aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/sessions.php
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-10-22 11:03:41 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-10-22 11:03:41 +0000
commitc04b4f17f123ceb078409630c13d57604827e6f5 (patch)
tree3b49826b302d33c2e60bb1b52115f6eb04ff15e8 /engine/lib/sessions.php
parentae2f3b28b11ef6b3b00c4e152851f95b179abf79 (diff)
downloadelgg-c04b4f17f123ceb078409630c13d57604827e6f5.tar.gz
elgg-c04b4f17f123ceb078409630c13d57604827e6f5.tar.bz2
Semi-working session code. Still won't permit logging in, commented out until there is time to fix.
Problem seems to be based around the action_gatekeeper() and the values set for the __elgg_session. Removing this component from the key causes the token to be valid. My feeling is that the session is not being saved or loaded correctly. git-svn-id: https://code.elgg.org/elgg/trunk@2291 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/sessions.php')
-rw-r--r--engine/lib/sessions.php89
1 files changed, 76 insertions, 13 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 4e1a0a494..691eb484d 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -117,7 +117,7 @@
if (($persistent))
setcookie("elggperm", $code, (time()+(86400 * 30)),"/");
-
+
if (!$user->save() || !trigger_elgg_event('login','user',$user)) {
unset($_SESSION['username']);
unset($_SESSION['name']);
@@ -185,10 +185,13 @@
* @param unknown_type $object
*/
function session_init($event, $object_type, $object) {
+
+ global $DB_PREFIX, $CONFIG;
if (!is_db_installed()) return false;
// Use database for sessions
+ $DB_PREFIX = $CONFIG->dbprefix; // HACK to allow access to prefix after object distruction
//session_set_save_handler("__elgg_session_open", "__elgg_session_close", "__elgg_session_read", "__elgg_session_write", "__elgg_session_destroy", "__elgg_session_gc");
session_name('Elgg');
@@ -294,6 +297,9 @@
*/
function __elgg_session_open($save_path, $session_name)
{
+ global $sess_save_path;
+ $sess_save_path = $save_path;
+
return true;
}
@@ -310,13 +316,25 @@
*/
function __elgg_session_read($id)
{
- global $CONFIG;
+ global $DB_PREFIX;
$id = sanitise_string($id);
- $result = get_data("SELECT * from {$CONFIG->dbprefix}users_sessions where session='$id'");
- if ($result)
- return $result->data;
+ try {
+error_log("marcus SELECT * from {$CONFIG->dbprefix}users_sessions where session='$id'");
+ $result = get_data("SELECT * from {$DB_PREFIX}users_sessions where session='$id'");
+ if ($result)
+ return (string)$result->data;
+
+ } catch (DatabaseException $e) {
+error_log('marcus here');
+ // Fall back to file store in this case, since this likely means that the database hasn't been upgraded
+ global $sess_save_path;
+
+ $sess_file = "$sess_save_path/sess_$id";
+error_log("marcus $sess_file");
+ return (string) @file_get_contents($sess_file);
+ }
return '';
}
@@ -326,13 +344,34 @@
*/
function __elgg_session_write($id, $sess_data)
{
- global $CONFIG;
+ global $DB_PREFIX;
- $id = sanitise_string($id);
- $sess_data = sanitise_string($sess_data);
+ $id = sanitise_string($id);
$time = time();
- return (bool)insert_data("INSERT INTO {$CONFIG->dbprefix}users_sessions (session, ts, data) VALUES ('$id', '$time', '$sess_data') ON DUPLICATE set ts='$time', data='$sess_data'");
+ try {
+ $sess_data_sanitised = sanitise_string($sess_data);
+
+ error_log("marcus REPLACE INTO {$DB_PREFIX}users_sessions (session, ts, data) VALUES ('$id', '$time', '$sess_data_sanitised')");
+ if (insert_data("REPLACE INTO {$DB_PREFIX}users_sessions (session, ts, data) VALUES ('$id', '$time', '$sess_data_sanitised')")!==false)
+ return true;
+
+ } catch (DatabaseException $e) {
+ // Fall back to file store in this case, since this likely means that the database hasn't been upgraded
+ global $sess_save_path;
+
+ $sess_file = "$sess_save_path/sess_$id";
+ if ($fp = @fopen($sess_file, "w")) {
+ $return = fwrite($fp, $sess_data);
+ fclose($fp);
+ return $return;
+ }
+
+ else
+ error_log('marcus FAILED TO WRITe ' . print_r($CONFIG, true));
+ }
+
+ return false;
}
/**
@@ -340,11 +379,22 @@
*/
function __elgg_session_destroy($id)
{
- global $CONFIG;
+ global $DB_PREFIX;
$id = sanitise_string($id);
- return (bool)delete_data("DELETE from {$CONFIG->dbprefix}users_sessions where session='$id'");
+ try {
+error_log("marcus DELETE from {$CONFIG->dbprefix}users_sessions where session='$id'") ;
+ return (bool)delete_data("DELETE from {$DB_PREFIX}users_sessions where session='$id'");
+ } catch (DatabaseException $e) {
+ // Fall back to file store in this case, since this likely means that the database hasn't been upgraded
+ global $sess_save_path;
+
+ $sess_file = "$sess_save_path/sess_$id";
+ return(@unlink($sess_file));
+ }
+
+ return false;
}
/**
@@ -352,11 +402,24 @@
*/
function __elgg_session_gc($maxlifetime)
{
- global $CONFIG;
+ global $DB_PREFIX;
$life = time()-$maxlifetime;
- return (bool)delete_data("DELETE from {$CONFIG->dbprefix}users_sessions where ts<'$life'");
+ try {
+ return (bool)delete_data("DELETE from {$DB_PREFIX}users_sessions where ts<'$life'");
+ } catch (DatabaseException $e) {
+ // Fall back to file store in this case, since this likely means that the database hasn't been upgraded
+ global $sess_save_path;
+
+ foreach (glob("$sess_save_path/sess_*") as $filename) {
+ if (filemtime($filename) < $life) {
+ @unlink($filename);
+ }
+ }
+ }
+
+ return true;
}
register_elgg_event_handler("boot","system","session_init",1);