tvanover Posted September 12, 2008 Share Posted September 12, 2008 So I have created a session control script that does basic session handling. It can promote your session if you log in and destroy your session if you logout, and verify that you are surfing from the same computer the user logged in on (pretty basic fingerprinting). There is a little bit of history tracking to help in redirection from form processing. <?php //session.php require_once("config.inc"); //require("sql_session.php"); /** * Returns user currently logged in with this session **/ function loggedin(){ if(isset($_SESSION['username'])){ return $_SESSION['username']; } return FALSE; } function trusted(){ if($_SESSION['fingerprint'] == genFingerprint()){ return TRUE; } return FALSE; } function genFingerprint() { return md5(md5($_SERVER[sERVER_SIGNATURE]) ^ md5($_SERVER[HTTP_USER_AGENT])); } session_start(); if($trackthispage && loggedin()){ $_SESSION['lastpage'] = $_SESSION['currentpage']; } $curr = "index.php"; if(strlen($_SERVER[QUERY_STRING]) > 1){ $curr .= "?" . $_SERVER[QUERY_STRING]; } $_SESSION['currentpage'] = $curr; ?> This script works perfectly fine but it stores the session information in a unsecured temp directory. I want to move the storage of session information to my database, so I created <?php //sql_session.php file_put_contents("out.txt", "session handler setting \n", FILE_APPEND | FILE_TEXT); session_set_save_handler('t_open', 't_close', 't_read', 't_write', 't_destroy', 't_clean'); file_put_contents("out.txt", "session handler set \n", FILE_APPEND | FILE_TEXT); function t_open($save_path, $session_name) { file_put_contents("out.txt", "Open Called\n", FILE_APPEND | FILE_TEXT); if ($GLOBALS['sess_db'] = mysql_connect('localhost', 'session', 'session')) { file_put_contents("out.txt", "Open connected\n", FILE_APPEND | FILE_TEXT); return mysql_select_db('test', $GLOBALS['sess_db']); } return FALSE; } function t_close() { file_put_contents("out.txt", "Closing\n", FILE_APPEND | FILE_TEXT); return mysql_close($GLOBALS['sess_db']); } function t_read($id) { file_put_contents("out.txt", "Read Called\n", FILE_APPEND | FILE_TEXT); $id = mysql_real_escape_string($id); $sql = "SELECT data FROM sessions WHERE id = '$id'"; if ($result = mysql_query($sql, $GLOBALS['sess_db'])) { file_put_contents("out.txt", "Reading session\n", FILE_APPEND | FILE_TEXT); if (mysql_num_rows($result)) { $record = mysql_fetch_assoc($result); return $record['data']; }else{ file_put_contents("out.txt", "Reading failed " . mysql_error() . "\n", FILE_APPEND | FILE_TEXT); } } return ''; } function t_write($id, $data) { file_put_contents("out.txt", "Write Called\n", FILE_APPEND | FILE_TEXT); $access = time(); $id = mysql_real_escape_string($id); $access = mysql_real_escape_string($access); $data = mysql_real_escape_string($data); $sql = "REPLACE INTO sessions VALUES ('$id', '$access', '$data')"; file_put_contents("out.txt", "write query: $sql \n", FILE_APPEND | FILE_TEXT); return mysql_query($sql, $GLOBALS['sess_db']); } function t_destroy($id) { file_put_contents("out.txt", "Destroying\n", FILE_APPEND | FILE_TEXT); $id = mysql_real_escape_string($id); $sql = "DELETE FROM sessions WHERE id = '$id'"; return mysql_query($sql, $GLOBALS['sess_db']); } function t_clean($max) { $old = time() - $max; $old = mysql_real_escape_string($old); $sql = "DELETE FROM sessions WHERE access < '$old'"; return mysql_query($sql, $GLOBALS['sess_db']); } ?> When I un-comment the require("sql_session.php"); at the beginning of session.php suddenly my code breaks. I included the file_put_contents() to try and track the behavior of the session handler functions, and after running a script that includes session.php then redirects to another page that includes session.php I get this Write Called write query: REPLACE INTO sessions VALUES ('3df1d35b5ae22fba3a915b397677f62b', '1221253397', 'currentpage|s:9:\"index.php\";username|s:4:\"Test\";fingerprint|s:32:\"11cf4f58d7c360eec9c7a6e6f16c7827\";') Closing Write Called write query: REPLACE INTO sessions VALUES ('3df1d35b5ae22fba3a915b397677f62b', '1221253397', 'currentpage|s:9:\"index.php\";') Closing It seems to be partially working, calling the write function but nothing else. Am I missing something. I copied sql_session.php almost verbatem from Chris Schiflett's article Storring Sessions in a Database Link to comment https://forums.phpfreaks.com/topic/124002-problems-modifying-session-handler-for-database/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.