forked from FoolCode/FoOlSlide
-
Notifications
You must be signed in to change notification settings - Fork 5
/
MY_Session.php
138 lines (112 loc) · 3.71 KB
/
MY_Session.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<?php
if (!defined('BASEPATH'))
exit('No direct script access allowed');
/**
* CodeIgniter My Session - To allow for Flash & AJAX
*
* @package CodeIgniter
* @subpackage Libraries
* @author Robin Willmott @ Coffee Bean Design
*/
class MY_Session extends CI_Session {
var $js_session;
/**
* Return either the session name or data
*
* @access public
* @return string
*/
function get_js_session($name = FALSE) {
if ($name)
return ($this->sess_cookie_name);
$session = ( $this->js_session != '' ) ? $this->js_session : $this->CI->input->cookie($this->sess_cookie_name);
return base64_encode($session);
}
/**
* Fetch the current session data if it exists
*
* @access public
* @return bool
*/
function sess_read() {
// Get encoded session data from $_POST
$session = $this->CI->input->post('ci_sessionz');
if ($session !== FALSE) {
$this->js_session = $session = base64_decode($session);
} else {
// Fetch the cookie
$this->js_session = $session = $this->CI->input->cookie($this->sess_cookie_name);
}
// No cookie? Goodbye cruel world!...
if ($session === FALSE) {
log_message('error', 'A session cookie was not found.');
return FALSE;
}
// Decrypt the cookie data
if ($this->sess_encrypt_cookie == TRUE) {
$session = $this->CI->encrypt->decode($session);
} else {
// encryption was not used, so we need to check the md5 hash
$hash = substr($session, strlen($session) - 32); // get last 32 chars
$session = substr($session, 0, strlen($session) - 32);
// Does the md5 hash match? This is to prevent manipulation of session data in userspace
if ($hash !== md5($session . $this->encryption_key)) {
log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
$this->sess_destroy();
return FALSE;
}
}
// Unserialize the session array
$session = $this->_unserialize($session);
// Is the session data we unserialized an array with the correct format?
if (!is_array($session) OR !isset($session['session_id']) OR !isset($session['ip_address']) OR !isset($session['user_agent']) OR !isset($session['last_activity'])) {
$this->sess_destroy();
return FALSE;
}
// Is the session current?
if (($session['last_activity'] + $this->sess_expiration) < $this->now) {
$this->sess_destroy();
return FALSE;
}
// Does the IP Match?
if ($this->sess_match_ip == TRUE AND $session['ip_address'] != $this->CI->input->ip_address()) {
$this->sess_destroy();
return FALSE;
}
// Does the User Agent Match?
if ($this->sess_match_useragent == TRUE AND trim($session['user_agent']) != trim(substr($this->CI->input->user_agent(), 0, 50))) {
$this->sess_destroy();
return FALSE;
}
// Is there a corresponding session in the DB?
if ($this->sess_use_database === TRUE) {
$this->CI->db->where('session_id', $session['session_id']);
if ($this->sess_match_ip == TRUE) {
$this->CI->db->where('ip_address', $session['ip_address']);
}
if ($this->sess_match_useragent == TRUE) {
$this->CI->db->where('user_agent', $session['user_agent']);
}
$query = $this->CI->db->get($this->sess_table_name);
// No result? Kill it!
if ($query->num_rows() == 0) {
$this->sess_destroy();
return FALSE;
}
// Is there custom data? If so, add it to the main session array
$row = $query->row();
if (isset($row->user_data) AND $row->user_data != '') {
$custom_data = $this->_unserialize($row->user_data);
if (is_array($custom_data)) {
foreach ($custom_data as $key => $val) {
$session[$key] = $val;
}
}
}
}
// Session is valid!
$this->userdata = $session;
unset($session);
return TRUE;
}
}