API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 20th, 2019
52
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.48 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. <?php
  3.  
  4. /*
  5. CREATE TABLE IF NOT EXISTS `sessions` (
  6. `se_id` varchar(50) NOT NULL DEFAULT '',
  7. `se_value` mediumblob,
  8. `se_expires` int(11) unsigned NOT NULL
  9. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  10.  
  11. ALTER TABLE `sessions`
  12. ADD PRIMARY KEY (`se_id`), ADD KEY `se_id` (`se_id`,`se_expires`);
  13. */
  14.  
  15. define( "MAXLIFETIME", 86400 );
  16. define( "DSN", "mysql:host=localhost;dbname=demo" );
  17. define( "DB_USER", "root" );
  18. define( "DB_PASS", "whatever..." );
  19.  
  20. final class MYSession{
  21. protected $_table_name = 'sessions';
  22. protected $_primary_key = 'se_id';
  23. protected $_where = array();
  24. protected $_order_by = 'se_id';
  25.  
  26. protected $data = array( "se_id" => "",
  27. "se_value" => "",
  28. "se_expires" => ""
  29. );
  30.  
  31. public $se_id;
  32. public $se_id_old;
  33. public $db;
  34. private $sessionName;
  35.  
  36. //public $maxlifetime = get_cfg_var("session.gc_maxlifetime");
  37. public $maxlifetime;
  38. private $path;
  39. private $domain;
  40. private $secure;
  41. private $httponly;
  42.  
  43. public function setParams(){
  44. ini_set( 'session.gc_probability', 1 ) ;
  45. ini_set( 'session.gc_divisor', 100 );
  46. ini_set( "session.use_only_cookies", TRUE );
  47. ini_set( "session.use_trans_sid", FALSE );
  48. ini_set( "session.use_only_cookies", "1" );
  49. ini_set( "session.entropy_file", "1" );
  50. }
  51.  
  52. public function startSession( $sessionName, $maxlifetime = FALSE, $path = FALSE, $domain = FALSE, $secure = FALSE, $httponly = FALSE ){
  53.  
  54. $this->setParams();
  55.  
  56. if( $maxlifetime ){ $this->maxlifetime = $maxlifetime; }
  57. else{ $this->maxlifetime = 0; }
  58.  
  59. if( $path ){ $this->path = $path; }
  60. else{ $this->path = "/"; }
  61.  
  62. if( $domain ){ $this->domain = $domain; }
  63. else{ $this->domain = NULL; }
  64.  
  65. if( $secure ){ $this->secure = $secure; }
  66. else{ $this->secure = isset( $_SERVER[ 'HTTPS' ] ); }
  67.  
  68. if( $httponly ){ $this->httponly = $httponly; }
  69. else{ $this->httponly = TRUE; }
  70.  
  71. $this->setSessionCookieData();
  72.  
  73. $this->sessionName = $sessionName;
  74.  
  75. session_name( $this->sessionName );
  76.  
  77. session_set_save_handler(
  78. array( $this, "open" ),
  79. array( $this, "close" ),
  80. array( $this, "read" ),
  81. array( $this, "write" ),
  82. array( $this, "destroy" ),
  83. array( $this, "gc" )
  84. );
  85. session_start();
  86. session_regenerate_id( TRUE );
  87. $this->se_id = session_id();
  88. $this->gc( $this->maxlifetime );
  89.  
  90. return $this->se_id;
  91. }
  92.  
  93.  
  94. public function setSessionCookieData(){
  95. return session_set_cookie_params( $this->maxlifetime, $this->path, $this->domain, $this->secure, $this->httponly );
  96. }
  97.  
  98. public function getSessionCookieData(){
  99. $sessionCookieDataArray = array();
  100. $sessionCookieDataArray = session_get_cookie_params( );
  101. return $sessionCookieDataArray;
  102. }
  103.  
  104. //---------------------------------------------------------------------------------------------------
  105. public function __destruct(){ session_write_close(); }
  106.  
  107. public function newSessid(){ return $this->se_id; }
  108.  
  109. public function oldSessid(){ return $this->se_id_old; }
  110.  
  111. public function open( $path, $se_id ){
  112. try{
  113. $this->db = new PDO( DSN, DB_USER, DB_PASS );
  114. $this->db->setAttribute( PDO::ATTR_PERSISTENT, TRUE );
  115. $this->db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
  116. }
  117. catch( PDOException $error ){ echo 'Error: '.$error->getMessage(); }
  118. return TRUE;
  119. }
  120.  
  121. public function close(){
  122. $this->db = "";
  123. return TRUE;
  124. }
  125.  
  126. public function read( $se_id ){
  127. $sql = "SELECT se_value FROM ". $this->_table_name. " WHERE se_id = :se_id";
  128. try{
  129. $statement = $this->db->prepare( $sql );
  130. $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
  131. $statement->execute();
  132. $result = $statement->fetch( PDO::FETCH_ASSOC );
  133. }
  134. catch( PDOException $error ){ die( "Unable to access to database read1" ); }
  135.  
  136. if( !empty( $result[ "se_value" ] ) ){
  137. $sql = "UPDATE ". $this->_table_name. " SET se_expires = UNIX_TIMESTAMP( UTC_TIMESTAMP() ) WHERE se_id = :se_id";
  138. try{
  139. $statement = $this->db->prepare( $sql );
  140. $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
  141. $statement->execute();
  142. }
  143. catch( PDOException $error ){ die( "Unable to access to database read2" ); }
  144. }
  145. return $result[ "se_value" ];
  146. }
  147.  
