Curl session cookie question

sfraise · 10-13-2011, 10:32 PM

I'm building a large site on Joomla with a ton of one off components and modules and am running into a strange problem.

I use a module called mod_component built by jomexperts (there site is messed up and forums don't load) which basically lets you load a component within a module. In this case I use it to load the profile wall which is it's self it's own component with the profile nested in a tab.

It works fine, but twice now it's just stopped working. The first time it happened a few weeks ago I tried and tried to solve the reason why, including setting up an exact instance on another server in which it worked fine, then suddenly a couple days later it just started working again on it's own. Since last night is the second time it's stopped working I realized what the common thing was between both instances. Last night there was a rather large ddos attack going on and our server was unresponsive for a few minutes, when it came back the module stopped working.

Looking through the module code there is a bit of curl code that writes a session id to a cookie. My guess is when the server went down a session didn't close and is not locked up.

This is the main module code:

Code:

<?php
/** 
 * Component Loader 
 * @version : 1.0.1 
 * @package : Component Loader 1.0.1 
 * @author : JomExperts 
 * @Copyright : Copyright © 2009 by Jomexperts.com 
 * @license : Component Loader 1.0.1 is Free Software released under the GNU/GPL License. 
*/ 


// no direct access
defined('_JEXEC') or die ('Restricted access');
/* Getting Parameters */
$component= $params->get('component','');
$view= $params->get('views','');
$custom=$params->get('custom','');
$auto=$params->get('autojscss','0');
$js=$params->get('customjs','');
$css=$params->get('customcss','');
$head_js=$params->get('custombodyjs','');
$head_css=$params->get('custombodycss','');
/* End of Parameters */

$type=array();
$layout=array();
if($component!=''){
	/* Getting components parameters like task, view, layout, etc. */
	$re1='.*?';	
	$re2='(?:[a-z][a-z0-9_]*)';	
	$re3='.*?';	
	$re4='((?:[a-z][a-z0-9_]*))';	
	$re5='.*?';	
	$re6='((?:[a-z][a-z0-9_]*))';	
	if ($c=preg_match_all ("/".$re1.$re2.$re3.$re4.$re5.$re6."/is", $view, $matches)){
		$type=$matches[1];
		$layout=$matches[2];
	}
	/* end */
	
	/* Creating URL */
	$user_id = $_GET['user'];
	$url=JURI::root().'index.php?'.$component.'&amp;tmpl=component&amp;print=1&amp;wuid='.$user_id.'';
	for($i=1;$i<count($type);$i++){
		$url.='&amp;'.$type[$i].'='.$layout[$i];
	}
	$url.=$custom;
	/* End */

	/* Getting current joomla Session ID */
	$session=&JFactory::getSession();
	$session_id=$session->getId();
	/* End */
	
	/* Starting curl session */
	$c_open=curl_init();
	curl_setopt($c_open, CURLOPT_URL , $url);
	curl_setopt($c_open, CURLOPT_HEADER, 1);
	curl_setopt($c_open, CURLOPT_RETURNTRANSFER, 1); 
	curl_setopt($c_open, CURLOPT_COOKIE, session_name().'='.$session_id );  // Passing session ID.
    $result=curl_exec($c_open);
    curl_close($c_open);
    /* End of curl session */
	
    $document=&JFactory::getDocument();
    $matches=array();
    if($auto=='0'){
    	$jsarray=explode(',',$js);
    	$cssarray=explode(',',$css);

    	for($i=0;$i<count($jsarray);$i++){
    		$document->addScript($jsarray[$i]);
    	}

    	for($i=0;$i<count($cssarray);$i++){
    		$document->addStyleSheet($cssarray[$i]);
    	}
    	if($head_js!=''){
    		$document->addScriptDeclaration($head_js);
    	}
    	if($head_css!=''){
    		$document->addStyleDeclaration($head_css);
    	}
    } else {
    	/* Using regular expression to match and extract contents between <head> and </head> tag */
    	$pattern = "/(<HEAD[^>]*>)(.*?)(<\/HEAD>)(.*)/si";
    	$count = preg_match_all($pattern,$result,$matches);
    	if ($count>0) {
    		$head=$matches[2][0];
    	} else {
    		$head='';
    	}

