Permalink
Browse files

Initial GitHub release

  • Loading branch information...
stefangabos committed Aug 3, 2013
0 parents commit ac976ce75d9986a10a159c80f07326786fcf01e0
Showing with 1,159 additions and 0 deletions.
  1. +60 −0 README.md
  2. +822 −0 Zebra_Session.php
  3. +1 −0 changelog.txt
  4. +23 −0 composer.json
  5. +1 −0 documentation.txt
  6. +54 −0 examples/example.php
  7. +8 −0 examples/index.html
  8. +8 −0 index.html
  9. +8 −0 install/index.html
  10. +1 −0 install/install.txt
  11. +7 −0 install/session_data.sql
  12. +165 −0 license.txt
  13. +1 −0 readme.txt
@@ -0,0 +1,60 @@
+##Zebra_Session
+
+####A drop-in replacement for PHP's default session handler which stores session data in a MySQL database, providing both better performance and better security and protection against session fixation and session hijacking.
+
+Zebra_Session implements *session locking* - a way to ensure that data is correctly handled in a scenario with multiple concurrent AJAX requests.
+
+It is also a solution for applications that are scaled across multiple web servers (using a load balancer or a round-robin DNS) and where the user's session data needs to be available. Storing sessions in a database makes them available to all of the servers!
+
+The library supports "flashdata" - session variable which will only be available for the next server request, and which will be automatically deleted afterwards. Typically used for informational or status messages (for example: "data has been successfully update").
+
+Zebra_Session is was inspired by John Herren's code from the [Trick out your session handler](http://devzone.zend.com/413/trick-out-your-session-handler/) article and [Chris Shiflett](http://shiflett.org/articles/the-truth-about-sessions)'s articles about PHP sessions.
+
+The code is heavily commented and generates no warnings/errors/notices when PHP's error reporting level is set to E_ALL.
+
+##Features
+
+- acts as a wrapper for PHP’s default session handling functions, but instead of storing session data in flat files it stores them in a MySQL database, providing better security and better performance
+
+- it is a drop-in and seamingless replacement for PHP’s default session handler: PHP sessions will be used in the same way as prior to using the library; you don’t need to change any existing code!
+
+- implements *row locks*, ensuring that data is correctly handled in scenarios with multiple concurrent AJAX requests
+
+- because session data is stored in a database, the library represents a solution for applications that are scaled across multiple web servers (using a load balancer or a round-robin DNS)
+
+- has comprehensive documentation
+
+- the code is heavily commented and generates no warnings/errors/notices when PHP’s error reporting level is set to E_ALL
+
+## Requirements
+
+PHP 5+ with the **mysqli extension** activated, MySQL 4.1.22+
+
+## How to use
+
+Download the latest version, unpack it, and put it in a place accessible to your scripts. After unpacking, you will notice a directory called *install* containing a file named *session_data.sql*. This file contains the SQL code that will create a table that is used by the class to store session data. Import or execute the SQL code using your preferred MySQL manager (like phpMyAdmin or the fantastic Adminer) into a database of your choice.
+
+*Note that this class assumes that there is an active connection to a MySQL database and it does not attempt to create one! If you really need the class to make a database connection, put the code in the "open" method of the class.*
+
+```php
+<?php
+
+ // first, connect to a database containing the sessions table
+
+ // include the Zebra_Session class
+ include 'path/to/Zebra_Session.php';
+
+ // instantiate the class
+ // this also calls session_start()
+ $session = new Zebra_Session;
+
+ // from now on, use sessions as you would normally
+ // this is why it is called a "drop-in replacement" :)
+ $_SESSION['foo'] = 'bar';
+
+ // data is in the database!
+
+?>
+```
+
+Visit the **[project's homepage](http://stefangabos.ro/php-libraries/zebra-session/)** for more information.

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -0,0 +1 @@
+See http://stefangabos.ro/php-libraries/zebra-session/#changelog
@@ -0,0 +1,23 @@
+{
+ "name": "stefangabos/zebra_session",
+ "type": "library",
+ "description": "A PHP library acting as a wrapper for PHP's default session handling functions which stores data in a MySQL database, providing both better performance and better security and protection against session fixation and session hijacking.",
+ "keywords": ["session", "locking", "flash", "flashdata", "fixation", "hijack", "mysqli", "mysql", "database"],
+ "homepage": "http://stefangabos.ro/php-libraries/zebra-session/",
+ "license": "LGPL-3.0",
+ "authors": [
+ {
+ "name": "Stefan Gabos",
+ "email": "contact@stefangabos.ro",
+ "homepage": "http://stefangabos.ro/",
+ "role": "Developer"
+ }
+ ],
+ "require": {
+ "php": ">=5.0.0"
+ },
+ "version": "2.1.0",
+ "autoload": {
+ "psr-0": { "Zebra_Session": "" }
+ }
+}
@@ -0,0 +1 @@
+See http://stefangabos.ro/php-libraries/zebra-session/#documentation
@@ -0,0 +1,54 @@
+<?php
+
+ // first create the required MySQL table that is used by this class
+ // you can do that by running in MySQL the 'session_data.sql' file
+ // from the 'install' folder!
+
+ // change the values to match the setting of your MySQL database
+ $host = '';
+ $username = '';
+ $password = '';
+
+ // this is the name of the database where you created the table used by this class
+ $database = 'salesreport';
+
+ // try to connect to the MySQL server
+ $link = mysqli_connect($host, $username, $password, $database) or die('Could not connect to database!');
+
+ // include the Zebra_Session class
+ require '../Zebra_Session.php';
+
+ // instantiate the class
+ // note that you don't need to call the session_start() function
+ // as it is called automatically when the object is instantiated
+ // also note that we're passing the database connection link as the first argument
+ $session = new Zebra_Session($link, 'sEcUr1tY_c0dE');
+
+ // current session settings
+ print_r('<pre><strong>Current session settings:</strong><br><br>');
+ print_r($session->get_settings());
+ print_r('</pre>');
+
+ // from now on, use sessions as you would normally
+ // the only difference is that session data is no longer saved on the server
+ // but in your database
+
+ print_r('
+ The first time you run the script there should be an empty array (as there\'s nothing in the $_SESSION array)<br>
+ After you press "refresh" on your browser, you will se the values that were written in the $_SESSION array<br>
+ ');
+
+ print_r('<pre>');
+ print_r($_SESSION);
+ print_r('</pre>');
+
+ // add some values to the session
+ $_SESSION['value1'] = 'hello';
+ $_SESSION['value2'] = 'world';
+
+ // now check the table and see that there is data in it!
+
+ // to completely delete a session un-comment the following line
+ //$session->stop();
+
+?>
@@ -0,0 +1,8 @@
+<html>
+<head>
+ <title>403 Forbidden</title>
+</head>
+<body>
+ <p>Directory access is forbidden.</p>
+</body>
+</html>
@@ -0,0 +1,8 @@
+<html>
+<head>
+ <title>403 Forbidden</title>
+</head>
+<body>
+ <p>Directory access is forbidden.</p>
+</body>
+</html>
@@ -0,0 +1,8 @@
+<html>
+<head>
+ <title>403 Forbidden</title>
+</head>
+<body>
+ <p>Directory access is forbidden.</p>
+</body>
+</html>
@@ -0,0 +1 @@
+See http://stefangabos.ro/php-libraries/zebra-session/#installation
@@ -0,0 +1,7 @@
+CREATE TABLE `session_data` (
+ `session_id` varchar(32) NOT NULL default '',
+ `hash` varchar(32) NOT NULL default '',
+ `session_data` blob NOT NULL,
+ `session_expire` int(11) NOT NULL default '0',
+ PRIMARY KEY (`session_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
@@ -0,0 +1,165 @@
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+ This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+ 0. Additional Definitions.
+
+ As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+ "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+ An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+ A "Combined Work" is a work produced by combining or linking an
+Application with the Library. The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+ The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+ The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+ 1. Exception to Section 3 of the GNU GPL.
+
+ You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+ 2. Conveying Modified Versions.
+
+ If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+ a) under this License, provided that you make a good faith effort to
+ ensure that, in the event an Application does not supply the
+ function or data, the facility still operates, and performs
+ whatever part of its purpose remains meaningful, or
+
+ b) under the GNU GPL, with none of the additional permissions of
+ this License applicable to that copy.
+
+ 3. Object Code Incorporating Material from Library Header Files.
+
+ The object code form of an Application may incorporate material from
+a header file that is part of the Library. You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+ a) Give prominent notice with each copy of the object code that the
+ Library is used in it and that the Library and its use are
+ covered by this License.
+
+ b) Accompany the object code with a copy of the GNU GPL and this license
+ document.
+
+ 4. Combined Works.
+
+ You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+ a) Give prominent notice with each copy of the Combined Work that
+ the Library is used in it and that the Library and its use are
+ covered by this License.
+
+ b) Accompany the Combined Work with a copy of the GNU GPL and this license
+ document.
+
+ c) For a Combined Work that displays copyright notices during
+ execution, include the copyright notice for the Library among
+ these notices, as well as a reference directing the user to the
+ copies of the GNU GPL and this license document.
+
+ d) Do one of the following:
+
+ 0) Convey the Minimal Corresponding Source under the terms of this
+ License, and the Corresponding Application Code in a form
+ suitable for, and under terms that permit, the user to
+ recombine or relink the Application with a modified version of
+ the Linked Version to produce a modified Combined Work, in the
+ manner specified by section 6 of the GNU GPL for conveying
+ Corresponding Source.
+
+ 1) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (a) uses at run time
+ a copy of the Library already present on the user's computer
+ system, and (b) will operate properly with a modified version
+ of the Library that is interface-compatible with the Linked
+ Version.
+
+ e) Provide Installation Information, but only if you would otherwise
+ be required to provide such information under section 6 of the
+ GNU GPL, and only to the extent that such information is
+ necessary to install and execute a modified version of the
+ Combined Work produced by recombining or relinking the
+ Application with a modified version of the Linked Version. (If
+ you use option 4d0, the Installation Information must accompany
+ the Minimal Corresponding Source and Corresponding Application
+ Code. If you use option 4d1, you must provide the Installation
+ Information in the manner specified by section 6 of the GNU GPL
+ for conveying Corresponding Source.)
+
+ 5. Combined Libraries.
+
+ You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+ a) Accompany the combined library with a copy of the same work based
+ on the Library, uncombined with any other library facilities,
+ conveyed under the terms of this License.
+
+ b) Give prominent notice with the combined library that part of it
+ is a work based on the Library, and explaining where to find the
+ accompanying uncombined form of the same work.
+
+ 6. Revised Versions of the GNU Lesser General Public License.
+
+ The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+ If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.
@@ -0,0 +1 @@
+See http://stefangabos.ro/php-libraries/zebra-session/

0 comments on commit ac976ce

Please sign in to comment.