Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- <?php
- /*
- CREATE TABLE IF NOT EXISTS `sessions` (
- `se_id` varchar(50) NOT NULL DEFAULT '',
- `se_value` mediumblob,
- `se_expires` int(11) unsigned NOT NULL
- ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
- ALTER TABLE `sessions`
- ADD PRIMARY KEY (`se_id`), ADD KEY `se_id` (`se_id`,`se_expires`);
- */
- define( "MAXLIFETIME", 86400 );
- define( "DSN", "mysql:host=localhost;dbname=demo" );
- define( "DB_USER", "root" );
- define( "DB_PASS", "whatever..." );
- final class MYSession{
- protected $_table_name = 'sessions';
- protected $_primary_key = 'se_id';
- protected $_where = array();
- protected $_order_by = 'se_id';
- protected $data = array( "se_id" => "",
- "se_value" => "",
- "se_expires" => ""
- );
- public $se_id;
- public $se_id_old;
- public $db;
- private $sessionName;
- //public $maxlifetime = get_cfg_var("session.gc_maxlifetime");
- public $maxlifetime;
- private $path;
- private $domain;
- private $secure;
- private $httponly;
- public function setParams(){
- ini_set( 'session.gc_probability', 1 ) ;
- ini_set( 'session.gc_divisor', 100 );
- ini_set( "session.use_only_cookies", TRUE );
- ini_set( "session.use_trans_sid", FALSE );
- ini_set( "session.use_only_cookies", "1" );
- ini_set( "session.entropy_file", "1" );
- }
- public function startSession( $sessionName, $maxlifetime = FALSE, $path = FALSE, $domain = FALSE, $secure = FALSE, $httponly = FALSE ){
- $this->setParams();
- if( $maxlifetime ){ $this->maxlifetime = $maxlifetime; }
- else{ $this->maxlifetime = 0; }
- if( $path ){ $this->path = $path; }
- else{ $this->path = "/"; }
- if( $domain ){ $this->domain = $domain; }
- else{ $this->domain = NULL; }
- if( $secure ){ $this->secure = $secure; }
- else{ $this->secure = isset( $_SERVER[ 'HTTPS' ] ); }
- if( $httponly ){ $this->httponly = $httponly; }
- else{ $this->httponly = TRUE; }
- $this->setSessionCookieData();
- $this->sessionName = $sessionName;
- session_name( $this->sessionName );
- session_set_save_handler(
- array( $this, "open" ),
- array( $this, "close" ),
- array( $this, "read" ),
- array( $this, "write" ),
- array( $this, "destroy" ),
- array( $this, "gc" )
- );
- session_start();
- session_regenerate_id( TRUE );
- $this->se_id = session_id();
- $this->gc( $this->maxlifetime );
- return $this->se_id;
- }
- public function setSessionCookieData(){
- return session_set_cookie_params( $this->maxlifetime, $this->path, $this->domain, $this->secure, $this->httponly );
- }
- public function getSessionCookieData(){
- $sessionCookieDataArray = array();
- $sessionCookieDataArray = session_get_cookie_params( );
- return $sessionCookieDataArray;
- }
- //---------------------------------------------------------------------------------------------------
- public function __destruct(){ session_write_close(); }
- public function newSessid(){ return $this->se_id; }
- public function oldSessid(){ return $this->se_id_old; }
- public function open( $path, $se_id ){
- try{
- $this->db = new PDO( DSN, DB_USER, DB_PASS );
- $this->db->setAttribute( PDO::ATTR_PERSISTENT, TRUE );
- $this->db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
- }
- catch( PDOException $error ){ echo 'Error: '.$error->getMessage(); }
- return TRUE;
- }
- public function close(){
- $this->db = "";
- return TRUE;
- }
- public function read( $se_id ){
- $sql = "SELECT se_value FROM ". $this->_table_name. " WHERE se_id = :se_id";
- try{
- $statement = $this->db->prepare( $sql );
- $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
- $statement->execute();
- $result = $statement->fetch( PDO::FETCH_ASSOC );
- }
- catch( PDOException $error ){ die( "Unable to access to database read1" ); }
- if( !empty( $result[ "se_value" ] ) ){
- $sql = "UPDATE ". $this->_table_name. " SET se_expires = UNIX_TIMESTAMP( UTC_TIMESTAMP() ) WHERE se_id = :se_id";
- try{
- $statement = $this->db->prepare( $sql );
- $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
- $statement->execute();
- }
- catch( PDOException $error ){ die( "Unable to access to database read2" ); }
