Hello all,
Due to my need to have the whole session data file encrypted. I am thinking about
using custom session functions.
Saving in a database is not an option.
Anyway, I have modified the session example on php.net to perform encoding and
decoding.
I have tested the session with data and all seems ok. However as itâs such a crucial
part. I wanted to check if anybody has any thoughts or warnings on the code below.
Iâm not sure if any other files are stored in the tmp folder so I included the
ereg("sess_[a-zA-Z0-9]*", $tmp_files) to check the files before deleting in the
garbage function.
Thanks
Will
<?
function open($save_path, $session_name)
{
global $sess_save_path, $sess_session_name;
$sess_save_path = $save_path;
$sess_session_name = $session_name;
return(true);
}
function close()
{
return(true);
}
function read($id)
{
global $sess_save_path, $sess_session_name;
$sess_file = "$sess_save_path/sess_$id";
if ($fp = @fopen($sess_file, "r")) {
$sess_data = fread($fp, filesize($sess_file));
$iv = âivâ; // obscured due to this email
$key = "secret phrase"; // obscured due to this email
$td = mcrypt_module_open('blowfish', '', 'cbc', '');
$ks = mcrypt_enc_get_key_size($td);
$key = substr(md5($key), 0, $ks);
mcrypt_generic_init($td, $key, $iv);
$dec_sess_data = mdecrypt_generic($td, $sess_data);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $dec_sess_data;
} else {
return(""); // Must return "" here.
}
}
function write($id, $sess_data)
{
global $sess_save_path, $sess_session_name;
$iv = âivâ;
$key = "secret phrase";
$td = mcrypt_module_open('blowfish', '', 'cbc', '');
$ks = mcrypt_enc_get_key_size($td);
$key = substr(md5($key), 0, $ks);
mcrypt_generic_init($td, $key, $iv);
$enc_sess_data = mcrypt_generic($td, $sess_data);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$sess_file = "$sess_save_path/sess_$id";
if ($fp = @fopen($sess_file, "w")) {
return(fwrite($fp, $enc_sess_data));
}
else {
return(false);
}
}
function destroy($id)
{
global $sess_save_path, $sess_session_name;
$sess_file = "$sess_save_path/sess_$id";
return(@unlink($sess_file));
}
function gc ($maxlifetime) {
global $sess_save_path, $sess_session_name;
$fp = opendir("$sess_save_path/");
while($tmp_files = readdir($fp)) {
if(ereg("sess_[a-zA-Z0-9]*", $tmp_files) AND
(fileatime("$sess_save_path/$tmp_files") + $maxlifetime) < time())
@unlink("$sess_save_path/$tmp_files");
}
closedir($fp);
return true;
}
session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
session_start();
//$_SESSION['testing1'] = 'hello there';
//$_SESSION['testing2'] = array("test1" => array("test1_1","test1_2"), "test2" =>
array("test2_1","test2_2"));
echo(â$_SESSION[testing1]<br>");
foreach($_SESSION['testing2'] as $key => $value) {
echo("<br>$key - ");
foreach($value as $value2) echo("$value2, ");
}
?>
I've stopped 2,456 spam messages. You can too!
One month FREE spam protection at www.cloudmark.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
