source: trunk/include/functions_session.inc.php @ 27034

Last change on this file since 27034 was 26461, checked in by mistic100, 11 years ago

Update headers to 2014. Happy new year!!
  • Property svn:eol-style set to LF
File size: 6.0 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2014 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24/**
25 * @package functions\session
26 */
27
28
29if (isset($conf['session_save_handler'])
30  and ($conf['session_save_handler'] == 'db')
31  and defined('PHPWG_INSTALLED'))
32{
33  session_set_save_handler(
34    'pwg_session_open',
35    'pwg_session_close',
36    'pwg_session_read',
37    'pwg_session_write',
38    'pwg_session_destroy',
39    'pwg_session_gc'
40  );
41
42  if (function_exists('ini_set'))
43  {
44    ini_set('session.use_cookies', $conf['session_use_cookies']);
45    ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
46    ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
47    ini_set('session.cookie_httponly', 1);
48  }
49
50  session_name($conf['session_name']);
51  session_set_cookie_params(0, cookie_path());
52  register_shutdown_function('session_write_close');
53}
54
55
56/**
57 * Generates a pseudo random string.
58 * Characters used are a-z A-Z and numerical values.
59 *
60 * @param int $size
61 * @return string
62 */
63function generate_key($size)
64{
65  global $conf;
66
67  $md5 = md5(substr(microtime(), 2, 6));
68  $init = '';
69  for ( $i = 0; $i < strlen( $md5 ); $i++ )
70  {
71    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
72  }
73  $init = substr( $init, 0, 8 );
74  mt_srand( $init );
75  $key = '';
76  for ( $i = 0; $i < $size; $i++ )
77  {
78    $c = mt_rand( 0, 2 );
79    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
80    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
81    else                $key .= mt_rand( 0, 9 );
82  }
83  return $key;
84}
85
86/**
87 * Called by PHP session manager, always return true.
88 *
89 * @param string $path
90 * @param sring $name
91 * @return true
92 */
93function pwg_session_open($path, $name)
94{
95  return true;
96}
97
98/**
99 * Called by PHP session manager, always return true.
100 *
101 * @return true
102 */
103function pwg_session_close()
104{
105  return true;
106}
107
108/**
109 * Returns a hash from current user IP
110 *
111 * @return string
112 */
113function get_remote_addr_session_hash()
114{
115  global $conf;
116
117  if (!$conf['session_use_ip_address'])
118  {
119    return '';
120  }
121 
122  if (strpos($_SERVER['REMOTE_ADDR'],':')===false)
123  {//ipv4
124    return vsprintf(
125      "%02X%02X",
126      explode('.',$_SERVER['REMOTE_ADDR'])
127    );
128  }
129  return ''; //ipv6 not yet
130}
131
132/**
133 * Called by PHP session manager, retrieves data stored in the sessions table.
134 *
135 * @param string $session_id
136 * @return string
137 */
138function pwg_session_read($session_id)
139{
140  $query = '
141SELECT data
142  FROM '.SESSIONS_TABLE.'
143  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
144;';
145  $result = pwg_query($query);
146  if ($result)
147  {
148    $row = pwg_db_fetch_assoc($result);
149    return $row['data'];
150  }
151  else
152  {
153    return '';
154  }
155}
156
157/**
158 * Called by PHP session manager, writes data in the sessions table.
159 *
160 * @param string $session_id
161 * @param sring $data
162 * @return true
163 */
164function pwg_session_write($session_id, $data)
165{
166  $query = '
167REPLACE INTO '.SESSIONS_TABLE.'
168  (id,data,expiration)
169  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.pwg_db_real_escape_string($data).'\',now())
170;';
171  pwg_query($query);
172  return true;
173}
174
175/**
176 * Called by PHP session manager, deletes data in the sessions table.
177 *
178 * @param string $session_id
179 * @return true
180 */
181function pwg_session_destroy($session_id)
182{
183  $query = '
184DELETE
185  FROM '.SESSIONS_TABLE.'
186  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
187;';
188  pwg_query($query);
189  return true;
190}
191
192/**
193 * Called by PHP session manager, garbage collector for expired sessions.
194 *
195 * @return true
196 */
197function pwg_session_gc()
198{
199  global $conf;
200
201  $query = '
202DELETE
203  FROM '.SESSIONS_TABLE.'
204  WHERE '.pwg_db_date_to_ts('NOW()').' - '.pwg_db_date_to_ts('expiration').' > '
205  .$conf['session_length'].'
206;';
207  pwg_query($query);
208  return true;
209}
210
211/**
212 * Persistently stores a variable for the current session.
213 *
214 * @param string $var
215 * @param mixed $value
216 * @return bool
217 */
218function pwg_set_session_var($var, $value)
219{
220  if ( !isset($_SESSION) )
221    return false;
222  $_SESSION['pwg_'.$var] = $value;
223  return true;
224}
225
226/**
227 * Retrieves the value of a persistent variable for the current session.
228 *
229 * @param string $var
230 * @param mixed $default
231 * @return mixed
232 */
233function pwg_get_session_var($var, $default = null)
234{
235  if (isset( $_SESSION['pwg_'.$var] ) )
236  {
237    return $_SESSION['pwg_'.$var];
238  }
239  return $default;
240}
241
242/**
243 * Deletes a persistent variable for the current session.
244 *
245 * @param string $var
246 * @return bool
247 */
248function pwg_unset_session_var($var)
249{
250  if ( !isset($_SESSION) )
251    return false;
252  unset( $_SESSION['pwg_'.$var] );
253  return true;
254}
255
256?>
Note: See TracBrowser for help on using the repository browser.