/** * Fetch the current session data if it exists * * @access public * @return bool */ function sess_read() { // Fetch the cookie $session = $this->CI->input->cookie($this->sess_cookie_name); // No cookie? Goodbye cruel world!... if ($session === FALSE) { log_message('debug', 'A session cookie was not found.'); return FALSE; } // Decrypt the cookie data if ($this->sess_encrypt_cookie == TRUE) { $session = $this->CI->encrypt->decode($session); } else { // encryption was not used, so we need to check the md5 hash $hash = substr($session, strlen($session) - 32); // get last 32 chars $session = substr($session, 0, strlen($session) - 32); // Does the md5 hash match? This is to prevent manipulation of session data in userspace if ($hash !== md5($session . $this->encryption_key)) { log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.'); $this->sess_destroy(); return FALSE; } } // Unserialize the session array $session = $this->_unserialize($session); // Is the session data we unserialized an array with the correct format? if (!is_array($session) or !isset($session['session_id']) or !isset($session['ip_address']) or !isset($session['user_agent']) or !isset($session['last_activity'])) { $this->sess_destroy(); return FALSE; } // Is the session current? if ($session['last_activity'] + $this->sess_expiration < $this->now) { $this->sess_destroy(); return FALSE; } // Does the IP Match? if ($this->sess_match_ip == TRUE and $session['ip_address'] != $this->CI->input->ip_address()) { $this->sess_destroy(); return FALSE; } // Does the User Agent Match? if ($this->sess_match_useragent == TRUE and trim($session['user_agent']) != trim(substr($this->CI->input->user_agent(), 0, 120))) { $this->sess_destroy(); return FALSE; } // Is there a corresponding session in the DB? if ($this->sess_use_database === TRUE) { // $this->CI->db->where('session_id', $session['session_id']); SessionData::addConditions($conditions, 'session_id = ?', $session['session_id']); if ($this->sess_match_ip == TRUE) { SessionData::addConditions($conditions, 'ip_address = ?', $session['ip_address']); // $this->CI->db->where('ip_address', $session['ip_address']); } if ($this->sess_match_useragent == TRUE) { SessionData::addConditions($conditions, 'user_agent = ?', $session['user_agent']); // $this->CI->db->where('user_agent', $session['user_agent']); } if (!($sessionObj = SessionData::find('one', array('conditions' => $conditions)))) { $this->sess_destroy(); return FALSE; } // $query = $this->CI->db->get($this->sess_table_name); // No result? Kill it! // if ($query->num_rows() == 0) // { // $this->sess_destroy(); // return FALSE; // } // Is there custom data? If so, add it to the main session array // $row = $query->row(); // if (isset($row->user_data) AND $row->user_data != '') // { // $custom_data = $this->_unserialize($row->user_data); // if (is_array($custom_data)) // { // foreach ($custom_data as $key => $val) // { // $session[$key] = $val; // } // } // } if ($sessionObj->user_data != '') { $custom_data = $this->_unserialize($sessionObj->user_data); if (is_array($custom_data)) { foreach ($custom_data as $key => $val) { $session[$key] = $val; } } } } // Session is valid! $this->userdata = $session; unset($session); return TRUE; }