Context Navigation

source: trunk/include/functions_session.inc.php @ 1004

Last change on this file since 1004 was 1004, checked in by nikrou, 18 years ago

Improve security of sessions:

use only cookies to store session id on client side
use default php session system with database handler to store sessions on server side

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 3.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2006-01-15 13:45:42 +0000 (Sun, 15 Jan 2006) $
10	// \| last modifier : $Author: nikrou $
11	// \| revision : $Revision: 1004 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	if (isset($conf['session_save_handler']) and ($conf['session_save_handler'] == 'db')) {
29	session_set_save_handler('pwg_session_open',
30	'pwg_session_close',
31	'pwg_session_read',
32	'pwg_session_write',
33	'pwg_session_destroy',
34	'pwg_session_gc'
35	);
36	}
37
38	ini_set('session.use_cookies', $conf['session_use_cookies']);
39	ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
40	ini_set('session.use_trans_sid', $conf['session_use_trans_sid']);
41	ini_set('session.name', $conf['session_name']);
42
43	function pwg_session_open($path, $name)
44	{
45	return true;
46	}
47
48	function pwg_session_close()
49	{
50	pwg_session_gc();
51	return true;
52	}
53
54	function pwg_session_read($session_id)
55	{
56	$query = "SELECT data FROM " . SESSIONS_TABLE;
57	$query .= " WHERE id = '$session_id'";
58	$result = pwg_query($query);
59	if ($result) {
60	$row = mysql_fetch_assoc($result);
61	return $row['data'];
62	} else {
63	return '';
64	}
65	}
66
67	function pwg_session_write($session_id, $data)
68	{
69	$query = "SELECT id FROM " . SESSIONS_TABLE;
70	$query .= " WHERE id = '$session_id'";
71	$result = pwg_query($query);
72	if (mysql_num_rows($result)) {
73	$query = "UPDATE " . SESSIONS_TABLE . " SET expiration = now()";
74	$query .= " WHERE id = '$session_id'";
75	pwg_query($query);
76	} else {
77	$query = "INSERT INTO " . SESSIONS_TABLE . " (id,data,expiration)";
78	$query .= " VALUES('$session_id','$data',now())";
79	pwg_query($query);
80	}
81	return true;
82	}
83
84	function pwg_session_destroy($session_id)
85	{
86	$query = "DELETE FROM " . SESSIONS_TABLE;
87	$query .= " WHERE id = '$session_id'";
88	pwg_query($query);
89	return true;
90	}
91
92	function pwg_session_gc()
93	{
94	global $conf;
95
96	$query = "DELETE FROM " . SESSIONS_TABLE;
97	$query .= " WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > " . $conf['session_length'];
98	pwg_query($query);
99	return true;
100	}
101	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: