$inactive = 600;
// check to see if $_SESSION['timeout'] is set
if (isset($_SESSION['timeout'])) {
$session_life = time() - $_SESSION['timeout'];
if ($session_life > $inactive) {
echo "<script language=javascript>\n\t\talert('Sesi Telah Habis');</script>";
echo '<script type=text/javascript>
window.location = "logout.php";
</script>';
}
}
$_SESSION['timeout'] = time();
}
/**
* Returns current session cookie configuration
* @return array
*/
public function getCookieOptions()
{
// Get default cookie options
$options = session_get_cookie_params();
// Cookie name
$options['name'] = session_name();
if (!empty($this->_options['cookie']['name'])) {
$options['name'] = (string) $this->_options['cookie']['name'];
}
// Cookie lifetime
if (!empty($this->_options['cookie']['lifetime'])) {
$options['lifetime'] = (int) $this->_options['cookie']['lifetime'];
}
// Path
if (!empty($this->_options['cookie']['path'])) {
$options['path'] = (string) $this->_options['cookie']['path'];
}
// Domain
if (!empty($this->_options['cookie']['domain'])) {
$options['domain'] = (string) $this->_options['cookie']['domain'];
}
// Secure
if (!empty($this->_options['cookie']['secure'])) {
$options['secure'] = (bool) $this->_options['cookie']['secure'];
}
// Http only
if (!empty($this->_options['cookie']['httponly'])) {
$options['httponly'] = (bool) $this->_options['cookie']['httponly'];
}
return $options;
}
/**
* Initializes this Storage instance.
*
* @param sfContext A sfContext instance
* @param array An associative array of initialization parameters
*
* @return boolean true, if initialization completes successfully, otherwise false
*
* @throws <b>sfInitializationException</b> If an error occurs while initializing this Storage
*/
public function initialize($context, $parameters = null)
{
// initialize parent
parent::initialize($context, $parameters);
// set session name
$sessionName = $this->getParameterHolder()->get('session_name', 'symfony');
session_name($sessionName);
$use_cookies = (bool) ini_get('session.use_cookies');
if (!$use_cookies) {
$sessionId = $context->getRequest()->getParameter($sessionName, '');
if ($sessionId != '') {
session_id($sessionId);
}
}
$cookieDefaults = session_get_cookie_params();
$lifetime = $this->getParameter('session_cookie_lifetime', sfConfig::get('sf_timeout'));
$path = $this->getParameter('session_cookie_path', $cookieDefaults['path']);
$domain = $this->getParameter('session_cookie_domain', $cookieDefaults['domain']);
$secure = $this->getParameter('session_cookie_secure', $cookieDefaults['secure']);
$httpOnly = $this->getParameter('session_cookie_httponly', isset($cookieDefaults['httponly']) ? $cookieDefaults['httponly'] : false);
if (version_compare(phpversion(), '5.2', '>=')) {
session_set_cookie_params($lifetime, $path, $domain, $secure, $httpOnly);
} else {
session_set_cookie_params($lifetime, $path, $domain, $secure);
}
if ($this->getParameter('auto_start', true)) {
// start our session
session_start();
}
}
/**
* {@inheritDoc}
*/
public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
{
if (HttpKernelInterface::MASTER_REQUEST !== $type) {
return $this->app->handle($request, $type, $catch);
}
$session = new SymfonySession();
$request->setSession($session);
if ($this->start) {
$cookies = $request->cookies;
if ($cookies->has($session->getName())) {
$session->setId($cookies->get($session->getName()));
} else {
//starts the session if no session exists
$session->start();
$session->migrate(false);
}
$session->start();
}
$response = $this->app->handle($request, $type, $catch);
if ($session && $session->isStarted()) {
$session->save();
$params = array_merge(session_get_cookie_params(), $this->cookieParams);
if (array_key_exists('domain', $this->cookieParams)) {
$response->headers->clearCookie($session->getName());
}
$cookie = new Cookie($session->getName(), $session->getId(), 0 === $params['lifetime'] ? 0 : $request->server->get('REQUEST_TIME') + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
$response->headers->setCookie($cookie);
}
return $response;
}
function tep_session_start() {
global $_GET, $_POST, $HTTP_COOKIE_VARS;
$sane_session_id = true;
if (isset($_GET[tep_session_name()])) {
if (preg_match('/^[a-zA-Z0-9]+$/', $_GET[tep_session_name()]) == false) {
unset($_GET[tep_session_name()]);
$sane_session_id = false;
}
} elseif (isset($_POST[tep_session_name()])) {
if (preg_match('/^[a-zA-Z0-9]+$/', $_POST[tep_session_name()]) == false) {
unset($_POST[tep_session_name()]);
$sane_session_id = false;
}
} elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) {
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) {
$session_data = session_get_cookie_params();
setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']);
$sane_session_id = false;
}
}
if ($sane_session_id == false) {
tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
}
return session_start();
}
function start_session($sessionName = 'PHPSESSID', $secure = false)
{
// Make sure the session cookie is not accessable via javascript.
$httponly = true;
// Hash algorithm to use for the sessionid. (use hash_algos() to get a list of available hashes.)
$session_hash = 'sha512';
// Check if hash is available
if (in_array($session_hash, hash_algos())) {
// Set the has function.
ini_set('session.hash_function', $session_hash);
}
// 많은 해시의 문자 비트.
