gnu-social/lib/internalsessionhandler.php

226 lines
6.9 KiB
PHP

<?php
// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
/**
* GNU social's implementation of SessionHandler
*
* @package GNUsocial
* @author Evan Prodromou
* @author Brion Vibber
* @author Mikael Nordfeldth
* @author Sorokin Alexei
* @author Diogo Cordeiro <diogo@fc.up.pt>
* @copyright 2019 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
defined('GNUSOCIAL') || die();
/**
* Superclass representing the associated interfaces of session handling.
*
* @copyright 2019 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
class InternalSessionHandler implements SessionHandlerInterface
{
/**
* A helper function to print a session-related message to the debug log if
* the site session debug configuration option is enabled.
* @param $msg
* @return void
*/
public static function logdeb($msg)
{
if (common_config('sessions', 'debug')) {
common_debug("Session: " . $msg);
}
}
/**
* Dummy option for saving to file needed for full PHP adherence.
*
* @param $save_path
* @param $session_name
* @return bool true
*/
public function open($save_path, $session_name)
{
return true;
}
/**
* Dummy option for saving to file needed for full PHP adherence.
*
* @return bool true
*/
public function close()
{
return true;
}
/**
* Fetch the session data for the session with the given $id.
*
* @param $id
* @return string Returns an encoded string of the read data. If nothing was read, it must return an empty string. Note this value is returned internally to PHP for processing.
*/
public function read($id)
{
self::logdeb("Fetching session '$id'.");
$session = Session::getKV('id', $id);
if (empty($session)) {
self::logdeb("Couldn't find '$id'.");
return '';
} else {
self::logdeb("Found '$id', returning " .
strlen($session->session_data) .
" chars of data.");
return (string)$session->session_data;
}
}
/**
* Write the session data for session with given $id as $session_data.
*
* @param $id
* @param $session_data
* @return bool Returns TRUE on success or FALSE on failure.
*/
public function write($id, $session_data)
{
self::logdeb("Writing session '$id'.");
$session = Session::getKV('id', $id);
if (empty($session)) {
self::logdeb("'$id' doesn't yet exist; inserting.");
$session = new Session();
$session->id = $id;
$session->session_data = $session_data;
$session->created = common_sql_now();
$result = $session->insert();
if (!$result) {
common_log_db_error($session, 'INSERT', __FILE__);
self::logdeb("Failed to insert '$id'.");
} else {
self::logdeb("Successfully inserted '$id' (result = $result).");
}
return (bool) $result;
} else {
self::logdeb("'$id' already exists; updating.");
if (strcmp($session->session_data, $session_data) == 0) {
self::logdeb("Not writing session '$id' - unchanged.");
return true;
} else {
self::logdeb("Session '$id' data changed - updating.");
// Only update the required field
$orig = clone($session);
$session->session_data = $session_data;
$result = $session->update($orig);
if (!$result) {
common_log_db_error($session, 'UPDATE', __FILE__);
self::logdeb("Failed to update '$id'.");
} else {
self::logdeb("Successfully updated '$id' (result = $result).");
}
return (bool) $result;
}
}
}
/**
* Find sessions that have persisted beyond $maxlifetime and delete them.
* This will be limited by config['sessions']['gc_limit'] - it won't delete
* more than the number of sessions specified there at a single pass.
*
* @param $maxlifetime
* @return bool Returns TRUE on success or FALSE on failure.
*/
public function gc($maxlifetime)
{
self::logdeb("Garbage Collector has now started with maxlifetime = '$maxlifetime'.");
$epoch = common_sql_date(time() - $maxlifetime);
$ids = [];
$session = new Session();
$session->whereAdd('modified < "' . $epoch . '"');
$session->selectAdd();
$session->selectAdd('id');
$limit = common_config('sessions', 'gc_limit');
if ($limit > 0) {
// On large sites, too many sessions to expire
// at once will just result in failure.
$session->limit($limit);
}
$session->find();
while ($session->fetch()) {
$ids[] = $session->id;
}
$session->free();
self::logdeb("Garbage Collector found " . count($ids) . " ids to delete.");
foreach ($ids as $id) {
self::logdeb("Garbage Collector will now delete session '$id'.");
self::destroy($id);
}
return true;
}
/**
* Deletes session with given id $id.
*
* @param $id
* @return bool Returns TRUE on success or FALSE on failure.
*/
public function destroy($id)
{
self::logdeb("Destroying session '$id'.");
$session = Session::getKV('id', $id);
if (empty($session)) {
self::logdeb("Can't find '$id' to destroy.");
return false;
} else {
$result = $session->delete();
if (!$result) {
common_log_db_error($session, 'DELETE', __FILE__);
self::logdeb("Failed to destroy '$id'.");
} else {
self::logdeb("Successfully destroyed '$id' (result = $result).");
}
return (bool) $result;
}
}
}