oxsession.php

Go to the documentation of this file.
00001 <?php
00002 
00003 
00004 // Including database session managing class if needed.
00005 if (oxConfig::getInstance()->getConfigParam( 'blAdodbSessionHandler' ) )
00006     require_once getShopBasePath() . 'core/adodb/session/adodb-session.php';
00007 
00013 class oxSession extends oxSuperCfg
00014 {
00020     protected $_sName = 'sid';
00021 
00026     protected  $_sId     = null;
00027 
00033     protected static $_blIsNewSession = false;
00034 
00038     protected static $_instance = null;
00039 
00044     protected static  $_oUser = null;
00045 
00052     protected $_blNewSession = false;
00053 
00059     protected $_sErrorMsg = null;
00060 
00066     protected $_oBasket = null;
00067 
00073     protected $_aRequireCookiesInFncs = array( 'register' => null,
00074                                                 'account' => null,
00075                                                              'tobasket',
00076                                                              'login_noredirect'
00077                                                 );
00078 
00082     protected $_aPersistentParams = array("actshop", "lang", "currency", "language", "tpllanguage");
00083 
00089     public static function getInstance()
00090     {
00091         if ( defined('OXID_PHP_UNIT')) {
00092             if ( isset( modSession::$unitMOD) && is_object( modSession::$unitMOD)) {
00093                 return modSession::$unitMOD;
00094             }
00095         }
00096         if (!isset(self::$_instance)) {
00097             self::$_instance  = oxNew( 'oxsession' );
00098         }
00099         return self::$_instance;
00100     }
00101 
00107     public function getId()
00108     {
00109         return $this->_sId;
00110     }
00111 
00119     public function setId($sVal)
00120     {
00121         $this->_sId = $sVal;
00122     }
00123 
00131     public function setName($sVal)
00132     {
00133         $this->_sName = $sVal;
00134     }
00135 
00141     public function getName()
00142     {
00143         return $this->_sName;
00144     }
00145 
00153     public function start()
00154     {
00155         $sid = null;
00156 
00157         if ( $this->isAdmin() ) {
00158             $this->setName("admin_sid");
00159         } else {
00160             $this->setName("sid");
00161         }
00162 
00163         $sForceSidParam = oxConfig::getParameter('force_sid');
00164         $sSidParam = oxConfig::getParameter($this->getName());
00165 
00166         $blUseCookies = $this->getConfig()->getConfigParam( 'blSessionUseCookies') || $this->isAdmin();
00167 
00168         //forcing sid for SSL<->nonSSL transitions
00169         if ($sForceSidParam) {
00170             $sid = $sForceSidParam;
00171         } elseif ($blUseCookies && $this->_getCookieSid()) {
00172             $sid = $this->_getCookieSid();
00173         } elseif ($sSidParam) {
00174             $sid = $sSidParam;
00175         }
00176 
00177 
00178         //creating new sid
00179         if ( !$sid) {
00180             $this->initNewSession();
00181             self::$_blIsNewSession = true;
00182         } else {
00183             $this->_setSessionId($sid);
00184         }
00185 
00186 
00187         //starting session if only we can
00188         if ($this->_allowSessionStart()) {
00189 
00190             @session_start();
00191 
00192             //special handling for new ZP cluster session, as in that case session_start() regenerates id
00193             if ($this->_sId != session_id()) {
00194                 $this->_setSessionId(session_id());
00195             }
00196         }
00197 
00198         //checking for swapped client in case cookies are not available
00199         if (!$this->_getCookieSid() && !oxUtils::getInstance()->isSearchEngine() && $this->_isSwappedClient() ) {
00200             $this->initNewSession();
00201         }
00202 
00203         $sClass    = oxConfig::getParameter( 'cl' );
00204         $sFunction = oxConfig::getParameter( 'fnc' );
00205         //check if we have mandatory cookie support
00206         if ( !$this->_checkMandatoryCookieSupport( $sClass, $sFunction ) ) {
00207             $oEx = oxNew( 'oxCookieException' );
00208             $oEx->setMessage( 'EXCEPTION_COOKIE_NOCOOKIE' );
00209             throw $oEx;
00210         }
00211     }
00212 
00218     public function initNewSession()
00219     {
00220         //saving persistent params if old session exists
00221         $aPersistent = array();
00222         foreach ($this->_aPersistentParams as $sParam) {
00223             if ( self::getVar($sParam)) {
00224                 $aPersistent[$sParam] = self::getVar($sParam);
00225             }
00226         }
00227 
00228         $sid = md5(oxUtilsObject::getInstance()->generateUID());
00229 
00230         $this->_setSessionId($sid);
00231         session_unset();
00232 
00233         //restoring persistent params to session
00234         foreach ($aPersistent as $key => $sParam) {
00235             self::setVar($key, $aPersistent[$key]);
00236         }
00237     }
00238 
00244     public function freeze()
00245     {
00246         // storing basket ..
00247         self::setVar( $this->_getBasketName(), serialize( $this->getBasket() ) );
00248 
00249         session_write_close();
00250     }
00251 
00257     public function destroy()
00258     {
00259         //session_unset();
00260         unset($_SESSION);
00261         session_destroy();
00262     }
00263 
00271     public static function hasVar( $name )
00272     {
00273         if ( defined( 'OXID_PHP_UNIT' ) ) {
00274             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00275                 try{
00276                     $sVal = modSession::getInstance()->getVar( $name );
00277                     return isset( $sVal );
00278                 } catch( Exception $e ) {
00279                     // if exception is thrown, use default
00280                 }
00281             }
00282         }
00283 
00284         return isset($_SESSION[$name]);
00285     }
00286 
00295     public static function setVar( $name, $value)
00296     {
00297         if ( defined( 'OXID_PHP_UNIT' ) ) {
00298             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00299                 try{
00300                     return modSession::getInstance()->setVar(  $name, $value );
00301                 } catch( Exception $e ) {
00302                     // if exception is thrown, use default
00303                 }
00304             }
00305         }
00306 
00307         $_SESSION[$name] = $value;
00308         //logger( "set sessionvar : $name -> $value");
00309     }
00310 
00318     public static function getVar( $name )
00319     {
00320         if ( defined( 'OXID_PHP_UNIT' ) ) {
00321             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00322                 try{
00323                     return modSession::getInstance()->getVar( $name );
00324                 } catch( Exception $e ) {
00325                     // if exception is thrown, use default
00326                 }
00327             }
00328         }
00329 
00330         if ( isset( $_SESSION[$name] )) {
00331             return $_SESSION[$name];
00332         } else {
00333             return null;
00334         }
00335     }
00336 
00344     public static function deleteVar( $name )
00345     {
00346         if ( defined( 'OXID_PHP_UNIT' ) ) {
00347             if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
00348                 try{
00349                     return modSession::getInstance()->setVar( $name, null );
00350                 } catch( Exception $e ) {
00351                     // if exception is thrown, use default
00352                 }
00353             }
00354         }
00355 
00356         $_SESSION[$name] = null;
00357         //logger( "delete sessionvar : $name");
00358         unset($_SESSION[$name]);
00359     }
00360 
00368     public function url($url)
00369     {
00370         $myConfig = $this->getConfig();
00371         if (strpos(" ".$url, "https:") === 1 && !$myConfig->isSsl()) {
00372             $blForceSID = true;
00373         }
00374         if (strpos(" ".$url, "http:") === 1 && $myConfig->isSsl()) {
00375             $blForceSID = true;
00376         }
00377 
00378         $blUseCookies = $myConfig->getConfigParam( 'blSessionUseCookies' ) || $this->isAdmin();
00379 
00380         $sSeparator = strstr($url, "?") !== false ?  "&amp;" : "?";
00381 
00382         if ($blUseCookies && $this->_getCookieSid()) {
00383             //cookies are supported so we do nothing
00384             $url .= $sSeparator;
00385 
00386             //or this is SSL link in non SSL environment (or vice versa)
00387             //and we force sid here
00388             if ($blForceSID) {
00389                 $url .= 'force_sid=' . $this->getId() . '&amp;';
00390             }
00391         } elseif (oxUtils::getInstance()->isSearchEngine()) {
00392             $url .= $sSeparator;
00393 
00394             //adding lang parameter for search engines
00395             $sLangParam = oxConfig::getParameter( "lang" );
00396             $sConfLang = $myConfig->getConfigParam( 'sDefaultLang' );
00397             if ( (int) $sLangParam != (int) $sConfLang ) {
00398                 $url   .= "lang=" . $sLangParam . "&amp;";
00399             }
00400         } elseif ($this->sid()) {
00401             //removing dublicate params
00402             //..hopefully this is not needed
00403             //$url    = ereg_replace("[&?]+$", "", $url);
00404 
00405             //cookies are not supported or this is first time visit
00406             $url   .= $sSeparator . $this->sid(). '&amp;';
00407         }
00408 
00409         return $url;
00410     }
00411 
00419     public function sid()
00420     {
00421         if ( !$this->getId() ) {
00422             return false;
00423         }
00424 
00425         $myConfig     = $this->getConfig();
00426         $blUseCookies = $myConfig->getConfigParam( 'blSessionUseCookies' ) || $this->isAdmin();
00427 
00428         //no cookie?
00429         if (!$blUseCookies || !$this->_getCookieSid()) {
00430             $sRet = $this->getName()."=".$this->getId();
00431         }
00432 
00433         if (oxUtils::getInstance()->isSearchEngine() && is_array($myConfig->getConfigParam( 'aCacheViews' ) ) && !$this->isAdmin() ) {
00434 
00435             $sRet = '';
00436 
00437             $sShopId = $myConfig->getShopId();
00438             if ( $sShopId != 1) {
00439                 $sRet = "shp=" . $sShopId;
00440             }
00441         }
00442 
00443         return $sRet;
00444     }
00445 
00451     public function hiddenSid()
00452     {
00453         if ( $this->isAdmin()) {
00454             return '';
00455         }
00456 
00457         return "<input type=\"hidden\" name=\"force_sid\" value=\"". $this->getId() . "\">";
00458     }
00459 
00465     public function getBasket()
00466     {
00467         if ( $this->_oBasket === null ) {
00468             $sBasket = self::getVar( $this->_getBasketName() );
00469             if ( $sBasket && $oBasket = unserialize( $sBasket ) ) {
00470                 $this->setBasket( $oBasket );
00471             } else {
00472                 $this->setBasket( oxNew( 'oxbasket' ) );
00473             }
00474         }
00475 
00476         return $this->_oBasket;
00477     }
00478 
00486     public function setBasket( $oBasket )
00487     {
00488         // sets basket session object
00489         $this->_oBasket = $oBasket;
00490     }
00491 
00497     public function delBasket()
00498     {
00499         $this->setBasket( null );
00500         self::deleteVar( $this->_getBasketName());
00501     }
00502 
00508     public function isNewSession()
00509     {
00510         return self::$_blIsNewSession;
00511     }
00512 
00518     protected function _allowSessionStart()
00519     {
00520         $blAllowSessionStart = true;
00521         if ( oxUtils::getInstance()->isSearchEngine() ) {
00522             $blAllowSessionStart = false;
00523         }
00524 
00525         if ( oxConfig::getParameter( 'skipSession' ) ) {
00526             $blAllowSessionStart = false;
00527         }
00528 
00529         /*if ($this->_getCookieSid())
00530             $blAllowSessionStart = true;*/
00531 
00532         return $blAllowSessionStart;
00533     }
00534 
00544     protected function _checkMandatoryCookieSupport( $sClass, $sFunction )
00545     {
00546         $myConfig  = $this->getConfig();
00547 
00548         //no mandatory cookie needed
00549         if (!$myConfig->getConfigParam( 'blSessionEnforceCookies' ) || (oxUtilsServer::getInstance()->getOxCookie($this->getName())) || !$sClass) {
00550             return true;
00551         }
00552 
00553         if ($sFunction && in_array($sFunction, $this->_aRequireCookiesInFncs)) {
00554             return false;
00555         }
00556 
00557         if (array_key_exists($sClass, $this->_aRequireCookiesInFncs)) {
00558             return false;
00559         }
00560 
00561         //otherwise cookies are mandatories and we don't have them
00562         return true;
00563     }
00564 
00572     protected function _isSwappedClient()
00573     {
00574         $myConfig = $this->getConfig();
00575         $myUtils  = oxUtils::getInstance();
00576 
00577         $blSwapped = false;
00578 
00579         //checking search engine
00580         if ( $myUtils->isSearchEngine() ) {
00581             return false;
00582         }
00583 
00584         /*
00585         //T2007-05-14
00586         //checking 'skipSession' paramter to prevent new session generation for popup
00587         elseif("x" == $this->getId() && !oxConfig::getParameter('skipSession'))
00588         {
00589             $this->_sErrorMsg = "Refered from search engine, creating new SID...<br>";
00590 
00591             $blSwapped = true;
00592         }*/
00593 
00594         $sAgent = oxUtilsServer::getInstance()->getServerVar( 'HTTP_USER_AGENT' );
00595         $sExistingAgent = self::getVar( 'sessionagent' );
00596         if ( $this->_checkUserAgent( $sAgent, $sExistingAgent ) ) {
00597             $blSwapped = true;
00598         }
00599 
00600         /*
00601         if ( $this->_checkByTimeOut() )
00602             $blSwapped = true;
00603         */
00604 
00605         if ( $myConfig->getConfigParam( 'blAdodbSessionHandler' ) ) {
00606             if ( $this->_checkSid() ) {
00607                 $blSwapped = true;
00608             }
00609         }
00610 
00611         $blDisableCookieCheck = $myConfig->getConfigParam( 'blDisableCookieCheck' );
00612         if ( !$blDisableCookieCheck ) {
00613             $sCookieSid = oxUtilsServer::getInstance()->getOxCookie( 'sid_key' );
00614             $aSessCookieSetOnce = self::getVar("sessioncookieisset");
00615             if ( $this->_checkCookies( $sCookieSid, $aSessCookieSetOnce ) ) {
00616                 $blSwapped = true;
00617             }
00618         }
00619 
00620         return $blSwapped;
00621     }
00622 
00631     protected function _checkUserAgent( $sAgent, $sExistingAgent)
00632     {
00633         $blIgnoreBrowserChange = oxConfig::getParameter("remoteaccess") == "true" && !$this->isAdmin();
00634         if ($sAgent && $sExistingAgent && $sAgent != $sExistingAgent && (!$blIgnoreBrowserChange)) {
00635             $this->_sErrorMsg = "Different browser ($sExistingAgent, $sAgent), creating new SID...<br>";
00636             return true;
00637         } elseif (!isset($sExistingAgent)) {
00638             self::setVar("sessionagent", $sAgent);
00639         }
00640         return false;
00641     }
00642 
00649     /*
00650     protected function _checkByTimeOut()
00651     {
00652         $myConfig = $this->getConfig();
00653         $iTimeStamp = oxUtilsDate::getInstance()->getTime();
00654 
00655         // #660
00656         $iSessionTimeout = null;
00657         if( $this->isAdmin() )
00658             $iSessionTimeout = $myConfig->getConfigParam( 'iSessionTimeoutAdmin' );
00659         if ( !$this->isAdmin() || !$iSessionTimeout )
00660             $iSessionTimeout = $myConfig->getConfigParam( 'iSessionTimeout' );
00661         if (!$iSessionTimeout)
00662             $iSessionTimeout = 60;
00663 
00664         $iTimeout = 60 * $iSessionTimeout;
00665         $iExistingTimeStamp = self::getVar( "sessiontimestamp");
00666         if ( $iExistingTimeStamp && ( $iExistingTimeStamp + $iTimeout < $iTimeStamp ) ) {
00667             $this->_sErrorMsg = "Shop timeout($iTimeStamp - $iExistingTimeStamp = ".($iTimeStamp - $iExistingTimeStamp)." ),
00668                                                                                                 creating new SID...<br>";
00669             return true;
00670         }
00671         self::setVar("sessiontimestamp", $iTimeStamp);
00672         return false;
00673     }*/
00674 
00680     protected function _checkSid()
00681     {
00682         //matze changed sesskey to SessionID because structure of oxsession changed!!
00683         $sSID = oxDb::getDb()->GetOne("select SessionID from oxsessions where SessionID = '".$this->getId()."'");
00684 
00685         //2007-05-14
00686         //we check _blNewSession as well as this may be actually new session not written to db yet
00687         if ( !$this->_blNewSession && (!isset( $sSID) || !$sSID)) {
00688             // this means, that this session has expired in the past and someone uses this sid to reactivate it
00689             $this->_sErrorMsg = "Session has expired in the past and someone uses this sid to reactivate it, creating new SID...<br>";
00690             return true;
00691         }
00692         return false;
00693     }
00694 
00704     protected function _checkCookies( $sCookieSid, $aSessCookieSetOnce )
00705     {
00706         $myConfig   = $this->getConfig();
00707         $blSwapped  = false;
00708 
00709         if ( isset( $aSessCookieSetOnce[$myConfig->getCurrentShopURL()] ) ) {
00710             $blSessCookieSetOnce = $aSessCookieSetOnce[$myConfig->getCurrentShopURL()];
00711         } else {
00712             $blSessCookieSetOnce = false;
00713         }
00714 
00715         //if cookie was there once but now is gone it means we have to reset
00716         if ( $blSessCookieSetOnce && !$sCookieSid ) {
00717             if ( $myConfig->getConfigParam( 'iDebug' ) ) {
00718                 $this->_sErrorMsg  = "Cookie not found, creating new SID...<br>";
00719                 $this->_sErrorMsg .= "Cookie: $sCookieSid<br>";
00720                 $this->_sErrorMsg .= "Session: $blSessCookieSetOnce<br>";
00721                 $this->_sErrorMsg .= "URL: ".$myConfig->getCurrentShopURL()."<br>";
00722             }
00723             $blSwapped = true;
00724         }
00725 
00726         //if we detect the cookie then set session var for possible later use
00727         if ( $sCookieSid == "oxid" && !$blSessCookieSetOnce ) {
00728             $aSessCookieSetOnce[$myConfig->getCurrentShopURL()] = "ox_true";
00729             self::setVar( "sessioncookieisset", $aSessCookieSetOnce );
00730         }
00731 
00732         //if we have no cookie then try to set it
00733         if ( !$sCookieSid ) {
00734             oxUtilsServer::getInstance()->setOxCookie( 'sid_key', 'oxid' );
00735         }
00736         return $blSwapped;
00737     }
00738 
00746     protected function _setSessionId($sSessId)
00747     {
00748         //marking this session as new one, as it might be not writen to db yet
00749         if ($sSessId && session_id() != $sSessId) {
00750             $this->_blNewSession = true;
00751         }
00752 
00753         session_id($sSessId);
00754 
00755         $this->setId($sSessId);
00756 
00757         if (!$this->_allowSessionStart()) {
00758             oxUtilsServer::getInstance()->setOxCookie($this->getName(), null);
00759             return;
00760         }
00761 
00762         //setting session cookie
00763          oxUtilsServer::getInstance()->setOxCookie($this->getName(), $sSessId);
00764 
00765         if ( $this->_sErrorMsg) {
00766             //display debug error msg
00767             echo $this->_sErrorMsg;
00768             $this->_sErrorMsg = null;
00769         }
00770     }
00771 
00777     protected function _getBasketName()
00778     {
00779         $myConfig = $this->getConfig();
00780         if ( $myConfig->getConfigParam( 'blMallSharedBasket' ) == 0) {
00781             return $myConfig->getShopId()."_basket";
00782         } else {
00783             return "basket";
00784         }
00785     }
00786 
00792     protected function _getCookieSid()
00793     {
00794         return oxUtilsServer::getInstance()->getOxCookie($this->getName());
00795     }
00796 
00797 }

Generated on Tue Apr 21 15:45:45 2009 for OXID eShop CE by  doxygen 1.5.5