/**
* @initiate session
* @access private
* @return TRUE on success, FALSE on fail
* @throws \EE_Error
*/
private function _espresso_session()
{
do_action('AHEE_log', __FILE__, __FUNCTION__, '');
// check that session has started
if (session_id() === '') {
//starts a new session if one doesn't already exist, or re-initiates an existing one
session_start();
}
// get our modified session ID
$this->_sid = $this->_generate_session_id();
// and the visitors IP
$this->_ip_address = $this->_visitor_ip();
// set the "user agent"
$this->_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? esc_attr($_SERVER['HTTP_USER_AGENT']) : FALSE;
// now let's retrieve what's in the db
// we're using WP's Transient API to store session data using the PHP session ID as the option name
$session_data = get_transient(EE_Session::session_id_prefix . $this->_sid);
if ($session_data) {
if (apply_filters('FHEE__EE_Session___perform_session_id_hash_check', WP_DEBUG)) {
$hash_check = get_transient(EE_Session::hash_check_prefix . $this->_sid);
if ($hash_check && $hash_check !== md5($session_data)) {
EE_Error::add_error(sprintf(__('The stored data for session %1$s failed to pass a hash check and therefore appears to be invalid.', 'event_espresso'), EE_Session::session_id_prefix . $this->_sid), __FILE__, __FUNCTION__, __LINE__);
}
}
// un-encrypt the data
$session_data = $this->_use_encryption ? $this->encryption->decrypt($session_data) : $session_data;
// unserialize
$session_data = maybe_unserialize($session_data);
// just a check to make sure the session array is indeed an array
if (!is_array($session_data)) {
// no?!?! then something is wrong
return FALSE;
}
// get the current time in UTC
$this->_time = isset($this->_time) ? $this->_time : time();
// and reset the session expiration
$this->_expiration = isset($session_data['expiration']) ? $session_data['expiration'] : $this->_time + $this->_lifespan;
} else {
// set initial site access time and the session expiration
$this->_set_init_access_and_expiration();
// set referer
$this->_session_data['pages_visited'][$this->_session_data['init_access']] = isset($_SERVER['HTTP_REFERER']) ? esc_attr($_SERVER['HTTP_REFERER']) : '';
// no previous session = go back and create one (on top of the data above)
return FALSE;
}
// now the user agent
if ($session_data['user_agent'] != $this->_user_agent) {
return FALSE;
}
// wait a minute... how old are you?
if ($this->_time > $this->_expiration) {
// yer too old fer me!
// wipe out everything that isn't a default session datum
$this->clear_session(__CLASS__, __FUNCTION__);
}
// make event espresso session data available to plugin
$this->_session_data = array_merge($this->_session_data, $session_data);
return TRUE;
}
/**
* @initiate session
* @access private
* @return TRUE on success, FALSE on fail
*/
private function _espresso_session()
{
do_action('AHEE_log', __FILE__, __FUNCTION__, '');
// is the SID being passed explicitly ?
if (isset($_REQUEST['EESID'])) {
session_id(sanitize_text_field($_REQUEST['EESID']));
}
// check that session has started
if (session_id() === '') {
//starts a new session if one doesn't already exist, or re-initiates an existing one
session_start();
}
// grab the session ID
$this->_sid = session_id();
// and the visitors IP
$this->_ip_address = $this->_visitor_ip();
// set the "user agent"
$this->_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? esc_attr($_SERVER['HTTP_USER_AGENT']) : FALSE;
// now let's retrieve what's in the db
// we're using WP's Transient API to store session data using the PHP session ID as the option name
$session_data = get_transient('ee_ssn_' . $this->_sid);
if ($session_data) {
// un-encrypt the data
$session_data = $this->_use_encryption ? $this->encryption->decrypt($session_data) : $session_data;
// unserialize
$session_data = maybe_unserialize($session_data);
// just a check to make sure the session array is indeed an array
if (!is_array($session_data)) {
// no?!?! then something is wrong
return FALSE;
}
// get the current time in UTC
$this->_time = isset($this->_time) ? $this->_time : time();
// and reset the session expiration
$this->_expiration = isset($session_data['expiration']) ? $session_data['expiration'] : $this->_time + $this->_lifespan;
} else {
// set initial site access time and the session expiration
$this->_set_init_access_and_expiration();
// set referer
$this->_session_data['pages_visited'][$this->_session_data['init_access']] = isset($_SERVER['HTTP_REFERER']) ? esc_attr($_SERVER['HTTP_REFERER']) : '';
// no previous session = go back and create one (on top of the data above)
return FALSE;
}
// have we met before???
// let's compare our stored session details with the current visitor
// first the ip address
if ($session_data['ip_address'] != $this->_ip_address) {
return FALSE;
}
// now the user agent
if ($session_data['user_agent'] != $this->_user_agent) {
return FALSE;
}
// wait a minute... how old are you?
if ($this->_time > $this->_expiration) {
// yer too old fer me!
// wipe out everything that isn't a default session datum
$this->clear_session(__CLASS__, __FUNCTION__);
}
// make event espresso session data available to plugin
$this->_session_data = array_merge($this->_session_data, $session_data);
return TRUE;
}
