session management in PHP3 and PHP4

Anon

Hi,
i am new to PHP. Currently i am developing a website and used the session functions of PHP4. But since most hosting solutions have PHP3 i had to rewrite my session codes.
I wrote this PHP code to make my session management reusable over the dif versions of PHP. What i would like to know, if this is a good method or there is a simpler and better way of doing this.

<?
/*
There are two classes sess_php3 and sess_php4.
sess_php3 uses a cokkie called sessid to store the session ID and stores the actual data
in a mysql db.
sess_php4 uses session functions of PHP4 and registers a variable $data

This table should be present in a mysql db for use with sess_php3 only.

CREATE TABLE session (
ID VARCHAR(32) NOT NULL,
DATE TIMESTAMP(12),
DATA TEXT
PRIMARY KEY (ID),
INDEX (DATE)
)

Start a session by creating a new 'sess' object
Ex. $your_object = new sess_php3 || sess_php4

To store data to your session object call the method 'store($name, $value)'
Ex. $your_object->store($name, $value)

To access data use the '$your_object->data' property;
Ex. $your_object->data->name

To destroy your session object call the method 'destroy()'
Ex. $your_object->destroy();
This deletes the record in the session table and not the cookie for sess_php3 and
call the session_destroy() function for PHP4 and sets $your_object to '';

You also need to connect to mysql and select your DB
Ex. mysql_pconnect('your_host','your_username','your_password');
mysql_select_db('your_db');
*/

/ Session class start/
class sess_php3 {
/ Unique 32 char ID /
function createID () {
return md5(time());
}
/ Store Data /
function store($n, $v)
{
global $sessid;
$this->data->$n = $v;
$val = serialize($this->data);
mysql_query("update session set session = '$val' where ID = '$sessid'");

}
/ Destory session /
function destroy()
{
global $sessid;
mysql_query("delete from session where ID = '$sessid'");
}
/ Constructor start /
function sess_php3 () {
global $sessid;
if(!$sessid)
{
$tempid = $this->createID();
mysql_query("insert into session values ('$tempid',null,'')");
setcookie('sessid', $tempid,'','/','','');
}
else
{
$qhandle = mysql_query("select count() as num, session from session where ID = '$sessid' group by session");
$qresult = mysql_fetch_array($qhandle);
$num = $qresult['num'];
if($num == 0)
{
$tempid = $this->createID();
mysql_query("insert into session values ('$tempid',null,'')");
setcookie('sessid', $tempid);
}
else
{
$this->data = unserialize(stripslashes($qresult['session']));
}
}
}
/ Constructor end /
}
/ Session class end */

/ Session class for PHP4 /
class sess_php4 {
/ Destory current session /
function destroy()
{
global $data;
$data = '';
session_destroy();
$this = '';
}
/ Store data /
function store($n,$v)
{
global $data;
$data->$n = $v;
$this->data->$n = $v;
}
/ Constructor function /
function sess_php4()
{
session_start();
session_register('data');
global $data;
$this->data = $data;
}
}
/ Session class for PHP4 Ends /
?>

Anon

I have tried this and it does 2 strange things.
1. In the store function it uses $this-> which is not supported by php3 and claims that the object $data does not exist.
2. $qhandle = query to the data base is looking for a field called session which does not exist based on the data base create you gave.

confused isn't this supposed to be usable in php3.

MMoore

Anon

sorry about that. in my hurry to share my code i forgot to test properly. here is an improved version of the code that i am using curently. It functions like the built in session management functions of PHP4.

FOR STORING SESSION IN FILE

/* include this file in all your php pages. if you can, auto_prepend this file.

 every page that requiers session management should call sess_start() at the beggining
 of the page and sess_close() at the end.

 new variables are registered by calling
 		 			sess_register('variable_name');

 this variable will be placed at the global scope in all pages that call sess_start() 
 and can be accessed like
		 			echo $variable_name;

 values assigned to sess variables will be stored only if the sess_close() function
 is called at the end of the page

 to unregister a sess variable call
 					sess_unregister('variable_name')	    

 to destory a session call
 					sess_destroy()

/ this will be the first few characters of the sess file created
example: $pre = 'sess_';
file = sess_00b3a0f85e339d98181db0de4aee1cc6
/
$pre = '';

/ the path to the dir where your sess files will be stored. make this directory world
writable. this directory should be outside your web server document root directory
example: $dir = '/tmp/';
NOTE: THE END SLASH IS REQUIRED
/
$dir = '/';

function createID() {
global $SERVER_NAME, $REMOTE_ADDR;
return md5($SERVER_NAME.$REMOTE_ADDR.time());
}

function sess_register($n) {
global $SESSID, $dir, $pre;
$fp = fopen($dir.$pre.$SESSID,'r');
$sessdata = fread($fp,1000000);
print $sessdata;
print "<br>";
$sessdata = unserialize($sessdata);
print gettype($sessdata);
$sessdata[$n] = '';
$sessdata = serialize($sessdata);
fclose($fp);
$fp = fopen($dir.$pre.$SESSID,'w+');
fwrite($fp,$sessdata);
fclose($fp);
}

function sess_unregister($var) {
global $dir, $pre, $SESSID, $$var;
$fp = fopen($dir.$pre.$SESSID,'r');
$sessdata = fread($fp,100000);
fclose($fp);
$sessdata = unserialize($sessdata);
unset($sessdata[$var]);
unset($$var);
$sessdata = serialize($sessdata);
$fp = fopen($dir.$pre.$SESSID,'w+');
fwrite($fp,$sessdata);
fclose($fp);

}

function sess_destroy() {
global $SESSID, $pre, $dir;
if(file_exists($dir.$pre.$SESSID))
{
unlink($dir.$pre.$SESSID);
$SESSID = '';
unset($SESSID);
}
}

FOR STORING IN MYSQL DATABASE

/*
include this file in all your php pages. if you can, auto_prepend this file.

 create this table in your database

 create table session {
 				ID varchar(32) NOT NULL,
				cdate timestamp(12),
				session text,
				PRIMARY KEY (ID),
				INDEX cdate
 }

 every page that requiers session management should call sess_start() at the beggining
 of the page and sess_close() at the end.

 new variables are registered by calling
 		 			sess_register('variable_name');

 this variable will be placed at the global scope in all pages that call sess_start() 
 and can be accessed like
		 			echo $variable_name;

 values assigned to sess variables will be stored only if the sess_close() function
 is called at the end of the page

 to unregister a sess variable call
 					sess_unregister('variable_name')	    

 to destory a session call
 					sess_destroy()

$hostname = '';
$user = '';
$pass = '';
$dbname = '';

$con = mysql_pconnect($hostname,$user,$pass);
$dblink = mysql_select_db($dbname)

function createID() {
global $SERVER_NAME, $REMOTE_ADDR;
return md5($SERVER_NAME.$REMOTE_ADDR.time());
}

function sess_start() {
global $SESSID, $sid;
$defSID = true;
if(($sid) && !isset($SESSID))
$SESSID = $sid;
else
$defSID = false;
if($SESSID)
{
$qhandle = mysql_query("select count(*) as num, session from session where ID = '$SESSID' group by session");
$qresult = mysql_fetch_array($qhandle);
$num = $qresult['num'];
if(!$num)
{
$tempID = createID();
setcookie('SESSID',$tempID,0,'/','',0);
define('SID','sid='.$tempID);
$sessdata['init'] = '';
$sessdata = serialize($sessdata);
mysql_query("insert into session values ('$tempID',null,'$sessdata')");

					 }
					 else
					 {
					 		 		$sessdata = unserialize(stripslashes($qresult['session']));
									while(list($n,$v) = @each($sessdata))
									{
									 		 global $$n;
											 $$n = $v;												 
									}
									if($defSID) define('SID','sid='.$SESSID);
					 }
			 }
			 else
			 {
			 		 $tempID = createID();
					 setcookie('SESSID',$tempID,0,'/','',0);
					 define('SID','sid='.$tempID);
					 $sessdata['init'] = '';
					 $sessdata = serialize($sessdata);
					 mysql_query("insert into session ('$tempID',null,'$sessdata')");
			 }

}

function sess_register($n) {
global $SESSID;
$qhandle = mysql_query("select session from session where ID = '$SESSID'");
$qresult = mysql_fetch_array($qhandle);
$sessdata = unserialize(stripslashes($qresult['session']));
$sessdata[$n] = '';
$sessdata = serialize($sessdata);
mysql_query("update session set session = '$sessdata' where ID = '$SESSID'");
}

function sess_close() {
global $SESSID;
$qhandle = mysql_query("select session from session where ID = '$SESSID'");
$qresult = mysql_fetch_array($qhandle);
$sessdata = unserialize(stripslashes($qresult['session']));
while(list($n,$v) = @each($sessdata))
{
global $$n;
$sessdata[$n] = $$n;
}
$sessdata = serialize($sessdata);
mysql_query("update session set session = '$sessdata' where ID = '$SESSID'");
}

function sess_unregister($var) {
global $SESSID, $$var;
$qhandle = mysql_query("select session from session where ID = '$SESSID'");
$qresult = mysql_fetch_array($qhandle);
$sessdata = unserialize(stripslashes($qresult['session']));
unset($sessdata[$var]);
unset[$$var];
$sessdata = serialize($sessdata);
mysql_query("update session set session = '$sessdata' where ID = '$SESSID'");
}

function sess_destroy() {
global $SESSID;
mysql_query("delete from session where ID = '$SESSID'");
unset($SESSID);
}

let me know if you find any problems with this one

bishnu

Anon

On MySQL 3.23.28-gamma, use the following SQL to create the table. Included SQL has {} instead of () and omits the brackets around (cdate)

create table session (
ID varchar(32) NOT NULL,
cdate timestamp(12),
session text,
PRIMARY KEY (ID),
INDEX (cdate)
);