I have
$facebook->api_client->status_set('is the Eagle has landed.','');
as part of a test page, and i get errors
Call to undefined method FacebookRestClient::status_set()
please help, thank you
Did you even bother opening up the file and looking at the available methods?
Copy/pasted from the SDK
/**
* Sets the users' current status message. Message does NOT contain the
* word "is" , so make sure to include a verb.
*
* Example: setStatus("is loving the API!")
* will produce the status "Luke is loving the API!"
*
* #param string $status text-only message to set
* #param int $uid user to set for (defaults to the
* logged-in user)
* #param bool $clear whether or not to clear the status,
* instead of setting it
* #param bool $status_includes_verb if true, the word "is" will *not* be
* prepended to the status message
*
* #return boolean
*/
public function &users_setStatus($status,
$uid = null,
$clear = false,
$status_includes_verb = true) {
So, in usage
$facebook->api_client->users_setStatus( $status, $uid, $clear, $status_includes_verb );
Related
Is there a way I can validate the URL params being passed in to my route?
If I try and hit this route with /resume-session/crmpicco1872/kdsjfslk/rfc/three for example Symfony throws a HTTP 500 because i'm giving it an owner id of "crmpicco1872".
Is there a way I can more gracefully fail on this action, i.e redirect elsewhere, or is it assumed that the params coming in are clean and validated?
/**
* #Route(
* "/resume-session/{ownerId}/{courseId}/{position}/{stage}",
* name = "resume_session",
* )
* #Entity("person", expr="repository.find(ownerId)")
* #Entity("course", expr="repository.find(courseId)")
*
* #param Request $request
* #param Person $person
* #param Course $course
*
* #return Response
*/
public function resumeSessionAction(Request $request, Person $person, Course $course): Response
I have created PHP7 project in Zend Studio 13 and I get warnings like this Call to undefined function 'dba_open'. Why Zend Studio didnt recognize these functions?
dba_open
dba_close
dba_fetch
mhash
Any ideas how to solve this?
Zend doesn't ship language support for all the extensions in Zend Studio.
The most efficient way of adding support for language entities provided by unsupported extensions is definitely creating stubs.
The description "stub" files for all supported PHP entities can be found in this directory:
/.metadata/.plugins/org.eclipse.php.core/language
And this is also the location where you should put your stub files.
Copy PHP code from below. Create a file DBA.php and put it into a folder
workspace/.metadata/.plugins/org.eclipse.php.core/__language__/languagecode/DBA.php
languagecode - 8 hex digit name
You won't be able to debug a code having those functions, but at least there will be no warnings anymore.
<?php
/**
dba_open() establishes a database instance for path with mode using handler.
#link http://php.net/manual/en/function.dba-open.php
#param path string <p>Commonly a regular path in your filesystem.</p>
#param mode string <p>It is r for read access, w for read/write access to an already existing database,
c for read/write access and database creation if it doesn't currently exist, and n for create,
truncate and read/write access. The database is created in BTree mode, other modes (like Hash or Queue)
are not supported.<br>
<strong>Note:</strong><br>
There can only be one writer for one database file. When you use dba on a web server and more than
one request requires write operations they can only be done one after another. Also read during write
is not allowed. The dba extension uses locks to prevent this.
</p>
#param handler string <p>The name of the handler which shall be used for accessing path. It is passed all
optional parameters given to dba_open() and can act on behalf of them.</p>
#return FALSE on failure or positive handle on success.
*/
function dba_open ( $path , $mode, $handler=null) {}
/**
* dba_exists() checks whether the specified key exists in the database.
* #link http://php.net/manual/en/function.dba-exists.php
*
* #param string $key <p>The key the check is performed for.</p>
* #param mixed $handle <p>The database handler, returned by dba_open() or dba_popen().</p>
* #return Returns TRUE if the key exists, FALSE otherwise.
*/
function dba_exists ( $key , $handle ) {}
/**
* dba_fetch() — Fetch data specified by key
* #link http://php.net/manual/en/function.dba-fetch.php
*
* #param string $key The key the data is specified by.
* <p><div><h3>Note:</h3></div>
* When working with inifiles this function accepts arrays as keys where index 0 is the group and index 1 is the value name. See: dba_key_split().
* </p>
* #param mixed $handle The database handler, returned by dba_open() or dba_popen().
* #return Returns the associated string if the key/data pair is found, FALSE otherwise.
