/** * @initiate session * @access private * @return TRUE on success, FALSE on fail * @throws \EE_Error */ private function _espresso_session() { do_action('AHEE_log', __FILE__, __FUNCTION__, ''); // check that session has started if (session_id() === '') { //starts a new session if one doesn't already exist, or re-initiates an existing one session_start(); } // get our modified session ID $this->_sid = $this->_generate_session_id(); // and the visitors IP $this->_ip_address = $this->_visitor_ip(); // set the "user agent" $this->_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? esc_attr($_SERVER['HTTP_USER_AGENT']) : FALSE; // now let's retrieve what's in the db // we're using WP's Transient API to store session data using the PHP session ID as the option name $session_data = get_transient(EE_Session::session_id_prefix . $this->_sid); if ($session_data) { if (apply_filters('FHEE__EE_Session___perform_session_id_hash_check', WP_DEBUG)) { $hash_check = get_transient(EE_Session::hash_check_prefix . $this->_sid); if ($hash_check && $hash_check !== md5($session_data)) { EE_Error::add_error(sprintf(__('The stored data for session %1$s failed to pass a hash check and therefore appears to be invalid.', 'event_espresso'), EE_Session::session_id_prefix . $this->_sid), __FILE__, __FUNCTION__, __LINE__); } } // un-encrypt the data $session_data = $this->_use_encryption ? $this->encryption->decrypt($session_data) : $session_data; // unserialize $session_data = maybe_unserialize($session_data); // just a check to make sure the session array is indeed an array if (!is_array($session_data)) { // no?!?! then something is wrong return FALSE; } // get the current time in UTC $this->_time = isset($this->_time) ? $this->_time : time(); // and reset the session expiration $this->_expiration = isset($session_data['expiration']) ? $session_data['expiration'] : $this->_time + $this->_lifespan; } else { // set initial site access time and the session expiration $this->_set_init_access_and_expiration(); // set referer $this->_session_data['pages_visited'][$this->_session_data['init_access']] = isset($_SERVER['HTTP_REFERER']) ? esc_attr($_SERVER['HTTP_REFERER']) : ''; // no previous session = go back and create one (on top of the data above) return FALSE; } // now the user agent if ($session_data['user_agent'] != $this->_user_agent) { return FALSE; } // wait a minute... how old are you? if ($this->_time > $this->_expiration) { // yer too old fer me! // wipe out everything that isn't a default session datum $this->clear_session(__CLASS__, __FUNCTION__); } // make event espresso session data available to plugin $this->_session_data = array_merge($this->_session_data, $session_data); return TRUE; }
/** * @initiate session * @access private * @return TRUE on success, FALSE on fail */ private function _espresso_session() { do_action('AHEE_log', __FILE__, __FUNCTION__, ''); // is the SID being passed explicitly ? if (isset($_REQUEST['EESID'])) { session_id(sanitize_text_field($_REQUEST['EESID'])); } // check that session has started if (session_id() === '') { //starts a new session if one doesn't already exist, or re-initiates an existing one session_start(); } // grab the session ID $this->_sid = session_id(); // and the visitors IP $this->_ip_address = $this->_visitor_ip(); // set the "user agent" $this->_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? esc_attr($_SERVER['HTTP_USER_AGENT']) : FALSE; // now let's retrieve what's in the db // we're using WP's Transient API to store session data using the PHP session ID as the option name $session_data = get_transient('ee_ssn_' . $this->_sid); if ($session_data) { // un-encrypt the data $session_data = $this->_use_encryption ? $this->encryption->decrypt($session_data) : $session_data; // unserialize $session_data = maybe_unserialize($session_data); // just a check to make sure the session array is indeed an array if (!is_array($session_data)) { // no?!?! then something is wrong return FALSE; } // get the current time in UTC $this->_time = isset($this->_time) ? $this->_time : time(); // and reset the session expiration $this->_expiration = isset($session_data['expiration']) ? $session_data['expiration'] : $this->_time + $this->_lifespan; } else { // set initial site access time and the session expiration $this->_set_init_access_and_expiration(); // set referer $this->_session_data['pages_visited'][$this->_session_data['init_access']] = isset($_SERVER['HTTP_REFERER']) ? esc_attr($_SERVER['HTTP_REFERER']) : ''; // no previous session = go back and create one (on top of the data above) return FALSE; } // have we met before??? // let's compare our stored session details with the current visitor // first the ip address if ($session_data['ip_address'] != $this->_ip_address) { return FALSE; } // now the user agent if ($session_data['user_agent'] != $this->_user_agent) { return FALSE; } // wait a minute... how old are you? if ($this->_time > $this->_expiration) { // yer too old fer me! // wipe out everything that isn't a default session datum $this->clear_session(__CLASS__, __FUNCTION__); } // make event espresso session data available to plugin $this->_session_data = array_merge($this->_session_data, $session_data); return TRUE; }