function write($key, $val)
{
global $ADODB_SESSION_READONLY;
if (!empty($ADODB_SESSION_READONLY)) {
return;
}
$clob = ADODB_Session::clob();
$conn =& ADODB_Session::_conn();
$crc = ADODB_Session::_crc();
$data = ADODB_Session::dataFieldName();
$debug = ADODB_Session::debug();
$driver = ADODB_Session::driver();
$expire_notify = ADODB_Session::expireNotify();
$filter = ADODB_Session::filter();
$lifetime = ADODB_Session::lifetime();
$table = ADODB_Session::table();
if (!$conn) {
return false;
}
$qkey = $conn->qstr($key);
//assert('$table');
$expiry = time() + $lifetime;
$binary = $conn->dataProvider === 'mysql' ? '/*! BINARY */' : '';
// crc32 optimization since adodb 2.1
// now we only update expiry date, thx to sebastian thom in adodb 2.32
if ($crc !== false && $crc == strlen($val) . crc32($val)) {
if ($debug) {
ADOConnection::outp('<p>Session: Only updating date - crc32 not changed</p>');
}
$expirevar = '';
if ($expire_notify) {
$var = reset($expire_notify);
global ${$var};
if (isset(${$var})) {
$expirevar = ${$var};
}
}
$sql = "UPDATE {$table} SET expiry = " . $conn->Param('0') . ",expireref=" . $conn->Param('1') . " WHERE {$binary} sesskey = " . $conn->Param('2') . " AND expiry >= " . $conn->Param('3');
$rs =& $conn->Execute($sql, array($expiry, $expirevar, $key, time()));
return true;
}
$val = rawurlencode($val);
foreach ($filter as $f) {
if (is_object($f)) {
$val = $f->write($val, ADODB_Session::_sessionKey());
}
}
$arr = array('sesskey' => $key, 'expiry' => $expiry, $data => $val, 'expireref' => '');
if ($expire_notify) {
$var = reset($expire_notify);
global ${$var};
if (isset(${$var})) {
$arr['expireref'] = ${$var};
}
}
if (!$clob) {
// no lobs, simply use replace()
$arr[$data] = $conn->qstr($val);
$rs = $conn->Replace($table, $arr, 'sesskey', $autoQuote = true);
} else {
// what value shall we insert/update for lob row?
switch ($driver) {
// empty_clob or empty_lob for oracle dbs
case 'oracle':
case 'oci8':
case 'oci8po':
case 'oci805':
$lob_value = sprintf('empty_%s()', strtolower($clob));
break;
// null for all other
// null for all other
default:
$lob_value = 'null';
break;
}
$conn->StartTrans();
$expiryref = $conn->qstr($arr['expireref']);
// do we insert or update? => as for sesskey
$rs =& $conn->Execute("SELECT COUNT(*) AS cnt FROM {$table} WHERE {$binary} sesskey = {$qkey}");
if ($rs && reset($rs->fields) > 0) {
$sql = "UPDATE {$table} SET expiry = {$expiry}, {$data} = {$lob_value}, expireref={$expiryref} WHERE sesskey = {$qkey}";
} else {
$sql = "INSERT INTO {$table} (expiry, {$data}, sesskey,expireref) VALUES ({$expiry}, {$lob_value}, {$qkey},{$expiryref})";
}
if ($rs) {
$rs->Close();
}
$err = '';
$rs1 =& $conn->Execute($sql);
if (!$rs1) {
$err = $conn->ErrorMsg() . "\n";
}
$rs2 =& $conn->UpdateBlob($table, $data, $val, " sesskey={$qkey}", strtoupper($clob));
if (!$rs2) {
$err .= $conn->ErrorMsg() . "\n";
}
$rs = $rs && $rs2 ? true : false;
$conn->CompleteTrans();
}
if (!$rs) {
ADOConnection::outp('<p>Session Replace: ' . $conn->ErrorMsg() . '</p>', false);
return false;
} else {
// bug in access driver (could be odbc?) means that info is not committed
// properly unless select statement executed in Win2000
if ($conn->databaseType == 'access') {
$sql = "SELECT sesskey FROM {$table} WHERE {$binary} sesskey = {$qkey}";
$rs =& $conn->Execute($sql);
ADODB_Session::_dumprs($rs);
if ($rs) {
$rs->Close();
}
}
}
/*
if (ADODB_Session::Lock()) {
$conn->CommitTrans();
}*/
return $rs ? true : false;
}
$ADODB_SESSION_USE_LOBS = $clob;
$ADODB_SESS_DEBUG = $debug;
$ADODB_SESS_LIFE = $lifetime;
if ($optimize) {
define('ADODB_SESSION_OPTIMIZE', $optimize);
}
define('ADODB_SESSION_SYNCH_SECS', $sync_seconds);
if (class_exists('ADODB_Session')) {
ADODB_Session::clob($clob);
ADODB_Session::dataFieldName($data_field_name);
ADODB_Session::database($database);
ADODB_Session::debug($debug);
ADODB_Session::driver($driver);
ADODB_Session::filter($filters);
ADODB_Session::host($host);
ADODB_Session::lifetime($lifetime);
ADODB_Session::optimize($optimize);
ADODB_Session::password($password);
ADODB_Session::syncSeconds($sync_seconds);
ADODB_Session::table($table);
ADODB_Session::user($user);
}
function NotifyFn($var, $sesskey)
{
echo "NotifyFn({$var}, {$sesskey}) called<br />\n";
}
if ($expire_notify) {
$ADODB_SESSION_EXPIRE_NOTIFY = array('debug', 'NotifyFn');
if (class_exists('ADODB_Session')) {
ADODB_Session::expireNotify(array('debug', 'NotifyFn'));
}
static function write($key, $oval)
{
global $ADODB_SESSION_READONLY;
if (!empty($ADODB_SESSION_READONLY)) {
return;
}
$clob = ADODB_Session::clob();
$conn = ADODB_Session::_conn();
$crc = ADODB_Session::_crc();
$debug = ADODB_Session::debug();
$driver = ADODB_Session::driver();
$expire_notify = ADODB_Session::expireNotify();
$filter = ADODB_Session::filter();
$lifetime = ADODB_Session::lifetime();
$table = ADODB_Session::table();
if (!$conn) {
return false;
}
if ($debug) {
$conn->debug = 1;
}
$sysTimeStamp = $conn->sysTimeStamp;
//assert('$table');
$expiry = $conn->OffsetDate($lifetime / (24 * 3600), $sysTimeStamp);
$binary = $conn->dataProvider === 'mysql' ? '/*! BINARY */' : '';
// crc32 optimization since adodb 2.1
// now we only update expiry date, thx to sebastian thom in adodb 2.32
if ($crc !== '00' && $crc !== false && $crc == strlen($oval) . crc32($oval)) {
if ($debug) {
echo '<p>Session: Only updating date - crc32 not changed</p>';
}
$expirevar = '';
if ($expire_notify) {
$var = reset($expire_notify);
global ${$var};
if (isset(${$var})) {
$expirevar = ${$var};
}
}
$sql = "UPDATE {$table} SET expiry = {$expiry} ,expireref=" . $conn->Param('0') . ", modified = {$sysTimeStamp} WHERE {$binary} sesskey = " . $conn->Param('1') . " AND expiry >= {$sysTimeStamp}";
$rs = $conn->Execute($sql, array($expirevar, $key));
return true;
}
$val = rawurlencode($oval);
foreach ($filter as $f) {
if (is_object($f)) {
$val = $f->write($val, ADODB_Session::_sessionKey());
}
}
$expireref = '';
if ($expire_notify) {
$var = reset($expire_notify);
global ${$var};
if (isset(${$var})) {
$expireref = ${$var};
}
}
if (!$clob) {
// no lobs, simply use replace()
$rs = $conn->Execute("SELECT COUNT(*) AS cnt FROM {$table} WHERE {$binary} sesskey = " . $conn->Param(0), array($key));
if ($rs) {
$rs->Close();
}
if ($rs && reset($rs->fields) > 0) {
$sql = "UPDATE {$table} SET expiry={$expiry}, sessdata=" . $conn->Param(0) . ", expireref= " . $conn->Param(1) . ",modified={$sysTimeStamp} WHERE sesskey = " . $conn->Param(2);
} else {
$sql = "INSERT INTO {$table} (expiry, sessdata, expireref, sesskey, created, modified)\n\t\t\t\t\tVALUES ({$expiry}," . $conn->Param('0') . ", " . $conn->Param('1') . ", " . $conn->Param('2') . ", {$sysTimeStamp}, {$sysTimeStamp})";
}
$rs = $conn->Execute($sql, array($val, $expireref, $key));
} else {
// what value shall we insert/update for lob row?
if (strncmp($driver, 'oci8', 4) == 0) {
$lob_value = sprintf('empty_%s()', strtolower($clob));
} else {
$lob_value = 'null';
}
$conn->StartTrans();
$rs = $conn->Execute("SELECT COUNT(*) AS cnt FROM {$table} WHERE {$binary} sesskey = " . $conn->Param(0), array($key));
if ($rs && reset($rs->fields) > 0) {
$sql = "UPDATE {$table} SET expiry={$expiry}, sessdata={$lob_value}, expireref= " . $conn->Param(0) . ",modified={$sysTimeStamp} WHERE sesskey = " . $conn->Param('1');
} else {
$sql = "INSERT INTO {$table} (expiry, sessdata, expireref, sesskey, created, modified)\n\t\t\t\t\tVALUES ({$expiry},{$lob_value}, " . $conn->Param('0') . ", " . $conn->Param('1') . ", {$sysTimeStamp}, {$sysTimeStamp})";
}
$rs = $conn->Execute($sql, array($expireref, $key));
$qkey = $conn->qstr($key);
$rs2 = $conn->UpdateBlob($table, 'sessdata', $val, " sesskey={$qkey}", strtoupper($clob));
if ($debug) {
echo "<hr>", htmlspecialchars($oval), "<hr>";
}
$rs = @$conn->CompleteTrans();
}
if (!$rs) {
ADOConnection::outp('<p>Session Replace: ' . $conn->ErrorMsg() . '</p>', false);
return false;
} else {
// bug in access driver (could be odbc?) means that info is not committed
// properly unless select statement executed in Win2000
if ($conn->databaseType == 'access') {
$sql = "SELECT sesskey FROM {$table} WHERE {$binary} sesskey = {$qkey}";
$rs = $conn->Execute($sql);
ADODB_Session::_dumprs($rs);
if ($rs) {
$rs->Close();
}
}
}
/*
if (ADODB_Session::Lock()) {
$conn->CommitTrans();
}*/
return $rs ? true : false;
}
/** Loads config vars, and sets general stuff as PATH */
private function initializeEnviromental()
{
$this->expiretime= $this->config->get('expires', 'metadata');
$this->allowcache= true;
if ($this->config->get('allow-cache', 'main') == "false")
{
$this->allowcache= false;
}
# set headers
//header('Date: '.gmdate('D, d M Y H:i:s \G\M\T', time()));
header('Last-Modified: '.gmdate('D, d M Y H:i:s \G\M\T', time()));
//header('Expires: '.gmdate('D, d M Y H:i:s \G\M\T', time() + $this->expiretime));
# set path
$this->filesdir = $this->config->get('filesdir', 'location');
$this->cachedir = $this->config->get('cachedir', 'location');
// (hace algo?)
// $path= ini_get("include_path");
// if (trim($path) != '')
// $path .= PATH_SEPARATOR.$this->filesdir;
// else
// $path= $this->filesdir;
// ini_set("include_path", $path);
# directorios
// $this->cachedir= $this->filesdir.DIRECTORY_SEPARATOR.'archivos'.DIRECTORY_SEPARATOR.'cache';
$this->enginedir = $this->filesdir.DIRECTORY_SEPARATOR.'oob';
$this->libsdir = $this->filesdir.DIRECTORY_SEPARATOR.'oob'.DIRECTORY_SEPARATOR.'librerias';
# set title & metadata
$this->title= $this->config->get('title', 'main');
$this->description= $this->config->get('description', 'metadata');
$this->keywords= $this->config->get('keywords', 'metadata');
$this->author= $this->config->get('author', 'metadata');
# set webdir
$this->webaddress= $this->config->get('webaddress', 'location');
$this->adminaddress= $this->config->get('adminaddress', 'location');
#set debug mode
$this->debug= false;
if ($this->config->get('debug', 'main') == "true")
{
$this->debug= true;
}
# To avoid sending 2 cookies, we disable the session.cookie from php.
ini_set("session.use_cookies", "0");
/* we must send the dB connection object to the session handler!,
and try to use the same session if previously existed! */
if ($this->mode != 'cron')
{
// @todo : update session manager to use something better
$GLOBALS['ADODB_SESS_CONN'] = $this->db;
ADODB_Session :: lifetime($this->expiretime); // warn: si el porcentaje gc es muy alto, puede q nunca mueran las sesiones
if (!isset ($_COOKIE["OOB_Session"]))
{
session_start();
// expire on about 15 days, expire time handled by session
setcookie("OOB_Session", session_id(), time() + 1209600, "/");
}
else
{
session_id($_COOKIE["OOB_Session"]);
session_start();
}
// cross-site-scripting protection (phpsecurity consortium, recomendation)
// fixed to work when the client does not provide user/agent.
if (isset ($_SERVER['HTTP_USER_AGENT']))
$agent = $_SERVER['HTTP_USER_AGENT'];
else
$agent = "unknown";
if (isset ($_SESSION['HTTP_USER_AGENT']))
{
if ($_SESSION['HTTP_USER_AGENT'] != md5($agent))
{
// si el agente cambia, la sesion se muere
session_destroy();
//throw new OOB_exception("Sesion no válida desde {$agent}", "403", "Sus datos de comprobación de sesión no concuerdan, vuelva a ingresar al sitio.", true);
}
}
else
{
$_SESSION['HTTP_USER_AGENT']= md5($agent);
}
}
}
