会话类无法跟踪会话ID核心

时间:2016-02-02 01:45:21

标签: php session pdo

这是我正在使用的会话类。 在每个页面上重新生成会话ID是个好主意,因为这是我打算做的。 在每个页面上重新生成会话ID,写入函数执行此操作0(rowCount())从插入的getkey函数1中选择0键。 读取函数将在(从rowCount())1从getkey函数中选择1个键,并从destroy函数中销毁1个函数中运行良好。 有时我会成功选择0读取数据记录 0成功销毁删除记录,从destroy函数中它应该已经在read函数中选择了getkey函数然后是destroy函数,因为where子句中的id是数据库表中的id。 其他时候我会选择1个读取0读取成功的0个记录0删除旧的会话ID已被删除,新的插入(来自写入功能),好像1读取所选择的1个键被选中,1个被破坏。 使用read函数,where子句的id将是它应该能够选择的id,即db中的id。这与键和删除功能相同。 有时我会尝试插入另外两个id,因为另一个已经生成但是如果同时set_time在db中设置为唯一,但是如果不是同一时间(测试转到另一页)我将会这样做在db表中有另一行具有不同的id。有时只是右行中的错误id(不是写函数中的id)。没有新行只是一个不同的ID。会话标识是db表中的主键。我似乎遇到了一个问题,如点击一下鼠标,有时似乎是两个,这可能是一个原因。对任何帮助都很有帮助。 PS:............. 5.2.16 随着情况1读取选择0键选择0销毁或如果1读取选择1键1销毁;说那些子句是123的id。在页面的php部分的结尾$ id = session_id()和echo $ id和它' s;让我们说321.然后在页面底部回复消息。 选择了0个键结果,该where子句的id为321。 然后加密回应。然后0写入选择1写入成功插入。 这是正常的

enter code here

     class session{
 function __construct(){
//set our custom session functions.
session_set_save_handler(array($this,'open'),array($this,'close'),array   ($this,'read'),array($this,'write'),array($this,'destroy'),array($this,'gc'));
//This line prevents unexpected effects when using objects as save handlers.
register_shutdown_function('session_write_close');
 }
 function start_session($session_name,$secure){
  $httponly = true;
 // hash algorithm to use for the session id.(use hash_algos() to get a list of available hashs.)
  $session_hash = 'sha512';
 // check if hash is available
 if(in_array($session_hash,hash_algos())){
 // set the hash function.
  ini_set('session.hash_function',$session_hash);
 }
  // how many bits per character of the hash.
  ini_set('session.hash_bits_per_character',5);
 // force the session to only use cookies, not url variables.
  ini_set('session.use_only_cookies',1);
  //get session cookie parameters
 $cookieParams = session_get_cookie_params();
 $domain = ($_SERVER['HTTP_HOST'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
 session_set_cookie_params($cookieParams["lifetime"],$cookieParams["path"],
  //$cookieparams["domain"],$secure,$httponly);
 $domain,$secure,$httponly);
  // change session name
  session_name($session_name);
  session_name('identitysession');
  // now we can start the session
  session_start();
   // this line regenerates the session and delete the old one.
  // it also generates a new encryption key in the database.
 session_regenerate_id(true);
   }

 protected $db = null;


 function open(){
  if(is_null($this->db)){
 $user = 'myuser'; 
 $pass = 'mypassword';
 try{
   $this->db = new PDO( 'mysql:host=127.0.0.1;dbname= mydb',$user,$pass,
   array(
   PDO::ATTR_ERRMODE    =>PDO::ERRMODE_EXCEPTION,
   PDO::ATTR_DEFAULT_FETCH_MODE=> PDO::FETCH_ASSOC,
   PDO::ATTR_EMULATE_PREPARES =>false));
  }catch (PDOException $e){
   echo 'Connection failed:'.$e->getMessage();
   }
  echo 'open open','<br/>';// the echo for testing
  return true;
  }
      else{
    echo 'not open','<br/>';// the echo for testing
    exit();
   }
 }



 function close(){
  $this->db = null;
  echo 'closed closed','<br/>';// the echo for testing
  return true;
 }


 function read($id){
  $timeout = time()-(30*60);
  echo $id,'<br/>';// the echo for testing
 if(!isset($this->read_stmt)){
     try{
     $this->read_stmt = $this->db->prepare("SELECT id,data,set_time FROM mydbtable WHERE id= :id LIMIT 1 ");
     }catch(PDOException $e){
     echo 'Unable to select from database read:'.$e->getMessage();
     }
 }

   if(isset($this->read_stmt)){
  $this->read_stmt->bindParam(':id',$id, PDO::PARAM_STR);   
  $this->read_stmt->execute();
  $row = $this->read_stmt->fetch(PDO::FETCH_ASSOC);
  $idrow = $row['id'];
  echo 'selected id <br/>' . $idrow,'<br/>';// the echo for testing the selected id of db
  $read_count = $this->read_stmt->rowCount();
  echo $read_count. " Read data records selected successfully<br/>";// the echo for testing

       if($read_count > 0 && $row !=''){
         $data =$row['data'];
         $time_past = $row['set_time'];
           if( $time_past < $timeout){
       echo 'nogood time out';//not completed yet
           }
               elseif($time_past > $timeout){
               echo 'read getting data','<br/>';// the echo for testing
               $key = $this->getkey($id);
               echo 'selected id for key <br/>' . $id,'<br/>';// the echo for testing
               $data = $this->decrypt($data, $key);
               echo 'Data','<br/>';// the echo for testing
               echo $data,'<br/>';// the echo for testing
               return $data;
               }
    }   
        elseif($read_count < 1 && $row ==''){
        return '';
        } 
   } 
 }


