Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

classes/Elgg/Http/DatabaseSessionHandler.php (5 issues)

1
<?php
2
namespace Elgg\Http;
3
4
/**
5
 * Database session handler
6
 *
7
 * @access private
8
 *
9
 * @package    Elgg.Core
10
 * @subpackage Http
11
 */
12
class DatabaseSessionHandler implements \SessionHandlerInterface {
13
14
	/** @var \Elgg\Database $db */
15
	protected $db;
16
17
	/**
18
	 * Constructor
19
	 *
20
	 * @param \Elgg\Database $db The database
21
	 */
22
	public function __construct(\Elgg\Database $db) {
23
		$this->db = $db;
24
	}
25
26
	/**
27
	 * {@inheritDoc}
28
	 */
29
	public function open($save_path, $name) {
30
		return true;
31
	}
32
33
	/**
34
	 * {@inheritDoc}
35
	 */
36
	public function read($session_id) {
37
		
38
		$id = sanitize_string($session_id);
0 ignored issues
show
Deprecated Code introduced by
The function sanitize_string() has been deprecated: Use query parameters where possible ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

38
		$id = /** @scrutinizer ignore-deprecated */ sanitize_string($session_id);

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
39
		$query = "SELECT * FROM {$this->db->prefix}users_sessions WHERE session='$id'";
40
		$result = $this->db->getDataRow($query);
41
		if ($result) {
0 ignored issues
show
Bug Best Practice introduced by
The expression $result of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.

This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.

Consider making the comparison explicit by using empty(..) or ! empty(...) instead.

Loading history...
42
			return (string) $result->data;
43
		} else {
44
			return '';
45
		}
46
	}
47
48
	/**
49
	 * {@inheritDoc}
50
	 */
51
	public function write($session_id, $session_data) {
52
		$id = sanitize_string($session_id);
0 ignored issues
show
Deprecated Code introduced by
The function sanitize_string() has been deprecated: Use query parameters where possible ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

52
		$id = /** @scrutinizer ignore-deprecated */ sanitize_string($session_id);

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
53
		$time = time();
54
		$sess_data_sanitised = sanitize_string($session_data);
0 ignored issues
show
Deprecated Code introduced by
The function sanitize_string() has been deprecated: Use query parameters where possible ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

54
		$sess_data_sanitised = /** @scrutinizer ignore-deprecated */ sanitize_string($session_data);

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
55
56
		$query = "INSERT INTO {$this->db->prefix}users_sessions
57
			(session, ts, data) VALUES
58
			('$id', '$time', '$sess_data_sanitised')
59
			ON DUPLICATE KEY UPDATE ts = '$time', data = '$sess_data_sanitised'";
60
61
		if ($this->db->insertData($query) !== false) {
62
			return true;
63
		} else {
64
			return false;
65
		}
66
	}
67
68
	/**
69
	 * {@inheritDoc}
70
	 */
71
	public function close() {
72
		return true;
73
	}
74
75
	/**
76
	 * {@inheritDoc}
77
	 */
78
	public function destroy($session_id) {
79
		
80
		$id = sanitize_string($session_id);
0 ignored issues
show
Deprecated Code introduced by
The function sanitize_string() has been deprecated: Use query parameters where possible ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

80
		$id = /** @scrutinizer ignore-deprecated */ sanitize_string($session_id);

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
81
		$query = "DELETE FROM {$this->db->prefix}users_sessions WHERE session='$id'";
82
		return (bool) $this->db->deleteData($query);
83
	}
84
85
	/**
86
	 * {@inheritDoc}
87
	 */
88
	public function gc($max_lifetime) {
89
		
90
		$life = time() - $max_lifetime;
91
		$query = "DELETE FROM {$this->db->prefix}users_sessions WHERE ts < '$life'";
92
		return (bool) $this->db->deleteData($query);
93
	}
94
}
95