Webstatt.org - Community seit 2006 - 2012 (2024?)

Sessionklasse

Avatar user-253
26.05.2006 22:39

wSessionklasse v.0.1

Eine kleine Sessionklasse für PHP5.

Neben einer einfachen user-129utzbarkeit kann die Klasse verschiedene Sicherungen (einfach per Klassenvariable de-/aktivierbar):
- Session-Rotierung
- Session-Regenerierung bei bestimmten Aktionen
Überprüfung von:
- IP
- Referrer
- Browser-Signatur

Demo: [Onlinedemo]
Download: [Download]
<?php

$session = new session();
$session = new session(true); // SID wird mit gleichen Daten neu generiert

print $session; // SID=sessionid

// Setzen von Variablen
$session->test('bla'zwinkern;
$session->test = 'bla';

// Ausgeben von Variablen
print $session->test;

// Loeschen von Variablen
$session->test();
$session->test = '';
unset($session->test);

class session {

/* CONFIG */
public $session_name = 'SID';
public $referer_validation = 'http://localhost';
public $ip_validation = true;
public $browser_validation = array('HTTP_USER_AGENT', 'SERVER_PROTOCOL', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING', 'HTTP_ACCEPT_LANGUAGE'zwinkern;
public $session_rotation = false;

protected $regenerate_action = false;
protected $session_id;

public function __construct($regenerate_action=false) {
$this->_init($regenerate_action);

return true;
}

public function __destruct() {
return session_write_close();
}

/* IMPLEMENTATION */

protected function _init($regenerate_action) {
session_name($this->session_name);
session_start();
$this->session_id = session_id();
$this->regenerate_action = $regenerate_action;

$this->_check();
$this->_update_session_data();

return true;
}

protected function _check() {
// VALIDATE SESSION
$valid_session = true;
if($this->referer_validation) {
$valid_session = $this->_validate_referer() ? $valid_session : false;
}
if($this->ip_validation) {
$valid_session = $this->_validate_ip() ? $valid_session : false;
}
if($this->browser_validation) {
$valid_session = $this->_validate_browser() ? $valid_session : false;
}

// UPDATE SESSION
if($valid_session === false) {
session_destroy();
session_start();
session_regenerate_id(true);
$this->session_id = session_id();
$this->_handle_invalid_session();
} elseif($this->session_rotation || $this->regenerate_action) {
session_regenerate_id(true);
$this->session_id = session_id();
}

return true;
}

protected function _update_session_data() {
if($this->ip_validation) {
$_SESSION['REMOTE_ADDR'] = md5($_SERVER['REMOTE_ADDR']);
}
if($this->browser_validation) {
$signature = '';
foreach($this->browser_validation as $key) {
$signature .= array_key_exists($key,$_SERVER) ? $_SERVER[$key] : $key;
}
$_SESSION['BROWSER_SIGNATURE'] = md5($signature);
}

return true;
}

protected function _validate_ip() {
if(array_key_exists('REMOTE_ADDR',$_SESSION) && ($_SESSION['REMOTE_ADDR'] == md5($_SERVER['REMOTE_ADDR']))) {
return true;
} else {
return false;
}
}

protected function _validate_browser() {
$signature = '';
foreach($this->browser_validation as $key) {
$signature .= array_key_exists($key,$_SERVER) ? $_SERVER[$key] : $key;
}
if(array_key_exists('BROWSER_SIGNATURE',$_SESSION) && $_SESSION['BROWSER_SIGNATURE'] == md5($signature)) {
return true;
} else {
return false;
}
}

protected function _validate_referer() {
if(array_key_exists('HTTP_REFERER',$_SERVER) && !empty($_SERVER['HTTP_REFERER'])) {
$url = parse_url($_SERVER['HTTP_REFERER']);
if($url['host'] != $this->referer_validation) {
return false;
} else {
return true;
}
} else {
return true;
}
}

protected function _handle_invalid_session() {
return true;
}

/* INTEFRACE */

public function __set($key,$value) {
if(!empty($value)) {
$_SESSION[$key] = $value;
} else {
unset($_SESSION[$key]);
}
return true;
}

public function __isset($key) {
return array_key_exists($key,$_SESSION);
}

public function __unset($key) {
unset($_SESSION[$key]);

return true;
}

public function __call($key,$arguments) {
if(array_key_exists(0,$arguments) && !empty($arguments[0])) {
$_SESSION[$key] = $arguments[0];
} else {
unset($_SESSION[$key]);
}

return true;
}

public function __get($key) {
return array_key_exists($key,$_SESSION) ? $_SESSION[$key] : false;
}

public function __toString() {
return $this->session_name.'='.$this->session_id;
}

public function get_data() {
return $_SESSION;
}

}

?>