function write($key, $val) { global $ADODB_SESSION_READONLY; if (!empty($ADODB_SESSION_READONLY)) { return; } $clob = ADODB_Session::clob(); $conn =& ADODB_Session::_conn(); $crc = ADODB_Session::_crc(); $data = ADODB_Session::dataFieldName(); $debug = ADODB_Session::debug(); $driver = ADODB_Session::driver(); $expire_notify = ADODB_Session::expireNotify(); $filter = ADODB_Session::filter(); $lifetime = ADODB_Session::lifetime(); $table = ADODB_Session::table(); if (!$conn) { return false; } $qkey = $conn->qstr($key); //assert('$table'); $expiry = time() + $lifetime; $binary = $conn->dataProvider === 'mysql' ? '/*! BINARY */' : ''; // crc32 optimization since adodb 2.1 // now we only update expiry date, thx to sebastian thom in adodb 2.32 if ($crc !== false && $crc == strlen($val) . crc32($val)) { if ($debug) { ADOConnection::outp('<p>Session: Only updating date - crc32 not changed</p>'); } $expirevar = ''; if ($expire_notify) { $var = reset($expire_notify); global ${$var}; if (isset(${$var})) { $expirevar = ${$var}; } } $sql = "UPDATE {$table} SET expiry = " . $conn->Param('0') . ",expireref=" . $conn->Param('1') . " WHERE {$binary} sesskey = " . $conn->Param('2') . " AND expiry >= " . $conn->Param('3'); $rs =& $conn->Execute($sql, array($expiry, $expirevar, $key, time())); return true; } $val = rawurlencode($val); foreach ($filter as $f) { if (is_object($f)) { $val = $f->write($val, ADODB_Session::_sessionKey()); } } $arr = array('sesskey' => $key, 'expiry' => $expiry, $data => $val, 'expireref' => ''); if ($expire_notify) { $var = reset($expire_notify); global ${$var}; if (isset(${$var})) { $arr['expireref'] = ${$var}; } } if (!$clob) { // no lobs, simply use replace() $arr[$data] = $conn->qstr($val); $rs = $conn->Replace($table, $arr, 'sesskey', $autoQuote = true); } else { // what value shall we insert/update for lob row? switch ($driver) { // empty_clob or empty_lob for oracle dbs case 'oracle': case 'oci8': case 'oci8po': case 'oci805': $lob_value = sprintf('empty_%s()', strtolower($clob)); break; // null for all other // null for all other default: $lob_value = 'null'; break; } $conn->StartTrans(); $expiryref = $conn->qstr($arr['expireref']); // do we insert or update? => as for sesskey $rs =& $conn->Execute("SELECT COUNT(*) AS cnt FROM {$table} WHERE {$binary} sesskey = {$qkey}"); if ($rs && reset($rs->fields) > 0) { $sql = "UPDATE {$table} SET expiry = {$expiry}, {$data} = {$lob_value}, expireref={$expiryref} WHERE sesskey = {$qkey}"; } else { $sql = "INSERT INTO {$table} (expiry, {$data}, sesskey,expireref) VALUES ({$expiry}, {$lob_value}, {$qkey},{$expiryref})"; } if ($rs) { $rs->Close(); } $err = ''; $rs1 =& $conn->Execute($sql); if (!$rs1) { $err = $conn->ErrorMsg() . "\n"; } $rs2 =& $conn->UpdateBlob($table, $data, $val, " sesskey={$qkey}", strtoupper($clob)); if (!$rs2) { $err .= $conn->ErrorMsg() . "\n"; } $rs = $rs && $rs2 ? true : false; $conn->CompleteTrans(); } if (!$rs) { ADOConnection::outp('<p>Session Replace: ' . $conn->ErrorMsg() . '</p>', false); return false; } else { // bug in access driver (could be odbc?) means that info is not committed // properly unless select statement executed in Win2000 if ($conn->databaseType == 'access') { $sql = "SELECT sesskey FROM {$table} WHERE {$binary} sesskey = {$qkey}"; $rs =& $conn->Execute($sql); ADODB_Session::_dumprs($rs); if ($rs) { $rs->Close(); } } } /* if (ADODB_Session::Lock()) { $conn->CommitTrans(); }*/ return $rs ? true : false; }
$ADODB_SESSION_USE_LOBS = $clob; $ADODB_SESS_DEBUG = $debug; $ADODB_SESS_LIFE = $lifetime; if ($optimize) { define('ADODB_SESSION_OPTIMIZE', $optimize); } define('ADODB_SESSION_SYNCH_SECS', $sync_seconds); if (class_exists('ADODB_Session')) { ADODB_Session::clob($clob); ADODB_Session::dataFieldName($data_field_name); ADODB_Session::database($database); ADODB_Session::debug($debug); ADODB_Session::driver($driver); ADODB_Session::filter($filters); ADODB_Session::host($host); ADODB_Session::lifetime($lifetime); ADODB_Session::optimize($optimize); ADODB_Session::password($password); ADODB_Session::syncSeconds($sync_seconds); ADODB_Session::table($table); ADODB_Session::user($user); } function NotifyFn($var, $sesskey) { echo "NotifyFn({$var}, {$sesskey}) called<br />\n"; } if ($expire_notify) { $ADODB_SESSION_EXPIRE_NOTIFY = array('debug', 'NotifyFn'); if (class_exists('ADODB_Session')) { ADODB_Session::expireNotify(array('debug', 'NotifyFn')); }
static function write($key, $oval) { global $ADODB_SESSION_READONLY; if (!empty($ADODB_SESSION_READONLY)) { return; } $clob = ADODB_Session::clob(); $conn = ADODB_Session::_conn(); $crc = ADODB_Session::_crc(); $debug = ADODB_Session::debug(); $driver = ADODB_Session::driver(); $expire_notify = ADODB_Session::expireNotify(); $filter = ADODB_Session::filter(); $lifetime = ADODB_Session::lifetime(); $table = ADODB_Session::table(); if (!$conn) { return false; } if ($debug) { $conn->debug = 1; } $sysTimeStamp = $conn->sysTimeStamp; //assert('$table'); $expiry = $conn->OffsetDate($lifetime / (24 * 3600), $sysTimeStamp); $binary = $conn->dataProvider === 'mysql' ? '/*! BINARY */' : ''; // crc32 optimization since adodb 2.1 // now we only update expiry date, thx to sebastian thom in adodb 2.32 if ($crc !== '00' && $crc !== false && $crc == strlen($oval) . crc32($oval)) { if ($debug) { echo '<p>Session: Only updating date - crc32 not changed</p>'; } $expirevar = ''; if ($expire_notify) { $var = reset($expire_notify); global ${$var}; if (isset(${$var})) { $expirevar = ${$var}; } } $sql = "UPDATE {$table} SET expiry = {$expiry} ,expireref=" . $conn->Param('0') . ", modified = {$sysTimeStamp} WHERE {$binary} sesskey = " . $conn->Param('1') . " AND expiry >= {$sysTimeStamp}"; $rs = $conn->Execute($sql, array($expirevar, $key)); return true; } $val = rawurlencode($oval); foreach ($filter as $f) { if (is_object($f)) { $val = $f->write($val, ADODB_Session::_sessionKey()); } } $expireref = ''; if ($expire_notify) { $var = reset($expire_notify); global ${$var}; if (isset(${$var})) { $expireref = ${$var}; } } if (!$clob) { // no lobs, simply use replace() $rs = $conn->Execute("SELECT COUNT(*) AS cnt FROM {$table} WHERE {$binary} sesskey = " . $conn->Param(0), array($key)); if ($rs) { $rs->Close(); } if ($rs && reset($rs->fields) > 0) { $sql = "UPDATE {$table} SET expiry={$expiry}, sessdata=" . $conn->Param(0) . ", expireref= " . $conn->Param(1) . ",modified={$sysTimeStamp} WHERE sesskey = " . $conn->Param(2); } else { $sql = "INSERT INTO {$table} (expiry, sessdata, expireref, sesskey, created, modified)\n\t\t\t\t\tVALUES ({$expiry}," . $conn->Param('0') . ", " . $conn->Param('1') . ", " . $conn->Param('2') . ", {$sysTimeStamp}, {$sysTimeStamp})"; } $rs = $conn->Execute($sql, array($val, $expireref, $key)); } else { // what value shall we insert/update for lob row? if (strncmp($driver, 'oci8', 4) == 0) { $lob_value = sprintf('empty_%s()', strtolower($clob)); } else { $lob_value = 'null'; } $conn->StartTrans(); $rs = $conn->Execute("SELECT COUNT(*) AS cnt FROM {$table} WHERE {$binary} sesskey = " . $conn->Param(0), array($key)); if ($rs && reset($rs->fields) > 0) { $sql = "UPDATE {$table} SET expiry={$expiry}, sessdata={$lob_value}, expireref= " . $conn->Param(0) . ",modified={$sysTimeStamp} WHERE sesskey = " . $conn->Param('1'); } else { $sql = "INSERT INTO {$table} (expiry, sessdata, expireref, sesskey, created, modified)\n\t\t\t\t\tVALUES ({$expiry},{$lob_value}, " . $conn->Param('0') . ", " . $conn->Param('1') . ", {$sysTimeStamp}, {$sysTimeStamp})"; } $rs = $conn->Execute($sql, array($expireref, $key)); $qkey = $conn->qstr($key); $rs2 = $conn->UpdateBlob($table, 'sessdata', $val, " sesskey={$qkey}", strtoupper($clob)); if ($debug) { echo "<hr>", htmlspecialchars($oval), "<hr>"; } $rs = @$conn->CompleteTrans(); } if (!