I am working on a PHP application wherein, i have written a Session Class. However, i am running into a strange issue. Everytime i refresh the page a new session is created.
Also, C:\xampp\tmp is writable (i am on xampp) and session_id() always returns null.
Below is my Session Class
<?php
/**
* Class and Function List:
* Function list:
* - __construct()
* - start()
* - stop()
* - generate_sid()
* - set()
* - delete()
* - get()
* - check()
* - flash()
* Classes list:
* - Session
*/
class Session
{
public $flashElements = array();
public function __construct($autoStart = true)
{
$this->started = isset($_SESSION);
e("The Session Id is " . session_id());
if (!is_writable(session_save_path()))
{
echo 'Session save path "' . session_save_path() . '" is not writable!';
}
e(session_save_path());
if ($this->started && $autoStart === false)
{
$this->start();
}
e("The Session Id is " . session_id());
}
public function start()
{
if (!$this->started)
{
session_id($this->generate_sid());
session_start();
$this->started = true;
}
}
public function stop($clearCookie = true, $clearData = true)
{
if ($this->started)
{
if (($clearCookie) && Configure::get('session.useCookie'))
{
$params = session_get_cookie_params();
setcookie(session_name() , '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
if ($clearData)
{
$_SESSION = array();
}
session_destroy();
session_write_close();
$this->started = false;
}
}
public function generate_sid($chars = 100, $alpha = true, $numeric = true, $symbols = true, $timestamp = true)
{
if ($chars < 0 || !is_numeric($chars))
{
return false;
}
$salt = Configure::get('security.salt');
if ($alpha)
{
$salt.= 'abcdefghijklmnopqrstuvwxyz';
}
if ($numeric)
{
$salt.= '1234567890';
}
if ($symbols)
{
$salt.= '-_';
}
$sid = null;
for ($i = 1;$i <= $chars;$i++)
{
$sid.= $saltmt_rand(0, strlen($salt) - 1);
if (mt_rand(0, 1) === 1)
{
$sid
{
strlen($sid) - 1} = strtoupper($sid
{
strlen($sid) - 1});
}
}
if ($timestamp)
{
$sid.= time();
}
return $sid;
}
public function set($keyword, $value)
{
$_SESSION[$keyword] = $value;
}
public function delete($keyword)
{
unset($_SESSION[$keyword]);
$this->flashElements[$keyword] = null;
unset($this->flashElements[$keyword]);
}
public function get($keyword)
{
$returnVar = isset($_SESSION[$keyword]) ? $_SESSION[$keyword] : false;
if (isset($this->flashElements[$keyword]))
{
$this->delete($keyword);
}
return $returnVar;
}
public function check($keyword)
{
return isset($_SESSION[$keyword]) ? true : false;
}
public function flash($value)
{
$this->set('flash', $value);
$this->flashElements['flash'] = $value;
}
}
Please suggest where am i going wrong
I think you're not creating a session because you only call the start function when
$autostart === false
Where it is true by default;
Silly of me. Got it working.
changed the below code in __construct() function
if ($this->started == false && $autoStart != false)
{
$this->start();
}
Thanks Guys!
Related
my script has a problem and gives me this warning:
Warning: session_start(): Failed to read session data: user (path:
/Users/soroush/Documents/www/new/tmp/session) in
/Users/soroush/Documents/www/new/include/class.session.php on line 35
this is my class:
class SecureSessionHandler extends SessionHandler {
protected $key, $name, $cookie;
public function __construct($name = 'MY_SESSION', $cookie = [])
{
$this->key = SESSION_KEY;
$this->name = $name;
$this->cookie = $cookie;
$this->cookie += [
'lifetime' => 0,
'path' => ini_get('session.cookie_path'),
'domain' => ini_get('session.cookie_domain'),
'secure' => isset($_SERVER['HTTPS']),
'httponly' => true
];
$this->setup();
}
private function setup()
{
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
session_name($this->name);
session_set_cookie_params(
$this->cookie['lifetime'],
$this->cookie['path'],
$this->cookie['domain'],
$this->cookie['secure'],
$this->cookie['httponly']
);
}
public function start()
{
if (session_id() === '') {
if (session_start()) {
return mt_rand(0, 4) === 0 ? $this->refresh() : true; // 1/5
}
}
return false;
}
public function forget()
{
if (session_id() === '') {
return false;
}
$_SESSION = [];
setcookie(
$this->name,
'',
time() - 42000,
$this->cookie['path'],
$this->cookie['domain'],
$this->cookie['secure'],
$this->cookie['httponly']
);
return session_destroy();
}
public function refresh()
{
return session_regenerate_id(true);
}
public function read($id)
{
$data = openssl_decrypt(parent::read($id),'AES256',$this->key);
return $data;
}
public function write($id, $data)
{
return parent::write($id, openssl_encrypt(parent::read($id),'AES256',$this->key));
}
public function isExpired($ttl = 30)
{
$last = isset($_SESSION['_last_activity'])
? $_SESSION['_last_activity']
: false;
if ($last !== false && time() - $last > $ttl * 60) {
return true;
}
$_SESSION['_last_activity'] = time();
return false;
}
public function isFingerprint()
{
$hash = md5(
$_SERVER['HTTP_USER_AGENT'] .
(ip2long($_SERVER['REMOTE_ADDR']) & ip2long('255.255.0.0'))
);
if (isset($_SESSION['_fingerprint'])) {
return $_SESSION['_fingerprint'] === $hash;
}
$_SESSION['_fingerprint'] = $hash;
return true;
}
public function isValid()
{
return ! $this->isExpired() && $this->isFingerprint();
}
public function get($name)
{
$parsed = explode('.', $name);
$result = $_SESSION;
while ($parsed) {
$next = array_shift($parsed);
if (isset($result[$next])) {
$result = $result[$next];
} else {
return null;
}
}
return $result;
}
public function put($name, $value)
{
$parsed = explode('.', $name);
$session =& $_SESSION;
while (count($parsed) > 1) {
$next = array_shift($parsed);
if ( ! isset($session[$next]) || ! is_array($session[$next])) {
$session[$next] = [];
}
$session =& $session[$next];
}
$session[array_shift($parsed)] = $value;
}
}
and i use this class like this:
$session = new SecureSessionHandler();
ini_set('session.save_handler', 'files');
session_set_save_handler($session, true);
session_save_path(SITE_PATH.'tmp/session');
$session->start();
if ( ! $session->isValid(5)) {
$session->destroy();
die();
}
$session->put('site.langu', $lang->lang);
but it give me a warning in php 7.1
i use a mac os system and do this works
give 0777 permission to session folder
change chown with php running group and user
what should I do to fix this warning?
i solved this problem with this change:
public function read($id)
{
return (string)openssl_decrypt (parent::read($id) , "aes-256-cbc", $this->key);
}
public function write($id, $data)
{
return parent::write($id, openssl_encrypt($data, "aes-256-cbc", $this->key));
}
viva google :))
I user opencart v2.3.0.2 and after finished my site I use a scanner to scan my website but after while I get this error :
Fatal error: session_set_save_handler(): Session handler's function
table is corrupt in \system\library\session.php on line 16
I have try to add this in my php.ini
session.save_path = "/temp";
but I still get the same error. I use XAMPP.
the session file :
<?php
class Session {
public $session_id = '';
public $data = array();
public function __construct($adaptor = 'native') {
$class = 'Session\\' . $adaptor;
if (class_exists($class)) {
$this->adaptor = new $class($this);
} else {
throw new \Exception('Error: Could not load session adaptor ' . $adaptor . ' session!');
}
if ($this->adaptor) {
session_set_save_handler($this->adaptor);
}
if ($this->adaptor && !session_id()) {
ini_set('session.use_only_cookies', 'Off');
ini_set('session.use_cookies', 'On');
ini_set('session.use_trans_sid', 'Off');
ini_set('session.cookie_httponly', 'On');
if (isset($_COOKIE[session_name()]) && !preg_match('/^[a-zA-Z0-9,\-]{22,52}$/', $_COOKIE[session_name()])) {
exit('Error: Invalid session ID!');
}
session_set_cookie_params(0, '/');
session_start();
}
}
public function start($key = 'default', $value = '') {
if ($value) {
$this->session_id = $value;
} elseif (isset($_COOKIE[$key])) {
$this->session_id = $_COOKIE[$key];
} else {
$this->session_id = $this->createId();
}
if (!isset($_SESSION[$this->session_id])) {
$_SESSION[$this->session_id] = array();
}
$this->data = &$_SESSION[$this->session_id];
if ($key != 'PHPSESSID') {
setcookie($key, $this->session_id, ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
}
return $this->session_id;
}
public function getId() {
return $this->session_id;
}
public function createId() {
if (version_compare(phpversion(), '5.5.4', '>') == true) {
return $this->adaptor->create_sid();
} elseif (function_exists('random_bytes')) {
return substr(bin2hex(random_bytes(26)), 0, 26);
} elseif (function_exists('openssl_random_pseudo_bytes')) {
return substr(bin2hex(openssl_random_pseudo_bytes(26)), 0, 26);
} else {
return substr(bin2hex(mcrypt_create_iv(26, MCRYPT_DEV_URANDOM)), 0, 26);
}
}
public function destroy($key = 'default') {
if (isset($_SESSION[$key])) {
unset($_SESSION[$key]);
}
setcookie($key, '', time() - 42000, ini_get('session.cookie_path'), ini_get('session.cookie_domain'));
}
}
not important section ://
blablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablabla//
Just restart the apache & mysql. It will solve the error.
