Context Navigation

source: trunk/include/functions_session.inc.php @ 1462

Last change on this file since 1462 was 1442, checked in by chrisaga, 18 years ago

fix bug 458: Cannot log due to broken session cookie (wrong "path")

use $_SERVERREDIRECT_URL if it's set
add a trailing '/'

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 6.2 KB

Rev	Line
[2]	1	<?php
[362]	2	// +-----------------------------------------------------------------------+
[593]	3	// \| PhpWebGallery - a PHP based picture gallery \|
	4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
[675]	5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
[362]	6	// +-----------------------------------------------------------------------+
[593]	7	// \| branch : BSF (Best So Far)
[362]	8	// \| file : $RCSfile$
	9	// \| last update : $Date: 2006-07-08 09:27:23 +0000 (Sat, 08 Jul 2006) $
	10	// \| last modifier : $Author: chrisaga $
	11	// \| revision : $Revision: 1442 $
	12	// +-----------------------------------------------------------------------+
	13	// \| This program is free software; you can redistribute it and/or modify \|
	14	// \| it under the terms of the GNU General Public License as published by \|
	15	// \| the Free Software Foundation \|
	16	// \| \|
	17	// \| This program is distributed in the hope that it will be useful, but \|
	18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
	19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
	20	// \| General Public License for more details. \|
	21	// \| \|
	22	// \| You should have received a copy of the GNU General Public License \|
	23	// \| along with this program; if not, write to the Free Software \|
	24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
	25	// \| USA. \|
	26	// +-----------------------------------------------------------------------+
[2]	27
[1013]	28	// The function generate_key creates a string with pseudo random characters.
	29	// the size of the string depends on the $conf['session_id_size'].
	30	// Characters used are a-z A-Z and numerical values. Examples :
	31	// "Er4Tgh6", "Rrp08P", "54gj"
	32	// input : none (using global variable)
	33	// output : $key
	34	function generate_key($size)
	35	{
	36	global $conf;
	37
	38	$md5 = md5(substr(microtime(), 2, 6));
	39	$init = '';
	40	for ( $i = 0; $i < strlen( $md5 ); $i++ )
	41	{
	42	if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
	43	}
	44	$init = substr( $init, 0, 8 );
	45	mt_srand( $init );
	46	$key = '';
	47	for ( $i = 0; $i < $size; $i++ )
	48	{
	49	$c = mt_rand( 0, 2 );
	50	if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );
	51	else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
	52	else $key .= mt_rand( 0, 9 );
	53	}
	54	return $key;
	55	}
	56
[1063]	57	if (isset($conf['session_save_handler'])
[1013]	58	and ($conf['session_save_handler'] == 'db')
[1063]	59	and defined('PHPWG_INSTALLED'))
[1007]	60	{
[1063]	61	session_set_save_handler('pwg_session_open',
[1007]	62	'pwg_session_close',
	63	'pwg_session_read',
	64	'pwg_session_write',
	65	'pwg_session_destroy',
	66	'pwg_session_gc'
	67	);
[1217]	68	if ( function_exists('ini_set') )
	69	{
	70	ini_set('session.use_cookies', $conf['session_use_cookies']);
	71	ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
	72	ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
	73	}
	74	session_name( $conf['session_name'] );
	75	session_set_cookie_params(
	76	ini_get('session.cookie_lifetime'),
	77	cookie_path()
	78	);
[1004]	79	}
	80
[1029]	81	// cookie_path returns the path to use for the PhpWebGallery cookie.
	82	// If PhpWebGallery is installed on :
	83	// http://domain.org/meeting/gallery/category.php
	84	// cookie_path will return : "/meeting/gallery"
	85	function cookie_path()
	86	{
[1442]	87	if ( isset($_SERVER['REDIRECT_SCRIPT_NAME']) and
	88	!empty($_SERVER['REDIRECT_SCRIPT_NAME']) )
	89	{
	90	$scr = $_SERVER['REDIRECT_SCRIPT_NAME'];
	91	}
	92	else if ( isset($_SERVER['REDIRECT_URL']) )
[1063]	93	{ // mod_rewrite is activated for upper level directories. we must set the
[1029]	94	// cookie to the path shown in the browser otherwise it will be discarded.
[1430]	95	if ( isset($_SERVER['PATH_INFO']) and !empty($_SERVER['PATH_INFO']) )
[1092]	96	{
	97	$idx = strpos( $_SERVER['REDIRECT_URL'], $_SERVER['PATH_INFO'] );
	98	if ($idx !== false)
	99	{
	100	$scr = substr($_SERVER['REDIRECT_URL'], 0, $idx);
	101	}
	102	else
	103	{//this should never happen
	104	$scr='//';
	105	}
	106	}
	107	else
	108	{
	109	$scr = $_SERVER['REDIRECT_URL'];
	110	}
[1029]	111	}
	112	else
	113	{
[1092]	114	$scr = $_SERVER['SCRIPT_NAME'];
[1029]	115	}
[1442]	116	$scr = substr($scr,0,strrpos( $scr,'/'));
	117	// add a trailing '/' if needed
	118	return ($scr{strlen($scr)-1} == '/') ? $scr : $scr . '/';
[1029]	119	}
	120
[1010]	121	/**
	122	* returns true; used when the session_start() function is called
	123	*
	124	* @params not use but useful for php engine
	125	*/
[1063]	126	function pwg_session_open($path, $name)
[2]	127	{
[1004]	128	return true;
	129	}
[45]	130
[1010]	131	/**
	132	* returns true; used when the session is closed (unset($_SESSION))
	133	*
	134	*/
[1063]	135	function pwg_session_close()
[1004]	136	{
	137	return true;
[2]	138	}
[45]	139
[1010]	140	/**
	141	* this function returns
[1063]	142	* a string corresponding to the value of the variable save in the session
[1010]	143	* or an empty string when the variable doesn't exist
[1063]	144	*
[1010]	145	* @param string session id
	146	*/
[1063]	147	function pwg_session_read($session_id)
[2]	148	{
[1007]	149	$query = '
[1063]	150	SELECT data
[1010]	151	FROM '.SESSIONS_TABLE.'
	152	WHERE id = \''.$session_id.'\'
	153	;';
[1004]	154	$result = pwg_query($query);
[1063]	155	if ($result)
[1007]	156	{
[1004]	157	$row = mysql_fetch_assoc($result);
	158	return $row['data'];
[1063]	159	}
	160	else
[1007]	161	{
[1004]	162	return '';
[2]	163	}
	164	}
	165
[1010]	166	/**
[1063]	167	* returns true; writes set a variable in the active session
	168	*
[1010]	169	* @param string session id
	170	* @data string value of date to be saved
	171	*/
[1063]	172	function pwg_session_write($session_id, $data)
[2]	173	{
[1007]	174	$query = '
[1063]	175	UPDATE '.SESSIONS_TABLE.'
[1032]	176	SET expiration = now(),
	177	data = \''.$data.'\'
[1010]	178	WHERE id = \''.$session_id.'\'
[1063]	179	;';
	180	pwg_query($query);
[1192]	181	if ( mysql_affected_rows()>0 )
[1217]	182	{
[1192]	183	return true;
	184	}
	185	$query = '
[1063]	186	INSERT INTO '.SESSIONS_TABLE.'
[1010]	187	(id,data,expiration)
	188	VALUES(\''.$session_id.'\',\''.$data.'\',now())
	189	;';
[1217]	190	mysql_query($query);
[1004]	191	return true;
	192	}
[808]	193
[1010]	194	/**
[1063]	195	* returns true; delete the active session
	196	*
[1010]	197	* @param string session id
	198	*/
[1063]	199	function pwg_session_destroy($session_id)
[1004]	200	{
[1007]	201	$query = '
[1063]	202	DELETE
[1010]	203	FROM '.SESSIONS_TABLE.'
	204	WHERE id = \''.$session_id.'\'
	205	;';
[1004]	206	pwg_query($query);
	207	return true;
[2]	208	}
[45]	209
[1010]	210	/**
	211	* returns true; delete expired sessions
	212	* called each time a session is closed.
	213	*/
[1063]	214	function pwg_session_gc()
[45]	215	{
[1004]	216	global $conf;
	217
[1007]	218	$query = '
[1063]	219	DELETE
[1010]	220	FROM '.SESSIONS_TABLE.'
[1007]	221	WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > '
[1010]	222	.$conf['session_length'].'
	223	;';
[1004]	224	pwg_query($query);
	225	return true;
[45]	226	}
[362]	227	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: