/** * @see SessionFactory::create() */ public function create() { // get spider information $spider = $this->isSpider(UserUtil::getUserAgent()); if ($spider) { if (($session = $this->getExistingSpiderSession($spider['spiderID'])) !== null) { if (!$session->isCorrupt()) { return $session; } } } // create new session hash $sessionID = StringUtil::getRandomID(); // check cookies for userID & password require_once WCF_DIR . 'lib/system/auth/UserAuth.class.php'; $user = UserAuth::getInstance()->loginAutomatically(true, $this->userClassName); if ($user === null) { // no valid user found // create guest user $user = new $this->guestClassName(); } // update user session $user->update(); if ($user->userID != 0) { // user is no guest // delete all other sessions of this user Session::deleteSessions($user->userID, true, false); } $requestMethod = !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : ''; // insert session into database $sql = "INSERT INTO \twcf" . WCF_N . "_session\n\t\t\t\t\t(sessionID, packageID, userID, ipAddress, userAgent,\n\t\t\t\t\tlastActivityTime, requestURI, requestMethod,\n\t\t\t\t\tusername" . ($spider ? ", spiderID" : "") . ")\n\t\t\tVALUES\t\t('" . $sessionID . "',\n\t\t\t\t\t" . PACKAGE_ID . ",\n\t\t\t\t\t" . $user->userID . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getIpAddress()) . "',\n\t\t\t\t\t'" . escapeString(UserUtil::getUserAgent()) . "',\n\t\t\t\t\t" . TIME_NOW . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getRequestURI()) . "',\n\t\t\t\t\t'" . escapeString($requestMethod) . "',\n\t\t\t\t\t'" . ($spider ? escapeString($spider['spiderName']) : escapeString($user->username)) . "'\n\t\t\t\t\t" . ($spider ? ", " . $spider['spiderID'] : "") . ")"; WCF::getDB()->sendQuery($sql); // save user data $serializedUserData = ''; if (ENABLE_SESSION_DATA_CACHE && get_class(WCF::getCache()->getCacheSource()) == 'MemcacheCacheSource') { require_once WCF_DIR . 'lib/system/cache/source/MemcacheAdapter.class.php'; MemcacheAdapter::getInstance()->getMemcache()->set('session_userdata_-' . $sessionID, $user); } else { $serializedUserData = serialize($user); try { $sql = "INSERT INTO \twcf" . WCF_N . "_session_data\n\t\t\t\t\t\t\t(sessionID, userData)\n\t\t\t\t\tVALUES \t\t('" . $sessionID . "',\n\t\t\t\t\t\t\t'" . escapeString($serializedUserData) . "')"; WCF::getDB()->sendQuery($sql); } catch (DatabaseException $e) { // horizon update workaround $sql = "UPDATE \twcf" . WCF_N . "_session\n\t\t\t\t\tSET\tuserData = '" . escapeString($serializedUserData) . "'\n\t\t\t\t\tWHERE\tsessionID = '" . $sessionID . "'"; WCF::getDB()->sendQuery($sql); } } // return new session object return new $this->sessionClassName(null, array('sessionID' => $sessionID, 'packageID' => PACKAGE_ID, 'userID' => $user->userID, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => $requestMethod, 'userData' => $serializedUserData, 'sessionVariables' => '', 'username' => $spider ? $spider['spiderName'] : $user->username, 'spiderID' => $spider ? $spider['spiderID'] : 0, 'isNew' => true)); }
/** * Handles the given resultset. Stores database data in this session object. * * @param array $row */ protected function handleData($data) { parent::handleData($data); if ($this->sessionID) { // validate session if (!$this->validate()) { $this->data['sessionID'] = false; return; } $this->data['lastRequestURI'] = $this->requestURI; $this->data['lastRequestMethod'] = $this->requestMethod; $this->data['ipAddress'] = UserUtil::getIpAddress(); $this->data['userAgent'] = UserUtil::getUserAgent(); $this->data['requestURI'] = UserUtil::getRequestURI(); $this->data['requestMethod'] = !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : ''; // handle data if (ENABLE_SESSION_DATA_CACHE && get_class(WCF::getCache()->getCacheSource()) == 'MemcacheCacheSource') { require_once WCF_DIR . 'lib/system/cache/source/MemcacheAdapter.class.php'; // get user data $this->user = MemcacheAdapter::getInstance()->getMemcache()->get($this->sessionTable . '_userdata_' . $this->sessionID); // get session variables $this->sessionVariables = MemcacheAdapter::getInstance()->getMemcache()->get($this->sessionTable . '_variables_' . $this->sessionID); if (!is_array($this->sessionVariables)) { $this->sessionVariables = array(); } // package changed; reset user data if ($this->data['packageID'] != PACKAGE_ID) { $this->user = null; } } else { // package changed; reset user data if ($this->data['packageID'] != PACKAGE_ID) { $this->data['userData'] = ''; } //$this->data['packageID'] = PACKAGE_ID; // unserialize the variables of this session @($this->sessionVariables = unserialize($data['sessionVariables'])); if (!is_array($this->sessionVariables)) { $this->sessionVariables = array(); } // unserialize the user object of this session @($this->user = unserialize($this->userData)); unset($this->data['userData']); } // check whether the user object is valid if (!is_object($this->user) || $this->userID != 0 && !$this->user instanceof $this->userSessionClassName || $this->userID == 0 && !$this->user instanceof $this->guestSessionClassName) { // create a new user object $this->createUser($this->userID != 0 ? $this->userID : null); } // generate security token $this->initSecurityToken(); } }
/** * Creates a new session. * * Generates a new session hash, inserts the new session into database * and returns the object of the created session. * * @return Session $session */ public function create() { // create new session hash $sessionID = StringUtil::getRandomID(); // get user automatically if (!defined('NO_IMPORTS')) { require_once WCF_DIR . 'lib/system/auth/UserAuth.class.php'; } $user = UserAuth::getInstance()->loginAutomatically(); // create user if ($user === null) { // no valid user found // create guest user $user = new $this->userClassName(); } // update user session $user->update(); // insert session into database $requestMethod = !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : ''; $sql = "INSERT INTO \twcf" . WCF_N . "_acp_session\n\t\t\t\t\t(sessionID, packageID, userID, ipAddress, userAgent, lastActivityTime, requestURI, requestMethod)\n\t\t\tVALUES \t\t('" . $sessionID . "',\n\t\t\t\t\t" . PACKAGE_ID . ",\n\t\t\t\t\t" . $user->userID . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getIpAddress()) . "',\n\t\t\t\t\t'" . escapeString(UserUtil::getUserAgent()) . "',\n\t\t\t\t\t" . TIME_NOW . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getRequestURI()) . "',\n\t\t\t\t\t'" . escapeString($requestMethod) . "')"; WCF::getDB()->sendQuery($sql); // save user data $serializedUserData = ''; if (ENABLE_SESSION_DATA_CACHE && get_class(WCF::getCache()->getCacheSource()) == 'MemcacheCacheSource') { require_once WCF_DIR . 'lib/system/cache/source/MemcacheAdapter.class.php'; MemcacheAdapter::getInstance()->getMemcache()->set('acp_session_userdata_' . $sessionID, $user); } else { $serializedUserData = serialize($user); try { $sql = "INSERT INTO \twcf" . WCF_N . "_acp_session_data\n\t\t\t\t\t\t\t(sessionID, userData)\n\t\t\t\t\tVALUES \t\t('" . $sessionID . "',\n\t\t\t\t\t\t\t'" . escapeString($serializedUserData) . "')"; WCF::getDB()->sendQuery($sql); } catch (DatabaseException $e) { // horizon update workaround $sql = "UPDATE \twcf" . WCF_N . "_acp_session\n\t\t\t\t\tSET\tuserData = '" . escapeString($serializedUserData) . "'\n\t\t\t\t\tWHERE\tsessionID = '" . $sessionID . "'"; WCF::getDB()->sendQuery($sql); } } // return new session object return new $this->sessionClassName(null, array('sessionID' => $sessionID, 'packageID' => PACKAGE_ID, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => $requestMethod, 'userData' => $serializedUserData, 'sessionVariables' => '', 'userID' => $user->userID, 'isNew' => true)); }