$rs) { ADOConnection::outp('<p>Session Replace: ' . $conn->ErrorMsg() . '</p>', false); return false; } else { // bug in access driver (could be odbc?) means that info is not committed // properly unless select statement executed in Win2000 if ($conn->databaseType == 'access') { $sql = "SELECT sesskey FROM {$table} WHERE {$binary} sesskey = {$qkey}"; $rs = $conn->Execute($sql); ADODB_Session::_dumprs($rs); if ($rs) { $rs->Close(); } } } /* if (ADODB_Session::Lock()) { $conn->CommitTrans(); }*/ return $rs ? true : false; }
/** Loads config vars, and sets general stuff as PATH */ private function initializeEnviromental() { $this->expiretime= $this->config->get('expires', 'metadata'); $this->allowcache= true; if ($this->config->get('allow-cache', 'main') == "false") { $this->allowcache= false; } # set headers //header('Date: '.gmdate('D, d M Y H:i:s \G\M\T', time())); header('Last-Modified: '.gmdate('D, d M Y H:i:s \G\M\T', time())); //header('Expires: '.gmdate('D, d M Y H:i:s \G\M\T', time() + $this->expiretime)); # set path $this->filesdir = $this->config->get('filesdir', 'location'); $this->cachedir = $this->config->get('cachedir', 'location'); // (hace algo?) // $path= ini_get("include_path"); // if (trim($path) != '') // $path .= PATH_SEPARATOR.$this->filesdir; // else // $path= $this->filesdir; // ini_set("include_path", $path); # directorios // $this->cachedir= $this->filesdir.DIRECTORY_SEPARATOR.'archivos'.DIRECTORY_SEPARATOR.'cache'; $this->enginedir = $this->filesdir.DIRECTORY_SEPARATOR.'oob'; $this->libsdir = $this->filesdir.DIRECTORY_SEPARATOR.'oob'.DIRECTORY_SEPARATOR.'librerias'; # set title & metadata $this->title= $this->config->get('title', 'main'); $this->description= $this->config->get('description', 'metadata'); $this->keywords= $this->config->get('keywords', 'metadata'); $this->author= $this->config->get('author', 'metadata'); # set webdir $this->webaddress= $this->config->get('webaddress', 'location'); $this->adminaddress= $this->config->get('adminaddress', 'location'); #set debug mode $this->debug= false; if ($this->config->get('debug', 'main') == "true") { $this->debug= true; } # To avoid sending 2 cookies, we disable the session.cookie from php. ini_set("session.use_cookies", "0"); /* we must send the dB connection object to the session handler!, and try to use the same session if previously existed! */ if ($this->mode != 'cron') { // @todo : update session manager to use something better $GLOBALS['ADODB_SESS_CONN'] = $this->db; ADODB_Session :: lifetime($this->expiretime); // warn: si el porcentaje gc es muy alto, puede q nunca mueran las sesiones if (!isset ($_COOKIE["OOB_Session"])) { session_start(); // expire on about 15 days, expire time handled by session setcookie("OOB_Session", session_id(), time() + 1209600, "/"); } else { session_id($_COOKIE["OOB_Session"]); session_start(); } // cross-site-scripting protection (phpsecurity consortium, recomendation) // fixed to work when the client does not provide user/agent. if (isset ($_SERVER['HTTP_USER_AGENT'])) $agent = $_SERVER['HTTP_USER_AGENT']; else $agent = "unknown"; if (isset ($_SESSION['HTTP_USER_AGENT'])) { if ($_SESSION['HTTP_USER_AGENT'] != md5($agent)) { // si el agente cambia, la sesion se muere session_destroy(); //throw new OOB_exception("Sesion no válida desde {$agent}", "403", "Sus datos de comprobación de sesión no concuerdan, vuelva a ingresar al sitio.", true); } } else { $_SESSION['HTTP_USER_AGENT']= md5($agent); } } }