From 4df4ab500788f0792b75baf1fa98e4647d713ed1 Mon Sep 17 00:00:00 2001 From: corbosman Date: Thu, 19 Feb 2015 14:55:09 +0100 Subject: [PATCH 1/4] session refactor and add redis driver --- config/defaults.inc.php | 14 +- program/lib/Roundcube/rcube.php | 29 +- program/lib/Roundcube/rcube_session.php | 371 +++++------------- program/lib/Roundcube/rcube_session_db.php | 168 ++++++++ .../lib/Roundcube/rcube_session_memcache.php | 140 +++++++ program/lib/Roundcube/rcube_session_php.php | 71 ++++ program/lib/Roundcube/rcube_session_redis.php | 210 ++++++++++ 7 files changed, 724 insertions(+), 279 deletions(-) create mode 100644 program/lib/Roundcube/rcube_session_db.php create mode 100644 program/lib/Roundcube/rcube_session_memcache.php create mode 100644 program/lib/Roundcube/rcube_session_php.php create mode 100644 program/lib/Roundcube/rcube_session_redis.php diff --git a/config/defaults.inc.php b/config/defaults.inc.php index 06ea9ec21..fd47c59a1 100644 --- a/config/defaults.inc.php +++ b/config/defaults.inc.php @@ -374,9 +374,14 @@ $config['session_auth_name'] = null; // Session path. Defaults to PHP session.cookie_path setting. $config['session_path'] = null; -// Backend to use for session storage. Can either be 'db' (default), 'memcache' or 'php' +// Backend to use for session storage. Can either be 'db' (default), 'redis', 'memcache', or 'php' +// // If set to 'memcache', a list of servers need to be specified in 'memcache_hosts' // Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +// +// If set to 'redis', a server needs to be specified in 'redis_hosts' +// Make sure the Redis extension (http://pecl.php.net/package/redis) version >= 2.0.0 is installed +// // Setting this value to 'php' will use the default session save handler configured in PHP $config['session_storage'] = 'db'; @@ -397,6 +402,13 @@ $config['memcache_timeout'] = 1; // See http://php.net/manual/en/memcache.addserver.php $config['memcache_retry_interval'] = 15; +// use this for accessing redis +// currently only one host is supported. cluster support may come in a future release. +// you can pass 4 fields, host, port, database and password. +// unset fields will be set to the default values host=127.0.0.1, port=6379, database=0, password= (empty) + +$config['redis_hosts'] = null; // e.g. array( 'localhost:6379' ); array( '192.168.1.1:6379:1:secret' ); + // check client IP in session authorization $config['ip_check'] = false; diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 3aca88843..42d880763 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -522,9 +522,12 @@ class rcube ini_set('session.cookie_httponly', 1); // use database for storing session data - $this->session = new rcube_session($this->get_dbh(), $this->config); + $storage = $this->config->get('session_storage', 'db'); + $this->session = $this->get_session($storage); + // register default gc handler $this->session->register_gc_handler(array($this, 'gc')); + $this->session->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME'])); $this->session->set_ip_check($this->config->get('ip_check')); @@ -534,8 +537,30 @@ class rcube // start PHP session (if not in CLI mode) if ($_SERVER['REMOTE_ADDR']) { - $this->session->start(); + $this->session->start($this->config); + } + } + + /** + * get an rcube_session instance + * + * @return rcube_session + */ + private function get_session($storage) + { + // class name for this storage + $class = "rcube_session_" . $storage; + + // try to instantiate class + if(class_exists($class)) { + return new $class(); } + + // no storage found, raise error + rcube::raise_error(array('code' => 604, 'type' => 'session', + 'line' => __LINE__, 'file' => __FILE__, + 'message' => "Failed to find session driver. Check session_storage config option"), + true, true); } diff --git a/program/lib/Roundcube/rcube_session.php b/program/lib/Roundcube/rcube_session.php index 8306a0687..08a9dc302 100644 --- a/program/lib/Roundcube/rcube_session.php +++ b/program/lib/Roundcube/rcube_session.php @@ -19,33 +19,30 @@ */ /** - * Class to provide database supported session storage + * Abstract class to provide database supported session storage * * @package Framework * @subpackage Core * @author Thomas Bruederli * @author Aleksander Machniak */ -class rcube_session +abstract class rcube_session { - private $db; - private $ip; - private $start; - private $changed; - private $time_diff = 0; - private $reloaded = false; - private $appends = array(); - private $unsets = array(); - private $gc_handlers = array(); - private $cookiename = 'roundcube_sessauth'; - private $vars; - private $key; - private $now; - private $secret = ''; - private $ip_check = false; - private $logging = false; - private $storage; - private $memcache; + protected $key; + protected $ip; + protected $changed; + protected $start; + protected $time_diff = 0; + protected $reloaded = false; + protected $appends = array(); + protected $unsets = array(); + protected $gc_handlers = array(); + protected $cookiename = 'roundcube_sessauth'; + protected $vars; + protected $now; + protected $secret = ''; + protected $ip_check = false; + protected $logging = false; /** * Blocks session data from being written to database. @@ -53,14 +50,31 @@ class rcube_session * @var boolean */ public $nowrite = false; + + /** + * register session handler + */ + public function register_session_handler() + { + ini_set('session.serialize_handler', 'php'); + + // set custom functions for PHP session management + session_set_save_handler( + array($this, 'open'), + array($this, 'close'), + array($this, 'read'), + array($this, 'sess_write'), + array($this, 'destroy'), + array($this, 'gc') + ); + } /** - * Default constructor + * Wrapper for session_start() */ - public function __construct($db, $config) + public function start($config) { - $this->db = $db; $this->start = microtime(true); $this->ip = rcube_utils::remote_addr(); $this->logging = $config->get('log_session', false); @@ -68,83 +82,43 @@ class rcube_session $lifetime = $config->get('session_lifetime', 1) * 60; $this->set_lifetime($lifetime); - // use memcache backend - $this->storage = $config->get('session_storage', 'db'); - if ($this->storage == 'memcache') { - $this->memcache = rcube::get_instance()->get_memcache(); - - // set custom functions for PHP session management if memcache is available - if ($this->memcache) { - ini_set('session.serialize_handler', 'php'); - - session_set_save_handler( - array($this, 'open'), - array($this, 'close'), - array($this, 'mc_read'), - array($this, 'mc_write'), - array($this, 'mc_destroy'), - array($this, 'gc')); - } - else { - rcube::raise_error(array('code' => 604, 'type' => 'db', - 'line' => __LINE__, 'file' => __FILE__, - 'message' => "Failed to connect to memcached. Please check configuration"), - true, true); - } - } - else if ($this->storage != 'php') { - ini_set('session.serialize_handler', 'php'); - - // set custom functions for PHP session management - session_set_save_handler( - array($this, 'open'), - array($this, 'close'), - array($this, 'db_read'), - array($this, 'db_write'), - array($this, 'db_destroy'), - array($this, 'gc')); - - $this->table_name = $this->db->table_name('session', true); - } + session_start(); } - /** - * Wrapper for session_start() + * Abstract methods should be implemented by driver classes */ - public function start() - { - session_start(); - - // copy some session properties to object vars - if ($this->storage == 'php') { - $this->key = session_id(); - $this->ip = $_SESSION['__IP']; - $this->changed = $_SESSION['__MTIME']; - } - } - - - public function open($save_path, $session_name) - { - return true; - } - - - public function close() - { - return true; - } + abstract function open($save_path, $session_name); + abstract function close(); + abstract function destroy($key); + abstract function read($key); + abstract function write($key, $vars); + abstract function update($key, $newvars, $oldvars); /** - * Delete session data for the given key + * session write handler. This calls the implementation methods for write/update after some initial checks. * - * @param string Session ID + * @param $key + * @param $vars + * @return bool */ - public function destroy($key) + public function sess_write($key, $vars) { - return $this->memcache ? $this->mc_destroy($key) : $this->db_destroy($key); + if ($this->nowrite) + return true; + + // check cache + $oldvars = $this->get_cache($key); + + // if there are cached vars, update store, else insert new data + if ($oldvars !== null) { + $newvars = $this->_fixvars($vars, $oldvars); + return $this->update($key, $newvars, $oldvars); + } + else { + return $this->write($key, $vars); + } } @@ -153,11 +127,6 @@ class rcube_session */ public function write_close() { - if ($this->storage == 'php') { - $_SESSION['__IP'] = $this->ip; - $_SESSION['__MTIME'] = time(); - } - session_write_close(); // write_close() is called on script shutdown, see rcube::shutdown() @@ -166,91 +135,10 @@ class rcube_session $this->gc_shutdown(); } - - /** - * Read session data from database - * - * @param string Session ID - * - * @return string Session vars - */ - public function db_read($key) - { - $sql_result = $this->db->query( - "SELECT `vars`, `ip`, `changed`, " . $this->db->now() . " AS ts" - . " FROM {$this->table_name} WHERE `sess_id` = ?", $key); - - if ($sql_result && ($sql_arr = $this->db->fetch_assoc($sql_result))) { - $this->time_diff = time() - strtotime($sql_arr['ts']); - $this->changed = strtotime($sql_arr['changed']); - $this->ip = $sql_arr['ip']; - $this->vars = base64_decode($sql_arr['vars']); - $this->key = $key; - - return !empty($this->vars) ? (string) $this->vars : ''; - } - - return null; - } - - - /** - * Save session data. - * handler for session_read() - * - * @param string Session ID - * @param string Serialized session vars - * - * @return boolean True on success - */ - public function db_write($key, $vars) - { - $now = $this->db->now(); - $ts = microtime(true); - - if ($this->nowrite) - return true; - - // no session row in DB (db_read() returns false) - if (!$this->key) { - $oldvars = null; - } - // use internal data from read() for fast requests (up to 0.5 sec.) - else if ($key == $this->key && (!$this->vars || $ts - $this->start < 0.5)) { - $oldvars = $this->vars; - } - else { // else read data again from DB - $oldvars = $this->db_read($key); - } - - if ($oldvars !== null) { - $newvars = $this->_fixvars($vars, $oldvars); - - if ($newvars !== $oldvars) { - $this->db->query("UPDATE {$this->table_name} " - . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?", - base64_encode($newvars), $key); - } - else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) { - $this->db->query("UPDATE {$this->table_name} SET `changed` = $now" - . " WHERE `sess_id` = ?", $key); - } - } - else { - $this->db->query("INSERT INTO {$this->table_name}" - . " (`sess_id`, `vars`, `ip`, `created`, `changed`)" - . " VALUES (?, ?, ?, $now, $now)", - $key, base64_encode($vars), (string)$this->ip); - } - - return true; - } - - /** * Merge vars with old vars and apply unsets */ - private function _fixvars($vars, $oldvars) + protected function _fixvars($vars, $oldvars) { if ($oldvars !== null) { $a_oldvars = $this->unserialize($oldvars); @@ -280,97 +168,6 @@ class rcube_session return $newvars; } - - /** - * Handler for session_destroy() - * - * @param string Session ID - * - * @return boolean True on success - */ - public function db_destroy($key) - { - if ($key) { - $this->db->query("DELETE FROM {$this->table_name} WHERE `sess_id` = ?", $key); - } - - return true; - } - - - /** - * Read session data from memcache - * - * @param string Session ID - * @return string Session vars - */ - public function mc_read($key) - { - if ($value = $this->memcache->get($key)) { - $arr = unserialize($value); - $this->changed = $arr['changed']; - $this->ip = $arr['ip']; - $this->vars = $arr['vars']; - $this->key = $key; - - return !empty($this->vars) ? (string) $this->vars : ''; - } - - return null; - } - - - /** - * Save session data. - * handler for session_read() - * - * @param string Session ID - * @param string Serialized session vars - * - * @return boolean True on success - */ - public function mc_write($key, $vars) - { - $ts = microtime(true); - - // no session data in cache (mc_read() returns false) - if (!$this->key) - $oldvars = null; - // use internal data for fast requests (up to 0.5 sec.) - else if ($key == $this->key && (!$this->vars || $ts - $this->start < 0.5)) - $oldvars = $this->vars; - else // else read data again - $oldvars = $this->mc_read($key); - - $newvars = $oldvars !== null ? $this->_fixvars($vars, $oldvars) : $vars; - - if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) { - return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)), - MEMCACHE_COMPRESSED, $this->lifetime + 60); - } - - return true; - } - - - /** - * Handler for session_destroy() with memcache backend - * - * @param string Session ID - * - * @return boolean True on success - */ - public function mc_destroy($key) - { - if ($key) { - // #1488592: use 2nd argument - $this->memcache->delete($key, 0); - } - - return true; - } - - /** * Execute registered garbage collector routines */ @@ -381,7 +178,6 @@ class rcube_session return $this->gc_enabled = $maxlifetime; } - /** * Register additional garbage collector functions * @@ -422,6 +218,7 @@ class rcube_session * Generate and set new session id * * @param boolean $destroy If enabled the current session will be destroyed + * @return bool */ public function regenerate_id($destroy=true) { @@ -433,6 +230,28 @@ class rcube_session return true; } + /** + * see if we have vars of this key already cached, and if so, return them. + * + * @param $key + * @return null|array + */ + protected function get_cache($key) + { + // no session data in cache (read() returns false) + if (!$this->key) { + $cache = null; + } + // use internal data for fast requests (up to 0.5 sec.) + else if ($key == $this->key && (!$this->vars || $ts - $this->start < 0.5)) { + $cache = $this->vars; + } + else { // else read data again + $cache = $this->read($key); + } + return $cache; + } + /** * Append the given value to the certain node in the session data array @@ -523,10 +342,9 @@ class rcube_session $node[$k] = $value; } - if ($this->key && $this->memcache) - $data = $this->mc_read($this->key); - else if ($this->key) - $data = $this->db_read($this->key); + if($this->key) { + $data = $this->read($this->key); + } if ($data) { session_decode($data); @@ -553,7 +371,7 @@ class rcube_session * Returns a reference to the node in data array referenced by the given path. * e.g. ['compose','attachments'] will return $_SESSION['compose']['attachments'] */ - private function &get_node($path, &$data_arr) + protected function &get_node($path, &$data_arr) { $node = &$data_arr; if (!empty($path)) { @@ -570,7 +388,7 @@ class rcube_session /** * Serialize session data */ - private function serialize($vars) + protected function serialize($vars) { $data = ''; if (is_array($vars)) { @@ -589,7 +407,7 @@ class rcube_session * Unserialize session data * http://www.php.net/manual/en/function.session-decode.php#56106 */ - private function unserialize($str) + protected function unserialize($str) { $str = (string)$str; $endptr = strlen($str); @@ -788,6 +606,7 @@ class rcube_session * Create session cookie from session data * * @param int Time slot to use + * @return string */ function _mkcookie($timeslot) { diff --git a/program/lib/Roundcube/rcube_session_db.php b/program/lib/Roundcube/rcube_session_db.php new file mode 100644 index 000000000..93d5c2b66 --- /dev/null +++ b/program/lib/Roundcube/rcube_session_db.php @@ -0,0 +1,168 @@ + | + | Author: Aleksander Machniak | + | Author: Cor Bosman | + +-----------------------------------------------------------------------+ +*/ + +/** + * Class to provide database session storage + * + * @package Framework + * @subpackage Core + * @author Thomas Bruederli + * @author Aleksander Machniak + * @author Cor Bosman + */ +class rcube_session_db extends rcube_session +{ + private $db; + private $table_name; + + public function __construct() + { + // get db instance + $this->db = rcube::get_instance()->get_dbh(); + + // session table name + $this->table_name = $this->db->table_name('session', true); + + // register sessions handler + $this->register_session_handler(); + + // register db gc handler + $this->register_gc_handler(array($this, 'gc_db')); + } + + /** + * @param $save_path + * @param $session_name + * @return bool + */ + public function open($save_path, $session_name) + { + return true; + } + + /** + * @return bool + */ + public function close() + { + return true; + } + + + /** + * Handler for session_destroy() + * + * @param $key + * @return bool + */ + public function destroy($key) + { + if ($key) { + $this->db->query("DELETE FROM {$this->table_name} WHERE `sess_id` = ?", $key); + } + + return true; + } + + /** + * Read session data from database + * + * @param string Session ID + * + * @return string Session vars + */ + public function read($key) + { + $sql_result = $this->db->query( + "SELECT `vars`, `ip`, `changed`, " . $this->db->now() . " AS ts" + . " FROM {$this->table_name} WHERE `sess_id` = ?", $key); + + if ($sql_result && ($sql_arr = $this->db->fetch_assoc($sql_result))) { + $this->time_diff = time() - strtotime($sql_arr['ts']); + $this->changed = strtotime($sql_arr['changed']); + $this->ip = $sql_arr['ip']; + $this->vars = base64_decode($sql_arr['vars']); + $this->key = $key; + + return !empty($this->vars) ? (string) $this->vars : ''; + } + return null; + } + + /** + * insert new data into db session store + * + * @param $key + * @param $vars + * @return bool + */ + public function write($key, $vars) + { + $now = $this->db->now(); + + $this->db->query("INSERT INTO {$this->table_name}" + . " (`sess_id`, `vars`, `ip`, `created`, `changed`)" + . " VALUES (?, ?, ?, $now, $now)", + $key, base64_encode($vars), (string)$this->ip); + + return true; + } + + + /** + * update session data + * + * @param $key + * @param $newvars + * @param $oldvars + * + * @return bool + */ + public function update($key, $newvars, $oldvars) + { + $now = $this->db->now(); + + // if new and old data are not the same, update data + // else update expire timestamp only when certain conditions are met + if ($newvars !== $oldvars) { + $this->db->query("UPDATE {$this->table_name} " + . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?", + base64_encode($newvars), $key); + } + else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) { + $this->db->query("UPDATE {$this->table_name} SET `changed` = $now" + . " WHERE `sess_id` = ?", $key); + } + + return true; + } + + /** + * Clean up db sessions. + */ + public function gc_db() + { + // just clean all old sessions when this GC is called + $this->db->query("DELETE FROM " . $this->db->table_name('session') + . " WHERE changed < " . $this->db->now(-$this->gc_enabled)); + } + +} \ No newline at end of file diff --git a/program/lib/Roundcube/rcube_session_memcache.php b/program/lib/Roundcube/rcube_session_memcache.php new file mode 100644 index 000000000..85a4aa617 --- /dev/null +++ b/program/lib/Roundcube/rcube_session_memcache.php @@ -0,0 +1,140 @@ + | + | Author: Aleksander Machniak | + | Author: Cor Bosman | + +-----------------------------------------------------------------------+ +*/ + +/** + * Class to provide memcache session storage + * + * @package Framework + * @subpackage Core + * @author Thomas Bruederli + * @author Aleksander Machniak + * @author Cor Bosman + */ +class rcube_session_memcache extends rcube_session +{ + private $memcache; + + public function __construct() + { + $this->memcache = rcube::get_instance()->get_memcache(); + + if(! $this->memcache) { + rcube::raise_error(array('code' => 604, 'type' => 'db', + 'line' => __LINE__, 'file' => __FILE__, + 'message' => "Failed to connect to memcached. Please check configuration"), + true, true); + } + + // register sessions handler + $this->register_session_handler(); + + } + + /** + * @param $save_path + * @param $session_name + * @return bool + */ + public function open($save_path, $session_name) + { + return true; + } + + /** + * @return bool + */ + public function close() + { + return true; + } + + /** + * Handler for session_destroy() with memcache backend + * + * @param $key + * @return bool + */ + public function destroy($key) + { + if ($key) { + // #1488592: use 2nd argument + $this->memcache->delete($key, 0); + } + + return true; + } + + + /** + * Read session data from memcache + * + * @param $key + * @return null|string + */ + public function read($key) + { + if ($value = $this->memcache->get($key)) { + $arr = unserialize($value); + $this->changed = $arr['changed']; + $this->ip = $arr['ip']; + $this->vars = $arr['vars']; + $this->key = $key; + + return !empty($this->vars) ? (string) $this->vars : ''; + } + + return null; + } + + /** + * write data to memcache storage + * + * @param $key + * @param $vars + * @return bool + */ + public function write($key, $vars) + { + return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $vars)), + MEMCACHE_COMPRESSED, $this->lifetime + 60); + } + + /** + * update memcache session data + * + * @param $key + * @param $newvars + * @param $oldvars + * @return bool + */ + public function update($key, $newvars, $oldvars) + { + $ts = microtime(true); + + if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) { + return $this->memcache->set($key, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars)), + MEMCACHE_COMPRESSED, $this->lifetime + 60); + } + + return true; + } + +} \ No newline at end of file diff --git a/program/lib/Roundcube/rcube_session_php.php b/program/lib/Roundcube/rcube_session_php.php new file mode 100644 index 000000000..73a889259 --- /dev/null +++ b/program/lib/Roundcube/rcube_session_php.php @@ -0,0 +1,71 @@ + | + | Author: Aleksander Machniak | + | Author: Cor Bosman | + +-----------------------------------------------------------------------+ +*/ + +/** + * Class to provide native php session storage + * + * @package Framework + * @subpackage Core + * @author Thomas Bruederli + * @author Aleksander Machniak + * @author Cor Bosman + */ +class rcube_session_php extends rcube_session { + + + /** + * native php sessions don't need a save handler + * we do need to define abstract function implementations but they are not used. + */ + + public function open($save_path, $session_name) {} + public function close() {} + public function destroy($key) {} + public function read($key) {} + public function write($key, $vars) {} + public function update($key, $newvars, $oldvars) {} + + + /** + * Wrapper for session_write_close() + */ + public function write_close() + { + $_SESSION['__IP'] = $this->ip; + $_SESSION['__MTIME'] = time(); + + parent::write_close(); + } + + /** + * Wrapper for session_start() + */ + public function start($config) + { + parent::start($config); + + $this->key = session_id(); + $this->ip = $_SESSION['__IP']; + $this->changed = $_SESSION['__MTIME']; + + } + +} \ No newline at end of file diff --git a/program/lib/Roundcube/rcube_session_redis.php b/program/lib/Roundcube/rcube_session_redis.php new file mode 100644 index 000000000..07a91cc45 --- /dev/null +++ b/program/lib/Roundcube/rcube_session_redis.php @@ -0,0 +1,210 @@ + | + | Author: Aleksander Machniak | + | Author: Cor Bosman | + +-----------------------------------------------------------------------+ +*/ + +/** + * Class to provide redis session storage + * + * @package Framework + * @subpackage Core + * @author Cor Bosman + */ +class rcube_session_redis extends rcube_session { + + private $redis; + + public function __construct() + { + // instantiate Redis object + $this->redis = new Redis(); + + if (! $this->redis) { + rcube::raise_error(array('code' => 604, 'type' => 'session', + 'line' => __LINE__, 'file' => __FILE__, + 'message' => "Failed to find Redis. Make sure php-redis is included"), + true, true); + } + + // get config instance + $hosts = rcube::get_instance()->config->get('redis_hosts', array()); + + // host config is wrong + if (!is_array($hosts) || empty($hosts) ) { + rcube::raise_error(array('code' => 604, 'type' => 'session', + 'line' => __LINE__, 'file' => __FILE__, + 'message' => "Redis host not configured"), + true, true); + } + + // only allow 1 host for now until we support clustering + if (count($hosts) > 1) { + rcube::raise_error(array('code' => 604, 'type' => 'session', + 'line' => __LINE__, 'file' => __FILE__, + 'message' => "Redis cluster not yet supported"), + true, true); + } + + foreach($hosts as $config) { + // explode individual fields + list($host, $port, $database, $password) = array_pad(explode(':', $config, 4), 4, null); + + // set default values if not set + $host = ($host !== null) ? $host : '127.0.0.1'; + $port = ($port !== null) ? $port : 6379; + $database = ($database !== null) ? $database : 0; + + if ($this->redis->connect($host, $port) === false) { + rcube::raise_error( + array( + 'code' => 604, + 'type' => 'session', + 'line' => __LINE__, + 'file' => __FILE__, + 'message' => "Could not connect to Redis server. Please check host and port" + ), + true, + true + ); + } + + if ($password != null && $this->redis->auth($password) === false) { + rcube::raise_error( + array( + 'code' => 604, + 'type' => 'session', + 'line' => __LINE__, + 'file' => __FILE__, + 'message' => "Could not authenticate with Redis server. Please check password." + ), + true, + true + ); + } + + if ($database != 0 && $this->redis->select($database) === false) { + rcube::raise_error( + array( + 'code' => 604, + 'type' => 'session', + 'line' => __LINE__, + 'file' => __FILE__, + 'message' => "Could not select Redis database. Please check database setting." + ), + true, + true + ); + } + } + + // register sessions handler + $this->register_session_handler(); + + } + + /** + * @param $save_path + * @param $session_name + * @return bool + */ + public function open($save_path, $session_name) + { + return true; + } + + /** + * @return bool + */ + public function close() + { + return true; + } + + /** + * remove data from store + * + * @param $key + * @return bool + */ + public function destroy($key) + { + if ($key) { + $this->redis->del($key); + } + + return true; + } + + + /** + * read data from redis store + * + * @param $key + * @return null + */ + public function read($key) + { + if ($value = $this->redis->get($key)) { + $arr = unserialize($value); + $this->changed = $arr['changed']; + $this->ip = $arr['ip']; + $this->vars = $arr['vars']; + $this->key = $key; + + return !empty($this->vars) ? (string) $this->vars : ''; + } + + return null; + } + + + /** + * write data to redis store + * + * @param $key + * @param $newvars + * @param $oldvars + * @return bool + */ + public function update($key, $newvars, $oldvars) + { + $ts = microtime(true); + + if ($newvars !== $oldvars || $ts - $this->changed > $this->lifetime / 3) { + $this->redis->setex($key, $this->lifetime + 60, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $newvars))); + } + + return true; + } + + + /** + * write data to redis store + * + * @param $key + * @param $vars + * @return bool + */ + public function write($key, $vars) + { + return $this->redis->setex($key, $this->lifetime + 60, serialize(array('changed' => time(), 'ip' => $this->ip, 'vars' => $vars))); + } + + +} \ No newline at end of file From b4be89bdac46af2b1370ea25268159c2cf2cc632 Mon Sep 17 00:00:00 2001 From: corbosman Date: Fri, 27 Feb 2015 15:03:58 +0100 Subject: [PATCH 2/4] use factory --- program/lib/Roundcube/rcube.php | 41 ++---------- program/lib/Roundcube/rcube_session.php | 67 ++++++++++++++++--- program/lib/Roundcube/rcube_session_db.php | 7 +- .../lib/Roundcube/rcube_session_memcache.php | 12 ++-- program/lib/Roundcube/rcube_session_php.php | 12 +++- program/lib/Roundcube/rcube_session_redis.php | 20 +++--- 6 files changed, 95 insertions(+), 64 deletions(-) diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 42d880763..f15ae840a 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -521,49 +521,18 @@ class rcube ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); - // use database for storing session data - $storage = $this->config->get('session_storage', 'db'); - $this->session = $this->get_session($storage); + // get storage driver from config + // $storage = $this->config->get('session_storage', 'db'); - // register default gc handler - $this->session->register_gc_handler(array($this, 'gc')); - - $this->session->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME'])); - $this->session->set_ip_check($this->config->get('ip_check')); - - if ($this->config->get('session_auth_name')) { - $this->session->set_cookiename($this->config->get('session_auth_name')); - } + // get session driver instance + $this->session = rcube_session::factory($this->config); // start PHP session (if not in CLI mode) if ($_SERVER['REMOTE_ADDR']) { - $this->session->start($this->config); + $this->session->start(); } } - /** - * get an rcube_session instance - * - * @return rcube_session - */ - private function get_session($storage) - { - // class name for this storage - $class = "rcube_session_" . $storage; - - // try to instantiate class - if(class_exists($class)) { - return new $class(); - } - - // no storage found, raise error - rcube::raise_error(array('code' => 604, 'type' => 'session', - 'line' => __LINE__, 'file' => __FILE__, - 'message' => "Failed to find session driver. Check session_storage config option"), - true, true); - } - - /** * Garbage collector - cache/temp cleaner */ diff --git a/program/lib/Roundcube/rcube_session.php b/program/lib/Roundcube/rcube_session.php index 08a9dc302..fc1d87150 100644 --- a/program/lib/Roundcube/rcube_session.php +++ b/program/lib/Roundcube/rcube_session.php @@ -15,6 +15,7 @@ +-----------------------------------------------------------------------+ | Author: Thomas Bruederli | | Author: Aleksander Machniak | + | Author: Cor Bosman | +-----------------------------------------------------------------------+ */ @@ -43,6 +44,7 @@ abstract class rcube_session protected $secret = ''; protected $ip_check = false; protected $logging = false; + protected $config; /** * Blocks session data from being written to database. @@ -50,7 +52,55 @@ abstract class rcube_session * @var boolean */ public $nowrite = false; - + + /** + * Factory, returns driver-specific instance of the class + * + * @param object $config + * @return Object rcube_session + */ + public static function factory($config) + { + // get session storage driver + $storage = $config->get('session_storage', 'db'); + + // class name for this storage + $class = "rcube_session_" . $storage; + + // try to instantiate class + if (class_exists($class)) { + return new $class($config); + } + + // no storage found, raise error + rcube::raise_error(array('code' => 604, 'type' => 'session', + 'line' => __LINE__, 'file' => __FILE__, + 'message' => "Failed to find session driver. Check session_storage config option"), + true, true); + } + + /** + * @param Object $config + */ + public function __construct($config) + { + $this->config = $config; + + // register default gc handler + $this->register_gc_handler(array($this, 'gc')); + + // set secret + $this->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME'])); + + // set ip check + $this->set_ip_check($this->config->get('ip_check')); + + // set cookie name + if ($this->config->get('session_auth_name')) { + $this->set_cookiename($this->config->get('session_auth_name')); + } + } + /** * register session handler */ @@ -73,13 +123,13 @@ abstract class rcube_session /** * Wrapper for session_start() */ - public function start($config) + public function start() { $this->start = microtime(true); $this->ip = rcube_utils::remote_addr(); - $this->logging = $config->get('log_session', false); + $this->logging = $this->config->get('log_session', false); - $lifetime = $config->get('session_lifetime', 1) * 60; + $lifetime = $this->config->get('session_lifetime', 1) * 60; $this->set_lifetime($lifetime); session_start(); @@ -105,8 +155,9 @@ abstract class rcube_session */ public function sess_write($key, $vars) { - if ($this->nowrite) + if ($this->nowrite) { return true; + } // check cache $oldvars = $this->get_cache($key); @@ -201,12 +252,6 @@ abstract class rcube_session protected function gc_shutdown() { if ($this->gc_enabled) { - // just delete all expired sessions - if ($this->storage == 'db') { - $this->db->query("DELETE FROM {$this->table_name}" - . " WHERE `changed` < " . $this->db->now(-$this->gc_enabled)); - } - foreach ($this->gc_handlers as $fct) { call_user_func($fct); } diff --git a/program/lib/Roundcube/rcube_session_db.php b/program/lib/Roundcube/rcube_session_db.php index 93d5c2b66..feba2e083 100644 --- a/program/lib/Roundcube/rcube_session_db.php +++ b/program/lib/Roundcube/rcube_session_db.php @@ -33,8 +33,13 @@ class rcube_session_db extends rcube_session private $db; private $table_name; - public function __construct() + /** + * @param Object $config + */ + public function __construct($config) { + parent::__construct($config); + // get db instance $this->db = rcube::get_instance()->get_dbh(); diff --git a/program/lib/Roundcube/rcube_session_memcache.php b/program/lib/Roundcube/rcube_session_memcache.php index 85a4aa617..732d5fb7a 100644 --- a/program/lib/Roundcube/rcube_session_memcache.php +++ b/program/lib/Roundcube/rcube_session_memcache.php @@ -15,7 +15,7 @@ +-----------------------------------------------------------------------+ | Author: Thomas Bruederli | | Author: Aleksander Machniak | - | Author: Cor Bosman | + | Author: Cor Bosman | +-----------------------------------------------------------------------+ */ @@ -32,11 +32,16 @@ class rcube_session_memcache extends rcube_session { private $memcache; - public function __construct() + /** + * @param Object $config + */ + public function __construct($config) { + parent::__construct($config); + $this->memcache = rcube::get_instance()->get_memcache(); - if(! $this->memcache) { + if (!$this->memcache) { rcube::raise_error(array('code' => 604, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__, 'message' => "Failed to connect to memcached. Please check configuration"), @@ -45,7 +50,6 @@ class rcube_session_memcache extends rcube_session // register sessions handler $this->register_session_handler(); - } /** diff --git a/program/lib/Roundcube/rcube_session_php.php b/program/lib/Roundcube/rcube_session_php.php index 73a889259..2f7085fc7 100644 --- a/program/lib/Roundcube/rcube_session_php.php +++ b/program/lib/Roundcube/rcube_session_php.php @@ -30,7 +30,6 @@ */ class rcube_session_php extends rcube_session { - /** * native php sessions don't need a save handler * we do need to define abstract function implementations but they are not used. @@ -43,6 +42,13 @@ class rcube_session_php extends rcube_session { public function write($key, $vars) {} public function update($key, $newvars, $oldvars) {} + /** + * @param Object $config + */ + public function __construct($config) + { + parent::__construct($config); + } /** * Wrapper for session_write_close() @@ -58,9 +64,9 @@ class rcube_session_php extends rcube_session { /** * Wrapper for session_start() */ - public function start($config) + public function start() { - parent::start($config); + parent::start(); $this->key = session_id(); $this->ip = $_SESSION['__IP']; diff --git a/program/lib/Roundcube/rcube_session_redis.php b/program/lib/Roundcube/rcube_session_redis.php index 07a91cc45..bc545ca95 100644 --- a/program/lib/Roundcube/rcube_session_redis.php +++ b/program/lib/Roundcube/rcube_session_redis.php @@ -13,8 +13,6 @@ | PURPOSE: | | Provide database supported session management | +-----------------------------------------------------------------------+ - | Author: Thomas Bruederli | - | Author: Aleksander Machniak | | Author: Cor Bosman | +-----------------------------------------------------------------------+ */ @@ -30,12 +28,17 @@ class rcube_session_redis extends rcube_session { private $redis; - public function __construct() + /** + * @param Object $config + */ + public function __construct($config) { + parent::__construct($config); + // instantiate Redis object $this->redis = new Redis(); - if (! $this->redis) { + if (!$this->redis) { rcube::raise_error(array('code' => 604, 'type' => 'session', 'line' => __LINE__, 'file' => __FILE__, 'message' => "Failed to find Redis. Make sure php-redis is included"), @@ -43,10 +46,10 @@ class rcube_session_redis extends rcube_session { } // get config instance - $hosts = rcube::get_instance()->config->get('redis_hosts', array()); + $hosts = $this->config->get('redis_hosts', array('localhost')); // host config is wrong - if (!is_array($hosts) || empty($hosts) ) { + if (!is_array($hosts) || empty($hosts)) { rcube::raise_error(array('code' => 604, 'type' => 'session', 'line' => __LINE__, 'file' => __FILE__, 'message' => "Redis host not configured"), @@ -61,9 +64,9 @@ class rcube_session_redis extends rcube_session { true, true); } - foreach($hosts as $config) { + foreach ($hosts as $host) { // explode individual fields - list($host, $port, $database, $password) = array_pad(explode(':', $config, 4), 4, null); + list($host, $port, $database, $password) = array_pad(explode(':', $host, 4), 4, null); // set default values if not set $host = ($host !== null) ? $host : '127.0.0.1'; @@ -115,7 +118,6 @@ class rcube_session_redis extends rcube_session { // register sessions handler $this->register_session_handler(); - } /** From 6e3d249655f7d93a5b48cabedd229304bb69df90 Mon Sep 17 00:00:00 2001 From: corbosman Date: Fri, 27 Feb 2015 16:36:26 +0100 Subject: [PATCH 3/4] remove commented out code --- program/lib/Roundcube/rcube.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index f15ae840a..3aa461e36 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -520,10 +520,7 @@ class rcube ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); - - // get storage driver from config - // $storage = $this->config->get('session_storage', 'db'); - + // get session driver instance $this->session = rcube_session::factory($this->config); From 82058d7af26ff04fd95442815b93f944cea46f10 Mon Sep 17 00:00:00 2001 From: corbosman Date: Wed, 4 Mar 2015 13:56:37 +0100 Subject: [PATCH 4/4] minor fixes --- program/lib/Roundcube/rcube.php | 2 +- program/lib/Roundcube/rcube_session_db.php | 2 +- program/lib/Roundcube/rcube_session_redis.php | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 3aa461e36..a7c6b9317 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -520,7 +520,7 @@ class rcube ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); - + // get session driver instance $this->session = rcube_session::factory($this->config); diff --git a/program/lib/Roundcube/rcube_session_db.php b/program/lib/Roundcube/rcube_session_db.php index feba2e083..78138d1eb 100644 --- a/program/lib/Roundcube/rcube_session_db.php +++ b/program/lib/Roundcube/rcube_session_db.php @@ -41,7 +41,7 @@ class rcube_session_db extends rcube_session parent::__construct($config); // get db instance - $this->db = rcube::get_instance()->get_dbh(); + $this->db = rcube::get_instance()->get_dbh(); // session table name $this->table_name = $this->db->table_name('session', true); diff --git a/program/lib/Roundcube/rcube_session_redis.php b/program/lib/Roundcube/rcube_session_redis.php index bc545ca95..4822db7f9 100644 --- a/program/lib/Roundcube/rcube_session_redis.php +++ b/program/lib/Roundcube/rcube_session_redis.php @@ -4,14 +4,13 @@ +-----------------------------------------------------------------------+ | This file is part of the Roundcube Webmail client | | Copyright (C) 2005-2014, The Roundcube Dev Team | - | Copyright (C) 2011, Kolab Systems AG | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | | See the README file for a full license statement. | | | | PURPOSE: | - | Provide database supported session management | + | Provide redis supported session management | +-----------------------------------------------------------------------+ | Author: Cor Bosman | +-----------------------------------------------------------------------+