oxsession.php

Go to the documentation of this file.
00001 <?php
00002 
00003 
00004 // Including database session managing class if needed.
00005 if (oxConfig::getInstance()->getConfigParam( 'blAdodbSessionHandler' ) )
00006     require_once getShopBasePath() . 'core/adodb/session/adodb-session.php';
00007 
00014 class oxSession extends oxSuperCfg
00015 {
00021     protected $_sName = 'sid';
00022 
00027     protected  $_sId     = null;
00028 
00034     protected static $_blIsNewSession = false;
00035 
00039     protected static $_instance = null;
00040 
00045     protected static  $_oUser = null;
00046 
00053     protected $_blNewSession = false;
00054 
00060     protected $_sErrorMsg = null;
00061 
00067     protected $_aRequireCookiesInFncs = array( 'register' => null,
00068                                                 'account' => null,
00069                                                              'tobasket',
00070                                                              'login_noredirect'
00071                                                 );
00072 
00076     protected $_aPersistentParams = array("actshop", "lang", "currency", "language", "tpllanguage");
00077 
00083     public static function getInstance()
00084     {
00085         if ( defined('OXID_PHP_UNIT')) {
00086             if ( isset( modSession::$unitMOD) && is_object( modSession::$unitMOD)) {
00087                 return modSession::$unitMOD;
00088             }
00089         }
00090         if (!isset(self::$_instance)) {
00091             self::$_instance  = oxNew( 'oxsession' );
00092         }
00093         return self::$_instance;
00094     }
00095 
00101     public function getId()
00102     {
00103         return $this->_sId;
00104     }
00105 
00113     public function setId($sVal)
00114     {
00115         $this->_sId = $sVal;
00116     }
00117 
00125     public function setName($sVal)
00126     {
00127         $this->_sName = $sVal;
00128     }
00129 
00135     public function getName()
00136     {
00137         return $this->_sName;
00138     }
00139 
00147     public function start()
00148     {
00149         $sid = null;
00150 
00151         if ( $this->isAdmin() ) {
00152             $this->setName("admin_sid");
00153         } else {
00154             $this->setName("sid");
00155         }
00156 
00157         $sForceSidParam = oxConfig::getParameter('force_sid');
00158         $sSidParam = oxConfig::getParameter($this->getName());
00159 
00160         $blUseCookies = $this->getConfig()->getConfigParam( 'blSessionUseCookies') || $this->isAdmin();
00161 
00162         //forcing sid for SSL<->nonSSL transitions
00163         if ($sForceSidParam) {
00164             $sid = $sForceSidParam;
00165         } elseif ($blUseCookies && $this->_getCookieSid()) {
00166             $sid = $this->_getCookieSid();
00167         } elseif($sSidParam) {
00168             $sid = $sSidParam;
00169         }
00170 
00171 
00172         //creating new sid
00173         if ( !$sid) {
00174             $this->initNewSession();
00175             self::$_blIsNewSession = true;
00176         } else {
00177             $this->_setSessionId($sid);
00178         }
00179 
00180 
00181         //starting session if only we can
00182         if ($this->_allowSessionStart()) {
00183 
00184             @session_start();
00185 
00186             //special handling for new ZP cluster session, as in that case session_start() regenerates id
00187             if ($this->_sId != session_id()) {
00188                 $this->_setSessionId(session_id());
00189             }
00190         }
00191 
00192         //checking for swapped client in case cookies are not available
00193         if (!$this->_getCookieSid() && !oxUtils::getInstance()->isSearchEngine() && $this->_isSwappedClient() ) {
00194             $this->initNewSession();
00195         }
00196 
00197         $sClass    = $this->getConfig()->getActiveView()->getClassName();
00198         $sFunction = $this->getConfig()->getActiveView()->getFncName();
00199         //check if we have mandatory cookie support
00200         if ( !$this->_checkMandatoryCookieSupport( $sClass, $sFunction ) ) {
00201             $oEx = oxNew( 'oxCookieException' );
00202             $oEx->setMessage( 'EXCEPTION_COOKIE_NOCOOKIE' );
00203             throw $oEx;
00204         }
00205     }
00206 
00212     public function initNewSession()
00213     {
00214         //saving persistent params if old session exists
00215         $aPersistent = array();
00216         foreach ($this->_aPersistentParams as $sParam) {
00217             if ( self::getVar($sParam)) {
00218                 $aPersistent[$sParam] = self::getVar($sParam);
00219             }
00220         }
00221 
00222         $sid = md5(oxUtilsObject::getInstance()->generateUID());
00223 
00224         $this->_setSessionId($sid);
00225         session_unset();
00226 
00227         //restoring persistent params to session
00228         foreach ($aPersistent as $key => $sParam) {
00229             self::setVar($key, $aPersistent[$key]);
00230         }
00231     }
00232 
00238     public function freeze()
00239     {
00240         // storing basket ..
