Welcome, guest | Sign In | My Account | Store | Cart
<?PHP //Make sure there are no whitespaces before '<' on this line.
/* vim: set expandtab tabstop=4 shiftwidth=4: */
// +----------------------------------------------------------------------+
// | DB_eSession is a feature packed PHP class that stores session data   |
// | in a MySQL database rather than files. It is powerful, designed with |
// | security in mind, and yet easy to utilize. The code contains lots of |
// | comments, it comes with full documentation, and examples of how to   |
// | use the class including a basic authentication login/logout process. |
// | It includes member functions useful (to webmasters) for monitoring or|
// | viewing, deleting, and altering sessions validity like in the case of|
// | locking one or more sessions upon detection of unauthorized use.     |
// | This custom MySQL database session handler class might just be what  |
// | you're looking to implement on your web or intranet site. Enjoy it!  |
// |                                                                      |
// | This script has been created and released under the GNU GPL and is   |
// | free to use and redistribute only if this whole header comments and  |
// | copyright statement are not removed. Author gives no warranties. Use |
// | at your own risk. Read the copyright, disclaimer, and license.       |
// |                                                                      |
// | System Requirements: Any OS supporting a web server for PHP to run.  |
// | Requires PHP version 4.2.0 or higher, MySQL version 3.22.5 or later. |
// | libmcrypt ver 2.2.x or higher is optional for encryption/decryption. |
// | session.auto_start PHP setting needs to be off. Register_globals can |
// | be on or off.                                                        |
// |                                                                      |
// | Tested under PHP ver 4.3.2/4/5, MySQL version 4.0.15/18, mcrypt 2.4.x|
// |                                                                      |
// +----------------------------------------------------------------------+
// | DB_eSession, Copyright (c) 2004 Lawrence Osiris, All Rights Reserved |
// +----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation; either version 2 of the License, or    |
// | (at your option) any later version.                                  |
// |                                                                      |
// | This program is distributed in the hope that it will be useful,      |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of       |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        |
// | GNU General Public License for more details.                         |
// |                                                                      |
// | You should have received a copy of the GNU General Public License    |
// | along with this program; if not, write to the                        |
// |                                                                      |
// | Free Software Foundation, Inc.,                                      |
// | 59 Temple Place, Suite 330,                                          |
// | Boston, MA  02111-1307  USA                                          |
// |                                                                      |
// | Or you may obtain the license at http://www.gnu.org/copyleft/gpl.html|
// |                                                                      |
// +----------------------------------------------------------------------+
// | Author: Lawrence Osiris <code@dearneighbor.com>                      |
// | At web: http://www.code.dearneighbor.com                             |
// |                                                                      |
// | Silas Palmer from Australia, wrote the code in sessEncode and        |
// | sessDecode member functions. Code used with permission and under GNU |
// | GPL too. Web address: http://www.silaspalmer.com                     |
// |                                                                      |
// +----------------------------------------------------------------------+
// |                                                                      |
// |                      C H A N G E   L O G                             |
// |                      -------------------                             |
// |                                                                      |
// | DATE        VERSION  DESCRIPTION                                     |
// | ----------  -------  ----------------------------------------------- |
// | 05/05/2004   1.0.0   Initial code distribution to the general public |
// | 06/03/2004   1.0.1   sessDecode: removed substr() and added trim().  |
// | 08/08/2004   1.0.2   sessDecode: Initialized $_decoded variable.     |
// |                      _getSecID: Commented out HTTP_ACCEPT_ENCODING.  |
// +----------------------------------------------------------------------+


/**
 * DB_ESESSION_LOADED - For checking whether the class has been defined. You can
 * use DB_ESESSION_LOADED or class_exists().
 *
 * @access public
 * @global bool To indicate this class has been loaded (with an include or require)
 */
define('DB_ESESSION_LOADED', TRUE);


/**
 * @package    DB_eSession
 * @license    http://opensource.org/licenses/gpl-license.php GNU Public License
 * @author     Lawrence Osiris <code@dearneighbor.com>
 * @link       http://www.code.dearneighbor.com
 * @copyright  Copyright &copy; 2004, Lawrence Osiris
 * @version    $Version: 1.0.0$
 * @access     public
 */
class DB_eSession
{

    /**
     * @var    string $_ver This scripts version number
     * @access private
     */
    var $_ver = '1.0.0';


    /**
     * @var    string $_REQ_VER The minimum PHP version number this script
     *                          requires in order to execute successfully.
     * @access private
     */
    var $_REQ_VER = '4.2.0';


    /**
     * @var    string $_mysql_ver The current MySQL version number
     * @access private
     */
    var $_mysql_ver = NULL;


    /**
     * @var    int $_dbh The resource link to the session database
     * @access private
     */
    var $_dbh;


    /**
     * @var    array $_db Holds session database access and table info.
     * @access private
     */
    var $_db = array();


    /**
     * @var    array $_sess_opt Holds the session configuration option values
     * @access private
     */
    var $_sess_opt = array();


    /**
     * @var    string $_sess_name Holds the current session name.
     * @access private
     */
    var $_sess_name = NULL;


    /**
     * @var    int $_sess_ID_len Holds the character length of session ID.
     * @access private
     */
    var $_sess_ID_len;


    /**
     * @var    string $_DEFAULT_LANG What the default language code is
     * @access private
     */
    var $_DEFAULT_LANG;


    /**
     * @var    string $_CURRENT_LANG What the current language code in use is
     * @access private
     */
    var $_CURRENT_LANG;


    /**
     * @var    bool   $_stop_on_warn Whether to stop script on encountering a
     *                warning message. Set $_param['stop_on_warn'].
     * @access private
     */
    var $_stop_on_warn;


    /**
     * @var    string $_WRN_COLOR Contains font color for warning messages.
     * @access private
     */
    var $_WRN_COLOR;


    /**
     * @var    string $_WRN_SIZE Contains font size for warning messages.
     * @access private
     */
    var $_WRN_SIZE;


    /**
     * @var    array $_WRN_MSGS Contains warning message constants for ea. lang.
     * @access private
     */
    var $_WRN_MSGS;


    /**
     * @var    string $_warnings Contains any non-fatal warning messages
     * @access private
     */
    var $_warnings = NULL;


    /**
     * @var    bool   $_stop_on_error Whether to stop script on encountering an
     *                error message or not. Set $_param['stop_on_error'].
     * @access private
     */
    var $_stop_on_error;


    /**
     * @var    string $_ERR_COLOR Contains font color for error messages.
     * @access private
     */
    var $_ERR_COLOR;


    /**
     * @var    string $_ERR_SIZE Contains font size for error messages.
     * @access private
     */
    var $_ERR_SIZE;


    /**
     * @var    array $_ERR_MSGS Contains error message constants for ea. lang.
     * @access private
     */
    var $_ERR_MSGS;


    /**
     * @var    string $_errors Contains error messages encountered
     * @access private
     */
    var $_errors = NULL;


    /**
     * @var    bool $_DETAIL_ERR_MSGS Display detail errors/warnings or not.
     * @access private
     */
    var $_DETAIL_ERR_MSGS;


    /**
     * @var    int $_MIN_SESS_ID_LEN Holds the minimum session ID length (12)
     * @access private
     */
    var $_MIN_SESS_ID_LEN = 12;


    /**
     * @var    int $_MAX_SESS_ID_LEN Holds the maximum session ID length of 32
     * @access private
     */
    var $_MAX_SESS_ID_LEN = 32;


    /**
     * @var    int $_SESS_LIFE Holds the session life duration in seconds
     * @access private
     */
    var $_SESS_LIFE;


    /**
     * @var    int $_SESS_TIMEOUT Holds the absolute session life in seconds
     * @access private
     */
    var $_SESS_TIMEOUT;


    /**
     * @var    int $_SEC_LEVEL Holds a number designating session security level
     * @access private
     */
    var $_SEC_LEVEL;

    /**
     * @var    bool $_ENCRYPT A flag to turn on session encryption TRUE/FALSE
     * @access private
     */
    var $_ENCRYPT;


    /**
     * @var    bool $_ENCRYPT_KEY A value used in session encryption/decryption
     * @access private
     */
    var $_ENCRYPT_KEY;

    /**
     * @var    bool $_ENC_KEY_HASHED An md5 value of $_ENCRYPT_KEY for security.
     * @access private
     */
    var $_ENC_KEY_HASHED;


    /**
     * @var    bool $_MCRYPT A flag to indicate if mcrypt library installed
     * @access private
     */
    var $_MCRYPT;


    /**
     * @var    bool $_MCRYPT_LATEST A flag to indicate if it's a newer library
     * @access private
     */
    var $_MCRYPT_LATEST;


    /**
     * @var    string $_KEY_PREFIX A secret key used in prefixing MD5 hashes
     * @access private
     */
    var $_KEY_PREFIX;


    /**
     * @var    string $_KEY_SUFFIX A secret key used in suffixing MD5 hashes
     * @access private
     */
    var $_KEY_SUFFIX;


    /**
     * @var    string $_CONF_PSWD A confirmation password for delete and lock
     * @access private
     */
    var $_CONF_PSWD;


    /**
     * @var    bool $_MAGIC_QUOTES_GPC Determines if GET/POST/COOKIE data are
     *              slashed
     * @access private
     */
    var $_MAGIC_QUOTES_GPC;


    /**
     * @var    bool $_MAGIC_QUOTES_RUNTIME Determines if external source data is
     *              slashed after reads (like from a DB)
     * @access private
     */
    var $_MAGIC_QUOTES_RUNTIME;


    /**
     * @var    bool $_ARG_SEP Output argument separator. Usually '&'.
     * @access private
     */
    var $_ARG_SEP;


    /**
     * @var    bool $_SLASH_ANYWAY Forces addslashes to occur to session data
     * @access private
     */
    var $_SLASH_ANYWAY;


    /**
     * @var    bool $_STRIP_ANYWAY Forces stripslashes to occur to session data
     * @access private
     */
    var $_STRIP_ANYWAY;


    /**
     * @var    bool $_GC_DEL_LOCKED Garbage Collection delete locked session T/F
     * @access private
     */
    var $_GC_DEL_LOCKED;


    /**
     * DB_eSession - Constructor
     * You could change to always pass by reference like this: (&$_param)
     * Or you could leave as is, and pass by reference to save on memory, like
     * this: $sess = new DB_eSession(&$sess_param);
     *
     * @param  array $_param Various database and session setting options
     * @return obj   New instance of DB_eSession class
     * @access private
     */
    function DB_eSession($_param = array())
    {
        define('STOP', TRUE);

        /**
         * Check minimum PHP version number for script to work, and
         * produce error if it doesn't meet that requirement.
         * version_compare() requires PHP v4.1.0 to work but shouldn't
         * use here because current PHP might be less than that.
         */
        if (strcmp($this->_REQ_VER, PHP_VERSION) > 0) {

            $this->_errors = PHP_VERSION . ' < ' . $this->_REQ_VER . "\n";
            /**
             * Display error and stop execution regardless of _stop_on_error
             * setting.
             */
            $this->_handleErrors(STOP);     // Severe error - exit script

        }


        if (is_array($_param)) {
            $_not_array = NULL;

        } else {
            $_not_array = 'NOT_ARRAY';      // For producing a warning
            $_param = array();
        }


        /**
         * Set the default and current language codes for displaying error and
         * warning messages. Default is 'en' for English.
         */
        $this->_DEFAULT_LANG = isSet($_param['default_lang']) ?
                                     $_param['default_lang']  : 'en';


        $this->_CURRENT_LANG = isSet($_param['current_lang']) ?
                                     $_param['current_lang']  :
                                     isSet($_SERVER['HTTP_ACCEPT_LANGUAGE']) ?
                        substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2) : 'en';


        /**
         * Set $_param['stop_on_error'] => FALSE to not have this class
         * stop execution upon an error. This means you will handle the
         * error checking and displays in your script. Default is to stop
         * (TRUE). This is used as the initial setting. This can be turned
         * on and off at any time by using stopOnErrors() or endStopOnErrors().
         */
        $this->_stop_on_error = (bool) isSet($_param['stop_on_error']) ?
                                             $_param['stop_on_error']  : TRUE;

        /**
         * Set the font color for error messages (any valid HTML syntax)
         */
        $this->_ERR_COLOR = isSet($_param['error_color']) ?
                                  $_param['error_color']  : 'RED';

        /**
         * Set the font size for error messages (any valid HTML syntax)
         */
        $this->_ERR_SIZE  = isSet($_param['error_size'])  ?
                                  $_param['error_size']   : '+0';

        /**
         * Set $_param['stop_on_warn'] => TRUE to have this class
         * stop execution upon a warning. Default is not to stop (FALSE). This
         * is used as the initial setting. This can be turned on and off at any
         * time by using stopOnWarnings() or endStopOnWarnings().
         */
        $this->_stop_on_warn = (bool) isSet($_param['stop_on_warn']) ?
                                            $_param['stop_on_warn']  : FALSE;

        /**
         * Set the font color for warning messages (any valid HTML syntax)
         */
        $this->_WRN_COLOR = isSet($_param['warn_color']) ?
                                  $_param['warn_color']  : 'BLUE';

        /**
         * Set the font size for warning messages (any valid HTML syntax)
         */
        $this->_WRN_SIZE  = isSet($_param['warn_size'])  ?
                                  $_param['warn_size']   : '+0';

        /**
         * Set to TRUE to display SQL syntax and other values when displaying
         * errors or warning messages encountered. Default is FALSE for security
         * purposes. Turn on mostly when in development or testing your site,
         * but remember to turn it off for a production ready site.
         */
        $this->_DETAIL_ERR_MSGS = (bool) isSet($_param['detail_err_msgs']) ?
                                               $_param['detail_err_msgs']  :
                                               FALSE;


        /**
         * Set $_param['buffer'] => TRUE to have this class
         * execute the ob_start() command to start buffering the output.
         * You may want to use if you can't resolve the 'headers already sent'
         * warning message generated by PHP/this script. The ob_end_flush()
         * is called implicitly at the end of your script. It flushes out the
         * contents of the buffer to the browser, and destroys the current
         * output buffer.
         */
        $_buffer = (bool) isSet($_param['buffer']) ? $_param['buffer'] : FALSE;
        if ($_buffer)
            ob_start();


        /**
         * Set the path and filename of the file containing the errors array
         * constants. You can use relative (recommended) or absolute file paths.
         * For security, specify a filename without the '.php' because the
         * class will automatically add '.php' to the end. i.e. If you specify
         * 'errors.php' this class will try to locate a file called
         * 'errors.php.php'. So, just specify 'errors'. The default path is
         * the current directory (where your script is running from), but
         * but recommend to put the errors file off the web directory along
         * with this class.DB_eSession.php file.
         */
        $_errors_path = isSet($_param['errors_path']) ?
                              $_param['errors_path']  : './';


        $_errors_file = isSet($_param['errors_file']) ?
                              $_param['errors_file']  : 'errors.DB_eSession';

        $_filename = $_errors_path . $_errors_file . '.php';

        if (($this->pregMatches('/^[a-z0-9_.]+$/i', $_errors_file)) &&
            (file_exists($_filename))) {

