/** * Initialize the library. * This method actually does several things: * 1. Registers the phpsec::load() method as autoload function. * 2. Opens the store. (connect to database etc.) * 3. Set charset for multibyte functions. * 4. Enable the phpSec session handler and starts a session (if session handler is enabled). * 5. Set's or get a UID that is used by phpsecCache. * 6. Decrypts cookies (if enabled). * * If no DSN (storage method) is configured. This method will stop after completing step 1. * * @return bool true * Will always return true. */ public static function init() { /* First of all, register the autoloading function. * If we have one set from somewhere else, keep it. */ $autoLoadFunctions = spl_autoload_functions(); $autoLoadFunctions[] = 'phpsec::load'; foreach ($autoLoadFunctions as $autoLoadFunction) { spl_autoload_register($autoLoadFunction); } /* Autoloader all good to go. If we don't have a storage set * we can skip the rest of this method. */ if (self::$_dsn === null) { return true; } /* Open store. */ list($storeType, $storeDest) = explode(':', self::$_dsn); switch ($storeType) { case 'filesystem': self::$store = new phpsecStoreFilesystem($storeDest); break; case 'mysql': self::$store = new phpsecStorePdo($storeDest); break; default: self::error('Store type(' . $storeType . ') invalid', E_USER_ERROR); } /* Set the charset of the multibyte functions in PHP. */ mb_internal_encoding(self::$_charset); mb_regex_encoding(self::$_charset); /* Enable the custom session handler if enabled. */ if (self::$_sessenable === true) { ini_set('session.save_handler', 'user'); session_set_save_handler('phpsecSession::open', 'phpsecSession::close', 'phpsecSession::read', 'phpsecSession::write', 'phpsecSession::destroy', 'phpsecSession::gc'); /* Since we set a session cookie on our session handler, disable the built-in cookies. */ ini_set('session.use_cookies', 0); /* Start a new session. */ session_start(); /* Check the fingerprint to see if it matches, if not clear session data. */ $fingerprint = hash(self::HASH_TYPE, 'phpSec-fingerprint' . $_SERVER['HTTP_USER_AGENT']); if (!isset($_SESSION['phpSec-fingerprint'])) { $_SESSION['phpSec-fingerprint'] = $fingerprint; } if ($fingerprint != $_SESSION['phpSec-fingerprint']) { $_SESSION = array(); } } /* Create a random token for each visitor and store it the users session. This is for example used to identify owners of cache data. */ if (!isset($_SESSION['phpSec-uid'])) { self::$uid = self::genUid(); $_SESSION['phpSec-uid'] = self::$uid; } else { self::$uid = $_SESSION['phpSec-uid']; } /* If the phpSec secure cookie monster is enabled detect encrypted cookies. */ if (self::$_cookieenable === true) { phpsecCookie::detect(); } return true; }