00241         self::setVar( $this->_getBasketName(), serialize( $this->getBasket() ) );
00242 
00243         session_write_close();
00244     }
00245 
00251     public function destroy()
00252     {
00253         //session_unset();
00254         unset($_SESSION);
00255         session_destroy();
00256     }
00257 
00265     public static function hasVar( $name )
00266     {
00267         if ( defined( 'OXID_PHP_UNIT' ) ) {
00268             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00269                 try{
00270                     $sVal = modSession::getInstance()->getVar( $name );
00271                     return isset( $sVal );
00272                 } catch( Exception $e ) {
00273                     // if exception is thrown, use default
00274                 }
00275             }
00276         }
00277 
00278         return isset($_SESSION[$name]);
00279     }
00280 
00289     public static function setVar( $name, $value)
00290     {
00291         if ( defined( 'OXID_PHP_UNIT' ) ) {
00292             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00293                 try{
00294                     return modSession::getInstance()->setVar(  $name, $value );
00295                 } catch( Exception $e ) {
00296                     // if exception is thrown, use default
00297                 }
00298             }
00299         }
00300 
00301         $_SESSION[$name] = $value;
00302         //logger( "set sessionvar : $name -> $value");
00303     }
00304 
00312     public static function getVar( $name )
00313     {
00314         if ( defined( 'OXID_PHP_UNIT' ) ) {
00315             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00316                 try{
00317                     return modSession::getInstance()->getVar( $name );
00318                 } catch( Exception $e ) {
00319                     // if exception is thrown, use default
00320                 }
00321             }
00322         }
00323 
00324         if ( isset( $_SESSION[$name] )) {
00325             return $_SESSION[$name];
00326         } else {
00327             return null;
00328         }
00329     }
00330 
00338     public static function deleteVar( $name )
00339     {
00340         if ( defined( 'OXID_PHP_UNIT' ) ) {
00341             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00342                 try{
00343                     return modSession::getInstance()->setVar( $name, null );
00344                 } catch( Exception $e ) {
00345                     // if exception is thrown, use default
00346                 }
00347             }
00348         }
00349 
00350         $_SESSION[$name] = null;
00351         //logger( "delete sessionvar : $name");
00352         unset($_SESSION[$name]);
00353     }
00354 
00362     public function url($url)
00363     {
00364         $myConfig = $this->getConfig();
00365         if (strpos(" ".$url, "https:") === 1 && !$myConfig->isSsl()) {
00366             $blForceSID = true;
00367         }
00368         if (strpos(" ".$url, "http:") === 1 && $myConfig->isSsl()) {
00369             $blForceSID = true;
00370         }
00371 
00372         $blUseCookies = $myConfig->getConfigParam( 'blSessionUseCookies' ) || $this->isAdmin();
00373 
00374         $sSeparator = strstr($url, "?") !== false ?  "&amp;" : "?";
00375 
00376         if ($blUseCookies && $this->_getCookieSid()) {
00377             //cookies are supported so we do nothing
00378             $url .= $sSeparator;
00379 
00380             //or this is SSL link in non SSL environment (or vice versa)
00381             //and we force sid here
00382             if ($blForceSID) {
00383                 $url .= 'force_sid=' . $this->getId() . '&amp;';
00384             }
00385         } elseif (oxUtils::getInstance()->isSearchEngine()) {
00386             $url .= $sSeparator;
00387 
00388             //adding lang parameter for search engines
00389             $sLangParam = oxConfig::getParameter( "lang" );
00390             $sConfLang = $myConfig->getConfigParam( 'sDefaultLang' );
00391             if ( (int) $sLangParam != (int) $sConfLang ) {
00392                 $url   .= "lang=" . $sLangParam . "&amp;";
00393             }
00394         } elseif ($this->sid()) {
00395             //removing dublicate params
00396             //..hopefully this is not needed
00397             //$url    = ereg_replace("[&?]+$", "", $url);
00398 
00399             //cookies are not supported or this is first time visit
00400             $url   .= $sSeparator . $this->sid(). '&amp;';
00401         }
00402 
00403         return $url;
00404     }
00405 
00413     public function sid()
00414     {
00415         if ( !$this->getId() ) {
00416             return false;
00417         }
00418 
00419         $myConfig     = $this->getConfig();
00420         $blUseCookies = $myConfig->getConfigParam( 'blSessionUseCookies' ) || $this->isAdmin();
00421 
00422         //no cookie?
00423         if (!$blUseCookies || !$this->_getCookieSid()) {
00424             $sRet = $this->getName()."=".$this->getId();
00425         }
00426 
00427         if (oxUtils::getInstance()->isSearchEngine() && is_array($myConfig->getConfigParam( 'aCacheViews' ) ) && !$this->isAdmin() ) {
00428 
00429             $sRet = '';
00430 
00431             $sShopId = $myConfig->getShopId();
00432             if ( $sShopId != 1) {
00433                 $sRet = "shp=" . $sShopId;
00434             }
00435         }
00436 
00437         return $sRet;
00438     }
00439 
00445     public function hiddenSid()
00446     {
00447         if ( $this->isAdmin()) {
00448             return '';
00449         }
00450 
00451         return "<input type=\"hidden\" name=\"force_sid\" value=\"". $this->getId() . "\">";
00452     }
00453 
00459     public function getBasket()
00460     {
00461         if ( $this->_oBasket === null ) {
00462             $sBasket = self::getVar( $this->_getBasketName() );
00463             if ( $sBasket && $oBasket = unserialize( $sBasket ) ) {
00464                 $this->setBasket( $oBasket );
00465             } else {
00466                 $this->setBasket( oxNew( 'oxbasket' ) );
00467             }
00468         }
00469 
00470         return $this->_oBasket;
00471     }
00472 
00480     public function setBasket( $oBasket )
00481     {
00482         // sets basket session object
00483         $this->_oBasket = $oBasket;
00484     }
00485 
00491     public function delBasket()
00492     {
00493         $this->setBasket( null );
00494         self::deleteVar( $this->_getBasketName());
00495     }
00496 
00502     public function isNewSession()
00503     {
00504         return self::$_blIsNewSession;
00505     }
00506 
00512     protected function _allowSessionStart()
00513     {
00514         $blAllowSessionStart = true;
00515         if ( oxUtils::getInstance()->isSearchEngine() ) {
00516             $blAllowSessionStart = false;
00517         }
00518 
00519         if ( oxConfig::getParameter( 'skipSession' ) ) {
00520             $blAllowSessionStart = false;
00521         }
00522 
00523         /*if ($this->_getCookieSid())
00524             $blAllowSessionStart = true;*/
00525 
00526         return $blAllowSessionStart;
00527     }
00528 
00538     protected function _checkMandatoryCookieSupport( $sClass, $sFunction )
00539     {
00540         $myConfig  = $this->getConfig();
00541 
00542         //no mandatory cookie needed
00543         if (!$myConfig->getConfigParam( 'blSessionEnforceCookies' ) || (oxUtilsServer::getInstance()->getOxCookie($this->getName())) || !$sClass) {
00544             return true;
00545         }
00546 
00547         if($sFunction && in_array($sFunction, $this->_aRequireCookiesInFncs)) {
00548             return false;
00549         }
00550 
00551         if (array_key_exists($sClass, $this->_aRequireCookiesInFncs)) {
00552             return false;
00553         }
00554 
00555         //otherwise cookies are mandatories and we don't have them
00556         return true;
00557     }
00558 
00566     protected function _isSwappedClient()
00567     {
00568         $myConfig = $this->getConfig();
00569         $myUtils  = oxUtils::getInstance();
00570 
00571         $blSwapped = false;
00572 
00573         //checking search engine
00574         if ( $myUtils->isSearchEngine() ) {
00575             return false;
00576         }
00577 
00578         /*
00579         //T2007-05-14
