oxsession.php

Go to the documentation of this file.

<?php

DEFINE('_DB_SESSION_HANDLER', getShopBasePath() . 'core/adodblite/session/adodb-session.php');
// Including database session managing class if needed.
if (oxConfig::getInstance()->getConfigParam( 'blAdodbSessionHandler' ) ) {
    $oDB = oxDb::getDb();
    require_once _DB_SESSION_HANDLER;
}

class oxSession extends oxSuperCfg
{
    protected $_sName = 'sid';

    protected  $_sId     = null;

    protected static $_blIsNewSession = false;

    protected static $_instance = null;

    protected static  $_oUser = null;

    protected $_blNewSession = false;

    protected $_sErrorMsg = null;

    protected $_oBasket = null;

    protected $_aRequireCookiesInFncs = array( 'register' => null,
                                               'account'  => null,
                                               'tobasket',
                                               'login_noredirect',
                                               'tocomparelist'
                                               );

    protected $_blSidNeeded = null;

    protected $_aPersistentParams = array("actshop", "lang", "currency", "language", "tpllanguage");

    public static function getInstance()
    {
        if ( defined('OXID_PHP_UNIT')) {
            if ( isset( modSession::$unitMOD) && is_object( modSession::$unitMOD)) {
                return modSession::$unitMOD;
            }
        }
        if (!isset(self::$_instance)) {
            self::$_instance  = oxNew( 'oxsession' );
        }
        return self::$_instance;
    }

    public function getId()
    {
        return $this->_sId;
    }

    public function setId($sVal)
    {
        $this->_sId = $sVal;
    }

    public function setName($sVal)
    {
        $this->_sName = $sVal;
    }

    public function getName()
    {
        return $this->_sName;
    }

    public function start()
    {
        $sid = null;

        if ( $this->isAdmin() ) {
            $this->setName("admin_sid");
        } else {
            $this->setName("sid");
        }

        $sForceSidParam = oxConfig::getParameter('force_sid');
        $sSidParam = oxConfig::getParameter($this->getName());

        $blUseCookies = $this->getConfig()->getConfigParam( 'blSessionUseCookies') || $this->isAdmin();

        //forcing sid for SSL<->nonSSL transitions
        if ($sForceSidParam) {
            $sid = $sForceSidParam;
        } elseif ($blUseCookies && $this->_getCookieSid()) {
            $sid = $this->_getCookieSid();
        } elseif ($sSidParam) {
            $sid = $sSidParam;
        }

        //creating new sid
        if ( !$sid) {
            $this->initNewSession();
            self::$_blIsNewSession = true;
        } else {
            $this->_setSessionId($sid);
        }

        //starting session if only we can
        if ($this->_allowSessionStart()) {

            $this->_sessionStart();

            //special handling for new ZP cluster session, as in that case session_start() regenerates id
            if ( $this->_sId != session_id() ) {
                $this->_setSessionId( session_id() );
            }
        }

        //checking for swapped client in case cookies are not available
        if (!$this->_getCookieSid() && !oxUtils::getInstance()->isSearchEngine() && $this->_isSwappedClient() ) {
            $this->initNewSession();
        }
    }

    protected function _sessionStart()
    {
        return @session_start();
    }

    public function initNewSession()
    {
        //saving persistent params if old session exists
        $aPersistent = array();
        foreach ($this->_aPersistentParams as $sParam) {
            if ( self::getVar($sParam)) {
                $aPersistent[$sParam] = self::getVar($sParam);
            }
        }

        $sid = md5(oxUtilsObject::getInstance()->generateUID());

        $this->_setSessionId($sid);
        session_unset();

        //restoring persistent params to session
        foreach ($aPersistent as $key => $sParam) {
            self::setVar($key, $aPersistent[$key]);
        }
    }

    public function freeze()
    {
        // storing basket ..
        self::setVar( $this->_getBasketName(), serialize( $this->getBasket() ) );

        session_write_close();
    }

    public function destroy()
    {
        //session_unset();
        unset($_SESSION);
        session_destroy();
    }

    public static function hasVar( $name )
    {
        if ( defined( 'OXID_PHP_UNIT' ) ) {
            if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
                try{
                    $sVal = modSession::getInstance()->getVar( $name );
                    return isset( $sVal );
                } catch( Exception $e ) {
                    // if exception is thrown, use default
                }
            }
        }

        return isset($_SESSION[$name]);
    }

    public static function setVar( $name, $value)
    {
        if ( defined( 'OXID_PHP_UNIT' ) ) {
            if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
                try{
                    return modSession::getInstance()->setVar(  $name, $value );
                } catch( Exception $e ) {
                    // if exception is thrown, use default
                }
            }
        }

