1 | <?php |
||||
2 | namespace Elgg\Http; |
||||
3 | |||||
4 | /** |
||||
5 | * Database session handler |
||||
6 | * |
||||
7 | * @access private |
||||
8 | * |
||||
9 | * @package Elgg.Core |
||||
10 | * @subpackage Http |
||||
11 | */ |
||||
12 | class DatabaseSessionHandler implements \SessionHandlerInterface { |
||||
13 | |||||
14 | /** @var \Elgg\Database $db */ |
||||
15 | protected $db; |
||||
16 | |||||
17 | /** |
||||
18 | * Constructor |
||||
19 | * |
||||
20 | * @param \Elgg\Database $db The database |
||||
21 | */ |
||||
22 | public function __construct(\Elgg\Database $db) { |
||||
23 | $this->db = $db; |
||||
24 | } |
||||
25 | |||||
26 | /** |
||||
27 | * {@inheritDoc} |
||||
28 | */ |
||||
29 | public function open($save_path, $name) { |
||||
30 | return true; |
||||
31 | } |
||||
32 | |||||
33 | /** |
||||
34 | * {@inheritDoc} |
||||
35 | */ |
||||
36 | public function read($session_id) { |
||||
37 | |||||
38 | $id = sanitize_string($session_id); |
||||
0 ignored issues
–
show
|
|||||
39 | $query = "SELECT * FROM {$this->db->prefix}users_sessions WHERE session='$id'"; |
||||
40 | $result = $this->db->getDataRow($query); |
||||
41 | if ($result) { |
||||
0 ignored issues
–
show
The expression
$result of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using
Loading history...
|
|||||
42 | return (string) $result->data; |
||||
43 | } else { |
||||
44 | return ''; |
||||
45 | } |
||||
46 | } |
||||
47 | |||||
48 | /** |
||||
49 | * {@inheritDoc} |
||||
50 | */ |
||||
51 | public function write($session_id, $session_data) { |
||||
52 | $id = sanitize_string($session_id); |
||||
0 ignored issues
–
show
The function
sanitize_string() has been deprecated: Use query parameters where possible
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||
53 | $time = time(); |
||||
54 | $sess_data_sanitised = sanitize_string($session_data); |
||||
0 ignored issues
–
show
The function
sanitize_string() has been deprecated: Use query parameters where possible
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||
55 | |||||
56 | $query = "INSERT INTO {$this->db->prefix}users_sessions |
||||
57 | (session, ts, data) VALUES |
||||
58 | ('$id', '$time', '$sess_data_sanitised') |
||||
59 | ON DUPLICATE KEY UPDATE ts = '$time', data = '$sess_data_sanitised'"; |
||||
60 | |||||
61 | if ($this->db->insertData($query) !== false) { |
||||
62 | return true; |
||||
63 | } else { |
||||
64 | return false; |
||||
65 | } |
||||
66 | } |
||||
67 | |||||
68 | /** |
||||
69 | * {@inheritDoc} |
||||
70 | */ |
||||
71 | public function close() { |
||||
72 | return true; |
||||
73 | } |
||||
74 | |||||
75 | /** |
||||
76 | * {@inheritDoc} |
||||
77 | */ |
||||
78 | public function destroy($session_id) { |
||||
79 | |||||
80 | $id = sanitize_string($session_id); |
||||
0 ignored issues
–
show
The function
sanitize_string() has been deprecated: Use query parameters where possible
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||
81 | $query = "DELETE FROM {$this->db->prefix}users_sessions WHERE session='$id'"; |
||||
82 | return (bool) $this->db->deleteData($query); |
||||
83 | } |
||||
84 | |||||
85 | /** |
||||
86 | * {@inheritDoc} |
||||
87 | */ |
||||
88 | public function gc($max_lifetime) { |
||||
89 | |||||
90 | $life = time() - $max_lifetime; |
||||
91 | $query = "DELETE FROM {$this->db->prefix}users_sessions WHERE ts < '$life'"; |
||||
92 | return (bool) $this->db->deleteData($query); |
||||
93 | } |
||||
94 | } |
||||
95 |
This function has been deprecated. The supplier of the function has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.