1 | <?php |
---|
2 | // +-----------------------------------------------------------------------+ |
---|
3 | // | PhpWebGallery - a PHP based picture gallery | |
---|
4 | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | |
---|
5 | // | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net | |
---|
6 | // +-----------------------------------------------------------------------+ |
---|
7 | // | branch : BSF (Best So Far) |
---|
8 | // | file : $RCSfile$ |
---|
9 | // | last update : $Date: 2005-08-08 20:52:19 +0000 (Mon, 08 Aug 2005) $ |
---|
10 | // | last modifier : $Author: plg $ |
---|
11 | // | revision : $Revision: 808 $ |
---|
12 | // +-----------------------------------------------------------------------+ |
---|
13 | // | This program is free software; you can redistribute it and/or modify | |
---|
14 | // | it under the terms of the GNU General Public License as published by | |
---|
15 | // | the Free Software Foundation | |
---|
16 | // | | |
---|
17 | // | This program is distributed in the hope that it will be useful, but | |
---|
18 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
19 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
20 | // | General Public License for more details. | |
---|
21 | // | | |
---|
22 | // | You should have received a copy of the GNU General Public License | |
---|
23 | // | along with this program; if not, write to the Free Software | |
---|
24 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
25 | // | USA. | |
---|
26 | // +-----------------------------------------------------------------------+ |
---|
27 | |
---|
28 | // The function generate_key creates a string with pseudo random characters. |
---|
29 | // the size of the string depends on the $conf['session_id_size']. |
---|
30 | // Characters used are a-z A-Z and numerical values. Examples : |
---|
31 | // "Er4Tgh6", "Rrp08P", "54gj" |
---|
32 | // input : none (using global variable) |
---|
33 | // output : $key |
---|
34 | function generate_key($size) |
---|
35 | { |
---|
36 | global $conf; |
---|
37 | |
---|
38 | $md5 = md5(substr(microtime(), 2, 6)); |
---|
39 | $init = ''; |
---|
40 | for ( $i = 0; $i < strlen( $md5 ); $i++ ) |
---|
41 | { |
---|
42 | if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i]; |
---|
43 | } |
---|
44 | $init = substr( $init, 0, 8 ); |
---|
45 | mt_srand( $init ); |
---|
46 | $key = ''; |
---|
47 | for ( $i = 0; $i < $size; $i++ ) |
---|
48 | { |
---|
49 | $c = mt_rand( 0, 2 ); |
---|
50 | if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) ); |
---|
51 | else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) ); |
---|
52 | else $key .= mt_rand( 0, 9 ); |
---|
53 | } |
---|
54 | return $key; |
---|
55 | } |
---|
56 | |
---|
57 | /** |
---|
58 | * create a new session and returns the session identifier |
---|
59 | * |
---|
60 | * - find a non-already-used session key |
---|
61 | * - create a session in database |
---|
62 | * - return session identifier |
---|
63 | * |
---|
64 | * @param int userid |
---|
65 | * @param int session_lentgh : in seconds |
---|
66 | * @return string |
---|
67 | */ |
---|
68 | function session_create($userid, $session_length) |
---|
69 | { |
---|
70 | global $conf; |
---|
71 | |
---|
72 | // 1. searching an unused session key |
---|
73 | $id_found = false; |
---|
74 | while (!$id_found) |
---|
75 | { |
---|
76 | $generated_id = generate_key($conf['session_id_size']); |
---|
77 | $query = ' |
---|
78 | SELECT id |
---|
79 | FROM '.SESSIONS_TABLE.' |
---|
80 | WHERE id = \''.$generated_id.'\' |
---|
81 | ;'; |
---|
82 | $result = pwg_query($query); |
---|
83 | if (mysql_num_rows($result) == 0) |
---|
84 | { |
---|
85 | $id_found = true; |
---|
86 | } |
---|
87 | } |
---|
88 | // 3. inserting session in database |
---|
89 | $query = ' |
---|
90 | INSERT INTO '.SESSIONS_TABLE.' |
---|
91 | (id,user_id,expiration) |
---|
92 | VALUES |
---|
93 | (\''.$generated_id.'\','.$userid.', |
---|
94 | ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND)) |
---|
95 | ;'; |
---|
96 | pwg_query($query); |
---|
97 | |
---|
98 | $expiration = $session_length + time(); |
---|
99 | setcookie('id', $generated_id, $expiration, cookie_path()); |
---|
100 | |
---|
101 | return $generated_id; |
---|
102 | } |
---|
103 | |
---|
104 | // add_session_id adds the id of the session to the string given in |
---|
105 | // parameter as $url. If the session id is the first parameter to the url, |
---|
106 | // it is preceded by a '?', else it is preceded by a '&'. If the |
---|
107 | // parameter $redirect is set to true, '&' is used instead of '&'. |
---|
108 | function add_session_id( $url, $redirect = false ) |
---|
109 | { |
---|
110 | global $page, $user, $conf; |
---|
111 | |
---|
112 | if ($user['is_the_guest'] |
---|
113 | or $user['has_cookie'] |
---|
114 | or $conf['apache_authentication']) |
---|
115 | { |
---|
116 | return $url; |
---|
117 | } |
---|
118 | |
---|
119 | if (preg_match('/\.php\?/', $url)) |
---|
120 | { |
---|
121 | $separator = $redirect ? '&' : '&'; |
---|
122 | } |
---|
123 | else |
---|
124 | { |
---|
125 | $separator = '?'; |
---|
126 | } |
---|
127 | |
---|
128 | return $url.$separator.'id='.$page['session_id']; |
---|
129 | } |
---|
130 | |
---|
131 | // cookie_path returns the path to use for the PhpWebGallery cookie. |
---|
132 | // If PhpWebGallery is installed on : |
---|
133 | // http://domain.org/meeting/gallery/category.php |
---|
134 | // cookie_path will return : "/meeting/gallery" |
---|
135 | function cookie_path() |
---|
136 | { |
---|
137 | return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/')); |
---|
138 | } |
---|
139 | ?> |
---|