            $_loaded = require_once($_filename);

        } else {

            $this->_errors = "xxxx --> " . $_filename . " <-- xxxx\n";
            $this->_handleErrors(STOP);     // Severe error - exit script
        }

        if ((0 === strcmp($_loaded, 'LOAD_OK')) &&
            (isSet($_ERR))  &&
            (isSet($_WRN))) {

            $this->_ERR_MSGS = $_ERR;
            $this->_WRN_MSGS = $_WRN;
            unset($_ERR, $_WRN);

        } else {

            $this->_errors = '$_ERR $_WRN xxxx --> ' . $_filename .
                              " <-- xxxx\n";
            $this->_handleErrors(STOP);     // Severe error - exit script
        }


        if (!empty($_not_array))
            // Warning: parameter passed to class is not an array
            $this->_setWrnMsg($_not_array);


        /**
         * Whether or not to encrypt/decrypt the WHOLE session data. This will
         * trigger the use of the mcrypt library or sessEncode/sessDecode.
         * This can be set on or off on the fly and it will work accordingly.
         * The default is off since encryption takes extra resources/time.
        */
        $this->_ENCRYPT = (bool) isSet($_param['encrypt']) ?
                                       $_param['encrypt']  : FALSE;

        /**
         * The key used to encrypt/decrypt individual field data or the whole
         * session data. Keep this key a secret (keep off the web directory).
         * Use readable characters and make at least 62 UNIQUE characters long.
         */
        $this->_ENCRYPT_KEY = isSet($_param['encrypt_key']) ?
                                    $_param['encrypt_key']  :
            "z1Mc6KRxAfNwZ0dGjY5qBXhtrPgJO7eCaUmHvQT3yW8nDsI2VkEpiS4blFoLu9";

        /**
         * Determine if libmcrypt is installed and if it's one of the
         * latest versions.
         */
        $this->_MCRYPT        = extension_loaded('mcrypt');
        $this->_MCRYPT_LATEST = FALSE;
        if ($this->_MCRYPT) {

            if (defined('MCRYPT_TRIPLEDES'))      // Only defined in >= 2.4.x
                $this->_MCRYPT_LATEST = TRUE;

            /**
             * The key field used to encrypt/decrypt using the mcrypt library.
             */
            $this->_ENC_KEY_HASHED = md5($this->_ENCRYPT_KEY);

            $this->_ENC_ALGO = isSet($_param['encrypt_cipher']) ?
                                     $_param['encrypt_cipher']  : MCRYPT_GOST;

            $_algo = mcrypt_list_algorithms();
            if (!in_array($this->_ENC_ALGO, $_algo)) {

                // Could not assign the encryption algorithm...
                $this->_setErrMsg('BAD_ALGO', NULL, $this->_ENC_ALGO);
                $this->_handleErrors();
                $this->_ENC_ALGO = NULL;
            }

            $this->_ENC_MODE = isSet($_param['encrypt_mode']) ?
                                     $_param['encrypt_mode']  : MCRYPT_MODE_CFB;

            $_modes = mcrypt_list_modes();
            if (!in_array($this->_ENC_MODE, $_modes)) {

                // Could not assign the encryption mode...
                $this->_setErrMsg('BAD_ENC_MODE', NULL, $this->_ENC_MODE);
                $this->_handleErrors();
                $this->_ENC_MODE = NULL;

            } else
            if (($this->_ENC_MODE != MCRYPT_MODE_ECB) &&
                ($this->_ENC_MODE != MCRYPT_MODE_CBC) &&
                ($this->_ENC_MODE != MCRYPT_MODE_CFB) &&
                ($this->_ENC_MODE != MCRYPT_MODE_OFB)) {

                // Could not assign the encryption mode...Use class supported
                $this->_setErrMsg('BAD_MODE_SUPP', NULL, $this->_ENC_MODE,
                                  'ECB, CBC, CFB, OFB.');
                $this->_handleErrors();
                $this->_ENC_MODE = NULL;
            }

        } else {

            $this->_ENC_KEY_HASHED = NULL;
            $this->_ENC_ALGO       = NULL;
            $this->_ENC_MODE       = NULL;
        }


        /**
         * As of PHP 4.2.0, there is no need to seed the random number
         * generator, however, we'll do it here for portability. This will be
         * needed for use with the encryption/decryption mcrypt routines and
         * generating of a new session ID.
         */
        mt_srand((double)microtime()*1000000);
        srand((double)microtime()*1000000);


        /**
         * See if MD5 hashing keys have been passed, otherwise set defaults.
         */
        $this->_KEY_PREFIX = isSet($_param['key_prefix']) ?
            $_param['key_prefix'] : 'O9R^3mp#i|34';

        $this->_KEY_SUFFIX = isSet($_param['key_suffix']) ?
            $_param['key_suffix'] : '+t97!u0K-2L5';

        /**
         * A password used to pass to the delete all session/lock functions as a
         * way to confirm the intent of modifying all rows in the sessions
         * table.
         */
        $this->_CONF_PSWD   = isSet($_param['confirm_pswd']) ?
            $_param['confirm_pswd'] : '!*CONFIRMED*!';


        /**
         * Database related variables with assigned default values when not set.
         * Assign these necessary fields to allow connection to the database.
         * Remember to give 'sess_user' access privileges to 'db_esessions'.
         * Make sure the password is correct (sess1234 is the default).
         */
        $this->_db['db_host']       =
            isSet($_param['db_host']) ? $_param['db_host'] : 'localhost';

        $this->_db['db_user']       =
            isSet($_param['db_user']) ? $_param['db_user'] : 'sess_user';

        $this->_db['db_pswd']       =
            isSet($_param['db_pswd']) ? $_param['db_pswd'] : 'sess1234';

        $this->_db['db_name']       =
            isSet($_param['db_name']) ? $_param['db_name'] : 'db_esessions';

        $this->_db['db_persistent'] =
            isSet($_param['db_persistent']) ?
                (bool) $_param['db_persistent'] : FALSE;

        $this->_db['db_resource']   =
            isSet($_param['db_resource']) ? $_param['db_resource'] : NULL;

        /**
         * Optionally supply a database resource link. This class will NOT
         * attempt to connect to MySQL and use the link instead.
         */
        if (is_resource($this->_db['db_resource']))
            $this->_dbh = $this->_db['db_resource'];
        else
            $this->_dbh = NULL;


        /**
         * Table related variables with assigned default values when not set.
         * Assign these necessary fields to allow connection to the 'sessions'
         * table. Specify what each column name is defined as in the table.
         */
        $this->_db['tb_name']       =
            isSet($_param['tb_name'])    ? $_param['tb_name']   : 'eSessions';

        $this->_db['tb_id_col']     =
            isSet($_param['tb_id_col'])  ? $_param['tb_id_col'] : 'sess_id';

        $this->_db['tb_sl_col']     =
            isSet($_param['tb_sl_col'])  ? $_param['tb_sl_col'] :
                'sess_sec_level';

        $this->_db['tb_cr_col']     =
            isSet($_param['tb_cr_col'])  ? $_param['tb_cr_col'] :
                'sess_created';

        $this->_db['tb_ex_col']     =
            isSet($_param['tb_ex_col'])  ? $_param['tb_ex_col'] : 'sess_expiry';

        $this->_db['tb_to_col']     =
            isSet($_param['tb_to_col'])  ? $_param['tb_to_col'] :
                'sess_timeout';

        $this->_db['tb_lk_col']     =
            isSet($_param['tb_lk_col'])  ? $_param['tb_lk_col'] : 'sess_locked';

        $this->_db['tb_vl_col']     =
            isSet($_param['tb_vl_col'])  ? $_param['tb_vl_col'] : 'sess_value';

        $this->_db['tb_iv_col']     =
            isSet($_param['tb_iv_col'])  ? $_param['tb_iv_col'] : 'sess_enc_iv';

        $this->_db['tb_si_col']     =
            isSet($_param['tb_si_col'])  ? $_param['tb_si_col'] : 'sess_sec_id';

        $this->_db['tb_tr_col']     =
            isSet($_param['tb_tr_col'])  ? $_param['tb_tr_col'] : 'sess_trace';


        /**
         * Set $_param['sess_id_len'] to be the length of the session ID.
         * Default of $this->_MAX_SESS_ID_LEN will be used.
         */
        $this->_sess_ID_len         = (int)
            isSet($_param['sess_id_len']) ? intval($_param['sess_id_len']) :
                                            $this->_MAX_SESS_ID_LEN;

        if ($this->_sess_ID_len < $this->_MIN_SESS_ID_LEN)
            $this->_sess_ID_len = $this->_MIN_SESS_ID_LEN;
        else
            if ($this->_sess_ID_len > $this->_MAX_SESS_ID_LEN)
                $this->_sess_ID_len = $this->_MAX_SESS_ID_LEN;

        /**
         * Set $_param['new_sid'] => TRUE to create a new session ID.
         * Default is FALSE. Takes effect before a session_start().
         * This can be set TRUE without setting $_param['sess_id'], in
         * which case, a session ID will be automatically generated.
         */
        $_new_sess_ID               = (bool)
            isSet($_param['new_sid']) ? $_param['new_sid'] : FALSE;

        /**
         * If desired, set $_param['sess_id'] to a valid custom session ID.
         * Works in conjunction with $_param['new_sid'] (must be set to TRUE).
         */
        $_sess_ID                   =
            isSet($_param['sess_id']) ? $_param['sess_id'] : NULL;

        if (!empty($_sess_ID)) {
            if (strlen($_sess_ID) != $this->_sess_ID_len) {

                // Warning: Custom session ID passed is not the right length
                $this->_setWrnMsg('SESS_LENGTH', NULL, $this->_sess_ID_len,
                                  $_param['sess_id']);

                $_sess_ID = NULL;

            } else
                if (!$this->pregMatches('/^[a-zA-Z0-9]+/', $_sess_ID)) {

                    // Warning: Custom session ID passed is invalid.
                    $this->_setWrnMsg('SESS_INVALID', NULL, $_param['sess_id']);

                    $_sess_ID = NULL;
                }
        }


        /**
         * Set $_param['ie_fix'] => TRUE (default) to send a header output to
         * fix the IE bug. See further comments below.
         */
        $_IE_fix                    = (bool)
            isSet($_param['ie_fix'])  ? $_param['ie_fix']  : TRUE;


        /**
         * When set to TRUE, locked session rows will be deleted right
         * away, regardless of their current expiry or timeout settings when
         * the Garbage Collection cleanup/delete function is invoked.
         */
        $this->_GC_DEL_LOCKED = (bool)
            isSet($_param['gc_del_locked']) ? $_param['gc_del_locked'] : FALSE;


        /**
         * Session Runtime Configurations. See:
         * http://us2.php.net/manual/en/ref.session.php
         *
         * Not all can be set or take effect outside of the php.ini
         * configuration file. Some options can be set at runtime without
         * an error produced, but have no effect. i.e. session.auto_start
         *
         * All session options are used here in case there is future support
         * to make option take effect at runtime. i.e. session.use_trans_sid
         *
         * When $_param['stop_on_warn'] is FALSE, check for warning messages
         * using warningsExist().
         */
        $this->_sess_opt['save_path'] =
            isSet($_param['save_path']) ? $_param['save_path'] : 'db_esessions';

        if (isSet($_param['name'])) {
            // Check to make sure name is only alphanumeric
            if (!$this->pregMatches('/^[a-zA-Z0-9]+/', $_param['name'])) {

                // Warning: Session configuration option session.name alpha
                $this->_setWrnMsg('NAME_INVALID', NULL, $_param['name']);

                $this->_sess_opt['name'] = 'eSESSION';

            } else {
                $this->_sess_opt['name'] = $_param['name'];
            }

        } else {

            $this->_sess_opt['name'] = 'eSESSION';
        }

        $this->_sess_opt['save_handler'] =
            isSet($_param['save_handler']) ? $_param['save_handler'] : 'user';

        if (isSet($_param['auto_start']))
            $this->_sess_opt['auto_start'] = (bool) $_param['auto_start'];

        if (isSet($_param['gc_probability']))
            $this->_sess_opt['gc_probability'] = (int)
                (0 == intval($_param['gc_probability'])) ?
                    10 : intval($_param['gc_probability']);

        if (isSet($_param['gc_divisor']))
            $this->_sess_opt['gc_divisor'] = (int)
                (0 == intval($_param['gc_divisor'])) ?
                    100 : intval($_param['gc_divisor']);

        /**
         * There maybe a bug with sessions lifetime under Windows and FAT32 in
         * PHP version 4.1.0/1/2. See: http://bugs.php.net/bug.php?id=14798
         */
        if (isSet($_param['gc_maxlifetime']))
            $this->_sess_opt['gc_maxlifetime'] =
               intval($_param['gc_maxlifetime']);

        if (isSet($_param['serialize_handler']))
            $this->_sess_opt['serialize_handler'] =
                $_param['serialize_handler'];

        if (isSet($_param['cookie_lifetime']))
            $this->_sess_opt['cookie_lifetime'] =
               intval($_param['cookie_lifetime']);

        if (isSet($_param['cookie_path']))
            $this->_sess_opt['cookie_path']   = $_param['cookie_path'];

        if (isSet($_param['cookie_domain']))
            $this->_sess_opt['cookie_domain'] = $_param['cookie_domain'];

        if (isSet($_param['cookie_secure'])) {
            $this->_sess_opt['cookie_secure'] = $_param['cookie_secure'];

            if ((0 === strcmp($this->_sess_opt['cookie_secure'], '1')) &&
                (!$this->secureConnection())) {

                // Warning: You are setting session.cookie_secure - not secure
                $this->_setWrnMsg('NOT_SECURE');

            }

        }

        if (isSet($_param['use_cookies']))
            $this->_sess_opt['use_cookies'] = (bool) $_param['use_cookies'];

        if ((isSet($_param['use_only_cookies'])) &&
            (version_compare(PHP_VERSION, '4.3.0', '>=')))
            $this->_sess_opt['use_only_cookies'] =
               (bool) $_param['use_only_cookies'];

        if (isSet($_param['referer_check']))
            $this->_sess_opt['referer_check'] = $_param['referer_check'];

        if (isSet($_param['entropy_file']))
            $this->_sess_opt['entropy_file'] = $_param['entropy_file'];

        if (isSet($_param['entropy_length']))
            $this->_sess_opt['entropy_length'] =
               intval($_param['entropy_length']);

        if (isSet($_param['cache_limiter']))
            $this->_sess_opt['cache_limiter'] = $_param['cache_limiter'];

        if (isSet($_param['cache_expire']))     // For PHP version >= 4.2.0
            $this->_sess_opt['cache_expire'] = intval($_param['cache_expire']);

        if (isSet($_param['bug_compat_42']))
            $this->_sess_opt['bug_compat_42'] = (bool) $_param['bug_compat_42'];

        if (isSet($_param['bug_compat_warn']))
            $this->_sess_opt['bug_compat_warn'] = (bool)
                $_param['bug_compat_warn'];

        if (version_compare(PHP_VERSION, '5.0.0', '>=')) {

           // session.use_trans_sid can be changed in a script from v5.0.0 on
           if (isSet($_param['use_trans_sid']))
               $this->_sess_opt['use_trans_sid'] = $_param['use_trans_sid'];

           if (isSet($_param['hash_function']))
               $this->_sess_opt['hash_function'] = $_param['hash_function'];

           if (isSet($_param['hash_bits_per_character']))
               $this->_sess_opt['hash_bits_per_character'] =
                   $_param['hash_bits_per_character'];
        }


