Location: PHPKode > scripts > Secure Session Management > secure-session-management/systems/session_manager.php
<?php
/* 
############################[     <about>         ] ####################### 
    Author ::                	Bijaya Kumar Behera  <hide@address.com> 
	Website ::					http://digitalwebsolutions.in
    Add ::					    +91 9911033016 ,011-25331969                    
############################[      </about>         ] ####################### 
*/ 
class SessionManager
{
    private $ciphered = false;
	private $userAgentCheck =false;
	private $path = '/';
	private $host = '/';
	private $ideal = 0; // in sec, 0 for ignore ideal times
	private $level = 0 ;
	private $postCheck = true;
	private $refreshCheck = true;
	private $sessionId = null;
	private $cookieLifeTime =0 ;
	private $sessionPath = null;
	private $sessionStartTime = 0;
	private $userAgent = '';
	private $APP_SESS  ="APP_SESS";
	
	//Holds the guid from the http-posts
	private $queue = array();
	private $regenerate = false;
	const queueSize = 3;
	private static $sessions;
	private $useSession ='default';
	public static function setSessions(&$sessions ) {
		if( !is_array($sessions) || count($sessions)==0 ) {
		$sessions = array(
								 'default' => array( 
													'name' =>'3GROCKETSESS',
													'use'	=>'file',
													'level'  =>0,
													'ciphered' =>true ,
													'ideal'	=>0,
													'postCheck' => true 
													)
					
							) ;				
		}
		self::$sessions = &$sessions;
	
	}
	public static function autoStartSession($useSession) {
			$use_session_config= self::getSessionConfig($useSession);
			if(  isset($use_session_config['name']) && isset($_COOKIE[$use_session_config['name']] )) 
				return self::startSession($useSession);
			else 
				return  self::startSession($useSession, FALSE);		
	}
	public static function getSessionConfig($useSession) {
		if( ! isset( self:: $sessions[$useSession] ) )
			throw new Exception("Session config information not found  i,e '$useSession' ");
		$use_session_config = self:: $sessions[$useSession] ;		
		return  $use_session_config;
	}
	public static function &startSession($useSession = 'default', $flag =  true) {
		static $instance= array() ;
		$use_session_config= self::getSessionConfig($useSession);
		
		if( ! $flag && empty($instance)  ) {
			$sessInstance = &new SessionManager();
			$sessInstance->ciphered = ! isset($use_session_config['ciphered']) ?  false : $use_session_config['ciphered'] ;
			$sessInstance->level =  ! isset($use_session_config['level']) || !in_array($use_session_config['level'], array(1,2,3,4) ) ?  0  : $use_session_config['level'];
			
			
			
			$sessInstance->useSession =$useSession;
			return  $sessInstance;
		}	
		
			
		if(  empty($instance) ) {
			
			$sessInstance = new SessionManager();
			$sessInstance->useSession =$useSession;
			$sessInstance->ciphered = ! isset($use_session_config['ciphered']) ?  false : $use_session_config['ciphered'] ;
			$sessInstance->level =  ! isset($use_session_config['level']) || !in_array($use_session_config['level'], array(1,2,3,4) ) ?  0  : $use_session_config['level'] ;
			$sessInstance->postCheck = ! isset($use_session_config['postCheck']) ?  false : $use_session_config['postCheck'] ;
			$sessInstance->refreshCheck = ! isset($use_session_config['refreshCheck']) ?  false : $use_session_config['refreshCheck'] ;
			
			$sessInstance->userAgentCheck = ! isset($use_session_config['userAgentCheck']) ?  false : $use_session_config['userAgentCheck'] ;
			
			$sessInstance->regenerate = ! isset($use_session_config['regenerate']) ?  false : $use_session_config['regenerate'] ;
			$sessInstance->ideal = ! isset($use_session_config['ideal']) ?  0  : $use_session_config['ideal'] ; 
			$sessInstance->name =  ! isset($use_session_config['name']) ?  '3GROCKETSESS' : $use_session_config['name'];
			$sessInstance->cookieLifeTime =  ! isset($use_session_config['life_time']) ?  false : $use_session_config['life_time'];
			$sessInstance->sessionPath =  ! isset($use_session_config['session_path'])  ?  SITE_ROOT . DS . 'temp' .DS .'sessions_data'  : $use_session_config['session_path'];
		
