Commit e6672984 by Qiang Xue

Finished cookie.

Finished SecurityHelper.
parent b858db7d
...@@ -298,14 +298,6 @@ class Application extends Module ...@@ -298,14 +298,6 @@ class Application extends Module
date_default_timezone_set($value); date_default_timezone_set($value);
} }
// /**
// * Returns the security manager component.
// * @return SecurityManager the security manager application component.
// */
// public function getSecurityManager()
// {
// return $this->getComponent('securityManager');
// }
// //
// /** // /**
// * Returns the locale instance. // * Returns the locale instance.
......
<?php
/**
* SecurityManager class file.
*
* @link http://www.yiiframework.com/
* @copyright Copyright &copy; 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace yii\base;
/**
* SecurityManager provides private keys, hashing and encryption functions.
*
* @author Qiang Xue <qiang.xue@gmail.com>
* @since 2.0
*/
class SecurityManager extends Component
{
const STATE_VALIDATION_KEY = 'Yii.SecurityManager.validationkey';
const STATE_ENCRYPTION_KEY = 'Yii.SecurityManager.encryptionkey';
/**
* @var string the name of the hashing algorithm to be used by {@link computeHMAC}.
* See {@link http://php.net/manual/en/function.hash-algos.php hash-algos} for the list of possible
* hash algorithms. Note that if you are using PHP 5.1.1 or below, you can only use 'sha1' or 'md5'.
*
* Defaults to 'sha1', meaning using SHA1 hash algorithm.
*/
public $hashAlgorithm = 'sha1';
/**
* @var mixed the name of the crypt algorithm to be used by {@link encrypt} and {@link decrypt}.
* This will be passed as the first parameter to {@link http://php.net/manual/en/function.mcrypt-module-open.php mcrypt_module_open}.
*
* This property can also be configured as an array. In this case, the array elements will be passed in order
* as parameters to mcrypt_module_open. For example, <code>array('rijndael-256', '', 'ofb', '')</code>.
*
* Defaults to 'des', meaning using DES crypt algorithm.
*/
public $cryptAlgorithm = 'des';
private $_validationKey;
private $_encryptionKey;
/**
* @return string a randomly generated private key
*/
protected function generateRandomKey()
{
return sprintf('%08x%08x%08x%08x', mt_rand(), mt_rand(), mt_rand(), mt_rand());
}
/**
* @return string the private key used to generate HMAC.
* If the key is not explicitly set, a random one is generated and returned.
*/
public function getValidationKey()
{
if ($this->_validationKey !== null) {
return $this->_validationKey;
} else {
if (($key = \Yii::$app->getGlobalState(self::STATE_VALIDATION_KEY)) !== null) {
$this->setValidationKey($key);
} else {
$key = $this->generateRandomKey();
$this->setValidationKey($key);
\Yii::$app->setGlobalState(self::STATE_VALIDATION_KEY, $key);
}
return $this->_validationKey;
}
}
/**
* @param string $value the key used to generate HMAC
* @throws CException if the key is empty
*/
public function setValidationKey($value)
{
if (!empty($value)) {
$this->_validationKey = $value;
} else {
throw new CException(Yii::t('yii|SecurityManager.validationKey cannot be empty.'));
}
}
/**
* @return string the private key used to encrypt/decrypt data.
* If the key is not explicitly set, a random one is generated and returned.
*/
public function getEncryptionKey()
{
if ($this->_encryptionKey !== null) {
return $this->_encryptionKey;
} else {
if (($key = \Yii::$app->getGlobalState(self::STATE_ENCRYPTION_KEY)) !== null) {
$this->setEncryptionKey($key);
} else {
$key = $this->generateRandomKey();
$this->setEncryptionKey($key);
\Yii::$app->setGlobalState(self::STATE_ENCRYPTION_KEY, $key);
}
return $this->_encryptionKey;
}
}
/**
* @param string $value the key used to encrypt/decrypt data.
* @throws CException if the key is empty
*/
public function setEncryptionKey($value)
{
if (!empty($value)) {
$this->_encryptionKey = $value;
} else {
throw new CException(Yii::t('yii|SecurityManager.encryptionKey cannot be empty.'));
}
}
/**
* This method has been deprecated since version 1.1.3.
