session security
Posted: Wed Jul 24, 2002 3:16 pm
Code: Select all
<?php
/*
CREATE TABLE `sessions` (
`id` varchar(32) NOT NULL default '0',
`time` timestamp(14) NOT NULL,
`data` text NOT NULL
) TYPE=MyISAM;
*/
$dbhost = "localhost";
$dbuser = "";
$dbpass = "";
$session_db = "";
$session_table = "sessions";
session_module_name("user");
function session_open($path, $name)
{
return TRUE;
}
function session_close()
{
return TRUE;
}
function session_read($id)
{
$mysql = mysql_connect($GLOBALSї"dbhost"], $GLOBALSї"dbuser"], $GLOBALSї"dbpass"]);
if(!mysql_select_db($GLOBALSї"session_db"])) {
return FALSE;
}
$query = "SELECT * FROM " . $GLOBALSї"session_table"] . " WHERE id='$id'";
if(!$result = mysql_query($query)) {
return FALSE;
}
if(mysql_num_rows($result)) {
$line = mysql_fetch_object($result);
return $line->data;
}
mysql_close($mysql);
}
function session_write($id, $data)
{
$mysql = mysql_connect($GLOBALSї"dbhost"], $GLOBALSї"dbuser"], $GLOBALSї"dbpass"]);
if(!mysql_select_db($GLOBALSї"session_db"])) {
return FALSE;
}
$query = "UPDATE " . $GLOBALSї"session_table"] . " SET data='" . addslashes($data) . "', time=null WHERE id='$id'";
if(!$result = mysql_query($query)) {
return FALSE;
}
if(mysql_affected_rows()) {
return TRUE;
}
$query = "INSERT " . $GLOBALSї"session_table"] . " SET data='" . addslashes($data) . "', id='$id'";
if(!$result = mysql_query($query)) {
return FALSE;
} else {
return TRUE;
}
mysql_close($mysql);
}
function session_remove($id)
{
$mysql = mysql_connect($GLOBALSї"dbhost"], $GLOBALSї"dbuser"], $GLOBALSї"dbpass"]);
if(!mysql_select_db($GLOBALSї"session_db"])) {
return FALSE;
}
$query = "DELETE FROM " . $GLOBALSї"session_table"] . " WHERE id='$id'";
if($result = mysql_query($query)) {
return TRUE;
} else {
return FALSE;
}
mysql_close($mysql);
}
function session_gc($life)
{
$mysql = mysql_connect($GLOBALSї"dbhost"], $GLOBALSї"dbuser"], $GLOBALSї"dbpass"]);
if(!mysql_select_db($GLOBALSї"session_db"])) {
return FALSE;
}
$query = "DELETE FROM " . $GLOBALSї"session_table"] . " WHERE time < '" . date("YmdHis", time() - $life) . "'";
if($result = mysql_query($query)) {
return TRUE;
} else {
return FALSE;
}
mysql_close($mysql);
}
session_set_save_handler("session_open", "session_close", "session_read", "session_write", "session_remove", "session_gc");
?>Code: Select all
<?php
require("name.php"); //include("name.php");
session_start();
if(!isset($_SESSIONї"test"])){
$_SESSIONї"test"] = "hello";
echo $_SESSIONї"test"];
} else {
echo $_SESSIONї"test"];
}
?>We take no responsibilty for what happens IF you use these functions.