// The possible values are '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",").
ini_set('session.hash_bits_per_character', 5);
// 쿠키 만이 아닌 URL 변수를 사용하여 세션을 강제로.
ini_set('session.use_only_cookies', 1);
// 세션 쿠키의 매개 변수를 가져옴
$cookieParams = session_get_cookie_params();
// 매개 변수를 설정합니다
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
// 세션을 시작
session_name($sessionName);
// Now we cat start the session
session_start();
/**
* TODO::
* 이 줄은 세션을 다시 생성하고 기존 하나를 삭제합니다.
* 또한 데이터베이스에 새로운 암호화 키를 생성한다.
*/
// session_regenerate_id ( true );
}
function adodb_session_regenerate_id()
{
$conn =& ADODB_Session::_conn();
if (!$conn) {
return false;
}
$old_id = session_id();
if (function_exists('session_regenerate_id')) {
session_regenerate_id();
} else {
session_id(md5(uniqid(rand(), true)));
$ck = session_get_cookie_params();
setcookie(session_name(), session_id(), false, $ck['path'], $ck['domain'], $ck['secure']);
//@session_start();
}
$new_id = session_id();
$ok =& $conn->Execute('UPDATE ' . ADODB_Session::table() . ' SET sesskey=' . $conn->qstr($new_id) . ' WHERE sesskey=' . $conn->qstr($old_id));
/* it is possible that the update statement fails due to a collision */
if (!$ok) {
session_id($old_id);
if (empty($ck)) {
$ck = session_get_cookie_params();
}
setcookie(session_name(), session_id(), false, $ck['path'], $ck['domain'], $ck['secure']);
return false;
}
return true;
}
/**
* Create Cleaner settings form.
*
* @return array
* Form of the cleaner settings page.
*/
function hook_cleaner_settings()
{
// Add CSS to the admin settings page.
drupal_add_css(drupal_get_path('module', 'cleaner') . '/cleaner.css');
$form = array();
$yes_no = array(t('No'), t('Yes'));
$inline = array('class' => array('container-inline'));
$interval = array(0 => t('Every time')) + Cleaner::$intervals;
$form['cleaner_cron'] = array('#type' => 'radios', '#title' => t('Run interval'), '#options' => $interval, '#default_value' => variable_get('cleaner_cron', 3600), '#description' => t('This is how often the options below will occur. The actions will occur on the next Cron run after this interval expires. "Every time" means on every Cron run.'), '#attributes' => $inline);
$form['cleaner_clear_cache'] = array('#type' => 'radios', '#options' => $yes_no, '#title' => t('Clean up cache'), '#default_value' => variable_get('cleaner_clear_cache', 0), '#description' => Cleaner::cleanerGetCacheTablesTable(), '#attributes' => $inline);
$form['cleaner_empty_watchdog'] = array('#type' => 'radios', '#options' => $yes_no, '#title' => t('Clean up Watchdog'), '#default_value' => variable_get('cleaner_empty_watchdog', 0), '#description' => t('There is a standard setting for controlling Watchdog contents. This is more useful for test sites.'), '#attributes' => $inline);
$cookie = session_get_cookie_params();
$select = db_select('sessions', 's')->fields('s', array('timestamp'))->condition('timestamp', REQUEST_TIME - $cookie['lifetime'], '<');
$count = $select->execute()->rowCount();
$form['cleaner_clean_sessions'] = array('#type' => 'radios', '#options' => $yes_no, '#title' => t('Clean up Sessions table'), '#default_value' => variable_get('cleaner_clean_sessions', 0), '#description' => t('The sessions table can quickly become full with old, abandoned sessions. This will delete all sessions older than @interval (as set by your site administrator). There are currently @count such sessions.', array('@interval' => format_interval($cookie['lifetime']), '@count' => $count)), '#attributes' => $inline);
$form['cleaner_clean_cssdir'] = array('#type' => 'radios', '#options' => $yes_no, '#title' => t('Clean up CSS files'), '#default_value' => variable_get('cleaner_clean_cssdir', 0), '#description' => t('The CSS directory can become full with stale and outdated cache files. This will delete all CSS cache files but the latest.'), '#attributes' => $inline);
$form['cleaner_clean_jsdir'] = array('#type' => 'radios', '#options' => $yes_no, '#title' => t('Clean up JS files'), '#default_value' => variable_get('cleaner_clean_jsdir', 0), '#description' => t('The JS directory can become full with stale and outdated cache files. This will delete all JS cache files but the latest.'), '#attributes' => $inline);
// We can only offer OPTIMIZE to MySQL users.
if (db_driver() == 'mysql') {
$form['cleaner_optimize_db'] = array('#type' => 'radios', '#options' => $yes_no + array('2' => 'Local only'), '#title' => t('Optimize tables with "overhead" space'), '#default_value' => variable_get('cleaner_optimize_db', 0), '#description' => t('The module will compress (optimize) all database tables with unused space. <strong>NOTE</strong>: During an optimization, the table will locked against any other activity; on a high vloume site, this may be undesirable. "Local only" means do not replicate the optimization (if it is being done).'), '#attributes' => $inline);
} else {
// If not MySQL, delete(reset) the variable.
variable_del('cleaner_optimize_db');
}
return array('cleaner' => $form);
}
