source: trunk/include/functions_session.inc.php @ 20193

Last change on this file since 20193 was 19703, checked in by plg, 11 years ago

update Piwigo headers to 2013 (the end of the world didn't occur as expected on r12922)
  • Property svn:eol-style set to LF
File size: 6.3 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2013 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// The function generate_key creates a string with pseudo random characters.
25// the size of the string depends on the $conf['session_id_size'].
26// Characters used are a-z A-Z and numerical values. Examples :
27//                    "Er4Tgh6", "Rrp08P", "54gj"
28// input  : none (using global variable)
29// output : $key
30function generate_key($size)
31{
32  global $conf;
33
34  $md5 = md5(substr(microtime(), 2, 6));
35  $init = '';
36  for ( $i = 0; $i < strlen( $md5 ); $i++ )
37  {
38    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
39  }
40  $init = substr( $init, 0, 8 );
41  mt_srand( $init );
42  $key = '';
43  for ( $i = 0; $i < $size; $i++ )
44  {
45    $c = mt_rand( 0, 2 );
46    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
47    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
48    else                $key .= mt_rand( 0, 9 );
49  }
50  return $key;
51}
52
53if (isset($conf['session_save_handler'])
54  and ($conf['session_save_handler'] == 'db')
55  and defined('PHPWG_INSTALLED'))
56{
57  session_set_save_handler('pwg_session_open',
58    'pwg_session_close',
59    'pwg_session_read',
60    'pwg_session_write',
61    'pwg_session_destroy',
62    'pwg_session_gc'
63  );
64  if ( function_exists('ini_set') )
65  {
66    ini_set('session.use_cookies', $conf['session_use_cookies']);
67    ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
68    ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
69    ini_set('session.cookie_httponly', 1);
70  }
71  session_name($conf['session_name']);
72  session_set_cookie_params(0, cookie_path());
73  register_shutdown_function('session_write_close');
74}
75
76/**
77 * returns true; used when the session_start() function is called
78 *
79 * @params not use but useful for php engine
80 */
81function pwg_session_open($path, $name)
82{
83  return true;
84}
85
86/**
87 * returns true; used when the session is closed (unset($_SESSION))
88 *
89 */
90function pwg_session_close()
91{
92  return true;
93}
94
95function get_remote_addr_session_hash()
96{
97  global $conf;
98
99  if (!$conf['session_use_ip_address'])
100  {
101    return '';
102  }
103 
104  if (strpos($_SERVER['REMOTE_ADDR'],':')===false)
105  {//ipv4
106    return vsprintf(
107      "%02X%02X",
108      explode('.',$_SERVER['REMOTE_ADDR'])
109    );
110  }
111  return ''; //ipv6 not yet
112}
113
114/**
115 * this function returns
116 * a string corresponding to the value of the variable save in the session
117 * or an empty string when the variable doesn't exist
118 *
119 * @param string session id
120 */
121function pwg_session_read($session_id)
122{
123  $query = '
124SELECT data
125  FROM '.SESSIONS_TABLE.'
126  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
127;';
128  $result = pwg_query($query);
129  if ($result)
130  {
131    $row = pwg_db_fetch_assoc($result);
132    return $row['data'];
133  }
134  else
135  {
136    return '';
137  }
138}
139
140/**
141 * returns true; writes set a variable in the active session
142 *
143 * @param string session id
144 * @data string value of date to be saved
145 */
146function pwg_session_write($session_id, $data)
147{
148  $query = '
149REPLACE INTO '.SESSIONS_TABLE.'
150  (id,data,expiration)
151  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.str_replace("'", "\'", $data).'\',now())
152;';
153  pwg_query($query);
154  return true;
155}
156
157/**
158 * returns true; delete the active session
159 *
160 * @param string session id
161 */
162function pwg_session_destroy($session_id)
163{
164  $query = '
165DELETE
166  FROM '.SESSIONS_TABLE.'
167  WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
168;';
169  pwg_query($query);
170  return true;
171}
172
173/**
174 * returns true; delete expired sessions
175 * called each time a session is closed.
176 */
177function pwg_session_gc()
178{
179  global $conf;
180
181  $query = '
182DELETE
183  FROM '.SESSIONS_TABLE.'
184  WHERE '.pwg_db_date_to_ts('NOW()').' - '.pwg_db_date_to_ts('expiration').' > '
185  .$conf['session_length'].'
186;';
187  pwg_query($query);
188  return true;
189}
190
191
192/**
193 * persistently stores a variable for the current session
194 * currently we use standard php sessions but it might change
195 * @return boolean true on success
196 * @see pwg_get_session_var, pwg_unset_session_var
197 */
198function pwg_set_session_var($var, $value)
199{
200  if ( !isset($_SESSION) )
201    return false;
202  $_SESSION['pwg_'.$var] = $value;
203  return true;
204}
205
206/**
207 * retrieves the value of a persistent variable for the current session
208 * currently we use standard php sessions but it might change
209 * @return mixed
210 * @see pwg_set_session_var, pwg_unset_session_var
211 */
212function pwg_get_session_var($var, $default = null)
213{
214  if (isset( $_SESSION['pwg_'.$var] ) )
215  {
216    return $_SESSION['pwg_'.$var];
217  }
218  return $default;
219}
220
221/**
222 * deletes a persistent variable for the current session
223 * currently we use standard php sessions but it might change
224 * @return boolean true on success
225 * @see pwg_set_session_var, pwg_get_session_var
226 */
227function pwg_unset_session_var($var)
228{
229  if ( !isset($_SESSION) )
230    return false;
231  unset( $_SESSION['pwg_'.$var] );
232  return true;
233}
234
235?>
Note: See TracBrowser for help on using the repository browser.