    	/* Using regular expression to match and extract contents between <script> and </script> tag with source */
    	$pattern = '/<script.*src=[\'\"](.*?)[\'\"][^>]*[^<]*(<\/script>)?/i';
    	$count = preg_match_all($pattern,$head,$scripts);
    	if ($count>0)
    	foreach ($scripts[1] as $script) {
    		$document->addScript($script);
    	}

    	/* Using regular expression to match and extract contents between <script> and </script> tag without source */
    	$pattern = '/<script[^>]*>(.*?)<\/script>/si';
    	$scripts= array();
    	$count = preg_match_all($pattern,$head,$scripts);
    	if ($count>0)
    	foreach ($scripts[1] as $script) {
    		if (trim($script)!='')
    		$document->addScriptDeclaration($script);
    	}

    	/* Using regular expression to match and extract contents link tag */
    	$pattern = '/<link.*href=[\'\"](.*?)[\'\"][^>]*[^<]*(<\/link>)?/i';
    	$count = preg_match_all($pattern,$head,$styles);
    	if ($count>0)
    	for ($x=0;$x<$count;$x++) {
    		if ((preg_match('/type=[\'"]text\/css[\'"]/i', $styles[0][$x])>0)||(preg_match('/rel=[\'"]stylesheet[\'"]/i', $styles[0][$x])>0))
    		$document->addStyleSheet($styles[1][$x]);
    	}

    	/* Using regular expression to match and extract contents between <style> and </style> */
    	$pattern = '/<style[^>]*>(.*?)<\/style>/si';
    	$styles = array();
    	$count = preg_match_all($pattern,$head,$styles);
    	if ($count>0)
    	foreach ($styles[1] as $style) {
    		if (trim($style)!='')
    		$document->addStyleDeclaration($style);
    	}
    }
	
	
    /* Using regular expression to match and extract contents between <body> and </body> tag */
    $pattern='~<body[^>]*>(.*?)</body>~si';

    if(preg_match_all($pattern,$result,$matches)){
    	echo ($matches[1][0]);
    } else {
     	echo "We're working on the wall, please check back later.";
    }
}

I think if I tweak that curl code to specify a path to it's own cookie file using cookiejar and cookiefile and write the session id to that and then add a session_write_close() it will prevent this problem from happening again, opinions on that? If you agree that will solve future problems what's the best way to write that out?

Also, my problem I have currently is I can't for the life of me unlock that bad session. I've wiped the php session files, the joomla sessions, the cache, rebooted the server, but this thing still won't come back. Maybe I'm wrong on this whole idea that a curl session is locked up, but if I echo all the way down the module code it stops working after the curl code.

Is there something somewhere like in php or something that specifies the session is locked that I need to wipe?

If I'm way off base here what do you guys think is causing the problem?

** EDIT **
I changed the curl code to this:

Code:

	/* Starting curl session */
 $ckfile = "/tmp/cookies.txt";
	$c_open=curl_init();
 curl_setopt($c_open, CURLOPT_COOKIEJAR, $ckfile);
	curl_setopt($c_open, CURLOPT_URL , $url);
	curl_setopt($c_open, CURLOPT_HEADER, 1);
	curl_setopt($c_open, CURLOPT_RETURNTRANSFER, 1); 
	curl_setopt($c_open, CURLOPT_COOKIEFILE, session_name().'='.$session_id );  // Passing session ID.
    session_write_close($c_open);
    $result=curl_exec($c_open);
    curl_close($c_open);
    /* End of curl session */

It's not writing anything at all, it should write a new file called cookies.txt to the /tmp folder but I get nothing.
On the other server where this is still working I changed this code the same way and it creates the cookies.txt and writes the session id data to it properly. The only issue I have there is even though it works and loads the wall the layout is kind of messed up. If I change the code back to it's original form it looks fine. Am I doing this wrong?