        $_SESSION[$name] = $value;
        //logger( "set sessionvar : $name -> $value");
    }

    public static function getVar( $name )
    {
        if ( defined( 'OXID_PHP_UNIT' ) ) {
            if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
                try{
                    return modSession::getInstance()->getVar( $name );
                } catch( Exception $e ) {
                    // if exception is thrown, use default
                }
            }
        }

        if ( isset( $_SESSION[$name] )) {
            return $_SESSION[$name];
        } else {
            return null;
        }
    }

    public static function deleteVar( $name )
    {
        if ( defined( 'OXID_PHP_UNIT' ) ) {
            if ( isset( modSession::$unitMOD ) && is_object( modSession::$unitMOD ) ) {
                try{
                    return modSession::getInstance()->setVar( $name, null );
                } catch( Exception $e ) {
                    // if exception is thrown, use default
                }
            }
        }

        $_SESSION[$name] = null;
        //logger( "delete sessionvar : $name");
        unset($_SESSION[$name]);
    }

    public function url($url)
    {
        $myConfig = $this->getConfig();
        $blForceSID = false;
        if (strpos(" ".$url, "https:") === 1 && !$myConfig->isSsl()) {
            $blForceSID = true;
        }
        if (strpos(" ".$url, "http:") === 1 && $myConfig->isSsl()) {
            $blForceSID = true;
        }

        $blUseCookies = $myConfig->getConfigParam( 'blSessionUseCookies' ) || $this->isAdmin();
        $oStr = getStr();
        $sSeparator = $oStr->strstr($url, "?") !== false ?  "&amp;" : "?";

        if ($blUseCookies && $this->_getCookieSid()) {
            //cookies are supported so we do nothing
            $url .= $sSeparator;

            //or this is SSL link in non SSL environment (or vice versa)
            //and we force sid here
            if ($blForceSID) {
                $url .= 'force_sid=' . $this->getId() . '&amp;';
            }
        } elseif (oxUtils::getInstance()->isSearchEngine()) {
            $url .= $sSeparator;

            //adding lang parameter for search engines
            $sLangParam = oxConfig::getParameter( "lang" );
            $sConfLang = $myConfig->getConfigParam( 'sDefaultLang' );
            if ( (int) $sLangParam != (int) $sConfLang ) {
                $url   .= "lang=" . $sLangParam . "&amp;";
            }
        } elseif ($this->sid()) {
            //removing dublicate params
            //..hopefully this is not needed
            //$url    = ereg_replace("[&?]+$", "", $url);

            //cookies are not supported or this is first time visit
            $url   .= $sSeparator . $this->sid(). '&amp;';
        }

        return $url;
    }

    public function sid()
    {
        if ( !$this->getId() ) {
            return false;
        }

        $myConfig     = $this->getConfig();
        $blUseCookies = $myConfig->getConfigParam( 'blSessionUseCookies' ) || $this->isAdmin();

        //no cookie?
        if (!$blUseCookies || !$this->_getCookieSid()) {
            $sRet = $this->getName()."=".$this->getId();
        }

        if (oxUtils::getInstance()->isSearchEngine() && is_array($myConfig->getConfigParam( 'aCacheViews' ) ) && !$this->isAdmin() ) {

            $sRet = '';

            $sShopId = $myConfig->getShopId();
            if ( $sShopId != 1) {
                $sRet = "shp=" . $sShopId;
            }
        }

        return $sRet;
    }

    public function hiddenSid()
    {
        if ( $this->isAdmin()) {
            return '';
        }

        return "<input type=\"hidden\" name=\"force_sid\" value=\"". $this->getId() . "\">";
    }

    public function getBasket()
    {
        if ( $this->_oBasket === null ) {
            $sBasket = self::getVar( $this->_getBasketName() );
            if ( $sBasket && $oBasket = unserialize( $sBasket ) ) {
                $this->setBasket( $oBasket );
            } else {
                $this->setBasket( oxNew( 'oxbasket' ) );
            }
        }

        return $this->_oBasket;
    }

    public function setBasket( $oBasket )
    {
        // sets basket session object
        $this->_oBasket = $oBasket;
    }

    public function delBasket()
    {
        $this->setBasket( null );
        self::deleteVar( $this->_getBasketName());
    }

    public function isNewSession()
    {
        return self::$_blIsNewSession;
    }

    protected function _forceSessionStart()
    {
        return ( !oxUtils::getInstance()->isSearchEngine() ) && ( ( bool ) $this->getConfig()->getConfigParam( 'blForceSessionStart' ) ) ;
    }

    protected function _allowSessionStart()
    {
        $blAllowSessionStart = true;

        // special handling only in non-admin mode
        if ( !$this->isAdmin() ) {
            if ( oxUtils::getInstance()->isSearchEngine() || oxConfig::getParameter( 'skipSession' ) ) {
                $blAllowSessionStart = false;
            } elseif ( !$this->_forceSessionStart() && !oxUtilsServer::getInstance()->getOxCookie( 'sid_key' ) ) {

                // session is not needed to start when it is not necessary:
                // - no sid in request and also user executes no session connected action
                // - no cookie set and user executes no session connected action
                if ( !oxUtilsServer::getInstance()->getOxCookie( $this->getName() ) &&
                     !( oxConfig::getParameter( $this->_sName ) || oxConfig::getParameter( 'force_'.$this->_sName ) ) &&
                     !$this->_isSessionRequiredAction() ) {
                    $blAllowSessionStart = false;
                }
            }
        }

        return $blAllowSessionStart;
    }

    protected function _isSwappedClient()
    {
        $myConfig = $this->getConfig();
        $myUtils  = oxUtils::getInstance();

        $blSwapped = false;

        //checking search engine
        if ( $myUtils->isSearchEngine() ) {
            return false;
        }

        /*
        //T2007-05-14
        //checking 'skipSession' paramter to prevent new session generation for popup
        elseif("x" == $this->getId() && !oxConfig::getParameter('skipSession'))
        {
            $this->_sErrorMsg = "Refered from search engine, creating new SID...<br>";

            $blSwapped = true;
        }*/

        $sAgent = oxUtilsServer::getInstance()->getServerVar( 'HTTP_USER_AGENT' );
        $sExistingAgent = self::getVar( 'sessionagent' );
        if ( $this->_checkUserAgent( $sAgent, $sExistingAgent ) ) {
            $blSwapped = true;
        }

        /*
        if ( $this->_checkByTimeOut() )
            $blSwapped = true;
        */

        if ( $myConfig->getConfigParam( 'blAdodbSessionHandler' ) ) {
            if ( $this->_checkSid() ) {
                $blSwapped = true;
            }
        }

        $blDisableCookieCheck = $myConfig->getConfigParam( 'blDisableCookieCheck' );
        if ( !$blDisableCookieCheck ) {
            $sCookieSid = oxUtilsServer::getInstance()->getOxCookie( 'sid_key' );
            $aSessCookieSetOnce = self::getVar("sessioncookieisset");
            if ( $this->_checkCookies( $sCookieSid, $aSessCookieSetOnce ) ) {
                $blSwapped = true;
            }
        }

        return $blSwapped;
    }

    protected function _checkUserAgent( $sAgent, $sExistingAgent)
    {
        $blIgnoreBrowserChange = oxConfig::getParameter("remoteaccess") == "true" && !$this->isAdmin();
        if ($sAgent && $sExistingAgent && $sAgent != $sExistingAgent && (!$blIgnoreBrowserChange)) {
            $this->_sErrorMsg = "Different browser ($sExistingAgent, $sAgent), creating new SID...<br>";
            return true;
        } elseif (!isset($sExistingAgent)) {
            self::setVar("sessionagent", $sAgent);
        }
        return false;
    }

    /*
    protected function _checkByTimeOut()
    {
        $myConfig = $this->getConfig();
        $iTimeStamp = oxUtilsDate::getInstance()->getTime();

        // #660
        $iSessionTimeout = null;
        if( $this->isAdmin() )
            $iSessionTimeout = $myConfig->getConfigParam( 'iSessionTimeoutAdmin' );
        if ( !$this->isAdmin() || !$iSessionTimeout )
            $iSessionTimeout = $myConfig->getConfigParam( 'iSessionTimeout' );
        if (!$iSessionTimeout)
            $iSessionTimeout = 60;

        $iTimeout = 60 * $iSessionTimeout;
        $iExistingTimeStamp = self::getVar( "sessiontimestamp");
        if ( $iExistingTimeStamp && ( $iExistingTimeStamp + $iTimeout < $iTimeStamp ) ) {
            $this->_sErrorMsg = "Shop timeout($iTimeStamp - $iExistingTimeStamp = ".($iTimeStamp - $iExistingTimeStamp)." ),
                                                                                                creating new SID...<br>";
            return true;
        }
        self::setVar("sessiontimestamp", $iTimeStamp);
        return false;
    }*/

    protected function _checkSid()
    {
        //matze changed sesskey to SessionID because structure of oxsession changed!!
        $sSID = oxDb::getDb()->GetOne("select SessionID from oxsessions where SessionID = '".$this->getId()."'");

        //2007-05-14
        //we check _blNewSession as well as this may be actually new session not written to db yet
        if ( !$this->_blNewSession && (!isset( $sSID) || !$sSID)) {
            // this means, that this session has expired in the past and someone uses this sid to reactivate it
            $this->_sErrorMsg = "Session has expired in the past and someone uses this sid to reactivate it, creating new SID...<br>";
            return true;
        }
        return false;
    }

    protected function _checkCookies( $sCookieSid, $aSessCookieSetOnce )
    {
        $myConfig   = $this->getConfig();
        $blSwapped  = false;

        if ( isset( $aSessCookieSetOnce[$myConfig->getCurrentShopURL()] ) ) {
            $blSessCookieSetOnce = $aSessCookieSetOnce[$myConfig->getCurrentShopURL()];
        } else {
            $blSessCookieSetOnce = false;
        }

        //if cookie was there once but now is gone it means we have to reset
        if ( $blSessCookieSetOnce && !$sCookieSid ) {
            if ( $myConfig->getConfigParam( 'iDebug' ) ) {
                $this->_sErrorMsg  = "Cookie not found, creating new SID...<br>";
                $this->_sErrorMsg .= "Cookie: $sCookieSid<br>";
                $this->_sErrorMsg .= "Session: $blSessCookieSetOnce<br>";
                $this->_sErrorMsg .= "URL: ".$myConfig->getCurrentShopURL()."<br>";
            }
            $blSwapped = true;
        }

        //if we detect the cookie then set session var for possible later use
        if ( $sCookieSid == "oxid" && !$blSessCookieSetOnce ) {
            $aSessCookieSetOnce[$myConfig->getCurrentShopURL()] = "ox_true";
            self::setVar( "sessioncookieisset", $aSessCookieSetOnce );
        }

        //if we have no cookie then try to set it
        if ( !$sCookieSid ) {
            oxUtilsServer::getInstance()->setOxCookie( 'sid_key', 'oxid' );
        }
        return $blSwapped;
    }

    protected function _setSessionId($sSessId)
    {
        //marking this session as new one, as it might be not writen to db yet
        if ($sSessId && session_id() != $sSessId) {
            $this->_blNewSession = true;
        }

        session_id($sSessId);

        $this->setId($sSessId);

        if (!$this->_allowSessionStart()) {
            oxUtilsServer::getInstance()->setOxCookie($this->getName(), null);
            return;
        }

        //setting session cookie
         oxUtilsServer::getInstance()->setOxCookie($this->getName(), $sSessId);

        if ( $this->_sErrorMsg) {
            //display debug error msg
            echo $this->_sErrorMsg;
            $this->_sErrorMsg = null;
        }
    }

    protected function _getBasketName()
    {
        $myConfig = $this->getConfig();
        if ( $myConfig->getConfigParam( 'blMallSharedBasket' ) == 0) {
            return $myConfig->getShopId()."_basket";
        } else {
            return "basket";
        }
    }

    protected function _getCookieSid()
    {
        return oxUtilsServer::getInstance()->getOxCookie($this->getName());
    }

    protected function _isSessionRequiredAction()
    {
        $sFunction = oxConfig::getParameter( 'fnc' );
        $sClass = oxConfig::getParameter( 'cl' );

        return ( $sFunction && in_array( strtolower( $sFunction ), $this->_aRequireCookiesInFncs ) ) ||
               ( $sClass && array_key_exists( strtolower( $sClass ), $this->_aRequireCookiesInFncs ) );
    }

    public function isSidNeeded()
    {
        if ( $this->_blSidNeeded === null ) {
            // setting initial state
            $this->_blSidNeeded = false;

            // no SIDs for seach engines
            if ( !oxUtils::getInstance()->isSearchEngine() ) {
                // cookie found - SID is not needed
                if ( oxUtilsServer::getInstance()->getOxCookie( $this->getName() ) ) {
                    $this->_blSidNeeded = false;
                } elseif ( $this->_forceSessionStart() ) {
                    $this->_blSidNeeded = true;
                } else {
                    // no cookie, so must check session
                    if ( $blSidNeeded = self::getVar( 'blSidNeeded' ) ) {
                        $this->_blSidNeeded = true;
                    } elseif ( $this->_isSessionRequiredAction() ) {
                        $this->_blSidNeeded = true;

                        // storing to session, performance..
                        self::setVar( 'blSidNeeded', $this->_blSidNeeded  );
                    }
                }
            }
        }

        return $this->_blSidNeeded;
    }

    public function processUrl( $sUrl )
    {
        if ( $this->isSidNeeded() ) {
            $oStr = getStr();
            // only if sid is not yet set
            if ( $oStr->strstr( $sUrl, 'sid=' ) === false ) {
                $sUrl .= ( $oStr->strstr( $sUrl, '?' ) !== false ?  '&amp;' : '?' ) . $this->sid(). '&amp;';
            }
        }

        return $sUrl;
    }
}

---