* Please use {@link hashAlgorithm} instead.
* @return string
*/
public function getValidation()
{
return $this->hashAlgorithm;
}
/**
* This method has been deprecated since version 1.1.3.
* Please use {@link hashAlgorithm} instead.
* @param string $value -
*/
public function setValidation($value)
{
$this->hashAlgorithm = $value;
}
/**
* Encrypts data.
* @param string $data data to be encrypted.
* @param string $key the decryption key. This defaults to null, meaning using {@link getEncryptionKey EncryptionKey}.
* @return string the encrypted data
* @throws CException if PHP Mcrypt extension is not loaded
*/
public function encrypt($data, $key = null)
{
$module = $this->openCryptModule();
$key = $this->substr($key === null ? md5($this->getEncryptionKey()) : $key, 0, mcrypt_enc_get_key_size($module));
srand();
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND);
mcrypt_generic_init($module, $key, $iv);
$encrypted = $iv . mcrypt_generic($module, $data);
mcrypt_generic_deinit($module);
mcrypt_module_close($module);
return $encrypted;
}
/**
* Decrypts data
* @param string $data data to be decrypted.
* @param string $key the decryption key. This defaults to null, meaning using {@link getEncryptionKey EncryptionKey}.
* @return string the decrypted data
* @throws CException if PHP Mcrypt extension is not loaded
*/
public function decrypt($data, $key = null)
{
$module = $this->openCryptModule();
$key = $this->substr($key === null ? md5($this->getEncryptionKey()) : $key, 0, mcrypt_enc_get_key_size($module));
$ivSize = mcrypt_enc_get_iv_size($module);
$iv = $this->substr($data, 0, $ivSize);
mcrypt_generic_init($module, $key, $iv);
$decrypted = mdecrypt_generic($module, $this->substr($data, $ivSize, $this->strlen($data)));
mcrypt_generic_deinit($module);
mcrypt_module_close($module);
return rtrim($decrypted, "\0");
}
/**
* Opens the mcrypt module with the configuration specified in {@link cryptAlgorithm}.
* @return resource the mycrypt module handle.
* @since 1.1.3
*/
protected function openCryptModule()
{
if (extension_loaded('mcrypt')) {
if (is_array($this->cryptAlgorithm)) {
$module = @call_user_func_array('mcrypt_module_open', $this->cryptAlgorithm);
} else {
$module = @mcrypt_module_open($this->cryptAlgorithm, '', MCRYPT_MODE_CBC, '');
}
if ($module === false) {
throw new CException(Yii::t('yii|Failed to initialize the mcrypt module.'));
}
return $module;
} else {
throw new CException(Yii::t('yii|SecurityManager requires PHP mcrypt extension to be loaded in order to use data encryption feature.'));
}
}
/**
* Prefixes data with an HMAC.
* @param string $data data to be hashed.
* @param string $key the private key to be used for generating HMAC. Defaults to null, meaning using {@link validationKey}.
* @return string data prefixed with HMAC
*/
public function hashData($data, $key = null)
{
return $this->computeHMAC($data, $key) . $data;
}
/**
* Validates if data is tampered.
* @param string $data data to be validated. The data must be previously
* generated using {@link hashData()}.
* @param string $key the private key to be used for generating HMAC. Defaults to null, meaning using {@link validationKey}.
* @return string the real data with HMAC stripped off. False if the data
* is tampered.
*/
public function validateData($data, $key = null)
{
$len = $this->strlen($this->computeHMAC('test'));
if ($this->strlen($data) >= $len) {
$hmac = $this->substr($data, 0, $len);
$data2 = $this->substr($data, $len, $this->strlen($data));
return $hmac === $this->computeHMAC($data2, $key) ? $data2 : false;
} else {
return false;
}
}
/**
* Computes the HMAC for the data with {@link getValidationKey ValidationKey}.
* @param string $data data to be generated HMAC
* @param string $key the private key to be used for generating HMAC. Defaults to null, meaning using {@link validationKey}.
* @return string the HMAC for the data
*/
protected function computeHMAC($data, $key = null)
{
if ($key === null) {
$key = $this->getValidationKey();
}
if (function_exists('hash_hmac')) {
return hash_hmac($this->hashAlgorithm, $data, $key);
}
if (!strcasecmp($this->hashAlgorithm, 'sha1')) {
$pack = 'H40';
$func = 'sha1';
} else {
$pack = 'H32';
$func = 'md5';
}
if ($this->strlen($key) > 64) {
$key = pack($pack, $func($key));
}
if ($this->strlen($key) < 64) {
$key = str_pad($key, 64, chr(0));
}
$key = $this->substr($key, 0, 64);
return $func((str_repeat(chr(0x5C), 64) ^ $key) . pack($pack, $func((str_repeat(chr(0x36), 64) ^ $key) . $data)));
}
/**
* Returns the length of the given string.
* If available uses the multibyte string function mb_strlen.
* @param string $string the string being measured for length
* @return int the length of the string
*/
private function strlen($string)
{
return function_exists('mb_strlen') ? mb_strlen($string, '8bit') : strlen($string);
}
/**
* Returns the portion of string specified by the start and length parameters.
* If available uses the multibyte string function mb_substr
* @param string $string the input string. Must be one character or longer.
* @param int $start the starting position
* @param int $length the desired portion length
* @return string the extracted part of string, or FALSE on failure or an empty string.
*/
private function substr($string, $start, $length)
{
return function_exists('mb_substr') ? mb_substr($string, $start, $length, '8bit') : substr($string, $start, $length);
}
}
...@@ -11,6 +11,7 @@ namespace yii\web; ...@@ -11,6 +11,7 @@ namespace yii\web;
use Yii; use Yii;
use yii\base\DictionaryIterator; use yii\base\DictionaryIterator;
use yii\util\SecurityHelper;
/** /**
* CookieCollection maintains the cookies available in the current request. * CookieCollection maintains the cookies available in the current request.
...@@ -27,6 +28,10 @@ class CookieCollection extends \yii\base\Object implements \IteratorAggregate, \ ...@@ -27,6 +28,10 @@ class CookieCollection extends \yii\base\Object implements \IteratorAggregate, \
* if a cookie is tampered on the client side, it will be ignored when received on the server side. * if a cookie is tampered on the client side, it will be ignored when received on the server side.
*/ */
public $enableValidation = true; public $enableValidation = true;
/**
* @var string the secret key used for cookie validation. If not set, a random key will be generated and used.
*/
public $validationKey;
/** /**
* @var Cookie[] the cookies in this collection (indexed by the cookie names) * @var Cookie[] the cookies in this collection (indexed by the cookie names)
...@@ -111,7 +116,12 @@ class CookieCollection extends \yii\base\Object implements \IteratorAggregate, \ ...@@ -111,7 +116,12 @@ class CookieCollection extends \yii\base\Object implements \IteratorAggregate, \
$value = $cookie->value; $value = $cookie->value;
if ($this->enableValidation) { if ($this->enableValidation) {
$value = Yii::$app->getSecurityManager()->hashData(serialize($value)); if ($this->validationKey === null) {
$key = SecurityHelper::getSecretKey(__CLASS__ . '/' . Yii::$app->id);
} else {
$key = $this->validationKey;
}
$value = SecurityHelper::hashData(serialize($value), $key);
} }
setcookie($cookie->name, $value, $cookie->expire, $cookie->path, $cookie->domain, $cookie->secure, $cookie->httpOnly); setcookie($cookie->name, $value, $cookie->expire, $cookie->path, $cookie->domain, $cookie->secure, $cookie->httpOnly);
...@@ -205,7 +215,6 @@ class CookieCollection extends \yii\base\Object implements \IteratorAggregate, \ ...@@ -205,7 +215,6 @@ class CookieCollection extends \yii\base\Object implements \IteratorAggregate, \
$this->remove($name); $this->remove($name);
} }
/** /**
* Returns the current cookies in terms of [[Cookie]] objects. * Returns the current cookies in terms of [[Cookie]] objects.