        /**
         * Set session configuration options. Values will remain during the
         * script's execution, and will be restored at the script's ending.
         */
        foreach ($this->_sess_opt as $_key => $_value) {

            if (FALSE === $this->_setSessOption($_key, $_value))
                // Warning: Session configuration option ... not assigned
                $this->_setWrnMsg('SESS_OPTION', NULL, $_key, $_value);

        }

        /**
         * Support for url_rewriter.tags option since it relates to sessions.
         * Example: Like you might want to add the iframe=src to it, as in:
         * a=href,area=href,frame=src,iframe=src,form=,fieldset=,input=src
         */
        if (isSet($_param['tags'])) {
            if (FALSE === $this->_setSessOption('url_rewriter.tags',
                                                $_param['tags'],
                                                FALSE))
                // Warning: Configuration option [url_rewriter.tags] not assign
                $this->_setWrnMsg('URL_TAGS', NULL, $_param['tags']);

        }


        /**
         * Security Level: A numerical method to represent access authority for
         * current session/web page. The lower the number means the higher the
         * security clearance. In other words, security level 5 can only access
         * all level 5 or higher session/web pages, and nothing lower than 5.
         * Range 0-255. The default is 128. For administration or sensitive pages
         * use 0 (zero) or 1 (one) as a value. A security level can't be changed
         * after a session has been created. So, the first time the session
         * is created with a set security level, it dictates the access
         * authority for the rest of that active session.
         */
        $this->_SEC_LEVEL = isSet($_param['security_level']) ?
                                intval($_param['security_level']) : 128;


        /**
         * Get current setting of sessions life duration in seconds.
         * This is the number of seconds that is allowed to pass since
         * the last time the session data was accessed.
         * Otherwise, default it to 1440 seconds (24 minutes).
         */
        $this->_SESS_LIFE = intval(ini_get('session.gc_maxlifetime'));
        $this->_SESS_LIFE = (int) ($this->_SESS_LIFE < 1) ?
                                   1440 : $this->_SESS_LIFE;

        /**
         * Calculates maximum life of session in seconds. It's three times
         * the length of gc_maxlifetime (for the default). For example: if
         * gc_maxlifetime is 1440 seconds (24 minutes), then session
         * timeout maximum is set to 4320 seconds (72 minutes). The timeout
         * value can't be less than the gc_maxlifetime value.
         */
        if (isSet($_param['timeout'])) {
            $this->_SESS_TIMEOUT = (int)
                (intval($_param['timeout']) < $this->_SESS_LIFE) ?
                    $this->_SESS_LIFE * 3 : intval($_param['timeout']);
        } else {
            $this->_SESS_TIMEOUT = (int) $this->_SESS_LIFE * 3;
        }


        /**
         * Must not send any HTML output before session_start() is invoked.
         * Set a warning message if HTML headers have been sent to the browser.
         * Exception: ob_start() for buffering.
         */
        if (!$_buffer) {
            if (version_compare(PHP_VERSION, '4.3.0', '>=')) {
                $_filename = '';
                $_linenbr  = (int) 0;
                if (headers_sent($_filename, $_linenbr)) {
                    // Warning: HTTP headers already sent - with detail
                    $this->_setWrnMsg('HEADER_SENT_1', NULL, $_filename,
                                      $_linenbr);
                }

            } else
            if (headers_sent()) {
                // Warning: HTTP headers have already been sent - no detail
                $this->_setWrnMsg('HEADER_SENT_2');
            }
        }


        /**
         * Assign session storage tasks to methods in this class.
         */
        if (!session_set_save_handler(array(&$this, '_sessDBOpen'),
                                      array(&$this, '_sessDBClose'),
                                      array(&$this, '_sessDBRead'),
                                      array(&$this, '_sessDBWrite'),
                                      array(&$this, '_sessDBDestroy'),
                                      array(&$this, '_sessDBGC')
                                     )) {

            // execution of session_set_save_handler() failed
            $this->_setErrMsg('HANDLER_FAIL');
            $this->_handleErrors(STOP);     // Severe error - exit script

        }

        $this->_sess_name = session_name();


        /**
         * Set whether the magic quotes GPC that effects slashing quotes of
         * GET/POST/COOKIE data is set.
         */
        $this->_MAGIC_QUOTES_GPC = (bool) get_magic_quotes_gpc();


        /**
         * Set whether the magic quotes runtime that effects slashing quotes of
         * external data sources is set.
         */
        $this->_MAGIC_QUOTES_RUNTIME = (bool) get_magic_quotes_runtime();


        $this->_ARG_SEP = ('' == ini_get('arg_separator.output')) ? '&' :
                                 ini_get('arg_separator.output');


        /**
         * Set TRUE to force addslashes() to occur on session data regardless
         * of the magic quotes runtime option setting. Default is on (TRUE).
         * If you find that data has slashes incorrectly, then turn this off.
         */
        $this->_SLASH_ANYWAY = (bool) isSet($_param['slash_anyway']) ?
                                            $_param['slash_anyway']  : TRUE;

        /**
         * Set TRUE to force stripslashes() to occur on encrypted session data
         * regardless of the magic quotes runtime option setting. The default
         * is on (TRUE). If you find that data is saved incorrectly, then
         * turn this off.
         */
        $this->_STRIP_ANYWAY = (bool) isSet($_param['strip_anyway']) ?
                                            $_param['strip_anyway']  : TRUE;


        /**
         * Try and save the current session ID if one is defined already.
         */
        if (isSet($_COOKIE[$this->_sess_name]))
            $_sess_id_set = $_COOKIE[$this->_sess_name];
        else
        if (isSet($GLOBALS[$this->_sess_name]))
            $_sess_id_set = $GLOBALS[$this->_sess_name];
        else
            $_sess_id_set = NULL;


        /**
         * Create a new session ID when requested, or when the session ID length
         * is less than the standard maximum if a session hasn't been started
         * or created already ($_COOKIE or $GLOBALS[$this->_sess_name]).
         */
        if (($_new_sess_ID) ||
            (($this->_sess_ID_len < $this->_MAX_SESS_ID_LEN) &&
             (!isSet($_COOKIE[$this->_sess_name])) &&
             (!isSet($GLOBALS[$this->_sess_name])))) {
            $this->_setNewSessID($_sess_ID);
        }


        /**
         * When warning flag is set and there's warning messages, stop
         * execution here. No point in proceeding.
         */
        $this->_handleErrors();


        /**
         * By default this class will do a session_start(), however, you may
         * want to turn it off when using the maintenance type of functions.
         */
        $_do_sess_start = (bool) isSet($_param['session_start']) ?
                                       $_param['session_start']  : TRUE;

        /**
         * When session start is requested and $_SESSION doesn't exist, it
         * means that the auto start option is not on, and no session_start()
         * has been invoked yet. So, start a session. This is safer than
         * checking the 'session.auto_start' configuration setting with
         * ini_get(). Otherwise, just make a manual connection to the DB for
         * now (to make the maintenance type of member functions available for
         * use). You would then have to invoke the session_start() from within
        * your script (if desired). If the session is started in your script,
         * then another call to _sessDBOpen will be invoked but it will be
         * handled alright.
         */
        if (($_do_sess_start) &&
            (!isSet($_SESSION)))
            session_start();
        else
        if (!$_do_sess_start)
            $this->_sessDBOpen($this->_sess_opt['save_path'], $this->_sess_name);


        /**
         * If there was a previous session ID set and we now have a new one,
         * then delete the old session row right away without waiting for it to
         * expire first (for security reasons).
         */
        if (($_do_sess_start) &&
            (!empty($_sess_id_set))) {
            if (0 !== strcmp($_sess_id_set, session_id()))
                $this->deleteSession($_sess_id_set);
        }


        /**
         * There is a form bug in IE v6 while using PHP sessions which causes
         * the loss of filled-in information when returning to the form, after
         * already leaving the form page (by any means). A work around is to use
         * the HTTP 1.1 header "Cache-Control: private"
         */
        if ($_IE_fix)
            $this->sendCacheHeader('private');

    }   // End of DB_eSession Constructor



    /**
     * _formatFont - Formats the HTML font color and size attributes to the
     * text that's passed to it.
     *
     * @param  string $_text Text or the data to be enclosed in the font attr.
     * @param  string $_color The font color to use (any valid HTML syntax).
     * @param  string $_size The font size to use (any valid HTML syntax).
     * @return string Returns the text with the font and size attributes added.
     * @access private
     */
    function _formatFont($_text, $_color = 'BLACK', $_size = '+0')
    {
        if (empty($_color))
            $_color = 'BLACK';

        if (empty($_size))
            $_size  = '+0';

        return '<FONT COLOR="' . $_color . '"'  .
                     ' SIZE="' . $_size  . '">' .
                        $_text . '</FONT>';
    }


    /**
     * _setErrMsg - Sets an error message. Fills-in any passed values in order
     * to produce a formatted error message.
     *
     * @param  string $_errMsgKey Name of key to match against array of errors.
     * @param  string $_SQL The value of the last executed SQL command (if any).
     * @param  mixed  Pass one to many arguments to use as fill-in values for
     *                the error messages.
     * @return bool   Returns TRUE when error message set, or FALSE on failure.
     * @access private
     */
    function _setErrMsg ($_errMsgKey = '', $_SQL = NULL)
    {

        $_lang = $this->_CURRENT_LANG;

        if (!isSet($this->_ERR_MSGS[$_errMsgKey][$_lang])) {

            if (isSet($this->_ERR_MSGS[$_errMsgKey][$this->_DEFAULT_LANG])) {
                // Error message not found in current lang; switching to def.
                $_lang = $this->_DEFAULT_LANG;
            } else {
                // Could not find the supplied key of error message
                $this->_errors .= '$_ERR[\'' . $_errMsgKey . "']\n";
                return FALSE;
            }
        }

        if (@func_num_args() > 2) {     // Do we have extra argument values?

            $_arg = @func_get_args();

            array_shift($_arg);         // Remove $_errMsgKey value passed
            array_shift($_arg);         // Remove $_SQL value passed

            $_cnt = count($_arg);

            /**
             * Create a pattern for the number of arguments passed
             */
            $_patterns = str_repeat('/%s/i,', $_cnt);
            $_patterns = explode(',', $_patterns);
            array_pop($_patterns);      // Remove extra entry created by explode

            /**
             * When no detail requested, replace argument values with [xxx]
             */
            for ($i = 0; $i < $_cnt; $i++) {
                if ($this->_DETAIL_ERR_MSGS)
                    // Slash $ signs that's in the data for displaying correctly
                    $_arg[$i] = str_replace('$', '\$', $_arg[$i]);
                else
                    $_arg[$i] = '[xxx]';

            }

            /**
             * Replace the '%s' place holder with argument values passed
             * sprintf() doesn't allow array arguments.
             */
            $_err = @preg_replace($_patterns,
                                  $_arg,
                                  $this->_ERR_MSGS[$_errMsgKey][$_lang],
                                  1
                                 );

        } else {    // No extra arguments were passed

            $_err = $this->_ERR_MSGS[$_errMsgKey][$_lang];
        }

        if (!empty($_SQL)) {

            switch ($this->_DETAIL_ERR_MSGS) {

                case TRUE:

                    $_err .= "SQL: $_SQL\nErr # " .
                             @mysql_errno($this->_dbh) . ': '  .
                             @mysql_error($this->_dbh) . "\n";

                    break;

                default:

                    $_err .= "SQL Err # " .
                             @mysql_errno($this->_dbh) . ': '  .
                             @mysql_error($this->_dbh) . "\n";
            }

        }

        $this->_errors .= $_err;

        return TRUE;
    }


    /**
     * _setWrnMsg - Sets a warning message. Fills-in any passed values in order
     * to produce a formatted warning message.
     *
     * @param  string $_wrnMsgKey Name of key to match against array of warnings
     * @param  string $_SQL The value of the last executed SQL command (if any).
     * @param  mixed  Pass one to many arguments to use as fill-in values for
     *                the warning messages.
     * @return bool   Returns TRUE when warning message set, or FALSE on failure
     * @access private
     */
    function _setWrnMsg ($_wrnMsgKey = '', $_SQL = NULL)
    {

        $_lang = $this->_CURRENT_LANG;

        if (!isSet($this->_WRN_MSGS[$_wrnMsgKey][$_lang])) {

            if (isSet($this->_WRN_MSGS[$_wrnMsgKey][$this->_DEFAULT_LANG])) {
                // Warning message not found in current lang; switching to def.
                $_lang = $this->_DEFAULT_LANG;
            } else {
                // Could not find the supplied key of warning message
                $this->_warnings .= '$_WRN[\'' . $_wrnMsgKey . "']\n";
                return FALSE;
            }
        }

        if (@func_num_args() > 2) {     // Do we have extra argument values?

            $_arg = @func_get_args();

            array_shift($_arg);         // Remove $_wrnMsgKey value passed
            array_shift($_arg);         // Remove $_SQL value passed

            $_cnt = count($_arg);

            /**
             * Create a pattern for the number of arguments passed
             */
            $_patterns = str_repeat('/%s/i,', $_cnt);
            $_patterns = explode(',', $_patterns);
            array_pop($_patterns);      // Remove extra entry created by explode

            /**
             * When no detail requested, replace argument values with [xxx]
             */
            for ($i = 0; $i < $_cnt; $i++) {
                if ($this->_DETAIL_ERR_MSGS)
                    // Slash $ signs that's in the data for displaying correctly
                    $_arg[$i] = str_replace('$', '\$', $_arg[$i]);
                else
                    $_arg[$i] = '[xxx]';

            }

            /**
             * Replace the '%s' place holder with argument values passed
             * sprintf() doesn't allow array arguments.
             */
            $_wrn = @preg_replace($_patterns,
                                  $_arg,
                                  $this->_WRN_MSGS[$_wrnMsgKey][$_lang],
                                  1
                                 );

        } else {    // No extra arguments were passed

            $_wrn = $this->_WRN_MSGS[$_wrnMsgKey][$_lang];
        }

        if (!empty($_SQL)) {

            switch ($this->_DETAIL_ERR_MSGS) {

                case TRUE:

                    $_wrn .= "SQL: $_SQL\nErr # " .
                             @mysql_errno($this->_dbh) . ': '  .
                             @mysql_error($this->_dbh) . "\n";

                    break;

                default:

                    $_wrn .= "SQL Err # " .
                             @mysql_errno($this->_dbh) . ': '  .
                             @mysql_error($this->_dbh) . "\n";
            }

        }

        $this->_warnings .= $_wrn;

        return TRUE;
    }


    /**
     * _handleErrors - Detects if errors have occurred and ends the script when
     * the flag is set to stop. Errors are always displayed before warnings.
     *
     * @param  bool   $_stop Flags whether to stop script anyway (on severe
     *                errors.
     * @return bool   Always returns TRUE.
     * @access private
     */
    function _handleErrors($_stop = FALSE)
    {

        if (($this->warningsExist()) &&
            ($this->_stop_on_warn))  {

             if ($this->errorsExist())
                 echo $this->getErrors($this->_ERR_COLOR, $this->_ERR_SIZE);

             echo $this->getWarnings($this->_WRN_COLOR, $this->_WRN_SIZE);

            exit;
        }

        if (($this->errorsExist()) &&
            ($this->_stop_on_error)) {

            echo $this->getErrors($this->_ERR_COLOR, $this->_ERR_SIZE);

            if ($this->warningsExist())
                echo $this->getWarnings($this->_WRN_COLOR, $this->_WRN_SIZE);

            exit;
        }

        if (!is_bool($_stop))
            $_stop = FALSE;

        if ($_stop) {

            if ($this->errorsExist())
                echo $this->getErrors($this->_ERR_COLOR, $this->_ERR_SIZE);

            if ($this->warningsExist())
                echo $this->getWarnings($this->_WRN_COLOR, $this->_WRN_SIZE);

            exit;
        }

        return TRUE;
    }


    /**
     * _setSessOption - Sets the value of the given session configuration option
     *
     * @param  string $_config_option Session related configuration option
     * @param  mixed  $_value The value to assign the configuration option
     * @param  bool   $_check_sess Flags whether to verify 'session.' exists
     * @return mixed  Returns the old value on success, FALSE on failure.
     * @access private
     */
    function _setSessOption($_config_option, $_value, $_check_sess = TRUE)
    {

        $_config_option = trim($_config_option);

        if (empty($_config_option)) {

            return FALSE;

        } else {

            // When TRUE, check to see if 'session.' is included
            if ($_check_sess) {
                // Add 'session.' if not included in $_config_option
                if (0 !== strpos(strtolower($_config_option), 'session.'))
                    $_config_option = 'session.' . $_config_option;

            }

            return ini_set($_config_option, $_value);

        }
    }


    /**
     * _genString - Generates random characters from 1 to 32 in length.
     * 32 characters is the default when length not specified.
     *
     * @param  int    $_length The number of characters to generate.
     * @return string Returns a string of the requested number of characters.
     * @access private
     */
    function _genString($_length = 0)
    {

        $_length = intval($_length);

        if (($_length < 1) ||
            ($_length > $this->_MAX_SESS_ID_LEN))
             $_length = $this->_MAX_SESS_ID_LEN;

        /**
         * Random number seeding already performed in constructor.
         */
        $_string = md5(uniqid(mt_rand(), TRUE));

        return substr($_string, 0, $_length);

    }


    /**
     * _setNewSessID - Creates and sets a new session ID.
     * This is called before session_start() and before any output to the
     * browser.
     *
     *   Note: It's possible if you have PHP version 4.3.2 or higher and are
     *         using the default maximum session length (32), to call
     *         this member function, without an argument, & no output sent
     *         to the browser, after a session_start() has been executed.
     *         That will invoke session_regenerate_id(), which seems to work
     *         correctly (member could have been made public for that reason).
     *         If session_start() has been executed already, then doing
     *         session_id('somevalue') will NOT change the session ID properly.
     *         It's less problematic to keep as a private method (and call
     *         before a session_start()).
     *
     * @param  string $_sess_id An optional session ID to use (of _sess_ID_len)
     * @return string Returns the new session ID.
     * @access private
     */
    function _setNewSessID($_sess_id = NULL)
    {

        global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;

        $_continue = TRUE;

        /**
         * If supplied with a session ID, validate it and use it when it's good.
         */
        if (strlen($_sess_id) == $this->_sess_ID_len) {
            if (!$this->pregMatches('/^[a-zA-Z0-9]+/', $_sess_id)) {
                // Warning: Custom session ID passed is invalid.
                $this->_setWrnMsg('SESS_INVALID', NULL, $_sess_id);

                $this->_handleErrors();

                // Ignoring value and assigning a new session ID.
                $this->_setWrnMsg('NEW_SESS_ID');

            } else {

                session_id($_sess_id);

                $_continue = FALSE;

            }

        }


        /**
         * Use session_regenerate_id() when the session ID length desired is the
         * same as the maximum allowed, because it generates the maximum length.
         * It is only available in PHP version 4.3.2 or higher. As of PHP 4.3.3,
         * if session cookies are enabled, use of session_regenerate_id() is
         * supposed to submit a new session cookie with the new session id.
         */
        if (($_continue) &&
            ($this->_sess_ID_len == $this->_MAX_SESS_ID_LEN) &&
            (version_compare(PHP_VERSION, '4.3.2', '>='))) {
            if (session_regenerate_id()) {

                $_sess_id  = session_id();

                $_continue = FALSE;

            }

        }


        if ($_continue) {

            $_sess_id = $this->_genString($this->_sess_ID_len);

            session_id($_sess_id);
        }

        // To be safe set...
        if (isSet($_REQUEST[$this->_sess_name]))
            $_REQUEST[$this->_sess_name] = $_sess_id;

        if (isSet($_GET[$this->_sess_name]))
            $_GET[$this->_sess_name] = $_sess_id;

        if (isSet($HTTP_GET_VARS[$this->_sess_name]))
            $HTTP_GET_VARS[$this->_sess_name] = $_sess_id;

        if (isSet($_POST[$this->_sess_name]))
            $_POST[$this->_sess_name] = $_sess_id;

        if (isSet($HTTP_POST_VARS[$this->_sess_name]))
            $HTTP_POST_VARS[$this->_sess_name] = $_sess_id;

        if (isSet($_COOKIE[$this->_sess_name]))
            $_COOKIE[$this->_sess_name]  = $_sess_id;

        // May not actually change until next refresh
        if (isSet($HTTP_COOKIE_VARS[$this->_sess_name]))
            $HTTP_COOKIE_VARS[$this->_sess_name] = $_sess_id;

        if (isSet($GLOBALS[$this->_sess_name]))
            $GLOBALS[$this->_sess_name] = $_sess_id;

        return $_sess_id;
    }


    /**
     * _getSecID - Creates an MD5 of a users trace information. Used to verify
     * session belongs to same user. Not full-proof but adequate.
     * Note: Not using HTTP_ACCEPT since results are inconsistent in IE6.
     *
     * @return string  An MD5 hash of secret keys plus server collected data.
     * @access private
     */
    function _getSecID()
    {

        $_type_used = NULL;
        $_IP = $this->getIPAddr($_type_used);

        $_agent    = isSet($_SERVER['HTTP_USER_AGENT']) ?
                           $_SERVER['HTTP_USER_AGENT']  : 'NO USER AGENT';

/* Rev 1.0.2: Found IE 6 to not return consistent results (under HTTPS)
        $_encoding = isSet($_SERVER['HTTP_ACCEPT_ENCODING']) ?
                           $_SERVER['HTTP_ACCEPT_ENCODING']  : 'NO ENCODING';
*/
        return md5($this->_KEY_PREFIX  .
                   $_IP                .
                   $_type_used         .
                   $_agent             .
//***              $_encoding          .    Rev 1.0.2: Found as unreliable
                   $this->_KEY_SUFFIX
                  );

    }


    /**
     * _getSessTrace - Creates a concatenated string of users trace information.
     * Used for tracing IP in case of unauthorized intruder. Not using secret
     * key here, or in the same order as session security ID. MySQL will
     * truncate at INSERT if character length is longer than column limit.
     * The '~' is used as a delimiter.
     *
     * @return string  A non-hash of server collected data used for tracing.
     * @access private
     */
    function _getSessTrace()
    {

        $_type_used = NULL;
        $_IP = $this->getIPAddr($_type_used);

        $_agent    = isSet($_SERVER['HTTP_USER_AGENT']) ?
                           $_SERVER['HTTP_USER_AGENT']  : 'NO USER AGENT';

        $_accept   = isSet($_SERVER['HTTP_ACCEPT']) ?
                           $_SERVER['HTTP_ACCEPT']  : 'NO ACCEPT';

        $_encoding = isSet($_SERVER['HTTP_ACCEPT_ENCODING']) ?
                           $_SERVER['HTTP_ACCEPT_ENCODING']  : 'NO ENCODING';

        return ($_type_used  . '~' .
                $_IP         . '~' .
                $_agent      . '~' .
                $_accept     . '~' .
                $_encoding
               );

    }


    /**
     * _sessDBOpen - Connects and selects the database.
     *
     * @param  string $_save_path Session save location path.
     * @param  string $_session_name Alphanumeric session name (used in URL's).
     * @return bool   TRUE on good connection and select of DB, FALSE on errors.
     * @access private
     */
    function _sessDBOpen($_save_path, $_session_name)
    {

        // Override _sess_name with what PHP thinks is the session name.
        $this->_sess_name = $_session_name;

        /**
         * When no resource link initially supplied, connect to database.
         */
       if (!is_resource($this->_dbh)) {
            if ($this->_db['db_persistent']) {
                $this->_dbh = @mysql_pconnect($this->_db['db_host'],
                                              $this->_db['db_user'],
                                              $this->_db['db_pswd']
                                             );
            } else {
                $this->_dbh = @mysql_connect ($this->_db['db_host'],
                                              $this->_db['db_user'],
                                              $this->_db['db_pswd']
                                             );
            }
        }

        if (!$this->_dbh)

            // Connection to MySQL server failed
            $this->_setErrMsg('CONNECT_FAIL');     // No error code available
        else {
            $_db_select = @mysql_select_db($this->_db['db_name'], $this->_dbh);

            if (!$_db_select)
                // Could not select MySQL database
                $this->_setErrMsg('SELECTDB_FAIL', 'mysql_select_db',
                                  $this->_db['db_name']);
        }


        $this->_handleErrors();


        if ((!$this->_dbh) ||
            (!$_db_select)) {

            return (bool) FALSE;

        } else {

            $this->_mysql_ver = @mysql_get_server_info($this->_dbh);
            return (bool) TRUE;
        }
    }


    /**
     * _sessDBClose - Closes the connection to the database for non-persistent
     *                connections.
     *
     * @return bool   Always returns TRUE.
     * @access private
     */
    function _sessDBClose()
    {

        if ((!$this->_db['db_persistent']) &&
            (is_resource($this->_dbh)))
            if (!@mysql_close($this->_dbh))
                // Warning: Could not close MySQL database
                $this->_setWrnMsg('CLOSEDB_FAIL', 'mysql_close',
                                  $this->_db['db_name']);

        $this->_handleErrors();

        return (bool) TRUE;
    }


    /**
     * _sessDBRead - Retrieves session data from the table. If encrypted, the
     * data will automatically be decrypted before returning the value back.
     *
     * @param  string $_sess_id Session ID of the row to retrieve.
     * @return string The session data is returned or an empty string on error.
     * @access private
     */
    function _sessDBRead($_sess_id)
    {

        $_time      = time();
        $_sec_level = $this->_SEC_LEVEL;
        $_sec_ID    = $this->_getSecID();

        $_sql  = 'SELECT '    . $this->_db['tb_vl_col']  .
                         ', ' . $this->_db['tb_iv_col']  .
                 '  FROM '  . $this->_db['tb_name']    .
                 ' WHERE (' . $this->_db['tb_id_col']  . " = '$_sess_id')" .
                 '   AND (' . $this->_db['tb_sl_col']  . " <= '$_sec_level')" .
                 '   AND (' . $this->_db['tb_ex_col']  . " > '$_time')" .
                 '   AND (' . $this->_db['tb_to_col']  . " > '$_time')" .
                 '   AND (' . $this->_db['tb_lk_col']  . " = '0')" .
                 '   AND (' . $this->_db['tb_si_col']  . " = '$_sec_ID')";

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {

            // Main select/read query failed. Could not read session data
            $this->_setErrMsg('READ_FAILED', $_sql, $_sess_id);

            $this->_handleErrors();

            return (string) ''; // Return empty string on error

        } else {

            $_row = @mysql_fetch_assoc($_result);

            if (!$_row) {

                return (string) ''; // No data found, return an empty string

            } else {

                $_row[$this->_db['tb_vl_col']] =
                    isSet($_row[$this->_db['tb_vl_col']]) ?
                          $_row[$this->_db['tb_vl_col']]  : '';

                $_row[$this->_db['tb_iv_col']] =
                    isSet($_row[$this->_db['tb_iv_col']]) ?
                          $_row[$this->_db['tb_iv_col']]  : '';

                if ($this->_MAGIC_QUOTES_RUNTIME) {
                    $_row[$this->_db['tb_vl_col']] =
                        stripslashes($_row[$this->_db['tb_vl_col']]);

                    $_row[$this->_db['tb_iv_col']] =
                        stripslashes($_row[$this->_db['tb_iv_col']]);
                }

                /**
                 * Decrypt the data if it was encrypted
                 */
                if ((!empty($_row[$this->_db['tb_iv_col']])) &&
                    (!empty($_row[$this->_db['tb_vl_col']]))) {

                    $_row[$this->_db['tb_vl_col']] =
                        $this->sessDecrypt($_row[$this->_db['tb_vl_col']],
                                           $_row[$this->_db['tb_iv_col']],
                                           TRUE);
                }
                                      // When invoked, did decrypt fail?
                return (string) (FALSE === $_row[$this->_db['tb_vl_col']]) ?
                                 '' : $_row[$this->_db['tb_vl_col']];

            }
        }
    }


    /**
     * _sessDBWrite - Inserts or updates session data to the table.
     *
     * @param  string $_sess_id Session ID which is used as the primary key.
     * @param  string $_sess_data Session data to save in the database.
     * @return bool   TRUE on a successful Insert/Update, and FALSE on error.
     * @access private
     */
    function _sessDBWrite($_sess_id, $_sess_data)
    {

        $_time      = time();
        $_expiry    = $_time + $this->_SESS_LIFE;
        $_timeout   = $_time + $this->_SESS_TIMEOUT;
        $_sec_level = $this->_SEC_LEVEL;
        $_sec_ID    = $this->_getSecID();
        $_trace     = addslashes($this->_getSessTrace());
        $_enc_iv    = '';

        /**
         * Encrypt the whole session data when flag is set to TRUE.
         */
        if ($this->_ENCRYPT) {

            /**
             * When magic quotes GPC option is on or strip anyway option
             * is on, strip session data before encrypting. We don't need
             * the slashes when encrypting because the data value will change.
             */
            if (($this->_MAGIC_QUOTES_GPC) ||
                ($this->_STRIP_ANYWAY))
                $_sess_data = stripslashes($_sess_data);

            $_sess_data = $this->sessEncrypt($_sess_data, $_enc_iv, TRUE);
        }

        /**
         * When magic quotes GPC option is off or slash anyway option
         * is on, slash quotes in session data and encryption IV.
         */
        if ((!$this->_MAGIC_QUOTES_GPC) ||
            ($this->_SLASH_ANYWAY)) {

            $_sess_data = addslashes($_sess_data);
            $_enc_iv    = addslashes($_enc_iv);
        }

        $_sql = 'INSERT INTO ' . $this->_db['tb_name']     .
                          ' (' . $this->_db['tb_id_col']   .
                          ', ' . $this->_db['tb_sl_col']   .
                          ', ' . $this->_db['tb_cr_col']   .
                          ', ' . $this->_db['tb_ex_col']   .
                          ', ' . $this->_db['tb_to_col']   .
                          ', ' . $this->_db['tb_lk_col']   .
                          ', ' . $this->_db['tb_vl_col']   .
                          ', ' . $this->_db['tb_iv_col']   .
                          ', ' . $this->_db['tb_si_col']   .
                          ', ' . $this->_db['tb_tr_col']   .
                  ') VALUES (' .
                               "'$_sess_id'"   .
                             ", '$_sec_level'" .
                             ", '$_time'"      .
                             ", '$_expiry'"    .
                             ", '$_timeout'"   .
                             ", '0'"           .
                             ", '$_sess_data'" .
                             ", '$_enc_iv'"    .
                             ", '$_sec_ID'"    .
                             ", '$_trace'"     .
                            ')';

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {

            $_errno = @mysql_errno($this->_dbh);

            if ((1062 == $_errno) ||    // ER_DUP_ENTRY
                (1022 == $_errno)) {    // ER_DUP_KEY

                $_sql = 'UPDATE ' . $this->_db['tb_name']     .
                          ' SET '                             .
                                    $this->_db['tb_ex_col']   .
                                    "='$_expiry'"             .
                             ', ' . $this->_db['tb_vl_col']   .
                                    "='$_sess_data'"          .
                             ', ' . $this->_db['tb_iv_col']   .
                                    "='$_enc_iv'"             .
                        ' WHERE ('. $this->_db['tb_id_col']   .
                                    " = '$_sess_id')"         .
                        '   AND ('. $this->_db['tb_cr_col']   .
                                    " < '$_time')"            .
                        '   AND ('. $this->_db['tb_sl_col']   .
                                    " <= '$_sec_level')"      .
                        '   AND ('. $this->_db['tb_ex_col']   .
                                    " > '$_time')"            .
                        '   AND ('. $this->_db['tb_to_col']   .
                                    " > '$_time')"            .
                        '   AND ('. $this->_db['tb_lk_col']   .
                                    " = '0')"                 .
                        '   AND ('. $this->_db['tb_si_col']   .
                                    " = '$_sec_ID')";

                $_result = @mysql_query($_sql, $this->_dbh);

                if (!$_result) {

                    // Update failed. Could not update session data
                    $this->_setErrMsg('UPDATE_FAILED', $_sql, $_sess_id);

                }

            } else {

                // Insert failed. Could not insert session data
                $this->_setErrMsg('INSERT_FAILED', $_sql, $_sess_id);

                if (1064 == $_errno) {  // ER_PARSE_ERROR
                    // Data may contain single quotes without backslashes
                    $this->_setErrMsg('PARSE_ERROR', $_sql);

                    if (($this->_MAGIC_QUOTES_GPC) &&
                        (!$this->_SLASH_ANYWAY)) {

                        // Recommend to turn on param['slash_anyway'] to TRUE
                        $this->_setErrMsg('RECOMD_SLASH');

                    }
                }

            }
        }

        $this->_handleErrors();

        return (bool) $_result;
    }


    /**
     * _sessDBDestroy - Deletes session data from the table. Automatically
     *                  executed when session_destroy() is executed.
     *
     * @param  string  $_sess_id Session ID of the row to delete.
     * @return bool    TRUE on a successful delete, and FALSE on error.
     * @access private
     */
    function _sessDBDestroy($_sess_id)
    {

        global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;


        $_sql = 'DELETE FROM ' . $this->_db['tb_name'] .
                     ' WHERE ' . $this->_db['tb_id_col']  .
                                 " = '$_sess_id'";

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {
            // Destroy failed. Could not delete session data
            $this->_setErrMsg('DESTROY_FAIL', $_sql, $_sess_id);
            $this->_handleErrors();
        }


        session_unset();

        // To be safe remove...
        if (isSet($_REQUEST[$this->_sess_name]))
            unset($_REQUEST[$this->_sess_name]);

        if (isSet($_GET[$this->_sess_name]))
            unset($_GET[$this->_sess_name]);

        if (isSet($HTTP_GET_VARS[$this->_sess_name]))
            unset($HTTP_GET_VARS[$this->_sess_name]);

        if (isSet($_POST[$this->_sess_name]))
            unset($_POST[$this->_sess_name]);

        if (isSet($HTTP_POST_VARS[$this->_sess_name]))
            unset($HTTP_POST_VARS[$this->_sess_name]);

        if (isSet($_COOKIE[$this->_sess_name]))
            unset($_COOKIE[$this->_sess_name]);

        if (isSet($HTTP_COOKIE_VARS[$this->_sess_name]))
            unset($HTTP_COOKIE_VARS[$this->_sess_name]);

        if (isSet($GLOBALS[$this->_sess_name]))
            unset($GLOBALS[$this->_sess_name]);

        return (bool) $_result;
    }


    /**
     * _sessDBGC - Deletes expired session data from the table. It deletes
    *             sessions that expire by inactivity timeout, absolute
     *             timeout, or that are flagged as locked.
     *
     * @param  int    $_maxlifetime Session's life setting in seconds.
     * @return bool   TRUE on successful deletes, and FALSE on error.
     * @access private
     */
    function _sessDBGC($_maxlifetime)
    {

        $_time = time();

        $_sql = 'DELETE FROM ' . $this->_db['tb_name'] .
                     ' WHERE ' .
                               '(' . $this->_db['tb_ex_col'] .
                               " < '" . ($_time - $_maxlifetime) . "')" .
                               ' OR ' .
                               '(' . $this->_db['tb_to_col'] . " < '$_time')";

        if ($this->_GC_DEL_LOCKED) {
            $_sql .=           ' OR ' .
                               '(' . $this->_db['tb_lk_col'] . " = '1')";
        }

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {
            // Delete failed during garbage collection/cleanup
            $this->_setErrMsg('GARBAGE_FAIL', $_sql);
            $this->_handleErrors();
        }

        return (bool) $_result;
    }



    /***************************************************************************
     *
     * Start of Public Member Functions
     *
     ***************************************************************************/



    /**
     * getDBResource - Returns the current established MySQL resource link.
     * It can be used in your script to access other tables/databases.
     *
     * @return resource Returns a MySQL resource link identifier.
     * @access public
     */
    function getDBResource()
    {
        return $this->_dbh;
    }


    /**
     * getSessInfo - This will return column information for the session ID
     * passed. The current session ID is used when no session ID is passed.
     * It returns an associative array with the table column names as the key.
     * The session data value, and encryption IV column values are returned
     * only when a confirm password is passed. If the session value is
     * encrypted, it will automatically be decrypted, however the session
     * value data will be raw (in serialized format).
     * The other columns retrieved are useful for determining when a session
     * was created/started and when it will expire.
     * If $_full_exp is FALSE, only the session ID is used to retrieve the row.
     *
     * The trace column can be split into individual values. For example:
     * $fields = $sess->getSessInfo();
     * $arr = explode('~', $fields['sess_trace']); // $arr[1] is IP Address
     *
     * You can use PHP's getdate() function to convert the columns that contain
     * epoch values (such as session created, expiry, and timeout).
     * @link   http://us4.php.net/manual/en/function.getdate.php
     *
     * @param  string $_sess_id The session ID to look for (default is current)
     * @param  bool   $_full_exp Use the full expression in the WHERE clause.
     *                Only used when the session ID is the active one (TRUE def)
     * @param  string $_confirmation_pswd Pass to retrieve raw session value.
     * @return mixed  Returns an assoc. array of data or FALSE on error/no data.
     * @access public
     */
    function getSessInfo($_sess_id = NULL,
                         $_full_exp = TRUE,
                         $_confirmation_pswd = NULL)
    {

        $_sess_id = empty($_sess_id) ? session_id() : $_sess_id;

        /**
         * Verify that raw session value is requested to be retrieved as well
         * by checking the passed password against the confirm password
         * defined in _param['confirm_pswd']
         */
        $_pswd_valid = (0 === strcmp($_confirmation_pswd, $this->_CONF_PSWD)) ?
                        TRUE : FALSE;

        $_sql  = 'SELECT '    . $this->_db['tb_id_col'] .
                         ', ' . $this->_db['tb_sl_col'] .
                         ', ' . $this->_db['tb_cr_col'] .
                         ', ' . $this->_db['tb_ex_col'] .
                         ', ' . $this->_db['tb_to_col'] .
                         ', ' . $this->_db['tb_lk_col'] .
                         ', ' . $this->_db['tb_si_col'] .
                         ', ' . $this->_db['tb_tr_col'];

        if ($_pswd_valid)
            $_sql  .=    ', ' . $this->_db['tb_vl_col'] .
                         ', ' . $this->_db['tb_iv_col'];

        $_sql .= '  FROM '  . $this->_db['tb_name']     .
                 ' WHERE (' . $this->_db['tb_id_col']   . " = '$_sess_id')";

        /**
         * When requested to use full search expressions and the session ID is
         * the same as the current active session ID, use all the rest of the
         * search criteria/fields.
         */
        if (($_full_exp) &&
            (0 === strcmp($_sess_id, session_id()))) {

            $_time      = time();
            $_sec_level = $this->_SEC_LEVEL;
            $_sec_ID    = $this->_getSecID();

            $_sql      .=
                 ' AND (' . $this->_db['tb_sl_col'] . " <= '$_sec_level')" .
                 ' AND (' . $this->_db['tb_ex_col'] . " > '$_time')" .
                 ' AND (' . $this->_db['tb_to_col'] . " > '$_time')" .
                 ' AND (' . $this->_db['tb_lk_col'] . " = '0')" .
                 ' AND (' . $this->_db['tb_si_col'] . " = '$_sec_ID')";

        }

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {

            // Session info. query failed. Could not read session data
            $this->_setErrMsg('INFO_FAIL', $_sql, $_sess_id);
            $this->_handleErrors();

            return FALSE;

        } else {

            $_row = @mysql_fetch_assoc($_result);

            if (!$_row) {
                // Warning: No session data found while doing session info query
                $this->_setWrnMsg('NO_SESS_INFO', $_sql, $_sess_id);
                $this->_handleErrors();

            } else
            if ($_pswd_valid) {

                $_row[$this->_db['tb_vl_col']] =
                    isSet($_row[$this->_db['tb_vl_col']]) ?
                          $_row[$this->_db['tb_vl_col']]  : '';

                $_row[$this->_db['tb_iv_col']] =
                    isSet($_row[$this->_db['tb_iv_col']]) ?
                          $_row[$this->_db['tb_iv_col']]  : '';

                if ($this->_MAGIC_QUOTES_RUNTIME) {
                    $_row[$this->_db['tb_vl_col']] =
                        stripslashes($_row[$this->_db['tb_vl_col']]);

                    $_row[$this->_db['tb_iv_col']] =
                        stripslashes($_row[$this->_db['tb_iv_col']]);
                }

                /**
                 * Decrypt the data if it was encrypted
                 */
                if ((!empty($_row[$this->_db['tb_iv_col']])) &&
                   (!empty($_row[$this->_db['tb_vl_col']]))) {

                    $_row[$this->_db['tb_vl_col']] =
                        $this->sessDecrypt($_row[$this->_db['tb_vl_col']],
                                           $_row[$this->_db['tb_iv_col']],
                                           TRUE);
                }


            }

            if (is_array($_row)) {
                if ($this->_MAGIC_QUOTES_RUNTIME) {
                    $_row[$this->_db['tb_si_col']] =
                        stripslashes($_row[$this->_db['tb_si_col']]);

                    $_row[$this->_db['tb_tr_col']] =
                        stripslashes($_row[$this->_db['tb_tr_col']]);

                }

                return $_row;

            } else {

                return FALSE;

            }

        }
    }


    /**
     * getAllSessInfo - This will return column information for the number of
     * rows indicated (default is to return all rows). You can select the
     * column to sort by (expiry is the default) and whether to sort by
     * ascending or descending (default) sort order. It returns a two
     * dimensional associative array. The first array index is the row number,
     * and the second array index is the table column names.
     * The session data value, and encryption IV column values are returned
     * only when a confirm password is passed. If the session value is
     * encrypted, it will automatically be decrypted, however the session
     * value data will be raw (in serialized format).
     * The other columns retrieved are useful for determining when a session
     * was created/started and when it will expire.
     *
     * The trace column can be split into individual values. For example:
     * $data = $sess->getAllSessInfo();
     * $arr  = explode('~', $data[0]['sess_trace']); // $arr[1] is IP Address
     *
     * You can use PHP's getdate() function to convert the columns that contain
     * epoch values (such as session created, expiry, and timeout).
     * @link   http://us4.php.net/manual/en/function.getdate.php
     *
     * @param  int    $_offset The row number to start returning data from
     * @param  int    $_row_count The number of rows to return (-1 = all rows).
     * @param  string $_order_by The column name to sort rows by (def=expiry).
     * @param  bool   $_ascending Ascending or descending sort order (def=desc)
     * @param  string $_confirmation_pswd Pass to retrieve raw session value.
     * @return mixed  Returns a 2D array of data or FALSE on error/no data.
     * @access public
     */
    function getAllSessInfo($_offset = 0,
                            $_row_count = -1,
                            $_order_by = NULL,
                            $_ascending = FALSE,
                            $_confirmation_pswd = NULL)
    {

        if (!is_int($_offset))
            $_offset = (int) 0;

        if ($_offset < 0)
            $_offset = (int) 0;

        if (!is_int($_row_count))
            $_row_count = (int) -1;

        if (0 == $_row_count)
            $_row_count = (int) -1;

        if (empty($_order_by))
            $_order_by = $this->_db['tb_ex_col'];
        else
            if (($_order_by != $this->_db['tb_id_col']) &&
                ($_order_by != $this->_db['tb_sl_col']) &&
                ($_order_by != $this->_db['tb_cr_col']) &&
                ($_order_by != $this->_db['tb_ex_col']) &&
                ($_order_by != $this->_db['tb_to_col']) &&
                ($_order_by != $this->_db['tb_lk_col']) &&
                ($_order_by != $this->_db['tb_vl_col']) &&
                ($_order_by != $this->_db['tb_iv_col']) &&
                ($_order_by != $this->_db['tb_si_col']) &&
                ($_order_by != $this->_db['tb_tr_col']))
                 $_order_by = $this->_db['tb_ex_col'];

        if (!is_bool($_ascending))
            $_ascending = FALSE;

        $_asc_desc = (TRUE === $_ascending) ? 'ASC' : 'DESC';

        /**
         * Verify that raw session value is requested to be retrieved as well
         * by checking the passed password against the confirm password
         * defined in _param['confirm_pswd']
         */
        $_pswd_valid = (0 === strcmp($_confirmation_pswd, $this->_CONF_PSWD)) ?
                        TRUE : FALSE;

