Overview

Packages

  • Auth
    • Ads
    • Ldap
    • Xoops
  • Autotasks
  • Config
    • Category
    • Item
    • Option
  • Core
    • Filesystem
    • Filters
    • Logger
    • Mail
    • Message
    • Password
    • Security
    • StopSpammer
    • Template
    • Textsanitizer
    • VersionChecker
  • Data
    • Avatar
    • Comment
  • Database
    • Connection
    • Criteria
    • Legacy
    • MySQL
    • PDO
    • Updater
  • Feeds
    • RSS
  • File
  • Form
    • Base
    • Elements
  • ICMS
    • IPF
      • View
  • Image
    • Category
  • Ipf
    • Category
    • Controller
    • Export
    • form
    • Keyhighlighter
    • Member
    • Object
    • Permission
    • richfile
    • Tree
    • urllink
    • View
  • kernel
    • Set
  • Member
    • Group
    • GroupMembership
    • GroupPermission
    • User
  • Messaging
  • Module
  • None
  • Notification
  • Page
  • Plugins
    • Editor
  • Preload
    • Libraries
  • Privmessage
  • Session
  • SmartObject
  • View
    • Block
    • Breadcrumb
    • PageNav
    • PrinterFriendly
    • Template
    • Templates
    • Theme
    • Tree

Classes

  • icms_auth_Ads
  • icms_auth_Factory
  • icms_auth_Ldap
  • icms_auth_Object
  • icms_auth_Provisionning
  • icms_auth_Xoops
  • icms_Autoloader
  • icms_config_category_Handler
  • icms_config_category_Object
  • icms_config_Handler
  • icms_config_Item_Handler
  • icms_config_Item_Object
  • icms_config_option_Handler
  • icms_config_option_Object
  • icms_core_DataFilter
  • icms_core_Debug
  • icms_core_Filesystem
  • icms_core_HTMLFilter
  • icms_core_Logger
  • icms_core_Message
  • icms_core_Object
  • icms_core_ObjectHandler
  • icms_core_OnlineHandler
  • icms_core_Password
  • icms_core_Security
  • icms_core_Session
  • icms_core_StopSpammer
  • icms_core_Textsanitizer
  • icms_core_Versionchecker
  • icms_data_avatar_Handler
  • icms_data_avatar_Object
  • icms_data_comment_Handler
  • icms_data_comment_Object
  • icms_data_comment_Renderer
  • icms_data_file_Handler
  • icms_data_file_Object
  • icms_data_notification_Handler
  • icms_data_notification_Object
  • icms_data_page_Handler
  • icms_data_page_Object
  • icms_data_privmessage_Handler
  • icms_data_privmessage_Object
  • icms_data_urllink_Handler
  • icms_data_urllink_Object
  • icms_db_Connection
  • icms_db_criteria_Compo
  • icms_db_criteria_Element
  • icms_db_criteria_Item
  • icms_db_Factory
  • icms_db_legacy_Database
  • icms_db_legacy_Factory
  • icms_db_legacy_mysql_Database
  • icms_db_legacy_mysql_Proxy
  • icms_db_legacy_mysql_Safe
  • icms_db_legacy_mysql_Utility
  • icms_db_legacy_PdoDatabase
  • icms_db_legacy_updater_Handler
  • icms_db_legacy_updater_Table
  • icms_db_mysql_Connection
  • icms_db_mysql_Utility
  • icms_Event
  • icms_feeds_Rss
  • icms_feeds_Simplerss
  • icms_file_DownloadHandler
  • icms_file_MediaUploadHandler
  • icms_file_TarDownloader
  • icms_file_TarFileHandler
  • icms_file_ZipDownloader
  • icms_file_ZipFileHandler
  • icms_form_Base
  • icms_form_Element
  • icms_form_elements_Button
  • icms_form_elements_Captcha
  • icms_form_elements_captcha_Image
  • icms_form_elements_captcha_ImageHandler
  • icms_form_elements_captcha_Object
  • icms_form_elements_captcha_Text
  • icms_form_elements_Checkbox
  • icms_form_elements_Colorpicker
  • icms_form_elements_Date
  • icms_form_elements_Datetime
  • icms_form_elements_Dhtmltextarea
  • icms_form_elements_Editor
  • icms_form_elements_File
  • icms_form_elements_Groupperm
  • icms_form_elements_Hidden
  • icms_form_elements_Hiddentoken
  • icms_form_elements_Label
  • icms_form_elements_Password
  • icms_form_elements_Radio
  • icms_form_elements_Radioyn
  • icms_form_elements_Select
  • icms_form_elements_select_Country
  • icms_form_elements_select_Editor
  • icms_form_elements_select_Group
  • icms_form_elements_select_Image
  • icms_form_elements_select_Lang
  • icms_form_elements_select_Matchoption
  • icms_form_elements_select_Theme
  • icms_form_elements_select_Timezone
  • icms_form_elements_select_User
  • icms_form_elements_Text
  • icms_form_elements_Textarea
  • icms_form_elements_Tray
  • icms_form_Groupperm
  • icms_form_Simple
  • icms_form_Table
  • icms_form_Theme
  • icms_image_category_Handler
  • icms_image_category_Object
  • icms_image_Handler
  • icms_image_Object
  • icms_image_set_Handler
  • icms_image_set_Object
  • icms_ipf_About
  • icms_ipf_category_Handler
  • icms_ipf_category_Object
  • icms_ipf_Controller
  • icms_ipf_export_Handler
  • icms_ipf_export_Renderer
  • icms_ipf_form_Base
  • icms_ipf_form_elements_Autocomplete
  • icms_ipf_form_elements_Blockoptions
  • icms_ipf_form_elements_Checkbox
  • icms_ipf_form_elements_Date
  • icms_ipf_form_elements_Datetime
  • icms_ipf_form_elements_File
  • icms_ipf_form_elements_Fileupload
  • icms_ipf_form_elements_Image
  • icms_ipf_form_elements_Imageupload
  • icms_ipf_form_elements_Language
  • icms_ipf_form_elements_Page
  • icms_ipf_form_elements_Parentcategory
  • icms_ipf_form_elements_Passwordtray
  • icms_ipf_form_elements_Radio
  • icms_ipf_form_elements_Richfile
  • icms_ipf_form_elements_Section
  • icms_ipf_form_elements_Select
  • icms_ipf_form_elements_Selectmulti
  • icms_ipf_form_elements_Signature
  • icms_ipf_form_elements_Source
  • icms_ipf_form_elements_Text
  • icms_ipf_form_elements_Time
  • icms_ipf_form_elements_Upload
  • icms_ipf_form_elements_Urllink
  • icms_ipf_form_elements_User
  • icms_ipf_form_elements_Yesno
  • icms_ipf_form_Secure
  • icms_ipf_Handler
  • icms_ipf_Highlighter
  • icms_ipf_member_Handler
  • icms_ipf_Metagen
  • icms_ipf_Object
  • icms_ipf_permission_Handler
  • icms_ipf_registry_Handler
  • icms_ipf_seo_Object
  • icms_ipf_Tree
  • icms_ipf_view_Column
  • icms_ipf_view_Row
  • icms_ipf_view_Single
  • icms_ipf_view_Table
  • icms_ipf_view_Tree
  • icms_member_group_Handler
  • icms_member_group_membership_Handler
  • icms_member_group_membership_Object
  • icms_member_group_Object
  • icms_member_groupperm_Handler
  • icms_member_groupperm_Object
  • icms_member_Handler
  • icms_member_user_Handler
  • icms_member_user_Object
  • icms_messaging_EmailHandler
  • icms_messaging_Handler
  • icms_module_Handler
  • icms_module_Object
  • icms_plugins_EditorHandler
  • icms_plugins_Handler
  • icms_plugins_Object
  • icms_preload_Handler
  • icms_preload_Item
  • icms_preload_LibrariesHandler
  • icms_sys_autotasks_System
  • icms_Utils
  • icms_view_block_Handler
  • icms_view_block_Object
  • icms_view_block_position_Handler
  • icms_view_block_position_Object
  • icms_view_Breadcrumb
  • icms_view_PageBuilder
  • icms_view_PageNav
  • icms_view_Printerfriendly
  • icms_view_template_file_Handler
  • icms_view_template_file_Object
  • icms_view_template_set_Handler
  • icms_view_template_set_Object
  • icms_view_theme_Factory
  • icms_view_theme_Object
  • icms_view_Tpl
  • icms_view_Tree

Interfaces

  • icms_db_IConnection
  • icms_db_IUtility
  • icms_db_legacy_IDatabase
  • icms_sys_autotasks_ISystem
  • Overview
  • Package
  • Class
  1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 313: 314: 315: 316: 317: 318: 319: 320: 321: 322: 323: 324: 325: 326: 327: 328: 329: 330: 331: 332: 333: 334: 335: 336: 337: 338: 339: 340: 341: 342: 343: 344: 345: 346: 347: 348: 349: 350: 351: 352: 353: 354: 355: 356: 357: 358: 359: 360: 361: 362: 363: 364: 365: 366: 367: 368: 369: 370: 371: 372: 373: 374: 375: 376: 377: 378: 379: 380: 381: 382: 383: 384: 385: 386: 387: 388: 389: 390: 391: 392: 393: 394: 395: 396: 397: 398: 399: 400: 401: 402: 403: 404: 405: 406: 407: 408: 409: 410: 411: 412: 413: 414: 415: 416: 417: 418: 419: 420: 421: 422: 423: 424: 425: 426: 427: 428: 429: 430: 431: 432: 433: 434: 435: 436: 437: 438: 439: 440: 441: 442: 443: 444: 445: 446: 447: 448: 449: 450: 451: 452: 453: 454: 455: 456: 457: 458: 459: 460: 461: 462: 463: 464: 465: 466: 467: 468: 469: 470: 471: 472: 473: 474: 475: 476: 477: 478: 479: 480: 481: 482: 483: 484: 485: 486: 487: 488: 489: 490: 491: 492: 493: 494: 495: 496: 497: 498: 499: 500: 501: 502: 503: 504: 505: 506: 507: 
<?php

// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
// <http://www.xoops.org/> //
// ------------------------------------------------------------------------ //
// This program is free software; you can redistribute it and/or modify //
// it under the terms of the GNU General Public License as published by //
// the Free Software Foundation; either version 2 of the License, or //
// (at your option) any later version. //
// //
// You may not change or alter any portion of this comment or credits //
// of supporting developers from this source code or any supporting //
// source code which is considered copyrighted (c) material of the //
// original comment or credit authors. //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY; without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
// GNU General Public License for more details. //
// //
// You should have received a copy of the GNU General Public License //
// along with this program; if not, write to the Free Software //
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
// ------------------------------------------------------------------------ //
// Author: Kazumi Ono (AKA onokazu) //
// URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ //
// Project: The XOOPS Project //
// ------------------------------------------------------------------------- //
/**
 * Session Management
 *
 * @copyright http://www.impresscms.org/ The ImpressCMS Project
 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU General Public License (GPL)
 * @category ICMS
 * @package Core
 * @subpackage Session
 * @version SVN: $Id: Session.php 12313 2013-09-15 21:14:35Z skenow $
 */
/**
 * Handler for a session
 *
 * Based on SecureSession class
 * Written by Vagharshak Tozalakyan <vagh@armdex.com>
 * Released under GNU Public License
 *
 * @category ICMS
 * @package Session
 *
 * @author Kazumi Ono <onokazu@xoops.org>
 * @copyright copyright (c) 2000-2003 XOOPS.org
 */
class icms_core_Session {

    /**
     * Initialize the session service
     *
     * @return icms_core_Session
     */
    static public function service() {
        global $icmsConfig;
        $instance = new icms_core_Session(icms::$xoopsDB);
        session_set_save_handler(array($instance, 'open'), array($instance, 'close'), array($instance, 'read'),
            array($instance, 'write'), array($instance, 'destroy'), array($instance, 'gc'));
        $sslpost_name = isset($_POST[$icmsConfig['sslpost_name']]) ? $_POST[$icmsConfig['sslpost_name']] : "";
        $instance->sessionStart($sslpost_name);

        if (!empty($_SESSION['xoopsUserId'])) {
            $user = icms::handler('icms_member')->getUser($_SESSION['xoopsUserId']);
            if (!is_object($user)) {
                // Regenerate a new session id and destroy old session
                $instance->icms_sessionRegenerateId(true);
                $_SESSION = array();
            } else {
                icms::$user = $user;
                if ($icmsConfig['use_mysession'] && $icmsConfig['session_name'] != '') {
                    // we need to secure cookie when using SSL
                    $secure = substr(ICMS_URL, 0, 5) == 'https' ? 1 : 0;
                    icms_setCookieVar($icmsConfig['session_name'], session_id(), time() + (60 * $icmsConfig['session_expire']));
                }
                $user->setGroups($_SESSION['xoopsUserGroups']);
                if (!isset($_SESSION['UserLanguage']) || empty($_SESSION['UserLanguage'])) {
                    $_SESSION['UserLanguage'] = $user->getVar('language');
                }
            }
        }
        return $instance;
    }

    /**
     * Database connection
     *
     * @var object
     * @access private
     */
    private $db;
    private $mainSaltKey = XOOPS_DB_SALT;

    /**
     * Security checking level
     * Possible value:
     * 0 - no check;
     * 1 - check browser characteristics (HTTP_USER_AGENT);
     * 2 - check browser and IP A.B;
     * 3 - check browser and IP A.B.C, recommended;
     * 4 - check browser and IP A.B.C.D;
     *
     * @var int
     * @access public
     */
    public $securityLevel = 3;

    /**
     * Security checking level for IPv6 Address types
     * Possible value:
     * 0 - no check;
     * 1 - check browser characteristics (HTTP_USER_AGENT);
     * 2 - check browser and IPv6 aaaa:bbbb;
     * 3 - check browser and IPv6 aaaa:bbbb:cccc;
     * 4 - check browser and IPv6 aaaa:bbbb:cccc:dddd;
     * 5 - check browser and IPv6 aaaa:bbbb:cccc:dddd:eeee;
     * 6 - check browser and IPv6 aaaa:bbbb:cccc:dddd:eeee:ffff;
     * 7 - check browser and IPv6 aaaa:bbbb:cccc:dddd:eeee:ffff:gggg; (recommended)
     * 8 - check browser and IPv6 aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh;
     *
     * @var int
     * @access public
     */
    public $ipv6securityLevel = 7;

    /**
     * Enable regenerate_id
     *
     * @var bool
     * @access public
     */
    public $enableRegenerateId = false;

    /**
     * Constructor
     *
     * @param object $db reference to the {@link XoopsDatabase} object
     *        Do we need this $db reference now we're using icms::$xoopsDB?????
     *
     */
    public function __construct(&$db) {
        $this->db = &$db;
    }

    /**
     * Open a session
     *
     * @param string $save_path
     * @param string $session_name
     * @return bool
     */
    public function open($save_path, $session_name) {
        return true;
    }

    /**
     * Close a session
     *
     * @return bool
     */
    public function close() {
        self::gc_force();
        return true;
    }

    /**
     * Read a session from the database
     *
     * @param string &sess_id ID of the session
     * @return string Session data
     */
    public function read($sess_id) {
        return self::readSession($sess_id);
    }

    /**
     * Inserts a session into the database
     *
     * @param string $sess_id
     * @param string $sess_data
     * @return bool
     */
    public function write($sess_id, $sess_data) {
        return (bool) self::writeSession($sess_id, $sess_data);
    }

    /**
     * Destroy a session
     *
     * @param string $sess_id
     * @return bool
     */
    public function destroy($sess_id) {
        return (bool) self::destroySession($sess_id);
    }

    /**
     * Garbage Collector
     *
     * @param int $expire Time in seconds until a session expires
     * @return bool
     */
    public function gc($expire) {
        return (bool) self::gcSession($expire);
    }

    /**
     * Force gc for situations where gc is registered but not executed
     */
    public function gc_force() {
        if (rand(1, 100) < 11) {
            $expiration = empty($GLOBALS['icmsConfig']['session_expire'])
                ? @ini_get('session.gc_maxlifetime')
                : $GLOBALS['icmsConfig']['session_expire'] * 60;
            $this->gc($expiration);
        }
    }

    /**
     * Update the current session id with a newly generated one
     * To be refactored
     *
     * @param bool $delete_old_session
     * @return bool
     */
    public function icms_sessionRegenerateId($regenerate = false) {
        $old_session_id = session_id();
        if ($regenerate) {
            $success = session_regenerate_id(true);
            // $this->destroy($old_session_id);
        } else {
            $success = session_regenerate_id();
        }
        // Force updating cookie for session cookie is not issued correctly in some IE versions,
        // or not automatically issued prior to PHP 4.3.3 for all browsers
        if ($success) {
            self::update_cookie();
        }
        return $success;
    }

    /**
     * Update cookie status for current session
     * To be refactored
     *
     * @param string $sess_id session ID
     * @param int $expire Time in seconds until a session expires
     * @return bool
     */
    public function update_cookie($sess_id = null, $expire = null) {
        global $icmsConfig;
        $secure = substr(ICMS_URL, 0, 5) == 'https' ? 1 : 0; // we need to secure cookie when using SSL
        $session_name = ($icmsConfig['use_mysession'] && $icmsConfig['session_name'] != '')
            ? $icmsConfig['session_name'] : session_name();
        $session_expire = $expire !== null
            ? (int) $expire
            : (($icmsConfig['use_mysession'] && $icmsConfig['session_name'] != '')
                ? $icmsConfig['session_expire'] * 60
                : ini_get('session.cookie_lifetime'));
        $session_id = empty($sess_id) ? session_id() : $sess_id;
        icms_setCookieVar($session_name, $session_id, $session_expire ? time() + $session_expire : 0);
    }

