| 6 |
kaklik |
1 |
<?php
|
|
|
2 |
// +-----------------------------------------------------------------------+
|
|
|
3 |
// | PhpWebGallery - a PHP based picture gallery |
|
|
|
4 |
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
|
|
|
5 |
// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
|
|
|
6 |
// +-----------------------------------------------------------------------+
|
|
|
7 |
// | branch : BSF (Best So Far)
|
|
|
8 |
// | file : $RCSfile: functions_session.inc.php,v $
|
|
|
9 |
// | last update : $Date: 2005/01/07 23:10:51 $
|
|
|
10 |
// | last modifier : $Author: plg $
|
|
|
11 |
// | revision : $Revision: 1.15 $
|
|
|
12 |
// +-----------------------------------------------------------------------+
|
|
|
13 |
// | This program is free software; you can redistribute it and/or modify |
|
|
|
14 |
// | it under the terms of the GNU General Public License as published by |
|
|
|
15 |
// | the Free Software Foundation |
|
|
|
16 |
// | |
|
|
|
17 |
// | This program is distributed in the hope that it will be useful, but |
|
|
|
18 |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
|
19 |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|
|
|
20 |
// | General Public License for more details. |
|
|
|
21 |
// | |
|
|
|
22 |
// | You should have received a copy of the GNU General Public License |
|
|
|
23 |
// | along with this program; if not, write to the Free Software |
|
|
|
24 |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
|
|
|
25 |
// | USA. |
|
|
|
26 |
// +-----------------------------------------------------------------------+
|
|
|
27 |
|
|
|
28 |
// The function generate_key creates a string with pseudo random characters.
|
|
|
29 |
// the size of the string depends on the $conf['session_id_size'].
|
|
|
30 |
// Characters used are a-z A-Z and numerical values. Examples :
|
|
|
31 |
// "Er4Tgh6", "Rrp08P", "54gj"
|
|
|
32 |
// input : none (using global variable)
|
|
|
33 |
// output : $key
|
|
|
34 |
function generate_key($size)
|
|
|
35 |
{
|
|
|
36 |
global $conf;
|
|
|
37 |
|
|
|
38 |
$md5 = md5(substr(microtime(), 2, 6));
|
|
|
39 |
$init = '';
|
|
|
40 |
for ( $i = 0; $i < strlen( $md5 ); $i++ )
|
|
|
41 |
{
|
|
|
42 |
if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
|
|
|
43 |
}
|
|
|
44 |
$init = substr( $init, 0, 8 );
|
|
|
45 |
mt_srand( $init );
|
|
|
46 |
$key = '';
|
|
|
47 |
for ( $i = 0; $i < $size; $i++ )
|
|
|
48 |
{
|
|
|
49 |
$c = mt_rand( 0, 2 );
|
|
|
50 |
if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );
|
|
|
51 |
else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
|
|
|
52 |
else $key .= mt_rand( 0, 9 );
|
|
|
53 |
}
|
|
|
54 |
return $key;
|
|
|
55 |
}
|
|
|
56 |
|
|
|
57 |
/**
|
|
|
58 |
* create a new session and returns the session identifier
|
|
|
59 |
*
|
|
|
60 |
* - find a non-already-used session key
|
|
|
61 |
* - create a session in database
|
|
|
62 |
* - return session identifier
|
|
|
63 |
*
|
|
|
64 |
* @param int userid
|
|
|
65 |
* @param int session_lentgh : in seconds
|
|
|
66 |
* @return string
|
|
|
67 |
*/
|
|
|
68 |
function session_create($userid, $session_length)
|
|
|
69 |
{
|
|
|
70 |
global $conf;
|
|
|
71 |
|
|
|
72 |
// 1. searching an unused session key
|
|
|
73 |
$id_found = false;
|
|
|
74 |
while (!$id_found)
|
|
|
75 |
{
|
|
|
76 |
$generated_id = generate_key($conf['session_id_size']);
|
|
|
77 |
$query = '
|
|
|
78 |
SELECT id
|
|
|
79 |
FROM '.SESSIONS_TABLE.'
|
|
|
80 |
WHERE id = \''.$generated_id.'\'
|
|
|
81 |
;';
|
|
|
82 |
$result = pwg_query($query);
|
|
|
83 |
if (mysql_num_rows($result) == 0)
|
|
|
84 |
{
|
|
|
85 |
$id_found = true;
|
|
|
86 |
}
|
|
|
87 |
}
|
|
|
88 |
// 3. inserting session in database
|
|
|
89 |
$query = '
|
|
|
90 |
INSERT INTO '.SESSIONS_TABLE.'
|
|
|
91 |
(id,user_id,expiration)
|
|
|
92 |
VALUES
|
|
|
93 |
(\''.$generated_id.'\','.$userid.',
|
|
|
94 |
ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND))
|
|
|
95 |
;';
|
|
|
96 |
pwg_query($query);
|
|
|
97 |
|
|
|
98 |
$expiration = $session_length + time();
|
|
|
99 |
setcookie('id', $generated_id, $expiration, cookie_path());
|
|
|
100 |
|
|
|
101 |
return $generated_id;
|
|
|
102 |
}
|
|
|
103 |
|
|
|
104 |
// add_session_id adds the id of the session to the string given in
|
|
|
105 |
// parameter as $url. If the session id is the first parameter to the url,
|
|
|
106 |
// it is preceded by a '?', else it is preceded by a '&'. If the
|
|
|
107 |
// parameter $redirect is set to true, '&' is used instead of '&'.
|
|
|
108 |
function add_session_id( $url, $redirect = false )
|
|
|
109 |
{
|
|
|
110 |
global $page, $user;
|
|
|
111 |
|
|
|
112 |
if ( $user['has_cookie'] ) return $url;
|
|
|
113 |
|
|
|
114 |
$amp = '&';
|
|
|
115 |
if ( $redirect )
|
|
|
116 |
{
|
|
|
117 |
$amp = '&';
|
|
|
118 |
}
|
|
|
119 |
if ( !$user['is_the_guest'] )
|
|
|
120 |
{
|
|
|
121 |
if ( preg_match( '/\.php\?/',$url ) )
|
|
|
122 |
{
|
|
|
123 |
return $url.$amp.'id='.$page['session_id'];
|
|
|
124 |
}
|
|
|
125 |
else
|
|
|
126 |
{
|
|
|
127 |
return $url.'?id='.$page['session_id'];
|
|
|
128 |
}
|
|
|
129 |
}
|
|
|
130 |
else
|
|
|
131 |
{
|
|
|
132 |
return $url;
|
|
|
133 |
}
|
|
|
134 |
}
|
|
|
135 |
|
|
|
136 |
// cookie_path returns the path to use for the PhpWebGallery cookie.
|
|
|
137 |
// If PhpWebGallery is installed on :
|
|
|
138 |
// http://domain.org/meeting/gallery/category.php
|
|
|
139 |
// cookie_path will return : "/meeting/gallery"
|
|
|
140 |
function cookie_path()
|
|
|
141 |
{
|
|
|
142 |
return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
|
|
|
143 |
}
|
|
|
144 |
?>
|