Jump to content

Problems modifying session handler for database


tvanover

Recommended Posts

So I have created a session control script that does basic session handling.  It can promote your session if you log in and destroy your session if you logout, and verify that you are surfing from the same computer the user logged in on (pretty basic fingerprinting).  There is a little bit of history tracking to help in redirection from form processing.

 

<?php //session.php
require_once("config.inc");
//require("sql_session.php");
/**
* Returns user currently logged in with this session
**/
function loggedin(){
if(isset($_SESSION['username'])){
	return $_SESSION['username'];
}
return FALSE;
}

function trusted(){
if($_SESSION['fingerprint'] == genFingerprint()){
	return TRUE;
}
return FALSE;
}

function genFingerprint()
{
return md5(md5($_SERVER[sERVER_SIGNATURE]) ^ md5($_SERVER[HTTP_USER_AGENT]));
}

session_start();

if($trackthispage && loggedin()){
$_SESSION['lastpage'] = $_SESSION['currentpage'];
}

$curr = "index.php";
if(strlen($_SERVER[QUERY_STRING]) > 1){
$curr .= "?" . $_SERVER[QUERY_STRING];
}
$_SESSION['currentpage'] = $curr;
?>

 

This script works perfectly fine but it stores the session information in a unsecured temp directory.  I want to move the storage of session information to my database, so I created

 

<?php //sql_session.php

file_put_contents("out.txt", "session handler setting \n", FILE_APPEND | FILE_TEXT);
session_set_save_handler('t_open',
                         't_close',
                         't_read',
                         't_write',
                         't_destroy',
                         't_clean');
file_put_contents("out.txt", "session handler set \n", FILE_APPEND | FILE_TEXT);

function t_open($save_path, $session_name)
{
file_put_contents("out.txt", "Open Called\n", FILE_APPEND | FILE_TEXT);
    if ($GLOBALS['sess_db'] = mysql_connect('localhost', 'session', 'session')) {
file_put_contents("out.txt", "Open connected\n", FILE_APPEND | FILE_TEXT);
        return mysql_select_db('test', $GLOBALS['sess_db']);
    }
    return FALSE;
}

function t_close()
{
file_put_contents("out.txt", "Closing\n", FILE_APPEND | FILE_TEXT);
    return mysql_close($GLOBALS['sess_db']);
}

function t_read($id)
{
file_put_contents("out.txt", "Read Called\n", FILE_APPEND | FILE_TEXT);
$id = mysql_real_escape_string($id);
    $sql = "SELECT data
            FROM   sessions
            WHERE  id = '$id'";
    if ($result = mysql_query($sql, $GLOBALS['sess_db'])) {
file_put_contents("out.txt", "Reading session\n", FILE_APPEND | FILE_TEXT);
        if (mysql_num_rows($result)) {
            $record = mysql_fetch_assoc($result); 
            return $record['data'];
        }else{
file_put_contents("out.txt", "Reading failed " . mysql_error() . "\n", FILE_APPEND | FILE_TEXT);		
	}
    }
    return '';
}

function t_write($id, $data)
{ 
file_put_contents("out.txt", "Write Called\n", FILE_APPEND | FILE_TEXT);
    $access = time();

    $id = mysql_real_escape_string($id);
    $access = mysql_real_escape_string($access);
    $data = mysql_real_escape_string($data);

    $sql = "REPLACE
            INTO    sessions
            VALUES  ('$id', '$access', '$data')";
file_put_contents("out.txt", "write query: $sql \n", FILE_APPEND | FILE_TEXT);
    return mysql_query($sql, $GLOBALS['sess_db']);
}

function t_destroy($id)
{
file_put_contents("out.txt", "Destroying\n", FILE_APPEND | FILE_TEXT);
   $id = mysql_real_escape_string($id);

    $sql = "DELETE
            FROM   sessions
            WHERE  id = '$id'";

    return mysql_query($sql, $GLOBALS['sess_db']);
}

function t_clean($max)
{
$old = time() - $max;
    $old = mysql_real_escape_string($old);

    $sql = "DELETE
            FROM   sessions
            WHERE  access < '$old'";

    return mysql_query($sql, $GLOBALS['sess_db']);
}


?>

 

When I un-comment the require("sql_session.php"); at the beginning of session.php suddenly my code breaks.  I included the file_put_contents() to try and track the behavior of the session handler functions, and after running a script that includes session.php then redirects to another page that includes session.php I get this

Write Called
write query: REPLACE
            INTO    sessions
            VALUES  ('3df1d35b5ae22fba3a915b397677f62b', '1221253397', 'currentpage|s:9:\"index.php\";username|s:4:\"Test\";fingerprint|s:32:\"11cf4f58d7c360eec9c7a6e6f16c7827\";') 
Closing
Write Called
write query: REPLACE
            INTO    sessions
            VALUES  ('3df1d35b5ae22fba3a915b397677f62b', '1221253397', 'currentpage|s:9:\"index.php\";') 
Closing

 

It seems to be partially working, calling the write function but nothing else.  Am I missing something.  I copied sql_session.php almost verbatem from Chris Schiflett's article Storring Sessions in a Database

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.