Will wrote:
Hello all,
Due to my need to have the whole session data file encrypted. I am thinking about using custom session functions.
Saving in a database is not an option.
Anyway, I have modified the session example on php.net to perform encoding and decoding. I have tested the session with data and all seems ok. However as itâs such a crucial part. I wanted to check if anybody has any thoughts or warnings on the code below.
Iâm not sure if any other files are stored in the tmp folder so I included the ereg("sess_[a-zA-Z0-9]*", $tmp_files) to check the files before deleting in the garbage function.
Thanks
Will
<?
function open($save_path, $session_name) {
global $sess_save_path, $sess_session_name;
$sess_save_path = $save_path;
$sess_session_name = $session_name;
return(true);
}
function close() {
return(true);
}
function read($id) {
global $sess_save_path, $sess_session_name;
$sess_file = "$sess_save_path/sess_$id";
if ($fp = @fopen($sess_file, "r")) {
$sess_data = fread($fp, filesize($sess_file));
$iv = âivâ; // obscured due to this email
$key = "secret phrase"; // obscured due to this email
$td = mcrypt_module_open('blowfish', '', 'cbc', ''); $ks = mcrypt_enc_get_key_size($td); $key = substr(md5($key), 0, $ks);
mcrypt_generic_init($td, $key, $iv);
$dec_sess_data = mdecrypt_generic($td, $sess_data);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $dec_sess_data;
} else {
return(""); // Must return "" here.
}
}
function write($id, $sess_data) {
global $sess_save_path, $sess_session_name;
$iv = âivâ;
$key = "secret phrase";
$td = mcrypt_module_open('blowfish', '', 'cbc', ''); $ks = mcrypt_enc_get_key_size($td); $key = substr(md5($key), 0, $ks);
mcrypt_generic_init($td, $key, $iv);
$enc_sess_data = mcrypt_generic($td, $sess_data); mcrypt_generic_deinit($td);
mcrypt_module_close($td); $sess_file = "$sess_save_path/sess_$id";
if ($fp = @fopen($sess_file, "w")) {
return(fwrite($fp, $enc_sess_data));
} else {
return(false);
}
}
function destroy($id) {
global $sess_save_path, $sess_session_name;
$sess_file = "$sess_save_path/sess_$id";
return(@unlink($sess_file));
}
function gc ($maxlifetime) { global $sess_save_path, $sess_session_name;
$fp = opendir("$sess_save_path/");
while($tmp_files = readdir($fp)) {
if(ereg("sess_[a-zA-Z0-9]*", $tmp_files) AND (fileatime("$sess_save_path/$tmp_files") + $maxlifetime) < time()) @unlink("$sess_save_path/$tmp_files");
}
closedir($fp);
return true; }
session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
session_start();
//$_SESSION['testing1'] = 'hello there';
//$_SESSION['testing2'] = array("test1" => array("test1_1","test1_2"), "test2" => array("test2_1","test2_2"));
echo(â$_SESSION[testing1]<br>");
foreach($_SESSION['testing2'] as $key => $value) { echo("<br>$key - "); foreach($value as $value2) echo("$value2, "); } ?>
I've stopped 2,456 spam messages. You can too! One month FREE spam protection at www.cloudmark.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
