Native Session for CodeIgniter 2

1. <?php
2. if (!defined('BASEPATH'))
3. {
4.   exit('No direct script access allowed');
5. }
6.  
7. /**
8. * Code Igniter
9. *
10. * An open source application development framework for PHP 4.3.2 or newer
11. *
12. * @package     CodeIgniter
13. * @author      Dariusz Debowczyk
14. * @copyright   Copyright (c) 2006, D.Debowczyk
15. * @license     http://www.codeignitor.com/user_guide/license.html
16. * @link        http://www.codeigniter.com
17. * @since       Version 1.0
18. * @filesource
19. */
20. // ------------------------------------------------------------------------
21. /**
22. * Session class using native PHP session features and hardened against session fixation.
23. *
24. * @package     CodeIgniter
25. * @subpackage  Libraries
26. * @category    Sessions
27. * @author      Dariusz Debowczyk
28. * @link        http://www.codeigniter.com/user_guide/libraries/sessions.html
29. */
30. /**
31. * Adjusted some function for CodeIgniter 2
32. * @package     CodeIgniter
33. * @subpackage  Libraries
34. * @category    Sessions
35. * @author      kakilangit
36. */
37. class CI_Session {
38.   var $flash_key = 'flash';// prefix for "flash" variables (eg. flash:new:message)
39.   function __construct(){
40.     $this->object =& get_instance();
41.     log_message('debug', 'Native_session Class Initialized');
42.     $this->_sess_run();
43.   }
44.  
45.   /**
46.     * Regenerates session id
47.     */
48.   function regenerate_id(){// copy old session data, including its id
49.     $old_session_id = session_id();
50.     $old_session_data = $_SESSION;// regenerate session id and store it
51.     session_regenerate_id();
52.     $new_session_id = session_id();// switch to the old session and destroy its storage
53.     session_id($old_session_id);
54.     session_destroy();// switch back to the new session id and send the cookie
55.     session_id($new_session_id);
56.     session_start();// restore the old session data into the new session
57.     $_SESSION = $old_session_data;// update the session creation time
58.     $_SESSION['regenerated'] = time();// session_write_close() patch based on this thread
59.     // http://www.codeigniter.com/forums/viewthread/1624/
60.     // there is a question mark ?? as to side affects
61.     // end the current session and store session data.
62.     session_write_close();
63.   }
64.  
65.   /**
66.     * Destroys the session and erases session storage
67.     */
68.   function destroy(){
69.     unset($_SESSION);
70.    
71.     if (isset($_COOKIE['session_name()'] ) )
72.     {
73.       setcookie(session_name(), '', time()-42000, '/');
74.     }
75.    
76.     session_destroy();
77.   }
78.  
79.   function sess_destroy(){
80.     $this->destroy();
81.   }
82.  
83.   /**
84.     * Reads given session attribute value
85.     */
86.   function userdata($item){
87.    
88.     if ($item == 'session_id')
89.     {//added for backward-compatibility
90.       return session_id();
91.     }
92.     else
93.     {
94.       return(! isset($_SESSION[$item])) ? false : $_SESSION[$item];
95.     }
96.   }
97.  
98.   /**
99.     * Sets session attributes to the given values
100.     */
101.   function set_userdata($newdata = array(), $newval = ''){
102.    
103.     if (is_string($newdata))
104.     {
105.       $newdata = array($newdata => $newval);
106.     }
107.    
108.    
109.     if (count($newdata) > 0)
110.     {
111.      
112.       foreach ($newdata as $key => $val)
113.       {
114.         $_SESSION[$key] = $val;
115.       }
116.     }
117.   }
118.  
119.   /**
120.     * Erases given session attributes
121.     */
122.   function unset_userdata($newdata = array()){
123.    
124.     if (is_string($newdata))
125.     {
126.       $newdata = array($newdata => '');
127.     }
128.    
129.    
130.     if (count($newdata) > 0)
131.     {
132.      