After updating to PHP7 I have some problems with my applications sessionhandling.
It doesn't seem to be a big problem but PHP throws this error everytime:
[18-Jun-2016 20:49:10 UTC] PHP Warning: session_decode(): Session is not active. You cannot decode session data in /var/www/app/phpsessionredis.php on line 90
The session_handler is nothing special. It stores JSONified sessiondata to redis etc.
class phpsessionredis implements \SessionHandlerInterface {
public function __construct( &$redis ) {
$this->__rc = $redis;
}
public function open($savePath, $sessionName) {
return true;
}
public function destroy($id) {
try { $this->__rc->del($id); }
catch (\RedisException $e) { return false; }
}
public function close() {
return true;
}
public function write($id, $data) {
session_decode($data); // throws an error
try{
$this->__rc->setex( $id, 3600, json_encode($_SESSION) );
} catch (\RedisException $e) { return false; }
return true;
}
public function read($id) {
try {
$r = $this->__rc
->multi()
->get($id)
->expire($id, 3600)
->exec();
} catch (\RedisException $e) { return false; }
$_SESSION = json_decode( $r[0], true );
if( isset( $_SESSION ) && ! empty( $_SESSION ) && $_SESSION != null ){
return session_encode();
}
return '';
}
public function gc($maxLifetime) {
return true;
}
}
$sessionhandler = new phpsessionredis( $redis );
session_set_save_handler($sessionhandler);
ob_start();
session_start();
Any help is welcome.
I've got the same issue when updating to PHP7.
You get that warning because session_decode() needs an active session, it will populate $_SESSION.
That's not needed, you only want to unserialize the data to be stored into Redis.
This is the best solution i've found.
You can use this class to unserialize the session.
<?php
class Session {
public static function unserialize($session_data) {
$method = ini_get("session.serialize_handler");
switch ($method) {
case "php":
return self::unserialize_php($session_data);
break;
case "php_binary":
return self::unserialize_phpbinary($session_data);
break;
default:
throw new Exception("Unsupported session.serialize_handler: " . $method . ". Supported: php, php_binary");
}
}
private static function unserialize_php($session_data) {
$return_data = array();
$offset = 0;
while ($offset < strlen($session_data)) {
if (!strstr(substr($session_data, $offset), "|")) {
throw new Exception("invalid data, remaining: " . substr($session_data, $offset));
}
$pos = strpos($session_data, "|", $offset);
$num = $pos - $offset;
$varname = substr($session_data, $offset, $num);
$offset += $num + 1;
$data = unserialize(substr($session_data, $offset));
$return_data[$varname] = $data;
$offset += strlen(serialize($data));
}
return $return_data;
}
private static function unserialize_phpbinary($session_data) {
$return_data = array();
$offset = 0;
while ($offset < strlen($session_data)) {
$num = ord($session_data[$offset]);
$offset += 1;
$varname = substr($session_data, $offset, $num);
$offset += $num;
$data = unserialize(substr($session_data, $offset));
$return_data[$varname] = $data;
$offset += strlen(serialize($data));
}
return $return_data;
}
}
?>
Your write() will be:
public function write($id, $data) {
$session_data = Session::unserialize($data);
try{
$this->__rc->setex( $id, 3600, json_encode($session_data) );
} catch (\RedisException $e) { return false; }
return true;
}
I don't know if this should be handled as a correct answer but it is a solution that seems to work.
ini_set('session.serialize_handler', 'php_serialize');
With this option we don't need session_decode and can replace it with unserialze() within the write method.
public function write($id, $data) {
$data = unserialize($data);
/** do something **/
}
For me this looks like a workaround.
