| 1 | <?php |
|---|
| 2 | /*************************************************************************** |
|---|
| 3 | * functions_session.inc.php * |
|---|
| 4 | * ------------------- * |
|---|
| 5 | * application : PhpWebGallery 1.3 <http://phpwebgallery.net> * |
|---|
| 6 | * author : Pierrick LE GALL <pierrick@z0rglub.com> * |
|---|
| 7 | * * |
|---|
| 8 | * $Id: functions_session.inc.php 427 2004-06-03 21:47:38Z None $ |
|---|
| 9 | * * |
|---|
| 10 | *************************************************************************** |
|---|
| 11 | |
|---|
| 12 | *************************************************************************** |
|---|
| 13 | * * |
|---|
| 14 | * This program is free software; you can redistribute it and/or modify * |
|---|
| 15 | * it under the terms of the GNU General Public License as published by * |
|---|
| 16 | * the Free Software Foundation; * |
|---|
| 17 | * * |
|---|
| 18 | ***************************************************************************/ |
|---|
| 19 | |
|---|
| 20 | // The function generate_key creates a string with pseudo random characters. |
|---|
| 21 | // the size of the string depends on the $conf['session_id_size']. |
|---|
| 22 | // Characters used are a-z A-Z and numerical values. Examples : |
|---|
| 23 | // "Er4Tgh6", "Rrp08P", "54gj" |
|---|
| 24 | // input : none (using global variable) |
|---|
| 25 | // output : $key |
|---|
| 26 | function generate_key() |
|---|
| 27 | { |
|---|
| 28 | global $conf; |
|---|
| 29 | |
|---|
| 30 | $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] ); |
|---|
| 31 | $init = ''; |
|---|
| 32 | for ( $i = 0; $i < strlen( $md5 ); $i++ ) |
|---|
| 33 | { |
|---|
| 34 | if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i]; |
|---|
| 35 | } |
|---|
| 36 | $init = substr( $init, 0, 8 ); |
|---|
| 37 | mt_srand( $init ); |
|---|
| 38 | $key = ''; |
|---|
| 39 | for ( $i = 0; $i < $conf['session_id_size']; $i++ ) |
|---|
| 40 | { |
|---|
| 41 | $c = mt_rand( 0, 2 ); |
|---|
| 42 | if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) ); |
|---|
| 43 | else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) ); |
|---|
| 44 | else $key .= mt_rand( 0, 9 ); |
|---|
| 45 | } |
|---|
| 46 | return $key; |
|---|
| 47 | } |
|---|
| 48 | |
|---|
| 49 | // The function create_session finds a non-already-used session key and |
|---|
| 50 | // returns it once found for the given user. |
|---|
| 51 | function session_create( $username ) |
|---|
| 52 | { |
|---|
| 53 | global $conf; |
|---|
| 54 | // 1. searching an unused session key |
|---|
| 55 | $id_found = false; |
|---|
| 56 | while ( !$id_found ) |
|---|
| 57 | { |
|---|
| 58 | $generated_id = generate_key(); |
|---|
| 59 | $query = 'select id'; |
|---|
| 60 | $query.= ' from '.PREFIX_TABLE.'sessions'; |
|---|
| 61 | $query.= " where id = '".$generated_id."';"; |
|---|
| 62 | $result = mysql_query( $query ); |
|---|
| 63 | if ( mysql_num_rows( $result ) == 0 ) |
|---|
| 64 | { |
|---|
| 65 | $id_found = true; |
|---|
| 66 | } |
|---|
| 67 | } |
|---|
| 68 | // 2. retrieving id of the username given in parameter |
|---|
| 69 | $query = 'select id'; |
|---|
| 70 | $query.= ' from '.PREFIX_TABLE.'users'; |
|---|
| 71 | $query.= " where username = '".$username."';"; |
|---|
| 72 | $row = mysql_fetch_array( mysql_query( $query ) ); |
|---|
| 73 | $user_id = $row['id']; |
|---|
| 74 | // 3. inserting session in database |
|---|
| 75 | $expiration = $conf['session_time'] * 60 + time(); |
|---|
| 76 | $query = 'insert into '.PREFIX_TABLE.'sessions'; |
|---|
| 77 | $query.= ' (id,user_id,expiration,ip) values'; |
|---|
| 78 | $query.= "('".$generated_id."','".$user_id; |
|---|
| 79 | $query.= "','".$expiration."','".$_SERVER['REMOTE_ADDR']."');"; |
|---|
| 80 | mysql_query( $query ); |
|---|
| 81 | |
|---|
| 82 | return $generated_id; |
|---|
| 83 | } |
|---|
| 84 | |
|---|
| 85 | // add_session_id adds the id of the session to the string given in |
|---|
| 86 | // parameter as $url. If the session id is the first parameter to the url, |
|---|
| 87 | // it is preceded by a '?', else it is preceded by a '&'. If the |
|---|
| 88 | // parameter $redirect is set to true, '&' is used instead of '&'. |
|---|
| 89 | function add_session_id( $url, $redirect = false ) |
|---|
| 90 | { |
|---|
| 91 | global $page, $user; |
|---|
| 92 | |
|---|
| 93 | if ( $user['has_cookie'] ) return $url; |
|---|
| 94 | |
|---|
| 95 | $amp = '&'; |
|---|
| 96 | if ( $redirect ) |
|---|
| 97 | { |
|---|
| 98 | $amp = '&'; |
|---|
| 99 | } |
|---|
| 100 | if ( !$user['is_the_guest'] ) |
|---|
| 101 | { |
|---|
| 102 | if ( preg_match( '/\.php\?/',$url ) ) |
|---|
| 103 | { |
|---|
| 104 | return $url.$amp.'id='.$page['session_id']; |
|---|
| 105 | } |
|---|
| 106 | else |
|---|
| 107 | { |
|---|
| 108 | return $url.'?id='.$page['session_id']; |
|---|
| 109 | } |
|---|
| 110 | } |
|---|
| 111 | else |
|---|
| 112 | { |
|---|
| 113 | return $url; |
|---|
| 114 | } |
|---|
| 115 | } |
|---|
| 116 | |
|---|
| 117 | // cookie_path returns the path to use for the PhpWebGallery cookie. |
|---|
| 118 | // If PhpWebGallery is installed on : |
|---|
| 119 | // http://domain.org/meeting/gallery/category.php |
|---|
| 120 | // cookie_path will return : "/meeting/gallery" |
|---|
| 121 | function cookie_path() |
|---|
| 122 | { |
|---|
| 123 | return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/')); |
|---|
| 124 | } |
|---|
| 125 | ?> |
|---|
