这是我正在使用的会话类。 在每个页面上重新生成会话ID是个好主意,因为这是我打算做的。 在每个页面上重新生成会话ID,写入函数执行此操作0(rowCount())从插入的getkey函数1中选择0键。 读取函数将在(从rowCount())1从getkey函数中选择1个键,并从destroy函数中销毁1个函数中运行良好。 有时我会成功选择0读取数据记录 0成功销毁删除记录,从destroy函数中它应该已经在read函数中选择了getkey函数然后是destroy函数,因为where子句中的id是数据库表中的id。 其他时候我会选择1个读取0读取成功的0个记录0删除旧的会话ID已被删除,新的插入(来自写入功能),好像1读取所选择的1个键被选中,1个被破坏。 使用read函数,where子句的id将是它应该能够选择的id,即db中的id。这与键和删除功能相同。 有时我会尝试插入另外两个id,因为另一个已经生成但是如果同时set_time在db中设置为唯一,但是如果不是同一时间(测试转到另一页)我将会这样做在db表中有另一行具有不同的id。有时只是右行中的错误id(不是写函数中的id)。没有新行只是一个不同的ID。会话标识是db表中的主键。我似乎遇到了一个问题,如点击一下鼠标,有时似乎是两个,这可能是一个原因。对任何帮助都很有帮助。 PS:............. 5.2.16 随着情况1读取选择0键选择0销毁或如果1读取选择1键1销毁;说那些子句是123的id。在页面的php部分的结尾$ id = session_id()和echo $ id和它' s;让我们说321.然后在页面底部回复消息。 选择了0个键结果,该where子句的id为321。 然后加密回应。然后0写入选择1写入成功插入。 这是正常的
enter code here
class session{
function __construct(){
//set our custom session functions.
session_set_save_handler(array($this,'open'),array($this,'close'),array ($this,'read'),array($this,'write'),array($this,'destroy'),array($this,'gc'));
//This line prevents unexpected effects when using objects as save handlers.
register_shutdown_function('session_write_close');
}
function start_session($session_name,$secure){
$httponly = true;
// hash algorithm to use for the session id.(use hash_algos() to get a list of available hashs.)
$session_hash = 'sha512';
// check if hash is available
if(in_array($session_hash,hash_algos())){
// set the hash function.
ini_set('session.hash_function',$session_hash);
}
// how many bits per character of the hash.
ini_set('session.hash_bits_per_character',5);
// force the session to only use cookies, not url variables.
ini_set('session.use_only_cookies',1);
//get session cookie parameters
$cookieParams = session_get_cookie_params();
$domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
session_set_cookie_params($cookieParams["lifetime"],$cookieParams["path"],
//$cookieparams["domain"],$secure,$httponly);
$domain,$secure,$httponly);
// change session name
session_name($session_name);
session_name('identitysession');
// now we can start the session
session_start();
// this line regenerates the session and delete the old one.
// it also generates a new encryption key in the database.
session_regenerate_id(true);
}
protected $db = null;
function open(){
if(is_null($this->db)){
$user = 'myuser';
$pass = 'mypassword';
try{
$this->db = new PDO( 'mysql:host=127.0.0.1;dbname= mydb',$user,$pass,
array(
PDO::ATTR_ERRMODE =>PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE=> PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES =>false));
}catch (PDOException $e){
echo 'Connection failed:'.$e->getMessage();
}
echo 'open open','<br/>';// the echo for testing
return true;
}
else{
echo 'not open','<br/>';// the echo for testing
exit();
}
}
function close(){
$this->db = null;
echo 'closed closed','<br/>';// the echo for testing
return true;
}
function read($id){
$timeout = time()-(30*60);
echo $id,'<br/>';// the echo for testing
if(!isset($this->read_stmt)){
try{
$this->read_stmt = $this->db->prepare("SELECT id,data,set_time FROM mydbtable WHERE id= :id LIMIT 1 ");
}catch(PDOException $e){
echo 'Unable to select from database read:'.$e->getMessage();
}
}
if(isset($this->read_stmt)){
$this->read_stmt->bindParam(':id',$id, PDO::PARAM_STR);
$this->read_stmt->execute();
$row = $this->read_stmt->fetch(PDO::FETCH_ASSOC);
$idrow = $row['id'];
echo 'selected id <br/>' . $idrow,'<br/>';// the echo for testing the selected id of db
$read_count = $this->read_stmt->rowCount();
echo $read_count. " Read data records selected successfully<br/>";// the echo for testing
if($read_count > 0 && $row !=''){
$data =$row['data'];
$time_past = $row['set_time'];
if( $time_past < $timeout){
echo 'nogood time out';//not completed yet
}
elseif($time_past > $timeout){
echo 'read getting data','<br/>';// the echo for testing
$key = $this->getkey($id);
echo 'selected id for key <br/>' . $id,'<br/>';// the echo for testing
$data = $this->decrypt($data, $key);
echo 'Data','<br/>';// the echo for testing
echo $data,'<br/>';// the echo for testing
return $data;
}
}
elseif($read_count < 1 && $row ==''){
return '';
}
}
}
function write($id, $data){
$key = $this->getkey($id);
$data = $this->encrypt($data, $key);
$time = time();
if(!isset($this->w_stmt)){
try{
$this->w_stmt = $this->db->prepare("SELECT data FROM mydbtable WHERE id= :id LIMIT 1 ");
}catch(PDOException $e){
echo 'Unable to select from database:'.$e->getMessage();
}
}
if(isset($this->w_stmt)){
try{
$this->w_stmt->execute(array(':id'=>$id));
$row = $this->w_stmt->fetch(PDO::FETCH_ASSOC);
}catch(PDOException $e){
echo 'Unable something from database:'.$e->getMessage();
}
$w_count = $this->w_stmt->rowCount();
echo $w_count. "W stmt records selected successfully";// the echo for testing
if($w_count > 0 && $row !=''){
try{
$this->w_stmt =$this->db->prepare("UPDATE mydbtable SET id = :id,
set_time = :time,data = :data, session_key = :session_key");
$this->w_stmt->execute(array(':id'=>$id,':time'=>$time,':data'=>$data,
':session_key'=>$key));
$wri_count = $this->w_stmt->rowCount();
echo $wri_count. "records updated successfully";// the echo for testing
}catch (PDOException $e){
echo 'Can not update the database:'.$e->getMessage();// the echo for testing
}
}
elseif($w_count < 1 && $row == ''){
try{
$this->w_stmt =$this->db->prepare("INSERT INTO mydbtable (id,set_time,data,session_key)
VALUES(:id,:time,:data,:session_key)");
$this->w_stmt->execute(array(':id'=>$id,':time'=>$time,':data'=>$data,
':session_key'=>$key));
$write_count = $this->w_stmt->rowCount();
echo $write_count. "w stmt records inserted successfully<br/>";// the echo for testing
echo $id;
}catch (PDOException $e){
echo 'Can not insert the database:'.$e->getMessage();
}
}
}// if set
}
function destroy($id){
echo $id,'<br/>';// the echo for testing
if(!isset($this->delete_stmt)){
try{
$this->delete_stmt = $this->db->prepare("DELETE FROM mydbtable WHERE id = :id");
}catch(PDOException $e){
echo 'Unable to delete from database:'.$e->getMessage();
}
}
if(isset($this->delete_stmt)) {
$this->delete_stmt->bindValue(':id',$id,PDO::PARAM_STR);
$this->delete_stmt->execute();
$delete_count = $this->delete_stmt->rowCount();
echo $delete_count . " destroy delete records successfully<br/>";// the echo for testing
echo 'delete ','<br/>';// the echo for testing
return true;
}
}
function gc($max){
if(!isset($this->gc_stmt)){
try{
$this->gc_stmt = $this->db->prepare("DELETE FROM mydbtable WHERE set_time < :set_time");
}catch(PDOException $e){
echo 'Unable to delete from database:'.$e->getMessage();
}
}
if(isset($this->gc_stmt)){
$old = time() - $max;
$this->gc_stmt->execute(array(':set_time'=>$old));
$gc_count = $this->gc_stmt->rowCount();
echo $gc_count. " gc records successfully";// the echo for testing
}
return true;
}
private function getkey($id){
echo $id,'<br/>';// the echo for testing
if(!isset($this->key_stmt)){
try{
$this->key_stmt = $this->db->prepare("SELECT session_key FROM mydbtable WHERE id = :id limit 1");
}catch(PDOException $e){
echo 'Unable to select from database for key:'.$e->getMessage();
}
}
if(isset($this->key_stmt)){
$this->key_stmt->execute(array(':id'=>$id));
$row = $this->key_stmt->fetch(PDO::FETCH_ASSOC);
$key_count = $this->key_stmt->rowCount();
echo $key_count. " key records selected successfully<br/>";
if($key_count > 0 && $row !=''){
echo 'key getting key','<br/>';// the echo for testing
$key = $row['session_key'];
return $key;
}
elseif($key_count < 1 && $row == ''){
$random_key = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()),true));
return $random_key;
}
}
}
private function encrypt($data,$key){
$salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
$key = substr(hash('sha256',$salt.$key.$salt), 0, 32);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv));
echo 'encrypted','<br/>';// the echo for testing
return $encrypted;
}
private function decrypt($data, $key){
$salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
$key = substr(hash('sha256',$salt.$key.$salt), 0, 32);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($data), MCRYPT_MODE_ECB, $iv);
echo 'decript','<br/>';// the echo for testing
return $decrypted;
}