<?php
/**
* @version 1.0
* @author Przemek Czekaj
* @licenses GNU Affero General Public License version 3.0
*
* secureSession class, based on SecureSession class by Vagharshak Tozalakyan
* Copyright (C) 2009 Przemek Czekaj <xcojack@gmail.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
class secureSession
{
// We'll save config in the db
private $db_config = true;
// Include browser name in fingerprint?
private $check_browser = true;
// How many numbers from IP use in fingerprint?
private $check_ip_blocks = 2;
// Control word - any word you want.
private $secure_word = 'GzuH3sLaURRCsuCd';
// Regenerate session ID to prevent fixation attacks?
private $regenerate_id = true;
// Adding user id to fingerprint.
public $user_id = '';
// Check auto start session, we have to.
private $session_auto_start;
// Session time out in seconds.
private $session_timeout = 1800;
// Session life time
private $session_lifetime = 86400;
// Session name, remember the session name can't consist of digits only, at least one letter must be present. Otherwise a new session id is generated every time.
private $sessionName = 'Testing';
// Handle of database connection, we use PDO for connect, executing queries etc.
private $db_handle;
public function __construct($dbhandle)
{
// Set handle for database connect
$this->db_handle = $dbhandle;
// Auto call to set variables from db when we want to save config in the db
if($this->db_config)
$this->getParams();
$this->session_auto_start = ini_get('session.auto_start'); // We have to check, the auto start session, if is we have to close session, becouse session_set_save_handler must be executed first than session_start();
if($this->session_auto_start == 'On')
// Session handling mechanism
(
array(&$this, '_session_open_method'), array(&$this, '_session_close_method'), array(&$this, '_session_read_method'), array(&$this, '_session_write_method'), array(&$this, '_session_destroy_method'), array(&$this, '_session_gc_method') );
// Set life time of session cookie$this->db_handle = $dbhandle;
// Set session name
// Start session
}
private function getParams()
{
$config = $this->db_handle->prepare("SELECT * FROM session_config");
$config->execute();
if($config)
throw new Exception ("Error with geting data from table session_config.");
else
{
$config->fetchObject();
$this->setSessionName($config->sessionName);
$this->setCheckBrowser($config->check_browser);
$this->setCheckIpBlocks($config->check_ip_blocks);
$this->setSecureWord($config->secure_word);
$this->setRegenerateId($config->regenerate_id);
}
// Set session name, alphabetic
private function setSessionName($sn)
{
$this->sessionName = $sn;
}
// Set browser checking in fingerprint, boolean true or false
public function setCheckBrowser($bw)
{
$this->check_browser = $bw;
}
// Set how many ip block will be checked, int max 4
public function setCheckIpBlocks($cib)
{
$this->check_ip_blocks = $cib;
}
// Set secure word for fingerprint
public function setSecureWord($sw)
{
$this->secure_word = $sw;
}
// Set regenerate id, boolean true or false
public function setRegenerateId($ri)
{
$this->regenerate_id = $ri;
}
// Call this when init session.
public function open()
{
$_SESSION['ss_fprint'] = $this->setFingerprint();
$this->regenerateId();
$this->setCookie();
}
private function _session_open_method($save_path, $session_name)
{
return(true);
}
// Let php to read the session from db!
private function _session_read_method($id)
{
}
private function _session_close_method()
{
return(true);
}
private function _session_gc_method($maxlifetime)
{
return(true);
}
private function _session_destroy_method($id)
{
$delete = $this->db_handle->prepare("DELETE FROM session WHERE session_fprint = :ss_fprint");
$delete->bindParam(':ss_fprint', $_SESSION['ss_fprint']);
$delete->execute()
if(!$delete)
throw new Exception ("There is an error corupted in query to delete session from db");
else
{
}
}
// Call this to check session.
public function checkSession($db_session)
{
$this->regenerateId();
if(isset($_SESSION['ss_fprint']) && ($this->setFingerprint() == $_SESSION['ss_fprint'] == $db_session)) return(true);
else
$this->_session_destroy_method();
}
{
setcookie('session_id',$_SESSION['ss_fprint'],(time()+$this->session_timeout)); }
// Internal function. Returns MD5 from fingerprint.
final private function setFingerprint()
{
$fingerprint = $this->secure_word;
if ($this->check_browser) {
$fingerprint .= $_SERVER['HTTP_USER_AGENT'];
}
if ($this->check_ip_blocks) {
$num_blocks = abs(intval($this->check_ip_blocks)); if ($num_blocks > 4) {
$nxum_blocks = 4;
}
$blocks = explode('.', $_SERVER['REMOTE_ADDR']); for ($i = 0; $i < $num_blocks; $i++) {
$fingerprint .= $blocks[$i] . '.';
}
$fingerprint .= $this->user_id;
}
return md5($fingerprint); }
// Internal function. Regenerates session ID if possible.
final private function regenerateId()
{
if ($this->regenerate_id && function_exists('session_regenerate_id')) {
} else {
}
}
}
}
?>
ja bede dolaczal kod do 1 posta, czyli tego. No to jedziemy.