Can anyone here help me how to convert this code to MySQL (the original code using PostgreSQL). I did some changes to the code myself but it seem like it didn't work. I'm not sure what is the problem and hopefully somebody here willing to share some experience and help me solve my problem.
Code:
<?php
class UserSession {
private $php_session_id;
private $native_session_id;
private $dbhandle;
private $logged_in;
private $user_id;
private $session_timeout = 600; # 10 minute inactivity timeout
private $session_lifespan = 3600; # 1 hour session duration
public function __construct() {
# Connect to database
$this->dbhandle = mysql_connect("localhost","root","");
if (!$this->dbhandle)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("prophp5", $this->dbhandle);
session_set_save_handler(
array(&$this, '_session_open_method'),
array(&$this, '_session_close_method'),
array(&$this, '_session_read_method'),
array(&$this, '_session_write_method'),
array(&$this, '_session_destroy_method'),
array(&$this, '_session_gc_method')
);
# Check the cookie passed - if one is - if it looks wrong we'll scrub it right away
$strUserAgent = $GLOBALS["HTTP_USER_AGENT"];
if ($_COOKIE["PHPSESSID"]) {
# Security and age check
$this->php_session_id = $_COOKIE["PHPSESSID"];
$stmt = "SELECT id FROM \"user_session\" WHERE ascii_session_id = '" . $this->php_session_id . "' AND ((now() - created) < ' " . $this->session_lifespan . " seconds') AND user_agent='" . $strUserAgent . "' AND ((now() - last_impression) <= '".$this->session_timeout." seconds' OR last_impression IS NULL)";
$result = mysql_query($stmt);
if (mysql_num_rows($result)==0) {
# Set failed flag
$failed = 1;
# Delete from database - we do garbage cleanup at the same time
$result = mysql_query("DELETE FROM \"user_session\" WHERE (ascii_session_id = '". $this->php_session_id . "') OR (now() - created) > $maxlifetime)");
# Clean up stray session variables
$result = mysql_query("DELETE FROM \"session_variable\" WHERE session_id NOT IN (SELECT id FROM \"user_session\")");
# Get rid of this one... this will force PHP to give us another
unset($_COOKIE["PHPSESSID"]);
};
};
# Set the life time for the cookie
session_set_cookie_params($this->session_lifespan);
# Call the session_start method to get things started
session_start();
}
public function Impress() {
if ($this->native_session_id) {
$result = mysql_query("UPDATE \"user_session\" SET last_impression = now() WHERE id = " . $this->native_session_id);
};
}
public function IsLoggedIn() {
return($this->logged_in);
}
public function GetUserID() {
if ($this->logged_in) {
return($this->user_id);
} else {
return(false);
};
}
public function GetUserObject() {
if ($this->logged_in) {
if (class_exists("user")) {
$objUser = new User($this->user_id);
return($objUser);
} else {
return(false);
};
};
}
public function GetSessionIdentifier() {
return($this->php_session_id);
}
public function Login($strUsername, $strPlainPassword) {
$strMD5Password = md5($strPlainPassword);
$stmt = "SELECT id FROM \"user\" WHERE username = '$strUsername' AND md5_pw = '$strMD5Password'";
$result = mysql_query($stmt);
if (mysql_num_rows($result)>0) {
$row = mysql_fetch_array($result);
$this->user_id = $row["id"];
$this->logged_in = true;
$result = mysql_query("UPDATE \"user_session\" SET logged_in = true, user_id = " . $this->user_id . " WHERE id = " . $this->native_session_id);
return(true);
} else {
return(false);
};
}
public function LogOut() {
if ($this->logged_in == true) {
$result = mysql_query("UPDATE \"user_session\" SET logged_in = false, user_id = 0 WHERE id = " . $this->native_session_id);
$this->logged_in = false;
$this->user_id = 0;
return(true);
} else {
return(false);
};
}
public function __get($nm) {
$result = mysql_query("SELECT variable_value FROM session_variable WHERE session_id = " . $this->native_session_id . " AND variable_name = '" . $nm . "'");
if (mysql_num_rows($result)>0) {
$row = mysql_fetch_array($result);
return(unserialize($row["variable_value"]));
} else {
return(false);
};
}
public function __set($nm, $val) {
$strSer = serialize($val);
$stmt = "INSERT INTO session_variable(session_id, variable_name, variable_value) VALUES(" . $this->native_session_id . ", '$nm', '$strSer')";
$result = mysql_query($stmt);
}
private function _session_open_method($save_path, $session_name) {
# Do nothing
return(true);
}
private function _session_close_method() {
mysql_close($this->dbhandle);
return(true);
}
private function _session_read_method($id) {
# We use this to determine whether or not our session actually exists.
$strUserAgent = $GLOBALS["HTTP_USER_AGENT"];
$this->php_session_id = $id;
# Set failed flag to 1 for now
$failed = 1;
# See if this exists in the database or not.
$result = mysql_query("select id, logged_in, user_id from \"user_session\" where ascii_session_id = '$id'");
if (mysql_num_rows($result)>0) {
$row = mysql_fetch_array($result);
$this->native_session_id = $row["id"];
if ($row["logged_in"]=="t") {
$this->logged_in = true;
$this->user_id = $row["user_id"];
} else {
$this->logged_in = false;
};
} else {
$this->logged_in = false;
# We need to create an entry in the database
$result = mysql_query("INSERT INTO user_session(ascii_session_id, logged_in, user_id, created, user_agent) VALUES ('$id','f',0,now(),'$strUserAgent')");
# Now get the true ID
$result = mysql_query("SELECT id FROM \"user_session\" WHERE ascii_session_id = '$id'");
$row = mysql_fetch_array($result);
$this->native_session_id = $row["id"];
};
# Just return empty string
return("");
}
private function _session_write_method($id, $sess_data) {
return(true);
}
private function _session_destroy_method($id) {
$result = mysql_query("DELETE FROM \"user_session\" WHERE ascii_session_id = '$id'");
return($result);
}
private function _session_gc_method($maxlifetime) {
return(true);
}
}
?>
Chapter 15: usersession.phpm database conversion
