<?php
/* $Id$ */
namespace MCMS\Session;

(defined('MCMS') && (basename(__FILE__) != basename($_SERVER['PHP_SELF']))) or die('ACCESS DENIED');

/**
 * Default PHP implementation of the session interface.
 *
 * This implementation uses the default PHP session handling to store and fetch session
 * data.
 *
 * @author Stefan Daurer <s.daurer@q-spot.org>
 */
class PHPSession implements iSession {

	public function __construct() {
		if(session_id() == '')
			session_start();
			
			// prevent session stealing
		$key = sha1($_SERVER['HTTP_HOST'] . $_SERVER['HTTP_USER_AGENT']);
		if(!isset($_SESSION['key']))
			$_SESSION['key'] = $key;
		elseif($_SESSION['key'] != $key) {
			$oldId = session_id();
			session_destroy();
			unset($_SESSION);
			if(isset($_COOKIE[session_name()]))
				setcookie(session_name(), '', time() - 42000, '/');
		}
	}

	public function sessionId() {
		return session_id();
	}

	public function getSessionLifetime() {
		return ini_get('session.gc_maxlifetime');
	}

	public function put($page, $key, $value) {
		$_SESSION['p' . $page]['k' . $key] = $value;
	}

	public function get($page, $key, $default = NULL) {
		if(isset($_SESSION['p' . $page]['k' . $key]))
			return $_SESSION['p' . $page]['k' . $key];
		return $default;
	}

	public function clear($page, $key) {
		if(isset($_SESSION['p' . $page]['k' . $key]))
			unset($_SESSION['p' . $page]['k' . $key]);
	}

	public function destroy() {
		session_destroy();
	}

	public function __destruct() {
	}
}