protected function _session()
{
if (!$this->_session instanceof Zend_Session_Namespace) {
$this->_session = new Zend_Session_Namespace(__CLASS__);
if (!isset($this->_session->initialized)) {
Showcase_Session::regenerateId();
$this->_session->initialized = true;
}
$this->_session->lock();
}
return $this->_session;
}
/**
* routeStartup() - check to see if a session exists versus a given parameter
*
* @param (Zend_Controller_Request_Abstract $request
* @return void
*/
public function routeStartup(Zend_Controller_Request_Abstract $request)
{
//$request->setParam('ClientId','1');
$regenerate = false;
$uri = $request->getRequestUri();
if (preg_match($this->_regex, $uri, $uriKey)) {
$sessionKey = $uriKey[1];
unset($uriKey);
// OK we have a session ID passed to us by $_GET
// Check to see if a cookie exists for this user
if (Showcase_Session::sessionExists()) {
// Cookie exists, remove the SID param from the request
$request->setParam('sid', null);
} else {
if (false === strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot')) {
Showcase_Session::setSessionKey($sessionKey);
// no session for this user
// a get query and no session means either they are using an old link
// or that they have really high security settings
// let's go to the database and see if we can find them
$regenerate = true;
$sessionId = Showcase_Session::getSessionId($request);
// checks database to get the true PHPSESSID
if ($sessionId) {
// they have a session in the database, set their current session as the existing one
// and then regenerate it anyway as a security measure.
try {
Showcase_Session::setId($sessionId);
} catch (Zend_Exception $e) {
try {
Showcase_Session::destroy(true);
} catch (Zend_Exception $e) {
}
}
}
unset($sessionId);
// this is not a variable you want lying around. Ever. Unsetting just to be safe.
}
}
$request->setRequestUri(preg_replace($this->_regex, '', $uri));
}
Showcase_Session::start();
if ($regenerate) {
Showcase_Session::regenerateId();
}
}
protected function _insert($id = null, $flag = null)
{
if ($flag) {
echo $flag;
}
$sessionKey = $this->_getSessionKey();
if (!$sessionKey) {
$sessionKey = $this->_generateSessionKey();
// session_id was empty, regenerate
$newSessionKey = $sessionKey;
} else {
$newSessionKey = $this->_generateSessionKey();
}
// If we're rebuilding the session we should really regenerate the ID as well
if (!Showcase_Session::isRegenerated()) {
Showcase_Session::regenerateId();
}
$userId = intval($id);
if (!$userId) {
$userId = self::USER_ANONYMOUS;
}
$userIp = Showcase_Session::encodeIp($this->_remoteIp);
// just ensure that no one is spoofing
$sessionId = session_id();
$agent = Showcase_Session::getuserAgentId($this->_request);
//$portalId = Showcase_Portal::resolve($this->_request);
if ($stmt = Zend_Registry::get('dbh')->proc('session_update_expired')) {
$stmt->bindParam(':old_key', $sessionKey, PDO::PARAM_STR);
$stmt->bindParam(':new_key', $newSessionKey, PDO::PARAM_STR);
$stmt->bindParam(':session', $sessionId, PDO::PARAM_STR);
$stmt->bindParam(':user', $userId, PDO::PARAM_INT);
$stmt->bindParam(':agent', $agent, PDO::PARAM_STR);
$stmt->bindParam(':ip', $userIp, PDO::PARAM_STR);
//$stmt->bindParam(':portal', $portalId, PDO::PARAM_INT);
try {
$stmt->execute();
$result = $stmt->fetch(Zend_Db::FETCH_OBJ);
$stmt->closeCursor();
} catch (Zend_Db_Statement_Exception $e) {
die(__LINE__ . ':' . __FILE__ . ':' . $e->getMessage());
}
if (!$result) {
// No session existed to update, re-create
$stmt = Zend_Registry::get('dbh')->proc('session_create');
$stmt->bindParam(':new_key', $newSessionKey, PDO::PARAM_STR);
$stmt->bindParam(':session', $sessionId, PDO::PARAM_STR);
$stmt->bindParam(':user', $userId, PDO::PARAM_INT);
$stmt->bindParam(':agent', $agent, PDO::PARAM_STR);
$stmt->bindParam(':ip', $userIp, PDO::PARAM_STR);
//$stmt->bindParam(':portal', $portalId, PDO::PARAM_INT);
try {
$stmt->execute();
$result = $stmt->fetch(Zend_Db::FETCH_OBJ);
$stmt->closeCursor();
} catch (Zend_Db_Statement_Exception $e) {
echo $e->getMessage();
}
}
}
if ($result instanceof stdClass) {
$sessionKey = $result->key;
$this->_sessionData->key = $sessionKey;
$this->_sessionData->agent = $agent;
$this->_sessionData->start = $result->start;
$this->_sessionData->update = $result->updated;
//$this->_sessionData->portal = $portalId;
$this->_sessionData->setUserId($userId);
Showcase_Session::setSessionKey($newSessionKey);
}
//$this->_cleanUpExpiredSessions();
}
