sas Fri Jan 24 18:59:16 2003 EDT
Modified files: (Branch: PHP_4)
/php4/ext/session session.c mod_files.c php_session.h
Log:
MFH hash id related changes
Index: php4/ext/session/session.c
diff -u php4/ext/session/session.c:1.336.2.5 php4/ext/session/session.c:1.336.2.5.2.1
--- php4/ext/session/session.c:1.336.2.5 Tue Dec 31 11:35:20 2002
+++ php4/ext/session/session.c Fri Jan 24 18:59:16 2003
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: session.c,v 1.336.2.5 2002/12/31 16:35:20 sebastian Exp $ */
+/* $Id: session.c,v 1.336.2.5.2.1 2003/01/24 23:59:16 sas Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -38,6 +38,7 @@
#include "SAPI.h"
#include "php_session.h"
#include "ext/standard/md5.h"
+#include "ext/standard/sha1.h"
#include "ext/standard/php_var.h"
#include "ext/standard/datetime.h"
#include "ext/standard/php_lcg.h"
@@ -151,6 +152,8 @@
STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL,
OnUpdateString, cache_limiter, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL,
OnUpdateInt, cache_expire, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_trans_sid", "0",
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, use_trans_sid, php_ps_globals,
ps_globals)
+ STD_PHP_INI_ENTRY("session.hash_function", "0", PHP_INI_ALL,
+OnUpdateInt, hash_func, php_ps_globals, ps_globals)
+ STD_PHP_INI_ENTRY("session.hash_bits_per_character", "4",
+PHP_INI_ALL, OnUpdateInt, hash_bits_per_character, php_ps_globals,
+ps_globals)
/* Commented out until future discussion */
/* PHP_INI_ENTRY("session.encode_sources", "globals,track", PHP_INI_ALL, NULL)
*/
@@ -535,55 +538,151 @@
}
}
-static char hexconvtab[] = "0123456789abcdef";
+
+/*
+ * Note that we cannot use the BASE64 alphabet here, because
+ * it contains "/" and "+": both are unacceptable for simple inclusion
+ * into URLs.
+ */
+
+static char hexconvtab[] =
+"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-";
+
+enum {
+ PS_HASH_FUNC_MD5,
+ PS_HASH_FUNC_SHA1
+};
+
+/* returns a pointer to the byte after the last valid character in out */
+static char *bin_to_readable(char *in, size_t inlen, char *out, char nbits)
+{
+ unsigned char *p, *q;
+ unsigned short w;
+ int mask;
+ int have;
+
+ p = in;
+ q = in + inlen;
+
+ w = 0;
+ have = 0;
+ mask = (1 << nbits) - 1;
+
+ while (1) {
+ if (have < nbits) {
+ if (p < q) {
+ w |= *p++ << have;
+ have += 8;
+ } else {
+ /* consumed everything? */
+ if (have == 0) break;
+ /* No? We need a final round */
+ have = nbits;
+ }
+ }
+
+ /* consume nbits */
+ *out++ = hexconvtab[w & mask];
+ w >>= nbits;
+ have -= nbits;
+ }
+
+ *out = '\0';
+ return out;
+}
char *php_session_create_id(PS_CREATE_SID_ARGS)
{
- PHP_MD5_CTX context;
- unsigned char digest[16];
- char buf[256];
+ PHP_MD5_CTX md5_context;
+ PHP_SHA1_CTX sha1_context;
+ unsigned char digest[21];
+ int digest_len;
+ int j;
+ char *buf;
struct timeval tv;
- int i;
- int j = 0;
- unsigned char c;
+ zval **array;
+ zval **token;
+ char *remote_addr = NULL;
gettimeofday(&tv, NULL);
- PHP_MD5Init(&context);
- sprintf(buf, "%ld%ld%0.8f", tv.tv_sec, tv.tv_usec, php_combined_lcg(TSRMLS_C)
* 10);
- PHP_MD5Update(&context, buf, strlen(buf));
+ if (zend_hash_find(&EG(symbol_table), "_SERVER",
+ sizeof("_SERVER"), (void **) &array) == SUCCESS &&
+ Z_TYPE_PP(array) == IS_ARRAY &&
+ zend_hash_find(Z_ARRVAL_PP(array), "REMOTE_ADDR",
+ sizeof("REMOTE_ADDR"), (void **) &token) == SUCCESS) {
+ remote_addr = Z_STRVAL_PP(token);
+ }
+
+ buf = emalloc(100);
+
+ /* maximum 15+19+19+10 bytes */
+ sprintf(buf, "%.15s%ld%ld%0.8f", remote_addr ? remote_addr : "",
+ tv.tv_sec, tv.tv_usec, php_combined_lcg(TSRMLS_C) * 10);
+
+ switch (PS(hash_func)) {
+ case PS_HASH_FUNC_MD5:
+ PHP_MD5Init(&md5_context);
+ PHP_MD5Update(&md5_context, buf, strlen(buf));
+ digest_len = 16;
+ break;
+ case PS_HASH_FUNC_SHA1:
+ PHP_SHA1Init(&sha1_context);
+ PHP_SHA1Update(&sha1_context, buf, strlen(buf));
+ digest_len = 20;
+ break;
+ default:
+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Invalid session hash
+function");
+ efree(buf);
+ return NULL;
+ }
if (PS(entropy_length) > 0) {
int fd;
fd = VCWD_OPEN(PS(entropy_file), O_RDONLY);
if (fd >= 0) {
- unsigned char buf[2048];
+ unsigned char rbuf[2048];
int n;
int to_read = PS(entropy_length);
while (to_read > 0) {
- n = read(fd, buf, MIN(to_read, sizeof(buf)));
+ n = read(fd, rbuf, MIN(to_read, sizeof(rbuf)));
if (n <= 0) break;
- PHP_MD5Update(&context, buf, n);
+
+ switch (PS(hash_func)) {
+ case PS_HASH_FUNC_MD5:
+ PHP_MD5Update(&md5_context, rbuf, n);
+ break;
+ case PS_HASH_FUNC_SHA1:
+ PHP_SHA1Update(&sha1_context, rbuf, n);
+ break;
+ }
to_read -= n;
}
close(fd);
}
}
- PHP_MD5Final(digest, &context);
-
- for (i = 0; i < 16; i++) {
- c = digest[i];
- buf[j++] = hexconvtab[c >> 4];
- buf[j++] = hexconvtab[c & 15];
+ switch (PS(hash_func)) {
+ case PS_HASH_FUNC_MD5:
+ PHP_MD5Final(digest, &md5_context);
+ break;
+ case PS_HASH_FUNC_SHA1:
+ PHP_SHA1Final(digest, &sha1_context);
+ break;
+ }
+
+ if (PS(hash_bits_per_character) < 4
+ || PS(hash_bits_per_character) > 6) {
+ PS(hash_bits_per_character) = 4;
+
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The ini setting
+hash_bits_per_character is out of range (should be 4, 5, or 6) - using 4 for now");
}
- buf[j] = '\0';
+ j = bin_to_readable(digest, digest_len, buf, PS(hash_bits_per_character)) -
+buf;
if (newlen)
*newlen = j;
- return estrdup(buf);
+ return buf;
}
static void php_session_initialize(TSRMLS_D)
@@ -1118,10 +1217,7 @@
WRONG_PARAM_COUNT;
}
- if (array_init(return_value) == FAILURE) {
- php_error_docref(NULL TSRMLS_CC, E_ERROR, "Cannot initialize return
value from session_get_cookie_parameters");
- RETURN_FALSE;
- }
+ array_init(return_value);
add_assoc_long(return_value, "lifetime", PS(cookie_lifetime));
add_assoc_string(return_value, "path", PS(cookie_path), 1);
@@ -1444,7 +1540,7 @@
convert_to_string_ex(str);
php_session_decode(Z_STRVAL_PP(str), Z_STRLEN_PP(str) TSRMLS_CC);
-
+
RETURN_TRUE;
}
/* }}} */
@@ -1596,6 +1692,7 @@
PS(module_number) = module_number; /* if we really need this var we need to
init it in zts mode as well! */
+ PS(session_status) = php_session_none;
REGISTER_INI_ENTRIES();
#ifdef HAVE_LIBMM
Index: php4/ext/session/mod_files.c
diff -u php4/ext/session/mod_files.c:1.83.2.3 php4/ext/session/mod_files.c:1.83.2.3.2.1
--- php4/ext/session/mod_files.c:1.83.2.3 Wed Jan 15 10:53:34 2003
+++ php4/ext/session/mod_files.c Fri Jan 24 18:59:16 2003
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mod_files.c,v 1.83.2.3 2003/01/15 15:53:34 sniper Exp $ */
+/* $Id: mod_files.c,v 1.83.2.3.2.1 2003/01/24 23:59:16 sas Exp $ */
#include "php.h"
@@ -73,9 +73,11 @@
for (p = key; (c = *p); p++) {
/* valid characters are a..z,A..Z,0..9 */
- if (!((c >= 'a' && c <= 'z') ||
- (c >= 'A' && c <= 'Z') ||
- (c >= '0' && c <= '9'))) {
+ if (!((c >= 'a' && c <= 'z')
+ || (c >= 'A' && c <= 'Z')
+ || (c >= '0' && c <= '9')
+ || c == ','
+ || c == '-')) {
ret = 0;
break;
}
@@ -142,7 +144,7 @@
ps_files_close(data);
if (!ps_files_valid_key(key)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id
contains illegal characters, valid characters are only a-z, A-Z and 0-9");
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id
+contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
return;
}
if (!ps_files_path_create(buf, sizeof(buf), data, key))
Index: php4/ext/session/php_session.h
diff -u php4/ext/session/php_session.h:1.84.2.1
php4/ext/session/php_session.h:1.84.2.1.2.1
--- php4/ext/session/php_session.h:1.84.2.1 Tue Dec 31 11:35:20 2002
+++ php4/ext/session/php_session.h Fri Jan 24 18:59:16 2003
@@ -118,6 +118,9 @@
zend_bool use_only_cookies;
zend_bool use_trans_sid; /* contains the INI value of whether to use
trans-sid */
zend_bool apply_trans_sid; /* whether or not to enable trans-sid for the
current request */
+
+ long hash_func;
+ long hash_bits_per_character;
} php_ps_globals;
typedef php_ps_globals zend_ps_globals;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
