/**
* @see SessionFactory::create()
*/
public function create()
{
// create new session hash
$sessionID = StringUtil::getRandomID();
// check cookies for userID & password
require_once WCF_DIR . 'lib/system/auth/UserAuth.class.php';
$user = UserAuth::getInstance()->loginAutomatically(true, $this->userClassName);
if ($user === null) {
// no valid user found
// create guest user
$user = new $this->guestClassName();
}
// update user session
$user->update();
// get spider information
$spider = $this->isSpider(UserUtil::getUserAgent());
if ($user->userID != 0) {
// user is no guest
// delete all other sessions of this user
Session::deleteSessions($user->userID, true, false);
}
$requestMethod = !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';
// insert session into database
$sql = "INSERT INTO \twcf" . WCF_N . "_session\n\t\t\t\t\t(sessionID, packageID, userID, ipAddress, userAgent,\n\t\t\t\t\tlastActivityTime, requestURI, requestMethod,\n\t\t\t\t\tusername" . ($spider ? ", spiderID" : "") . ")\n\t\t\tVALUES\t\t('" . $sessionID . "',\n\t\t\t\t\t" . PACKAGE_ID . ",\n\t\t\t\t\t" . $user->userID . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getIpAddress()) . "',\n\t\t\t\t\t'" . escapeString(UserUtil::getUserAgent()) . "',\n\t\t\t\t\t" . TIME_NOW . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getRequestURI()) . "',\n\t\t\t\t\t'" . escapeString($requestMethod) . "',\n\t\t\t\t\t'" . ($spider ? escapeString($spider['spiderName']) : escapeString($user->username)) . "'\n\t\t\t\t\t" . ($spider ? ", " . $spider['spiderID'] : "") . ")";
WCF::getDB()->sendQuery($sql);
// save user data
$serializedUserData = '';
if (ENABLE_SESSION_DATA_CACHE && get_class(WCF::getCache()->getCacheSource()) == 'MemcacheCacheSource') {
require_once WCF_DIR . 'lib/system/cache/source/MemcacheAdapter.class.php';
MemcacheAdapter::getInstance()->getMemcache()->set('session_userdata_-' . $sessionID, $user);
} else {
$serializedUserData = serialize($user);
try {
$sql = "INSERT INTO \twcf" . WCF_N . "_session_data\n\t\t\t\t\t\t\t(sessionID, userData)\n\t\t\t\t\tVALUES \t\t('" . $sessionID . "',\n\t\t\t\t\t\t\t'" . escapeString($serializedUserData) . "')";
WCF::getDB()->sendQuery($sql);
} catch (DatabaseException $e) {
// horizon update workaround
$sql = "UPDATE \twcf" . WCF_N . "_session\n\t\t\t\t\tSET\tuserData = '" . escapeString($serializedUserData) . "'\n\t\t\t\t\tWHERE\tsessionID = '" . $sessionID . "'";
WCF::getDB()->sendQuery($sql);
}
}
// return new session object
return new $this->sessionClassName(null, array('sessionID' => $sessionID, 'packageID' => PACKAGE_ID, 'userID' => $user->userID, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => $requestMethod, 'userData' => $serializedUserData, 'sessionVariables' => '', 'username' => $spider ? $spider['spiderName'] : $user->username, 'spiderID' => $spider ? $spider['spiderID'] : 0, 'isNew' => true));
}
/**
* Finds an existing session of a search spider.
*
* @param integer $spiderID
* @return CookieSession
*/
protected function getExistingSpiderSession($spiderID)
{
if (!ENABLE_SESSION_DATA_CACHE || get_class(WCF::getCache()->getCacheSource()) != 'MemcacheCacheSource') {
$sql = "SELECT \t\tsession_data.*, session.* \n\t\t\t\tFROM \t\twcf" . WCF_N . "_session session\n\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_session_data session_data\n\t\t\t\tON\t\t(session_data.sessionID = session.sessionID)\n\t\t\t\tWHERE \t\tsession.spiderID = '" . escapeString($spiderID) . "'\n\t\t\t\t\t\tAND session.userID = 0";
} else {
$sql = "SELECT \t\t* \n\t\t\t\tFROM \t\twcf" . WCF_N . "_session\n\t\t\t\tWHERE \t\tspiderID = '" . escapeString($spiderID) . "'\n\t\t\t\t\t\tAND userID = 0";
}
$row = WCF::getDB()->getFirstRow($sql);
if (!empty($row['sessionID'])) {
// fix session validation
$row['ipAddress'] = UserUtil::getIpAddress();
$row['userAgent'] = UserUtil::getUserAgent();
// return session object
return new $this->sessionClassName(null, $row);
}
return null;
}
/**
* Validates the ip address or the user agent of this session.
*
* @return boolean
*/
protected function validate()
{
if (SESSION_VALIDATE_USER_AGENT && $this->userAgent != UserUtil::getUserAgent()) {
return false;
}
if (SESSION_VALIDATE_IP_ADDRESS > 0) {
if (SESSION_VALIDATE_IP_ADDRESS == 4) {
if ($this->ipAddress != UserUtil::getIpAddress()) {
return false;
}
} else {
// skip validation for IPv6
if (strpos($this->ipAddress, '.') !== false) {
// validate blocks
$oldIpAddressBlocks = explode('.', $this->ipAddress);
$newIpAddressBlocks = explode('.', UserUtil::getIpAddress());
for ($i = 0; $i < SESSION_VALIDATE_IP_ADDRESS; $i++) {
if (!isset($oldIpAddressBlocks[$i]) || !isset($newIpAddressBlocks[$i]) || $oldIpAddressBlocks[$i] != $newIpAddressBlocks[$i]) {
return false;
}
}
}
}
}
return true;
}
/**
* Creates a new session.
*
* Generates a new session hash, inserts the new session into database
* and returns the object of the created session.
*
* @return Session $session
*/
public function create()
{
// create new session hash
$sessionID = StringUtil::getRandomID();
// get user automatically
if (!defined('NO_IMPORTS')) {
require_once WCF_DIR . 'lib/system/auth/UserAuth.class.php';
}
$user = UserAuth::getInstance()->loginAutomatically();
// create user
if ($user === null) {
// no valid user found
// create guest user
$user = new $this->userClassName();
}
// update user session
$user->update();
// insert session into database
$requestMethod = !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';
$sql = "INSERT INTO \twcf" . WCF_N . "_acp_session\n\t\t\t\t\t(sessionID, packageID, userID, ipAddress, userAgent, lastActivityTime, requestURI, requestMethod)\n\t\t\tVALUES \t\t('" . $sessionID . "',\n\t\t\t\t\t" . PACKAGE_ID . ",\n\t\t\t\t\t" . $user->userID . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getIpAddress()) . "',\n\t\t\t\t\t'" . escapeString(UserUtil::getUserAgent()) . "',\n\t\t\t\t\t" . TIME_NOW . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getRequestURI()) . "',\n\t\t\t\t\t'" . escapeString($requestMethod) . "')";
WCF::getDB()->sendQuery($sql);
// save user data
$serializedUserData = '';
if (ENABLE_SESSION_DATA_CACHE && get_class(WCF::getCache()->getCacheSource()) == 'MemcacheCacheSource') {
require_once WCF_DIR . 'lib/system/cache/source/MemcacheAdapter.class.php';
MemcacheAdapter::getInstance()->getMemcache()->set('acp_session_userdata_' . $sessionID, $user);
} else {
$serializedUserData = serialize($user);
try {
$sql = "INSERT INTO \twcf" . WCF_N . "_acp_session_data\n\t\t\t\t\t\t\t(sessionID, userData)\n\t\t\t\t\tVALUES \t\t('" . $sessionID . "',\n\t\t\t\t\t\t\t'" . escapeString($serializedUserData) . "')";
WCF::getDB()->sendQuery($sql);
} catch (DatabaseException $e) {
// horizon update workaround
$sql = "UPDATE \twcf" . WCF_N . "_acp_session\n\t\t\t\t\tSET\tuserData = '" . escapeString($serializedUserData) . "'\n\t\t\t\t\tWHERE\tsessionID = '" . $sessionID . "'";
WCF::getDB()->sendQuery($sql);
}
}
// return new session object
return new $this->sessionClassName(null, array('sessionID' => $sessionID, 'packageID' => PACKAGE_ID, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => $requestMethod, 'userData' => $serializedUserData, 'sessionVariables' => '', 'userID' => $user->userID, 'isNew' => true));
}