- }
- return $result[ "se_value" ];
- }
- public function write( $se_id, $se_val ){
- $sql = "SELECT * FROM " . $this->_table_name . " WHERE se_id = :se_id AND se_value = :se_val";
- try{
- $statement = $this->db->prepare( $sql );
- $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
- $statement->bindValue( ":se_val", $se_val, PDO::PARAM_STR );
- $statement->execute();
- if( $statement->fetch() ){
- $sql= "UPDATE ". $this->_table_name. " SET se_value = :se_val, se_expires = UNIX_TIMESTAMP( UTC_TIMESTAMP()) WHERE se_id = :se_id";
- $statement = $this->db->prepare( $sql );
- $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
- $statement->bindValue( ":se_val", $se_val, PDO::PARAM_STR );
- $statement->execute();
- }
- else{
- $sql = "INSERT INTO ". $this->_table_name. " ( se_id, se_value, se_expires ) VALUES( :se_id, :se_val, UNIX_TIMESTAMP( UTC_TIMESTAMP()) )";
- $statement = $this->db->prepare( $sql );
- $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
- $statement->bindValue( ":se_val", $se_val, PDO::PARAM_STR );
- $statement->execute();
- }
- }
- catch( PDOException $error ){ die( "Unable to insert or update database" ); }
- }
- public function destroy( $se_id ){
- $sql = "DELETE FROM ". $this->_table_name. " WHERE se_id = :se_id";
- try{
- $statement = $this->db->prepare( $sql );
- $statement->bindValue( ":se_id", $se_id, PDO::PARAM_STR );
- $control_var= $statement->execute();
- }
- catch( PDOException $error ){ die( "Unable to destroy data in database" ); }
- $this->gc( $this->maxlifetime );
- return ( $control_var );
- }
- public function gc( $maxlifetime ){
- $sql = "DELETE FROM ". $this->_table_name. " WHERE UNIX_TIMESTAMP( UTC_TIMESTAMP() ) - se_expires > :maxlifetime";
- try{
- $statement = $this->db->prepare( $sql );
- $statement->bindValue( ":maxlifetime", $this->maxlifetime, PDO::PARAM_INT );
- $control_var = $statement->execute();
- }
- catch( PDOException $error ){ die( "Unable to select from database_" ); }
- return ( $control_var );
- }
- public function regenerateId( ){
- $this->gc( $this->maxlifetime );
- $old_sessid = $this->se_id;
- session_regenerate_id( TRUE );
- $new_sessid = session_id();
- $sql = "UPDATE ". $this->_table_name. " SET se_id = :new_sessid WHERE se_id = :old_sessid";
- try{
- $statement = $this->db->prepare( $sql );
- $statement->bindValue( ":new_sessid", $new_sessid, PDO::PARAM_STR );
- $statement->bindValue( ":old_sessid", $old_sessid, PDO::PARAM_STR );
- $control_var = $statement->execute();
- $this->se_id = $new_sessid;
- $this->se_id_old = $old_sessid;
- }
- catch( PDOException $error ){ die( "Unable to select from database_REGID" ); }
- return $new_sessid;
- }
- //---------------------------------------------------------------------------------------------------
- public function destroySession(){
- if( ini_get( "session.use_cookies" ) ){
- $params = session_get_cookie_params();
- setcookie( $this->sessionName, '',
- time() - 42000,
- $params["path"],
- $params["domain"],
- $params["secure"],
- $params["httponly"]
- );
- }
- $_SESSION[ $this->sessionName ] = array();
- unset( $_SESSION[ $this->sessionName ] );
- session_unset( $this->sessionName );
- session_destroy();
- }
- public function generateSessionName( $brojZnakova ){
- return substr( $this->generateId(), 0, $brojZnakova );
- }
- //---------------------------------------------------------------------------------------------------
- public function generateId(){ //private
- $salt = 'x7^!bo3p,.$$!$6[&Q.#,//@i"%[X';
- $random_number = mt_rand( 0, mt_getrandmax() );
- $ip_address_fragment = md5( substr( $_SERVER['REMOTE_ADDR'], 0, 5 ) );
- $timestamp = md5( microtime( TRUE ).time() );
- $hash_data = $random_number . $ip_address_fragment . $salt . $timestamp;
- $hash = hash( 'sha256', $hash_data ); //'sha256', 'haval160,4', 'md5'
- return trim( $hash );
- }
- }
- $newSession = new MYSession();
- $newSession->setParams();
- $newSession->startSession( 'newSession' );
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement