From ae4b03163792f0b6e933933e5d37df87dc3fd566 Mon Sep 17 00:00:00 2001 From: mattab Date: Thu, 28 Mar 2013 12:42:39 +1300 Subject: Mass conversion of all files to the newly agreed coding standard: PSR 1/2 Converting Piwik core source files, PHP, JS, TPL, CSS More info: http://piwik.org/participate/coding-standards/ --- core/Session.php | 246 +++++++++++++++++++++++++++---------------------------- 1 file changed, 120 insertions(+), 126 deletions(-) (limited to 'core/Session.php') diff --git a/core/Session.php b/core/Session.php index 8f5f5912ab..e102ef605e 100644 --- a/core/Session.php +++ b/core/Session.php @@ -1,133 +1,127 @@ General['session_save_handler']) - || $config->General['session_save_handler'] === 'files'; - } - - /** - * Start the session - * - * @param array|bool $options An array of configuration options; the auto-start (bool) setting is ignored - * @return void - */ - public static function start($options = false) - { - if(Piwik_Common::isPhpCliMode() - || self::$sessionStarted - || (defined('PIWIK_ENABLE_SESSION_START') && !PIWIK_ENABLE_SESSION_START)) - { - return; - } - self::$sessionStarted = true; - - // use cookies to store session id on the client side - @ini_set('session.use_cookies', '1'); - - // prevent attacks involving session ids passed in URLs - @ini_set('session.use_only_cookies', '1'); - - // advise browser that session cookie should only be sent over secure connection - if(Piwik::isHttps()) - { - @ini_set('session.cookie_secure', '1'); - } - - // advise browser that session cookie should only be accessible through the HTTP protocol (i.e., not JavaScript) - @ini_set('session.cookie_httponly', '1'); - - // don't use the default: PHPSESSID - $sessionName = defined('PIWIK_SESSION_NAME') ? PIWIK_SESSION_NAME : 'PIWIK_SESSID'; - @ini_set('session.name', $sessionName); - - // proxies may cause the referer check to fail and - // incorrectly invalidate the session - @ini_set('session.referer_check', ''); - - $currentSaveHandler = ini_get('session.save_handler'); - $config = Piwik_Config::getInstance(); - - if (self::isFileBasedSessions()) - { - // Note: this handler doesn't work well in load-balanced environments and may have a concurrency issue with locked session files - - // for "files", use our own folder to prevent local session file hijacking - $sessionPath = self::getSessionsDirectory(); - // We always call mkdir since it also chmods the directory which might help when permissions were reverted for some reasons - Piwik_Common::mkdir($sessionPath); - - @ini_set('session.save_handler', 'files'); - @ini_set('session.save_path', $sessionPath); - } - else if ($config->General['session_save_handler'] === 'dbtable' - || in_array($currentSaveHandler, array('user', 'mm'))) - { - // We consider these to be misconfigurations, in that: - // - user - we can't verify that user-defined session handler functions have already been set via session_set_save_handler() - // - mm - this handler is not recommended, unsupported, not available for Windows, and has a potential concurrency issue - - $db = Zend_Registry::get('db'); - - $config = array( - 'name' => Piwik_Common::prefixTable('session'), - 'primary' => 'id', - 'modifiedColumn' => 'modified', - 'dataColumn' => 'data', - 'lifetimeColumn' => 'lifetime', - 'db' => $db, - ); - - $saveHandler = new Piwik_Session_SaveHandler_DbTable($config); - if($saveHandler) - { - self::setSaveHandler($saveHandler); - } - } - - // garbage collection may disabled by default (e.g., Debian) - if(ini_get('session.gc_probability') == 0) - { - @ini_set('session.gc_probability', 1); - } - - try { - Zend_Session::start(); - register_shutdown_function(array('Zend_Session', 'writeClose'), true); - } catch(Exception $e) { - Piwik::log('Unable to start session: ' . $e->getMessage()); - - $enableDbSessions = ''; - if(Piwik::isInstalled()) - { - $enableDbSessions = "
If you still experience issues after trying these changes, + protected static $sessionStarted = false; + + /** + * Are we using file-based session store? + * + * @return bool True if file-based; false otherwise + */ + public static function isFileBasedSessions() + { + $config = Piwik_Config::getInstance(); + return !isset($config->General['session_save_handler']) + || $config->General['session_save_handler'] === 'files'; + } + + /** + * Start the session + * + * @param array|bool $options An array of configuration options; the auto-start (bool) setting is ignored + * @return void + */ + public static function start($options = false) + { + if (Piwik_Common::isPhpCliMode() + || self::$sessionStarted + || (defined('PIWIK_ENABLE_SESSION_START') && !PIWIK_ENABLE_SESSION_START) + ) { + return; + } + self::$sessionStarted = true; + + // use cookies to store session id on the client side + @ini_set('session.use_cookies', '1'); + + // prevent attacks involving session ids passed in URLs + @ini_set('session.use_only_cookies', '1'); + + // advise browser that session cookie should only be sent over secure connection + if (Piwik::isHttps()) { + @ini_set('session.cookie_secure', '1'); + } + + // advise browser that session cookie should only be accessible through the HTTP protocol (i.e., not JavaScript) + @ini_set('session.cookie_httponly', '1'); + + // don't use the default: PHPSESSID + $sessionName = defined('PIWIK_SESSION_NAME') ? PIWIK_SESSION_NAME : 'PIWIK_SESSID'; + @ini_set('session.name', $sessionName); + + // proxies may cause the referer check to fail and + // incorrectly invalidate the session + @ini_set('session.referer_check', ''); + + $currentSaveHandler = ini_get('session.save_handler'); + $config = Piwik_Config::getInstance(); + + if (self::isFileBasedSessions()) { + // Note: this handler doesn't work well in load-balanced environments and may have a concurrency issue with locked session files + + // for "files", use our own folder to prevent local session file hijacking + $sessionPath = self::getSessionsDirectory(); + // We always call mkdir since it also chmods the directory which might help when permissions were reverted for some reasons + Piwik_Common::mkdir($sessionPath); + + @ini_set('session.save_handler', 'files'); + @ini_set('session.save_path', $sessionPath); + } else if ($config->General['session_save_handler'] === 'dbtable' + || in_array($currentSaveHandler, array('user', 'mm')) + ) { + // We consider these to be misconfigurations, in that: + // - user - we can't verify that user-defined session handler functions have already been set via session_set_save_handler() + // - mm - this handler is not recommended, unsupported, not available for Windows, and has a potential concurrency issue + + $db = Zend_Registry::get('db'); + + $config = array( + 'name' => Piwik_Common::prefixTable('session'), + 'primary' => 'id', + 'modifiedColumn' => 'modified', + 'dataColumn' => 'data', + 'lifetimeColumn' => 'lifetime', + 'db' => $db, + ); + + $saveHandler = new Piwik_Session_SaveHandler_DbTable($config); + if ($saveHandler) { + self::setSaveHandler($saveHandler); + } + } + + // garbage collection may disabled by default (e.g., Debian) + if (ini_get('session.gc_probability') == 0) { + @ini_set('session.gc_probability', 1); + } + + try { + Zend_Session::start(); + register_shutdown_function(array('Zend_Session', 'writeClose'), true); + } catch (Exception $e) { + Piwik::log('Unable to start session: ' . $e->getMessage()); + + $enableDbSessions = ''; + if (Piwik::isInstalled()) { + $enableDbSessions = "
If you still experience issues after trying these changes, we recommend that you enable database session storage."; - } + } $message = sprintf("Error: %s %s %s\n
Debug: the original error was \n%s
", Piwik_Translate('General_ExceptionUnableToStartSession'), @@ -136,17 +130,17 @@ class Piwik_Session extends Zend_Session $e->getMessage() ); - Piwik_ExitWithMessage($message); - } - } - - /** - * Returns the directory session files are stored in. - * - * @return string - */ - public static function getSessionsDirectory() - { - return PIWIK_USER_PATH . '/tmp/sessions'; - } + Piwik_ExitWithMessage($message); + } + } + + /** + * Returns the directory session files are stored in. + * + * @return string + */ + public static function getSessionsDirectory() + { + return PIWIK_USER_PATH . '/tmp/sessions'; + } } -- cgit v1.2.3