Changeset 45 for trunk/include
- Timestamp:
- Jul 27, 2003, 10:24:10 AM (21 years ago)
- Location:
- trunk/include
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/config.inc.php
r42 r45 63 63 'upload_maxheight', 'upload_maxwidth_thumbnail', 64 64 'upload_maxheight_thumbnail','log','comments_validation', 65 'comments_forall' );65 'comments_forall','authorize_cookies' ); 66 66 67 67 $query = 'SELECT '; -
trunk/include/functions_session.inc.php
r14 r45 15 15 * * 16 16 ***************************************************************************/ 17 18 // The function generate_key creates a string with pseudo random characters. 19 // the size of the string depends on the $conf['session_id_size']. 20 // Characters used are a-z A-Z and numerical values. Examples : 21 // "Er4Tgh6", "Rrp08P", "54gj" 22 // input : none (using global variable) 23 // output : $key 17 24 function generate_key() 18 25 { 19 26 global $conf; 27 20 28 $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] ); 21 29 $init = ''; 22 30 for ( $i = 0; $i < strlen( $md5 ); $i++ ) 23 31 { 24 if ( is_numeric( $md5[$i] ) ) 25 { 26 $init.= $md5[$i]; 27 } 32 if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i]; 28 33 } 29 34 $init = substr( $init, 0, 8 ); … … 33 38 { 34 39 $c = mt_rand( 0, 2 ); 35 if ( $c == 0 ) 36 { 37 $key .= chr( mt_rand( 65, 90 ) ); 38 } 39 else if ( $c == 1 ) 40 { 41 $key .= chr( mt_rand( 97, 122 ) ); 42 } 43 else 44 { 45 $key .= mt_rand( 0, 9 ); 46 } 40 if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) ); 41 else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) ); 42 else $key .= mt_rand( 0, 9 ); 47 43 } 48 44 return $key; 49 45 } 50 46 47 // The function create_session finds a non-already-used session key and 48 // returns it once found for the given user. 51 49 function session_create( $username ) 52 50 { 53 51 global $conf; 54 // 1. searching an unused ses ison key52 // 1. searching an unused session key 55 53 $id_found = false; 56 54 while ( !$id_found ) … … 90 88 { 91 89 global $page, $user; 90 91 if ( $user['has_cookie'] ) return $url; 92 92 93 $amp = '&'; 93 94 if ( $redirect ) … … 111 112 } 112 113 } 114 115 // cookie_path returns the path to use for the PhpWebGallery cookie. 116 // If PhpWebGallery is installed on : 117 // http://domain.org/meeting/gallery/category.php 118 // cookie_path will return : "/meeting/gallery" 119 function cookie_path() 120 { 121 return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/')); 122 } 113 123 ?> -
trunk/include/user.inc.php
r26 r45 33 33 $query_done = false; 34 34 $user['is_the_guest'] = false; 35 if ( isset( $_GET['id'] ) 36 && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) ) 35 36 // cookie deletion if administrator don't authorize them anymore 37 if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) ) 37 38 { 38 $page['session_id'] = $_GET['id']; 39 setcookie( 'id', '', 0, cookie_path() ); 40 $url = 'category.php'; 41 header( 'Request-URI: '.$url ); 42 header( 'Content-Location: '.$url ); 43 header( 'Location: '.$url ); 44 exit(); 45 } 46 47 $user['has_cookie'] = false; 48 if ( isset( $_GET['id'] ) ) $session_id = $_GET['id']; 49 elseif ( isset( $_COOKIE['id'] ) ) 50 { 51 $session_id = $_COOKIE['id']; 52 $user['has_cookie'] = true; 53 } 54 55 if ( isset( $session_id ) 56 and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) ) 57 { 58 $page['session_id'] = $session_id; 39 59 $query = 'SELECT user_id,expiration,ip'; 40 60 $query.= ' FROM '.PREFIX_TABLE.'sessions'; 41 $query.= " WHERE id = '".$ _GET['id']."'";61 $query.= " WHERE id = '".$page['session_id']."'"; 42 62 $query.= ';'; 43 63 $result = mysql_query( $query ); … … 45 65 { 46 66 $row = mysql_fetch_array( $result ); 47 if ( $row['expiration'] < time())67 if ( !$user['has_cookie'] ) 48 68 { 49 // deletion of the session from the database,50 // because it is out-of-date51 $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';52 $delete_query.= " WHERE id = '".$page['session_id']."'";53 $delete_query.= ';';54 mysql_query( $delete_query );55 }56 else57 {69 if ( $row['expiration'] < time() ) 70 { 71 // deletion of the session from the database, 72 // because it is out-of-date 73 $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; 74 $delete_query.= " WHERE id = '".$page['session_id']."'"; 75 $delete_query.= ';'; 76 mysql_query( $delete_query ); 77 } 58 78 if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] ) 59 79 { … … 61 81 $query_done = true; 62 82 } 83 } 84 else 85 { 86 $query_user .= ' WHERE id = '.$row['user_id']; 87 $query_done = true; 63 88 } 64 89 }
Note: See TracChangeset
for help on using the changeset viewer.