    /**
     * Creates a Fingerprint of the current User Session
     * Fingerprint stored in current $_SESSION['icms_fprint']
     * To be refactored
     *
     * @return string
     */
    public function createFingerprint() {
        $userAgent = $_SERVER['HTTP_USER_AGENT'];
        $userIP = $_SERVER['REMOTE_ADDR'];

        return self::sessionFingerprint($userIP, $userAgent);
    }

    /**
     * Compares the Fingerprint stored in $_SESSION['icms_fprint'] by creating a new Fingerprint.
     * If they match, the Session is valid.
     * To be refactored
     *
     * @return bool
     */
    public function checkFingerprint() {
        $userAgent = $_SERVER['HTTP_USER_AGENT'];
        $userIP = $_SERVER['REMOTE_ADDR'];
        $sessFprint = self::sessionFingerprint($userIP, $userAgent);

        if ($sessFprint == $_SESSION['icms_fprint']) {
            return true;
        } else {
            return false;
        }
    }

    // Call this when init session.
    public function sessionOpen($regenerate = false) {
        $_SESSION['icms_fprint'] = self::createFingerprint();
        if ($regenerate) {
            self::icms_sessionRegenerateId(true);
        }
    }

    public function removeExpiredCustomSession($sess) {
        global $icmsConfig;
        if ($icmsConfig['use_mysession'] && $icmsConfig['session_name'] != '' && !isset($_COOKIE[$icmsConfig['session_name']]) && !empty($_SESSION[$sess])) {
            unset($_SESSION[$sess]);
        }
    }

    /**
     * Closes the Session & removes Session Cookies for specified User Id
     * To be refactored
     *
     * @param string $uid User ID of user to close
     * @return
     */
    public function sessionClose($uid) {
        global $icmsConfig;

        $uid = (int) $uid;
        session_regenerate_id(true);
        $_SESSION = array();
        if ($icmsConfig['use_mysession'] && $icmsConfig['session_name'] != '') {
            icms_setCookieVar($icmsConfig['session_name'], '', time() - 3600);
        }
        // clear entry from online users table
        if ($uid > 0) {
            $online_handler = icms::handler('icms_core_Online');
            $online_handler->destroy($uid);
        }
        icms_Event::trigger('icms_core_Session', 'sessionClose', $this);
        return;
    }

    /**
     * Creates Session ID & Starts the session
     * removes Expired Custom Sessions after session Start
     *
     * @param string $sslpost_name sets the session_id as ssl Name defined in preferences (if SSL enabled)
     * @return
     */
    public function sessionStart($sslpost_name = '') {
        global $icmsConfig;

        if ($icmsConfig['use_ssl'] && isset($sslpost_name) && $sslpost_name != '') {
            session_id($sslpost_name);
        } elseif ($icmsConfig['use_mysession'] && $icmsConfig['session_name'] != '' && $icmsConfig['session_expire'] > 0) {
            if (isset($_COOKIE[$icmsConfig['session_name']])) {
                session_id($_COOKIE[$icmsConfig['session_name']]);
            }
            if (function_exists('session_cache_expire')) {
                session_cache_expire($icmsConfig['session_expire']);
            }
            @ini_set('session.gc_maxlifetime', $icmsConfig['session_expire'] * 60);
        }

        if ($icmsConfig['use_mysession'] && $icmsConfig['session_name'] != '') {
            session_name($icmsConfig['session_name']);
        } else {
            session_name('ICMSSESSION');
        }
        session_start();

        self::removeExpiredCustomSession('xoopsUserId');
        icms_Event::trigger('icms_core_Session', 'sessionStart', $this);
        return;
    }

    // Internal function. Returns sha256 from fingerprint.
    private function sessionFingerprint($ip, $userAgent) {
        $securityLevel = (int) $this->securityLevel;
        $ipv6securityLevel = (int) $this->ipv6securityLevel;

        $fingerprint = $this->mainSaltKey;

        if (isset($ip) && icms_core_DataFilter::checkVar($ip, 'ip', 'ipv4')) {
            if ($securityLevel >= 1) {
                $fingerprint .= $userAgent;
            }
            if ($securityLevel >= 2) {
                $num_blocks = abs($securityLevel);
                if ($num_blocks > 4) {
                    $num_blocks = 4;
                }
                $blocks = explode('.', $ip);
                for ($i = 0; $i < $num_blocks; $i++ ) {
                    $fingerprint .= $blocks[$i] . '.';
                }
            }
        } elseif (isset($ip) && icms_core_DataFilter::checkVar($ip, 'ip', 'ipv6')) {
            if ($securityLevel >= 1) {
                $fingerprint .= $userAgent;
            }
            if ($securityLevel >= 2) {
                $num_blocks = abs($securityLevel);
                if ($num_blocks > 4) {
                    $num_blocks = 4;
                }
                $blocks = explode(':', $ip);
                for ($i = 0; $i < $num_blocks; $i++ ) {
                    $fingerprint .= $blocks[$i] . ':';
                }
            }
        } else {
            icms_core_Debug::message('ERROR (Session Fingerprint): Invalid IP format,
                IP must be a valid IPv4 or IPv6 format', false);
            $fingerprint = '';
            return $fingerprint;
        }
        return hash('sha256', $fingerprint);
    }

    /**
     * Read a session from the database
     *
     * @param string &sess_id ID of the session
     * @return string Session data
     */
    private function readSession($sess_id) {
        $sql = sprintf('SELECT sess_data, sess_ip FROM %s WHERE sess_id = %s', icms::$xoopsDB->prefix('session'), icms::$xoopsDB->quoteString($sess_id));
        if (false != $result = icms::$xoopsDB->query($sql)) {
            if (list($sess_data, $sess_ip) = icms::$xoopsDB->fetchRow($result)) {
                if ($this->ipv6securityLevel > 1 && icms_core_DataFilter::checkVar($sess_ip, 'ip', 'ipv6')) {
                    /**
                     * also cover IPv6 localhost string
                     */
                    if ($_SERVER['REMOTE_ADDR'] == "::1") {
                        $pos = 3;
                    } else {
                        $pos = strpos($sess_ip, ":", $this->ipv6securityLevel - 1);
                    }

                    if (strncmp($sess_ip, $_SERVER['REMOTE_ADDR'], $pos)) {
                        $sess_data = '';
                    }
                } elseif ($this->securityLevel > 1 && icms_core_DataFilter::checkVar($sess_ip, 'ip', 'ipv4')) {
                    $pos = strpos($sess_ip, ".", $this->securityLevel - 1);

                    if (strncmp($sess_ip, $_SERVER['REMOTE_ADDR'], $pos)) {
                        $sess_data = '';
                    }
                }
                return $sess_data;
            }
        }
        return '';
    }

    /**
     * Inserts a session into the database
     *
     * @param string $sess_id
     * @param string $sess_data
     * @return bool
     */
    private function writeSession($sess_id, $sess_data) {
        $sess_id = icms::$xoopsDB->quoteString($sess_id);
        $sess_data = icms::$xoopsDB->quoteString($sess_data);

        $sql = sprintf("UPDATE %s SET sess_updated = '%u', sess_data = %s WHERE sess_id = %s", icms::$xoopsDB->prefix('session'), time(), $sess_data, $sess_id);
        icms::$xoopsDB->queryF($sql);
        if (!icms::$xoopsDB->getAffectedRows()) {
            $sql = sprintf("INSERT INTO %s (sess_id, sess_updated, sess_ip, sess_data)" . " VALUES (%s, '%u', %s, %s)",
                icms::$xoopsDB->prefix('session'), $sess_id, time(), icms::$xoopsDB->quoteString($_SERVER['REMOTE_ADDR']), $sess_data);
            return icms::$xoopsDB->queryF($sql);
        }
        return true;
    }

    /**
     * Destroy a session stored in DB
     *
     * @param string $sess_id
     * @return bool
     */
    private function destroySession($sess_id) {
        $sql = sprintf('DELETE FROM %s WHERE sess_id = %s', icms::$xoopsDB->prefix('session'), icms::$xoopsDB->quoteString($sess_id));
        if (!$result = icms::$xoopsDB->queryF($sql)) {
            return false;
        }
        return true;
    }

    /**
     * Garbage Collector
     *
     * @param int $expire Time in seconds until a session expires
     * @return bool
     */
    private function gcSession($expire) {
        if (empty($expire)) {
            return true;
        }
        $mintime = time() - (int) $expire;
        $sql = sprintf("DELETE FROM %s WHERE sess_updated < '%u'", icms::$xoopsDB->prefix('session'), $mintime);
        return icms::$xoopsDB->queryF($sql);
    }
}
API documentation generated by ApiGen