  function write($id, $data){   
    $key = $this->getkey($id);
    $data = $this->encrypt($data, $key);
    $time = time();
        if(!isset($this->w_stmt)){
        try{
    $this->w_stmt = $this->db->prepare("SELECT data FROM mydbtable WHERE id= :id LIMIT 1 ");
        }catch(PDOException $e){
        echo 'Unable to select from database:'.$e->getMessage();
        }
        }

  if(isset($this->w_stmt)){
   try{
   $this->w_stmt->execute(array(':id'=>$id));
       $row = $this->w_stmt->fetch(PDO::FETCH_ASSOC);
       }catch(PDOException $e){
       echo 'Unable something from database:'.$e->getMessage();
       }    
       $w_count = $this->w_stmt->rowCount(); 
       echo $w_count. "W stmt records selected successfully";// the echo for testing

   if($w_count > 0 && $row !=''){
   try{
    $this->w_stmt =$this->db->prepare("UPDATE mydbtable SET id = :id, 
   set_time = :time,data = :data, session_key = :session_key");
    $this->w_stmt->execute(array(':id'=>$id,':time'=>$time,':data'=>$data,
   ':session_key'=>$key));
   $wri_count = $this->w_stmt->rowCount(); 
   echo $wri_count. "records updated successfully";// the echo for testing
   }catch (PDOException $e){
  echo 'Can not update  the database:'.$e->getMessage();// the echo for testing
   }      
   }
       elseif($w_count < 1 && $row == ''){
            try{
    $this->w_stmt =$this->db->prepare("INSERT INTO mydbtable (id,set_time,data,session_key)
            VALUES(:id,:time,:data,:session_key)");
            $this->w_stmt->execute(array(':id'=>$id,':time'=>$time,':data'=>$data,
    ':session_key'=>$key));
            $write_count = $this->w_stmt->rowCount();    
            echo $write_count. "w stmt records inserted successfully<br/>";// the echo for testing
            echo $id;
        }catch (PDOException $e){
            echo 'Can not insert the database:'.$e->getMessage();
           }   
         }
  }// if  set 
   }


   function destroy($id){
     echo $id,'<br/>';// the echo for testing
           if(!isset($this->delete_stmt)){
       try{
           $this->delete_stmt = $this->db->prepare("DELETE FROM mydbtable WHERE id = :id");
          }catch(PDOException $e){
          echo 'Unable to delete from database:'.$e->getMessage();
          }
      }

   if(isset($this->delete_stmt)) {
   $this->delete_stmt->bindValue(':id',$id,PDO::PARAM_STR);  
   $this->delete_stmt->execute();
   $delete_count = $this->delete_stmt->rowCount();
   echo $delete_count . " destroy delete records successfully<br/>";// the echo for testing
   echo 'delete ','<br/>';// the echo for testing
   return true;
   } 
   }


    function gc($max){
        if(!isset($this->gc_stmt)){
    try{
        $this->gc_stmt = $this->db->prepare("DELETE FROM mydbtable WHERE set_time < :set_time");
        }catch(PDOException $e){
        echo 'Unable to delete from database:'.$e->getMessage();
        }
        }

   if(isset($this->gc_stmt)){
    $old = time() - $max;
    $this->gc_stmt->execute(array(':set_time'=>$old));
    $gc_count = $this->gc_stmt->rowCount();
    echo $gc_count. " gc records  successfully";// the echo for testing
   }
  return true;
  }


  private function getkey($id){
   echo $id,'<br/>';// the echo for testing
       if(!isset($this->key_stmt)){
    try{
        $this->key_stmt = $this->db->prepare("SELECT session_key FROM mydbtable WHERE id = :id limit 1");
        }catch(PDOException $e){
        echo 'Unable to select from database for key:'.$e->getMessage();
        } 
        }

    if(isset($this->key_stmt)){
    $this->key_stmt->execute(array(':id'=>$id));
    $row = $this->key_stmt->fetch(PDO::FETCH_ASSOC);
    $key_count = $this->key_stmt->rowCount();
    echo $key_count. " key records selected successfully<br/>";

      if($key_count > 0 && $row !=''){
              echo 'key getting key','<br/>';// the echo for testing
              $key = $row['session_key'];
              return $key;
      }
              elseif($key_count < 1 && $row == ''){
          $random_key = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()),true));
              return $random_key;
      }       
           }
     }


    private function encrypt($data,$key){
    $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
    $key = substr(hash('sha256',$salt.$key.$salt), 0, 32);
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv));
    echo 'encrypted','<br/>';// the echo for testing
    return $encrypted;
    } 


    private function decrypt($data, $key){
    $salt = 'cH!swe!retReGu7W6bEDRup7usuDUh9THeD2CHeGE*ewr4n39=E@rAsp7c-Ph@pH';
    $key = substr(hash('sha256',$salt.$key.$salt), 0, 32);
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($data), MCRYPT_MODE_ECB, $iv);
    echo 'decript','<br/>';// the echo for testing
   return $decrypted;
  }

0 个答案:

没有答案
相关问题
最新问题