* @return Cookie[] list of current cookies * @return Cookie[] list of current cookies
...@@ -214,9 +223,13 @@ class CookieCollection extends \yii\base\Object implements \IteratorAggregate, \ ...@@ -214,9 +223,13 @@ class CookieCollection extends \yii\base\Object implements \IteratorAggregate, \
{ {
$cookies = array(); $cookies = array();
if ($this->enableValidation) { if ($this->enableValidation) {
$sm = \Yii::$app->getSecurityManager(); if ($this->validationKey === null) {
$key = SecurityHelper::getSecretKey(__CLASS__ . '/' . Yii::$app->id);
} else {
$key = $this->validationKey;
}
foreach ($_COOKIE as $name => $value) { foreach ($_COOKIE as $name => $value) {
if (is_string($value) && ($value = $sm->validateData($value)) !== false) { if (is_string($value) && ($value = SecurityHelper::validateData($value, $key)) !== false) {
$cookies[$name] = new Cookie(array( $cookies[$name] = new Cookie(array(
'name' => $name, 'name' => $name,
'value' => @unserialize($value), 'value' => @unserialize($value),
......
...@@ -19,9 +19,13 @@ use yii\base\InvalidConfigException; ...@@ -19,9 +19,13 @@ use yii\base\InvalidConfigException;
class Request extends \yii\base\Request class Request extends \yii\base\Request
{ {
/** /**
* @var boolean whether cookies should be validated to ensure they are not tampered. Defaults to false. * @var boolean whether cookies should be validated to ensure they are not tampered. Defaults to true.
*/ */
public $enableCookieValidation = false; public $enableCookieValidation = true;
/**
* @var string the secret key used for cookie validation. If not set, a random key will be generated and used.
*/
public $cookieValidationKey;
/** /**
* @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to false. * @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to false.
* By setting this property to true, forms submitted to an Yii Web application must be originated * By setting this property to true, forms submitted to an Yii Web application must be originated
...@@ -721,6 +725,7 @@ class Request extends \yii\base\Request ...@@ -721,6 +725,7 @@ class Request extends \yii\base\Request
if ($this->_cookies === null) { if ($this->_cookies === null) {
$this->_cookies = new CookieCollection(array( $this->_cookies = new CookieCollection(array(
'enableValidation' => $this->enableCookieValidation, 'enableValidation' => $this->enableCookieValidation,
'validationKey' => $this->cookieValidationKey,
)); ));
} }
return $this->_cookies; return $this->_cookies;
......
...@@ -70,12 +70,12 @@ ...@@ -70,12 +70,12 @@
* @package system.web * @package system.web
* @since 1.0 * @since 1.0
*/ */
class CHttpSession extends CApplicationComponent implements IteratorAggregate,ArrayAccess,Countable class CHttpSession extends CApplicationComponent implements IteratorAggregate, ArrayAccess, Countable
{ {
/** /**
* @var boolean whether the session should be automatically started when the session application component is initialized, defaults to true. * @var boolean whether the session should be automatically started when the session application component is initialized, defaults to true.
*/ */
public $autoStart=true; public $autoStart = true;
/** /**
...@@ -85,9 +85,10 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -85,9 +85,10 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
public function init() public function init()
{ {
parent::init(); parent::init();
if($this->autoStart) if ($this->autoStart) {
$this->open(); $this->open();
register_shutdown_function(array($this,'close')); }
register_shutdown_function(array($this, 'close'));
} }
/** /**
...@@ -109,18 +110,18 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -109,18 +110,18 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function open() public function open()
{ {
if($this->getUseCustomStorage()) if ($this->getUseCustomStorage()) {
@session_set_save_handler(array($this,'openSession'),array($this,'closeSession'),array($this,'readSession'),array($this,'writeSession'),array($this,'destroySession'),array($this,'gcSession')); @session_set_save_handler(array($this, 'openSession'), array($this, 'closeSession'), array($this, 'readSession'), array($this, 'writeSession'), array($this, 'destroySession'), array($this, 'gcSession'));
}
@session_start(); @session_start();
if(YII_DEBUG && session_id()=='') if (YII_DEBUG && session_id() == '') {
{ $message = Yii::t('yii|Failed to start session.');
$message=Yii::t('yii|Failed to start session.'); if (function_exists('error_get_last')) {
if(function_exists('error_get_last')) $error = error_get_last();
{ if (isset($error['message'])) {
$error=error_get_last(); $message = $error['message'];
if(isset($error['message'])) }
$message=$error['message'];
} }
Yii::log($message, CLogger::LEVEL_WARNING, 'system.web.CHttpSession'); Yii::log($message, CLogger::LEVEL_WARNING, 'system.web.CHttpSession');
} }
...@@ -131,8 +132,9 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -131,8 +132,9 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function close() public function close()
{ {
if(session_id()!=='') if (session_id() !== '') {
@session_write_close(); @session_write_close();
}
} }
/** /**
...@@ -140,8 +142,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -140,8 +142,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function destroy() public function destroy()
{ {
if(session_id()!=='') if (session_id() !== '') {
{
@session_unset(); @session_unset();
@session_destroy(); @session_destroy();
} }
...@@ -152,7 +153,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -152,7 +153,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function getIsStarted() public function getIsStarted()
{ {
return session_id()!==''; return session_id() !== '';
} }
/** /**
...@@ -177,7 +178,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -177,7 +178,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
* @param boolean $deleteOldSession Whether to delete the old associated session file or not. * @param boolean $deleteOldSession Whether to delete the old associated session file or not.
* @since 1.1.8 * @since 1.1.8
*/ */
public function regenerateID($deleteOldSession=false) public function regenerateID($deleteOldSession = false)
{ {
session_regenerate_id($deleteOldSession); session_regenerate_id($deleteOldSession);
} }
...@@ -212,11 +213,12 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -212,11 +213,12 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function setSavePath($value) public function setSavePath($value)
{ {
if(is_dir($value)) if (is_dir($value)) {
session_save_path($value); session_save_path($value);
else } else {
throw new CException(Yii::t('yii|CHttpSession.savePath "{path}" is not a valid directory.', throw new CException(Yii::t('yii|CHttpSession.savePath "{path}" is not a valid directory.',
array('{path}'=>$value))); array('{path}' => $value)));
}
} }
/** /**
...@@ -237,13 +239,14 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -237,13 +239,14 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function setCookieParams($value) public function setCookieParams($value)
{ {
$data=session_get_cookie_params(); $data = session_get_cookie_params();
extract($data); extract($data);
extract($value); extract($value);
if(isset($httponly)) if (isset($httponly)) {
session_set_cookie_params($lifetime,$path,$domain,$secure,$httponly); session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly);
else } else {
session_set_cookie_params($lifetime,$path,$domain,$secure); session_set_cookie_params($lifetime, $path, $domain, $secure);
}
} }
/** /**
...@@ -251,12 +254,15 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -251,12 +254,15 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function getCookieMode() public function getCookieMode()
{ {
if(ini_get('session.use_cookies')==='0') if (ini_get('session.use_cookies') === '0') {
return 'none'; return 'none';
else if(ini_get('session.use_only_cookies')==='0') } else {
return 'allow'; if (ini_get('session.use_only_cookies') === '0') {
else return 'allow';
return 'only'; } else {
return 'only';
}
}
} }
/** /**
...@@ -264,23 +270,22 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -264,23 +270,22 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function setCookieMode($value) public function setCookieMode($value)
{ {
if($value==='none') if ($value === 'none') {
{ ini_set('session.use_cookies', '0');
ini_set('session.use_cookies','0'); ini_set('session.use_only_cookies', '0');
ini_set('session.use_only_cookies','0'); } else {
} if ($value === 'allow') {
else if($value==='allow') ini_set('session.use_cookies', '1');
{ ini_set('session.use_only_cookies', '0');
ini_set('session.use_cookies','1'); } else {
ini_set('session.use_only_cookies','0'); if ($value === 'only') {
} ini_set('session.use_cookies', '1');
else if($value==='only') ini_set('session.use_only_cookies', '1');
{ } else {
ini_set('session.use_cookies','1'); throw new CException(Yii::t('yii|CHttpSession.cookieMode can only be "none", "allow" or "only".'));
ini_set('session.use_only_cookies','1'); }
}
} }
else
throw new CException(Yii::t('yii|CHttpSession.cookieMode can only be "none", "allow" or "only".'));
} }
/** /**
...@@ -297,15 +302,14 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -297,15 +302,14 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function setGCProbability($value) public function setGCProbability($value)
{ {
$value=(int)$value; $value = (int)$value;
if($value>=0 && $value<=100) if ($value >= 0 && $value <= 100) {
{ ini_set('session.gc_probability', $value);
ini_set('session.gc_probability',$value); ini_set('session.gc_divisor', '100');
ini_set('session.gc_divisor','100'); } else {
}
else
throw new CException(Yii::t('yii|CHttpSession.gcProbability "{value}" is invalid. It must be an integer between 0 and 100.', throw new CException(Yii::t('yii|CHttpSession.gcProbability "{value}" is invalid. It must be an integer between 0 and 100.',
array('{value}'=>$value))); array('{value}' => $value)));
}
} }
/** /**
...@@ -313,7 +317,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -313,7 +317,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function getUseTransparentSessionID() public function getUseTransparentSessionID()
{ {
return ini_get('session.use_trans_sid')==1; return ini_get('session.use_trans_sid') == 1;
} }
/** /**
...@@ -321,7 +325,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -321,7 +325,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function setUseTransparentSessionID($value) public function setUseTransparentSessionID($value)
{ {
ini_set('session.use_trans_sid',$value?'1':'0'); ini_set('session.use_trans_sid', $value ? '1' : '0');
} }
/** /**
...@@ -337,7 +341,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -337,7 +341,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function setTimeout($value) public function setTimeout($value)
{ {
ini_set('session.gc_maxlifetime',$value); ini_set('session.gc_maxlifetime', $value);
} }
/** /**
...@@ -348,7 +352,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -348,7 +352,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
* @param string $sessionName session name * @param string $sessionName session name
* @return boolean whether session is opened successfully * @return boolean whether session is opened successfully
*/ */
public function openSession($savePath,$sessionName) public function openSession($savePath, $sessionName)
{ {
return true; return true;
} }
...@@ -384,7 +388,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -384,7 +388,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
* @param string $data session data * @param string $data session data
* @return boolean whether session write is successful * @return boolean whether session write is successful
*/ */
public function writeSession($id,$data) public function writeSession($id, $data)
{ {
return true; return true;
} }
...@@ -461,7 +465,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -461,7 +465,7 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
* @return mixed the session variable value, or $defaultValue if the session variable does not exist. * @return mixed the session variable value, or $defaultValue if the session variable does not exist.
* @since 1.1.2 * @since 1.1.2
*/ */
public function get($key,$defaultValue=null) public function get($key, $defaultValue = null)
{ {
return isset($_SESSION[$key]) ? $_SESSION[$key] : $defaultValue; return isset($_SESSION[$key]) ? $_SESSION[$key] : $defaultValue;
} }
...@@ -483,9 +487,9 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -483,9 +487,9 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
* @param mixed $key session variable name * @param mixed $key session variable name
* @param mixed $value session variable value * @param mixed $value session variable value
*/ */
public function add($key,$value) public function add($key, $value)
{ {
$_SESSION[$key]=$value; $_SESSION[$key] = $value;
} }
/** /**
...@@ -495,14 +499,13 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -495,14 +499,13 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function remove($key) public function remove($key)
{ {
if(isset($_SESSION[$key])) if (isset($_SESSION[$key])) {
{ $value = $_SESSION[$key];
$value=$_SESSION[$key];
unset($_SESSION[$key]); unset($_SESSION[$key]);
return $value; return $value;
} } else {
else
return null; return null;
}
} }
/** /**
...@@ -510,8 +513,9 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -510,8 +513,9 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
*/ */
public function clear() public function clear()
{ {
foreach(array_keys($_SESSION) as $key) foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]); unset($_SESSION[$key]);
}
} }
/** /**
...@@ -556,9 +560,9 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar ...@@ -556,9 +560,9 @@ class CHttpSession extends CApplicationComponent implements IteratorAggregate,Ar
* @param integer $offset the offset to set element * @param integer $offset the offset to set element
* @param mixed $item the element value * @param mixed $item the element value
*/ */
public function offsetSet($offset,$item) public function offsetSet($offset, $item)
{ {
$_SESSION[$offset]=$item; $_SESSION[$offset] = $item;
} }
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment