Exemplo n.º 1
0
 /**
  * Fetch the current session data if it exists
  *
  * @access	public
  * @return	bool
  */
 function sess_read()
 {
     // Fetch the cookie
     $session = $this->CI->input->cookie($this->sess_cookie_name);
     // No cookie?  Goodbye cruel world!...
     if ($session === FALSE) {
         log_message('debug', 'A session cookie was not found.');
         return FALSE;
     }
     // Decrypt the cookie data
     if ($this->sess_encrypt_cookie == TRUE) {
         $session = $this->CI->encrypt->decode($session);
     } else {
         // encryption was not used, so we need to check the md5 hash
         $hash = substr($session, strlen($session) - 32);
         // get last 32 chars
         $session = substr($session, 0, strlen($session) - 32);
         // Does the md5 hash match?  This is to prevent manipulation of session data in userspace
         if ($hash !== md5($session . $this->encryption_key)) {
             log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
             $this->sess_destroy();
             return FALSE;
         }
     }
     // Unserialize the session array
     $session = $this->_unserialize($session);
     // Is the session data we unserialized an array with the correct format?
     if (!is_array($session) or !isset($session['session_id']) or !isset($session['ip_address']) or !isset($session['user_agent']) or !isset($session['last_activity'])) {
         $this->sess_destroy();
         return FALSE;
     }
     // Is the session current?
     if ($session['last_activity'] + $this->sess_expiration < $this->now) {
         $this->sess_destroy();
         return FALSE;
     }
     // Does the IP Match?
     if ($this->sess_match_ip == TRUE and $session['ip_address'] != $this->CI->input->ip_address()) {
         $this->sess_destroy();
         return FALSE;
     }
     // Does the User Agent Match?
     if ($this->sess_match_useragent == TRUE and trim($session['user_agent']) != trim(substr($this->CI->input->user_agent(), 0, 120))) {
         $this->sess_destroy();
         return FALSE;
     }
     // Is there a corresponding session in the DB?
     if ($this->sess_use_database === TRUE) {
         // $this->CI->db->where('session_id', $session['session_id']);
         SessionData::addConditions($conditions, 'session_id = ?', $session['session_id']);
         if ($this->sess_match_ip == TRUE) {
             SessionData::addConditions($conditions, 'ip_address = ?', $session['ip_address']);
             // $this->CI->db->where('ip_address', $session['ip_address']);
         }
         if ($this->sess_match_useragent == TRUE) {
             SessionData::addConditions($conditions, 'user_agent = ?', $session['user_agent']);
             // $this->CI->db->where('user_agent', $session['user_agent']);
         }
         if (!($sessionObj = SessionData::find('one', array('conditions' => $conditions)))) {
             $this->sess_destroy();
             return FALSE;
         }
         // $query = $this->CI->db->get($this->sess_table_name);
         // No result?  Kill it!
         // if ($query->num_rows() == 0)
         // {
         // 	$this->sess_destroy();
         // 	return FALSE;
         // }
         // Is there custom data?  If so, add it to the main session array
         // $row = $query->row();
         // if (isset($row->user_data) AND $row->user_data != '')
         // {
         // 	$custom_data = $this->_unserialize($row->user_data);
         // 	if (is_array($custom_data))
         // 	{
         // 		foreach ($custom_data as $key => $val)
         // 		{
         // 			$session[$key] = $val;
         // 		}
         // 	}
         // }
         if ($sessionObj->user_data != '') {
             $custom_data = $this->_unserialize($sessionObj->user_data);
             if (is_array($custom_data)) {
                 foreach ($custom_data as $key => $val) {
                     $session[$key] = $val;
                 }
             }
         }
     }
     // Session is valid!
     $this->userdata = $session;
     unset($session);
     return TRUE;
 }