1 : /*
2 : +----------------------------------------------------------------------+
3 : | PHP Version 5 |
4 : +----------------------------------------------------------------------+
5 : | Copyright (c) 1997-2009 The PHP Group |
6 : +----------------------------------------------------------------------+
7 : | This source file is subject to version 3.01 of the PHP license, |
8 : | that is bundled with this package in the file LICENSE, and is |
9 : | available through the world-wide-web at the following url: |
10 : | http://www.php.net/license/3_01.txt |
11 : | If you did not receive a copy of the PHP license and are unable to |
12 : | obtain it through the world-wide-web, please send a note to |
13 : | license@php.net so we can mail you a copy immediately. |
14 : +----------------------------------------------------------------------+
15 : | Authors: Sascha Schumann <sascha@schumann.cx> |
16 : | Andrei Zmievski <andrei@php.net> |
17 : +----------------------------------------------------------------------+
18 : */
19 :
20 : /* $Id: session.c 290175 2009-11-03 17:32:58Z guenter $ */
21 :
22 : #ifdef HAVE_CONFIG_H
23 : #include "config.h"
24 : #endif
25 :
26 : #include "php.h"
27 :
28 : #ifdef PHP_WIN32
29 : #include "win32/time.h"
30 : #else
31 : #include <sys/time.h>
32 : #endif
33 :
34 : #include <sys/stat.h>
35 : #include <fcntl.h>
36 :
37 : #include "php_ini.h"
38 : #include "SAPI.h"
39 : #include "php_session.h"
40 : #include "ext/standard/md5.h"
41 : #include "ext/standard/sha1.h"
42 : #include "ext/standard/php_var.h"
43 : #include "ext/date/php_date.h"
44 : #include "ext/standard/php_lcg.h"
45 : #include "ext/standard/url_scanner_ex.h"
46 : #include "ext/standard/php_rand.h" /* for RAND_MAX */
47 : #include "ext/standard/info.h"
48 : #include "ext/standard/php_smart_str.h"
49 : #include "ext/standard/url.h"
50 :
51 : #include "mod_files.h"
52 : #include "mod_user.h"
53 :
54 : #ifdef HAVE_LIBMM
55 : #include "mod_mm.h"
56 : #endif
57 :
58 : PHPAPI ZEND_DECLARE_MODULE_GLOBALS(ps);
59 :
60 : /* ***********
61 : * Helpers *
62 : *********** */
63 :
64 : #define IF_SESSION_VARS() \
65 : if (PS(http_session_vars) && PS(http_session_vars)->type == IS_ARRAY)
66 :
67 : #define SESSION_CHECK_ACTIVE_STATE \
68 : if (PS(session_status) == php_session_active) { \
69 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "A session is active. You cannot change the session module's ini settings at this time"); \
70 : return FAILURE; \
71 : }
72 :
73 : /* Dispatched by RINIT and by php_session_destroy */
74 : static inline void php_rinit_session_globals(TSRMLS_D) /* {{{ */
75 13788 : {
76 13788 : PS(id) = NULL;
77 13788 : PS(session_status) = php_session_none;
78 13788 : PS(mod_data) = NULL;
79 : /* Do NOT init PS(mod_user_names) here! */
80 13788 : PS(http_session_vars) = NULL;
81 13788 : }
82 : /* }}} */
83 :
84 : /* Dispatched by RSHUTDOWN and by php_session_destroy */
85 : static inline void php_rshutdown_session_globals(TSRMLS_D) /* {{{ */
86 13821 : {
87 13821 : if (PS(http_session_vars)) {
88 261 : zval_ptr_dtor(&PS(http_session_vars));
89 261 : PS(http_session_vars) = NULL;
90 : }
91 : /* Do NOT destroy PS(mod_user_names) here! */
92 13821 : if (PS(mod_data)) {
93 239 : zend_try {
94 239 : PS(mod)->s_close(&PS(mod_data) TSRMLS_CC);
95 239 : } zend_end_try();
96 : }
97 13821 : if (PS(id)) {
98 262 : efree(PS(id));
99 : }
100 13821 : }
101 : /* }}} */
102 :
103 : static int php_session_destroy(TSRMLS_D) /* {{{ */
104 244 : {
105 244 : int retval = SUCCESS;
106 :
107 244 : if (PS(session_status) != php_session_active) {
108 7 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Trying to destroy uninitialized session");
109 7 : return FAILURE;
110 : }
111 :
112 237 : if (PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) {
113 1 : retval = FAILURE;
114 1 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session object destruction failed");
115 : }
116 :
117 237 : php_rshutdown_session_globals(TSRMLS_C);
118 237 : php_rinit_session_globals(TSRMLS_C);
119 :
120 237 : return retval;
121 : }
122 : /* }}} */
123 :
124 : PHPAPI void php_add_session_var(char *name, size_t namelen TSRMLS_DC) /* {{{ */
125 252 : {
126 252 : zval **sym_track = NULL;
127 :
128 252 : IF_SESSION_VARS() {
129 252 : zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1, (void *) &sym_track);
130 : } else {
131 0 : return;
132 : }
133 :
134 : /* Set up a proper reference between $_SESSION["x"] and $x. */
135 :
136 252 : if (PG(register_globals)) {
137 30 : zval **sym_global = NULL;
138 :
139 30 : if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) {
140 27 : if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
141 0 : return;
142 : }
143 : }
144 :
145 33 : if (sym_global == NULL && sym_track == NULL) {
146 : zval *empty_var;
147 :
148 3 : ALLOC_INIT_ZVAL(empty_var); /* this sets refcount to 1 */
149 3 : empty_var->refcount = 0; /* our module does not maintain a ref */
150 : /* The next call will increase refcount by NR_OF_SYM_TABLES==2 */
151 3 : zend_set_hash_symbol(empty_var, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
152 27 : } else if (sym_global == NULL) {
153 0 : SEPARATE_ZVAL_IF_NOT_REF(sym_track);
154 0 : zend_set_hash_symbol(*sym_track, name, namelen, 1, 1, &EG(symbol_table));
155 27 : } else if (sym_track == NULL) {
156 6 : SEPARATE_ZVAL_IF_NOT_REF(sym_global);
157 6 : zend_set_hash_symbol(*sym_global, name, namelen, 1, 1, Z_ARRVAL_P(PS(http_session_vars)));
158 : }
159 : } else {
160 222 : if (sym_track == NULL) {
161 : zval *empty_var;
162 :
163 56 : ALLOC_INIT_ZVAL(empty_var);
164 56 : ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1, empty_var, 1, 0);
165 : }
166 : }
167 : }
168 : /* }}} */
169 :
170 : PHPAPI void php_set_session_var(char *name, size_t namelen, zval *state_val, php_unserialize_data_t *var_hash TSRMLS_DC) /* {{{ */
171 130 : {
172 130 : if (PG(register_globals)) {
173 : zval **old_symbol;
174 21 : if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)&old_symbol) == SUCCESS) {
175 9 : if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP(old_symbol) == &EG(symbol_table)) || *old_symbol == PS(http_session_vars)) {
176 0 : return;
177 : }
178 :
179 : /* A global symbol with the same name exists already. That
180 : * symbol might have been created by other means (e.g. $_GET).
181 : *
182 : * hash_update in zend_set_hash_symbol is not good, because
183 : * it will leave referenced variables (such as local instances
184 : * of a global variable) dangling.
185 : *
186 : * BTW: if you use register_globals references between
187 : * session-vars won't work because of this very reason! */
188 :
189 9 : REPLACE_ZVAL_VALUE(old_symbol,state_val,1);
190 :
191 : /* The following line will update the reference table used for
192 : * unserialization. It is optional, because some storage
193 : * formats may not be able to represent references. */
194 :
195 9 : if (var_hash) {
196 9 : PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash,state_val,*old_symbol);
197 : }
198 :
199 9 : zend_set_hash_symbol(*old_symbol, name, namelen, 1, 1, Z_ARRVAL_P(PS(http_session_vars)));
200 : } else {
201 12 : zend_set_hash_symbol(state_val, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), &EG(symbol_table));
202 : }
203 109 : } else IF_SESSION_VARS() {
204 109 : zend_set_hash_symbol(state_val, name, namelen, PZVAL_IS_REF(state_val), 1, Z_ARRVAL_P(PS(http_session_vars)));
205 : }
206 : }
207 : /* }}} */
208 :
209 : PHPAPI int php_get_session_var(char *name, size_t namelen, zval ***state_var TSRMLS_DC) /* {{{ */
210 126 : {
211 126 : int ret = FAILURE;
212 :
213 126 : IF_SESSION_VARS() {
214 126 : ret = zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1, (void **) state_var);
215 :
216 : /* If register_globals is enabled, and
217 : * if there is an entry for the slot in $_SESSION, and
218 : * if that entry is still set to NULL, and
219 : * if the global var exists, then
220 : * we prefer the same key in the global sym table. */
221 :
222 126 : if (PG(register_globals) && ret == SUCCESS && Z_TYPE_PP(*state_var) == IS_NULL) {
223 : zval **tmp;
224 :
225 2 : if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
226 2 : *state_var = tmp;
227 : }
228 : }
229 : }
230 126 : return ret;
231 : }
232 : /* }}} */
233 :
234 : static void php_session_track_init(TSRMLS_D) /* {{{ */
235 308 : {
236 308 : zval *session_vars = NULL;
237 :
238 : /* Unconditionally destroy existing arrays -- possible dirty data */
239 308 : zend_delete_global_variable("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS")-1 TSRMLS_CC);
240 308 : zend_delete_global_variable("_SESSION", sizeof("_SESSION")-1 TSRMLS_CC);
241 :
242 308 : if (PS(http_session_vars)) {
243 47 : zval_ptr_dtor(&PS(http_session_vars));
244 : }
245 :
246 308 : MAKE_STD_ZVAL(session_vars);
247 308 : array_init(session_vars);
248 308 : PS(http_session_vars) = session_vars;
249 :
250 308 : if (PG(register_long_arrays)) {
251 308 : ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 3, 1);
252 308 : ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 3, 1);
253 : }
254 : else {
255 0 : ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1);
256 : }
257 308 : }
258 : /* }}} */
259 :
260 : static char *php_session_encode(int *newlen TSRMLS_DC) /* {{{ */
261 162 : {
262 162 : char *ret = NULL;
263 :
264 318 : IF_SESSION_VARS() {
265 156 : if (!PS(serializer)) {
266 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown session.serialize_handler. Failed to encode session object");
267 0 : ret = NULL;
268 156 : } else if (PS(serializer)->encode(&ret, newlen TSRMLS_CC) == FAILURE) {
269 0 : ret = NULL;
270 : }
271 : } else {
272 6 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot encode non-existent session");
273 : }
274 162 : return ret;
275 : }
276 : /* }}} */
277 :
278 : static void php_session_decode(const char *val, int vallen TSRMLS_DC) /* {{{ */
279 411 : {
280 411 : if (!PS(serializer)) {
281 1 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object");
282 1 : return;
283 : }
284 410 : if (PS(serializer)->decode(val, vallen TSRMLS_CC) == FAILURE) {
285 0 : php_session_destroy(TSRMLS_C);
286 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to decode session object. Session has been destroyed");
287 : }
288 : }
289 : /* }}} */
290 :
291 : /*
292 : * Note that we cannot use the BASE64 alphabet here, because
293 : * it contains "/" and "+": both are unacceptable for simple inclusion
294 : * into URLs.
295 : */
296 :
297 : static char hexconvtab[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-";
298 :
299 : enum {
300 : PS_HASH_FUNC_MD5,
301 : PS_HASH_FUNC_SHA1
302 : };
303 :
304 : /* returns a pointer to the byte after the last valid character in out */
305 : static char *bin_to_readable(char *in, size_t inlen, char *out, char nbits) /* {{{ */
306 233 : {
307 : unsigned char *p, *q;
308 : unsigned short w;
309 : int mask;
310 : int have;
311 :
312 233 : p = (unsigned char *) in;
313 233 : q = (unsigned char *)in + inlen;
314 :
315 233 : w = 0;
316 233 : have = 0;
317 233 : mask = (1 << nbits) - 1;
318 :
319 : while (1) {
320 7705 : if (have < nbits) {
321 3969 : if (p < q) {
322 3736 : w |= *p++ << have;
323 3736 : have += 8;
324 : } else {
325 : /* consumed everything? */
326 233 : if (have == 0) break;
327 : /* No? We need a final round */
328 0 : have = nbits;
329 : }
330 : }
331 :
332 : /* consume nbits */
333 7472 : *out++ = hexconvtab[w & mask];
334 7472 : w >>= nbits;
335 7472 : have -= nbits;
336 7472 : }
337 :
338 233 : *out = '\0';
339 233 : return out;
340 : }
341 : /* }}} */
342 :
343 : PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */
344 234 : {
345 : PHP_MD5_CTX md5_context;
346 : PHP_SHA1_CTX sha1_context;
347 : unsigned char digest[21];
348 : int digest_len;
349 : int j;
350 : char *buf;
351 : struct timeval tv;
352 : zval **array;
353 : zval **token;
354 234 : char *remote_addr = NULL;
355 :
356 234 : gettimeofday(&tv, NULL);
357 :
358 234 : if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &array) == SUCCESS &&
359 : Z_TYPE_PP(array) == IS_ARRAY &&
360 : zend_hash_find(Z_ARRVAL_PP(array), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &token) == SUCCESS
361 : ) {
362 0 : remote_addr = Z_STRVAL_PP(token);
363 : }
364 :
365 : /* maximum 15+19+19+10 bytes */
366 234 : spprintf(&buf, 0, "%.15s%ld%ld%0.8F", remote_addr ? remote_addr : "", tv.tv_sec, (long int)tv.tv_usec, php_combined_lcg(TSRMLS_C) * 10);
367 :
368 234 : switch (PS(hash_func)) {
369 : case PS_HASH_FUNC_MD5:
370 231 : PHP_MD5Init(&md5_context);
371 231 : PHP_MD5Update(&md5_context, (unsigned char *) buf, strlen(buf));
372 231 : digest_len = 16;
373 231 : break;
374 : case PS_HASH_FUNC_SHA1:
375 2 : PHP_SHA1Init(&sha1_context);
376 2 : PHP_SHA1Update(&sha1_context, (unsigned char *) buf, strlen(buf));
377 2 : digest_len = 20;
378 2 : break;
379 : default:
380 1 : php_error_docref(NULL TSRMLS_CC, E_ERROR, "Invalid session hash function");
381 0 : efree(buf);
382 0 : return NULL;
383 : }
384 :
385 233 : if (PS(entropy_length) > 0) {
386 : int fd;
387 :
388 2 : fd = VCWD_OPEN(PS(entropy_file), O_RDONLY);
389 2 : if (fd >= 0) {
390 : unsigned char rbuf[2048];
391 : int n;
392 2 : int to_read = PS(entropy_length);
393 :
394 6 : while (to_read > 0) {
395 2 : n = read(fd, rbuf, MIN(to_read, sizeof(rbuf)));
396 2 : if (n <= 0) break;
397 :
398 2 : switch (PS(hash_func)) {
399 : case PS_HASH_FUNC_MD5:
400 1 : PHP_MD5Update(&md5_context, rbuf, n);
401 1 : break;
402 : case PS_HASH_FUNC_SHA1:
403 1 : PHP_SHA1Update(&sha1_context, rbuf, n);
404 : break;
405 : }
406 2 : to_read -= n;
407 : }
408 2 : close(fd);
409 : }
410 : }
411 :
412 233 : switch (PS(hash_func)) {
413 : case PS_HASH_FUNC_MD5:
414 231 : PHP_MD5Final(digest, &md5_context);
415 231 : break;
416 : case PS_HASH_FUNC_SHA1:
417 2 : PHP_SHA1Final(digest, &sha1_context);
418 : break;
419 : }
420 :
421 233 : if (PS(hash_bits_per_character) < 4
422 : || PS(hash_bits_per_character) > 6) {
423 0 : PS(hash_bits_per_character) = 4;
424 :
425 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "The ini setting hash_bits_per_character is out of range (should be 4, 5, or 6) - using 4 for now");
426 : }
427 233 : j = (int) (bin_to_readable((char *)digest, digest_len, buf, PS(hash_bits_per_character)) - buf);
428 :
429 233 : if (newlen) {
430 0 : *newlen = j;
431 : }
432 :
433 233 : return buf;
434 : }
435 : /* }}} */
436 :
437 : static void php_session_initialize(TSRMLS_D) /* {{{ */
438 309 : {
439 : char *val;
440 : int vallen;
441 :
442 : /* check session name for invalid characters */
443 309 : if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
444 0 : efree(PS(id));
445 0 : PS(id) = NULL;
446 : }
447 :
448 309 : if (!PS(mod)) {
449 0 : php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session");
450 0 : return;
451 : }
452 :
453 : /* Open session handler first */
454 309 : if (PS(mod)->s_open(&PS(mod_data), PS(save_path), PS(session_name) TSRMLS_CC) == FAILURE) {
455 0 : php_error_docref(NULL TSRMLS_CC, E_ERROR, "Failed to initialize storage module: %s (path: %s)", PS(mod)->s_name, PS(save_path));
456 0 : return;
457 : }
458 :
459 : /* If there is no ID, use session module to create one */
460 309 : if (!PS(id)) {
461 231 : new_session:
462 231 : PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
463 230 : if (PS(use_cookies)) {
464 222 : PS(send_cookie) = 1;
465 : }
466 : }
467 :
468 : /* Read data */
469 : /* Question: if you create a SID here, should you also try to read data?
470 : * I'm not sure, but while not doing so will remove one session operation
471 : * it could prove usefull for those sites which wish to have "default"
472 : * session information. */
473 308 : php_session_track_init(TSRMLS_C);
474 308 : PS(invalid_session_id) = 0;
475 308 : if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) {
476 300 : php_session_decode(val, vallen TSRMLS_CC);
477 300 : efree(val);
478 8 : } else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */
479 0 : PS(invalid_session_id) = 0;
480 0 : efree(PS(id));
481 0 : PS(id) = NULL;
482 0 : goto new_session;
483 : }
484 : }
485 : /* }}} */
486 :
487 : static int migrate_global(HashTable *ht, HashPosition *pos TSRMLS_DC) /* {{{ */
488 3 : {
489 : char *str;
490 : uint str_len;
491 : ulong num_key;
492 : int n;
493 : zval **val;
494 3 : int ret = 0;
495 :
496 3 : n = zend_hash_get_current_key_ex(ht, &str, &str_len, &num_key, 0, pos);
497 :
498 3 : switch (n) {
499 : case HASH_KEY_IS_STRING:
500 3 : if (zend_hash_find(&EG(symbol_table), str, str_len, (void **) &val) == SUCCESS &&
501 : val && Z_TYPE_PP(val) != IS_NULL
502 : ) {
503 1 : ZEND_SET_SYMBOL_WITH_LENGTH(ht, str, str_len, *val, (*val)->refcount + 1 , 1);
504 1 : ret = 1;
505 : }
506 3 : break;
507 : case HASH_KEY_IS_LONG:
508 0 : php_error_docref(NULL TSRMLS_CC, E_NOTICE, "The session bug compatibility code will not "
509 : "try to locate the global variable $%lu due to its "
510 : "numeric nature", num_key);
511 : break;
512 : }
513 3 : return ret;
514 : }
515 : /* }}} */
516 :
517 : static void php_session_save_current_state(TSRMLS_D) /* {{{ */
518 71 : {
519 71 : int ret = FAILURE;
520 :
521 71 : IF_SESSION_VARS() {
522 70 : if (PS(bug_compat) && !PG(register_globals)) {
523 61 : HashTable *ht = Z_ARRVAL_P(PS(http_session_vars));
524 : HashPosition pos;
525 : zval **val;
526 61 : int do_warn = 0;
527 :
528 61 : zend_hash_internal_pointer_reset_ex(ht, &pos);
529 :
530 164 : while (zend_hash_get_current_data_ex(ht, (void **) &val, &pos) != FAILURE) {
531 42 : if (Z_TYPE_PP(val) == IS_NULL) {
532 3 : if (migrate_global(ht, &pos TSRMLS_CC)) {
533 1 : do_warn = 1;
534 : }
535 : }
536 42 : zend_hash_move_forward_ex(ht, &pos);
537 : }
538 :
539 61 : if (do_warn && PS(bug_compat_warn)) {
540 1 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively");
541 : }
542 : }
543 :
544 70 : if (PS(mod_data)) {
545 : char *val;
546 : int vallen;
547 :
548 70 : val = php_session_encode(&vallen TSRMLS_CC);
549 70 : if (val) {
550 27 : ret = PS(mod)->s_write(&PS(mod_data), PS(id), val, vallen TSRMLS_CC);
551 27 : efree(val);
552 : } else {
553 43 : ret = PS(mod)->s_write(&PS(mod_data), PS(id), "", 0 TSRMLS_CC);
554 : }
555 : }
556 :
557 70 : if (ret == FAILURE) {
558 1 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to write session data (%s). Please "
559 : "verify that the current setting of session.save_path "
560 : "is correct (%s)",
561 : PS(mod)->s_name,
562 : PS(save_path));
563 : }
564 : }
565 :
566 71 : if (PS(mod_data)) {
567 71 : PS(mod)->s_close(&PS(mod_data) TSRMLS_CC);
568 : }
569 71 : }
570 : /* }}} */
571 :
572 : /* *************************
573 : * INI Settings/Handlers *
574 : ************************* */
575 :
576 : static PHP_INI_MH(OnUpdateSaveHandler) /* {{{ */
577 13607 : {
578 : ps_module *tmp;
579 13607 : SESSION_CHECK_ACTIVE_STATE;
580 :
581 13607 : tmp = _php_find_ps_module(new_value TSRMLS_CC);
582 :
583 13607 : if (PG(modules_activated) && !tmp) {
584 : int err_type;
585 :
586 1 : if (stage == ZEND_INI_STAGE_RUNTIME) {
587 0 : err_type = E_WARNING;
588 : } else {
589 1 : err_type = E_ERROR;
590 : }
591 :
592 : /* Do not output error when restoring ini options. */
593 1 : if (stage != ZEND_INI_STAGE_DEACTIVATE) {
594 0 : php_error_docref(NULL TSRMLS_CC, err_type, "Cannot find save handler '%s'", new_value);
595 : }
596 1 : return FAILURE;
597 : }
598 13606 : PS(mod) = tmp;
599 :
600 13606 : return SUCCESS;
601 : }
602 : /* }}} */
603 :
604 : static PHP_INI_MH(OnUpdateSerializer) /* {{{ */
605 13565 : {
606 : const ps_serializer *tmp;
607 13565 : SESSION_CHECK_ACTIVE_STATE;
608 :
609 13565 : tmp = _php_find_ps_serializer(new_value TSRMLS_CC);
610 :
611 13565 : if (PG(modules_activated) && !tmp) {
612 : int err_type;
613 :
614 0 : if (stage == ZEND_INI_STAGE_RUNTIME) {
615 0 : err_type = E_WARNING;
616 : } else {
617 0 : err_type = E_ERROR;
618 : }
619 :
620 : /* Do not output error when restoring ini options. */
621 0 : if (stage != ZEND_INI_STAGE_DEACTIVATE) {
622 0 : php_error_docref(NULL TSRMLS_CC, err_type, "Cannot find serialization handler '%s'", new_value);
623 : }
624 0 : return FAILURE;
625 : }
626 13565 : PS(serializer) = tmp;
627 :
628 13565 : return SUCCESS;
629 : }
630 : /* }}} */
631 :
632 : static PHP_INI_MH(OnUpdateTransSid) /* {{{ */
633 13570 : {
634 13570 : SESSION_CHECK_ACTIVE_STATE;
635 :
636 13568 : if (!strncasecmp(new_value, "on", sizeof("on"))) {
637 0 : PS(use_trans_sid) = (zend_bool) 1;
638 : } else {
639 13568 : PS(use_trans_sid) = (zend_bool) atoi(new_value);
640 : }
641 :
642 13568 : return SUCCESS;
643 : }
644 : /* }}} */
645 :
646 : static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
647 13614 : {
648 : /* Only do the safemode/open_basedir check at runtime */
649 13614 : if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) {
650 : char *p;
651 :
652 36 : if (memchr(new_value, '\0', new_value_length) != NULL) {
653 0 : return FAILURE;
654 : }
655 :
656 36 : if ((p = zend_memrchr(new_value, ';', new_value_length))) {
657 1 : p++;
658 : } else {
659 35 : p = new_value;
660 : }
661 :
662 36 : if (PG(safe_mode) && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
663 0 : return FAILURE;
664 : }
665 :
666 36 : if (PG(open_basedir) && php_check_open_basedir(p TSRMLS_CC)) {
667 1 : return FAILURE;
668 : }
669 : }
670 :
671 13613 : OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
672 13613 : return SUCCESS;
673 : }
674 : /* }}} */
675 :
676 : /* {{{ PHP_INI
677 : */
678 : PHP_INI_BEGIN()
679 : STD_PHP_INI_BOOLEAN("session.bug_compat_42", "1", PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals, ps_globals)
680 : STD_PHP_INI_BOOLEAN("session.bug_compat_warn", "1", PHP_INI_ALL, OnUpdateBool, bug_compat_warn, php_ps_globals, ps_globals)
681 : STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals)
682 : STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals)
683 : PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler)
684 : STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals)
685 : STD_PHP_INI_ENTRY("session.gc_probability", "1", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals)
686 : STD_PHP_INI_ENTRY("session.gc_divisor", "100", PHP_INI_ALL, OnUpdateLong, gc_divisor, php_ps_globals, ps_globals)
687 : STD_PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, OnUpdateLong, gc_maxlifetime, php_ps_globals, ps_globals)
688 : PHP_INI_ENTRY("session.serialize_handler", "php", PHP_INI_ALL, OnUpdateSerializer)
689 : STD_PHP_INI_ENTRY("session.cookie_lifetime", "0", PHP_INI_ALL, OnUpdateLong, cookie_lifetime, php_ps_globals, ps_globals)
690 : STD_PHP_INI_ENTRY("session.cookie_path", "/", PHP_INI_ALL, OnUpdateString, cookie_path, php_ps_globals, ps_globals)
691 : STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateString, cookie_domain, php_ps_globals, ps_globals)
692 : STD_PHP_INI_BOOLEAN("session.cookie_secure", "", PHP_INI_ALL, OnUpdateBool, cookie_secure, php_ps_globals, ps_globals)
693 : STD_PHP_INI_BOOLEAN("session.cookie_httponly", "", PHP_INI_ALL, OnUpdateBool, cookie_httponly, php_ps_globals, ps_globals)
694 : STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals)
695 : STD_PHP_INI_BOOLEAN("session.use_only_cookies", "0", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals)
696 : STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals)
697 : STD_PHP_INI_ENTRY("session.entropy_file", "", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals)
698 : STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals)
699 : STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateString, cache_limiter, php_ps_globals, ps_globals)
700 : STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL, OnUpdateLong, cache_expire, php_ps_globals, ps_globals)
701 : PHP_INI_ENTRY("session.use_trans_sid", "0", PHP_INI_ALL, OnUpdateTransSid)
702 : STD_PHP_INI_ENTRY("session.hash_function", "0", PHP_INI_ALL, OnUpdateLong, hash_func, php_ps_globals, ps_globals)
703 : STD_PHP_INI_ENTRY("session.hash_bits_per_character", "4", PHP_INI_ALL, OnUpdateLong, hash_bits_per_character, php_ps_globals, ps_globals)
704 :
705 : /* Commented out until future discussion */
706 : /* PHP_INI_ENTRY("session.encode_sources", "globals,track", PHP_INI_ALL, NULL) */
707 : PHP_INI_END()
708 : /* }}} */
709 :
710 : /* ***************
711 : * Serializers *
712 : *************** */
713 :
714 : #define PS_BIN_NR_OF_BITS 8
715 : #define PS_BIN_UNDEF (1<<(PS_BIN_NR_OF_BITS-1))
716 : #define PS_BIN_MAX (PS_BIN_UNDEF-1)
717 :
718 : PS_SERIALIZER_ENCODE_FUNC(php_binary) /* {{{ */
719 1 : {
720 1 : smart_str buf = {0};
721 : php_serialize_data_t var_hash;
722 : PS_ENCODE_VARS;
723 :
724 1 : PHP_VAR_SERIALIZE_INIT(var_hash);
725 :
726 1 : PS_ENCODE_LOOP(
727 : if (key_length > PS_BIN_MAX) continue;
728 : smart_str_appendc(&buf, (unsigned char) key_length);
729 : smart_str_appendl(&buf, key, key_length);
730 : php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
731 : } else {
732 : if (key_length > PS_BIN_MAX) continue;
733 : smart_str_appendc(&buf, (unsigned char) (key_length & PS_BIN_UNDEF));
734 : smart_str_appendl(&buf, key, key_length);
735 : );
736 :
737 1 : if (newlen) {
738 1 : *newlen = buf.len;
739 : }
740 1 : smart_str_0(&buf);
741 1 : *newstr = buf.c;
742 1 : PHP_VAR_SERIALIZE_DESTROY(var_hash);
743 :
744 1 : return SUCCESS;
745 : }
746 : /* }}} */
747 :
748 : PS_SERIALIZER_DECODE_FUNC(php_binary) /* {{{ */
749 1 : {
750 : const char *p;
751 : char *name;
752 1 : const char *endptr = val + vallen;
753 : zval *current;
754 : int namelen;
755 : int has_value;
756 : php_unserialize_data_t var_hash;
757 :
758 1 : PHP_VAR_UNSERIALIZE_INIT(var_hash);
759 :
760 2 : for (p = val; p < endptr; ) {
761 : zval **tmp;
762 0 : namelen = ((unsigned char)(*p)) & (~PS_BIN_UNDEF);
763 :
764 0 : if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
765 0 : return FAILURE;
766 : }
767 :
768 0 : has_value = *p & PS_BIN_UNDEF ? 0 : 1;
769 :
770 0 : name = estrndup(p + 1, namelen);
771 :
772 0 : p += namelen + 1;
773 :
774 0 : if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
775 0 : if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) {
776 0 : efree(name);
777 0 : continue;
778 : }
779 : }
780 :
781 0 : if (has_value) {
782 0 : ALLOC_INIT_ZVAL(current);
783 0 : if (php_var_unserialize(¤t, (const unsigned char **) &p, (const unsigned char *) endptr, &var_hash TSRMLS_CC)) {
784 0 : php_set_session_var(name, namelen, current, &var_hash TSRMLS_CC);
785 : }
786 0 : zval_ptr_dtor(¤t);
787 : }
788 0 : PS_ADD_VARL(name, namelen);
789 0 : efree(name);
790 : }
791 :
792 1 : PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
793 :
794 1 : return SUCCESS;
795 : }
796 : /* }}} */
797 :
798 : #define PS_DELIMITER '|'
799 : #define PS_UNDEF_MARKER '!'
800 :
801 : PS_SERIALIZER_ENCODE_FUNC(php) /* {{{ */
802 154 : {
803 154 : smart_str buf = {0};
804 : php_serialize_data_t var_hash;
805 : PS_ENCODE_VARS;
806 :
807 154 : PHP_VAR_SERIALIZE_INIT(var_hash);
808 :
809 154 : PS_ENCODE_LOOP(
810 : smart_str_appendl(&buf, key, key_length);
811 : if (memchr(key, PS_DELIMITER, key_length)) {
812 : PHP_VAR_SERIALIZE_DESTROY(var_hash);
813 : smart_str_free(&buf);
814 : return FAILURE;
815 : }
816 : smart_str_appendc(&buf, PS_DELIMITER);
817 :
818 : php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
819 : } else {
820 : smart_str_appendc(&buf, PS_UNDEF_MARKER);
821 : smart_str_appendl(&buf, key, key_length);
822 : smart_str_appendc(&buf, PS_DELIMITER);
823 : );
824 :
825 154 : if (newlen) {
826 154 : *newlen = buf.len;
827 : }
828 154 : smart_str_0(&buf);
829 154 : *newstr = buf.c;
830 :
831 154 : PHP_VAR_SERIALIZE_DESTROY(var_hash);
832 154 : return SUCCESS;
833 : }
834 : /* }}} */
835 :
836 : PS_SERIALIZER_DECODE_FUNC(php) /* {{{ */
837 406 : {
838 : const char *p, *q;
839 : char *name;
840 406 : const char *endptr = val + vallen;
841 : zval *current;
842 : int namelen;
843 : int has_value;
844 : php_unserialize_data_t var_hash;
845 :
846 406 : PHP_VAR_UNSERIALIZE_INIT(var_hash);
847 :
848 406 : p = val;
849 :
850 978 : while (p < endptr) {
851 : zval **tmp;
852 222 : q = p;
853 1139 : while (*q != PS_DELIMITER) {
854 751 : if (++q >= endptr) goto break_outer_loop;
855 : }
856 166 : if (p[0] == PS_UNDEF_MARKER) {
857 0 : p++;
858 0 : has_value = 0;
859 : } else {
860 166 : has_value = 1;
861 : }
862 :
863 166 : namelen = q - p;
864 166 : name = estrndup(p, namelen);
865 166 : q++;
866 :
867 166 : if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) {
868 18 : if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) {
869 : goto skip;
870 : }
871 : }
872 :
873 166 : if (has_value) {
874 166 : ALLOC_INIT_ZVAL(current);
875 166 : if (php_var_unserialize(¤t, (const unsigned char **) &q, (const unsigned char *) endptr, &var_hash TSRMLS_CC)) {
876 128 : php_set_session_var(name, namelen, current, &var_hash TSRMLS_CC);
877 : }
878 166 : zval_ptr_dtor(¤t);
879 : }
880 166 : PS_ADD_VARL(name, namelen);
881 166 : skip:
882 166 : efree(name);
883 :
884 166 : p = q;
885 : }
886 406 : break_outer_loop:
887 :
888 406 : PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
889 :
890 406 : return SUCCESS;
891 : }
892 : /* }}} */
893 :
894 : #define MAX_SERIALIZERS 10
895 : #define PREDEFINED_SERIALIZERS 2
896 :
897 : static ps_serializer ps_serializers[MAX_SERIALIZERS + 1] = {
898 : PS_SERIALIZER_ENTRY(php),
899 : PS_SERIALIZER_ENTRY(php_binary)
900 : };
901 :
902 : PHPAPI int php_session_register_serializer(const char *name, int (*encode)(PS_SERIALIZER_ENCODE_ARGS), int (*decode)(PS_SERIALIZER_DECODE_ARGS)) /* {{{ */
903 13565 : {
904 13565 : int ret = -1;
905 : int i;
906 :
907 40695 : for (i = 0; i < MAX_SERIALIZERS; i++) {
908 40695 : if (ps_serializers[i].name == NULL) {
909 13565 : ps_serializers[i].name = name;
910 13565 : ps_serializers[i].encode = encode;
911 13565 : ps_serializers[i].decode = decode;
912 13565 : ps_serializers[i + 1].name = NULL;
913 13565 : ret = 0;
914 13565 : break;
915 : }
916 : }
917 13565 : return ret;
918 : }
919 : /* }}} */
920 :
921 : /* *******************
922 : * Storage Modules *
923 : ******************* */
924 :
925 : #define MAX_MODULES 10
926 : #define PREDEFINED_MODULES 2
927 :
928 : static ps_module *ps_modules[MAX_MODULES + 1] = {
929 : ps_files_ptr,
930 : ps_user_ptr
931 : };
932 :
933 : PHPAPI int php_session_register_module(ps_module *ptr) /* {{{ */
934 13565 : {
935 13565 : int ret = -1;
936 : int i;
937 :
938 40695 : for (i = 0; i < MAX_MODULES; i++) {
939 40695 : if (!ps_modules[i]) {
940 13565 : ps_modules[i] = ptr;
941 13565 : ret = 0;
942 13565 : break;
943 : }
944 : }
945 13565 : return ret;
946 : }
947 : /* }}} */
948 :
949 : /* ******************
950 : * Cache Limiters *
951 : ****************** */
952 :
953 : typedef struct {
954 : char *name;
955 : void (*func)(TSRMLS_D);
956 : } php_session_cache_limiter_t;
957 :
958 : #define CACHE_LIMITER(name) _php_cache_limiter_##name
959 : #define CACHE_LIMITER_FUNC(name) static void CACHE_LIMITER(name)(TSRMLS_D)
960 : #define CACHE_LIMITER_ENTRY(name) { #name, CACHE_LIMITER(name) },
961 : #define ADD_HEADER(a) sapi_add_header(a, strlen(a), 1);
962 : #define MAX_STR 512
963 :
964 : static char *month_names[] = {
965 : "Jan", "Feb", "Mar", "Apr", "May", "Jun",
966 : "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
967 : };
968 :
969 : static char *week_days[] = {
970 : "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"
971 : };
972 :
973 : static inline void strcpy_gmt(char *ubuf, time_t *when) /* {{{ */
974 3 : {
975 : char buf[MAX_STR];
976 : struct tm tm, *res;
977 : int n;
978 :
979 3 : res = php_gmtime_r(when, &tm);
980 :
981 3 : if (!res) {
982 0 : buf[0] = '\0';
983 0 : return;
984 : }
985 :
986 3 : n = slprintf(buf, sizeof(buf), "%s, %02d %s %d %02d:%02d:%02d GMT", /* SAFE */
987 : week_days[tm.tm_wday], tm.tm_mday,
988 : month_names[tm.tm_mon], tm.tm_year + 1900,
989 : tm.tm_hour, tm.tm_min,
990 : tm.tm_sec);
991 3 : memcpy(ubuf, buf, n);
992 3 : ubuf[n] = '\0';
993 : }
994 : /* }}} */
995 :
996 : static inline void last_modified(TSRMLS_D) /* {{{ */
997 2 : {
998 : const char *path;
999 : struct stat sb;
1000 : char buf[MAX_STR + 1];
1001 :
1002 2 : path = SG(request_info).path_translated;
1003 2 : if (path) {
1004 2 : if (VCWD_STAT(path, &sb) == -1) {
1005 0 : return;
1006 : }
1007 :
1008 : #define LAST_MODIFIED "Last-Modified: "
1009 2 : memcpy(buf, LAST_MODIFIED, sizeof(LAST_MODIFIED) - 1);
1010 2 : strcpy_gmt(buf + sizeof(LAST_MODIFIED) - 1, &sb.st_mtime);
1011 2 : ADD_HEADER(buf);
1012 : }
1013 : }
1014 : /* }}} */
1015 :
1016 : #define EXPIRES "Expires: "
1017 : CACHE_LIMITER_FUNC(public) /* {{{ */
1018 1 : {
1019 : char buf[MAX_STR + 1];
1020 : struct timeval tv;
1021 : time_t now;
1022 :
1023 1 : gettimeofday(&tv, NULL);
1024 1 : now = tv.tv_sec + PS(cache_expire) * 60;
1025 1 : memcpy(buf, EXPIRES, sizeof(EXPIRES) - 1);
1026 1 : strcpy_gmt(buf + sizeof(EXPIRES) - 1, &now);
1027 1 : ADD_HEADER(buf);
1028 :
1029 1 : snprintf(buf, sizeof(buf) , "Cache-Control: public, max-age=%ld", PS(cache_expire) * 60); /* SAFE */
1030 1 : ADD_HEADER(buf);
1031 :
1032 1 : last_modified(TSRMLS_C);
1033 1 : }
1034 : /* }}} */
1035 :
1036 : CACHE_LIMITER_FUNC(private_no_expire) /* {{{ */
1037 1 : {
1038 : char buf[MAX_STR + 1];
1039 :
1040 1 : snprintf(buf, sizeof(buf), "Cache-Control: private, max-age=%ld, pre-check=%ld", PS(cache_expire) * 60, PS(cache_expire) * 60); /* SAFE */
1041 1 : ADD_HEADER(buf);
1042 :
1043 1 : last_modified(TSRMLS_C);
1044 1 : }
1045 : /* }}} */
1046 :
1047 : CACHE_LIMITER_FUNC(private) /* {{{ */
1048 1 : {
1049 1 : ADD_HEADER("Expires: Thu, 19 Nov 1981 08:52:00 GMT");
1050 1 : CACHE_LIMITER(private_no_expire)(TSRMLS_C);
1051 1 : }
1052 : /* }}} */
1053 :
1054 : CACHE_LIMITER_FUNC(nocache) /* {{{ */
1055 252 : {
1056 252 : ADD_HEADER("Expires: Thu, 19 Nov 1981 08:52:00 GMT");
1057 :
1058 : /* For HTTP/1.1 conforming clients and the rest (MSIE 5) */
1059 252 : ADD_HEADER("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
1060 :
1061 : /* For HTTP/1.0 conforming clients */
1062 252 : ADD_HEADER("Pragma: no-cache");
1063 252 : }
1064 : /* }}} */
1065 :
1066 : static php_session_cache_limiter_t php_session_cache_limiters[] = {
1067 : CACHE_LIMITER_ENTRY(public)
1068 : CACHE_LIMITER_ENTRY(private)
1069 : CACHE_LIMITER_ENTRY(private_no_expire)
1070 : CACHE_LIMITER_ENTRY(nocache)
1071 : {0}
1072 : };
1073 :
1074 : static int php_session_cache_limiter(TSRMLS_D) /* {{{ */
1075 308 : {
1076 : php_session_cache_limiter_t *lim;
1077 :
1078 308 : if (PS(cache_limiter)[0] == '\0') return 0;
1079 :
1080 255 : if (SG(headers_sent)) {
1081 1 : char *output_start_filename = php_get_output_start_filename(TSRMLS_C);
1082 1 : int output_start_lineno = php_get_output_start_lineno(TSRMLS_C);
1083 :
1084 1 : if (output_start_filename) {
1085 1 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cache limiter - headers already sent (output started at %s:%d)", output_start_filename, output_start_lineno);
1086 : } else {
1087 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cache limiter - headers already sent");
1088 : }
1089 1 : return -2;
1090 : }
1091 :
1092 1011 : for (lim = php_session_cache_limiters; lim->name; lim++) {
1093 1011 : if (!strcasecmp(lim->name, PS(cache_limiter))) {
1094 254 : lim->func(TSRMLS_C);
1095 254 : return 0;
1096 : }
1097 : }
1098 :
1099 0 : return -1;
1100 : }
1101 : /* }}} */
1102 :
1103 : /* *********************
1104 : * Cookie Management *
1105 : ********************* */
1106 :
1107 : #define COOKIE_SET_COOKIE "Set-Cookie: "
1108 : #define COOKIE_EXPIRES "; expires="
1109 : #define COOKIE_PATH "; path="
1110 : #define COOKIE_DOMAIN "; domain="
1111 : #define COOKIE_SECURE "; secure"
1112 : #define COOKIE_HTTPONLY "; HttpOnly"
1113 :
1114 : static void php_session_send_cookie(TSRMLS_D) /* {{{ */
1115 257 : {
1116 257 : smart_str ncookie = {0};
1117 257 : char *date_fmt = NULL;
1118 : char *e_session_name, *e_id;
1119 :
1120 257 : if (SG(headers_sent)) {
1121 1 : char *output_start_filename = php_get_output_start_filename(TSRMLS_C);
1122 1 : int output_start_lineno = php_get_output_start_lineno(TSRMLS_C);
1123 :
1124 1 : if (output_start_filename) {
1125 1 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent by (output started at %s:%d)", output_start_filename, output_start_lineno);
1126 : } else {
1127 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent");
1128 : }
1129 1 : return;
1130 : }
1131 :
1132 : /* URL encode session_name and id because they might be user supplied */
1133 256 : e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL);
1134 256 : e_id = php_url_encode(PS(id), strlen(PS(id)), NULL);
1135 :
1136 256 : smart_str_appends(&ncookie, COOKIE_SET_COOKIE);
1137 256 : smart_str_appends(&ncookie, e_session_name);
1138 256 : smart_str_appendc(&ncookie, '=');
1139 256 : smart_str_appends(&ncookie, e_id);
1140 :
1141 256 : efree(e_session_name);
1142 256 : efree(e_id);
1143 :
1144 256 : if (PS(cookie_lifetime) > 0) {
1145 : struct timeval tv;
1146 : time_t t;
1147 :
1148 6 : gettimeofday(&tv, NULL);
1149 6 : t = tv.tv_sec + PS(cookie_lifetime);
1150 :
1151 6 : if (t > 0) {
1152 6 : date_fmt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, t, 0 TSRMLS_CC);
1153 6 : smart_str_appends(&ncookie, COOKIE_EXPIRES);
1154 6 : smart_str_appends(&ncookie, date_fmt);
1155 6 : efree(date_fmt);
1156 : }
1157 : }
1158 :
1159 256 : if (PS(cookie_path)[0]) {
1160 256 : smart_str_appends(&ncookie, COOKIE_PATH);
1161 256 : smart_str_appends(&ncookie, PS(cookie_path));
1162 : }
1163 :
1164 256 : if (PS(cookie_domain)[0]) {
1165 3 : smart_str_appends(&ncookie, COOKIE_DOMAIN);
1166 3 : smart_str_appends(&ncookie, PS(cookie_domain));
1167 : }
1168 :
1169 256 : if (PS(cookie_secure)) {
1170 0 : smart_str_appends(&ncookie, COOKIE_SECURE);
1171 : }
1172 :
1173 256 : if (PS(cookie_httponly)) {
1174 0 : smart_str_appends(&ncookie, COOKIE_HTTPONLY);
1175 : }
1176 :
1177 256 : smart_str_0(&ncookie);
1178 :
1179 : /* 'replace' must be 0 here, else a previous Set-Cookie
1180 : header, probably sent with setcookie() will be replaced! */
1181 256 : sapi_add_header_ex(ncookie.c, ncookie.len, 0, 0 TSRMLS_CC);
1182 : }
1183 : /* }}} */
1184 :
1185 : PHPAPI ps_module *_php_find_ps_module(char *name TSRMLS_DC) /* {{{ */
1186 13644 : {
1187 13644 : ps_module *ret = NULL;
1188 : ps_module **mod;
1189 : int i;
1190 :
1191 14015 : for (i = 0, mod = ps_modules; i < MAX_MODULES; i++, mod++) {
1192 13980 : if (*mod && !strcasecmp(name, (*mod)->s_name)) {
1193 13609 : ret = *mod;
1194 13609 : break;
1195 : }
1196 : }
1197 13644 : return ret;
1198 : }
1199 : /* }}} */
1200 :
1201 : PHPAPI const ps_serializer *_php_find_ps_serializer(char *name TSRMLS_DC) /* {{{ */
1202 13575 : {
1203 13575 : const ps_serializer *ret = NULL;
1204 : const ps_serializer *mod;
1205 :
1206 13619 : for (mod = ps_serializers; mod->name; mod++) {
1207 13605 : if (!strcasecmp(name, mod->name)) {
1208 13561 : ret = mod;
1209 13561 : break;
1210 : }
1211 : }
1212 13575 : return ret;
1213 : }
1214 : /* }}} */
1215 :
1216 : #define PPID2SID \
1217 : convert_to_string((*ppid)); \
1218 : PS(id) = estrndup(Z_STRVAL_PP(ppid), Z_STRLEN_PP(ppid))
1219 :
1220 : static void php_session_reset_id(TSRMLS_D) /* {{{ */
1221 311 : {
1222 311 : int module_number = PS(module_number);
1223 :
1224 311 : if (PS(use_cookies) && PS(send_cookie)) {
1225 257 : php_session_send_cookie(TSRMLS_C);
1226 257 : PS(send_cookie) = 0;
1227 : }
1228 :
1229 : /* if the SID constant exists, destroy it. */
1230 311 : zend_hash_del(EG(zend_constants), "sid", sizeof("sid"));
1231 :
1232 311 : if (PS(define_sid)) {
1233 311 : smart_str var = {0};
1234 :
1235 311 : smart_str_appends(&var, PS(session_name));
1236 311 : smart_str_appendc(&var, '=');
1237 311 : smart_str_appends(&var, PS(id));
1238 311 : smart_str_0(&var);
1239 311 : REGISTER_STRINGL_CONSTANT("SID", var.c, var.len, 0);
1240 : } else {
1241 0 : REGISTER_STRINGL_CONSTANT("SID", STR_EMPTY_ALLOC(), 0, 0);
1242 : }
1243 :
1244 311 : if (PS(apply_trans_sid)) {
1245 9 : php_url_scanner_reset_vars(TSRMLS_C);
1246 9 : php_url_scanner_add_var(PS(session_name), strlen(PS(session_name)), PS(id), strlen(PS(id)), 1 TSRMLS_CC);
1247 : }
1248 311 : }
1249 : /* }}} */
1250 :
1251 : PHPAPI void php_session_start(TSRMLS_D) /* {{{ */
1252 316 : {
1253 : zval **ppid;
1254 : zval **data;
1255 : char *p, *value;
1256 : int nrand;
1257 : int lensess;
1258 :
1259 316 : PS(apply_trans_sid) = PS(use_trans_sid);
1260 :
1261 316 : switch (PS(session_status)) {
1262 : case php_session_active:
1263 5 : php_error(E_NOTICE, "A session had already been started - ignoring session_start()");
1264 5 : return;
1265 : break;
1266 :
1267 : case php_session_disabled:
1268 2 : value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0);
1269 2 : if (!PS(mod) && value) {
1270 0 : PS(mod) = _php_find_ps_module(value TSRMLS_CC);
1271 0 : if (!PS(mod)) {
1272 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot find save handler '%s' - session startup failed", value);
1273 0 : return;
1274 : }
1275 : }
1276 2 : value = zend_ini_string("session.serialize_handler", sizeof("session.serialize_handler"), 0);
1277 2 : if (!PS(serializer) && value) {
1278 2 : PS(serializer) = _php_find_ps_serializer(value TSRMLS_CC);
1279 2 : if (!PS(serializer)) {
1280 2 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot find serialization handler '%s' - session startup failed", value);
1281 2 : return;
1282 : }
1283 : }
1284 0 : PS(session_status) = php_session_none;
1285 : /* fallthrough */
1286 :
1287 : default:
1288 : case php_session_none:
1289 309 : PS(define_sid) = 1;
1290 309 : PS(send_cookie) = 1;
1291 : }
1292 :
1293 309 : lensess = strlen(PS(session_name));
1294 :
1295 : /* Cookies are preferred, because initially
1296 : * cookie and get variables will be available. */
1297 :
1298 309 : if (!PS(id)) {
1299 231 : if (PS(use_cookies) && zend_hash_find(&EG(symbol_table), "_COOKIE", sizeof("_COOKIE"), (void **) &data) == SUCCESS &&
1300 : Z_TYPE_PP(data) == IS_ARRAY &&
1301 : zend_hash_find(Z_ARRVAL_PP(data), PS(session_name), lensess + 1, (void **) &ppid) == SUCCESS
1302 : ) {
1303 0 : PPID2SID;
1304 0 : PS(apply_trans_sid) = 0;
1305 0 : PS(send_cookie) = 0;
1306 0 : PS(define_sid) = 0;
1307 : }
1308 :
1309 231 : if (!PS(use_only_cookies) && !PS(id) &&
1310 : zend_hash_find(&EG(symbol_table), "_GET", sizeof("_GET"), (void **) &data) == SUCCESS &&
1311 : Z_TYPE_PP(data) == IS_ARRAY &&
1312 : zend_hash_find(Z_ARRVAL_PP(data), PS(session_name), lensess + 1, (void **) &ppid) == SUCCESS
1313 : ) {
1314 0 : PPID2SID;
1315 0 : PS(send_cookie) = 0;
1316 : }
1317 :
1318 231 : if (!PS(use_only_cookies) && !PS(id) &&
1319 : zend_hash_find(&EG(symbol_table), "_POST", sizeof("_POST"), (void **) &data) == SUCCESS &&
1320 : Z_TYPE_PP(data) == IS_ARRAY &&
1321 : zend_hash_find(Z_ARRVAL_PP(data), PS(session_name), lensess + 1, (void **) &ppid) == SUCCESS
1322 : ) {
1323 0 : PPID2SID;
1324 0 : PS(send_cookie) = 0;
1325 : }
1326 : }
1327 :
1328 : /* Check the REQUEST_URI symbol for a string of the form
1329 : * '<session-name>=<session-id>' to allow URLs of the form
1330 : * http://yoursite/<session-name>=<session-id>/script.php */
1331 :
1332 309 : if (!PS(use_only_cookies) && !PS(id) && PG(http_globals)[TRACK_VARS_SERVER] &&
1333 : zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), "REQUEST_URI", sizeof("REQUEST_URI"), (void **) &data) == SUCCESS &&
1334 : Z_TYPE_PP(data) == IS_STRING &&
1335 : (p = strstr(Z_STRVAL_PP(data), PS(session_name))) &&
1336 : p[lensess] == '='
1337 : ) {
1338 : char *q;
1339 :
1340 0 : p += lensess + 1;
1341 0 : if ((q = strpbrk(p, "/?\\"))) {
1342 0 : PS(id) = estrndup(p, q - p);
1343 0 : PS(send_cookie) = 0;
1344 : }
1345 : }
1346 :
1347 : /* Check whether the current request was referred to by
1348 : * an external site which invalidates the previously found id. */
1349 :
1350 309 : if (PS(id) &&
1351 : PS(extern_referer_chk)[0] != '\0' &&
1352 : PG(http_globals)[TRACK_VARS_SERVER] &&
1353 : zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_REFERER", sizeof("HTTP_REFERER"), (void **) &data) == SUCCESS &&
1354 : Z_TYPE_PP(data) == IS_STRING &&
1355 : Z_STRLEN_PP(data) != 0 &&
1356 : strstr(Z_STRVAL_PP(data), PS(extern_referer_chk)) == NULL
1357 : ) {
1358 0 : efree(PS(id));
1359 0 : PS(id) = NULL;
1360 0 : PS(send_cookie) = 1;
1361 0 : if (PS(use_trans_sid)) {
1362 0 : PS(apply_trans_sid) = 1;
1363 : }
1364 : }
1365 :
1366 309 : php_session_initialize(TSRMLS_C);
1367 :
1368 308 : if (!PS(use_cookies) && PS(send_cookie)) {
1369 54 : if (PS(use_trans_sid)) {
1370 8 : PS(apply_trans_sid) = 1;
1371 : }
1372 54 : PS(send_cookie) = 0;
1373 : }
1374 :
1375 308 : php_session_reset_id(TSRMLS_C);
1376 :
1377 308 : PS(session_status) = php_session_active;
1378 :
1379 308 : php_session_cache_limiter(TSRMLS_C);
1380 :
1381 308 : if (PS(mod_data) && PS(gc_probability) > 0) {
1382 304 : int nrdels = -1;
1383 :
1384 304 : nrand = (int) ((float) PS(gc_divisor) * php_combined_lcg(TSRMLS_C));
1385 304 : if (nrand < PS(gc_probability)) {
1386 6 : PS(mod)->s_gc(&PS(mod_data), PS(gc_maxlifetime), &nrdels TSRMLS_CC);
1387 : #ifdef SESSION_DEBUG
1388 : if (nrdels != -1) {
1389 : php_error_docref(NULL TSRMLS_CC, E_NOTICE, "purged %d expired session objects", nrdels);
1390 : }
1391 : #endif
1392 : }
1393 : }
1394 : }
1395 : /* }}} */
1396 :
1397 : static void php_session_flush(TSRMLS_D) /* {{{ */
1398 13691 : {
1399 13691 : if (PS(session_status) == php_session_active) {
1400 71 : PS(session_status) = php_session_none;
1401 71 : zend_try {
1402 71 : php_session_save_current_state(TSRMLS_C);
1403 71 : } zend_end_try();
1404 : }
1405 13691 : }
1406 : /* }}} */
1407 :
1408 : PHPAPI void session_adapt_url(const char *url, size_t urllen, char **new, size_t *newlen TSRMLS_DC) /* {{{ */
1409 0 : {
1410 0 : if (PS(apply_trans_sid) && (PS(session_status) == php_session_active)) {
1411 0 : *new = php_url_scanner_adapt_single_url(url, urllen, PS(session_name), PS(id), newlen TSRMLS_CC);
1412 : }
1413 0 : }
1414 : /* }}} */
1415 :
1416 : /* ********************************
1417 : * Userspace exported functions *
1418 : ******************************** */
1419 :
1420 : /* {{{ proto void session_set_cookie_params(int lifetime [, string path [, string domain [, bool secure[, bool httponly]]]])
1421 : Set session cookie parameters */
1422 : static PHP_FUNCTION(session_set_cookie_params)
1423 164 : {
1424 : zval **lifetime, **path, **domain, **secure, **httponly;
1425 :
1426 164 : if (!PS(use_cookies))
1427 0 : return;
1428 :
1429 164 : if (ZEND_NUM_ARGS() < 1 || ZEND_NUM_ARGS() > 5 ||
1430 : zend_get_parameters_ex(ZEND_NUM_ARGS(), &lifetime, &path, &domain, &secure, &httponly) == FAILURE)
1431 0 : WRONG_PARAM_COUNT;
1432 :
1433 164 : convert_to_string_ex(lifetime);
1434 :
1435 164 : zend_alter_ini_entry("session.cookie_lifetime", sizeof("session.cookie_lifetime"), Z_STRVAL_PP(lifetime), Z_STRLEN_PP(lifetime), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1436 :
1437 164 : if (ZEND_NUM_ARGS() > 1) {
1438 134 : convert_to_string_ex(path);
1439 134 : zend_alter_ini_entry("session.cookie_path", sizeof("session.cookie_path"), Z_STRVAL_PP(path), Z_STRLEN_PP(path), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1440 :
1441 134 : if (ZEND_NUM_ARGS() > 2) {
1442 107 : convert_to_string_ex(domain);
1443 107 : zend_alter_ini_entry("session.cookie_domain", sizeof("session.cookie_domain"), Z_STRVAL_PP(domain), Z_STRLEN_PP(domain), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1444 107 : if (ZEND_NUM_ARGS() > 3) {
1445 80 : convert_to_long_ex(secure);
1446 80 : zend_alter_ini_entry("session.cookie_secure", sizeof("session.cookie_secure"), Z_BVAL_PP(secure)?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1447 : }
1448 107 : if (ZEND_NUM_ARGS() > 4) {
1449 53 : convert_to_long_ex(httponly);
1450 53 : zend_alter_ini_entry("session.cookie_httponly", sizeof("session.cookie_httponly"), Z_BVAL_PP(httponly)?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1451 : }
1452 : }
1453 : }
1454 : }
1455 : /* }}} */
1456 :
1457 : /* {{{ proto array session_get_cookie_params(void)
1458 : Return the session cookie parameters */
1459 : static PHP_FUNCTION(session_get_cookie_params)
1460 33 : {
1461 33 : if (ZEND_NUM_ARGS() != 0) {
1462 24 : WRONG_PARAM_COUNT;
1463 : }
1464 :
1465 9 : array_init(return_value);
1466 :
1467 9 : add_assoc_long(return_value, "lifetime", PS(cookie_lifetime));
1468 9 : add_assoc_string(return_value, "path", PS(cookie_path), 1);
1469 9 : add_assoc_string(return_value, "domain", PS(cookie_domain), 1);
1470 9 : add_assoc_bool(return_value, "secure", PS(cookie_secure));
1471 9 : add_assoc_bool(return_value, "httponly", PS(cookie_httponly));
1472 : }
1473 : /* }}} */
1474 :
1475 : /* {{{ proto string session_name([string newname])
1476 : Return the current session name. If newname is given, the session name is replaced with newname */
1477 : static PHP_FUNCTION(session_name)
1478 41 : {
1479 : zval **p_name;
1480 41 : int ac = ZEND_NUM_ARGS();
1481 : char *old;
1482 :
1483 41 : if (ac < 0 || ac > 1 || zend_get_parameters_ex(ac, &p_name) == FAILURE)
1484 0 : WRONG_PARAM_COUNT;
1485 :
1486 41 : old = estrdup(PS(session_name));
1487 :
1488 41 : if (ac == 1) {
1489 29 : convert_to_string_ex(p_name);
1490 29 : zend_alter_ini_entry("session.name", sizeof("session.name"), Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1491 : }
1492 :
1493 41 : RETVAL_STRING(old, 0);
1494 : }
1495 : /* }}} */
1496 :
1497 : /* {{{ proto string session_module_name([string newname])
1498 : Return the current module name used for accessing session data. If newname is given, the module name is replaced with newname */
1499 : static PHP_FUNCTION(session_module_name)
1500 47 : {
1501 : zval **p_name;
1502 47 : int ac = ZEND_NUM_ARGS();
1503 :
1504 47 : if (ac < 0 || ac > 1 || zend_get_parameters_ex(ac, &p_name) == FAILURE) {
1505 0 : WRONG_PARAM_COUNT;
1506 : }
1507 :
1508 : /* Set return_value to current module name */
1509 94 : if (PS(mod) && PS(mod)->s_name) {
1510 47 : RETVAL_STRING(safe_estrdup(PS(mod)->s_name), 0);
1511 : } else {
1512 0 : RETVAL_EMPTY_STRING();
1513 : }
1514 :
1515 47 : if (ac == 1) {
1516 35 : convert_to_string_ex(p_name);
1517 35 : if (!_php_find_ps_module(Z_STRVAL_PP(p_name) TSRMLS_CC)) {
1518 30 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot find named PHP session module (%s)", Z_STRVAL_PP(p_name));
1519 30 : zval_dtor(return_value);
1520 30 : RETURN_FALSE;
1521 : }
1522 5 : if (PS(mod_data)) {
1523 0 : PS(mod)->s_close(&PS(mod_data) TSRMLS_CC);
1524 : }
1525 5 : PS(mod_data) = NULL;
1526 :
1527 5 : zend_alter_ini_entry("session.save_handler", sizeof("session.save_handler"), Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1528 : }
1529 : }
1530 : /* }}} */
1531 :
1532 : /* {{{ proto void session_set_save_handler(string open, string close, string read, string write, string destroy, string gc)
1533 : Sets user-level functions */
1534 : static PHP_FUNCTION(session_set_save_handler)
1535 53 : {
1536 : zval **args[6];
1537 : int i;
1538 : ps_user *mdata;
1539 : char *name;
1540 :
1541 53 : if (PS(session_status) != php_session_none) {
1542 2 : RETURN_FALSE;
1543 : }
1544 :
1545 51 : if (ZEND_NUM_ARGS() != 6 || zend_get_parameters_array_ex(6, args) == FAILURE)
1546 0 : WRONG_PARAM_COUNT;
1547 :
1548 192 : for (i = 0; i < 6; i++) {
1549 171 : if (!zend_is_callable(*args[i], 0, &name)) {
1550 30 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Argument %d is not a valid callback", i+1);
1551 30 : efree(name);
1552 30 : RETURN_FALSE;
1553 : }
1554 141 : efree(name);
1555 : }
1556 :
1557 21 : zend_alter_ini_entry("session.save_handler", sizeof("session.save_handler"), "user", sizeof("user")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1558 :
1559 21 : mdata = PS(mod_data);
1560 :
1561 21 : if (mdata) {
1562 7 : for (i = 0; i < 6; i++) {
1563 6 : zval_ptr_dtor(&mdata->names[i]);
1564 : }
1565 1 : efree(mdata);
1566 : }
1567 :
1568 21 : mdata = emalloc(sizeof(*mdata));
1569 :
1570 147 : for (i = 0; i < 6; i++) {
1571 126 : ZVAL_ADDREF(*args[i]);
1572 126 : mdata->names[i] = *args[i];
1573 : }
1574 :
1575 21 : PS(mod_data) = (void *) mdata;
1576 :
1577 21 : RETURN_TRUE;
1578 : }
1579 : /* }}} */
1580 :
1581 : /* {{{ proto string session_save_path([string newname])
1582 : Return the current save path passed to module_name. If newname is given, the save path is replaced with newname */
1583 : static PHP_FUNCTION(session_save_path)
1584 45 : {
1585 : zval **p_name;
1586 45 : int ac = ZEND_NUM_ARGS();
1587 : char *old;
1588 :
1589 45 : if (ac < 0 || ac > 1 || zend_get_parameters_ex(ac, &p_name) == FAILURE)
1590 0 : WRONG_PARAM_COUNT;
1591 :
1592 45 : old = estrdup(PS(save_path));
1593 :
1594 45 : if (ac == 1) {
1595 33 : convert_to_string_ex(p_name);
1596 33 : zend_alter_ini_entry("session.save_path", sizeof("session.save_path"), Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1597 : }
1598 :
1599 45 : RETVAL_STRING(old, 0);
1600 : }
1601 : /* }}} */
1602 :
1603 : /* {{{ proto string session_id([string newid])
1604 : Return the current session id. If newid is given, the session id is replaced with newid */
1605 : static PHP_FUNCTION(session_id)
1606 129 : {
1607 : zval **p_name;
1608 129 : int ac = ZEND_NUM_ARGS();
1609 : char *old;
1610 :
1611 129 : if (ac < 0 || ac > 1 || zend_get_parameters_ex(ac, &p_name) == FAILURE)
1612 0 : WRONG_PARAM_COUNT;
1613 :
1614 129 : if (PS(id)) {
1615 77 : old = estrdup(PS(id));
1616 : } else {
1617 52 : old = STR_EMPTY_ALLOC();
1618 : }
1619 :
1620 129 : if (ac == 1) {
1621 66 : convert_to_string_ex(p_name);
1622 66 : if (PS(id)) {
1623 34 : efree(PS(id));
1624 : }
1625 66 : PS(id) = estrndup(Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name));
1626 : }
1627 :
1628 129 : RETVAL_STRING(old, 0);
1629 : }
1630 : /* }}} */
1631 :
1632 : /* {{{ proto bool session_regenerate_id([bool delete_old_session])
1633 : Update the current session id with a newly generated one. If delete_old_session is set to true, remove the old session. */
1634 : static PHP_FUNCTION(session_regenerate_id)
1635 31 : {
1636 31 : zend_bool del_ses = 0;
1637 :
1638 31 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &del_ses) == FAILURE) {
1639 2 : return;
1640 : }
1641 :
1642 29 : if (SG(headers_sent)) {
1643 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot regenerate session id - headers already sent");
1644 0 : RETURN_FALSE;
1645 : }
1646 :
1647 29 : if (PS(session_status) == php_session_active) {
1648 3 : if (PS(id)) {
1649 3 : if (del_ses && PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) {
1650 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session object destruction failed");
1651 0 : RETURN_FALSE;
1652 : }
1653 3 : efree(PS(id));
1654 3 : PS(id) = NULL;
1655 : }
1656 :
1657 3 : PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
1658 :
1659 3 : PS(send_cookie) = 1;
1660 3 : php_session_reset_id(TSRMLS_C);
1661 :
1662 3 : RETURN_TRUE;
1663 : }
1664 26 : RETURN_FALSE;
1665 : }
1666 : /* }}} */
1667 :
1668 : /* {{{ proto string session_cache_limiter([string new_cache_limiter])
1669 : Return the current cache limiter. If new_cache_limited is given, the current cache_limiter is replaced with new_cache_limiter */
1670 : static PHP_FUNCTION(session_cache_limiter)
1671 47 : {
1672 : zval **p_cache_limiter;
1673 47 : int ac = ZEND_NUM_ARGS();
1674 : char *old;
1675 :
1676 47 : if (ac < 0 || ac > 1 || zend_get_parameters_ex(ac, &p_cache_limiter) == FAILURE)
1677 0 : WRONG_PARAM_COUNT;
1678 :
1679 47 : old = estrdup(PS(cache_limiter));
1680 :
1681 47 : if (ac == 1) {
1682 31 : convert_to_string_ex(p_cache_limiter);
1683 31 : zend_alter_ini_entry("session.cache_limiter", sizeof("session.cache_limiter"), Z_STRVAL_PP(p_cache_limiter), Z_STRLEN_PP(p_cache_limiter), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1684 : }
1685 :
1686 47 : RETVAL_STRING(old, 0);
1687 : }
1688 : /* }}} */
1689 :
1690 : /* {{{ proto int session_cache_expire([int new_cache_expire])
1691 : Return the current cache expire. If new_cache_expire is given, the current cache_expire is replaced with new_cache_expire */
1692 : static PHP_FUNCTION(session_cache_expire)
1693 43 : {
1694 : zval **p_cache_expire;
1695 43 : int ac = ZEND_NUM_ARGS();
1696 : long old;
1697 :
1698 43 : old = PS(cache_expire);
1699 :
1700 43 : if (ac < 0 || ac > 1 || zend_get_parameters_ex(ac, &p_cache_expire) == FAILURE)
1701 0 : WRONG_PARAM_COUNT;
1702 :
1703 43 : if (ac == 1) {
1704 31 : convert_to_string_ex(p_cache_expire);
1705 31 : zend_alter_ini_entry("session.cache_expire", sizeof("session.cache_expire"), Z_STRVAL_PP(p_cache_expire), Z_STRLEN_PP(p_cache_expire), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
1706 : }
1707 :
1708 43 : RETVAL_LONG(old);
1709 : }
1710 : /* }}} */
1711 :
1712 : /* {{{ static void php_register_var(zval** entry TSRMLS_DC) */
1713 : static void php_register_var(zval** entry TSRMLS_DC)
1714 87 : {
1715 : zval **value;
1716 :
1717 87 : if (Z_TYPE_PP(entry) == IS_ARRAY) {
1718 2 : if (Z_ARRVAL_PP(entry)->nApplyCount > 1) {
1719 0 : return;
1720 : }
1721 :
1722 2 : zend_hash_internal_pointer_reset(Z_ARRVAL_PP(entry));
1723 2 : Z_ARRVAL_PP(entry)->nApplyCount++;
1724 :
1725 52 : while (zend_hash_get_current_data(Z_ARRVAL_PP(entry), (void**)&value) == SUCCESS) {
1726 48 : php_register_var(value TSRMLS_CC);
1727 48 : zend_hash_move_forward(Z_ARRVAL_PP(entry));
1728 : }
1729 :
1730 2 : Z_ARRVAL_PP(entry)->nApplyCount--;
1731 : } else {
1732 85 : convert_to_string_ex(entry);
1733 :
1734 85 : if ((strcmp(Z_STRVAL_PP(entry), "HTTP_SESSION_VARS") != 0) &&
1735 : (strcmp(Z_STRVAL_PP(entry), "_SESSION") != 0)
1736 : ) {
1737 84 : PS_ADD_VARL(Z_STRVAL_PP(entry), Z_STRLEN_PP(entry));
1738 : }
1739 : }
1740 : }
1741 : /* }}} */
1742 :
1743 : /* {{{ proto string session_encode(void)
1744 : Serializes the current setup and returns the serialized representation */
1745 : static PHP_FUNCTION(session_encode)
1746 116 : {
1747 : int len;
1748 : char *enc;
1749 :
1750 116 : if (ZEND_NUM_ARGS() != 0) {
1751 24 : WRONG_PARAM_COUNT;
1752 : }
1753 :
1754 92 : enc = php_session_encode(&len TSRMLS_CC);
1755 92 : if (enc == NULL) {
1756 28 : RETURN_FALSE;
1757 : }
1758 :
1759 64 : RETVAL_STRINGL(enc, len, 0);
1760 : }
1761 : /* }}} */
1762 :
1763 : /* {{{ proto bool session_decode(string data)
1764 : Deserializes data and reinitializes the variables */
1765 : static PHP_FUNCTION(session_decode)
1766 115 : {
1767 : zval **str;
1768 :
1769 115 : if (PS(session_status) == php_session_none) {
1770 4 : RETURN_FALSE;
1771 : }
1772 :
1773 111 : if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &str) == FAILURE) {
1774 0 : WRONG_PARAM_COUNT;
1775 : }
1776 :
1777 111 : convert_to_string_ex(str);
1778 :
1779 111 : php_session_decode(Z_STRVAL_PP(str), Z_STRLEN_PP(str) TSRMLS_CC);
1780 :
1781 111 : RETURN_TRUE;
1782 : }
1783 : /* }}} */
1784 :
1785 : /* {{{ proto bool session_start(void)
1786 : Begin session - reinitializes freezed variables, registers browsers etc */
1787 : static PHP_FUNCTION(session_start)
1788 300 : {
1789 : /* skipping check for non-zero args for performance reasons here ?*/
1790 300 : php_session_start(TSRMLS_C);
1791 :
1792 299 : if (PS(session_status) != php_session_active) {
1793 2 : RETURN_FALSE;
1794 : }
1795 297 : RETURN_TRUE;
1796 : }
1797 : /* }}} */
1798 :
1799 : /* {{{ proto bool session_destroy(void)
1800 : Destroy the current session and all data associated with it */
1801 : static PHP_FUNCTION(session_destroy)
1802 268 : {
1803 268 : if (ZEND_NUM_ARGS() != 0) {
1804 24 : WRONG_PARAM_COUNT;
1805 : }
1806 :
1807 244 : RETURN_BOOL(php_session_destroy(TSRMLS_C) == SUCCESS);
1808 : }
1809 : /* }}} */
1810 :
1811 : /* {{{ proto void session_unset(void)
1812 : Unset all registered variables */
1813 : static PHP_FUNCTION(session_unset)
1814 32 : {
1815 32 : if (PS(session_status) == php_session_none) {
1816 29 : RETURN_FALSE;
1817 : }
1818 :
1819 3 : IF_SESSION_VARS() {
1820 3 : HashTable *ht = Z_ARRVAL_P(PS(http_session_vars));
1821 :
1822 3 : if (PG(register_globals)) {
1823 : uint str_len;
1824 : char *str;
1825 : ulong num_key;
1826 : HashPosition pos;
1827 :
1828 1 : zend_hash_internal_pointer_reset_ex(ht, &pos);
1829 :
1830 3 : while (zend_hash_get_current_key_ex(ht, &str, &str_len, &num_key, 0, &pos) == HASH_KEY_IS_STRING) {
1831 1 : zend_delete_global_variable(str, str_len-1 TSRMLS_CC);
1832 1 : zend_hash_move_forward_ex(ht, &pos);
1833 : }
1834 : }
1835 :
1836 : /* Clean $_SESSION. */
1837 3 : zend_hash_clean(ht);
1838 : }
1839 : }
1840 : /* }}} */
1841 :
1842 : /* {{{ proto void session_write_close(void)
1843 : Write session data and end session */
1844 : static PHP_FUNCTION(session_write_close)
1845 107 : {
1846 107 : php_session_flush(TSRMLS_C);
1847 107 : }
1848 : /* }}} */
1849 :
1850 : /* {{{ proto bool session_register(mixed var_names [, mixed ...])
1851 : Adds varname(s) to the list of variables which are freezed at the session end */
1852 : static PHP_FUNCTION(session_register)
1853 39 : {
1854 : zval ***args;
1855 39 : int argc = ZEND_NUM_ARGS();
1856 : int i;
1857 :
1858 39 : if (argc <= 0)
1859 1 : RETURN_FALSE
1860 : else
1861 38 : args = (zval ***)safe_emalloc(argc, sizeof(zval **), 0);
1862 :
1863 38 : if (zend_get_parameters_array_ex(argc, args) == FAILURE) {
1864 0 : efree(args);
1865 0 : WRONG_PARAM_COUNT;
1866 : }
1867 :
1868 38 : if (PS(session_status) == php_session_none || PS(session_status) == php_session_disabled) {
1869 3 : php_session_start(TSRMLS_C);
1870 : }
1871 :
1872 38 : if (PS(session_status) == php_session_disabled) {
1873 0 : efree(args);
1874 0 : RETURN_FALSE;
1875 : }
1876 :
1877 77 : for (i = 0; i < argc; i++) {
1878 39 : if (Z_TYPE_PP(args[i]) == IS_ARRAY) {
1879 2 : SEPARATE_ZVAL(args[i]);
1880 : }
1881 39 : php_register_var(args[i] TSRMLS_CC);
1882 : }
1883 :
1884 38 : efree(args);
1885 :
1886 38 : RETURN_TRUE;
1887 : }
1888 : /* }}} */
1889 :
1890 : /* {{{ proto bool session_unregister(string varname)
1891 : Removes varname from the list of variables which are freezed at the session end */
1892 : static PHP_FUNCTION(session_unregister)
1893 30 : {
1894 : zval **p_name;
1895 30 : int ac = ZEND_NUM_ARGS();
1896 :
1897 30 : if (ac != 1 || zend_get_parameters_ex(ac, &p_name) == FAILURE) {
1898 0 : WRONG_PARAM_COUNT;
1899 : }
1900 30 : convert_to_string_ex(p_name);
1901 :
1902 30 : PS_DEL_VARL(Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name));
1903 :
1904 30 : RETURN_TRUE;
1905 : }
1906 : /* }}} */
1907 :
1908 : /* {{{ proto bool session_is_registered(string varname)
1909 : Checks if a variable is registered in session */
1910 : static PHP_FUNCTION(session_is_registered)
1911 38 : {
1912 : zval **p_name;
1913 : zval *p_var;
1914 38 : int ac = ZEND_NUM_ARGS();
1915 :
1916 38 : if (ac != 1 || zend_get_parameters_ex(ac, &p_name) == FAILURE) {
1917 0 : WRONG_PARAM_COUNT;
1918 : }
1919 :
1920 38 : if (PS(session_status) == php_session_none) {
1921 5 : RETURN_FALSE;
1922 : }
1923 :
1924 33 : convert_to_string_ex(p_name);
1925 :
1926 33 : IF_SESSION_VARS() {
1927 33 : if (zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name)+1, (void **)&p_var) == SUCCESS) {
1928 3 : RETURN_TRUE;
1929 : }
1930 : }
1931 30 : RETURN_FALSE;
1932 : }
1933 : /* }}} */
1934 :
1935 : /* {{{ session_functions[]
1936 : */
1937 : static zend_function_entry session_functions[] = {
1938 : PHP_FE(session_name, NULL)
1939 : PHP_FE(session_module_name, NULL)
1940 : PHP_FE(session_save_path, NULL)
1941 : PHP_FE(session_id, NULL)
1942 : PHP_FE(session_regenerate_id, NULL)
1943 : PHP_FE(session_decode, NULL)
1944 : PHP_FE(session_register, NULL)
1945 : PHP_FE(session_unregister, NULL)
1946 : PHP_FE(session_is_registered, NULL)
1947 : PHP_FE(session_encode, NULL)
1948 : PHP_FE(session_start, NULL)
1949 : PHP_FE(session_destroy, NULL)
1950 : PHP_FE(session_unset, NULL)
1951 : PHP_FE(session_set_save_handler, NULL)
1952 : PHP_FE(session_cache_limiter, NULL)
1953 : PHP_FE(session_cache_expire, NULL)
1954 : PHP_FE(session_set_cookie_params, NULL)
1955 : PHP_FE(session_get_cookie_params, NULL)
1956 : PHP_FE(session_write_close, NULL)
1957 : PHP_FALIAS(session_commit, session_write_close, NULL)
1958 : {NULL, NULL, NULL}
1959 : };
1960 : /* }}} */
1961 :
1962 : /* ********************************
1963 : * Module Setup and Destruction *
1964 : ******************************** */
1965 :
1966 : static PHP_RINIT_FUNCTION(session) /* {{{ */
1967 13551 : {
1968 13551 : php_rinit_session_globals(TSRMLS_C);
1969 :
1970 13551 : if (PS(mod) == NULL) {
1971 : char *value;
1972 :
1973 2 : value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0);
1974 2 : if (value) {
1975 2 : PS(mod) = _php_find_ps_module(value TSRMLS_CC);
1976 : }
1977 : }
1978 :
1979 13551 : if (PS(serializer) == NULL) {
1980 : char *value;
1981 :
1982 8 : value = zend_ini_string("session.serialize_handler", sizeof("session.serialize_handler"), 0);
1983 8 : if (value) {
1984 8 : PS(serializer) = _php_find_ps_serializer(value TSRMLS_CC);
1985 : }
1986 : }
1987 :
1988 13551 : if (PS(mod) == NULL || PS(serializer) == NULL) {
1989 : /* current status is unusable */
1990 6 : PS(session_status) = php_session_disabled;
1991 6 : return SUCCESS;
1992 : }
1993 :
1994 13545 : if (PS(auto_start)) {
1995 12 : php_session_start(TSRMLS_C);
1996 : }
1997 :
1998 13545 : return SUCCESS;
1999 : }
2000 : /* }}} */
2001 :
2002 : static PHP_RSHUTDOWN_FUNCTION(session) /* {{{ */
2003 13584 : {
2004 13584 : php_session_flush(TSRMLS_C);
2005 13584 : php_rshutdown_session_globals(TSRMLS_C);
2006 :
2007 13584 : return SUCCESS;
2008 : }
2009 : /* }}} */
2010 :
2011 : static PHP_GINIT_FUNCTION(ps) /* {{{ */
2012 13565 : {
2013 13565 : ps_globals->save_path = NULL;
2014 13565 : ps_globals->session_name = NULL;
2015 13565 : ps_globals->id = NULL;
2016 13565 : ps_globals->mod = NULL;
2017 13565 : ps_globals->serializer = NULL;
2018 13565 : ps_globals->mod_data = NULL;
2019 13565 : ps_globals->session_status = php_session_none;
2020 13565 : ps_globals->http_session_vars = NULL;
2021 13565 : }
2022 : /* }}} */
2023 :
2024 : static PHP_MINIT_FUNCTION(session) /* {{{ */
2025 13565 : {
2026 13565 : zend_register_auto_global("_SESSION", sizeof("_SESSION")-1, NULL TSRMLS_CC);
2027 :
2028 13565 : PS(module_number) = module_number; /* if we really need this var we need to init it in zts mode as well! */
2029 :
2030 13565 : PS(session_status) = php_session_none;
2031 13565 : REGISTER_INI_ENTRIES();
2032 :
2033 : #ifdef HAVE_LIBMM
2034 : PHP_MINIT(ps_mm) (INIT_FUNC_ARGS_PASSTHRU);
2035 : #endif
2036 13565 : return SUCCESS;
2037 : }
2038 : /* }}} */
2039 :
2040 : static PHP_MSHUTDOWN_FUNCTION(session) /* {{{ */
2041 13597 : {
2042 13597 : UNREGISTER_INI_ENTRIES();
2043 :
2044 : #ifdef HAVE_LIBMM
2045 : PHP_MSHUTDOWN(ps_mm) (SHUTDOWN_FUNC_ARGS_PASSTHRU);
2046 : #endif
2047 :
2048 13597 : ps_serializers[PREDEFINED_SERIALIZERS].name = NULL;
2049 13597 : memset(&ps_modules[PREDEFINED_MODULES], 0, (MAX_MODULES-PREDEFINED_MODULES)*sizeof(ps_module *));
2050 :
2051 13597 : return SUCCESS;
2052 : }
2053 : /* }}} */
2054 :
2055 : static PHP_MINFO_FUNCTION(session) /* {{{ */
2056 6 : {
2057 : ps_module **mod;
2058 : ps_serializer *ser;
2059 6 : smart_str save_handlers = {0};
2060 6 : smart_str ser_handlers = {0};
2061 : int i;
2062 :
2063 : /* Get save handlers */
2064 66 : for (i = 0, mod = ps_modules; i < MAX_MODULES; i++, mod++) {
2065 60 : if (*mod && (*mod)->s_name) {
2066 18 : smart_str_appends(&save_handlers, (*mod)->s_name);
2067 18 : smart_str_appendc(&save_handlers, ' ');
2068 : }
2069 : }
2070 :
2071 : /* Get serializer handlers */
2072 66 : for (i = 0, ser = ps_serializers; i < MAX_SERIALIZERS; i++, ser++) {
2073 60 : if (ser && ser->name) {
2074 18 : smart_str_appends(&ser_handlers, ser->name);
2075 18 : smart_str_appendc(&ser_handlers, ' ');
2076 : }
2077 : }
2078 :
2079 6 : php_info_print_table_start();
2080 6 : php_info_print_table_row(2, "Session Support", "enabled" );
2081 :
2082 6 : if (save_handlers.c) {
2083 6 : smart_str_0(&save_handlers);
2084 6 : php_info_print_table_row(2, "Registered save handlers", save_handlers.c);
2085 6 : smart_str_free(&save_handlers);
2086 : } else {
2087 0 : php_info_print_table_row(2, "Registered save handlers", "none");
2088 : }
2089 :
2090 6 : if (ser_handlers.c) {
2091 6 : smart_str_0(&ser_handlers);
2092 6 : php_info_print_table_row(2, "Registered serializer handlers", ser_handlers.c);
2093 6 : smart_str_free(&ser_handlers);
2094 : } else {
2095 0 : php_info_print_table_row(2, "Registered serializer handlers", "none");
2096 : }
2097 :
2098 6 : php_info_print_table_end();
2099 :
2100 6 : DISPLAY_INI_ENTRIES();
2101 6 : }
2102 : /* }}} */
2103 :
2104 : static zend_module_dep session_deps[] = { /* {{{ */
2105 : ZEND_MOD_OPTIONAL("hash")
2106 : {NULL, NULL, NULL}
2107 : };
2108 : /* }}} */
2109 :
2110 : zend_module_entry session_module_entry = {
2111 : STANDARD_MODULE_HEADER_EX,
2112 : NULL,
2113 : session_deps,
2114 : "session",
2115 : session_functions,
2116 : PHP_MINIT(session), PHP_MSHUTDOWN(session),
2117 : PHP_RINIT(session), PHP_RSHUTDOWN(session),
2118 : PHP_MINFO(session),
2119 : NO_VERSION_YET,
2120 : PHP_MODULE_GLOBALS(ps),
2121 : PHP_GINIT(ps),
2122 : NULL,
2123 : NULL,
2124 : STANDARD_MODULE_PROPERTIES_EX
2125 : };
2126 :
2127 : #ifdef COMPILE_DL_SESSION
2128 : ZEND_GET_MODULE(session)
2129 : #endif
2130 :
2131 : /*
2132 : * Local variables:
2133 : * tab-width: 4
2134 : * c-basic-offset: 4
2135 : * End:
2136 : * vim600: noet sw=4 ts=4 fdm=marker
2137 : * vim<600: sw=4 ts=4
2138 : */
|
