Context Navigation

functions_session.inc.php @ 8528

Last change on this file since 8528 was 808, checked in by plg, 19 years ago

new : external authentication in another users table. Previous users table is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured.

modification : profile.php is not reachable through administration anymore (not useful).

modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed.

deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user

modification : $userforbidden_categories equals at least "-1" so that category_id NOT IN ($userforbidden_categories) can always be used.

modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table.

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 4.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2005-08-08 20:52:19 +0000 (Mon, 08 Aug 2005) $
10	// \| last modifier : $Author: plg $
11	// \| revision : $Revision: 808 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	// The function generate_key creates a string with pseudo random characters.
29	// the size of the string depends on the $conf['session_id_size'].
30	// Characters used are a-z A-Z and numerical values. Examples :
31	// "Er4Tgh6", "Rrp08P", "54gj"
32	// input : none (using global variable)
33	// output : $key
34	function generate_key($size)
35	{
36	global $conf;
37
38	$md5 = md5(substr(microtime(), 2, 6));
39	$init = '';
40	for ( $i = 0; $i < strlen( $md5 ); $i++ )
41	{
42	if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
43	}
44	$init = substr( $init, 0, 8 );
45	mt_srand( $init );
46	$key = '';
47	for ( $i = 0; $i < $size; $i++ )
48	{
49	$c = mt_rand( 0, 2 );
50	if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );
51	else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
52	else $key .= mt_rand( 0, 9 );
53	}
54	return $key;
55	}
56
57	/**
58	* create a new session and returns the session identifier
59	*
60	* - find a non-already-used session key
61	* - create a session in database
62	* - return session identifier
63	*
64	* @param int userid
65	* @param int session_lentgh : in seconds
66	* @return string
67	*/
68	function session_create($userid, $session_length)
69	{
70	global $conf;
71
72	// 1. searching an unused session key
73	$id_found = false;
74	while (!$id_found)
75	{
76	$generated_id = generate_key($conf['session_id_size']);
77	$query = '
78	SELECT id
79	FROM '.SESSIONS_TABLE.'
80	WHERE id = \''.$generated_id.'\'
81	;';
82	$result = pwg_query($query);
83	if (mysql_num_rows($result) == 0)
84	{
85	$id_found = true;
86	}
87	}
88	// 3. inserting session in database
89	$query = '
90	INSERT INTO '.SESSIONS_TABLE.'
91	(id,user_id,expiration)
92	VALUES
93	(\''.$generated_id.'\','.$userid.',
94	ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND))
95	;';
96	pwg_query($query);
97
98	$expiration = $session_length + time();
99	setcookie('id', $generated_id, $expiration, cookie_path());
100
101	return $generated_id;
102	}
103
104	// add_session_id adds the id of the session to the string given in
105	// parameter as $url. If the session id is the first parameter to the url,
106	// it is preceded by a '?', else it is preceded by a '&'. If the
107	// parameter $redirect is set to true, '&' is used instead of '&'.
108	function add_session_id( $url, $redirect = false )
109	{
110	global $page, $user, $conf;
111
112	if ($user['is_the_guest']
113	or $user['has_cookie']
114	or $conf['apache_authentication'])
115	{
116	return $url;
117	}
118
119	if (preg_match('/\.php\?/', $url))
120	{
121	$separator = $redirect ? '&' : '&';
122	}
123	else
124	{
125	$separator = '?';
126	}
127
128	return $url.$separator.'id='.$page['session_id'];
129	}
130
131	// cookie_path returns the path to use for the PhpWebGallery cookie.
132	// If PhpWebGallery is installed on :
133	// http://domain.org/meeting/gallery/category.php
134	// cookie_path will return : "/meeting/gallery"
135	function cookie_path()
136	{
137	return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
138	}
139	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: tags/release-1_5_0/include/functions_session.inc.php @ 8528

Download in other formats: