Changeset 541 for trunk/include/functions_session.inc.php

Timestamp:

Oct 3, 2004, 1:12:50 AM (20 years ago)

Author:

z0rglub

Message:

• deletion of session_time and session_id_size as config parameter

• new feature : "remember me" creates a long time cookie

• possibility to set the default authentication method to URI or cookie

• really technical parameters (session identifier size, session duration) are set in the config file and not in database + configuration.php

File:

• trunk/include/functions_session.inc.php (modified) (3 diffs)

trunk/include/functions_session.inc.php

@@ -32 +32 @@
 // input  : none (using global variable)
 // output : $key
-function generate_key()
+function generate_key($size)
 {
   global $conf;
@@ -45 +45 @@
   mt_srand( $init );
   $key = '';
-  for ( $i = 0; $i < $conf['session_id_size']; $i++ )
+  for ( $i = 0; $i < $size; $i++ )
   {
     $c = mt_rand( 0, 2 );
@@ -55 +55 @@
 }
 
-// The function create_session finds a non-already-used session key and
-// returns it once found for the given user.
-function session_create( $username )
+/**
+ * create a new session and returns the session identifier
+ *
+ * - find a non-already-used session key
+ * - create a session in database
+ * - return session identifier
+ *
+ * @param int userid
+ * @param string method : cookie or URI
+ * @param int session_lentgh : in seconds
+ * @return string
+ */
+function session_create($userid, $method, $session_length)
 {
   global $conf;
+
   // 1. searching an unused session key
   $id_found = false;
-  while ( !$id_found )
+  while (!$id_found)
   {
-    $generated_id = generate_key();
-    $query = 'select id';
-    $query.= ' from '.PREFIX_TABLE.'sessions';
-    $query.= " where id = '".$generated_id."';";
-    $result = mysql_query( $query );
-    if ( mysql_num_rows( $result ) == 0 )
+    $generated_id = generate_key($conf['session_id_size_'.$method]);
+    $query = '
+SELECT id
+  FROM '.SESSIONS_TABLE.'
+  WHERE id = \''.$generated_id.'\'
+;';
+    $result = mysql_query($query);
+    if (mysql_num_rows($result) == 0)
     {
       $id_found = true;
     }
   }
-  // 2. retrieving id of the username given in parameter
-  $query = 'select id';
-  $query.= ' from '.USERS_TABLE;
-  $query.= " where username = '".$username."';";
-  $row = mysql_fetch_array( mysql_query( $query ) );
-  $user_id = $row['id'];
   // 3. inserting session in database
-  $expiration = $conf['session_time'] * 60 + time();
-  $query = 'insert into '.PREFIX_TABLE.'sessions';
-  $query.= ' (id,user_id,expiration,ip) values';
-  $query.= "('".$generated_id."','".$user_id;
-  $query.= "','".$expiration."','".$_SERVER['REMOTE_ADDR']."');";
-  mysql_query( $query );
+  $expiration = $session_length + time();
+  $query = '
+INSERT INTO '.SESSIONS_TABLE.'
+  (id,user_id,expiration,ip)
+  VALUES
+  (\''.$generated_id.'\','.$userid.','.$expiration.',
+   \''.$_SERVER['REMOTE_ADDR'].'\')
+;';
+  mysql_query($query);
+
+  if ($method == 'cookie')
+  {
+    setcookie('id', $generated_id, $session_length+time(), cookie_path());
+  }
                 
   return $generated_id;