*/
function dba_fetch ( $key , $handle ) {}
/**
* dba_fetch() — Fetch data specified by key
* #link http://php.net/manual/en/function.dba-fetch.php
*
* #param string $key The key the data is specified by.
* <p><div><h3>Note:</h3></div>
* When working with inifiles this function accepts arrays as keys where index 0 is the group and index 1 is the value name. See: dba_key_split().
* </p>
* #param $skip The number of key-value pairs to ignore when using cdb databases. This value is ignored for all other databases which do not support multiple keys with the same name.
* #param mixed $handle The database handler, returned by dba_open() or dba_popen().
* #return Returns the associated string if the key/data pair is found, FALSE otherwise.
*/
function dba_fetch ( $key , $skip , $handle ) {}
/**
* dba_delete — Delete DBA entry specified by key
* #link http://php.net/manual/en/function.dba-delete.php
*
* #param mixed $key The key of the entry which is deleted.
* #param mixed $handle The database handler, returned by dba_open() or dba_popen().
* #return Returns TRUE on success or FALSE on failure.
*/
function dba_delete ( $key , $handle ) {}
/**
* dba_replace — Replace or insert entry
* #link http://php.net/manual/en/function.dba-replace.php
*
* #param mixed $key The key of the entry to be replaced.
* #param mixed $value The value to be replaced.
* #param mixed $handle The database handler, returned by dba_open() or dba_popen().
* #return Returns TRUE on success or FALSE on failure.
*/
function dba_replace ( $key , $value , $handle ) {}
/**
* dba_insert() inserts the entry described with key and value into the database.
* #link http://php.net/manual/en/function.dba-insert.php
*
* #param string $key <p>The key of the entry to be inserted. If this key already exist in the database, this function will fail. Use dba_replace() if you need to replace an existent key.</p>
* #param string $value <p>The value to be inserted.</p>
* #param mixed $handle <p>The database handler, returned by dba_open() or dba_popen().</p>
*
* #return Returns TRUE on success or FALSE on failure.
*/
function dba_insert ( $key , $value , $handle ) {}
/**
* dba_firstkey() returns the first key of the database and resets the internal key pointer. This permits a linear search through the whole database.
*
* #link http://php.net/manual/en/function.dba-firstkey.php
*
* #param mixed $handle The database handler, returned by dba_open() or dba_popen().
* #return Returns the key on success or FALSE on failure.
*/
function dba_firstkey ( $handle ) {}
/**
* dba_nextkey() returns the next key of the database and advances the internal key pointer.
*
* #link http://php.net/manual/en/function.dba-nextkey.php
*
* #param mixed $handle The database handler, returned by dba_open() or dba_popen().
* #return Returns the key on success or FALSE on failure.
*/
function dba_nextkey ( $handle ) {}
/**
*
* #link http://php.net/manual/en/function.dba-close.php
*
* #param mixed $handle The database handler, returned by dba_open() or dba_popen().
* #return No value is returned.
*/
function dba_close ( $handle ) {}
Ok, this is a bit complicated, so bear with me.
I'm running a PHPBB Forum for some time now and my goal is to create a Zend2 PHP Application using its User Administration and Authentication Features instead of building up a completely new Authorization component which would in turn need to synchronize with the Forum again.
Following Components will be used in the live environment: PHPBB3, Zend Framework 2 (latest stable), Apache, PHP 5.6+, MySQL running on a virtual Linux server without root access.
My Development Environment (running all examples below)is: PHPBB3, Zend Framework 2 (latest stable), XAMPP 3.2.2, PHP 5.6.21 with xdebug enabled, MariaDB running on Windows 8.
Whenever integration of PHPBB is asked for the following lines inevitably turn up in searches:
global $phpbb_root_path, $phpEx, $user, $db, $config, $cache, $template;
define('IN_PHPBB', true);
$phpbb_root_path = './forum/phpBB3/'; // this path is from an external example
$phpEx = substr(strrchr(__FILE__, '.'), 1);
$phpBBFile = $phpbb_root_path . 'common.' . $phpEx;
include($phpBBFile);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
I have already had success including those without using a framework or by calling php directly through ajax, but now - using the Zend 2 Framework - there are multiple problems surfacing when including native PHPBB3 code.
I have to say I am not an experienced PHP programmer and I have been learning about Zend for just a couple of days now.
My first try centered on integrating the above code before the Zend Application is called in Zends index.php:
....
// Setup autoloading
require 'init_autoloader.php';
global $phpbb_root_path, $phpEx, $user, $db, $config, $cache, $template;
define('IN_PHPBB', true);
$phpbb_root_path = 'public/forums/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
$phpBBFile = $phpbb_root_path . 'common.' . $phpEx;
include($phpBBFile);
// Run the application!
Zend\Mvc\Application::init(require 'config/application.config.php')->run();
....
Resulting in this error:
Catchable fatal error: Argument 1 passed to Zend\Stdlib\Parameters::__construct() must be of the type array,
object given, called in C:\xampp\htdocs\myZendApp\vendor\zendframework\zend-http\src\PhpEnvironment\Request.php
on line 72 and defined in C:\xampp\htdocs\myZendApp\vendor\zendframework\zend-stdlib\src\Parameters.php on line 24
So calling PHPBB this early on seems to mess up Zend in a bad way I went on to other implementations.
My favored design would include a separate Authentication Zend Module which handles PHPBB authentication and is available as a service for all routes and their controllers.
Including and calling the phpbb scripts however lead to various problems probably related to the heavy use of globals.
Here some example code from the checkAction in the PhpbbAuthController:
public function checkAction(){
global $phpbb_root_path, $phpEx, $user, $db, $config, $cache, $template;
define('IN_PHPBB', true);
$phpbb_root_path = 'public/forums/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
$phpBBFile = $phpbb_root_path . 'common.' . $phpEx;
include($phpBBFile);
$user->session_begin();
$auth->acl($user->data);
$user->setup();
$response = array();
if ($user->data['user_id'] == ANONYMOUS) {
$response['loginState'] = "logged_out";
} else {
$response['loginState'] = "logged_in";
}
return new ViewModel($response);
}
And here the error from executing session_begin()
Fatal error: Call to a member function header() on null in
C:\xampp\htdocs\myZendApp\public\forums\phpbb\session.php on line 228
After debugging into it it seemed that all references to the $request and $symfony_request inside those authentication functions where NULL.
After sinking lots of hours into discerning a way to execute the scripts from Zend context I have set my eyes on a way to execute the scripts in a separate context.
The easiest way that came to my mind was to call the script from an HttpClient and use the Result text to drive my Authentication Service.
To do that I would need to retrieve the session cookie from the called scripts and store it for use in the Zend application.
If I channel the scripts through the Zend Framework I seem to run into the same problem again (having PHBB code in a Zend Controller), so I can't use Zends routing to access them.
Since I am using an http request I have to store the scripts in the public directory or a subdirectory of it.
And that is where I am right now. The internal call to the php files that use PHPBB work fine on their own, but the HttpClient I use (from a Zend Controller class for now) does run into a timeout at every turn, which I formulated into another question here: Zend 2 Http Client Request times out when requesting php file from localhost/public directory.
I would appreciate your views, hints and possible architectures or even part solutions to my problem/s mentioned above.
What I do not want to do under any circumstances is to invent my own authentication and user administration as it would always be inferior to the complex but proven system which is already in PHPBB and lead to security issues in the long run.
Also the Zend application is considered an "Extra" since the Forum is the core of the site as things stand now.
Thank you very much for your time and please ask for additional information. (I couldn't possible include all the code and I don't know what else would be relevant to you at this point)
PHPBB 3.x is based on symfony and uses symfony components. The posts you are referencing are extremely outdated.
Please take a look at:
https://github.com/phpbb/phpbb/blob/3.1.x/phpBB/config/auth.yml (the container's definition of authentication providers for PHPBB3)
Version on master
https://github.com/phpbb/phpbb/blob/master/phpBB/config/default/container/services_auth.yml
AND
https://github.com/phpbb/phpbb/blob/3.1.x/phpBB/phpbb/auth/provider/provider_interface.php (shown below)
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* #copyright (c) phpBB Limited <https://www.phpbb.com>
* #license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider;
/**
* The interface authentication provider classes have to implement.
*/
interface provider_interface
{
/**
* Checks whether the user is currently identified to the authentication
* provider.
* Called in acp_board while setting authentication plugins.
* Changing to an authentication provider will not be permitted in acp_board
* if there is an error.
*
* #return boolean|string False if the user is identified, otherwise an
* error message, or null if not implemented.
*/
public function init();
/**
* Performs login.
*
* #param string $username The name of the user being authenticated.
* #param string $password The password of the user.
* #return array An associative array of the format:
* array(
* 'status' => status constant
* 'error_msg' => string
* 'user_row' => array
* )
* A fourth key of the array may be present:
* 'redirect_data' This key is only used when 'status' is
* equal to LOGIN_SUCCESS_LINK_PROFILE and its value is an
* associative array that is turned into GET variables on
* the redirect url.
*/
public function login($username, $password);
/**
* Autologin function
*
* #return array|null containing the user row, empty if no auto login
* should take place, or null if not impletmented.
*/
public function autologin();
/**
* This function is used to output any required fields in the authentication
* admin panel. It also defines any required configuration table fields.
*
* #return array|null Returns null if not implemented or an array of the
* configuration fields of the provider.
*/
public function acp();
/**
* This function updates the template with variables related to the acp
* options with whatever configuraton values are passed to it as an array.
* It then returns the name of the acp file related to this authentication
* provider.
* #param array $new_config Contains the new configuration values that
* have been set in acp_board.
* #return array|null Returns null if not implemented or an array with
* the template file name and an array of the vars
* that the template needs that must conform to the
* following example:
* array(
* 'TEMPLATE_FILE' => string,
* 'TEMPLATE_VARS' => array(...),
* )
* An optional third element may be added to this
* array: 'BLOCK_VAR_NAME'. If this is present,
* then its value should be a string that is used
* to designate the name of the loop used in the
* ACP template file. When this is present, an
* additional key named 'BLOCK_VARS' is required.
* This must be an array containing at least one
* array of variables that will be assigned during
* the loop in the template. An example of this is
* presented below:
* array(
* 'BLOCK_VAR_NAME' => string,
* 'BLOCK_VARS' => array(
* 'KEY IS UNIMPORTANT' => array(...),
* ),
* 'TEMPLATE_FILE' => string,
* 'TEMPLATE_VARS' => array(...),
* )
*/
public function get_acp_template($new_config);
/**
* Returns an array of data necessary to build custom elements on the login
* form.
*
* #return array|null If this function is not implemented on an auth
* provider then it returns null. If it is implemented
* it will return an array of up to four elements of
* which only 'TEMPLATE_FILE'. If 'BLOCK_VAR_NAME' is
* present then 'BLOCK_VARS' must also be present in
* the array. The fourth element 'VARS' is also
* optional. The array, with all four elements present
* looks like the following:
* array(
* 'TEMPLATE_FILE' => string,
* 'BLOCK_VAR_NAME' => string,
* 'BLOCK_VARS' => array(...),
* 'VARS' => array(...),
* )
*/
public function get_login_data();
/**
* Performs additional actions during logout.
*
* #param array $data An array corresponding to
* \phpbb\session::data
* #param boolean $new_session True for a new session, false for no new
* session.
*/
public function logout($data, $new_session);
/**
* The session validation function checks whether the user is still logged
* into phpBB.
*
* #param array $user
* #return boolean true if the given user is authenticated, false if the
* session should be closed, or null if not implemented.
*/
public function validate_session($user);
/**
* Checks to see if $login_link_data contains all information except for the
* user_id of an account needed to successfully link an external account to
* a forum account.
*
* #param array $login_link_data Any data needed to link a phpBB account to
* an external account.
* #return string|null Returns a string with a language constant if there
* is data missing or null if there is no error.
*/
public function login_link_has_necessary_data($login_link_data);
/**
* Links an external account to a phpBB account.
*
* #param array $link_data Any data needed to link a phpBB account to
* an external account.
*/
public function link_account(array $link_data);
/**
* Returns an array of data necessary to build the ucp_auth_link page
*
* #param int $user_id User ID for whom the data should be retrieved.
* defaults to 0, which is not a valid ID. The method
* should fall back to the current user's ID in this
* case.
* #return array|null If this function is not implemented on an auth
* provider then it returns null. If it is implemented
* it will return an array of up to four elements of
* which only 'TEMPLATE_FILE'. If 'BLOCK_VAR_NAME' is
* present then 'BLOCK_VARS' must also be present in
* the array. The fourth element 'VARS' is also
* optional. The array, with all four elements present
* looks like the following:
* array(
* 'TEMPLATE_FILE' => string,
* 'BLOCK_VAR_NAME' => string,
* 'BLOCK_VARS' => array(...),
* 'VARS' => array(...),
* )
*/
public function get_auth_link_data($user_id = 0);
/**
* Unlinks an external account from a phpBB account.
*
* #param array $link_data Any data needed to unlink a phpBB account
* from a phpbb account.
*/
public function unlink_account(array $link_data);
}
The interface you can implement to create a provider for your Zend framework project.
You can see how the providers are used when a session is created
https://github.com/phpbb/phpbb/blob/master/phpBB/phpbb/session.php#L560
/* #var $provider_collection \phpbb\auth\provider_collection */
$provider_collection = $phpbb_container->get('auth.provider_collection');
$provider = $provider_collection->get_provider();
$this->data = $provider->autologin();
Make sure both projects use the same cookies, or that zend is also setting the phpBB cookies and session when a user is logging in as session_start uses this to look for session ids:
if ($request->is_set($config['cookie_name'] . '_sid', \phpbb\request\request_interface::COOKIE) || $request->is_set($config['cookie_name'] . '_u', \phpbb\request\request_interface::COOKIE))
{
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
$this->session_id = request_var($config['cookie_name'] . '_sid', '', false, true);
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
$_SID = (defined('NEED_SID')) ? $this->session_id : '';
if (empty($this->session_id))
{
$this->session_id = $_SID = request_var('sid', '');
$SID = '?sid=' . $this->session_id;
$this->cookie_data = array('u' => 0, 'k' => '');
}
}
else
{
$this->session_id = $_SID = request_var('sid', '');
$SID = '?sid=' . $this->session_id;
}
Thank you.
I am using the FOSRestBundle and was wondering is it possible to validate against empty query parameters using annotations?
For example when calling: /comments/1 an exception is thrown since both dealId and source query parameters haven't been set.
However calling /comments/1?dealId=1&source= is fine even though the source value hasn't ben set and doesn't match the regex outlined in the annotation.
Controller function:
/**
* Get a single comment.
*
* #Annotations\QueryParam(name="dealId", requirements="\d+", strict=true, description="The deal the comments belong to.")
* #Annotations\QueryParam(name="source", requirements="(forum|blog)", strict=true, description="The source of the comments.")
*
* #Annotations\View()
*
* #Annotations\Get("/comments/{id}", requirements={"id" = "\d+"})
*
*/
public function getCommentAction(Request $request, ParamFetcherInterface $paramFetcher, $id)
{
$dealId = $paramFetcher->get('dealId');
$source = $paramFetcher->get('source');
// TODO: Implement
return [ 'id' => $id, 'dealId' => $dealId, 'source' => $source ];
}
Update
I raised this issue on the FOSRestBundle's GitHub repo too and it looks as if what I am asking for is currently not possible due to the limitations of the Regex validator that is being used.
https://github.com/FriendsOfSymfony/FOSRestBundle/issues/814#issuecomment-49696288
If you want to force your parameters to be checked, you can change config file as explained in the documentation, Here is the sample:
fos_rest: param_fetcher_listener: force
Then you can set other options like strict, nullable accordingly.
See more details here :
http://symfony.com/doc/current/bundles/FOSRestBundle/configuration-reference.html (archive.org)
https://symfony.com/doc/3.x/bundles/FOSRestBundle/index.html#config-reference
https://symfony.com/doc/3.x/bundles/FOSRestBundle/annotations-reference.html
Just use the allowBlank option of the QueryParam. In your case you would set the allowBlank to false to get the expected behaviour:
The allowBlank option is NOT YET in the FOSRestBundle, but I provided a patch to the FOSRestBundle which has a good chance to land in the next release, version 1.5.0 of the bundle.
This is how your Controller would look like:
/**
* Get a single comment.
*
* #Annotations\QueryParam(name="dealId", requirements="\d+", strict=true, description="The deal the comments belong to.")
* #Annotations\QueryParam(name="source", requirements="(forum|blog)", strict=true, allowBlank=false, description="The source of the comments.")
*
* #Annotations\View()
*
* #Annotations\Get("/comments/{id}", requirements={"id" = "\d+"})
*
*/
public function getCommentAction(Request $request, ParamFetcherInterface $paramFetcher, $id)
{
$dealId = $paramFetcher->get('dealId');
$source = $paramFetcher->get('source');
}
The tricky part is allowing source and dealId to be empty but I think it's possible by
adding these parameters to your route (so they must be specified in order to access the controller) and using a string prefix for each parameter (i.e. dealid_ and source_), so it's possible to specify an empty value.
You'll also need to modify the regex requirements to allow empty values.
