During a recent project I ended up using ADODB and found it very effective. Especially the wrapper it places around PHPs sessions, it stores them in the DB instead of in the temp directory, which can be less secure. It also handles encryption of the session variables contents, but only using MD5 originally and I prefer to use SHA1. So I hacked the following to allow me to do so and I contributed it to ADODB.
adodb-encrypt-sha1.php (new file):
<?php
if (!defined('ADODB_SESSION')) die();
include_once ADODB_SESSION . '/crypt.inc.php';
class ADODB_Encrypt_SHA1 {
function write($data, $key) {
$sha1crypt =& new SHA1Crypt();
return $sha1crypt->encrypt($data, $key);
}
function read($data, $key) {
$sha1crypt =& new SHA1Crypt();
return $sha1crypt->decrypt($data, $key);
}
}
return 1;
Add to crypt.inc.php:
<?php
class SHA1Crypt{
function keyED($txt,$encrypt_key)
{
$encrypt_key = sha1($encrypt_key);
$ctr=0;
$tmp = "";
for ($i=0;$i<strlen($txt);$i++){
if ($ctr==strlen($encrypt_key)) $ctr=0;
$tmp.= substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1);
$ctr++;
}
return $tmp;
}
function Encrypt($txt,$key)
{
srand((double)microtime()*1000000);
$encrypt_key = sha1(rand(0,32000));
$ctr=0;
$tmp = "";
for ($i=0;$i<strlen($txt);$i++)
{
if ($ctr==strlen($encrypt_key)) $ctr=0;
$tmp.= substr($encrypt_key,$ctr,1) .
(substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1));
$ctr++;
}
return base64_encode($this->keyED($tmp,$key));
}
function Decrypt($txt,$key)
{
$txt = $this->keyED(base64_decode($txt),$key);
$tmp = "";
for ($i=0;$i<strlen($txt);$i++){
$sha1 = substr($txt,$i,1);
$i++;
$tmp.= (substr($txt,$i,1) ^ $sha1);
}
return $tmp;
}
function RandPass()
{
$randomPassword = "";
srand((double)microtime()*1000000);
for($i=0;$i<8;$i++)
{
$randnumber = rand(48,120);
while (($randnumber >= 58 && $randnumber <= 64) || ($randnumber >= 91 && $randnumber <= 96))
{
$randnumber = rand(48,120);
}
$randomPassword .= chr($randnumber);
}
return $randomPassword;
}
}
This code has now been added to the stable release of ADODB.