Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
77.50% |
31 / 40 |
|
20.00% |
1 / 5 |
CRAP | |
0.00% |
0 / 1 |
| File | |
77.50% |
31 / 40 |
|
20.00% |
1 / 5 |
21.69 | |
0.00% |
0 / 1 |
| __construct | |
55.56% |
5 / 9 |
|
0.00% |
0 / 1 |
9.16 | |||
| read | |
71.43% |
5 / 7 |
|
0.00% |
0 / 1 |
3.21 | |||
| destroy | |
80.00% |
4 / 5 |
|
0.00% |
0 / 1 |
2.03 | |||
| gc | |
100.00% |
6 / 6 |
|
100.00% |
1 / 1 |
3 | |||
| saveSession | |
84.62% |
11 / 13 |
|
0.00% |
0 / 1 |
4.06 | |||
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * File-based session handler |
| 5 | * |
| 6 | * PHP version 8 |
| 7 | * |
| 8 | * Copyright (C) Villanova University 2010. |
| 9 | * |
| 10 | * This program is free software; you can redistribute it and/or modify |
| 11 | * it under the terms of the GNU General Public License version 2, |
| 12 | * as published by the Free Software Foundation. |
| 13 | * |
| 14 | * This program is distributed in the hope that it will be useful, |
| 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 17 | * GNU General Public License for more details. |
| 18 | * |
| 19 | * You should have received a copy of the GNU General Public License |
| 20 | * along with this program; if not, write to the Free Software |
| 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| 22 | * |
| 23 | * @category VuFind |
| 24 | * @package Session_Handlers |
| 25 | * @author Demian Katz <demian.katz@villanova.edu> |
| 26 | * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License |
| 27 | * @link https://vufind.org/wiki/development:plugins:session_handlers Wiki |
| 28 | */ |
| 29 | |
| 30 | namespace VuFind\Session; |
| 31 | |
| 32 | use Laminas\Config\Config; |
| 33 | |
| 34 | use function function_exists; |
| 35 | use function strlen; |
| 36 | |
| 37 | /** |
| 38 | * File-based session handler |
| 39 | * |
| 40 | * @category VuFind |
| 41 | * @package Session_Handlers |
| 42 | * @author Demian Katz <demian.katz@villanova.edu> |
| 43 | * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License |
| 44 | * @link https://vufind.org/wiki/development:plugins:session_handlers Wiki |
| 45 | */ |
| 46 | class File extends AbstractBase |
| 47 | { |
| 48 | /** |
| 49 | * Path to session file |
| 50 | * |
| 51 | * @var string |
| 52 | */ |
| 53 | protected $path; |
| 54 | |
| 55 | /** |
| 56 | * Constructor |
| 57 | * |
| 58 | * @param Config $config Session configuration ([Session] section of |
| 59 | * config.ini) |
| 60 | */ |
| 61 | public function __construct(Config $config = null) |
| 62 | { |
| 63 | parent::__construct($config); |
| 64 | |
| 65 | // Set defaults if nothing set in config file. |
| 66 | if (isset($config->file_save_path)) { |
| 67 | $this->path = $config->file_save_path; |
| 68 | } else { |
| 69 | $tempdir = function_exists('sys_get_temp_dir') |
| 70 | ? sys_get_temp_dir() : DIRECTORY_SEPARATOR . 'tmp'; |
| 71 | $this->path = $tempdir . DIRECTORY_SEPARATOR . 'vufind_sessions'; |
| 72 | } |
| 73 | |
| 74 | // Die if the session directory does not exist and cannot be created. |
| 75 | if ( |
| 76 | (!file_exists($this->path) || !is_dir($this->path)) |
| 77 | && !mkdir($this->path) |
| 78 | ) { |
| 79 | throw new \Exception('Cannot access session save path: ' . $this->path); |
| 80 | } |
| 81 | } |
| 82 | |
| 83 | /** |
| 84 | * Read function must return string value always to make save handler work as |
| 85 | * expected. Return empty string if there is no data to read. |
| 86 | * |
| 87 | * @param string $sessId The session ID to read |
| 88 | * |
| 89 | * @return string |
| 90 | */ |
| 91 | public function read($sessId): string |
| 92 | { |
| 93 | $sessFile = $this->path . '/sess_' . $sessId; |
| 94 | if (!file_exists($sessFile)) { |
| 95 | return ''; |
| 96 | } |
| 97 | |
| 98 | // enforce lifetime of this session data |
| 99 | if (filemtime($sessFile) + $this->lifetime <= time()) { |
| 100 | $this->destroy($sessId); |
| 101 | return ''; |
| 102 | } |
| 103 | |
| 104 | return (string)file_get_contents($sessFile); |
| 105 | } |
| 106 | |
| 107 | /** |
| 108 | * The destroy handler, this is executed when a session is destroyed with |
| 109 | * session_destroy() and takes the session id as its only parameter. |
| 110 | * |
| 111 | * @param string $sessId The session ID to destroy |
| 112 | * |
| 113 | * @return bool |
| 114 | */ |
| 115 | public function destroy($sessId): bool |
| 116 | { |
| 117 | // Perform standard actions required by all session methods: |
| 118 | parent::destroy($sessId); |
| 119 | |
| 120 | // Perform file-specific cleanup: |
| 121 | $sessFile = $this->path . '/sess_' . $sessId; |
| 122 | if (file_exists($sessFile)) { |
| 123 | return unlink($sessFile); |
| 124 | } |
| 125 | return true; |
| 126 | } |
| 127 | |
| 128 | /** |
| 129 | * The garbage collector, this is executed when the session garbage collector |
| 130 | * is executed and takes the max session lifetime as its only parameter. |
| 131 | * |
| 132 | * @param int $maxlifetime Maximum session lifetime. |
| 133 | * |
| 134 | * @return int|false |
| 135 | */ |
| 136 | public function gc($maxlifetime): int|false |
| 137 | { |
| 138 | $count = 0; |
| 139 | foreach (glob($this->path . '/sess_*') as $filename) { |
| 140 | if (filemtime($filename) + $maxlifetime < time()) { |
| 141 | unlink($filename); |
| 142 | $count++; |
| 143 | } |
| 144 | } |
| 145 | return $count; |
| 146 | } |
| 147 | |
| 148 | /** |
| 149 | * A function that is called internally when session data is to be saved. |
| 150 | * |
| 151 | * @param string $sessId The current session ID |
| 152 | * @param string $data The session data to write |
| 153 | * |
| 154 | * @return bool |
| 155 | */ |
| 156 | protected function saveSession($sessId, $data): bool |
| 157 | { |
| 158 | $sessFile = $this->path . '/sess_' . $sessId; |
| 159 | if ($handle = fopen($sessFile, 'w')) { |
| 160 | $return = false; |
| 161 | // Lock the file for exclusive access to avoid issues with multiple |
| 162 | // processes writing session simultaneously: |
| 163 | if (flock($handle, LOCK_EX)) { |
| 164 | $return = fwrite($handle, $data); |
| 165 | // Make sure that there's no trailing data by truncating the file to |
| 166 | // the correct length: |
| 167 | ftruncate($handle, strlen($data)); |
| 168 | fflush($handle); |
| 169 | flock($handle, LOCK_UN); |
| 170 | } |
| 171 | fclose($handle); |
| 172 | if ($return !== false) { |
| 173 | return true; |
| 174 | } |
| 175 | } |
| 176 | // If we got this far, something went wrong with the file output... |
| 177 | // It is tempting to throw an exception here, but this code is called |
| 178 | // outside of the context of exception handling, so all we can do is |
| 179 | // echo a message. |
| 180 | echo 'Cannot write session to ' . $sessFile . "\n"; |
| 181 | return false; |
| 182 | } |
| 183 | } |