This question already has answers here:
PHP - unexpected end of file
(3 answers)
Closed 8 years ago.
I am getting an unexpected end of file error on the last line of this code, I have run it through www.phpcodechecker.com (Which I have found do be very reliable). What am I doing wrong? PHP version 5.5.9
<?php
/*
Hurricane Control Panel © 2014, a web control panel
by Hurricane Development of http://www.HurricaneDevelopment.com
is licenced under a Creative Commons
Attribution-NoDerivatives 4.0 International License
Permissions beyond the scope of this licence
may be available at http://creativecommons.org/licenses/by-nd/4.0/
*/
Defined("_HEXEC") or die ("This file may not be accessed directly");
class VARS {
public static $errors = false;
public static $extraJS = false;
public static $scriptJS = false;
public static $extraCSS = false;
}
abstract class GeneralUTIL {
/**
* Error functions
**/
public static function addErr($err) {
VARS::$errors[] = $err;
}
public static function logger($content,$level = LOGGER_INFO) {
if (!file_exists("logs")) {
mkdir("logs");
}
$scanned_directory = array_diff(scandir("logs",SCANDIR_SORT_DESCENDING), array('..', '.'));
$logs = false;
if (sizeof($scanned_directory) == 0) {
file_put_contents("logs/log.1", "", LOCK_EX);
chmod("logs/log.1",0600);
$logid = 1;
} else {
foreach ($scanned_directory as $key => $value) {
if (strpos($value,"log.") !== false) {
$logs[] = $value;
}
}
$logid = explode(".", $logs[0]);
$logid = $logid[1];
if (filesize("logs/log." . $logid) >= 200000) {
$logid = ((int) $logid) + 1;
file_put_contents("logs/log." . $logid, "", LOCK_EX);
chmod("logs/log." . $logid,0600);
}
}
date_default_timezone_set("America/New_York");
$d = getdate();
file_put_contents("logs/log." . $logid, "{$d['mon']}/{$d['mday']}/{$d['year']} {$d['hours']}:{$d['minutes']}:{$d['seconds']} $level $content \n", FILE_APPEND | LOCK_EX);
}
public static function sha512($password,$salt = null) {
if ($salt == null) {
$cost = 50000;
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf('$6$rounds=%d$', $cost) . $salt;
}
return crypt($password, $salt);
}
public static function matchSha512($password,$hash) {
if (crypt($password, $hash) === $hash) {
return true;
}
return false;
}
}
class PluginUTIL extends GeneralUTIL {
public static function addJS($jsPath) {
$debugArray = debug_backtrace();
$pluginAlias = UTIL::getBetween($debugArray[0]['file'],"/plugins/plugin_","/");
if ($pluginAlias == false) {
UTIL::addErr("The addJS Method was not called from a registered plugin");
return false;
}
$pluginLoader = new Plugins();
$pluginLoader->loadPlugins();
$plugins = $pluginLoader->getPluginsArray();
foreach ($plugins as $id => $pluginArray) {
if ($pluginArray['alias'] == $pluginAlias) {
VARS::$extraJS[] = PATH . "plugins/plugin_" . $pluginAlias . "/" . $jsPath;
return true;
}
}
}
public static function addScriptJS($script) {
VARS::$scriptJS = $script;
}
public static function addCSS($cssPath) {
$debugArray = debug_backtrace();
$pluginAlias = UTIL::getBetween($debugArray[0]['file'],"/plugins/plugin_","/");
if ($pluginAlias == false) {
UTIL::addErr("The addCSS Method was not called from a registered plugin");
return false;
}
$pluginLoader = new Plugins();
$pluginLoader->loadPlugins();
$plugins = $pluginLoader->getPluginsArray();
foreach ($plugins as $id => $pluginArray) {
if ($pluginArray['alias'] == $pluginAlias) {
VARS::$extraCSS[] = PATH . "plugins/plugin_" . $pluginAlias . "/" . $cssPath;
return true;
}
}
}
}
class UTIL extends GeneralUTIL {
public static function displayErrors($output) {
if (VARS::$errors != false && is_array(VARS::$errors)) {
$output = str_replace("<div id='errors' class='alert alert-danger'></div>","<div id='errors' class='alert alert-danger'><h1>Uh Oh. Some errors occured!</h1>" . implode("<br>",VARS::$errors) . "</div>",$output);
} else {
$output = str_replace("<div id='errors' class='alert alert-danger'></div>","",$output);
