source: trunk/include/functions_session.inc.php @ 941

Last change on this file since 941 was 808, checked in by plg, 19 years ago
  • new : external authentication in another users table. Previous users table is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured.
  • modification : profile.php is not reachable through administration anymore (not useful).
  • modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed.
  • deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user
  • modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 4.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | branch        : BSF (Best So Far)
8// | file          : $RCSfile$
9// | last update   : $Date: 2005-08-08 20:52:19 +0000 (Mon, 08 Aug 2005) $
10// | last modifier : $Author: plg $
11// | revision      : $Revision: 808 $
12// +-----------------------------------------------------------------------+
13// | This program is free software; you can redistribute it and/or modify  |
14// | it under the terms of the GNU General Public License as published by  |
15// | the Free Software Foundation                                          |
16// |                                                                       |
17// | This program is distributed in the hope that it will be useful, but   |
18// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20// | General Public License for more details.                              |
21// |                                                                       |
22// | You should have received a copy of the GNU General Public License     |
23// | along with this program; if not, write to the Free Software           |
24// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25// | USA.                                                                  |
26// +-----------------------------------------------------------------------+
27
28// The function generate_key creates a string with pseudo random characters.
29// the size of the string depends on the $conf['session_id_size'].
30// Characters used are a-z A-Z and numerical values. Examples :
31//                    "Er4Tgh6", "Rrp08P", "54gj"
32// input  : none (using global variable)
33// output : $key
34function generate_key($size)
35{
36  global $conf;
37
38  $md5 = md5(substr(microtime(), 2, 6));
39  $init = '';
40  for ( $i = 0; $i < strlen( $md5 ); $i++ )
41  {
42    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
43  }
44  $init = substr( $init, 0, 8 );
45  mt_srand( $init );
46  $key = '';
47  for ( $i = 0; $i < $size; $i++ )
48  {
49    $c = mt_rand( 0, 2 );
50    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
51    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
52    else                $key .= mt_rand( 0, 9 );
53  }
54  return $key;
55}
56
57/**
58 * create a new session and returns the session identifier
59 *
60 * - find a non-already-used session key
61 * - create a session in database
62 * - return session identifier
63 *
64 * @param int userid
65 * @param int session_lentgh : in seconds
66 * @return string
67 */
68function session_create($userid, $session_length)
69{
70  global $conf;
71
72  // 1. searching an unused session key
73  $id_found = false;
74  while (!$id_found)
75  {
76    $generated_id = generate_key($conf['session_id_size']);
77    $query = '
78SELECT id
79  FROM '.SESSIONS_TABLE.'
80  WHERE id = \''.$generated_id.'\'
81;';
82    $result = pwg_query($query);
83    if (mysql_num_rows($result) == 0)
84    {
85      $id_found = true;
86    }
87  }
88  // 3. inserting session in database
89  $query = '
90INSERT INTO '.SESSIONS_TABLE.'
91  (id,user_id,expiration)
92  VALUES
93  (\''.$generated_id.'\','.$userid.',
94   ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND))
95;';
96  pwg_query($query);
97
98  $expiration = $session_length + time();
99  setcookie('id', $generated_id, $expiration, cookie_path());
100               
101  return $generated_id;
102}
103
104// add_session_id adds the id of the session to the string given in
105// parameter as $url. If the session id is the first parameter to the url,
106// it is preceded by a '?', else it is preceded by a '&amp;'. If the
107// parameter $redirect is set to true, '&' is used instead of '&'.
108function add_session_id( $url, $redirect = false )
109{
110  global $page, $user, $conf;
111
112  if ($user['is_the_guest']
113      or $user['has_cookie']
114      or $conf['apache_authentication'])
115  {
116    return $url;
117  }
118
119  if (preg_match('/\.php\?/', $url))
120  {
121    $separator = $redirect ? '&' : '&amp;';
122  }
123  else
124  {
125    $separator = '?';
126  }
127
128  return $url.$separator.'id='.$page['session_id'];
129}
130
131// cookie_path returns the path to use for the PhpWebGallery cookie.
132// If PhpWebGallery is installed on :
133// http://domain.org/meeting/gallery/category.php
134// cookie_path will return : "/meeting/gallery"
135function cookie_path()
136{
137  return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
138}
139?>
Note: See TracBrowser for help on using the repository browser.