Home arrow MySQL arrow Page 2 - Custom Session Management Using PHP and MySQL

PHP Session Handling Functions - MySQL

In this PHP programming tutorial, we will look at how to create and manage your own custom sessions using LAMP with MySQL and PHP as the session storage engine.

TABLE OF CONTENTS:
  1. Custom Session Management Using PHP and MySQL
  2. PHP Session Handling Functions
  3. Advanced PHP Session Techniques
By: ManiacDan
Rating: starstarstarstarstar / 3
May 10, 2011

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement


Now that we have the database table created, we need the session handling functions in PHP.  Using a CLASS to set the session would actually be the more correct solution, but there is a problem with using classes to handle session management.  The problem is, the write() function is called after the script finishes executing, which happens after the objects are already destroyed.  Using a database object or a session handling object would mean trying to solve the chicken-and-egg problem of how to use an object after it's been destroyed.  The PHP manual has tips on this problem, but to keep this article brief we'll be using standard functions in the global scope.  Note that this is generally considered a sloppy way to go about things.

<?php
 
/**
* Session Handling Functions using MySQL.
* simply include() this file at the top of any script you wish to use sessions in.
* As long as the table exists in the database, all sessions will be stored in that table.
* This file can be places onto multiple webservers running the same website and they will begin to share sessions between them.
*/


/**
* Open function is the constructor, it prepares the session connection
*
* @param string $savePath The storage location of the session. Unnecessary for our operations
* @param string $sessionId The ID of the session, unnecessary in the constructor for us
* @return bool
*/
function open( $savePath, $sessionID )
{
  // Declare a global session database connection.
  global $sessionDB;
  // Connect to the database
  $sessionDB = mysql_connect( HOST, USER, PASS );
  // If the connection was successful...
  if ( $sessionDB )
  {
    // Select the proper database
    mysql_select_db( DB, $sessionDB );
    // return true so PHP knows it's safe to continue using the session
    return true;
  }
  // If the connection failed, returning false from open() will prevent PHP from using the session since it's not working
  return false;
}
 
/**
* The close function destroys the open database connection.
*
* This function is unnecessary for our purposes, since open database connections are killed automatically by PHP at the end of scripts.
* However, to be explicit I'm including the proper contents here. Note that this function MUST EXIST, but could easily be empty.
*
* @return bool
*/
function close( )
{
  // Load the same global session database connection
  global $sessionDB;
  // destroy the database resource
  mysql_close( $sessionDB );
  // return true to indicate success
  return true;
}


/**
* The read function is what actually loads the session from the database.
*
* @param string $sessionID The 32-character session ID, from $_COOKIE['PHPSESSID']
* @return string
*/
function read( $sessionID )
{
  // Use the existing database connection created by open()
  global $sessionDB;
  // Build the SQL string to select the contents.
  // Even though this is a system function, you MUST use mysql_real_escape_string because $sessionID comes from a user's cookie and may be malicious
  $sql = 'SELECT contents FROM sessions WHERE id = "' . mysql_real_escape_string( $sessionID ) '"';
  //execute the query
  $rs = mysql_query( $sql, $sessionDB );
  //if the query succeeded...
  if ( $rs !== false )
  {
    // fetch the first (and only) row
    $row = mysql_fetch_array( $rs );
    // return the 'contents' field:
    return $row['contents'];
  }
  // if the query did not succeed, return an empty string (which will unserialize to an empty array for a new session)
  return '';
}

/**
* The write function writes the existing session data to the database AND UPDATES the most recent timestamp
*
* @param string $sessionID The 32-character session ID, from $_COOKIE['PHPSESSID']
* @param string $sessionData The serialized contents of the session
* @return bool
*/
function write( $sessionID, $sessionData )
{
  // Use the existing database connection created by open()
  global $sessionDB;
  // pre-format the variables for mysql since we use them twice:
  $sessionID = mysql_real_escape_string( $sessionID );
  $sessionData = mysql_real_escape_string( $sessionData );
 
  // Build the SQL statement.  Note that since we have the session ID set up as a primary key, we can use the INSERT ... ON DUPLICATE KEY UPDATE syntax:
  $sql = 'INSERT INTO sessions (id, contents, modify_date) VALUES ("' . $sessionId . '", "' . $sessionData . '", NOW() ) ' .
    'ON DUPLICATE KEY UPDATE contents = "' . $sessionData . '", modify_date = NOW()';
  // execute the query.  If successful, return true
  if ( mysql_query( $sql ) )
  {
    return true;
  }
  // query failed, return false:
  return false;
}

/**
* Destroys the session ID passed in whenever session_destroy() is called by your scripts
*
* @param string $sessionID The 32-character session ID, from $_COOKIE['PHPSESSID']
* @return bool
*/
function destroy( $sessionID )
{
  // Use the existing database connection created by open()
  global $sessionDB;
  // Build the SQL string to delete the contents.
  $sql = 'DELETE FROM sessions WHERE id = ' . mysql_real_escape_string( $sessionID );
  // execute the query.  If successful, return true
  if ( mysql_query( $sql ) )
  {
    return true;
  }
  // query failed, return false:
  return false;
}

/**
* Garbage collection happens at random, and destroys ALL sessions older than the lifetime passed in (in seconds)
*
* @param int $sessionMaxLifetime The maximum lifetime (in seconds) of sessions in your storage engine
* @return bool
*/
function garbageCollect( $sessionMaxLifetime )
{
  // Use the existing database connection created by open()
  global $sessionDB;
  // process sessionMaxLifetime, even though it should be trusted from php.ini
  $sessionMaxLifetime = intval( $sessionMaxLifetime );
  // Build the SQL string to delete the contents.
  $sql = 'DELETE FROM sessions WHERE modify_date < DATE_SUB( NOW(), INTERVAL ' . $sessionMaxLifetime . ' seconds )';
  // execute the query.  If successful, return true
  if ( mysql_query( $sql ) )
  {
    return true;
  }
  // query failed, return false:
  return false;
}


// once all the functions are delcared in the global scope, we can initiate the session handling in PHP:
session_set_save_handler( 'open', 'close', 'read', 'write', 'destroy', 'garbageCollect' );
session_start();





 
 
>>> More MySQL Articles          >>> More By ManiacDan
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

MYSQL ARTICLES

- Oracle Unveils MySQL 5.6
- MySQL Vulnerabilities Threaten Databases
- MySQL Cloud Options Expand with Google Cloud...
- MySQL 5.6 Prepped to Handle Demanding Web Use
- ScaleBase Service Virtualizes MySQL Databases
- Oracle Unveils MySQL Conversion Tools
- Akiban Opens Database Software for MySQL Use...
- Oracle Fixes MySQL Bug
- MySQL Databases Vulnerable to Password Hack
- MySQL: Overview of the ALTER TABLE Statement
- MySQL: How to Use the GRANT Statement
- MySQL: Creating, Listing, and Removing Datab...
- MySQL: Create, Show, and Describe Database T...
- MySQL Data and Table Types
- McAfee Releases Audit Plugin for MySQL Users

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: