Context Navigation

source: trunk/include/functions_session.inc.php @ 2521

Last change on this file since 2521 was 2521, checked in by rvelices, 16 years ago
images.file categories.permalink old_permalinks.permalink - become binary session security improvement: now the sessions are valid only for originating ip addr (with mask 255.255.0.0 to allow users behind load balancing proxies) -> stealing the session cookie is almost a non issue (with the exception of the 65536 machines in range) metadata sync from the sync button does not overwrite valid data with empty metadata other small fixes/enhancements: added event get_category_image_orders fix display issue with redirect.tpl (h1/h2 within h1) fix known_script smarty function registration query search form not submitted if q is empty better admin css rules some other minor changes (ws_core, rest_handler, functions_search...)
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 6.2 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	// The function generate_key creates a string with pseudo random characters.
25	// the size of the string depends on the $conf['session_id_size'].
26	// Characters used are a-z A-Z and numerical values. Examples :
27	// "Er4Tgh6", "Rrp08P", "54gj"
28	// input : none (using global variable)
29	// output : $key
30	function generate_key($size)
31	{
32	global $conf;
33
34	$md5 = md5(substr(microtime(), 2, 6));
35	$init = '';
36	for ( $i = 0; $i < strlen( $md5 ); $i++ )
37	{
38	if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
39	}
40	$init = substr( $init, 0, 8 );
41	mt_srand( $init );
42	$key = '';
43	for ( $i = 0; $i < $size; $i++ )
44	{
45	$c = mt_rand( 0, 2 );
46	if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );
47	else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
48	else $key .= mt_rand( 0, 9 );
49	}
50	return $key;
51	}
52
53	if (isset($conf['session_save_handler'])
54	and ($conf['session_save_handler'] == 'db')
55	and defined('PHPWG_INSTALLED'))
56	{
57	session_set_save_handler('pwg_session_open',
58	'pwg_session_close',
59	'pwg_session_read',
60	'pwg_session_write',
61	'pwg_session_destroy',
62	'pwg_session_gc'
63	);
64	if ( function_exists('ini_set') )
65	{
66	ini_set('session.use_cookies', $conf['session_use_cookies']);
67	ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
68	ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
69	}
70	session_name($conf['session_name']);
71	session_set_cookie_params(0, cookie_path());
72	}
73
74	/**
75	* returns true; used when the session_start() function is called
76	*
77	* @params not use but useful for php engine
78	*/
79	function pwg_session_open($path, $name)
80	{
81	return true;
82	}
83
84	/**
85	* returns true; used when the session is closed (unset($_SESSION))
86	*
87	*/
88	function pwg_session_close()
89	{
90	return true;
91	}
92
93	function get_remote_addr_session_hash()
94	{
95	return vsprintf( "%02X%02X", explode('.',$_SERVER['REMOTE_ADDR']) );
96	}
97
98	/**
99	* this function returns
100	* a string corresponding to the value of the variable save in the session
101	* or an empty string when the variable doesn't exist
102	*
103	* @param string session id
104	*/
105	function pwg_session_read($session_id)
106	{
107	$query = '
108	SELECT data
109	FROM '.SESSIONS_TABLE.'
110	WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
111	;';
112	$result = pwg_query($query);
113	if ($result)
114	{
115	$row = mysql_fetch_assoc($result);
116	return $row['data'];
117	}
118	else
119	{
120	return '';
121	}
122	}
123
124	/**
125	* returns true; writes set a variable in the active session
126	*
127	* @param string session id
128	* @data string value of date to be saved
129	*/
130	function pwg_session_write($session_id, $data)
131	{
132	$query = '
133	UPDATE '.SESSIONS_TABLE.'
134	SET expiration = now(),
135	data = \''.$data.'\'
136	WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
137	;';
138	pwg_query($query);
139	if ( mysql_affected_rows()>0 )
140	{
141	return true;
142	}
143	$query = '
144	INSERT INTO '.SESSIONS_TABLE.'
145	(id,data,expiration)
146	VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.$data.'\',now())
147	;';
148	mysql_query($query);
149	return true;
150	}
151
152	/**
153	* returns true; delete the active session
154	*
155	* @param string session id
156	*/
157	function pwg_session_destroy($session_id)
158	{
159	$query = '
160	DELETE
161	FROM '.SESSIONS_TABLE.'
162	WHERE id = \''.get_remote_addr_session_hash().$session_id.'\'
163	;';
164	pwg_query($query);
165	return true;
166	}
167
168	/**
169	* returns true; delete expired sessions
170	* called each time a session is closed.
171	*/
172	function pwg_session_gc()
173	{
174	global $conf;
175
176	$query = '
177	DELETE
178	FROM '.SESSIONS_TABLE.'
179	WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(expiration) > '
180	.$conf['session_length'].'
181	;';
182	pwg_query($query);
183	return true;
184	}
185
186
187	/**
188	* persistently stores a variable for the current session
189	* currently we use standard php sessions but it might change
190	* @return boolean true on success
191	* @see pwg_get_session_var, pwg_unset_session_var
192	*/
193	function pwg_set_session_var($var, $value)
194	{
195	if ( !isset($_SESSION) )
196	return false;
197	$_SESSION['pwg_'.$var] = $value;
198	return true;
199	}
200
201	/**
202	* retrieves the value of a persistent variable for the current session
203	* currently we use standard php sessions but it might change
204	* @return mixed
205	* @see pwg_set_session_var, pwg_unset_session_var
206	*/
207	function pwg_get_session_var($var, $default = null)
208	{
209	if (isset( $_SESSION['pwg_'.$var] ) )
210	{
211	return $_SESSION['pwg_'.$var];
212	}
213	return $default;
214	}
215
216	/**
217	* deletes a persistent variable for the current session
218	* currently we use standard php sessions but it might change
219	* @return boolean true on success
220	* @see pwg_set_session_var, pwg_get_session_var
221	*/
222	function pwg_unset_session_var($var)
223	{
224	if ( !isset($_SESSION) )
225	return false;
226	unset( $_SESSION['pwg_'.$var] );
227	return true;
228	}
229
230	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: