From 7439d599f84d122df06dae61ea09ce3e0415d8af Mon Sep 17 00:00:00 2001 From: Cameron Date: Tue, 2 Jun 2020 13:43:21 -0700 Subject: [PATCH] Issue #4176 - Incremental introduction of database sessions - Experimental (work in progress) --- e107_admin/prefs.php | 21 +++++++- e107_admin/update_routines.php | 2 +- e107_core/sql/core_sql.php | 14 ++++++ e107_core/xml/default_install.xml | 1 + e107_handlers/session_handler.php | 57 ++++++++++------------ e107_languages/English/admin/lan_prefs.php | 2 + 6 files changed, 62 insertions(+), 35 deletions(-) diff --git a/e107_admin/prefs.php b/e107_admin/prefs.php index f94e5447a..bef92a952 100644 --- a/e107_admin/prefs.php +++ b/e107_admin/prefs.php @@ -1431,7 +1431,7 @@ $text .= " * */ -$text .= " + $text .= " @@ -1463,9 +1463,26 @@ $text .= "
".PRFLAN_273."
+ "; + if(e_DEVELOPER) // Experimental (translate terms after this check is removed) + { + // $systemSaveMethod = ini_get('session.save_handler'); + // $saveMethod = (!empty($systemSaveMethod)) ? $systemSaveMethod : 'files'; + // $systemSaveMethod => PRFLAN_276, + $text .= " + + + + ".$frm->select('session_save_method', [ 'db'=>'Database', 'files'=>'Files'], $pref['session_save_method'])." + + Experimental + + + "; + } - + $text .= " diff --git a/e107_admin/update_routines.php b/e107_admin/update_routines.php index 824abf547..8f82c3f88 100644 --- a/e107_admin/update_routines.php +++ b/e107_admin/update_routines.php @@ -766,7 +766,7 @@ function update_706_to_800($type='') ); // List of DB tables not required (includes a few from 0.6xx) - $obs_tables = array('flood', 'stat_info', 'stat_counter', 'stat_last', 'session', 'preset', 'tinymce'); + $obs_tables = array('flood', 'stat_info', 'stat_counter', 'stat_last', 'preset', 'tinymce'); // List of DB tables newly required (defined in core_sql.php) (The existing dblog table gets renamed) diff --git a/e107_core/sql/core_sql.php b/e107_core/sql/core_sql.php index 47c344923..25188886c 100755 --- a/e107_core/sql/core_sql.php +++ b/e107_core/sql/core_sql.php @@ -468,6 +468,20 @@ CREATE TABLE rate ( ) ENGINE=MyISAM; # -------------------------------------------------------- +# +# Table structure for table `session` +# + +CREATE TABLE session ( + session_id varchar(255) NOT NULL default '', + session_expires int(10) unsigned NOT NULL default 0, + session_user int(10) unsigned default NULL, + session_data text NOT NULL, + PRIMARY KEY (session_id) +) ENGINE=MyISAM; +# -------------------------------------------------------- + + # # Table structure for table `submitnews` # diff --git a/e107_core/xml/default_install.xml b/e107_core/xml/default_install.xml index 99b25113d..edce38642 100644 --- a/e107_core/xml/default_install.xml +++ b/e107_core/xml/default_install.xml @@ -253,6 +253,7 @@ 1 0 86400 + files %d %b %Y : %H:%M 0 diff --git a/e107_handlers/session_handler.php b/e107_handlers/session_handler.php index 3cbc3b732..34762a358 100644 --- a/e107_handlers/session_handler.php +++ b/e107_handlers/session_handler.php @@ -93,7 +93,7 @@ class e_session /** * Highest system protection, session id and token values are regenerated on every page request, * label 'Insane' - * @var unknown_type + * @var int unknown_type */ const SECURITY_LEVEL_INSANE = 10; @@ -107,7 +107,7 @@ class e_session * Session save method * @var string files|db */ - protected $_sessionSaveMethod = 'files'; + protected $_sessionSaveMethod = 'files';//'files'; /** * Session cache limiter, ignored if empty @@ -212,15 +212,15 @@ class e_session { $systemSaveMethod = ini_get('session.save_handler'); - // e107::getDebug()->log("Save Method:".$systemSaveMethod); - $saveMethod = (!empty($systemSaveMethod)) ? $systemSaveMethod : 'files'; - $config['SavePath'] = e107::getPref('session_save_path', false); // FIXME - new pref - $config['SaveMethod'] = e107::getPref('session_save_method', $saveMethod); // FIXME - new pref - $options['lifetime'] = (integer)e107::getPref('session_lifetime', 86400); // - $options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref - $options['secure'] = e107::getPref('ssl_enabled', false); // + $config['SavePath'] = e107::getPref('session_save_path', false); // FIXME - new pref + $config['SaveMethod'] = e107::getPref('session_save_method', $saveMethod); + $options['lifetime'] = (integer)e107::getPref('session_lifetime', 86400); + $options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref + $options['secure'] = e107::getPref('ssl_enabled', false); // + + e107::getDebug()->log("Session Save Method: ".$config['SaveMethod']); if (!empty($options['secure'])) { @@ -485,12 +485,12 @@ class e_session { session_save_path($this->_sessionSavePath); } - + switch ($this->_sessionSaveMethod) { - case 'db': // TODO session db handling, more methods (e.g. memcache) + case 'db': ini_set('session.save_handler', 'user'); - $session = new e_db_session; + $session = new e_session_db; $session->setSaveHandler(); break; @@ -1063,18 +1063,11 @@ class e_core_session extends e_session } } -/* SQL to be added -CREATE TABLE session ( - `session_id` varchar(255) NOT NULL default '', - `session_expires` int(10) unsigned NOT NULL default 0, - `session_data` text NOT NULL, - PRIMARY KEY (`session_id`), -) ENGINE=InnoDB DEFAULT CHARSET=utf8; - */ -class e_db_session + +class e_session_db { /** - * @var e_db_mysql + * @var e_db */ protected $_db = null; @@ -1109,7 +1102,7 @@ class e_db_session /** * @param string $table - * @return e_db_session + * @return e_session_db */ public function setTable($table) { @@ -1135,7 +1128,7 @@ class e_db_session /** * @param integer $seconds - * @return e_db_session + * @return e_session_db */ public function setLifetime($seconds = null) { @@ -1145,7 +1138,7 @@ class e_db_session /** * Set session save handler - * @return e_db_session + * @return e_session_db */ public function setSaveHandler() { @@ -1189,10 +1182,10 @@ class e_db_session public function read($session_id) { $data = false; - $check = $this->_db->db_Select($this->getTable(), 'session_data', "session_id='".$this->_sanitize($session_id)."' AND session_expires>".time()); + $check = $this->_db->select($this->getTable(), 'session_data', "session_id='".$this->_sanitize($session_id)."' AND session_expires>".time()); if($check) { - $tmp = $this->_db->db_Fetch(); + $tmp = $this->_db->fetch(); $data = base64_decode($tmp['session_data']); } elseif(false !== $check) @@ -1227,12 +1220,12 @@ class e_db_session return false; } - $check = $this->_db->db_Select($this->getTable(), 'session_id', "`session_id`='{$session_id}'"); + $check = $this->_db->select($this->getTable(), 'session_id', "`session_id`='{$session_id}'"); if($check) { $data['WHERE'] = "`session_id`='{$session_id}'"; - if(false !== $this->_db->db_Update($this->getTable(), $data)) + if(false !== $this->_db->update($this->getTable(), $data)) { return true; } @@ -1240,7 +1233,7 @@ class e_db_session else { $data['data']['session_id'] = $session_id; - if($this->_db->db_Insert($this->getTable(), $data)) + if($this->_db->insert($this->getTable(), $data)) { return true; } @@ -1256,7 +1249,7 @@ class e_db_session public function destroy($session_id) { $session_id = $this->_sanitize($session_id); - $this->_db->db_Delete($this->getTable(), "`session_id`='{$session_id}'"); + $this->_db->delete($this->getTable(), "`session_id`='{$session_id}'"); return true; } @@ -1267,7 +1260,7 @@ class e_db_session */ public function gc($session_maxlf) { - $this->_db->db_Delete($this->getTable(), '`session_expires`<'.time()); + $this->_db->delete($this->getTable(), '`session_expires`<'.time()); return true; } diff --git a/e107_languages/English/admin/lan_prefs.php b/e107_languages/English/admin/lan_prefs.php index 33abcfc0c..d7a7b25cd 100644 --- a/e107_languages/English/admin/lan_prefs.php +++ b/e107_languages/English/admin/lan_prefs.php @@ -301,3 +301,5 @@ define("PRFLAN_278", "URL to the Privacy Policy"); define("PRFLAN_279", "Make sure the url exists! It's best to use an absolute url. This setting will be used on all places that require a consent from the user (e.g. signup, contact form/menu, etc.)."); define("PRFLAN_280", "URL to the website terms and conditions"); define("PRFLAN_281", "The 2 links above are used on various page on this site (e.g. signup and contact form/menu).\nPlease create 2 pages (if not already done) that contain your 'Privacy Policy' and the websites 'Terms and conditions'.\nThere are several websites that can generate those text for you.\nCopy the urls of this websites into the fields above (e.g. /page/privacy-policy or /page/terms-and-conditions).\nJust make sure, the pages and urls exist and are working!"); + +define("PRFLAN_282", "Session Save Method"); \ No newline at end of file