function read($session_id)
{
// get the lock name, associated with the current session
$this->session_lock = $this->_mysql_real_escape_string('session_' . $session_id);
// try to obtain a lock with the given name and timeout
$result = $this->_mysql_query('SELECT GET_LOCK("' . $this->session_lock . '", ' . $this->_mysql_real_escape_string($this->lock_timeout) . ')');
// if there was an error
// stop execution
if (!is_object($result) || strtolower(get_class($result)) != 'mysqli_result' || @mysqli_num_rows($result) != 1 || !($row = mysqli_fetch_array($result)) || $row[0] != 1) {
die('Zebra_Session: Could not obtain session lock!');
}
// reads session data associated with a session id, but only if
// - the session ID exists;
// - the session has not expired;
// - if lock_to_user_agent is TRUE and the HTTP_USER_AGENT is the same as the one who had previously been associated with this particular session;
// - if lock_to_ip is TRUE and the host is the same as the one who had previously been associated with this particular session;
$hash = '';
// if we need to identify sessions by also checking the user agent
if ($this->lock_to_user_agent && isset($_SERVER['HTTP_USER_AGENT'])) {
$hash .= $_SERVER['HTTP_USER_AGENT'];
}
// if we need to identify sessions by also checking the host
if ($this->lock_to_ip && isset($_SERVER['REMOTE_ADDR'])) {
$hash .= $_SERVER['REMOTE_ADDR'];
}
// append this to the end
$hash .= $this->security_code;
$result = $this->_mysql_query('
SELECT
session_data
FROM
' . $this->table_name . '
WHERE
session_id = "' . $this->_mysql_real_escape_string($session_id) . '" AND
session_expire > "' . time() . '" AND
hash = "' . $this->_mysql_real_escape_string(md5($hash)) . '"
LIMIT 1
') or die($this->_mysql_error());
// if anything was found
if (is_object($result) && strtolower(get_class($result)) == 'mysqli_result' && @mysqli_num_rows($result) > 0) {
// return found data
$fields = @mysqli_fetch_assoc($result);
// don't bother with the unserialization - PHP handles this automatically
return $fields['session_data'];
}
$this->regenerate_id();
// on error return an empty string - this HAS to be an empty string
return '';
}