diff --git a/config/environment.php b/config/environment.php index 311563c..b08920f 100644 --- a/config/environment.php +++ b/config/environment.php @@ -27,4 +27,37 @@ $this->mode = "web"; $enable_host_specific_configuration = true; + +## +# Session settings +## + +# session name +# $this->session->name = "PHPSESSID"; + +# session cookie_lifetime - defined in minutes +# $this->session->lifetime = 0; + +# max session lifetime - defined in minutes +# $this->session->maxlifetime = 30; + +# php.ini setting: session.use_only_cookies +# $this->session->use_only_cookies = false; + +# php.ini setting: session.gc_probability +# $this->session->gc_probability = 1; + +# php.ini setting: session.gc_divisor +# $this->session->gc_divisor = 100; + +# php.ini setting: session.cache_limiter +# $this->session->cache_limiter = "nocache"; + +# session security features +# 0 = no extra security features +# 1 = user agent string is verified +# 2 = user agent string, and client ip address are verified +# $this->session->security = 1; + + ?> \ No newline at end of file diff --git a/vendor/zynapse/action_environment.php b/vendor/zynapse/action_environment.php index 91fb7d6..91fcb82 100644 --- a/vendor/zynapse/action_environment.php +++ b/vendor/zynapse/action_environment.php @@ -40,6 +40,9 @@ class ActionEnvironment { $mode, $root, + # Components + $session, + # Misc. $is_windows, $path_separator; diff --git a/vendor/zynapse/active_session.php b/vendor/zynapse/active_session.php index 579e9d8..9d64e23 100644 --- a/vendor/zynapse/active_session.php +++ b/vendor/zynapse/active_session.php @@ -48,7 +48,39 @@ class ActiveSession { $key = '____active_session_verification_data____', # Session class has been started? - $started = false; + $started = false, + + + ## + # PHP Session settings + ## + + # session name + $name = "PHPSESSID", + + # session cookie_lifetime - defined in minutes + $lifetime = 0, + + # max session lifetime - defined in minutes + $maxlifetime = 30, + + # php.ini setting: session.use_only_cookies + $use_only_cookies = false, + + # php.ini setting: session.gc_probability + $gc_probability = 1, + + # php.ini setting: session.gc_divisor + $gc_divisor = 100, + + # php.ini setting: session.cache_limiter + $cache_limiter = "nocache", + + # session security features + # 0 = no extra security features + # 1 = user agent string is verified + # 2 = user agent string, and client ip address are verified + $security = 1; function __construct () { @@ -61,10 +93,54 @@ class ActiveSession { function init () { //TODO validate and init zynapse's session features + $this->ini_setup(); + $this->validate(); $this->id = session_id(); $this->started = true; } + function validate () { + if ( isset($_SESSION[$this->key]) && count($_SESSION[$this->key]) ) { + $valid = true; + if ( $this->security > 0 ) { + if ( !isset($_SESSION[$this->key]['user_agent']) || $_SESSION[$this->key]['user_agent'] != $this->user_agent ) { + $valid = false; + } + } + if ( $this->security > 1 ) { + if ( !$this->is_aol_host() && (!isset($_SESSION[$this->key]['ip']) || $_SESSION[$this->key]['ip'] != $this->ip) ) { + $valid = false; + } + } + if ( !$valid ) { + $_SESSION = array(); + $this->validate(); + } + } else { + $_SESSION[$this->key] = array( + 'user_agent' => $this->user_agent, + 'ip' => $this->ip, + ); + } + } + + function is_aol_host () { + if ( stristr($this->user_agent, 'AOL') || preg_match('/proxy\.aol\.com$/i', gethostbyaddr($this->ip)) ) { + return true; + } + return false; + } + + function ini_setup () { + ini_set('session.name', $this->name); + ini_set('session.cookie_lifetime', $this->lifetime); + ini_set('session.gc_maxlifetime', $this->maxlifetime); + ini_set('session.use_only_cookies', $this->use_only_cookies); + ini_set('session.gc_probability', $this->gc_probability); + ini_set('session.gc_divisor', $this->gc_divisor); + ini_set('session.cache_limiter', $this->cache_limiter); + } + } ?> \ No newline at end of file diff --git a/vendor/zynapse/zynapse.php b/vendor/zynapse/zynapse.php index dfe653d..2243346 100644 --- a/vendor/zynapse/zynapse.php +++ b/vendor/zynapse/zynapse.php @@ -53,14 +53,15 @@ class Zynapse { // Enable PHP sessions ActiveSession::start(); - // Init the environment system (ActionEnvironment) - self::$env = new ActionEnvironment(); - self::$env->init(); - // Init the session control system (ActiveSession) self::$session = new ActiveSession(); self::$session->init(); + // Init the environment system (ActionEnvironment) + self::$env = new ActionEnvironment(); + self::$env->session =& self::$session; + self::$env->init(); + // Init the core controller system (ActionBase) self::$base = new ActionBase(); self::$base->init();