本文整理汇总了PHP中session_regenerate_id函数的典型用法代码示例。如果您正苦于以下问题:PHP session_regenerate_id函数的具体用法?PHP session_regenerate_id怎么用?PHP session_regenerate_id使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了session_regenerate_id函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: sec_session_start
function sec_session_start()
{
$session_name = 'exatest_session_id';
//Asignamos un nombre de sesión
$secure = false;
//mejor en config.php Lo ideal sería true para trabajar con https
$httponly = true;
// Obliga a la sesión a utilizar solo cookies.
// Habilitar este ajuste previene ataques que impican pasar el id de sesión en la URL.
if (ini_set('session.use_only_cookies', 1) === FALSE) {
$action = "error";
$error = "No puedo iniciar una sesion segura (ini_set)";
}
// Obtener los parámetros de la cookie de sesión
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
//Marca la cookie como accesible sólo a través del protocolo HTTP.
//Esto siginifica que la cookie no será accesible por lenguajes de script,
// tales como JavaScript.
//Este ajuste puede ayudar de manera efectiva a reducir robos de
//indentidad a través de ataques
// Incia la sesión PHP
session_name($session_name);
session_start();
// Actualiza el id de sesión actual con uno generado más reciente
//Ayuda a evitar ataques de fijación de sesión
session_regenerate_id(true);
}示例2: xoonips_session_regenerate
function xoonips_session_regenerate()
{
$old_sessid = session_id();
session_regenerate_id();
$new_sessid = session_id();
session_id($old_sessid);
session_destroy();
$old_session = $_SESSION;
session_id($new_sessid);
$sess_handler =& xoops_gethandler('session');
session_set_save_handler(array(&$sess_handler, 'open'), array(&$sess_handler, 'close'), array(&$sess_handler, 'read'), array(&$sess_handler, 'write'), array(&$sess_handler, 'destroy'), array(&$sess_handler, 'gc'));
session_start();
$_SESSION = array();
foreach (array_keys($old_session) as $key) {
$_SESSION[$key] = $old_session[$key];
}
// write and close session for xnp_is_valid_session_id()
session_write_close();
// restart session
session_set_save_handler(array(&$sess_handler, 'open'), array(&$sess_handler, 'close'), array(&$sess_handler, 'read'), array(&$sess_handler, 'write'), array(&$sess_handler, 'destroy'), array(&$sess_handler, 'gc'));
session_start();
$_SESSION = array();
foreach (array_keys($old_session) as $key) {
$_SESSION[$key] = $old_session[$key];
}
}示例3: loggedOutProtect
public function loggedOutProtect()
{
if ($this->loggedIn() === false) {
header('Location: ' . BASE_URL . 'login');
exit;
}
// source: http://stackoverflow.com/a/1270960/2790481
// last request was more than 1 day ago
if (isset($_SESSION['LAST_ACTIVITY']) && time() - $_SESSION['LAST_ACTIVITY'] > 86400) {
session_unset();
// unset $_SESSION variable for the run-time
session_destroy();
// destroy session data in storage
header('Location: ' . BASE_URL . 'login');
exit;
}
$_SESSION['LAST_ACTIVITY'] = time();
// update last activity time stamp
if (!isset($_SESSION['CREATED'])) {
$_SESSION['CREATED'] = time();
} else {
if (time() - $_SESSION['CREATED'] > 3600) {
// session started more than 1 hour ago
$id = $_SESSION['id'];
// better security - avoid fixation attack.
session_regenerate_id(true);
// change session ID for the current session and invalidate old session ID
$_SESSION['CREATED'] = time();
// update creation time
$_SESSION['id'] = $id;
$_SESSION['LAST_ACTIVITY'] = time();
// update last activity time stamp
}
}
}示例4: checkLogin
public function checkLogin()
{
session_start();
if (isset($_SESSION['LAST_ACTIVITY']) && time() - $_SESSION['LAST_ACTIVITY'] > 1800) {
// last request was more than 30 minutes ago
session_unset();
// unset $_SESSION variable for the run-time
session_destroy();
// destroy session data in storage
session_write_close();
setcookie(session_name(), '', 0, '/');
session_regenerate_id(true);
}
$_SESSION['LAST_ACTIVITY'] = time();
// update last activity time stamp
$input = Request::only('username', 'password');
// param was set in the query string
if (!empty($input['username']) && !is_null($input['username'])) {
// query string had param set to nothing ie ?param=¶m2=something
$_SESSION['username'] = $input['username'];
$_SESSION['password'] = $input['password'];
}
if (!empty($_SESSION['username']) && !is_null($_SESSION['password'])) {
$count = Admin::where('username', $_SESSION['username'])->where('password', md5(md5($_SESSION['password'])))->count();
if ($count) {
return true;
}
}
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(), '', 0, '/');
session_regenerate_id(true);
return false;
}示例5: regenerate
/**
* セッションIDを再生成する
*
* @param boolean $destroy trueの場合は古いセッションを破棄する
*/
public function regenerate($destroy = true)
{
if (!self::$sessionIdRegenerated) {
session_regenerate_id($destroy);
self::$sessionIdRegenerated = true;
}
}示例6: Authenticate
public function Authenticate(\model\User $user)
{
if ($this->users->GetUserLoginsForHour($user) > self::$MAX_LOGINS_PER_HOUR) {
throw new \Exception("Max login attempts for username '" . $user->GetUserName() . "' reached. Please try again in 30-60 minutes.");
}
// Assert that the password is in plain text.
assert($user->IsPasswordHashed() == false);
// Log this login attempt in DAL
$this->users->AddLoginAttempt($user);
// Get user from database, if user exists
$userFromDB = $this->users->GetUserByUsername($user->GetUserName());
if ($userFromDB) {
// Verify password in user object against password in db table row.
if (password_verify($user->GetPassword(), $userFromDB->GetPassword())) {
// Hash password in user object. Does no need to be in clear text anymore.
$user->HashPassword();
// Add id from DBuser to user
$user->SetUserId($userFromDB->GetUserId());
// Regenerate session
session_regenerate_id(true);
// Return user from DB
return $user;
}
}
return false;
}示例7: tryLogin
public function tryLogin($data)
{
// Reject requests
if ($this->isExceedingRateLimit(2)) {
$this->response->setStatusCode(429, 'Too many requests');
$this->flash->notice('Too many requests.');
return false;
}
/** @var User $user */
$user = User::findFirst(['email = :email:', 'bind' => ['email' => $data['user']]]);
// Sleep for 1-500ms
usleep(mt_rand(1000, 500000));
if ($user && $user->validatePassword($data['password'])) {
// Validate TOTP token
// This needs to be done at this stage as the two factor auth key is
// encrypted with the user's password.
if ($otpKey = $user->getOtpKey($data['password'])) {
$otp = new \Rych\OTP\TOTP($otpKey);
if (!$otp->validate($data['token'])) {
$this->flash->error('Incorrect login details');
return false;
}
}
$keyService = new \Stecman\Passnote\AccountKeyService();
$keyService->unlockAccountKeyForSession($user, $data['password']);
$this->session->set(Security::SESSION_USER_ID, $user->id);
$this->session->set(Security::SESSION_KEY, $user->getSessionKey());
session_regenerate_id();
$this->response->redirect('');
} else {
// Keep timing
$this->security->hash(openssl_random_pseudo_bytes(12));
$this->flash->error('Incorrect login details');
}
}示例8: reset
/**
* Reset session
*/
public function reset()
{
// Clear session vars
session_unset();
// Create new session id
session_regenerate_id(false);
}示例9: sec_session_start
function sec_session_start()
{
session_start();
// Start the php session
session_regenerate_id(true);
// regenerated the session, delete the old one
}示例10: open
/**
* Open a session
*
* @access public
* @param string $base_path Cookie path
*/
public function open($base_path = '/')
{
// HttpOnly and secure flags for session cookie
session_set_cookie_params(SESSION_DURATION, $base_path ?: '/', null, Request::isHTTPS(), true);
// Avoid session id in the URL
ini_set('session.use_only_cookies', '1');
// Enable strict mode
if (version_compare(PHP_VERSION, '7.0.0') < 0) {
ini_set('session.use_strict_mode', '1');
}
// Ensure session ID integrity
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', '32');
ini_set('session.hash_bits_per_character', 6);
// If the session was autostarted with session.auto_start = 1 in php.ini destroy it
if (isset($_SESSION)) {
session_destroy();
}
// Custom session name
session_name('__S');
// Start the session
session_start();
// Regenerate the session id to avoid session fixation issue
if (empty($_SESSION['__validated'])) {
session_regenerate_id(true);
$_SESSION['__validated'] = 1;
}
}示例11: sec_session_start
function sec_session_start()
{
$session_name = 'sec_session_id';
// Set a custom session name
$secure = false;
// Set to true if using https.
$httponly = true;
// This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1);
// Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params();
// Gets current cookies params.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name);
// Sets the session name to the one set above.
session_start();
// Start the php session
session_regenerate_id(false);
// regenerated the session, delete the old one.
$inactive = 600;
// check to see if $_SESSION['timeout'] is set
if (isset($_SESSION['timeout'])) {
$session_life = time() - $_SESSION['timeout'];
if ($session_life > $inactive) {
echo "<script language=javascript>\n\t\talert('Sesi Telah Habis');</script>";
echo '<script type=text/javascript>
window.location = "logout.php";
</script>';
}
}
$_SESSION['timeout'] = time();
}示例12: checkLogin
function checkLogin($mysqli)
{
$email = trim(htmlentities($_POST['email'], ENT_QUOTES, "UTF-8"));
$email = $mysqli->real_escape_string($email);
$emailExist = $mysqli->query("SELECT id, password FROM users WHERE email = '{$email}' ");
if ($emailExist->num_rows == 1) {
$userArray = $emailExist->fetch_array();
$userId = $userArray['id'];
$password = $userArray['password'];
}
if ($emailExist->num_rows == 0 || md5($_POST['password']) != $password) {
return false;
}
/* Neue Session erstellen */
session_regenerate_id();
$sessionId = session_id();
$_SESSION['userId'] = $userId;
$_SESSION['sessionId'] = $sessionId;
$time = time();
$date = date('Y-m-d H:i:s');
/* Gucken ob noch alte Session */
$deleteOldSession = $mysqli->query("DELETE FROM sessions WHERE userId = '{$userId}' ");
$write = $mysqli->query("INSERT INTO sessions VALUES ('{$userId}', '{$sessionId}', '{$time}')");
$update = $mysqli->query("UPDATE users SET lastLogin = '{$date}' WHERE id = '{$userId}' ");
return true;
}示例13: forum_session_start
function forum_session_start()
{
static $forum_session_started = FALSE;
$return = ($hook = get_hook('fn_forum_session_start_start')) ? eval($hook) : null;
if ($return != null) {
return;
}
// Check if session already started
if ($forum_session_started && session_id()) {
return;
}
session_cache_limiter(FALSE);
// Check session id
$forum_session_id = NULL;
if (isset($_COOKIE['PHPSESSID'])) {
$forum_session_id = $_COOKIE['PHPSESSID'];
} else {
if (isset($_GET['PHPSESSID'])) {
$forum_session_id = $_GET['PHPSESSID'];
}
}
if (empty($forum_session_id) || !preg_match('/^[a-z0-9]{16,32}$/', $forum_session_id)) {
// Create new session id
$forum_session_id = random_key(32, FALSE, TRUE);
session_id($forum_session_id);
}
session_start();
if (!isset($_SESSION['initiated'])) {
session_regenerate_id();
$_SESSION['initiated'] = TRUE;
}
$forum_session_started = TRUE;
}示例14: __new__
/**
* セッションを開始する
* @param string $name
* @return $this
*/
protected function __new__($name = 'sess')
{
$this->ses_n = $name;
if ('' === session_id()) {
$session_name = \org\rhaco\Conf::get('session_name', 'SID');
if (!ctype_alpha($session_name)) {
throw new \InvalidArgumentException('session name is is not a alpha value');
}
session_cache_limiter(\org\rhaco\Conf::get('session_limiter', 'nocache'));
session_cache_expire((int) (\org\rhaco\Conf::get('session_expire', 10800) / 60));
session_name();
if (static::has_module('session_read')) {
ini_set('session.save_handler', 'user');
session_set_save_handler(array($this, 'open'), array($this, 'close'), array($this, 'read'), array($this, 'write'), array($this, 'destroy'), array($this, 'gc'));
if (isset($this->vars[$session_name])) {
session_regenerate_id(true);
}
}
session_start();
register_shutdown_function(function () {
if ('' != session_id()) {
session_write_close();
}
});
}
}示例15: regenerate_id
/**
* Regenerates session id
*/
function regenerate_id()
{
// copy old session data, including its id
$old_session_id = session_id();
$old_session_data = $_SESSION;
// regenerate session id and store it
session_regenerate_id();
$new_session_id = session_id();
// switch to the old session and destroy its storage
session_id($old_session_id);
session_destroy();
// switch back to the new session id and send the cookie
session_id($new_session_id);
session_start();
// restore the old session data into the new session
$_SESSION = $old_session_data;
// update the session creation time
$_SESSION['regenerated'] = time();
// session_write_close() patch based on this thread
// http://www.codeigniter.com/forums/viewthread/1624/
// there is a question mark ?? as to side affects
// end the current session and store session data.
session_write_close();
}