133.       foreach ($newdata as $key => $val)
134.       {
135.         unset($_SESSION[$key]);
136.       }
137.     }
138.   }
139.  
140.   /**
141.     * Starts up the session system for current request
142.     */
143.   function _sess_run(){
144.     session_start();
145.     $session_id_ttl = $this->object->config->item('sess_expiration');
146.    
147.     if (is_numeric($session_id_ttl))
148.     {
149.      
150.       if ($session_id_ttl > 0)
151.       {
152.         $this->session_id_ttl = $this->object->config->item('sess_expiration');
153.       }
154.       else
155.       {
156.         $this->session_id_ttl = (60*60*24*365*2);
157.       }
158.     }
159.    
160.     // check if session id needs regeneration
161.    
162.     if ($this->_session_id_expired() )
163.     {// regenerate session id (session data stays the
164.       // same, but old session storage is destroyed)
165.       $this->regenerate_id();
166.     }
167.    
168.     // delete old flashdata (from last request)
169.     $this->_flashdata_sweep();// mark all new flashdata as old (data will be deleted before next request)
170.     $this->_flashdata_mark();
171.   }
172.  
173.   /**
174.     * Checks if session has expired
175.     */
176.   function _session_id_expired(){
177.    
178.     if (!isset($_SESSION['regenerated'] ) )
179.     {
180.       $_SESSION['regenerated'] = time();
181.       return false;
182.     }
183.    
184.     $expiry_time = time() - $this->session_id_ttl;
185.    
186.     if ($_SESSION['regenerated'] <= $expiry_time )
187.     {
188.       return true;
189.     }
190.    
191.     return false;
192.   }
193.  
194.   /**
195.     * Sets "flash" data which will be available only in next request (then it will
196.     * be deleted from session). You can use it to implement "Save succeeded" messages
197.     * after redirect.
198.     */
199.   function set_flashdata($newdata, $newval='') {
200.    
201.     if (is_string($newdata))
202.     {
203.       $newdata = array($newdata => $newval);
204.     }
205.    
206.    
207.     if (count($newdata) > 0)
208.     {
209.      
210.       foreach ($newdata as $key => $val)
211.       {
212.         $flash_key = $this->flash_key.':new:'.$key;
213.         $this->set_userdata($flash_key, $val);
214.       }
215.     }
216.   }
217.  
218.   /**
219.     * Keeps existing "flash" data available to next request.
220.     */
221.   function keep_flashdata($key){
222.     $old_flash_key = $this->flash_key.':old:'.$key;
223.     $value = $this->userdata($old_flash_key);
224.     $new_flash_key = $this->flash_key.':new:'.$key;
225.     $this->set_userdata($new_flash_key, $value);
226.   }
227.  
228.   /**
229.     * Returns "flash" data for the given key.
230.     */
231.   function flashdata($key){
232.     $flash_key = $this->flash_key.':old:'.$key;
233.     return $this->userdata($flash_key);
234.   }
235.  
236.   /**
237.     * PRIVATE: Internal method - marks "flash" session attributes as 'old'
238.     */
239.   function _flashdata_mark(){
240.    
241.     foreach ($_SESSION as $name => $value)
242.     {
243.       $parts = explode(':new:', $name);
244.      
245.       if (is_array($parts) && count($parts) == 2)
246.       {
247.         $new_name = $this->flash_key.':old:'.$parts[1];
248.         $this->set_userdata($new_name, $value);
249.         $this->unset_userdata($name);
250.       }
251.     }
252.   }
253.  
254.   /**
255.     * PRIVATE: Internal method - removes "flash" session marked as 'old'
256.     */
257.   function _flashdata_sweep(){
258.    
259.     foreach ($_SESSION as $name => $value)
260.     {
261.       $parts = explode(':old:', $name);
262.      
263.       if (is_array($parts) && count($parts) == 2 && $parts[0] == $this->flash_key)
264.       {
265.         $this->unset_userdata($name);
266.       }
267.     }
268.   }
269. }
270. ?>
271.