Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

classes/Elgg/Http/DatabaseSessionHandler.php (4 issues)

1
<?php
2
namespace Elgg\Http;
3
4
/**
5
 * Database session handler
6
 *
7
 * @access private
8
 *
9
 * @package    Elgg.Core
10
 * @subpackage Http
11
 */
12
class DatabaseSessionHandler implements \SessionHandlerInterface {
13
14
	/** @var \Elgg\Database $db */
15
	protected $db;
16
17
	/**
18
	 * Constructor
19
	 *
20
	 * @param \Elgg\Database $db The database
21
	 */
22
	public function __construct(\Elgg\Database $db) {
23
		$this->db = $db;
24
	}
25
26
	/**
27
	 * {@inheritDoc}
28
	 */
29
	public function open($save_path, $name) {
30
		return true;
31
	}
32
33
	/**
34
	 * {@inheritDoc}
35
	 */
36
	public function read($session_id) {
37
		
38
		$id = sanitize_string($session_id);
0 ignored issues
show
Deprecated Code introduced by
The function sanitize_string() has been deprecated: Use query parameters where possible ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

38
		$id = /** @scrutinizer ignore-deprecated */ sanitize_string($session_id);

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
39
		$query = "SELECT * FROM {$this->db->prefix}users_sessions WHERE session='$id'";
40
		$result = $this->db->getDataRow($query);
41
		if ($result) {
42
			return (string) $result->data;
43
		} else {
44
			return '';
45
		}
46
	}
47
48
	/**
49
	 * {@inheritDoc}
50
	 */
51
	public function write($session_id, $session_data) {
52
		$id = sanitize_string($session_id);
0 ignored issues
show
Deprecated Code introduced by
The function sanitize_string() has been deprecated: Use query parameters where possible ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

52
		$id = /** @scrutinizer ignore-deprecated */ sanitize_string($session_id);

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
53
		$time = time();
54
		$sess_data_sanitised = sanitize_string($session_data);
0 ignored issues
show
Deprecated Code introduced by
The function sanitize_string() has been deprecated: Use query parameters where possible ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

54
		$sess_data_sanitised = /** @scrutinizer ignore-deprecated */ sanitize_string($session_data);

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
55
56
		$query = "INSERT INTO {$this->db->prefix}users_sessions
57
			(session, ts, data) VALUES
58
			('$id', '$time', '$sess_data_sanitised')
59
			ON DUPLICATE KEY UPDATE ts = '$time', data = '$sess_data_sanitised'";
60
61
		if ($this->db->insertData($query) !== false) {
62
			return true;
63
		} else {
64
			return false;
65
		}
66
	}
67
68
	/**
69
	 * {@inheritDoc}
70
	 */
71
	public function close() {
72
		return true;
73
	}
74
75
	/**
76
	 * {@inheritDoc}
77
	 */
78
	public function destroy($session_id) {
79
		
80
		$id = sanitize_string($session_id);
0 ignored issues
show
Deprecated Code introduced by
The function sanitize_string() has been deprecated: Use query parameters where possible ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

80
		$id = /** @scrutinizer ignore-deprecated */ sanitize_string($session_id);

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
81
		$query = "DELETE FROM {$this->db->prefix}users_sessions WHERE session='$id'";
82
		return (bool) $this->db->deleteData($query);
83
	}
84
85
	/**
86
	 * {@inheritDoc}
87
	 */
88
	public function gc($max_lifetime) {
89
		
90
		$life = time() - $max_lifetime;
91
		$query = "DELETE FROM {$this->db->prefix}users_sessions WHERE ts < '$life'";
92
		return (bool) $this->db->deleteData($query);
93
	}
94
}
95