1 | <?php |
---|
2 | // +-----------------------------------------------------------------------+ |
---|
3 | // | functions_session.inc.php | |
---|
4 | // +-----------------------------------------------------------------------+ |
---|
5 | // | application : PhpWebGallery <http://phpwebgallery.net> | |
---|
6 | // | branch : BSF (Best So Far) | |
---|
7 | // +-----------------------------------------------------------------------+ |
---|
8 | // | file : $RCSfile$ |
---|
9 | // | last update : $Date: 2004-02-19 00:31:09 +0000 (Thu, 19 Feb 2004) $ |
---|
10 | // | last modifier : $Author: gweltas $ |
---|
11 | // | revision : $Revision: 364 $ |
---|
12 | // +-----------------------------------------------------------------------+ |
---|
13 | // | This program is free software; you can redistribute it and/or modify | |
---|
14 | // | it under the terms of the GNU General Public License as published by | |
---|
15 | // | the Free Software Foundation | |
---|
16 | // | | |
---|
17 | // | This program is distributed in the hope that it will be useful, but | |
---|
18 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
19 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
20 | // | General Public License for more details. | |
---|
21 | // | | |
---|
22 | // | You should have received a copy of the GNU General Public License | |
---|
23 | // | along with this program; if not, write to the Free Software | |
---|
24 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
25 | // | USA. | |
---|
26 | // +-----------------------------------------------------------------------+ |
---|
27 | |
---|
28 | // The function generate_key creates a string with pseudo random characters. |
---|
29 | // the size of the string depends on the $conf['session_id_size']. |
---|
30 | // Characters used are a-z A-Z and numerical values. Examples : |
---|
31 | // "Er4Tgh6", "Rrp08P", "54gj" |
---|
32 | // input : none (using global variable) |
---|
33 | // output : $key |
---|
34 | function generate_key() |
---|
35 | { |
---|
36 | global $conf; |
---|
37 | |
---|
38 | $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] ); |
---|
39 | $init = ''; |
---|
40 | for ( $i = 0; $i < strlen( $md5 ); $i++ ) |
---|
41 | { |
---|
42 | if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i]; |
---|
43 | } |
---|
44 | $init = substr( $init, 0, 8 ); |
---|
45 | mt_srand( $init ); |
---|
46 | $key = ''; |
---|
47 | for ( $i = 0; $i < $conf['session_id_size']; $i++ ) |
---|
48 | { |
---|
49 | $c = mt_rand( 0, 2 ); |
---|
50 | if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) ); |
---|
51 | else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) ); |
---|
52 | else $key .= mt_rand( 0, 9 ); |
---|
53 | } |
---|
54 | return $key; |
---|
55 | } |
---|
56 | |
---|
57 | // The function create_session finds a non-already-used session key and |
---|
58 | // returns it once found for the given user. |
---|
59 | function session_create( $username ) |
---|
60 | { |
---|
61 | global $conf; |
---|
62 | // 1. searching an unused session key |
---|
63 | $id_found = false; |
---|
64 | while ( !$id_found ) |
---|
65 | { |
---|
66 | $generated_id = generate_key(); |
---|
67 | $query = 'select id'; |
---|
68 | $query.= ' from '.PREFIX_TABLE.'sessions'; |
---|
69 | $query.= " where id = '".$generated_id."';"; |
---|
70 | $result = mysql_query( $query ); |
---|
71 | if ( mysql_num_rows( $result ) == 0 ) |
---|
72 | { |
---|
73 | $id_found = true; |
---|
74 | } |
---|
75 | } |
---|
76 | // 2. retrieving id of the username given in parameter |
---|
77 | $query = 'select id'; |
---|
78 | $query.= ' from '.USERS_TABLE; |
---|
79 | $query.= " where username = '".$username."';"; |
---|
80 | $row = mysql_fetch_array( mysql_query( $query ) ); |
---|
81 | $user_id = $row['id']; |
---|
82 | // 3. inserting session in database |
---|
83 | $expiration = $conf['session_time'] * 60 + time(); |
---|
84 | $query = 'insert into '.PREFIX_TABLE.'sessions'; |
---|
85 | $query.= ' (id,user_id,expiration,ip) values'; |
---|
86 | $query.= "('".$generated_id."','".$user_id; |
---|
87 | $query.= "','".$expiration."','".$_SERVER['REMOTE_ADDR']."');"; |
---|
88 | mysql_query( $query ); |
---|
89 | |
---|
90 | return $generated_id; |
---|
91 | } |
---|
92 | |
---|
93 | // add_session_id adds the id of the session to the string given in |
---|
94 | // parameter as $url. If the session id is the first parameter to the url, |
---|
95 | // it is preceded by a '?', else it is preceded by a '&'. If the |
---|
96 | // parameter $redirect is set to true, '&' is used instead of '&'. |
---|
97 | function add_session_id( $url, $redirect = false ) |
---|
98 | { |
---|
99 | global $page, $user; |
---|
100 | |
---|
101 | if ( $user['has_cookie'] ) return $url; |
---|
102 | |
---|
103 | $amp = '&'; |
---|
104 | if ( $redirect ) |
---|
105 | { |
---|
106 | $amp = '&'; |
---|
107 | } |
---|
108 | if ( !$user['is_the_guest'] ) |
---|
109 | { |
---|
110 | if ( preg_match( '/\.php\?/',$url ) ) |
---|
111 | { |
---|
112 | return $url.$amp.'id='.$page['session_id']; |
---|
113 | } |
---|
114 | else |
---|
115 | { |
---|
116 | return $url.'?id='.$page['session_id']; |
---|
117 | } |
---|
118 | } |
---|
119 | else |
---|
120 | { |
---|
121 | return $url; |
---|
122 | } |
---|
123 | } |
---|
124 | |
---|
125 | // cookie_path returns the path to use for the PhpWebGallery cookie. |
---|
126 | // If PhpWebGallery is installed on : |
---|
127 | // http://domain.org/meeting/gallery/category.php |
---|
128 | // cookie_path will return : "/meeting/gallery" |
---|
129 | function cookie_path() |
---|
130 | { |
---|
131 | return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/')); |
---|
132 | } |
---|
133 | ?> |
---|