}
return $output;
}
/**
* Custom JS /CSS functions
**/
public static function addCustomJSFromPath($path) {
VARS::$extraJS[] = PATH . $path;
}
public static function includeCustomJS() {
if (VARS::$extraJS != false && is_array(VARS::$extraJS)) {
foreach (VARS::$extraJS as $key => $path): ?>
<script src="<?php echo $path; ?>"></script>
<?php endforeach;
}
if (VARS::$scriptJS != false): ?>
<script type="text/javascript">
<?php echo VARS::$scriptJS; ?>
</script>
<? endif;
}
public static function includeCustomCSS($output) {
if (VARS::$extraCSS != false && is_array(VARS::$extraCSS)) {
$css = "";
foreach (VARS::$extraCSS as $key => $path):
$css .= "<link rel=\"stylesheet\" type=\"text/css\" href=\"$path\">\n";
endforeach;
$output = str_replace("CUSTOMCSSAREAHERE",$css,$output);
} else {
$output = str_replace("CUSTOMCSSAREAHERE","",$output);
}
return $output;
}
/**
* Get Between two strings function
**/
public static function getBetween($content,$start,$end) {
if (preg_match('/' . str_replace("/","\\/", $start) . '(.*?)' . str_replace("/","\\/", $end) . '/',$content, $res) === false) {
return false;
}
return $res[1];
}
/**
* Redirect page function
**/
public static function redirect($location, $code = '302') {
switch($code) {
case '301';
header("HTTP/1.1 301 Moved Permanently");
break;
case '303';
header("HTTP/1.1 303 See Other");
break;
case '404';
header('HTTP/1.1 404 Not Found');
break;
}
//remove any & in the url to prevent any problems
$location = str_replace('&', '&', $location);
header("Location: $location");
//kill the script from running and output a link for browsers which enable turning off header redirects *cough Opera cough* :P
exit('If you were not redirected automatically please click here');
}
}
?>
Change this
<? endif;
to this
<?php endif;
inside UTIL::includeCustomJS
How can I use the return true/false for another function?
<?php
class Bet {
private $Client;
private $Secret;
private $Server;
public function __construct() {
$this->Client = md5(uniqid(rand(), true));
$this->Secret = md5(uniqid(rand(), true));
$this->Server = md5(uniqid(rand(), true));
}
public function Bet($Type, $Chance) {
if($Type == 'auto') {
$hash = hash('sha512', $this->Client . $this->Secret . $this->Server);
$Result = round(hexdec(substr($hash, 0, 8)) / 42949672.95, 2);
if($Result < $Chance) {
return true;
} else {
return false;
}
}
}
}
?>
Heres what I been trying:
if(isset($_POST['chance'], $_POST['bet'])) {
print_r($Bet->Bet('auto', $_POST['chance']));
if($Bet == true)
{
return "1";
} else {
return "2";
}
}
But I can't see to get inside the if state.
try this
if($Bet)
{
return "1";
} else {
return "2";
}
}
You have to instantiate your class:
$bet = new Bet($type, $chance);
but a constructor cannot return a value like you are doing.
try something like this:
public function betTest() { return what you want; }
[...]
if ($bet->betTest()) { return 1; } else { return 2; }
or use a static method:
public static function betTest() { /.../ }
if (Bet::betTest()) { ... }
Based on your code:
<?php
class Bet {
private $Client;
private $Secret;
private $Server;
private $result;
public function __construct($Type, $Chance) {
$this->Client = md5(uniqid(rand(), true));
$this->Secret = md5(uniqid(rand(), true));
$this->Server = md5(uniqid(rand(), true));
if($Type == 'auto') {
$hash = hash('sha512', $this->Client . $this->Secret . $this->Server);
$Result = round(hexdec(substr($hash, 0, 8)) / 42949672.95, 2);
if($Result < $Chance) {
$this->result = true;
} else {
$this->result = false;
}
}
}
/**
* #return boolean
*/
public function isReturnLessThanChance() { return $this->result; }
}
$bet = new Bet("", "");
if ($bet->isResultLessThanChance()) {
return 1;
else
return 2;
you can try this also.
if($Bet === true) { return "1"; } else { return "2"; }
=== check data type as well as value. then (true !== 1).