diff options
| author | André Noack <noack@data-quest.de> | 2024-12-12 14:52:00 +0000 |
|---|---|---|
| committer | David Siegfried <david.siegfried@uni-vechta.de> | 2024-12-12 14:52:00 +0000 |
| commit | 940d2aaa8638b4e0c764579cb3977e7be527c81f (patch) | |
| tree | 79bd2d7f02359e1bb24931b33513e082f8404a91 /lib/session/DbSessionHandler.php | |
| parent | 3a2a88172ccbe97aaecf4ea32b97cd07b92dcb11 (diff) | |
StEP 1552 closes #1552
Closes #1552
Merge request studip/studip!1137
Diffstat (limited to 'lib/session/DbSessionHandler.php')
| -rw-r--r-- | lib/session/DbSessionHandler.php | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/lib/session/DbSessionHandler.php b/lib/session/DbSessionHandler.php new file mode 100644 index 0000000..05a31a4 --- /dev/null +++ b/lib/session/DbSessionHandler.php @@ -0,0 +1,114 @@ +<?php +/** + * Session handler for using Stud.IP database as session storage + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * @author André Noack <noack@data-quest.de> + */ + +namespace Studip\Session; +use \DBManager, \Config, \CronjobTask; + +class DbSessionHandler implements \SessionHandlerInterface, \SessionIdInterface, \SessionUpdateTimestampHandlerInterface +{ + + private $exists; + + /** + * @inheritDoc + */ + public function close(): bool + { + return true; + } + + /** + * @inheritDoc + */ + public function destroy($id): bool + { + return (bool)DBManager::get()->execute("DELETE FROM session_data WHERE sid = ? LIMIT 1", [$id]); + } + + /** + * @inheritDoc + */ + public function gc($max_lifetime): false|int + { + //bail out if cronjob activated and not called in cli context + if (Config::getInstance()->getValue('CRONJOBS_ENABLE') + && ($task = array_pop(CronjobTask::findByClass('SessionGcJob'))) + && count($task->schedules->findBy('active', 1)) + && PHP_SAPI !== 'cli' + ) { + return false; + } + return DBManager::get()->execute("DELETE FROM session_data WHERE changed < FROM_UNIXTIME(?) ", [time() - $max_lifetime]); + } + + /** + * @inheritDoc + */ + public function open($path, $name): bool + { + return true; + } + + /** + * @inheritDoc + */ + #[\ReturnTypeWillChange] + public function read($id) + { + $str = DBManager::get()->fetchColumn("SELECT val FROM session_data where sid = ?", [$id]); + if ($str) { + $this->exists = $id; + } + return (string)$str; + } + + /** + * @inheritDoc + */ + public function write($id, $data): bool + { + $db = DBManager::get(); + if ($this->exists === $id) { + $stmt = $db->prepare("UPDATE session_data SET val = ? WHERE sid = ?"); + } else { + $stmt = $db->prepare("REPLACE INTO session_data ( val, sid ) VALUES (?, ?)"); + } + return (bool) $stmt->execute([$data, $id]); + } + + public function exists($id) + { + return (bool)DBManager::get()->fetchColumn("SELECT 1 FROM session_data where sid = ?", [$id]); + } + + public function create_sid(): string + { + do { + $new_id = md5(bin2hex(random_bytes(128))); + } while ($this->exists($new_id)); + $this->exists = null; + return $new_id; + } + + public function updateTimestamp(string $id, string $data): bool + { + DBManager::get()->execute("UPDATE session_data SET changed = CURRENT_TIMESTAMP() WHERE sid = ?", [$id]); + return true; + } + + public function validateId(string $id): bool + { + return (bool)$this->exists($id); + } + + +} |