source: branches/branch-1_7/include/functions_session.inc.php @ 2057

Last change on this file since 2057 was 2011, checked in by rub, 18 years ago

Issue 0000619: bad result of cookie_path() function

Manage gallery install on directly on root directory

Apply modifications from BSF (2006) ;-)

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 7.6 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | file          : $Id: functions_session.inc.php 2011 2007-05-14 21:09:21Z rub $
8// | last update   : $Date: 2007-05-14 21:09:21 +0000 (Mon, 14 May 2007) $
9// | last modifier : $Author: rub $
10// | revision      : $Revision: 2011 $
11// +-----------------------------------------------------------------------+
12// | This program is free software; you can redistribute it and/or modify  |
13// | it under the terms of the GNU General Public License as published by  |
14// | the Free Software Foundation                                          |
15// |                                                                       |
16// | This program is distributed in the hope that it will be useful, but   |
17// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
18// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
19// | General Public License for more details.                              |
20// |                                                                       |
21// | You should have received a copy of the GNU General Public License     |
22// | along with this program; if not, write to the Free Software           |
23// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
24// | USA.                                                                  |
25// +-----------------------------------------------------------------------+
26
27// The function generate_key creates a string with pseudo random characters.
28// the size of the string depends on the $conf['session_id_size'].
29// Characters used are a-z A-Z and numerical values. Examples :
30//                    "Er4Tgh6", "Rrp08P", "54gj"
31// input  : none (using global variable)
32// output : $key
33function generate_key($size)
34{
35  global $conf;
36
37  $md5 = md5(substr(microtime(), 2, 6));
38  $init = '';
39  for ( $i = 0; $i < strlen( $md5 ); $i++ )
40  {
41    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
42  }
43  $init = substr( $init, 0, 8 );
44  mt_srand( $init );
45  $key = '';
46  for ( $i = 0; $i < $size; $i++ )
47  {
48    $c = mt_rand( 0, 2 );
49    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
50    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
51    else                $key .= mt_rand( 0, 9 );
52  }
53  return $key;
54}
55
56if (isset($conf['session_save_handler'])
57  and ($conf['session_save_handler'] == 'db')
58  and defined('PHPWG_INSTALLED'))
59{
60  session_set_save_handler('pwg_session_open',
61    'pwg_session_close',
62    'pwg_session_read',
63    'pwg_session_write',
64    'pwg_session_destroy',
65    'pwg_session_gc'
66  );
67  if ( function_exists('ini_set') )
68  {
69    ini_set('session.use_cookies', $conf['session_use_cookies']);
70    ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
71    ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
72  }
73  session_name($conf['session_name']);
74  session_set_cookie_params(0, cookie_path());
75}
76
77// cookie_path returns the path to use for the PhpWebGallery cookie.
78// If PhpWebGallery is installed on :
79// http://domain.org/meeting/gallery/category.php
80// cookie_path will return : "/meeting/gallery"
81function cookie_path()
82{
83  if ( isset($_SERVER['REDIRECT_SCRIPT_NAME']) and
84       !empty($_SERVER['REDIRECT_SCRIPT_NAME']) )
85  {
86    $scr = $_SERVER['REDIRECT_SCRIPT_NAME'];
87  }
88  else if ( isset($_SERVER['REDIRECT_URL']) )
89  {
90    // mod_rewrite is activated for upper level directories. we must set the
91    // cookie to the path shown in the browser otherwise it will be discarded.
92    if 
93      ( 
94        isset($_SERVER['PATH_INFO']) and !empty($_SERVER['PATH_INFO']) and
95        ($_SERVER['REDIRECT_URL'] !== $_SERVER['PATH_INFO']) and
96        (substr($_SERVER['REDIRECT_URL'],-strlen($_SERVER['PATH_INFO']))
97            == $_SERVER['PATH_INFO'])
98      )
99    {
100      $scr = substr($_SERVER['REDIRECT_URL'], 0, 
101        strlen($_SERVER['REDIRECT_URL'])-strlen($_SERVER['PATH_INFO']));
102    }
103    else
104    {
105      $scr = $_SERVER['REDIRECT_URL'];
106    }
107  }
108  else
109  {
110    $scr = $_SERVER['SCRIPT_NAME'];
111  }
112
113  $scr = substr($scr,0,strrpos( $scr,'/'));
114
115  // add a trailing '/' if needed
116  if ((strlen($scr) == 0) or ($scr{strlen($scr)-1} !== '/'))
117  {
118    $scr .= '/';
119  }
120 
121  if ( substr(PHPWG_ROOT_PATH,0,3)=='../')
122  { // this is maybe a plugin inside pwg directory
123    // TODO - what if it is an external script outside PWG ?
124    $scr = $scr.PHPWG_ROOT_PATH;
125    while (1)
126    {
127      $new = preg_replace('#[^/]+/\.\.(/|$)#', '', $scr);
128      if ($new==$scr)
129      {
130        break;
131      }
132      $scr=$new;
133    }
134  }
135  return $scr;
136}
137
138/**
139 * returns true; used when the session_start() function is called
140 *
141 * @params not use but useful for php engine
142 */
143function pwg_session_open($path, $name)
144{
145  return true;
146}
147
148/**
149 * returns true; used when the session is closed (unset($_SESSION))
150 *
151 */
152function pwg_session_close()
153{
154  return true;
155}
156
157/**
158 * this function returns
159 * a string corresponding to the value of the variable save in the session
160 * or an empty string when the variable doesn't exist
161 *
162 * @param string session id
163 */
164function pwg_session_read($session_id)
165{
166  $query = '
167SELECT data
168  FROM '.SESSIONS_TABLE.'
169  WHERE id = \''.$session_id.'\'
170;';
171  $result = pwg_query($query);
172  if ($result)
173  {
174    $row = mysql_fetch_assoc($result);
175    return $row['data'];
176  }
177  else
178  {
179    return '';
180  }
181}
182
183/**
184 * returns true; writes set a variable in the active session
185 *
186 * @param string session id
187 * @data string value of date to be saved
188 */
189function pwg_session_write($session_id, $data)
190{
191  $query = '
192UPDATE '.SESSIONS_TABLE.'
193  SET expiration = now(),
194  data = \''.$data.'\'
195  WHERE id = \''.$session_id.'\'
196;';
197  pwg_query($query);
198  if ( mysql_affected_rows()>0 )
199  {
200    return true;
201  }
202  $query = '
203INSERT INTO '.SESSIONS_TABLE.'
204  (id,data,expiration)
205  VALUES(\''.$session_id.'\',\''.$data.'\',now())
206;';
207  mysql_query($query);
208  return true;
209}
210
211/**
212 * returns true; delete the active session
213 *
214 * @param string session id
215 */
216function pwg_session_destroy($session_id)
217{
218  $query = '
219DELETE
220  FROM '.SESSIONS_TABLE.'
221  WHERE id = \''.$session_id.'\'
222;';
223  pwg_query($query);
224  return true;
225}
226
227/**
228 * returns true; delete expired sessions
229 * called each time a session is closed.
230 */
231function pwg_session_gc()
232{
233  global $conf;
234
235  $query = '
236DELETE
237  FROM '.SESSIONS_TABLE.'
238  WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > '
239  .$conf['session_length'].'
240;';
241  pwg_query($query);
242  return true;
243}
244
245
246/**
247 * persistently stores a variable for the current session
248 * currently we use standard php sessions but it might change
249 * @return boolean true on success
250 * @see pwg_get_session_var, pwg_unset_session_var
251 */
252function pwg_set_session_var($var, $value)
253{
254  if ( !isset($_SESSION) )
255    return false;
256  $_SESSION['pwg_'.$var] = $value;
257  return true;
258}
259
260/**
261 * retrieves the value of a persistent variable for the current session
262 * currently we use standard php sessions but it might change
263 * @return mixed
264 * @see pwg_set_session_var, pwg_unset_session_var
265 */
266function pwg_get_session_var($var, $default = null)
267{
268  if (isset( $_SESSION['pwg_'.$var] ) )
269  {
270    return $_SESSION['pwg_'.$var];
271  }
272  return $default;
273}
274
275/**
276 * deletes a persistent variable for the current session
277 * currently we use standard php sessions but it might change
278 * @return boolean true on success
279 * @see pwg_set_session_var, pwg_get_session_var
280 */
281function pwg_unset_session_var($var)
282{
283  if ( !isset($_SESSION) )
284    return false;
285  unset( $_SESSION['pwg_'.$var] );
286  return true;
287}
288
289?>
Note: See TracBrowser for help on using the repository browser.