<?php /** * This file is part of the CodeIgniter 4 framework. * * (c) CodeIgniter Foundation <admin@codeigniter.com> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace CodeIgniter\Session\Handlers; use CodeIgniter\Database\BaseConnection; use CodeIgniter\Session\Exceptions\SessionException; use Config\App as AppConfig; use Config\Database; use Exception; /** * Session handler using current Database for storage */ class DatabaseHandler extends BaseHandler { /** * The database group to use for storage. * * @var string */ protected $DBGroup; /** * The name of the table to store session info. * * @var string */ protected $table; /** * The DB Connection instance. * * @var BaseConnection */ protected $db; /** * The database type, for locking purposes. * * @var string */ protected $platform; /** * Row exists flag * * @var boolean */ protected $rowExists = false; //-------------------------------------------------------------------- /** * Constructor * * @param AppConfig $config * @param string $ipAddress */ public function __construct(AppConfig $config, string $ipAddress) { parent::__construct($config, $ipAddress); // Determine Table $this->table = $config->sessionSavePath; if (empty($this->table)) { throw SessionException::forMissingDatabaseTable(); } // Get DB Connection // @phpstan-ignore-next-line $this->DBGroup = $config->sessionDBGroup ?? config(Database::class)->defaultGroup; $this->db = Database::connect($this->DBGroup); // Determine Database type $driver = strtolower(get_class($this->db)); if (strpos($driver, 'mysql') !== false) { $this->platform = 'mysql'; } elseif (strpos($driver, 'postgre') !== false) { $this->platform = 'postgre'; } } //-------------------------------------------------------------------- /** * Open * * Ensures we have an initialized database connection. * * @param string $savePath Path to session files' directory * @param string $name Session cookie name * * @return boolean * @throws Exception */ public function open($savePath, $name): bool { if (empty($this->db->connID)) { $this->db->initialize(); } return true; } //-------------------------------------------------------------------- /** * Read * * Reads session data and acquires a lock * * @param string $sessionID Session ID * * @return string Serialized session data */ public function read($sessionID): string { if ($this->lockSession($sessionID) === false) { $this->fingerprint = md5(''); return ''; } // Needed by write() to detect session_regenerate_id() calls if (is_null($this->sessionID)) // @phpstan-ignore-line { $this->sessionID = $sessionID; } $builder = $this->db->table($this->table) ->select('data') ->where('id', $sessionID); if ($this->matchIP) { $builder = $builder->where('ip_address', $this->ipAddress); } $result = $builder->get()->getRow(); if ($result === null) { // PHP7 will reuse the same SessionHandler object after // ID regeneration, so we need to explicitly set this to // FALSE instead of relying on the default ... $this->rowExists = false; $this->fingerprint = md5(''); return ''; } // PostgreSQL's variant of a BLOB datatype is Bytea, which is a // PITA to work with, so we use base64-encoded data in a TEXT // field instead. if (is_bool($result)) { $result = ''; } else { $result = ($this->platform === 'postgre') ? base64_decode(rtrim($result->data), true) : $result->data; } $this->fingerprint = md5($result); $this->rowExists = true; return $result; } //-------------------------------------------------------------------- /** * Write * * Writes (create / update) session data * * @param string $sessionID Session ID * @param string $sessionData Serialized session data * * @return boolean */ public function write($sessionID, $sessionData): bool { if ($this->lock === false) { return $this->fail(); } // Was the ID regenerated? if ($sessionID !== $this->sessionID) { $this->rowExists = false; $this->sessionID = $sessionID; } if ($this->rowExists === false) { $insertData = [ 'id' => $sessionID, 'ip_address' => $this->ipAddress, 'timestamp' => time(), 'data' => $this->platform === 'postgre' ? base64_encode($sessionData) : $sessionData, ]; if (! $this->db->table($this->table)->insert($insertData)) { return $this->fail(); } $this->fingerprint = md5($sessionData); $this->rowExists = true; return true; } $builder = $this->db->table($this->table)->where('id', $sessionID); if ($this->matchIP) { $builder = $builder->where('ip_address', $this->ipAddress); } $updateData = [ 'timestamp' => time(), ]; if ($this->fingerprint !== md5($sessionData)) { $updateData['data'] = ($this->platform === 'postgre') ? base64_encode($sessionData) : $sessionData; } if (! $builder->update($updateData)) { return $this->fail(); } $this->fingerprint = md5($sessionData); return true; } //-------------------------------------------------------------------- /** * Close * * Releases locks and closes file descriptor. * * @return boolean */ public function close(): bool { return ($this->lock && ! $this->releaseLock()) ? $this->fail() : true; } //-------------------------------------------------------------------- /** * Destroy * * Destroys the current session. * * @param string $sessionID * * @return boolean */ public function destroy($sessionID): bool { if ($this->lock) { $builder = $this->db->table($this->table)->where('id', $sessionID); if ($this->matchIP) { $builder = $builder->where('ip_address', $this->ipAddress); } if (! $builder->delete()) { return $this->fail(); } } if ($this->close()) { $this->destroyCookie(); return true; } return $this->fail(); } //-------------------------------------------------------------------- /** * Garbage Collector * * Deletes expired sessions * * @param integer $maxlifetime Maximum lifetime of sessions * * @return boolean */ public function gc($maxlifetime): bool { return ($this->db->table($this->table)->delete('timestamp < ' . (time() - $maxlifetime))) ? true : $this->fail(); } //-------------------------------------------------------------------- /** * Lock the session. * * @param string $sessionID * @return boolean */ protected function lockSession(string $sessionID): bool { if ($this->platform === 'mysql') { $arg = md5($sessionID . ($this->matchIP ? '_' . $this->ipAddress : '')); if ($this->db->query("SELECT GET_LOCK('{$arg}', 300) AS ci_session_lock")->getRow()->ci_session_lock) { $this->lock = $arg; return true; } return $this->fail(); } if ($this->platform === 'postgre') { $arg = "hashtext('{$sessionID}')" . ($this->matchIP ? ", hashtext('{$this->ipAddress}')" : ''); if ($this->db->simpleQuery("SELECT pg_advisory_lock({$arg})")) { $this->lock = $arg; return true; } return $this->fail(); } // Unsupported DB? Let the parent handle the simplified version. return parent::lockSession($sessionID); } //-------------------------------------------------------------------- /** * Releases the lock, if any. * * @return boolean */ protected function releaseLock(): bool { if (! $this->lock) { return true; } if ($this->platform === 'mysql') { if ($this->db->query("SELECT RELEASE_LOCK('{$this->lock}') AS ci_session_lock")->getRow()->ci_session_lock) { $this->lock = false; return true; } return $this->fail(); } if ($this->platform === 'postgre') { if ($this->db->simpleQuery("SELECT pg_advisory_unlock({$this->lock})")) { $this->lock = false; return true; } return $this->fail(); } // Unsupported DB? Let the parent handle the simple version. return parent::releaseLock(); } //-------------------------------------------------------------------- }