Custom Session Handling in PHP5

[igor berger]

I am using Zend Custom Session Handling in PHP4 but I need to migrate to PHP5

 

There is problem:

 

Write and Close handlers are called after destructing objects since PHP 5.0.5. Thus destructors can use sessions but session handler can't use objects. In prior versions, they were called in the opposite order. It is possible to call session_write_close() from the destructor to solve this chicken and egg problem.

 

Here is the Zend Custom Session Handling script that works in PHP4

 

http://www.zend.com/zend/spotlight/code-gallery-wade8.php?article=code-gallery-wade8&kind=sl&id=4791&open=1&anc=0&view=1

 

How can I modify this to work in PHP5

 

I found some comments how to do it but not sure how to implement it.

http://chipmunkninja.com/article/php5dbsessions

 

Can some one take a look and help me out what needs to be changed in the original script.

 

I am on a virtual hosting account so I do not want to use the public sessions because they can be accessed by other users on the server.

 

The Custom Session Handling stores the sessions in a database and makes them secure.

 

Thank you,

Igor Berger

[igor berger]

businessman do you know how to deal with Custom Session Handling in PHP5

 

I have the Zend script but it is not PHP5 competable.

[Ninjakreborn]

I am looking over them one minute.

[Ninjakreborn]

http://www.zend.com/zend/spotlight/code-gallery-wade8.php?article=code-gallery-wade8&kind=sl&id=4791&open=1&anc=0&view=1#Heading10

 

I don't see anything here that would conflict with php 5.  Install it, and give it a try.  Report any error messages that come up, and we'll sort through them.  I read through it, and it looks to be php 5 safe.  Tell me what kind of odd behaviour it's giving you when ran in 5, as opposed to 4, they probably won't be too hard to implement.

 

To be honest if it's giving you a lot of problems below is a link to another very well developed session handler that was built specifically to utilize the power of php 5.

http://www.nateklaiber.com/2006/05/10/custom-php-session-handler/

[igor berger]

I wish I could try it in PHP5, but my server is PHP4 and the hosting people said they will step PHP4 soon, so I got into panic a bit, and looked at PHP5 vs PHP4 competability on php.net

 

I am sorry I am still trying to figure out how classes behave in PHP, I got my self as far as functions.

 

So this what gave me red flag..

 

Another change that was made is the behavior when you try to reassign $this.

 

Before, you could reassign $this from within an object, and thus change it to a different class.  Now, this results in a parse error.

 

And this:

 

Write and Close handlers are called after destructing objects since PHP 5.0.5. Thus destructors can use sessions but session handler can't use objects. In prior versions, they were called in the opposite order. It is possible to call session_write_close() from the destructor to solve this chicken and egg problem.

 

Do you think this applies to the Zend script?

 

I would try to debug it myself but like I said I do not have PHP5, if you or some who has it, and can try it out when you can I would really apreciate the help.

 

Thank you for the link to another session script, it is good to have an alternative just for emmergency. But would like to keep the Zend being I have been using it now for 3 years.

 

 

[Ninjakreborn]

to be honest you really don't have to worry about rewriting php 4 code to php 5.

Just use a converter.

http://www.google.com/search?hl=en&q=application+to+convert+from+php+4+to+5

The changes are so minimalistic that it can really do most/all of it for you.

Run that code you have through there, (one of the top 3) and it should make it php 5 compatible.

[igor berger]

I tried downloading the converter and it is a dumy file.

 

It says 3 mb but it download 100 k, I tried to install it and it does not instal, maybe it is a virus!

 

I hope my NOD32 will block it!

 

I went to a few sites, they all offer the same thing 100 k

[Ninjakreborn]

One second.

[Ninjakreborn]

I have verified it's not a virus. I downloaded it and scanned it. I just don't understnad why there download link is down and the other is discontinued.  Onemore second.

[Ninjakreborn]

Here is the file.  the other's where dummy because he didn't update them.  I am sure they werne't viruses (tested them).  I finally found the full version and downloaded it, scanned it, and installed it.  I have attached it here as a zip file for you.

 

[attachment deleted by admin]

[Ninjakreborn]

hahaha, that converter really does suck.  It doesn't work worth crap...

When the time comes for you to need to install the script on php 5 just try to install it and return to me what errors are present, and I can help you work through them when the time comes.

[igor berger]

I am sort of getting the idea of the logic of the custom session

 

This is what is being added to modify the PHP4 to be PHP% competabel.

 

session_write_close

 

I need to get my hands on PHP5 server to test it out I am sure I can make it work.

 

I looked at the script you recommended and it will probably work also.

 

I need to spend a little time figuring how what works. I think I can run it on PHP4 and then it will work on PHP5

 

Time to learn $this and class------->

 

I often do things on the fly untill I am forced to learn them.

 

Thanks for the help

[redarrow]

next time use the php.net manual mate dont need no fancy converter.....

