尝试通过uploadify上传文件时,$ _SESSION变量为空

时间:2014-10-22 17:23:52

标签: php session file-upload uploadify uploadifive

我有一个管理会话的课程" sessionManager" (开始新会话,恢复会话,验证会话......)

用户登录的第一步是创建3个会话变量,以确保我对会话劫持进行身份验证

$_SESSION['MA_IP_ADDRESS'] = $this->user_ip;
$_SESSION['MA_USER_AGENT'] = $this->user_agent;
$_SESSION['MA_IDLE_TIMEOUT'] = $this->current_time + $this->max_session_idle_time;

然后在登录后的每个页面上,我检查以确保会话中存储的IP与当前用户IP地址相同。另外,我检查user_agent以确保它与当前user_agent信息相同或者user_agent等于" Shockwave Flash"在上传文件时解决闪光问题。

这就是我所做的验证信息

    if( $_SESSION['MA_IP_ADDRESS'] != $this->user_ip )
---------

    if( $_SESSION['MA_USER_AGENT'] != $this->user_agent && $this->user_agent != 'Shockwave Flash' )
------

我遇到的问题是,当我使用uplodify将文件上传到我的服务器时,发现3个会话变量(MA_IP_ADDRESS, MA_USER_AGENT, MA_IDLE_TIMEOUT)未设置,因此我总是得到用户未经过身份验证。

我不知道为什么在我使用uplodify时没有设置这些变量,但是它们是通过网站设置的。

如何让uplodify传递所有会话变量(MA_IP_ADDRESS, MA_USER_AGENT, MA_IDLE_TIMEOUT)

我刚购买了非Flash版本Uplodifive,我仍然遇到同样的问题。

以下是我的sessionManager课程供参考

<?php

class sessionManager {
    private $db;
    private $user_id;
    private $user_ip;
    private $user_agent;
    private $autherizedUser = false;
    private $cookie_name;
    private $current_session_id;
    private $max_session_idle_time = SESSION_KEEP_ALIVE;
    private $current_time;

    public function __construct($name, $limit = 0, $path = '/', $domain = null, $secure = null){
        // Set the cookie name
        session_name($name);

        //assign the cookie name that will be used for the session
        $this->cookie_name = $name;

        //get the current time
        $this->current_time = time();

        if(isset($_SERVER['REMOTE_ADDR']))
            $this->user_ip = $_SERVER['REMOTE_ADDR'];

        if(isset($_SERVER['HTTP_USER_AGENT']))
            $this->user_agent = $_SERVER['HTTP_USER_AGENT'];

        // Set SSL level
        $https = isset($secure) ? $secure : isset($_SERVER['HTTPS']);

        //set the session storage to point custom method
        session_set_save_handler(
            array($this, "open"),
            array($this, "close"),
            array($this, "read"),
            array($this, "write"),
            array($this, "delete"),
            array($this, "garbageCollector")
        );

        //Set session cookie options
        session_set_cookie_params($limit, $path, $domain, $https, true);

        //if there is no IP detected - make it invalid
        if( empty($this->user_ip) || empty($this->user_agent)  ){
            echo 'Invalid Request!!!';
            exit();
        }
    }

    /*
    *   This function resume existing session
    */
    public function resumeSession($keepAlive = true){


        // Make sure the session hasn't expired, and destroy it if it has   
        if( $this->isValidSession()  ){
            //grab the current session_id           
            $this->current_session_id = session_id();           

            if($this->isHijacking()){
                error_log('Hijacking attempt!!!!!!!!!!!!!!');
                $this->destroy();
            } else {
                //reset the idle time out
                if($keepAlive === true)
                    $_SESSION['MA_IDLE_TIMEOUT'] = $this->current_time + $this->max_session_idle_time;

                $this->autherizedUser = true;
            }
        } else 
            error_log('Something went wrong!!!!!!!!');

    }

    public function isAutherized(){
        return $this->autherizedUser;
    }

    public function currentSessionID(){
        return $this->current_session_id;
    }

    /*
    *   This function set a session key
    */  
    public function setSession($name, $val = NULL){
        if(session_status() !== PHP_SESSION_ACTIVE  )
            session_start();

        $_SESSION[$name] = $val;    
    }

    /*
    *   This function get a session's key value
    */  
    public function getSession($name){

        if( isset($_SESSION[$name]) )
            return $_SESSION[$name];
        else
            return null;
    }

    //public function getRemainingTime(){
    //  return $this->timeLeftBeforeIdle;
    //}

    public function getRemainingTime(){

        $session_time = $this->current_time;
        //resume session without updating the idle time
        $this->resumeSession(false);


        if(isset($_SESSION['MA_IDLE_TIMEOUT']))
            $session_time = $_SESSION['MA_IDLE_TIMEOUT'];


        return ($session_time - $this->current_time) < 1 ? 0 : ($session_time - $this->current_time);
    }

    /*
    *   This function starts a new session - on the login
    *   @userid is the logged in user id
    */  
    public function startNewSession($userid){
        //Set the user id
        $this->user_id = $userid;
        $new_session_id = $this->generateSessionID();
        session_id($new_session_id);
        //grab the current session_id   
        $this->current_session_id = $new_session_id;

        session_start();
        $this->setSessionValues();

        if(!empty($this->user_id))
            $this->autherizedUser = true;
    }

    /*
    *   This function destroy existing session
    */
    public function destroy(){
        if(session_id() == '' )
            session_start();

        $this->autherizedUser = false;
        session_unset();
        session_destroy();
        unset($_COOKIE[$this->cookie_name]);
    }


    /**
     *  This function set a new values to the session
     */
    private function setSessionValues(){

        $_SESSION = array();

        //set the IP address info
        $_SESSION['MA_IP_ADDRESS'] = $this->user_ip;
        //$this->setSession('MA_IP_ADDRESS', $this->user_ip);

        // save the agent information
        $_SESSION['MA_USER_AGENT'] = $this->user_agent;
        //$this->setSession('MA_USER_AGENT', $this->user_agent);

        //set the idle timeout
        $_SESSION['MA_IDLE_TIMEOUT'] = $this->current_time + $this->max_session_idle_time;
    }

    /*
    *   This function check if the current session is valid or not
    */
    private function isValidSession(){
        session_start();
        error_log('IP ADDRESS ' . $_SESSION['MA_IP_ADDRESS']);
        error_log('AGENT ' . $_SESSION['MA_USER_AGENT']);
        error_log('TIME OUT ' . $_SESSION['MA_IDLE_TIMEOUT']);

        if( !isset($_SESSION['MA_IP_ADDRESS']) || !isset($_SESSION['MA_USER_AGENT']) ||  !isset($_SESSION['MA_IDLE_TIMEOUT']) )
            return false;

        if( empty($_SESSION['MA_IP_ADDRESS']) || empty($_SESSION['MA_USER_AGENT']) || empty($_SESSION['MA_IDLE_TIMEOUT']) )
            return false;

        //if the session expired - make it invalid
        if( $_SESSION['MA_IDLE_TIMEOUT'] < $this->current_time   )
            return false;

        //the session is valid
        return true;
    }


    /*
    *   This function check if this is a session Hijacking attempt or nor
    */
    private function isHijacking(){

        //if the set IP address no not match the current user's IP address value - make it invalid
        if( $this->getSession('MA_IP_ADDRESS') != $this->user_ip )
            return true;


        //if the set user agent value do not match the current user agent value - make it invalid
        if( $this->getSession('MA_USER_AGENT') != $this->user_agent && $this->user_agent != 'Shockwave Flash' )
            return true;

        //the session is valid
        return false;
    }



    /*
    *   This function generate new random string
    */  
    private function generateSessionID($len = 40) {
        //user -13 because uniqid need 13 characters
        $max_to_pick = $len-13;
        $characters = str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-');
        $newStr = '';
        $maxLen = strlen($characters) - 1;
        for ($i = 0; $i < $max_to_pick; ++$i)
            $newStr .= $characters[mt_rand(0, $maxLen)];

        return uniqid($newStr);
    }

    //open the database connection for the session storage engine
    public function open(){
        $this->db = new connection();
        if($this->db)
            return true;

        // Return False
        return false;
    }

    //close the database connection for the session storage engine
    public function close(){

        if($this->db->endConnection())
            return true;

        // Return False
        return false;
    }

    //read current session variables from the session database
    public function read($id){
        // Set query
        $data = $this->db->getDataSet('SELECT data FROM sessions WHERE session_id = ?', array($id));

        if(count($data) == 1)
                return $data[0]['data'];

        return '';
    }

    //replace the existing data using the current session id
    public function write($id, $data){

        // Set query  
        $replace = $this->db->processQuery('INSERT INTO sessions(session_id, access, data, user_id) VALUES (?, ?, ?, ?)
                                            ON DUPLICATE KEY UPDATE
                                            session_id = ?,
                                            access = ?,
                                            data = ?', array($id, $this->current_time, $data, $this->user_id, $id, $this->current_time, $data));

        if($replace)
            return true;

        // Return False
        return false;
    }

    //delete a session record from the storage engine
    public function delete($id){
        // Set query
        $delete = $this->db->processQuery('DELETE FROM sessions WHERE session_id = ? OR user_id IS NULL', array($id));

        if($delete)
            return true;

        // Return False
        return false;
    } 

    //deletes all expired session - if the access time is less that current time
    public function garbageCollector($max){
        // Calculate what is to be deemed old
        $old = $this->current_time - $max;
        // Set query
        $delete = $this->db->processQuery('DELETE FROM sessions WHERE access < ? OR user_id IS NULL', array($old));

        if($delete)
            return true;

        // Return False
        return false;
    }   

}

?>

0 个答案:

没有答案