Changeset 45 for trunk/include


Ignore:
Timestamp:
Jul 27, 2003, 10:24:10 AM (21 years ago)
Author:
z0rglub
Message:

optional cookie identification

Location:
trunk/include
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/config.inc.php

    r42 r45  
    6363                'upload_maxheight', 'upload_maxwidth_thumbnail',
    6464                'upload_maxheight_thumbnail','log','comments_validation',
    65                 'comments_forall' );
     65                'comments_forall','authorize_cookies' );
    6666
    6767$query  = 'SELECT ';

  • trunk/include/functions_session.inc.php

    r14 r45  
    1515 *                                                                         *
    1616 ***************************************************************************/
     17
     18// The function generate_key creates a string with pseudo random characters.
     19// the size of the string depends on the $conf['session_id_size'].
     20// Characters used are a-z A-Z and numerical values. Examples :
     21//                    "Er4Tgh6", "Rrp08P", "54gj"
     22// input  : none (using global variable)
     23// output : $key
    1724function generate_key()
    1825{
    1926  global $conf;
     27
    2028  $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] );
    2129  $init = '';
    2230  for ( $i = 0; $i < strlen( $md5 ); $i++ )
    2331  {
    24     if ( is_numeric( $md5[$i] ) )
    25     {
    26       $init.= $md5[$i];
    27     }
     32    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
    2833  }
    2934  $init = substr( $init, 0, 8 );
     
    3338  {
    3439    $c = mt_rand( 0, 2 );
    35     if ( $c == 0 )
    36     {
    37       $key .= chr( mt_rand( 65, 90 ) );
    38     }
    39     else if ( $c == 1 )
    40     {
    41       $key .= chr( mt_rand( 97, 122 ) );
    42     }
    43     else
    44     {
    45       $key .= mt_rand( 0, 9 );
    46     }
     40    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
     41    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
     42    else                $key .= mt_rand( 0, 9 );
    4743  }
    4844  return $key;
    4945}
    50        
     46
     47// The function create_session finds a non-already-used session key and
     48// returns it once found for the given user.
    5149function session_create( $username )
    5250{
    5351  global $conf;
    54   // 1. searching an unused sesison key
     52  // 1. searching an unused session key
    5553  $id_found = false;
    5654  while ( !$id_found )
     
    9088{
    9189  global $page, $user;
     90
     91  if ( $user['has_cookie'] ) return $url;
     92
    9293  $amp = '&amp;';
    9394  if ( $redirect )
     
    111112  }
    112113}
     114
     115// cookie_path returns the path to use for the PhpWebGallery cookie.
     116// If PhpWebGallery is installed on :
     117// http://domain.org/meeting/gallery/category.php
     118// cookie_path will return : "/meeting/gallery"
     119function cookie_path()
     120{
     121  return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
     122}
    113123?>

  • trunk/include/user.inc.php

    r26 r45  
    3333$query_done = false;
    3434$user['is_the_guest'] = false;
    35 if ( isset( $_GET['id'] )
    36      && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) )
     35
     36// cookie deletion if administrator don't authorize them anymore
     37if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) )
    3738{
    38   $page['session_id'] = $_GET['id'];
     39  setcookie( 'id', '', 0, cookie_path() );
     40  $url = 'category.php';
     41  header( 'Request-URI: '.$url ); 
     42  header( 'Content-Location: '.$url ); 
     43  header( 'Location: '.$url );
     44  exit();
     45}
     46
     47$user['has_cookie'] = false;
     48if     ( isset( $_GET['id']    ) ) $session_id = $_GET['id'];
     49elseif ( isset( $_COOKIE['id'] ) )
     50{
     51  $session_id = $_COOKIE['id'];
     52  $user['has_cookie'] = true;
     53}
     54
     55if ( isset( $session_id )
     56     and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) )
     57{
     58  $page['session_id'] = $session_id;
    3959  $query = 'SELECT user_id,expiration,ip';
    4060  $query.= ' FROM '.PREFIX_TABLE.'sessions';
    41   $query.= " WHERE id = '".$_GET['id']."'";
     61  $query.= " WHERE id = '".$page['session_id']."'";
    4262  $query.= ';';
    4363  $result = mysql_query( $query );
     
    4565  {
    4666    $row = mysql_fetch_array( $result );
    47     if ( $row['expiration'] < time() )
     67    if ( !$user['has_cookie'] )
    4868    {
    49       // deletion of the session from the database,
    50       // because it is out-of-date
    51       $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
    52       $delete_query.= " WHERE id = '".$page['session_id']."'";
    53       $delete_query.= ';';
    54       mysql_query( $delete_query );
    55     }
    56     else
    57     {
     69      if ( $row['expiration'] < time() )
     70      {
     71        // deletion of the session from the database,
     72        // because it is out-of-date
     73        $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
     74        $delete_query.= " WHERE id = '".$page['session_id']."'";
     75        $delete_query.= ';';
     76        mysql_query( $delete_query );
     77      }
    5878      if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] )
    5979      {
     
    6181        $query_done = true;
    6282      }
     83    }
     84    else
     85    {
     86      $query_user .= ' WHERE id = '.$row['user_id'];
     87      $query_done = true;
    6388    }
    6489  }
Note: See TracChangeset for help on using the changeset viewer.