在网上找了发现都是来之一人之手,也没有用自己的话去解释,这里我就抛砖引玉,发表一下自己的意见,还希望能得到各界人士的指导批评!
此session机制不需要session_start初始化,这个我一直不太清楚还得专家详解。自认为此种机制是建立在COOKIE基础上的模拟session,先用$GLOBALS['_SESSION'] = array();初始化session,然后在cookie中引入session,如$this->session_id = $_COOKIE[$this->session_name]。
最近在做ECSHOP和UCENTERHOME的二次开发,有幸接触到了ECSHOP的SESSION机制,个人认为这种机制相比PHP自带的 SESSION机制拥有更高的安全性和可移植性,尤其是在做多系统共享SESSION时优势更为明显,因此简单的做了一下的代码分析,如有错误,请留言指点.
< ?php
class cls_session
{
var $db = NULL;
var $session_table = '';
var $max_life_time = 1800;
var $session_name = '';
var $session_id = '';
var $session_expiry = '';
var $session_md5 = '';
var $session_cookie_path = '/';
var $session_cookie_domain = '';
var $session_cookie_secure = false;
var $_ip = '';
var $_time = 0;
function __construct(&$db, $session_table, $session_data_table, $session_name = 'ECS_ID', $session_id = '')
{
$this->cls_session($db, $session_table, $session_data_table, $session_name, $session_id);
}
function cls_session(&$db, $session_table, $session_data_table, $session_name = 'ECS_ID', $session_id = '')
{
$GLOBALS['_SESSION'] = array();
if (!empty($GLOBALS['cookie_path']))
{
$this->session_cookie_path = $GLOBALS['cookie_path'];
}
else
{
$this->session_cookie_path = '/';
}
if (!empty($GLOBALS['cookie_domain']))
{
$this->session_cookie_domain = $GLOBALS['cookie_domain'];
}
else
{
$this->session_cookie_domain = '';
}
if (!empty($GLOBALS['cookie_secure']))
{
$this->session_cookie_secure = $GLOBALS['cookie_secure'];
}
else
{
$this->session_cookie_secure = false;
}
$this->session_name = $session_name;
$this->session_table = $session_table;
$this->session_data_table = $session_data_table;
$this->db =& $db;
$this->_ip = real_ip();
if ($session_id == '' && !empty($_COOKIE[$this->session_name]))
{
$this->session_id = $_COOKIE[$this->session_name];
}
else
{
$this->session_id = $session_id;
}
if ($this->session_id)
{
$tmp_session_id = substr($this->session_id, 0, 32);
if ($this->gen_session_key($tmp_session_id) == substr($this->session_id, 32))
{
$this->session_id = $tmp_session_id;
}
else
{
$this->session_id = '';
}
}
$this->_time = time();
if ($this->session_id)
{
$this->load_session();
}
else
{
$this->gen_session_id();
setcookie($this->session_name, $this->session_id . $this->gen_session_key($this->session_id), 0, $this->session_cookie_path, $this->session_cookie_domain, $this->session_cookie_secure);
}
register_shutdown_function(array(&$this, 'close_session'));
}
function gen_session_id()
{
$this->session_id = md5(uniqid(mt_rand(), true));
return $this->insert_session();
}
function gen_session_key($session_id)
{
static $ip = '';
if ($ip == '')
{
$ip = substr($this->_ip, 0, strrpos($this->_ip, '.'));
}
return sprintf('x', crc32(!empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] . ROOT_PATH . $ip . $session_id : ROOT_PATH . $ip . $session_id));
}
function insert_session()
{
return $this->db->query('INSERT INTO ' . $this->session_table . " (sesskey, expiry, ip, data) VALUES ('" . $this->session_id . "', '". $this->_time ."', '". $this->_ip ."', 'a:0:{}')");
}
function load_session()
{
$session = $this->db->getRow('SELECT userid, adminid, user_name, user_rank, discount, email, data, expiry FROM ' . $this->session_table . " WHERE sesskey = '" . $this->session_id . "'");
if (empty($session))
{
$this->insert_session();
$this->session_expiry = 0;
$this->session_md5 = '40cd750bba9870f18aada2478b24840a';
$GLOBALS['_SESSION'] = array();
}
else
{
if (!empty($session['data']) && $this->_time - $session['expiry'] <= $this->max_life_time)
{
$this->session_expiry = $session['expiry'];
$this->session_md5 = md5($session['data']);
$GLOBALS['_SESSION'] = unserialize($session['data']);
$GLOBALS['_SESSION']['user_id'] = $session['userid'];
$GLOBALS['_SESSION']['admin_id'] = $session['adminid'];
$GLOBALS['_SESSION']['user_name'] = $session['user_name'];
$GLOBALS['_SESSION']['user_rank'] = $session['user_rank'];
$GLOBALS['_SESSION']['discount'] = $session['discount'];
$GLOBALS['_SESSION']['email'] = $session['email'];
}
else
{
$session_data = $this->db->getRow('SELECT data, expiry FROM ' . $this->session_data_table . " WHERE sesskey = '" . $this->session_id . "'");
if (!empty($session_data['data'])&& $this->_time - $session_data['expiry'] <= $this->max_life_time)
{
$this->session_expiry = $session_data['expiry'];
$this->session_md5 = md5($session_data['data']);
$GLOBALS['_SESSION'] = unserialize($session_data['data']);
$GLOBALS['_SESSION']['user_id'] = $session['userid'];
$GLOBALS['_SESSION']['admin_id'] = $session['adminid'];
$GLOBALS['_SESSION']['user_name'] = $session['user_name'];
$GLOBALS['_SESSION']['user_rank'] = $session['user_rank'];
$GLOBALS['_SESSION']['discount'] = $session['discount'];
$GLOBALS['_SESSION']['email'] = $session['email'];
}
else
{
$this->session_expiry = 0;
$this->session_md5 = '40cd750bba9870f18aada2478b24840a';
$GLOBALS['_SESSION'] = array();
}
}
}
}
function update_session()
{
$adminid = !empty($GLOBALS['_SESSION']['admin_id']) ? intval($GLOBALS['_SESSION']['admin_id']) : 0;
$userid = !empty($GLOBALS['_SESSION']['user_id']) ? intval($GLOBALS['_SESSION']['user_id']) : 0;
$user_name = !empty($GLOBALS['_SESSION']['user_name']) ? trim($GLOBALS['_SESSION']['user_name']) : 0;
$user_rank = !empty($GLOBALS['_SESSION']['user_rank']) ? intval($GLOBALS['_SESSION']['user_rank']) : 0;
$discount = !empty($GLOBALS['_SESSION']['discount']) ? round($GLOBALS['_SESSION']['discount'], 2) : 0;
$email = !empty($GLOBALS['_SESSION']['email']) ? trim($GLOBALS['_SESSION']['email']) : 0;
unset($GLOBALS['_SESSION']['admin_id']);
unset($GLOBALS['_SESSION']['user_id']);
unset($GLOBALS['_SESSION']['user_name']);
unset($GLOBALS['_SESSION']['user_rank']);
unset($GLOBALS['_SESSION']['discount']);
unset($GLOBALS['_SESSION']['email']);
$data = serialize($GLOBALS['_SESSION']);
$this->_time = time();
if ($this->session_md5 == md5($data)&& $this->_time< $this->session_expiry + 10)
{
return true;
}
$data = addslashes($data);
if (isset($data{255}))
{
$this->db->autoReplace($this->session_data_table, array('sesskey' => $this->session_id, 'expiry' => $this->_time, 'data' => $data), array('data' => $data));
$data = '';
}
return $this->db->query('UPDATE ' . $this->session_table . " SET expiry = '" . $this->_time . "', ip = '" . $this->_ip . "', userid = '" . $userid . "', adminid = '" . $adminid . "', user_name='" . $user_name . "', user_rank='" . $user_rank . "', discount='" . $discount . "', email='" . $email . "', data = '$data' WHERE sesskey = '" . $this->session_id . "' LIMIT 1");
}
function close_session()
{
$this->update_session();
if (mt_rand(0, 2) == 2)
{
$this->db->query('DELETE FROM ' . $this->session_data_table . ' WHERE expiry< ' . ($this->_time - $this->max_life_time));
}
if ((time() % 2) == 0)
{
return $this->db->query('DELETE FROM ' . $this->session_table . ' WHERE expiry< ' . ($this->_time - $this->max_life_time));
}
return true;
}
function delete_spec_admin_session($adminid)
{
if (!empty($GLOBALS['_SESSION']['admin_id'])&& $adminid)
{
return $this->db->query('DELETE FROM ' . $this->session_table . " WHERE adminid = '$adminid'");
}
else
{
return false;
}
}
function destroy_session()
{
$GLOBALS['_SESSION'] = array();
setcookie($this->session_name, $this->session_id, 1, $this->session_cookie_path, $this->session_cookie_domain, $this->session_cookie_secure);
if (!empty($GLOBALS['ecs']))
{
$this->db->query('DELETE FROM ' . $GLOBALS['ecs']->table('cart') . " WHERE session_id = '$this->session_id'");
}
$this->db->query('DELETE FROM ' . $this->session_data_table . " WHERE sesskey = '" . $this->session_id . "' LIMIT 1");
return $this->db->query('DELETE FROM ' . $this->session_table . " WHERE sesskey = '" . $this->session_id . "' LIMIT 1");
}
function get_session_id()
{
return $this->session_id;
}
function get_users_count()
{
return $this->db->getOne('SELECT count(*) FROM ' . $this->session_table);
}
}
?>
不掉到水里,也永不知道自己有多大潜力!
本文标签:
声明:本文由代码号注册/游客用户【冬儿】供稿发布,本站不对用户发布的ecshop中session机制说明信息内容原创度和真实性等负责。如内容侵犯您的版权或其他权益,请留言并加以说明。站长审查之后若情况属实会及时为您删除。同时遵循 CC 4.0 BY-SA 版权协议,尊重和保护作者的劳动成果,转载请标明出处链接和本声明内容。本文作者:冬儿» https://www.ebingou.cn/dmh/13525.html
很赞哦! (0)