			if( $sessInstance->level  == 1 && ! headers_sent() ) {
				header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
				header("Last-Modified: ".gmdate("D, d M Y H:i:s" )." GMT");
				header("Expires: -1");
				header("Cache-Control: no-cache,no-store, must-revalidate, post-check=0, pre-check=0 ");
			}
			$isFunIniSet = function_exists('ini_set');
			if( $isFunIniSet && isset($_SERVER['HTTPS'])  && $_SERVER['HTTPS'] == 'on'  ) {
				ini_set('session.cookie_secure', 1);
			}
			$sessInstance->cookieLifeTime = $sessInstance->cookieLifeTime  == FALSE ? 0 :  $sessInstance->cookieLifeTime ;
			switch (true) {
				case    isset($use_session_config['use'])  && $use_session_config['use'] == 'file'   :
				case isset($use_session_config['use'])  && $use_session_config['use'] == 'database':
						// not used 
				default :
					if ( is_null ($_SESSION)  && $isFunIniSet  ) {
						ini_set('session.use_trans_sid', 0);
						ini_set('url_rewriter.tags', '');
						ini_set('session.serialize_handler', 'php');
						ini_set('session.use_cookies', 1);
						ini_set('session.name',$sessInstance->name);
						ini_set('session.cookie_lifetime', $sessInstance->cookieLifeTime);
						ini_set('session.cookie_path', '/');
						ini_set('session.auto_start', 0);
						ini_set('session.save_path', $sessInstance->sessionPath  );
					}
					break;
			}
			if (ini_get('session.auto_start') == true && session_name() != $sessInstance->name) {
		 			  session_write_close();
			}
			if( is_null ($_SESSION) ) {
				@session_name($sessInstance->name); 
				session_cache_limiter ("must-revalidate");
				header ('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
			}
			// Start session here ...
			session_start() ;
			if(! is_null ($_SESSION) ) {	
				if( $sessInstance->checkSet('session_timeout') ) 
					$sessInstance->sessionStartTime = $sessInstance->read('session_timeout');
				if( $sessInstance->userAgentCheck && $sessInstance->checkSet('userAgent') )
					$sessInstance->userAgent = 	$sessInstance->read('userAgent') ;							
				$sessInstance->write('session_timeout',  time() + $sessInstance->ideal ) ;
				$sessInstance->write('userAgent',  $_SERVER['HTTP_USER_AGENT']) ;
			}			
			$instance[] = &$sessInstance ;		
		}	
		return $instance[0];		
	} 	
   public function getRefreshGuid() {
   		return base64_encode( md5( uniqid()));
   }
   public function checkSession() {
   		$s = "";
		$refreshedDetected  = false ;	
		if( $this->refreshCheck &&  (strtolower($_SERVER['REQUEST_METHOD']) == 'post') && isset($_POST['REFRESH_GUID']) ) {
			$s  = $_POST['REFRESH_GUID'];
			if( ! $this->checkSet('REFRESH_QUEUE')  )
				$this->write('REFRESH_QUEUE', array() );			
			$queue  = $this->read('REFRESH_QUEUE');	
			if(  in_array($s, array_values($queue)) && strlen($s) >0 )
					$refreshedDetected = true;
			else {
				if ( count($queue) > self::queueSize  ) 
					$queue= array_slice($queue,0 ,self::queueSize);
				//since the post is not a refresh the guid is written to the queue
				array_unshift($queue, $s);	
				$this->write( 'REFRESH_QUEUE', $queue);
			}
					
		}
		$ret =  !(  ($this->postCheck  && (strtolower($_SERVER['REQUEST_METHOD']) == 'get')) || ($this->userAgentCheck &&  (strtolower($_SERVER['HTTP_USER_AGENT']) !=  strtolower($this->read('userAgent'))))  ||  ( $this->ideal!=0 && $this->sessionStartTime >0  && time() > $this->sessionStartTime ) || $refreshedDetected );
		
		if( $ret && $this->regenerate) 
			$this->regenerate_id() ;
		
		return $ret;
   }  
   public function regenerate_id( ) {
     	$oldSessionId = session_id();
		
		if ($oldSessionId &&  function_exists('session_regenerate_id')   )  {
			$sessionpath = session_save_path();
			if (PHP_VERSION < 5.1) {
				session_regenerate_id(true);
				$newSessid = session_id();
				if (function_exists('session_write_close')) {
					session_write_close();
				}
				$file = $sessionpath . DIRECTORY_SEPARATOR . "sess_$oldSessionId";
				@unlink($file);
				session_id($newSessid);
				session_start();
			} else {
				session_regenerate_id();
				$newSessid = session_id();
				session_write_close();
				$file = $sessionpath . DIRECTORY_SEPARATOR . "sess_$oldSessionId";
				@unlink($file);				
				session_id($newSessid);
				session_start();
			}
		}
   
   }
   public function delete($name ) {
   		if( $this->checkSet($name) ) {
			unset( $_SESSION[$this->APP_SESS][$name] );
			return true;
		} else
			return  false;  
   }
   public function destroy($force = false ) {
   		if( $force) {
			session_destroy();			
			session_write_close();
			$_SESSION = null;
			return true;
		} else {
		  		if( isset($_SESSION[$this->APP_SESS])  ){
					unset($_SESSION[$this->APP_SESS]);
					return true;
				} else
					return  false; 
		}
   }
   
   
   public function started() {
		return !is_null($_SESSION) ;		
	}	
   public function write($name , $value ) {
   		// not started , Start session now
		if( !$this->started() )
			$this->startSession($this->useSession, true);			
   		$_SESSION[$this->APP_SESS][$name] = $this->ciphered ? mcryptCryptography::getInstance()->encrypt( serialize($value)) : $value;
   }
   public function read($name, $default = false ) {
   		// Dont start session 
   		return $this->checkSet($name) ?  $this->ciphered ?  unserialize(mcryptCryptography::getInstance()->decrypt($_SESSION[$this->APP_SESS][$name]  ))  : $_SESSION[$this->APP_SESS][$name] : $default ;
	}
   public function checkSet($name) {
   		
		return isset( $_SESSION[$this->APP_SESS][$name]);
  }  
  public function flash() {
  	$args = func_get_args();
	if(  empty($args) ) {
		$FLASH_MSG = $this->read('FLASH_MSG');
		$this->delete('FLASH_MSG') ;
		return $FLASH_MSG;
	} else {
		$this->write('FLASH_MSG' ,$args[0]) ;
	}
	
  }
  public function jsDisabledKey() {
  		if( $this->level >0 ) :?>
			<script type="text/javascript" >
				function CtrlCutCopyPaste(e) {
					//For Ctrl Key
					if(e && e.keyCode == 17 || e && e.keyCode == 18) {	
						// Capture and remap F5
						alert('This Activity is Unauthorized!\n\r =>3G Rocket Framework 1.0');
						return false;
					}
					var keyCode = 0 ;
					if( e && e.keyCode == 116)  {	
						// Capture and remap F5
						//window.event.keyCode = 505;
						keyCode = 505 ;
					}
					if(e && keyCode == 505) { 
						// New action for F5
						alert('F5 Key Function is disabled on this Page\n\r =>3G Rocket Framework 1.0');
						return false; 
						// Must return false or the browser will refresh anyway
					}
					return true;
				}
				function disableF5Key(e) {
					var set = 0 ; 
					if(e && e.keyCode == 116)  {	
						// Capture and remap F5
						// Bugs in forfox 3.6.3 , find by me on 2010- june - 11 +/- 10.10:10 am
						//e.keyCode = 505;
						set = 505 ;
					}
					if(e && set == 505) { 
						// New action for F5
						alert('F5 Key Function is disabled on this Page\n\r =>3G Rocket Framework 1.0');
						return false; 
						// Must return false or the browser will refresh anyway
					}
					if(e && e.keyCode == '17'){
					alert('Control Key is disabled on this Page\n\r =>3G Rocket Framework 1.0');
					return false; 
					}
					if(e && e.keyCode == '18') {
					alert('Alt Key is disabled on this Page\n\r =>3G Rocket Framework 1.0');
					return false; 
					}
					return true; 
				}
				var message="Right Click Function Disabled on this Page!\n\r =>3G Rocket Framework 1.0";
				function clickIE4() {
					if (event.button==2){
						alert(message);
						return false;
					}
				}
				function clickNS4(e) {
					if (document.layers||document.getElementById&&!document.all){
						if (e.which==2||e.which==3) {
							alert(message);
							return false;
						}
					}
				}
				if (document.layers) {
					document.captureEvents(Event.MOUSEDOWN);
					document.onmousedown=clickNS4;
				}
				else if (document.all&&!document.getElementById){
					document.onmousedown=clickIE4;
				}
				document.oncontextmenu=new Function("alert(message);return false")
				//document.onkeydown = disableF5Key
				//document.onkeydown  = CtrlCutCopyPaste
				document.onkeydown=doc_onKeyDown ; // new Function("disableF5Key();CtrlCutCopyPaste();return false")
				 function doc_onKeyDown(e) {
					if( typeof e == 'undefined' ) 
						e =  window.event ;
					if ( disableF5Key(e)  ==  true	 )
						return CtrlCutCopyPaste(e);
					else 
						return false;
				 }
		
		
		</script>
		<?php 	endif; 
  
  }
  
  
}
?>
Return current item: Secure Session Management