mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 19:38:26 +00:00
28cb84e549
Revision: [1729] Fixed loading - added model, cakesession, security. Now loads properly. Revision: [1728] Fixing problems found in the way Cake handles sessions. These updates seem to work properly now. Added gethost() to basics.php to replace using gethostbyaddr which can be very slow. Added session_write_close(); in Controller::redirect(); Revision: [1719] Fix scaffold show.thtml undefined index error git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1730 3807eeeb-6ff5-0310-8944-8be069107fe0
580 lines
No EOL
13 KiB
PHP
580 lines
No EOL
13 KiB
PHP
<?php
|
|
/* SVN FILE: $Id$ */
|
|
|
|
/**
|
|
* Short description for file.
|
|
*
|
|
* Long description for file
|
|
*
|
|
* PHP versions 4 and 5
|
|
*
|
|
* CakePHP : Rapid Development Framework <http://www.cakephp.org/>
|
|
* Copyright (c) 2005, Cake Software Foundation, Inc.
|
|
* 1785 E. Sahara Avenue, Suite 490-204
|
|
* Las Vegas, Nevada 89104
|
|
*
|
|
* Licensed under The MIT License
|
|
* Redistributions of files must retain the above copyright notice.
|
|
*
|
|
* @filesource
|
|
* @copyright Copyright (c) 2005, Cake Software Foundation, Inc.
|
|
* @link http://www.cakefoundation.org/projects/info/cakephp CakePHP Project
|
|
* @package cake
|
|
* @subpackage cake.cake.libs
|
|
* @since CakePHP v .0.10.0.1222
|
|
* @version $Revision$
|
|
* @modifiedby $LastChangedBy$
|
|
* @lastmodified $Date$
|
|
* @license http://www.opensource.org/licenses/mit-license.php The MIT License
|
|
*/
|
|
|
|
/**
|
|
* Short description for file.
|
|
*
|
|
* Long description for file
|
|
*
|
|
* @package cake
|
|
* @subpackage cake.cake.libs
|
|
* @since CakePHP v .0.10.0.1222
|
|
*/
|
|
class CakeSession extends Object
|
|
{
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @var unknown_type
|
|
*/
|
|
var $valid = false;
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @var unknown_type
|
|
*/
|
|
var $error = false;
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @var unknown_type
|
|
*/
|
|
var $ip = false;
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @var unknown_type
|
|
*/
|
|
var $userAgent = false;
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @var unknown_type
|
|
*/
|
|
var $path = false;
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @var unknown_type
|
|
*/
|
|
var $lastError = null;
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @var unknown_type
|
|
*/
|
|
var $sessionId = null;
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @var unknown_type
|
|
*/
|
|
var $security = null;
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @return unknown
|
|
*/
|
|
function __construct($base = null)
|
|
{
|
|
$this->host = $_SERVER['HTTP_HOST'];
|
|
|
|
if (empty($base))
|
|
{
|
|
$this->path = '/';
|
|
}
|
|
else
|
|
{
|
|
$this->path = $base;
|
|
}
|
|
|
|
if (strpos($this->host, ':') !== false)
|
|
{
|
|
$this->host = substr($this->host,0, strpos($this->host, ':'));
|
|
}
|
|
|
|
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
|
{
|
|
$this->ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
}
|
|
else
|
|
{
|
|
$this->ip = $_SERVER['REMOTE_ADDR'];
|
|
}
|
|
|
|
if(!empty($_SERVER['HTTP_USER_AGENT']))
|
|
{
|
|
$this->userAgent = md5($_SERVER['HTTP_USER_AGENT']);
|
|
}
|
|
else
|
|
{
|
|
$this->userAgent = "";
|
|
}
|
|
|
|
$this->security = CAKE_SECURITY;
|
|
$this->_initSession();
|
|
$this->_begin();
|
|
parent::__construct();
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @param unknown_type $name
|
|
* @return unknown
|
|
*/
|
|
function checkSessionVar($name)
|
|
{
|
|
$expression = "return isset(".$this->_sessionVarNames($name).");";
|
|
return eval($expression);
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @param unknown_type $name
|
|
* @return unknown
|
|
*/
|
|
function delSessionVar($name)
|
|
{
|
|
if($this->checkSessionVar($name))
|
|
{
|
|
$var = $this->_sessionVarNames($name);
|
|
eval("unset($var);");
|
|
return true;
|
|
}
|
|
$this->_setError(2, "$name doesn't exist");
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @param unknown_type $errorNumber
|
|
* @return unknown
|
|
*/
|
|
function getError($errorNumber)
|
|
{
|
|
if(!is_array($this->error) || !array_key_exists($errorNumber, $this->error))
|
|
{
|
|
return false;
|
|
}
|
|
else
|
|
{
|
|
return $this->error[$errorNumber];
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @return unknown
|
|
*/
|
|
function getLastError()
|
|
{
|
|
if($this->lastError)
|
|
{
|
|
return $this->getError($this->lastError);
|
|
}
|
|
else
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @return unknown
|
|
*/
|
|
function isValid()
|
|
{
|
|
return $this->valid;
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @param unknown_type $name
|
|
* @return unknown
|
|
*/
|
|
function readSessionVar($name = null)
|
|
{
|
|
if(is_null($name))
|
|
{
|
|
return $this->returnSessionVars();
|
|
}
|
|
|
|
if($this->checkSessionVar($name))
|
|
{
|
|
$result = eval("return ".$this->_sessionVarNames($name).";");
|
|
return $result;
|
|
}
|
|
$this->_setError(2, "$name doesn't exist");
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @param unknown_type $name
|
|
* @return unknown
|
|
*/
|
|
function returnSessionVars()
|
|
{
|
|
if(!empty($_SESSION))
|
|
{
|
|
$result = eval("return ".$_SESSION.";");
|
|
return $result;
|
|
}
|
|
$this->_setError(2, "No Session vars set");
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @param unknown_type $name
|
|
* @param unknown_type $value
|
|
*/
|
|
function writeSessionVar($name, $value)
|
|
{
|
|
$expression = $this->_sessionVarNames($name);
|
|
$expression .= " = \$value;";
|
|
eval($expression);
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @access private
|
|
*/
|
|
function _begin()
|
|
{
|
|
session_cache_limiter("must-revalidate");
|
|
session_start();
|
|
$this->_new();
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @access private
|
|
*/
|
|
function _close()
|
|
{
|
|
echo "<pre>";
|
|
echo "CakeSession::_close() Not Implemented Yet";
|
|
echo "</pre>";
|
|
die();
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @access private
|
|
*/
|
|
function _destroy()
|
|
{
|
|
echo "<pre>";
|
|
echo "CakeSession::_destroy() Not Implemented Yet";
|
|
echo "</pre>";
|
|
die();
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @access private
|
|
*/
|
|
function _gc()
|
|
{
|
|
echo "<pre>";
|
|
echo "CakeSession::_gc() Not Implemented Yet";
|
|
echo "</pre>";
|
|
die();
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @access private
|
|
*/
|
|
function _initSession()
|
|
{
|
|
if (function_exists('session_write_close'))
|
|
{
|
|
session_write_close();
|
|
}
|
|
|
|
switch ($this->security)
|
|
{
|
|
case 'high':
|
|
$this->cookieLifeTime = 0;
|
|
ini_set('session.referer_check', $this->host);
|
|
break;
|
|
case 'medium':
|
|
$this->cookieLifeTime = 7 * 86400;
|
|
break;
|
|
case 'low':
|
|
default :
|
|
$this->cookieLifeTime = 788940000;
|
|
break;
|
|
}
|
|
|
|
switch (CAKE_SESSION_SAVE)
|
|
{
|
|
case 'cake':
|
|
ini_set('session.use_trans_sid', 0);
|
|
ini_set('url_rewriter.tags', '');
|
|
ini_set('session.serialize_handler', 'php');
|
|
ini_set('session.use_cookies', 1);
|
|
ini_set('session.name', CAKE_SESSION_COOKIE);
|
|
ini_set('session.cookie_lifetime', $this->cookieLifeTime);
|
|
ini_set('session.cookie_path', $this->path);
|
|
ini_set('session.gc_probability', 1);
|
|
ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60);
|
|
ini_set('session.auto_start', 0);
|
|
ini_set('session.save_path', TMP.'sessions');
|
|
break;
|
|
case 'database':
|
|
ini_set('session.use_trans_sid', 0);
|
|
ini_set('url_rewriter.tags', '');
|
|
ini_set('session.save_handler', 'user');
|
|
ini_set('session.serialize_handler', 'php');
|
|
ini_set('session.use_cookies', 1);
|
|
ini_set('session.name', CAKE_SESSION_COOKIE);
|
|
ini_set('session.cookie_lifetime', $this->cookieLifeTime);
|
|
ini_set('session.cookie_path', $this->path);
|
|
ini_set('session.gc_probability', 1);
|
|
ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60);
|
|
ini_set('session.auto_start', 0);
|
|
session_set_save_handler(array('CakeSession', '_open'),
|
|
array('CakeSession', '_close'),
|
|
array('CakeSession', '_read'),
|
|
array('CakeSession', '_write'),
|
|
array('CakeSession', '_destroy'),
|
|
array('CakeSession', '_gc'));
|
|
break;
|
|
case 'php':
|
|
ini_set('session.name', CAKE_SESSION_COOKIE);
|
|
ini_set('session.cookie_lifetime', $this->cookieLifeTime);
|
|
ini_set('session.cookie_path', $this->path);
|
|
ini_set('session.gc_probability', 1);
|
|
ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60);
|
|
break;
|
|
default :
|
|
$config = CONFIGS.CAKE_SESSION_SAVE.'.php';
|
|
if(is_file($config))
|
|
{
|
|
require_once($config);
|
|
}
|
|
else
|
|
{
|
|
ini_set('session.name', CAKE_SESSION_COOKIE);
|
|
ini_set('session.cookie_lifetime', $this->cookieLifeTime);
|
|
ini_set('session.cookie_path', $this->path);
|
|
ini_set('session.gc_probability', 1);
|
|
ini_set('session.gc_maxlifetime', Security::inactiveMins() * 60);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @access private
|
|
*
|
|
*/
|
|
function _new()
|
|
{
|
|
if(!ereg("\.aol\.com$", gethost($this->ip)))
|
|
{
|
|
if($this->readSessionVar("Config"))
|
|
{
|
|
if($this->ip == $this->readSessionVar("Config.ip") && $this->userAgent == $this->readSessionVar("Config.userAgent"))
|
|
{
|
|
$this->valid = true;
|
|
}
|
|
else
|
|
{
|
|
$this->valid = false;
|
|
$this->_setError(1, "Session Highjacking Attempted !!!");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
srand((double)microtime() * 1000000);
|
|
$this->writeSessionVar('Config.rand', rand());
|
|
$this->writeSessionVar("Config.ip", $this->ip);
|
|
$this->writeSessionVar("Config.userAgent", $this->userAgent);
|
|
$this->valid = true;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if(!$this->readSessionVar("Config"))
|
|
{
|
|
srand((double)microtime() * 1000000);
|
|
$this->writeSessionVar('Config.rand', rand());
|
|
$this->writeSessionVar("Config.ip", $this->ip);
|
|
$this->writeSessionVar("Config.userAgent", $this->userAgent);
|
|
}
|
|
$this->valid = true;
|
|
}
|
|
|
|
if($this->security == 'high')
|
|
{
|
|
$this->_regenerateId();
|
|
}
|
|
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @access private
|
|
*
|
|
*/
|
|
function _open()
|
|
{
|
|
echo "<pre>";
|
|
echo "CakeSession::_open() Not Implemented Yet";
|
|
echo "</pre>";
|
|
die();
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @access private
|
|
*
|
|
*/
|
|
function _read()
|
|
{
|
|
echo "<pre>";
|
|
echo "CakeSession::_read() Not Implemented Yet";
|
|
echo "</pre>";
|
|
die();
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
*
|
|
* @access private
|
|
*
|
|
*/
|
|
function _regenerateId()
|
|
{
|
|
$oldSessionId = session_id();
|
|
$sessionpath = session_save_path();
|
|
if (empty($sessionpath))
|
|
{
|
|
$sessionpath = "/tmp";
|
|
}
|
|
if (isset($_COOKIE[session_name()]))
|
|
{
|
|
setcookie(CAKE_SESSION_COOKIE, '', time()-42000, $this->path);
|
|
}
|
|
session_regenerate_id();
|
|
$newSessid = session_id();
|
|
$file = $sessionpath.DS."sess_$oldSessionId";
|
|
@unlink($file);
|
|
$this->_initSession();
|
|
session_id($newSessid);
|
|
session_start();
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @access private
|
|
*
|
|
*/
|
|
function _renew()
|
|
{
|
|
$this->_regenerateId();
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @param unknown_type $name
|
|
* @return unknown
|
|
* @access private
|
|
*/
|
|
function _sessionVarNames($name)
|
|
{
|
|
if(is_string($name))
|
|
{
|
|
if(strpos($name, "."))
|
|
{
|
|
$names = explode(".", $name);
|
|
}
|
|
else
|
|
{
|
|
$names = array($name);
|
|
}
|
|
$expression = $expression = "\$_SESSION";
|
|
|
|
foreach($names as $item)
|
|
{
|
|
$expression .= is_numeric($item) ? "[$item]" : "['$item']";
|
|
}
|
|
return $expression;
|
|
}
|
|
$this->setError(3, "$name is not a string");
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @param unknown_type $errorNumber
|
|
* @param unknown_type $errorMessage
|
|
* @access private
|
|
*/
|
|
function _setError($errorNumber, $errorMessage)
|
|
{
|
|
if($this->error === false)
|
|
{
|
|
$this->error = array();
|
|
}
|
|
|
|
$this->error[$errorNumber] = $errorMessage;
|
|
$this->lastError = $errorNumber;
|
|
}
|
|
|
|
/**
|
|
* Enter description here...
|
|
*
|
|
* @access private
|
|
*/
|
|
function _write()
|
|
{
|
|
echo "<pre>";
|
|
echo "CakeSession::_write() Not Implemented Yet";
|
|
echo "</pre>";
|
|
die();
|
|
}
|
|
}
|
|
?>
|