Home Explore Help
Sign In
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
php-8.1.12
/
ext
/
session
/
tests
/
save_handler.inc

save_handler.inc 6.5 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194 
  1. <?php
    2. 

  2. 

  3. DEFINE("SESSION_FILE_PREFIX" ,"session_test_");
    4. 

  4. 

  5. /*
    6. 

  6.  * == General Return Value Rule ==
    7. 

  7.  *
    8. 

  8.  * Returning FALSE indicates FATAL error.
    9. 

  9.  * Exceptions are: gc(), validate_sid()
    10. 

  10.  *
    11. 

  11.  * == Session Data Lock ==
    12. 

  12.  *
    13. 

  13.  * Session data lock is mandatory. Lock must be exclusive. i.e. Block read also.
    14. 

  14.  *
    15. 

  15.  * == Collision Detection ==
    16. 

  16.  *
    17. 

  17.  * Collision detection is mandatory to reject attacker initialized session ID.
    18. 

  18.  * Coolision detection is absolute requirement for secure session.
    19. 

  19.  */
    20. 

  20. 

  21. 

  22. /* Open session data database */
    23. 

  23. function open($save_path, $session_name) {
    24. 

  24.     // string $save_path - Directory path, connection strings, etc. Default: session.save_path
    25. 

  25.     // string $session_name - Session ID cookie name. Default: session.name
    26. 

  26. 

  27.     global $session_save_path, $name;
    28. 

  28.     $session_save_path = $save_path;
    29. 

  29.     $name = $session_name;
    30. 

  30.     echo "Open [${session_save_path},${session_name}]\n";
    31. 

  31. 

  32.     // MUST return bool. Return TRUE for success.
    33. 

  33.     return true;
    34. 

  34. }
    35. 

  35. 

  36. /* Close session data database */
    37. 

  37. function close() {
    38. 

  38.     // void parameter
    39. 

  39.     // NOTE: This function should unlock session data, if write() does not unlock it.
    40. 

  40. 

  41.     global $session_save_path, $name;
    42. 

  42.     echo "Close [${session_save_path},${name}]\n";
    43. 

  43. 

  44.     // MUST return bool. Return TRUE for success.
    45. 

  45.     return true;
    46. 

  46. }
    47. 

  47. 

  48. /* Read session data */
    49. 

  49. function read($id) {
    50. 

  50.     // string $id - Session ID string
    51. 

  51.     // NOTE: All production session save handler MUST implement "exclusive" lock.
    52. 

  52.     //       e.g. Use "serializable transaction isolation level" with RDBMS.
    53. 

  53.     //       read() would be the best place for locking for most save handlers.
    54. 

  54. 

  55.     global $session_save_path, $name, $session_id;
    56. 

  56.     $session_id = $id;
    57. 

  57.     echo "Read [${session_save_path},${id}]\n";
    58. 

  58.     $session_file = "$session_save_path/".SESSION_FILE_PREFIX.$id;
    59. 

  59.     // read MUST create file. Otherwise, strict mode will not work
    60. 

  60.     touch($session_file);
    61. 

  61. 

  62.     // MUST return STRING for successful read().
    63. 

  63.     // Return FALSE only when there is error. i.e. Do not return FALSE
    64. 

  64.     // for non-existing session data for the $id.
    65. 

  65.     return (string) @file_get_contents($session_file);
    66. 

  66. }
    67. 

  67. 

  68. /* Write session data */
    69. 

  69. function write($id, $session_data) {
    70. 

  70.     // string $id - Session ID string
    71. 

  71.     // string $session_data - Session data string serialized by session serializer.
    72. 

  72.     // NOTE: This function may unlock session data locked by read(). If write() is
    73. 

  73.     //       is not suitable place your handler to unlock. Unlock data at close().
    74. 

  74. 

  75.     global $session_save_path, $name, $session_id;
    76. 

  76.     $session_id = $id;
    77. 

  77.     echo "Write [${session_save_path},${id},${session_data}]\n";
    78. 

  78.     $session_file = "$session_save_path/".SESSION_FILE_PREFIX.$id;
    79. 

  79.     if ($fp = fopen($session_file, "w")) {
    80. 

  80.         $return = fwrite($fp, $session_data);
    81. 

  81.         fclose($fp);
    82. 

  82.         return $return === FALSE ? FALSE : TRUE;
    83. 

  83.     }
    84. 

  84. 

  85.     // MUST return bool. Return TRUE for success.
    86. 

  86.     return false;
    87. 

  87. }
    88. 

  88. 

  89. /* Remove specified session */
    90. 

  90. function destroy($id) {
    91. 

  91.     // string $id - Session ID string
    92. 

  92. 

  93.     global $session_save_path, $name;
    94. 

  94.     echo "Destroy [${session_save_path},${id}]\n";
    95. 

  95.     $session_file = "$session_save_path/".SESSION_FILE_PREFIX.$id;
    96. 

  96.     unlink($session_file);
    97. 

  97. 

  98.     // MUST return bool. Return TRUE for success.
    99. 

