Your IP : 216.73.217.6
<?php
/**
* User: zaven
* Date: 6/3/14
* Time: 1:07 PM
* Project: register
**/
class DBSessionHandler implements SessionHandlerInterface
{
protected static $session = null;
public static function get()
{
if (self::$session == null)
self::$session = new DBSessionHandler();
return self::$session;
}
public function __construct()
{
$this->table_name = '#__session';
$this->securityCode = 'qwerty_uiop';
$this->session_lifetime = ini_get('session.gc_maxlifetime');;
session_set_save_handler(array($this, 'open'),
array($this, 'close'),
array($this, 'read'),
array($this, 'write'),
array($this, 'destroy'),
array($this, 'gc')
);
session_start();
ob_start();
self::$session = $this;
}
/**
* PHP >= 5.4.0<br/>
* Close the session
* @link http://php.net/manual/en/sessionhandlerinterafce.close.php
* @return bool <p>
* The return value (usually TRUE on success, FALSE on failure).
* Note this value is returned internally to PHP for processing.
* </p>
*/
public function close()
{
return true;
}
/**
* PHP >= 5.4.0<br/>
* Destroy a session
* @link http://php.net/manual/en/sessionhandlerinterafce.destroy.php
* @param int $session_id The session ID being destroyed.
* @return bool <p>
* The return value (usually TRUE on success, FALSE on failure).
* Note this value is returned internally to PHP for processing.
* </p>
*/
public function destroy($session_id)
{
$result = db_query('DELETE FROM ' . $this->table_name . ' WHERE session_id = "' . db_real_escape_string($session_id) . '"') or die(db_error());
if (db_affected_rows() !== -1) {
return true;
}
return false;
}
/**
* PHP >= 5.4.0<br/>
* Cleanup old sessions
* @link http://php.net/manual/en/sessionhandlerinterafce.gc.php
* @param int $maxlifetime <p>
* Sessions that have not updated for
* the last maxlifetime seconds will be removed.
* </p>
* @return bool <p>
* The return value (usually TRUE on success, FALSE on failure).
* Note this value is returned internally to PHP for processing.
* </p>
*/
public function gc($maxlifetime)
{
$result = db_query('DELETE FROM ' . $this->table_name . ' WHERE session_expire < "' . db_real_escape_string(time() - $maxlifetime) . '"') or die(db_error());
return true;
}
/**
* PHP >= 5.4.0<br/>
* Initialize session
* @link http://php.net/manual/en/sessionhandlerinterafce.open.php
* @param string $save_path The path where to store/retrieve the session.
* @param string $session_id The session id.
* @return bool <p>
* The return value (usually TRUE on success, FALSE on failure).
* Note this value is returned internally to PHP for processing.
* </p>
*/
public function open($save_path, $session_id)
{
return true;
}
/**
* PHP >= 5.4.0<br/>
* Read session data
* @link http://php.net/manual/en/sessionhandlerinterafce.read.php
* @param string $session_id The session id to read data for.
* @return string <p>
* Returns an encoded string of the read data.
* If nothing was read, it must return an empty string.
* Note this value is returned internally to PHP for processing.
* </p>
*/
public function read($session_id)
{
$sql = 'DELETE FROM ' . $this->table_name . ' WHERE session_expire <= "' . time() . '"';
$result = db_query($sql) or die(db_error());
$sql = 'SELECT session_data FROM ' . $this->table_name . ' WHERE session_id = "' . db_real_escape_string($session_id) . '"' .
' AND session_expire > "' . time() . '"' .
' AND http_user_agent = "' . db_real_escape_string(md5((isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '') . $this->securityCode)) . '"' .
' LIMIT 1';
$result = db_query($sql) or die(db_error());
// if anything was found
if ($result !== false && db_num_rows($result) > 0) {
// return found data
$fields = db_fetch_assoc($result);
// don't bother with the unserialization - PHP handles this automatically
return $fields['session_data'];
}
// on error return an empty string - this HAS to be an empty string
return '';
}
/**
* PHP >= 5.4.0<br/>
* Write session data
* @link http://php.net/manual/en/sessionhandlerinterafce.write.php
* @param string $session_id The session id.
* @param string $session_data <p>
* The encoded session data. This data is the
* result of the PHP internally encoding
* the $_SESSION superglobal to a serialized
* string and passing it as this parameter.
* Please note sessions use an alternative serialization method.
* </p>
* @return bool <p>
* The return value (usually TRUE on success, FALSE on failure).
* Note this value is returned internally to PHP for processing.
* </p>
*/
public function write($session_id, $session_data)
{
$userId = 0;
$userType = 0;
foreach ($_SESSION as $key => $value) {
if (isset($value['USER_ID']) && isset($value['USER_TYPE'])) {
$userId = $value['USER_ID'];
$userType = $value['USER_TYPE'];
}
}
$sql = 'INSERT INTO ' . $this->table_name . ' (session_id, http_user_agent, session_data, session_expire, user_id, user_type) VALUES ( ' .
'"' . db_real_escape_string($session_id) . '"' .
', "' . db_real_escape_string(md5((isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '') . $this->securityCode)) . '"' .
', "' . db_real_escape_string($session_data) . '"' .
', "' . db_real_escape_string(time() + $this->session_lifetime) . '"' .
', "' . db_real_escape_string($userId) . '"' .
', "' . db_real_escape_string($userType) . '"' .
')' .
'ON DUPLICATE KEY UPDATE session_data = "' . db_real_escape_string($session_data) . '", '.
'session_expire = "' . db_real_escape_string(time() + $this->session_lifetime) . '"' .
', user_id="' . db_real_escape_string($userId) . '"' .
', user_type="' . db_real_escape_string($userType) . '"';
$result = db_query($sql) or die(db_error());
// if anything happened
if ($result) {
// note that after this type of queries, mysql_affected_rows() returns
// - 1 if the row was inserted
// - 2 if the row was updated
// if the row was updated
if (db_affected_rows() > 1) {
// return TRUE
return true;
// if the row was inserted
} else {
// return an empty string
return true;
}
}
// if something went wrong, return false
return false;
}
public function getActiveSessionCount()
{
$sql = 'SELECT count(session_id) as activeSessionCount FROM ' . $this->table_name . ' WHERE session_expire > "' . time() . '"';
$result = db_query($sql) or die(db_error());
// if anything was found
if ($result !== false && db_num_rows($result) > 0) {
// return found data
$count = db_result($result, 0);
// don't bother with the unserialization - PHP handles this automatically
return $count;
}
// on error return an empty string - this HAS to be an empty string
return 0;
}
}