source: trunk/include/functions_session.inc.php @ 4423

Last change on this file since 4423 was 4325, checked in by nikrou, 14 years ago

Feature 1244 resolved
Replace all mysql functions in core code by ones independant of database engine

Fix small php code synxtax : hash must be accessed with [ ] and not { }.
  • Property svn:eol-style set to LF
File size: 6.1 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// The function generate_key creates a string with pseudo random characters.
25// the size of the string depends on the $conf['session_id_size'].
26// Characters used are a-z A-Z and numerical values. Examples :
27//                    "Er4Tgh6", "Rrp08P", "54gj"
28// input  : none (using global variable)
29// output : $key
30function generate_key($size)
31{
32  global $conf;
33
34  $md5 = md5(substr(microtime(), 2, 6));
35  $init = '';
36  for ( $i = 0; $i < strlen( $md5 ); $i++ )
37  {
38    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
39  }
40  $init = substr( $init, 0, 8 );
41  mt_srand( $init );
42  $key = '';
43  for ( $i = 0; $i < $size; $i++ )
44  {
45    $c = mt_rand( 0, 2 );
46    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
47    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
48    else                $key .= mt_rand( 0, 9 );
49  }
50  return $key;
51}
52
53if (isset($conf['session_save_handler'])
54  and ($conf['session_save_handler'] == 'db')
55  and defined('PHPWG_INSTALLED'))
56{
57  session_set_save_handler('pwg_session_open',
58    'pwg_session_close',
59    'pwg_session_read',
60    'pwg_session_write',
61    'pwg_session_destroy',
62    'pwg_session_gc'
63  );
64  if ( function_exists('ini_set') )
65  {
66    ini_set('session.use_cookies', $conf['session_use_cookies']);
67    ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
68    ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
69    ini_set('session.cookie_httponly', 1);
70  }
71  session_name($conf['session_name']);
72  session_set_cookie_params(0, cookie_path());
73}
74
75/**
76 * returns true; used when the session_start() function is called
77 *
78 * @params not use but useful for php engine
79 */
80function pwg_session_open($path, $name)
81{
82  return true;
83}
84
85/**
86 * returns true; used when the session is closed (unset($_SESSION))
87 *
88 */
89function pwg_session_close()
90{
91  return true;
92}
93
94function get_remote_addr_session_hash()
95{
96  $separator = (FALSE === strpos($_SERVER['REMOTE_ADDR'],'.'))
97    ? ':'
98    : '.'
99  ;
100
101  return vsprintf(
102    "%02X%02X",
103    explode($separator,$_SERVER['REMOTE_ADDR'])
104  );
105}
106
107/**
108 * this function returns
109 * a string corresponding to the value of the variable save in the session
110 * or an empty string when the variable doesn't exist
111 *
112 * @param string session id
113 */
114function pwg_session_read($session_id)
115{
116  $query = '
117SELECT data
118  FROM '.SESSIONS_TABLE.'
119  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
120;';
121  $result = pwg_query($query);
122  if ($result)
123  {
124    $row = pwg_db_fetch_assoc($result);
125    return $row['data'];
126  }
127  else
128  {
129    return '';
130  }
131}
132
133/**
134 * returns true; writes set a variable in the active session
135 *
136 * @param string session id
137 * @data string value of date to be saved
138 */
139function pwg_session_write($session_id, $data)
140{
141  $query = '
142REPLACE INTO '.SESSIONS_TABLE.'
143  (id,data,expiration)
144  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
145;';
146  pwg_query($query);
147  return true;
148}
149
150/**
151 * returns true; delete the active session
152 *
153 * @param string session id
154 */
155function pwg_session_destroy($session_id)
156{
157  $query = '
158DELETE
159  FROM '.SESSIONS_TABLE.'
160  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
161;';
162  pwg_query($query);
163  return true;
164}
165
166/**
167 * returns true; delete expired sessions
168 * called each time a session is closed.
169 */
170function pwg_session_gc()
171{
172  global $conf;
173
174  $query = '
175DELETE
176  FROM '.SESSIONS_TABLE.'
177  WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > '
178  .$conf['session_length'].'
179;';
180  pwg_query($query);
181  return true;
182}
183
184
185/**
186 * persistently stores a variable for the current session
187 * currently we use standard php sessions but it might change
188 * @return boolean true on success
189 * @see pwg_get_session_var, pwg_unset_session_var
190 */
191function pwg_set_session_var($var, $value)
192{
193  if ( !isset($_SESSION) )
194    return false;
195  $_SESSION['pwg_'.$var] = $value;
196  return true;
197}
198
199/**
200 * retrieves the value of a persistent variable for the current session
201 * currently we use standard php sessions but it might change
202 * @return mixed
203 * @see pwg_set_session_var, pwg_unset_session_var
204 */
205function pwg_get_session_var($var, $default = null)
206{
207  if (isset( $_SESSION['pwg_'.$var] ) )
208  {
209    return $_SESSION['pwg_'.$var];
210  }
211  return $default;
212}
213
214/**
215 * deletes a persistent variable for the current session
216 * currently we use standard php sessions but it might change
217 * @return boolean true on success
218 * @see pwg_set_session_var, pwg_get_session_var
219 */
220function pwg_unset_session_var($var)
221{
222  if ( !isset($_SESSION) )
223    return false;
224  unset( $_SESSION['pwg_'.$var] );
225  return true;
226}
227
228?>
Note: See TracBrowser for help on using the repository browser.