        $_sql  = 'SELECT '    . $this->_db['tb_id_col'] .
                         ', ' . $this->_db['tb_sl_col'] .
                         ', ' . $this->_db['tb_cr_col'] .
                         ', ' . $this->_db['tb_ex_col'] .
                         ', ' . $this->_db['tb_to_col'] .
                         ', ' . $this->_db['tb_lk_col'] .
                         ', ' . $this->_db['tb_si_col'] .
                         ', ' . $this->_db['tb_tr_col'];

        if ($_pswd_valid)
            $_sql  .=    ', ' . $this->_db['tb_vl_col'] .
                         ', ' . $this->_db['tb_iv_col'];

        $_sql .= '  FROM '  . $this->_db['tb_name']     .
                 " ORDER BY $_order_by $_asc_desc LIMIT $_offset,$_row_count";

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {

            // All session information query failed.
            $this->_setErrMsg('ALL_INFO_FAIL', $_sql);
            $this->_handleErrors();

            return FALSE;

        } else {

            $_rows = array();

            while ($_row = @mysql_fetch_assoc($_result)) {


                if ($_pswd_valid) {

                    $_row[$this->_db['tb_vl_col']] =
                        isSet($_row[$this->_db['tb_vl_col']]) ?
                              $_row[$this->_db['tb_vl_col']]  : '';

                    $_row[$this->_db['tb_iv_col']] =
                        isSet($_row[$this->_db['tb_iv_col']]) ?
                            $_row[$this->_db['tb_iv_col']]  : '';

                    if ($this->_MAGIC_QUOTES_RUNTIME) {
                        $_row[$this->_db['tb_vl_col']] =
                            stripslashes($_row[$this->_db['tb_vl_col']]);

                        $_row[$this->_db['tb_iv_col']] =
                            stripslashes($_row[$this->_db['tb_iv_col']]);
                    }

                    /**
                     * Decrypt the data if it was encrypted
                     */
                    if ((!empty($_row[$this->_db['tb_iv_col']])) &&
                        (!empty($_row[$this->_db['tb_vl_col']]))) {

                        $_row[$this->_db['tb_vl_col']] =
                            $this->sessDecrypt($_row[$this->_db['tb_vl_col']],
                                               $_row[$this->_db['tb_iv_col']],
                                               TRUE);
                    }


                }


                if ($this->_MAGIC_QUOTES_RUNTIME) {
                    $_row[$this->_db['tb_si_col']] =
                        stripslashes($_row[$this->_db['tb_si_col']]);

                    $_row[$this->_db['tb_tr_col']] =
                        stripslashes($_row[$this->_db['tb_tr_col']]);

                }

                $_rows[] = $_row;

            }

            if (count($_rows) > 0) {

                @mysql_free_result($_result);
                return $_rows;

            } else {
                // Warning: No session data found while doing all session query
                $this->_setWrnMsg('NO_SESS_INFO2', $_sql);
                $this->_handleErrors();
                return FALSE;

            }


        }
    }


    /**
     * getTableName - Returns the name of the session table.
     *
     * @return string Returns the MySQL table name
     * @access public
     */
    function getTableName()
    {
        return $this->_db['tb_name'];
    }


    /**
     * getSessIDName - Returns the name of the session ID (key) column.
     *
     * @return string Returns the MySQL table column name for session ID
     * @access public
     */
    function getSessIDName()
    {
        return $this->_db['tb_id_col'];
    }


    /**
     * getSecLevelName - Returns the name of the security level column.
     *
     * @return string Returns the MySQL table column name for security level
     * @access public
     */
    function getSecLevelName()
    {
        return $this->_db['tb_sl_col'];
    }


    /**
     * getCreateName - Returns the name of the session created column.
     *
     * @return string Returns the MySQL table column name for created epoch.
     * @access public
     */
    function getCreateName()
    {
        return $this->_db['tb_cr_col'];
    }


    /**
     * getExpiryName - Returns the name of the session expiry column.
     *
     * @return string Returns the MySQL table column name for expiry epoch.
     * @access public
     */
    function getExpiryName()
    {
        return $this->_db['tb_ex_col'];
    }


    /**
     * getTimeoutName - Returns the name of the session timeout column.
     *
     * @return string Returns the MySQL table column name for timeout epoch.
     * @access public
     */
    function getTimeoutName()
    {
        return $this->_db['tb_to_col'];
    }


    /**
     * getLockName - Returns the name of the session locked column.
     *
     * @return string Returns the MySQL table column name for locked boolean.
     * @access public
     */
    function getLockName()
    {
        return $this->_db['tb_lk_col'];
    }


    /**
     * getSessValueName - Returns the name of the session value column.
     *
     * @return string Returns the MySQL table column name for session value.
     * @access public
     */
    function getSessValueName()
    {
        return $this->_db['tb_vl_col'];
    }


    /**
     * getEncIVName - Returns the name of the encryption IV column.
     *
     * @return string Returns the MySQL table column name for encryption IV.
     * @access public
     */
    function getEncIVName()
    {
        return $this->_db['tb_iv_col'];
    }


    /**
     * getSecIDName - Returns the name of the security ID column.
     *
     * @return string Returns the MySQL table column name for security ID.
     * @access public
     */
    function getSecIDName()
    {
        return $this->_db['tb_si_col'];
    }


    /**
     * getTraceName - Returns the name of the session trace column.
     *
     * @return string Returns the MySQL table column name for session trace.
     * @access public
     */
    function getTraceName()
    {
        return $this->_db['tb_tr_col'];
    }


    /**
     * nbrActiveSess - Retrieves the number of active sessions currently in the
     * table.
     *
     * @return int    The number of session rows that are considered active.
     * @access public
     */
    function nbrActiveSess()
    {

        $_time = time();

        $_sql  = 'SELECT '  . $this->_db['tb_lk_col']  .
                 '  FROM '  . $this->_db['tb_name']    .
                 ' WHERE (' . $this->_db['tb_ex_col']  . " > '$_time')" .
                 '   AND (' . $this->_db['tb_to_col']  . " > '$_time')" .
                 '   AND (' . $this->_db['tb_lk_col']  . " = '0')";

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {

            // Active sessions query failed. Could not read session data
            $this->_setErrMsg('ACTIVE_FAIL', $_sql);
            $this->_handleErrors();

            return (bool) FALSE;                // Return an error

        } else {

            return @mysql_num_rows($_result);

        }
    }


    /**
     * nbrInactiveSess - Retrieves the number of inactive sessions currently in
     * the table.
     *
     * @return int     The number of session rows that are considered inactive.
     * @access public
     */
    function nbrInactiveSess()
    {

        $_time = time();

        $_sql  = 'SELECT '  . $this->_db['tb_lk_col']  .
                 '  FROM '  . $this->_db['tb_name']    .
                 ' WHERE (' . $this->_db['tb_ex_col']  . " < '$_time')" .
                 '    OR (' . $this->_db['tb_to_col']  . " < '$_time')" .
                 '    OR (' . $this->_db['tb_lk_col']  . " = '1')";

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {

            // Inactive sessions query failed. Could not read session data
            $this->_setErrMsg('INACTIVE_FAIL', $_sql);
            $this->_handleErrors();

            return (bool) FALSE;                // Return an error

        } else {

            return @mysql_num_rows($_result);

        }
    }


    /**
     * changeSessLock - To lock or unlock a session row in the table.
     * When a session is locked, it will not be further read and is considered
     * temporarily or permanently suspended.
     * Must pass a valid session ID; no default assigned.
     * Note: MySQL will not update columns where the new value is the same as
     * the old value.
     *
     * @param  string  $_sess_id Session ID of the row to change the lock on.
     * @param  bool    $_lock_mode Set to TRUE for lock and FALSE for unlock.
     * @return bool    TRUE on a successful lock/unlock, and FALSE on error or
     *                 empty session string.
     * @access public
     */
    function changeSessLock($_sess_id, $_lock_mode = FALSE)
    {

        if (empty($_sess_id))
            return FALSE;

        if (!is_bool($_lock_mode))
            $_lock_mode = FALSE;

        if (TRUE === $_lock_mode)
            $_lock_mode = 1;
        else
            $_lock_mode = 0;


        $_sql = 'UPDATE ' . $this->_db['tb_name']     .
                  ' SET '                             .
                            $this->_db['tb_lk_col']   .
                            "='$_lock_mode'"          .
                ' WHERE ' . $this->_db['tb_id_col']   .
                            " = '$_sess_id'";


        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {
            // Lock/unlock failed. Could not change session data
            $this->_setErrMsg('A_LOCK_FAIL', $_sql, $_sess_id);
            $this->_handleErrors();
        }

        return (bool) $_result;
    }


    /**
     * changeAllSessLocks - To lock or unlock all session rows in the table.
     * When a session is locked, it will not be further read and is considered
     * temporarily or permanently suspended. Pass the _param['confirm_pswd']
     * to this member function as a way of making sure that it is the intention
     * to lock/unlock all rows in the session table.
     * Note: MySQL will not update columns where the new value is the same as
     * the old value.
     *
     * @param  string  $_confirmation_pswd Password required to change all rows.
     * @param  bool    $_lock_mode Set to TRUE for lock and FALSE for unlock.
     * @return bool    TRUE when rows are successfully locked/unlocked, or FALSE
     *                 on error or invalid password supplied.
     * @access public
     */
    function changeAllSessLocks($_confirmation_pswd = NULL, $_lock_mode = FALSE)
    {

        /**
         * Verify lock/unlock request by checking the passed password against
         * the confirm password defined in _param['confirm_pswd']
         */
        if (0 !== strcmp($_confirmation_pswd, $this->_CONF_PSWD))
            return FALSE;

        if (!is_bool($_lock_mode))
            $_lock_mode = FALSE;

        if (TRUE === $_lock_mode)
            $_lock_mode = 1;
        else
            $_lock_mode = 0;


        $_sql = 'UPDATE ' . $this->_db['tb_name']     .
                  ' SET ' . $this->_db['tb_lk_col']   .
                            "='$_lock_mode'";

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {
            // Lock/unlock failed. Could not change all the session data
            $this->_setErrMsg('ALL_LOCK_FAIL', $_sql);
            $this->_handleErrors();
        }

        return (bool) $_result;
    }


    /**
     * deleteSession - To manually delete an old/expired session row from the
     * table. Must pass a valid session ID; no default assigned.
     *
     * @param  string  $_sess_id Session ID of the row to delete.
     * @return bool    TRUE on a successful delete, and FALSE on error or empty
     *                 session string.
     * @access public
     */
    function deleteSession($_sess_id)
    {

        if (empty($_sess_id))
            return FALSE;

        /**
         * When session ID is the same as the current one, then use
         * session_destroy() to delete a current active session
         * instead of this method.
         */
        if (0 === strcmp($_sess_id, session_id()))
            return session_destroy();

        $_sql = 'DELETE FROM ' . $this->_db['tb_name'] .
                     ' WHERE ' . $this->_db['tb_id_col']  .
                                 " = '$_sess_id'";

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {
            // Delete request failed. Could not delete session data
            $this->_setErrMsg('A_DEL_FAIL', $_sql, $_sess_id);
            $this->_handleErrors();
        }

        return (bool) $_result;
    }


    /**
     * deleteAllSessions - To delete all session rows from table. It's faster
     * to drop and create the table again, however, the current database user
     * should not have such security privileges. Pass the _param['confirm_pswd']
     * to this member function as a way of making sure that it is the intention
     * to delete all rows from the session table.
     *
     * @param  string  $_confirmation_pswd Password required to delete all rows.
     * @return bool    TRUE when rows are successfully deleted, and FALSE on
     *                 error or invalid password supplied.
     * @access public
     */
    function deleteAllSessions($_confirmation_pswd = NULL)
    {

        /**
         * Verify delete request by checking the passed password against
         * the confirm password defined in _param['confirm_pswd']
         */
        if (0 !== strcmp($_confirmation_pswd, $this->_CONF_PSWD))
            return FALSE;

        $_sql = 'DELETE FROM ' . $this->_db['tb_name'];

        $_result = @mysql_query($_sql, $this->_dbh);

        if (!$_result) {
            // Delete all request failed. Could not delete all session data
            $this->_setErrMsg('ALL_DEL_FAIL', $_sql);
            $this->_handleErrors();
        }

        return (bool) $_result;
    }


    /**
     * pregMatches - Returns a boolean of a whole word preg_match result. It
     * checks $_pattern against $_value and returns a boolean result. The
     * preg_match result must match $_value for it to return a TRUE result.
     * It uses a default pattern of '/[a-zA-Z0-9]+/' when no pattern is
     * specified.
     *
     * @param  string $_pattern Set to a valid regular expression pattern.
     * @param  string $_value Set to a value to have the $_pattern check against
     * @return bool Returns TRUE when $_pattern is found in $_value.
     * @access public
     */
    function pregMatches($_pattern, $_value)
    {
        if (empty($_pattern))
            $_pattern = '/[a-zA-Z0-9]+/';  // Match this pattern 1 or more times

        $_matches = array();

        if (preg_match($_pattern, $_value, $_matches) > 0)
            if (0 === @strcmp($_value, $_matches[0]))
                return TRUE;

        return FALSE;

    }


    /**
     * stringSplit - Parses out a string into x number of byte chunk characters.
     * Example: $arr = stringSplit('Hi', 1);
     *
     * $arr then contains: $arr[0] = 'H'  and  $arr[1] = 'i'
     *
     * @param  string $_text Pass a text string you would like to parse out.
     * @param  int    $_chunksize The number of characters to split by.
     * @return array  Returns an array with each index containing x characters.
     * @access public
     */
    function stringSplit($_text, $_chunksize = 1)
    {
        preg_match_all('/(' . str_repeat('.', $_chunksize) . ')/Uims',
                       $_text,
                       $_matches);

        return $_matches[1];
    }


    /**
     * sessEncode - Encrypts plain text. It uses an Initialization Vector (IV)
     * integer in the range of 1-500 in order to produce more varied results.
     * You must use the same IV number when calling the sessDecode member.
     * The encrypted text may be longer than original plain text.
     * This function requires PHP ver >= 4.2.0 because of str_rot13 function.
     *
     *
     * @param  string $_text Pass the plain text you would like to encrypt.
     * @param  int    $_IV Pass a random number between 1 and 500.
     * @return string Returns the plain text passed in encrypted format.
     * @access public
     */
    function sessEncode($_text, $_IV = 3)
    {

        if (is_numeric($_IV)) {

            $_IV = intval($_IV);

            if ($_IV < 1)
                $_IV = 1;
            else
              if ($_IV > 500)
                  $_IV = 42;

        } else {

            $_IV = 3;
        }

        $_text .= ' ';

        $_arr1 = $this->stringSplit($this->_ENCRYPT_KEY);
        $_arr2 = $_arr1;

        foreach ($_arr1 as $_i1 => $_v1) {

            foreach ($_arr2 as $_i2 => $_v2) {

                $_counter = ($_i2 + 1) + ($_i1 * strlen($this->_ENCRYPT_KEY));

                $_array[$_counter] = $_v1 . $_v2;

                if ($_v1 == $_v2)
                    $_array[$_counter] = $_v1 . '_';
            }
        }

        $_encoded = '';
        $_count = 0;
        $_msgarr = $this->stringSplit($_text);

        foreach ($_msgarr as $_mindex => $_mvalue) {

            If ($_mindex / 2 <> ceil ($_mindex / 2)) {

                $_masc = ord($_mvalue) - 31;
                $_masc = $_masc + (ceil($_count * $_IV / 3) + $_IV);
                $_count++;
                if ($_count > 12)
                    $_count = 0;
                $_encoded .= $_array[$_masc];

            } else {

                // No need to get around str_rot13 bug here since $_mvalue is
                // not being referenced after this point & will get overriden.
                $_encoded .= str_rot13($_mvalue);
            }
        }

        return $_encoded;
    }


    /**
     * sessDecode - Decodes text that was previously encrypted with sessEncode.
     * This function requires PHP ver >= 4.2.0 because of str_rot13 function.
     *
     * @param  string $_text Pass the encrypted text created by sessEncode.
     * @param  int    $_IV Pass the same IV number as used in sessEncode.
     * @return string Returns the unencrypted plain text.
     * @access public
     */
    function sessDecode($_text, $_IV = 3)
    {

        $_count = 0;

        if (is_numeric($_IV)) {

            $_IV = intval($_IV);

            if ($_IV < 1)
                $_IV = 1;
            else
              if ($_IV > 500)
                  $_IV = 42;

        } else {

            $_IV = 3;
        }

        $_arr1 = $this->stringSplit($this->_ENCRYPT_KEY);
        $_arr2 = $_arr1;

        foreach ($_arr1 as $_i1 => $_v1) {

            foreach ($_arr2 as $_i2 => $_v2) {

                $_counter = ($_i2 + 1) + ($_i1 * strlen($this->_ENCRYPT_KEY));
                $_array[$_counter] = $_v1 . $_v2;
                if ($_v1 == $_v2)
                    $_array[$_counter] = $_v1 . '_';
            }
        }

        $_array = array_flip($_array);
        $_msgarr = $this->stringSplit($_text, 3);

        $_decoded = '';            // Rev 1.0.2: Added this initialization line

        foreach ($_msgarr as $_mvalue) {

            // $_tmp_hold used to get around a possible PHP bug in versions
            // earlier than 4.3.0. The variable passed in function might change.
            $_tmp_hold  = $_mvalue;
            $_decoded  .= str_rot13($_tmp_hold{0});

            $_ivalue = $_array[substr($_mvalue, 1, 2)];
            $_ivalue = $_ivalue - (ceil($_count * $_IV / 3) + $_IV);
            $_count++;
            if ($_count > 12)
                $_count = 0;

            $_masc = chr($_ivalue + 31);
            $_decoded .= $_masc;
        }

        return trim($_decoded);    // Rev 1.0.1: Added trim(). Removed substr().
    }


    /**
     * sessEncrypt - Encrypts plain text. It uses an Initialization Vector (IV).
     * The same IV is needed for the decryption phase. Must save IV for
     * later decryption. This routine will attempt to use the mcrypt
     * algorithms if installed first, otherwise the sessEncode member is used.
     * The encrypted text may be longer than original plain text. When you have
     * a few/many fields to encrypt in one script cycle, choose to keep the
     * mcrypt module open to speed up encryption (only for libmcrypt >= 2.4.x).
     *
     * @link   http://mcrypt.hellug.gr
     * @param  string $_text Pass the plain text you would like to encrypt.
     * @param  string $IV Pass by reference var. This will get assigned the IV.
     * @param  bool   $_keep_open TRUE to keep mcrypt module open, FALSE close.
     * @return mixed  Returns an encrypted value representing the original
     *                text, or FALSE on error.
     * @access public
     */
    function sessEncrypt($_text, &$IV, $_keep_open = FALSE)
    {

        static $_open_already = FALSE;  // Open encrypt flag For ver >= 2.4.x
        static $_module       = NULL;


        if (!is_bool($_keep_open))
            $_keep_open = FALSE;

        if (($this->_MCRYPT) &&
            (!empty($this->_ENC_ALGO)) &&
            (!empty($this->_ENC_MODE))) {

            if ($this->_MCRYPT_LATEST) {    // For >= 2.4.x

                if (!$_open_already) {

                    $_module = @mcrypt_module_open($this->_ENC_ALGO, '',
                                                   $this->_ENC_MODE, '');

                    if (FALSE === $_module) {

                        // Could not open encryption module for encrypting
                        $this->_setErrMsg('ENC_OPEN_FAIL', NULL,
                                          $this->_ENC_ALGO, $this->_ENC_MODE);
                        $this->_handleErrors();

                        return FALSE;

                    }

                    $_open_already = TRUE;

                }

                $IV = @mcrypt_create_iv (@mcrypt_enc_get_iv_size($_module),
                                         MCRYPT_RAND);   // For Windows support

                $_key = substr($this->_ENC_KEY_HASHED, 0,
                               @mcrypt_enc_get_key_size($_module));

                $_result = mcrypt_generic_init($_module, $_key, $IV);

                if ($_result < 0) {

                    switch ($_result) {

                        case -3:

                            // Key length for encryption is incorrect
                            $this->_setErrMsg('ENC_KEY_LEN', NULL,
                                              $this->_ENC_ALGO,
                                              $this->_ENC_MODE,
                                              strlen($_key));

                        case -4:

                            // There were memory allocation problems - encrypt
                            $this->_setErrMsg('ENC_MEMORY', NULL,
                                              $this->_ENC_ALGO,
                                              $this->_ENC_MODE);

                        default:

                            // There were unknown errors while trying to encrypt
                            $this->_setErrMsg('ENC_UNKNOWN', NULL,
                                              $this->_ENC_ALGO,
                                              $this->_ENC_MODE);

                    }

                    $this->_handleErrors();

                    return FALSE;
                }

                $_enc = @mcrypt_generic($_module, $_text);


                if (!$_keep_open) {

                    @mcrypt_generic_deinit($_module);
                    @mcrypt_module_close($_module);

                    $_open_already = FALSE;
                    $_module = NULL;
                }


            } else {    // For 2.2.x

                $IV   = @mcrypt_create_iv(
                                          @mcrypt_get_block_size(
                                                                $this->_ENC_ALGO
// FYI: Would be needed to run in > 2.2.x                     , $this->_ENC_MODE
                                                                ),
                                          MCRYPT_RAND
                                         ); // MCRYPT_RAND for Windows support

                $_key = substr($this->_ENC_KEY_HASHED, 0,
                               @mcrypt_get_key_size($this->_ENC_ALGO
// FYI: Would be needed to run in > 2.2.x         , $this->_ENC_MODE
                                                   )
                              );

                switch ($this->_ENC_MODE) {

                     case MCRYPT_MODE_ECB:

                     $_enc = @mcrypt_ecb(
                                         $this->_ENC_ALGO,
                                         $_key,
                                         $_text,
                                         MCRYPT_ENCRYPT
// FYI: Would be needed to run in > 2.2.x , $IV
                                        );

                     $IV   = '';        // FYI: Would comment to run in > 2.2.x
                     break;

                     case MCRYPT_MODE_CFB:

                     $_enc = @mcrypt_cfb(
                                         $this->_ENC_ALGO,
                                         $_key,
                                         $_text,
                                         MCRYPT_ENCRYPT,
                                         $IV
                                        );
                     break;

                     case MCRYPT_MODE_OFB:

                     $_enc = @mcrypt_ofb(
                                         $this->_ENC_ALGO,
                                         $_key,
                                         $_text,
                                         MCRYPT_ENCRYPT,
                                         $IV
                                        );
                     break;

                     default:

                     $_enc = @mcrypt_cbc(
                                         $this->_ENC_ALGO,
                                         $_key,
                                         $_text,
                                         MCRYPT_ENCRYPT,
                                         $IV
                                        );
                }

            }

            $_enc = trim(@base64_encode($_enc));
            $IV   = trim(@base64_encode($IV));

        } else {

            $IV   = (int) mt_rand(1, 500);

            $_enc = $this->sessEncode($_text, $IV);

        }

        return $_enc;

    }


    /**
     * sessDecrypt - Decrypts encrypted text created by the sessEncrypt member.
     * It needs to be passed the same Initialization Vector (IV) used in the
     * encryption process. When you have a few/many fields to decrypt in one
     * script cycle, choose to keep the mcrypt module open to speed up
     * decryption (only for libmcrypt >= 2.4.x). A correctly decrypted field
     * will be returned as a string, so if you're expecting/wanting an integer
     * then you have to type cast or use intval() function.
     *
     * @param  string $_enc Pass the encrypted text you would like to decrypt.
     * @param  string $_IV Pass the same IV used in the encryption phase.
     * @param  bool   $_keep_open TRUE to keep mcrypt module open, FALSE close.
     * @return mixed  Returns the original plain text or FALSE on error.
     * @access public
     */
    function sessDecrypt($_enc, $_IV, $_keep_open = FALSE)
    {

        static $_open_already = FALSE;  // Open encrypt flag For ver >= 2.4.x
        static $_module       = NULL;


        if (!is_bool($_keep_open))
            $_keep_open = FALSE;


        if ((is_numeric($_IV))  &&
            (strlen($_IV) > 0)  &&
            (strlen($_IV) < 4)  &&
            (intval($_IV) > 0)  &&
            (intval($_IV) < 501)) {

            $_text = $this->sessDecode($_enc, intval($_IV));

        } else
        if (($this->_MCRYPT) &&
            (!empty($this->_ENC_ALGO)) &&
            (!empty($this->_ENC_MODE))) {

            $_IV   = @base64_decode($_IV);
            $_enc  = @base64_decode($_enc);

            if ($this->_MCRYPT_LATEST) {    // For >= 2.4.x

                if (!$_open_already) {

                    $_module = @mcrypt_module_open($this->_ENC_ALGO, '',
                                                   $this->_ENC_MODE, '');

                    if (FALSE === $_module) {

                        // Could not open encryption module for decryption
                        $this->_setErrMsg('DEC_OPEN_FAIL', NULL,
                                          $this->_ENC_ALGO, $this->_ENC_MODE);
                        $this->_handleErrors();

                        return FALSE;

                    }

                    $_open_already = TRUE;
                }

                $_key = substr($this->_ENC_KEY_HASHED, 0,
                               @mcrypt_enc_get_key_size($_module));

                $_result = @mcrypt_generic_init($_module, $_key, $_IV);

                if ($_result < 0) {

                    switch ($_result) {

                        case -3:

                            // Key length for decryption is incorrect
                            $this->_setErrMsg('DEC_KEY_LEN', NULL,
                                              $this->_ENC_ALGO,
                                              $this->_ENC_MODE,
                                              strlen($_key));

                        case -4:

                            // There were memory allocation problems - decrypt
                            $this->_setErrMsg('DEC_MEMORY', NULL,
                                              $this->_ENC_ALGO,
                                              $this->_ENC_MODE);

                        default:

                            // There were unknown errors while trying to decrypt
                            $this->_setErrMsg('DEC_UNKNOWN', NULL,
                                              $this->_ENC_ALGO,
                                              $this->_ENC_MODE);

                    }

                    $this->_handleErrors();

                    return FALSE;
                }

                // trim is especially needed in Cipher Block Chaining (CBC) mode
                $_text = trim(@mdecrypt_generic($_module, $_enc));

                if (!$_keep_open) {

                    @mcrypt_generic_deinit($_module);
                    @mcrypt_module_close($_module);

                    $_open_already = FALSE;
                    $_module = NULL;
                }

            } else {            // For 2.2.x


                $_key = substr($this->_ENC_KEY_HASHED, 0,
                               @mcrypt_get_key_size($this->_ENC_ALGO
// FYI: Would be needed to run in > 2.2.x          ,$this->_ENC_MODE
                                                   )
                              );

                switch ($this->_ENC_MODE) {

                     case MCRYPT_MODE_ECB:

                     $_text = @mcrypt_ecb(
                                          $this->_ENC_ALGO,
                                          $_key,
                                          $_enc,
                                          MCRYPT_DECRYPT
// FYI: Would be needed to run in > 2.2.x ,$_IV
                                         );

                     break;

                     case MCRYPT_MODE_CFB:

                     $_text = @mcrypt_cfb(
                                          $this->_ENC_ALGO,
                                          $_key,
                                          $_enc,
                                          MCRYPT_DECRYPT,
                                          $_IV
                                         );
                     break;

                     case MCRYPT_MODE_OFB:

                     $_text = @mcrypt_ofb(
                                          $this->_ENC_ALGO,
                                          $_key,
                                          $_enc,
                                          MCRYPT_DECRYPT,
                                          $_IV
                                         );
                     break;

                     default:

                     $_text = @mcrypt_cbc(
                                          $this->_ENC_ALGO,
                                          $_key,
                                          $_enc,
                                          MCRYPT_DECRYPT,
                                          $_IV
                                         );
                }

                $_text = trim($_text); // Especially needed for CBC mode

            }

        } else {

            $_text = FALSE;

        }

        return $_text;
    }


    /**
     * sendCacheHeader - Transmits the value for the Cache-Control header
     * option(s).
     *
     * @uses   Example to stop caching: 'no-store, no-cache, must-revalidate,
     *                                   post-check=0, pre-check=0'
     *
     * @param  string $_options Cache-Control header option(s)
     * @return bool   Always returns TRUE.
     * @access public
     */
    function sendCacheHeader($_options = 'private')
    {

        header("Cache-Control: $_options");

        return TRUE;
    }


    /**
     * getMySQLVer - Call to obtain the version number of the MySQL server.
     *
     * @return string Returns the current MySQL server version number.
     * @access public
     */
    function getMySQLVer()
    {
        return $this->_mysql_ver;
    }


    /**
     * getSessName - Call to obtain the current PHP Session name (used in URL's)
     *
     * @return string Returns the current PHP Session name.
     * @access public
     */
    function getSessName()
    {
        return $this->_sess_name;
    }


    /**
     * getSessLife - Retrieves the current PHP Session life duration. Set
     * $_in_minutes to TRUE to return a value in minutes (rounded up to
     * the next whole minute).
     *
     * @param  bool   $_in_minutes A switch to signify that the return value
     *                should be in minutes instead of seconds (the default).
     * @return int    Returns the number of seconds or minutes of session life.
     * @access public
     */
    function getSessLife($_in_minutes = FALSE)
    {
        if ($_in_minutes)
            return intval(ceil($this->_SESS_LIFE / 60));
        else
            return (int) $this->_SESS_LIFE;
    }


    /**
     * getSessTimeout - Returns what the session timeout duration is set to. Set
     * $_in_minutes to TRUE to return a value in minutes (rounded up to
     * the next whole minute).
     *
     * @param  bool   $_in_minutes A switch to signify that the return value
     *                should be in minutes instead of seconds (the default).
     * @return int    Returns the number of seconds/minutes of session timeout.
     * @access public
     */
    function getSessTimeout($_in_minutes = FALSE)
    {
        if ($_in_minutes)
            return intval(ceil($this->_SESS_TIMEOUT / 60));
        else
            return (int) $this->_SESS_TIMEOUT;
    }


    /**
     * setSessVar - Creates or updates a session variable's value. You can
     * select to have the session variables contents be encrypted. For extra
     * security, you can select for an extra/duplicate field to be created which
     * will contain the encrypted value (while leaving the non-encrypted value
     * in the session field specified untouched). By using this option,
     * getSessVar() will automatically make a comparison of the two values for
     * extra validity. For the encryption option, the value can't be an array,
     * a boolean, a resource, or an object.
     *
     * @param  string $_field Name to assign as key index in $_SESSION array.
     * @param  mixed  $_value to assign the field name/key in $_SESSION array.
     * @param  bool   $_encrypt_value Set TRUE to have encryption performed.
     * @param  bool   $_extra_field Set TRUE to create a new encrypted field.
     * @param  string $_ENC_SFX Encrypted field suffix value added to create
     *                the new encrypted field.
     * @param  string $_ENC_IV_SFX The IV field suffix value added to create
     *                the IV field. Always created with encryption option.
     * @param  bool   $_ERROR Set to what value should be returned upon error.
     * @return bool   Returns TRUE when field value is set, FALSE on NULL/error.
     * @access public
     */
    function setSessVar($_field,
                        $_value         = NULL,
                        $_encrypt_value = FALSE,
                        $_extra_field   = FALSE,
                        $_ENC_SFX       = '_enc',
                        $_ENC_IV_SFX    = '_enc_iv',
                        $_ERROR         = FALSE
                       )

    {

        if (empty($_field))
            return $_ERROR;

        if (!is_bool($_encrypt_value))
            $_encrypt_value = FALSE;

        /**
         * When encryption requested, see if we can encrypt this type of value.
         */
        if (($_encrypt_value)       &&
            (!is_array($_value))    &&
            (!is_bool($_value))     &&
            (!is_resource($_value)) &&
            (!is_object($_value)))  {

            $_enc_iv = 0;

            $_enc = $this->sessEncrypt($_value, $_enc_iv, TRUE);

            if (FALSE === $_enc)
                return $_ERROR;               // Encryption didn't work

            if (!$this->pregMatches('/[a-zA-Z0-9_]+/', $_ENC_IV_SFX))
                $_ENC_IV_SFX = '_enc_iv';

            /**
             * Save encrypted info.
             */
            $_SESSION[$_field . $_ENC_IV_SFX] = $_enc_iv;

            if (!is_bool($_extra_field))
                $_extra_field = FALSE;

            if ($_extra_field) {

                if (!$this->pregMatches('/[a-zA-Z0-9_]+/', $_ENC_SFX))
                    $_ENC_SFX = '_enc';

                /**
                 * Place encrypted value in a new field, and leave non-encrypted
                 * value in selected/same field.
                 */
                $_SESSION[$_field . $_ENC_SFX] = $_enc;
                $_SESSION[$_field] = $_value;

            } else {

                /**
                 * No extra field wanted, so place encrypted value in
                 * selected/same field.
                 */
                $_SESSION[$_field] = $_enc;
            }


        } else {    // Encryption not requested or not right type

            $_SESSION[$_field] = $_value;
        }

        return isSet($_SESSION[$_field]);
    }


    /**
     * getSessVar - Returns a session variables value if assigned (and not NULL)
     * or the default value supplied, or NULL when no default supplied. Also,
     * this will detect if a value had been encrypted and will automatically
     * return the decrypted value. When the extra field option is used in
     * setSessVar(), then a comparison of original and extra field values are
     * automatically performed to make sure that the original fields value has
     * not been modified by an outside source (hacker).
     * FYI: The $_SESSION array is only made available after a session_start().
     *
     * @param  string $_field Key name to look for in $_SESSION superglobal
     *                array.
     * @param  mixed  $_default A value to return when var is not set/NULL.
     * @param  string $_ENC_SFX Encrypted field suffix value used when
     *                encryption field was created (in setSessVar).
     * @param  string $_ENC_IV_SFX The IV field suffix value used when the IV
     *                field was created (in setSessVar).
     * @param  bool   $_ERROR Set to what value should be returned upon error.
     * @return mixed  Returns session variable value, assigned default, or
     *                FALSE on error.
     * @access public
     */
    function getSessVar($_field,
                        $_default    = NULL,
                        $_ENC_SFX    = '_enc',
                        $_ENC_IV_SFX = '_enc_iv',
                        $_ERROR      = FALSE
                       )
    {

        if (empty($_field))
            return $_ERROR;

        /**
         * Determine if field has already been defined
         */
        if (isSet($_SESSION[$_field])) {

            if (!$this->pregMatches('/[a-zA-Z0-9_]+/', $_ENC_IV_SFX))
                $_ENC_IV_SFX = '_enc_iv';

            /**
             * When this field is defined we have an encrypted value
             */
            $_enc_iv = (isSet($_SESSION[$_field . $_ENC_IV_SFX])) ?
                              $_SESSION[$_field . $_ENC_IV_SFX]   : NULL;

            /**
             * It's not encrypted when there's no IV value defined
             */
            if (is_null($_enc_iv)) {

                return $_SESSION[$_field];      // Return non-encrypted value

            }

            if (!$this->pregMatches('/[a-zA-Z0-9_]+/', $_ENC_SFX))
                $_ENC_SFX = '_enc';

            /**
             * We now know that we have an encrypted value. Find out if the
             * original or the extra field contains the encrypted value.
             */
            $_enc = (isSet($_SESSION[$_field . $_ENC_SFX])) ?
                           $_SESSION[$_field . $_ENC_SFX]   :
                           $_SESSION[$_field];

            $_text = $this->sessDecrypt($_enc, $_enc_iv, TRUE);

            if (FALSE === $_text)
                return $_ERROR;                   // Error with decryption

           /**
             * If the extra field contained the encrypted value, then compare
             * the original fields value with the decrypted value. They should
             * both match if security hasn't been compromised.
             */
            if (isSet($_SESSION[$_field . $_ENC_SFX])) {

                if ($_SESSION[$_field] != $_text)
                    return $_ERROR;               // Field integrity compromised

            }

            return $_text;                        // Return decrypted value


        } else {

            return $_default;      // Field not defined, so return the default
        }

    }


    /**
     * stopOnWarnings - Set to stop script when warning messages are generated.
     *
     * @return bool  Returns TRUE meaning any warnings will stop the script.
     * @access public
     */
    function stopOnWarnings()
    {
        return $this->_stop_on_warn = TRUE;
    }


    /**
     * endStopOnWarnings - Set to keep script running when warning messages are
     * generated.
     *
     * @return bool  Returns FALSE meaning script will not stop on warnings.
     * @access public
     */
    function endStopOnWarnings()
    {
        return $this->_stop_on_warn = FALSE;
    }


    /**
     * warningsExist - A check to see if warning messages have been generated.
     *
     * @return bool  Returns TRUE if there are warning messages, otherwise FALSE
     * @access public
     */
    function warningsExist()
    {
        return (empty($this->_warnings)) ? FALSE : TRUE;
    }


    /**
     * flushWarnings - Clears all warning messages that may have been generated.
     *
     * @return string  Always returns NULL.
     * @access public
     */
    function flushWarnings()
    {
        return $this->_warnings = NULL;
    }


    /**
     * getWarnings - Retrieves and formats all warning messages for displaying.
     * Clears the warnings once called.
     *
     * @param  string $_color Font color to return warning in (HTML syntax).
     * @param  string $_size  Font size to return warning in (HTML syntax).
     * @return string Warning messages with HTML breaks/entities added.
     * @access public
     */
    function getWarnings($_color = 'BLUE', $_size = '+0')
    {
        if (empty($_color))
            $_color = 'BLUE';

        if (empty($_size))
            $_size  = '+0';

        $_warnMsgs = nl2br(htmlentities($this->_warnings, ENT_QUOTES));
        $_warnMsgs = $this->_formatFont($_warnMsgs, $_color, $_size);
        $this->flushWarnings();
        return $_warnMsgs;
    }


    /**
     * stopOnErrors - Set to stop script when error messages are generated.
     *
     * @return bool  Returns TRUE meaning any errors will stop the script.
     * @access public
     */
    function stopOnErrors()
    {
        return $this->_stop_on_error = TRUE;
    }


    /**
     * endStopOnErrors - Set to keep script running when error messages are
     * generated.
     *
     * @return bool  Returns FALSE meaning script will not stop on errors.
     * @access public
     */
    function endStopOnErrors()
    {
        return $this->_stop_on_error = FALSE;
    }


    /**
     * errorsExist - A check to see if error messages have been generated.
     *
     * @return bool  Returns TRUE if there are error messages, otherwise FALSE.
     * @access public
     */
    function errorsExist()
    {
        return (empty($this->_errors)) ? FALSE : TRUE;
    }


    /**
     * flushErrors - Clears all error messages that may have been generated.
     *
     * @return string  Always returns NULL.
     * @access public
     */
    function flushErrors()
    {
        return $this->_errors = NULL;
    }


    /**
     * getErrors - Retrieves and formats all error messages for displaying.
     * Clears the errors once called.
     *
     * @param  string $_color Font color to return error in (HTML syntax).
     * @param  string $_size  Font size to return error in (HTML syntax).
     * @return string Severe error messages with HTML breaks/entities added.
     * @access public
     */
    function getErrors($_color = 'RED', $_size = '+0')
    {
        if (empty($_color))
            $_color = 'RED';

        if (empty($_size))
            $_size  = '+0';

        $_errMsgs = nl2br(htmlentities($this->_errors, ENT_QUOTES));
        $_errMsgs = $this->_formatFont($_errMsgs, $_color, $_size);
        $this->flushErrors();
        return $_errMsgs;
    }


    /**
     * setSessURI - Appends the PHP session name and ID to the end of a URI.
     * It checks whether a question mark already is in the URI.
     * Useful for creating a URI to be used in a redirect (but less secure).
     *
     * @param  string $_uri A URI i.e. http://www.example.com/index.php
     * @return string The URI only, or URI with the session name and ID appended
     * @access public
     */
    function setSessURI($_uri)
    {

     	if (!empty($_uri)) {

            $_sess_id = session_id();

            if (!empty($_sess_id)) {   // instead of using SID
                if (FALSE === strstr($_uri, '?'))
                    $_uri .= '?' . $this->_sess_name . '=' . $_sess_id;
                else
                    $_uri .= $this->_ARG_SEP . $this->_sess_name . '=' .
                             $_sess_id;
            }

     	}

   	    return $_uri;
    }


    /**
     * createLink - Creates a link and appends the PHP session name and ID when
     * requested by setting $_add_sess to TRUE, which is the default.
     *
     * @param  string $_uri The URI for the link. i.e. http://www.example.com
     * @param  string $_desc The text description for the link. URI used if none
     * @param  string $_target Where to display upon click. i.e. _blank
     * @param  bool   $_add_sess When TRUE it adds session name and ID to link.
     * @return string HTML link or empty string.
     * @access public
     */
    function createLink($_uri,
                        $_desc     = NULL,
                        $_target   = NULL,
                        $_add_sess = TRUE
                       )
    {

     	if (empty($_uri))
  	        return '';

        if (!is_bool($_add_sess))
            $_add_sess = TRUE;

        $_desc = empty($_desc) ? $_uri : $_desc;

        if ($_add_sess)
            $_uri = $this->setSessURI($_uri);

     	if (empty($_target))
     	    return sprintf("<a href=\"%s\">%s</a>", $_uri, $_desc);
        else
     	    return sprintf("<a href=\"%s\" target=\"%s\">%s</a>",
     	                   $_uri,
     	                   $_target,
     	                   $_desc);

    }


    /**
     * getIPAddr - Detects and retrieves the IP address. If the value is
     * obtained from HTTP_X_FORWARDED_FOR, it could have multiple IP addresses.
     *
     * @param  string $type_used Passed by reference; used to return back a code
     * @return string Returns the IP address.
     * @return string Returns by reference a code used to signify the field type
     *                used to determine IP. Either: C, F, R, or U
     * @access public
     */
    function getIPAddr(&$type_used)
    {
        if (isSet($_SERVER['HTTP_CLIENT_IP'])) {
            $_ip = $_SERVER['HTTP_CLIENT_IP'];
            $type_used = 'C';

        } else
            if (isSet($_SERVER['HTTP_X_FORWARDED_FOR'])) {

                $_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
                $type_used = 'F';

       } else
            if (isSet($_SERVER['REMOTE_ADDR'])) {

                $_ip = $_SERVER['REMOTE_ADDR'];
                $type_used = 'R';

        } else {

                $_ip = 'UNKNOWN';
                $type_used = 'U';

        }

        return $_ip;
    }


    /**
     * secureConnection - Determines whether current connection is secure (SSL).
     *
     * @return bool Returns TRUE when this web connection is using SSL (HTTPS).
     * @access public
     */
    function secureConnection()
    {

        if (isSet($_SERVER['HTTPS']))
            return (0 === strcmp($_SERVER['HTTPS'], 'on')) ? TRUE : FALSE;
        else
            return FALSE;

    }


   /**
     * getVersion - Indicates the version number of this DB_eSession class.
     *
     * @return string Returns the current version number of this script.
     * @access public
     */
    function getVersion()
    {
        return $this->_ver;
    }


    /**
     * getSiteWarn - Formats a site warning message for displaying on your site.
     * When $_add_link is TRUE and warning message contains 'DB_eSession', it
     * will convert that text to a link to the author's web site.
     *
     * @param  string $_color Font color to return message in (HTML syntax).
     * @param  string $_size  Font size to return message in (HTML syntax).
     * @param  bool   $_center TRUE-centers message (adds <center></center>).
     * @param  bool   $_add_link When TRUE it creates a link to authors site.
     * @return string Returns the site warning message.
     * @access public
     */
    function getSiteWarn($_color = "NAVY", $_size = '-2', $_center = FALSE,
                         $_add_link = TRUE)
    {
        $_tmp_hold = $this->_warnings;
        $this->flushWarnings();
        $this->_setWrnMsg('SITE_WARN');
        $_msg = $this->_warnings;
        $this->_warnings = $_tmp_hold;

        $_msg = nl2br(htmlentities($_msg, ENT_QUOTES));

        if (empty($_color))
            $_color = 'NAVY';

        if (empty($_size))
            $_size  = '-2';

        if (!is_bool($_center))
            $_center = FALSE;

        if (!is_bool($_add_link))
            $_add_link = TRUE;

        if ($_add_link) {
            $_msg = str_replace('DB_eSession',
                           $this->createLink('http://www.code.dearneighbor.com',
                                             'DB_eSession', '_blank', FALSE),
                                $_msg);
        }

        $_msg = $this->_formatFont($_msg, $_color, $_size);

        if ($_center)
            $_msg = "<CENTER>{$_msg}</CENTER>";

        return $_msg;
    }


}   // End of DB_eSession class

// Make sure there are no whitespaces after the '>' character on the last line.
?>

History