00580         //checking 'skipSession' paramter to prevent new session generation for popup
00581         elseif("x" == $this->getId() && !oxConfig::getParameter('skipSession'))
00582         {
00583             $this->_sErrorMsg = "Refered from search engine, creating new SID...<br>";
00584 
00585             $blSwapped = true;
00586         }*/
00587 
00588         $sAgent = oxUtilsServer::getInstance()->getServerVar( 'HTTP_USER_AGENT' );
00589         $sExistingAgent = self::getVar( 'sessionagent' );
00590         if ( $this->_checkUserAgent( $sAgent, $sExistingAgent ) ) {
00591             $blSwapped = true;
00592         }
00593 
00594         /*
00595         if ( $this->_checkByTimeOut() )
00596             $blSwapped = true;
00597         */
00598 
00599         if ( $myConfig->getConfigParam( 'blAdodbSessionHandler' ) ) {
00600             if ( $this->_checkSid() ) {
00601                 $blSwapped = true;
00602             }
00603         }
00604 
00605         $blDisableCookieCheck = $myConfig->getConfigParam( 'blDisableCookieCheck' );
00606         if ( !$blDisableCookieCheck ) {
00607             $sCookieSid = oxUtilsServer::getInstance()->getOxCookie( 'sid_key' );
00608             $aSessCookieSetOnce = self::getVar("sessioncookieisset");
00609             if ( $this->_checkCookies( $sCookieSid, $aSessCookieSetOnce ) ) {
00610                 $blSwapped = true;
00611             }
00612         }
00613 
00614         return $blSwapped;
00615     }
00616 
00625     protected function _checkUserAgent( $sAgent, $sExistingAgent)
00626     {
00627         $blIgnoreBrowserChange = oxConfig::getParameter("remoteaccess") == "true" && !$this->isAdmin();
00628         if ($sAgent && $sExistingAgent && $sAgent != $sExistingAgent && (!$blIgnoreBrowserChange)) {
00629             $this->_sErrorMsg = "Different browser ($sExistingAgent, $sAgent), creating new SID...<br>";
00630             return true;
00631         } elseif (!isset($sExistingAgent)) {
00632             self::setVar("sessionagent", $sAgent);
00633         }
00634         return false;
00635     }
00636 
00643     /*
00644     protected function _checkByTimeOut()
00645     {
00646         $myConfig = $this->getConfig();
00647         $iTimeStamp = oxUtilsDate::getInstance()->getTime();
00648 
00649         // #660
00650         $iSessionTimeout = null;
00651         if( $this->isAdmin() )
00652             $iSessionTimeout = $myConfig->getConfigParam( 'iSessionTimeoutAdmin' );
00653         if ( !$this->isAdmin() || !$iSessionTimeout )
00654             $iSessionTimeout = $myConfig->getConfigParam( 'iSessionTimeout' );
00655         if (!$iSessionTimeout)
00656             $iSessionTimeout = 60;
00657 
00658         $iTimeout = 60 * $iSessionTimeout;
00659         $iExistingTimeStamp = self::getVar( "sessiontimestamp");
00660         if ( $iExistingTimeStamp && ( $iExistingTimeStamp + $iTimeout < $iTimeStamp ) ) {
00661             $this->_sErrorMsg = "Shop timeout($iTimeStamp - $iExistingTimeStamp = ".($iTimeStamp - $iExistingTimeStamp)." ),
00662                                                                                                 creating new SID...<br>";
00663             return true;
00664         }
00665         self::setVar("sessiontimestamp", $iTimeStamp);
00666         return false;
00667     }*/
00668 
00674     protected function _checkSid()
00675     {
00676         //matze changed sesskey to SessionID because structure of oxsession changed!!
00677         $sSID = oxDb::getDb()->GetOne("select SessionID from oxsessions where SessionID = '".$this->getId()."'");
00678 
00679         //2007-05-14
00680         //we check _blNewSession as well as this may be actually new session not written to db yet
00681         if ( !$this->_blNewSession && (!isset( $sSID) || !$sSID)) {
00682             // this means, that this session has expired in the past and someone uses this sid to reactivate it
00683             $this->_sErrorMsg = "Session has expired in the past and someone uses this sid to reactivate it, creating new SID...<br>";
00684             return true;
00685         }
00686         return false;
00687     }
00688 
00698     protected function _checkCookies( $sCookieSid, $aSessCookieSetOnce )
00699     {
00700         $myConfig   = $this->getConfig();
00701         $blSwapped  = false;
00702 
00703         if ( isset( $aSessCookieSetOnce[$myConfig->getCurrentShopURL()] ) ) {
00704             $blSessCookieSetOnce = $aSessCookieSetOnce[$myConfig->getCurrentShopURL()];
00705         } else {
00706             $blSessCookieSetOnce = false;
00707         }
00708 
00709         //if cookie was there once but now is gone it means we have to reset
00710         if ( $blSessCookieSetOnce && !$sCookieSid ) {
00711             if ( $myConfig->getConfigParam( 'iDebug' ) ) {
00712                 $this->_sErrorMsg  = "Cookie not found, creating new SID...<br>";
00713                 $this->_sErrorMsg .= "Cookie: $sCookieSid<br>";
00714                 $this->_sErrorMsg .= "Session: $blSessCookieSetOnce<br>";
00715                 $this->_sErrorMsg .= "URL: ".$myConfig->getCurrentShopURL()."<br>";
00716             }
00717             $blSwapped = true;
00718         }
00719 
00720         //if we detect the cookie then set session var for possible later use
00721         if ( $sCookieSid == "oxid" && !$blSessCookieSetOnce ) {
00722             $aSessCookieSetOnce[$myConfig->getCurrentShopURL()] = "ox_true";
00723             self::setVar( "sessioncookieisset", $aSessCookieSetOnce );
00724         }
00725 
00726         //if we have no cookie then try to set it
00727         if ( !$sCookieSid ) {
00728             oxUtilsServer::getInstance()->setOxCookie( 'sid_key', 'oxid' );
00729         }
00730         return $blSwapped;
00731     }
00732 
00740     protected function _setSessionId($sSessId)
00741     {
00742         //marking this session as new one, as it might be not writen to db yet
00743         if ($sSessId && session_id() != $sSessId) {
00744             $this->_blNewSession = true;
00745         }
00746 
00747         session_id($sSessId);
00748 
00749         $this->setId($sSessId);
00750 
00751         if (!$this->_allowSessionStart()) {
00752             oxUtilsServer::getInstance()->setOxCookie($this->getName(), null);
00753             return;
00754         }
00755 
00756         //setting session cookie
00757          oxUtilsServer::getInstance()->setOxCookie($this->getName(), $sSessId);
00758 
00759         if ( $this->_sErrorMsg) {
00760             //display debug error msg
00761             echo $this->_sErrorMsg;
00762             $this->_sErrorMsg = null;
00763         }
00764     }
00765 
00771     protected function _getBasketName()
00772     {
00773         $myConfig = $this->getConfig();
00774         if( $myConfig->getConfigParam( 'blMallSharedBasket' ) == 0) {
00775             return $myConfig->getShopId()."_basket";
00776         } else {
00777             return "basket";
00778         }
00779     }
00780 
00786     protected function _getCookieSid()
00787     {
00788         return oxUtilsServer::getInstance()->getOxCookie($this->getName());
00789     }
00790 
00791 }
Generated on Thu Dec 4 12:04:57 2008 for OXID eShop CE by  doxygen 1.5.5