source: trunk/include/functions_session.inc.php @ 1442

Last change on this file since 1442 was 1442, checked in by chrisaga, 18 years ago

fix bug 458: Cannot log due to broken session cookie (wrong "path")

use $_SERVERREDIRECT_URL if it's set
add a trailing '/'

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 6.2 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2006-07-08 09:27:23 +0000 (Sat, 08 Jul 2006) $
10// | last modifier : $Author: chrisaga $
11// | revision      : $Revision: 1442 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28// The function generate_key creates a string with pseudo random characters.
29// the size of the string depends on the $conf['session_id_size'].
30// Characters used are a-z A-Z and numerical values. Examples :
31//                    "Er4Tgh6", "Rrp08P", "54gj"
32// input  : none (using global variable)
33// output : $key
34function generate_key($size)
35{
36  global $conf;
37
38  $md5 = md5(substr(microtime(), 2, 6));
39  $init = '';
40  for ( $i = 0; $i < strlen( $md5 ); $i++ )
41  {
42    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
43  }
44  $init = substr( $init, 0, 8 );
45  mt_srand( $init );
46  $key = '';
47  for ( $i = 0; $i < $size; $i++ )
48  {
49    $c = mt_rand( 0, 2 );
50    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
51    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
52    else                $key .= mt_rand( 0, 9 );
53  }
54  return $key;
55}
56
57if (isset($conf['session_save_handler'])
58  and ($conf['session_save_handler'] == 'db')
59  and defined('PHPWG_INSTALLED'))
60{
61  session_set_save_handler('pwg_session_open',
62    'pwg_session_close',
63    'pwg_session_read',
64    'pwg_session_write',
65    'pwg_session_destroy',
66    'pwg_session_gc'
67  );
68  if ( function_exists('ini_set') )
69  {
70    ini_set('session.use_cookies', $conf['session_use_cookies']);
71    ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
72    ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
73  }
74  session_name( $conf['session_name'] );
75  session_set_cookie_params(
76      ini_get('session.cookie_lifetime'),
77      cookie_path()
78    );
79}
80
81// cookie_path returns the path to use for the PhpWebGallery cookie.
82// If PhpWebGallery is installed on :
83// http://domain.org/meeting/gallery/category.php
84// cookie_path will return : "/meeting/gallery"
85function cookie_path()
86{
87  if ( isset($_SERVER['REDIRECT_SCRIPT_NAME']) and 
88       !empty($_SERVER['REDIRECT_SCRIPT_NAME']) )
89  {
90    $scr = $_SERVER['REDIRECT_SCRIPT_NAME'];
91  }
92  else if ( isset($_SERVER['REDIRECT_URL']) )
93  { // mod_rewrite is activated for upper level directories. we must set the
94    // cookie to the path shown in the browser otherwise it will be discarded.
95    if ( isset($_SERVER['PATH_INFO']) and !empty($_SERVER['PATH_INFO']) )
96    {
97      $idx = strpos( $_SERVER['REDIRECT_URL'], $_SERVER['PATH_INFO'] );
98      if ($idx !== false)
99      {
100        $scr = substr($_SERVER['REDIRECT_URL'], 0, $idx);
101      }
102      else
103      {//this should never happen
104        $scr='//';
105      }
106    }
107    else
108    {
109      $scr = $_SERVER['REDIRECT_URL'];
110    }
111  }
112  else
113  {
114    $scr = $_SERVER['SCRIPT_NAME'];
115  }
116  $scr = substr($scr,0,strrpos( $scr,'/'));
117  // add a trailing '/' if needed
118  return ($scr{strlen($scr)-1} == '/') ? $scr : $scr . '/';
119}
120
121/**
122 * returns true; used when the session_start() function is called
123 *
124 * @params not use but useful for php engine
125 */
126function pwg_session_open($path, $name)
127{
128  return true;
129}
130
131/**
132 * returns true; used when the session is closed (unset($_SESSION))
133 *
134 */
135function pwg_session_close()
136{
137  return true;
138}
139
140/**
141 * this function returns
142 * a string corresponding to the value of the variable save in the session
143 * or an empty string when the variable doesn't exist
144 *
145 * @param string session id
146 */
147function pwg_session_read($session_id)
148{
149  $query = '
150SELECT data
151  FROM '.SESSIONS_TABLE.'
152  WHERE id = \''.$session_id.'\'
153;';
154  $result = pwg_query($query);
155  if ($result)
156  {
157    $row = mysql_fetch_assoc($result);
158    return $row['data'];
159  }
160  else
161  {
162    return '';
163  }
164}
165
166/**
167 * returns true; writes set a variable in the active session
168 *
169 * @param string session id
170 * @data string value of date to be saved
171 */
172function pwg_session_write($session_id, $data)
173{
174  $query = '
175UPDATE '.SESSIONS_TABLE.'
176  SET expiration = now(),
177  data = \''.$data.'\'
178  WHERE id = \''.$session_id.'\'
179;';
180  pwg_query($query);
181  if ( mysql_affected_rows()>0 )
182  {
183    return true;
184  }
185  $query = '
186INSERT INTO '.SESSIONS_TABLE.'
187  (id,data,expiration)
188  VALUES(\''.$session_id.'\',\''.$data.'\',now())
189;';
190  mysql_query($query);
191  return true;
192}
193
194/**
195 * returns true; delete the active session
196 *
197 * @param string session id
198 */
199function pwg_session_destroy($session_id)
200{
201  $query = '
202DELETE
203  FROM '.SESSIONS_TABLE.'
204  WHERE id = \''.$session_id.'\'
205;';
206  pwg_query($query);
207  return true;
208}
209
210/**
211 * returns true; delete expired sessions
212 * called each time a session is closed.
213 */
214function pwg_session_gc()
215{
216  global $conf;
217
218  $query = '
219DELETE
220  FROM '.SESSIONS_TABLE.'
221  WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > '
222  .$conf['session_length'].'
223;';
224  pwg_query($query);
225  return true;
226}
227?>
Note: See TracBrowser for help on using the repository browser.