 

link to learn

http://uk2.php.net/class

 

object- and mysql-based session-handler, requires the following table:

 

CREATE TABLE `ws_sessions` ( 
  `session_id` varchar(255) binary NOT NULL default '', 
  `session_expires` int(10) unsigned NOT NULL default '0', 
  `session_data` text, 
  PRIMARY KEY  (`session_id`) 
) TYPE=InnoDB;

 

class php 5

<?php 
class session { 
    // session-lifetime 
    var $lifeTime; 
    // mysql-handle 
    var $dbHandle; 
    function open($savePath, $sessName) { 
       // get session-lifetime 
       $this->lifeTime = get_cfg_var("session.gc_maxlifetime"); 
       // open database-connection 
       $dbHandle = @mysql_connect("server","user","password"); 
       $dbSel = @mysql_select_db("database",$dbHandle); 
       // return success 
       if(!$dbHandle || !$dbSel) 
           return false; 
       $this->dbHandle = $dbHandle; 
       return true; 
    } 
    function close() { 
        $this->gc(ini_get('session.gc_maxlifetime')); 
        // close database-connection 
        return @mysql_close($this->dbHandle); 
    } 
    function read($sessID) { 
        // fetch session-data 
        $res = mysql_query("SELECT session_data AS d FROM ws_sessions 
                            WHERE session_id = '$sessID' 
                            AND session_expires > ".time(),$this->dbHandle); 
        // return data or an empty string at failure 
        if($row = mysql_fetch_assoc($res)) 
            return $row['d']; 
        return ""; 
    } 
    function write($sessID,$sessData) { 
        // new session-expire-time 
        $newExp = time() + $this->lifeTime; 
        // is a session with this id in the database? 
        $res = mysql_query("SELECT * FROM ws_sessions 
                            WHERE session_id = '$sessID'",$this->dbHandle); 
        // if yes, 
        if(mysql_num_rows($res)) { 
            // ...update session-data 
            mysql_query("UPDATE ws_sessions 
                         SET session_expires = '$newExp', 
                         session_data = '$sessData' 
                         WHERE session_id = '$sessID'",$this->dbHandle); 
            // if something happened, return true 
            if(mysql_affected_rows($this->dbHandle)) 
                return true; 
        } 
        // if no session-data was found, 
        else { 
            // create a new row 
            mysql_query("INSERT INTO ws_sessions ( 
                         session_id, 
                         session_expires, 
                         session_data) 
                         VALUES( 
                         '$sessID', 
                         '$newExp', 
                         '$sessData')",$this->dbHandle); 
            // if row was created, return true 
            if(mysql_affected_rows($this->dbHandle)) 
                return true; 
        } 
        // an unknown error occured 
        return false; 
    } 
    function destroy($sessID) { 
        // delete session-data 
        mysql_query("DELETE FROM ws_sessions WHERE session_id = '$sessID'",$this->dbHandle); 
        // if session was deleted, return true, 
        if(mysql_affected_rows($this->dbHandle)) 
            return true; 
        // ...else return false 
        return false; 
    } 
    function gc($sessMaxLifeTime) { 
        // delete old sessions 
        mysql_query("DELETE FROM ws_sessions WHERE session_expires < ".time(),$this->dbHandle); 
        // return affected rows 
        return mysql_affected_rows($this->dbHandle); 
    } 
} 
$session = new session(); 
session_set_save_handler(array(&$session,"open"), 
                         array(&$session,"close"), 
                         array(&$session,"read"), 
                         array(&$session,"write"), 
                         array(&$session,"destroy"), 
                         array(&$session,"gc")); 
session_start(); 
// etc... 
?> 

[igor berger]

Yes I am finally learning about class.

 

 

But from what I am seeing we need to do this.

 

session_write_close()

 

But I am not sure where to put it.

 

 

 

 

[Ninjakreborn]

The converter was meant to make php 4 code compatible with php 5 and vice versa but the only good one was discontinued.

[igor berger]

well, I hope someone with great PHP knowledge czan clean up the custome session script and make it available to users.

 

Sessions are very important, and if you are on a virtual host account like many people are it is not safe to use public sessions.

 

Zend script was very clean and worked great under PHP4.

 

This has to be added to the script

session_write_close()

 

But my PHP is not advance enough to know how to integrate it.

 

I am just starting to learn about class, not that it is complicated but will take some time, and some debuging on PHP5 machine.

 

Businessman the script that you recomended is a bit confusing

 

What is PDO? Is db a class? and  $database is inside db class?

 

I think this script is writen for implementation for people who kow how to use classes. So if someone can go through it and fix it for beginers - like the Zend script, it would be great...

 

http://www.nateklaiber.com/2006/05/10/custom-php-session-handler/

 

[Ninjakreborn]

pdo is just a method of using a database (like using mysql or mysqli functions.

Just a set of functions.

[igor berger]

This thing is written to be used with PDO dabase functions, so need to rewrite for MySql...

 

You do not use execute() with MySql but with PDO variable binding.