  99.     // Return FALSE only when there is error. i.e. Do not return FALSE
    100. 

  100.     // for non-existing session data for the $id.
    101. 

  101.     return true;
    102. 

  102. }
    103. 

  103. 

  104. /* Perform garbage collection */
    105. 

  105. function gc($maxlifetime) {
    106. 

  106.     // long $maxlifetime - GC TTL in seconds. Default: session.gc_maxlifetime
    107. 

  107. 

  108.     global $session_save_path, $name;
    109. 

  109.     $gc_cnt = 0;
    110. 

  110.     $directory = opendir($session_save_path."/");
    111. 

  111.     $length = strlen(SESSION_FILE_PREFIX);
    112. 

  112.     while (($file = readdir($directory)) !== FALSE) {
    113. 

  113.         $qualified = ($session_save_path."/".$file);
    114. 

  114.         if (is_file($qualified) === TRUE) {
    115. 

  115.             if (substr($file, 0, $length) === SESSION_FILE_PREFIX && (filemtime($qualified) + $maxlifetime <= time() )) {
    116. 

  116.                 unlink($qualified);
    117. 

  117.                 $gc_cnt++;
    118. 

  118.             }
    119. 

  119.         }
    120. 

  120.     }
    121. 

  121.     closedir($directory);
    122. 

  122. 

  123.     // SHOULD return long (number of deleted sessions).
    124. 

  124.     // Returning TRUE works also, but it will not report correct number of deleted sessions.
    125. 

  125.     // Return negative value for error. FALSE does not work because it's the same as 0.
    126. 

  126.     return $gc_cnt;
    127. 

  127. }
    128. 

  128. 

  129. /* Create new secure session ID */
    130. 

  130. function create_sid() {
    131. 

  131.     // void parameter
    132. 

  132.     // NOTE: Defining create_sid() is mandatory because validate_sid() is mandatory for
    133. 

  133.     //       security reasons for production save handler.
    134. 

  134.     //       PHP 7.1 has session_create_id() for secure session ID generation. Older PHPs
    135. 

  135.     //       must generate secure session ID by yourself.
    136. 

  136.     //       e.g. hash('sha2', random_bytes(64)) or use /dev/urandom
    137. 

  137. 

  138.     $id = ('PHPT-'.time());
    139. 

  139.     echo "CreateID [${id}]\n";
    140. 

  140. 

  141.     // MUST return session ID string.
    142. 

  142.     // Return FALSE for error.
    143. 

  143.     return $id;
    144. 

  144. }
    145. 

  145. 

  146. /* Check session ID collision */
    147. 

  147. function validate_sid($id) {
    148. 

  148.     // string $id - Session ID string
    149. 

  149. 

  150.     global $session_save_path, $name;
    151. 

  151.     echo "ValidateID [${session_save_path},${id}]\n";
    152. 

  152.     $session_file = "$session_save_path/".SESSION_FILE_PREFIX.$id;
    153. 

  153.     $ret = file_exists($session_file);
    154. 

  154. 

  155.     // MUST return bool. Return TRUE for collision.
    156. 

  156.     // NOTE: This handler is mandatory for session security.
    157. 

  157.     //       All save handlers MUST implement this handler.
    158. 

  158.     //       Check session ID collision, return TRUE when it collides.
    159. 

  159.     //       Otherwise, return FALSE.
    160. 

  160.     return $ret;
    161. 

  161. }
    162. 

  162. 

  163. /* Update session data access time stamp WITHOUT writing $session_data */
    164. 

  164. function update($id, $session_data) {
    165. 

  165.     // string $id - Session ID string
    166. 

  166.     // string $session_data - Session data serialized by session serializer
    167. 

  167.     // NOTE: This handler is optional. If your session database cannot
    168. 

  168.     //       support time stamp updating, you must not define this.
    169. 

  169. 

  170.     global $session_save_path, $name;
    171. 

  171.     echo "Update [${session_save_path},${id}]\n";
    172. 

  172.     $session_file = "$session_save_path/".SESSION_FILE_PREFIX.$id;
    173. 

  173.     $ret = touch($session_file);
    174. 

  174. 

  175.     // MUST return bool. Return TRUE for success.
    176. 

  176.     return $ret;
    177. 

  177. }
    178. 

  178. 

  179. 

  180. function feature() {
    181. 

  181.     /* NOT IMPLEMENTED YET */
    182. 

  182.     /* TYPES: gc, create_sid, use_strict_mode, minimzie_lock, lazy_write
    183. 

  183.     /* VALUES: 0=unknown, 1=supported, 2=partially supported, 3=unsupported */
    184. 

  184.     return array('gc'=>0,
    185. 

  185.                  'create_sid'=>1,
    186. 

  186.                  'use_strict_mode'=>2,
    187. 

  187.                  'minimize_lock'=>3,
    188. 

  188.                  'lazy_write'=>4,
    189. 

  189.                  'invalid'=>5,
    190. 

  190.                  'another invalid'=>6
    191. 

  191.                  );
    192. 

  192. }
    193. 

  193. 

  194. ?>
    195.