Webstatt.org - Community seit 2006 - 2012 (2024?)

Sessionklasse

Avatar user-253
26.05.2006 22:39
wSessionklasse v.0.1

Eine kleine Sessionklasse für PHP5.

Neben einer einfachen user-129utzbarkeit kann die Klasse verschiedene Sicherungen (einfach per Klassenvariable de-/aktivierbar):
- Session-Rotierung
- Session-Regenerierung bei bestimmten Aktionen
Überprüfung von:
- IP
- Referrer
- Browser-Signatur

Demo: [Onlinedemo]
Download: [Download]
<?php



$session = new session();

$session = new session(true); // SID wird mit gleichen Daten neu generiert



print $session; // SID=sessionid



// Setzen von Variablen

$session->test('bla'zwinkern;

$session->test = 'bla';



// Ausgeben von Variablen

print $session->test;



// Loeschen von Variablen

$session->test();

$session->test = '';

unset($session->test);



class session {



	/* CONFIG */

	public $session_name = 'SID';

	public $referer_validation = 'http://localhost';

	public $ip_validation = true;

	public $browser_validation = array('HTTP_USER_AGENT', 'SERVER_PROTOCOL', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING', 'HTTP_ACCEPT_LANGUAGE'zwinkern;

	public $session_rotation = false;

	

	protected $regenerate_action = false;

	protected $session_id;

	

	public function __construct($regenerate_action=false) {

		$this->_init($regenerate_action);

		

		return true;

	}



	public function __destruct() {

		return session_write_close();

	}

	

	/* IMPLEMENTATION */

	

	protected function _init($regenerate_action) {

		session_name($this->session_name);

		session_start();

		$this->session_id = session_id();

		$this->regenerate_action = $regenerate_action; 

		

		$this->_check();

		$this->_update_session_data();

		

		return true;

	}

	

	protected function _check() {

		// VALIDATE SESSION

		$valid_session = true;

		if($this->referer_validation) {

			$valid_session = $this->_validate_referer() ? $valid_session : false;

		}

		if($this->ip_validation) {

			$valid_session = $this->_validate_ip() ? $valid_session : false;

		}

		if($this->browser_validation) {

			$valid_session = $this->_validate_browser() ? $valid_session : false;

		}



		// UPDATE SESSION

		if($valid_session === false) {

			session_destroy();

			session_start();

			session_regenerate_id(true);

			$this->session_id = session_id();

			$this->_handle_invalid_session();

		} elseif($this->session_rotation || $this->regenerate_action) {

			session_regenerate_id(true);

			$this->session_id = session_id();

		}

		

		return true;

	}



	protected function _update_session_data() {

		if($this->ip_validation) {

			$_SESSION['REMOTE_ADDR'] = md5($_SERVER['REMOTE_ADDR']);

		}

		if($this->browser_validation) {

			$signature = '';

			foreach($this->browser_validation as $key) {

				$signature .= array_key_exists($key,$_SERVER) ? $_SERVER[$key] : $key;

			}

			$_SESSION['BROWSER_SIGNATURE'] = md5($signature);

		}

		

		return true;

	}



	protected function _validate_ip() {

		if(array_key_exists('REMOTE_ADDR',$_SESSION) && ($_SESSION['REMOTE_ADDR'] == md5($_SERVER['REMOTE_ADDR']))) {

			return true;

		} else {

			return false;

		}

	}

	

	protected function _validate_browser() {

		$signature = '';

		foreach($this->browser_validation as $key) {

			$signature .= array_key_exists($key,$_SERVER) ? $_SERVER[$key] : $key;

		}

		if(array_key_exists('BROWSER_SIGNATURE',$_SESSION) && $_SESSION['BROWSER_SIGNATURE'] == md5($signature)) {

			return true;

		} else {

			return false;

		}

	}

	

	protected function _validate_referer() {

		if(array_key_exists('HTTP_REFERER',$_SERVER) && !empty($_SERVER['HTTP_REFERER'])) {

			$url = parse_url($_SERVER['HTTP_REFERER']);

			if($url['host'] != $this->referer_validation) {

				return false;

			} else {

				return true;

			}

		} else {

			return true;

		}

	}

	

	protected function _handle_invalid_session() {

		return true;

	}



	/* INTEFRACE */

	

	public function __set($key,$value) {

		if(!empty($value)) {

			$_SESSION[$key] = $value;

		} else {

			unset($_SESSION[$key]);

		}

		return true;

	}

	

	public function __isset($key) {

		return array_key_exists($key,$_SESSION);

	}

	

	public function __unset($key) {

		unset($_SESSION[$key]);

		

		return true;

	}

	

	public function __call($key,$arguments) {

		if(array_key_exists(0,$arguments) && !empty($arguments[0])) {

			$_SESSION[$key] = $arguments[0];

		} else {

			unset($_SESSION[$key]);

		}

		

		return true;

	}

	

	public function __get($key) {

		return array_key_exists($key,$_SESSION) ? $_SESSION[$key] : false;

	}

	

	public function __toString() {

		return $this->session_name.'='.$this->session_id;

	}

	

	public function get_data() {

		return $_SESSION;

	}

	

}



?>