/**
* Get a single comment.
*
* #Annotations\View()
* #Annotations\Get("/comments/{id}/dealid_{dealId}/source_{source}",
* requirements={"id" = "\d+", "dealId" = "\d*", "source" = "(forum|blog)*"})
*/
public function getCommentAction(Request $request,
ParamFetcherInterface $paramFetcher, $id, $dealId, $source)
{
return [ 'id' => $id, 'dealId' => $dealId, 'source' => $source ];
}
#Annotations\QueryParam expects a nullable parameter to be set (true or false) if the strict parameter is used. Try setting it.
I guess you want:
#Annotations\QueryParam(name="dealId", requirements="\d+", strict=true, nullable=false, description="The deal the comments belong to.")
#Annotations\QueryParam(name="source", requirements="(forum|blog)", strict=true, nullable=false, description="The source of the comments.")
Also read more about QueryParam in the docs.
I am not familiar with symfony, but I think a simple
$dealId = isset($dealId) ? $dealId : '';
Would help your problem
Here is the scenario:
There are 5 websites (different domain names) that need to share a session. I am using a bit of code on each site which returns a "blank.gif" image and at the same time sets the session (syncing it up to the current session). Each of the sites calls a session-img from each of the other sites. Also, all sites have access to the same database (where the session is stored). This works great on FF and Chrome, but not on IE (or Safari PC)...
I need to come up with an alternative method to keep a session active? The app is a small custom CMS, so really only 2-3 people will be using it.
I can probably identify user logins by IP and then continue to check for the IP accross all sites...
Is there something more granular such as a computer uuid that i can check for?
Anything that would make this possible without cooperation from users would be a bug in regard to user privacy and anonymity which would eventually get fixed. Websites aren't supposed to be able to find out what other sites a user has been to and what he has done there.
If it is the same session, why don't
you just transfer the session ID as a
GET parameter when the user moves from
one page to another? – #Daff
#Daff, if you add your answer here, I'll modify and select it as the answer
You could override the session handler to make it save session data in a database shared by your different websites.
Then, you'd have to set a session cookie with the same session ID on each server.
You'd have to use session_set_save_handler and make something like that :
/**
* #desc function used to open sessions
* #param string session path
* #param string session id
* #return bool
*/
function xx_session_open($path, $id){
return true;
}
/**
* #desc used when closing a session
* #return bool
*/
function xx_session_close(){
return true;
}
/**
* #desc saves session data
* #param string session id
* #param string session data
* #uses xx_crypt
* #return bool
* #global object PDO instance
*/
function xx_session_write($id, $data){
global $db;
$crypted = xx_crypt($data);
// Saves data into db
$sql = 'REPLACE INTO sessions (`ID`, `data`, `lastUsed`, `IV`) VALUES(:id, :data, NOW(), :iv)';
$sth = $db->prepare($sql);
$sth->execute(array(':id'=>$id, ':data'=>$crypted[0], ':iv'=>$crypted[1]));
return true;
}
/**
* #desc gets session data
* #param string session ID
* #return string
* #global object PDO instance
* #uses xx_decrypt
*/
function xx_session_read($id){
global $db;
$sql = 'SELECT `data`, `IV` FROM sessions WHERE `ID`=:id';
$sth = $db->prepare($sql);
$sth->execute(array(':id'=>$id));
list($crypted, $iv) = $sth->fetch();
$data = xx_decrypt($crypted, $iv);
return $data;
}
/**
* #desc destroys a session
* #param string session ID
* #return bool
* #global object PDO instance
*/
function xx_session_destroy($id){
global $db;
$sql = 'DELETE FROM sessions WHERE `ID`=:id';
$sth = $db->prepare($sql);
$sth->execute(array(':id'=>$id));
return true;
}
/**
* #desc delete old sessions
* #param int session lifetime (in seconds)
* #return bool
* #global object PDO instance
*/
function xx_session_gc($lifetime){
global $db;
$sql = 'DELETE FROM sessions WHERE `lastUsed` < :limit';
$sth = $db->prepare($sql);
$sth->execute(array(':limit'=>date('Y-m-d H:i:s',time() - $lifetime)));
return true;
}
// Set session handler
session_set_save_handler("xx_session_open", "xx_session_close", "xx_session_read", "xx_session_write", "xx_session_destroy", "xx_session_gc");
If all you want is a Single Sign On mechanism, you could check the Kerberos protocol which is made for that.