  148. public function write( $se_id, $se_val ){
  149. $sql = "SELECT * FROM " . $this->_table_name . " WHERE se_id = :se_id AND se_value = :se_val";
  150.  
  151. try{
  152. $statement = $this->db->prepare( $sql );
  153. $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
  154. $statement->bindValue( ":se_val", $se_val, PDO::PARAM_STR );
  155. $statement->execute();
  156.  
  157. if( $statement->fetch() ){
  158. $sql= "UPDATE ". $this->_table_name. " SET se_value = :se_val, se_expires = UNIX_TIMESTAMP( UTC_TIMESTAMP()) WHERE se_id = :se_id";
  159. $statement = $this->db->prepare( $sql );
  160. $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
  161. $statement->bindValue( ":se_val", $se_val, PDO::PARAM_STR );
  162. $statement->execute();
  163. }
  164. else{
  165. $sql = "INSERT INTO ". $this->_table_name. " ( se_id, se_value, se_expires ) VALUES( :se_id, :se_val, UNIX_TIMESTAMP( UTC_TIMESTAMP()) )";
  166. $statement = $this->db->prepare( $sql );
  167. $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
  168. $statement->bindValue( ":se_val", $se_val, PDO::PARAM_STR );
  169. $statement->execute();
  170. }
  171. }
  172. catch( PDOException $error ){ die( "Unable to insert or update database" ); }
  173. }
  174.  
  175. public function destroy( $se_id ){
  176. $sql = "DELETE FROM ". $this->_table_name. " WHERE se_id = :se_id";
  177. try{
  178. $statement = $this->db->prepare( $sql );
  179. $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
  180. $control_var= $statement->execute();
  181. }
  182. catch( PDOException $error ){ die( "Unable to destroy data in database" ); }
  183.  
  184. $this->gc( $this->maxlifetime );
  185. return ( $control_var );
  186. }
  187.  
  188. public function gc( $maxlifetime ){
  189. $sql = "DELETE FROM ". $this->_table_name. " WHERE UNIX_TIMESTAMP( UTC_TIMESTAMP() ) - se_expires > :maxlifetime";
  190. try{
  191. $statement = $this->db->prepare( $sql );
  192. $statement->bindValue( ":maxlifetime", $this->maxlifetime, PDO::PARAM_INT );
  193. $control_var = $statement->execute();
  194. }
  195. catch( PDOException $error ){ die( "Unable to select from database_" ); }
  196. return ( $control_var );
  197. }
  198.  
  199. public function regenerateId( ){
  200. $this->gc( $this->maxlifetime );
  201.  
  202. $old_sessid = $this->se_id;
  203. session_regenerate_id( TRUE );
  204. $new_sessid = session_id();
  205.  
  206. $sql = "UPDATE ". $this->_table_name. " SET se_id = :new_sessid WHERE se_id = :old_sessid";
  207. try{
  208. $statement = $this->db->prepare( $sql );
  209. $statement->bindValue( ":new_sessid", $new_sessid, PDO::PARAM_STR );
  210. $statement->bindValue( ":old_sessid", $old_sessid, PDO::PARAM_STR );
  211. $control_var = $statement->execute();
  212.  
  213. $this->se_id = $new_sessid;
  214. $this->se_id_old = $old_sessid;
  215. }
  216. catch( PDOException $error ){ die( "Unable to select from database_REGID" ); }
  217. return $new_sessid;
  218. }
  219. //---------------------------------------------------------------------------------------------------
  220.  
  221. public function destroySession(){
  222. if( ini_get( "session.use_cookies" ) ){
  223. $params = session_get_cookie_params();
  224. setcookie( $this->sessionName, '',
  225. time() - 42000,
  226. $params["path"],
  227. $params["domain"],
  228. $params["secure"],
  229. $params["httponly"]
  230. );
  231. }
  232. $_SESSION[ $this->sessionName ] = array();
  233. unset( $_SESSION[ $this->sessionName ] );
  234. session_unset( $this->sessionName );
  235. session_destroy();
  236. }
  237.  
  238. public function generateSessionName( $brojZnakova ){
  239. return substr( $this->generateId(), 0, $brojZnakova );
  240. }
  241.  
  242. //---------------------------------------------------------------------------------------------------
  243.  
  244. public function generateId(){ //private
  245. $salt = 'x7^!bo3p,.$$!$6[&Q.#,//@i"%[X';
  246. $random_number = mt_rand( 0, mt_getrandmax() );
  247. $ip_address_fragment = md5( substr( $_SERVER['REMOTE_ADDR'], 0, 5 ) );
  248. $timestamp = md5( microtime( TRUE ).time() );
  249.  
  250. $hash_data = $random_number . $ip_address_fragment . $salt . $timestamp;
  251. $hash = hash( 'sha256', $hash_data ); //'sha256', 'haval160,4', 'md5'
  252.  
  253. return trim( $hash );
  254. }
  255.  
  256. }
  257.  
  258. $newSession = new MYSession();
  259. $newSession->setParams();
  260. $newSession->startSession( 'newSession' );
  261.  
  262. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!