Subversion Repositories svnkaklik

Rev

Go to most recent revision | Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<?php
2
// +-----------------------------------------------------------------------+
3
// | PhpWebGallery - a PHP based picture gallery                           |
4
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5
// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
6
// +-----------------------------------------------------------------------+
7
// | branch        : BSF (Best So Far)
8
// | file          : $RCSfile: functions_session.inc.php,v $
9
// | last update   : $Date: 2005/01/07 23:10:51 $
10
// | last modifier : $Author: plg $
11
// | revision      : $Revision: 1.15 $
12
// +-----------------------------------------------------------------------+
13
// | This program is free software; you can redistribute it and/or modify  |
14
// | it under the terms of the GNU General Public License as published by  |
15
// | the Free Software Foundation                                          |
16
// |                                                                       |
17
// | This program is distributed in the hope that it will be useful, but   |
18
// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
19
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
20
// | General Public License for more details.                              |
21
// |                                                                       |
22
// | You should have received a copy of the GNU General Public License     |
23
// | along with this program; if not, write to the Free Software           |
24
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
25
// | USA.                                                                  |
26
// +-----------------------------------------------------------------------+
27
 
28
// The function generate_key creates a string with pseudo random characters.
29
// the size of the string depends on the $conf['session_id_size'].
30
// Characters used are a-z A-Z and numerical values. Examples :
31
//                    "Er4Tgh6", "Rrp08P", "54gj"
32
// input  : none (using global variable)
33
// output : $key
34
function generate_key($size)
35
{
36
  global $conf;
37
 
38
  $md5 = md5(substr(microtime(), 2, 6));
39
  $init = '';
40
  for ( $i = 0; $i < strlen( $md5 ); $i++ )
41
  {
42
    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
43
  }
44
  $init = substr( $init, 0, 8 );
45
  mt_srand( $init );
46
  $key = '';
47
  for ( $i = 0; $i < $size; $i++ )
48
  {
49
    $c = mt_rand( 0, 2 );
50
    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
51
    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
52
    else                $key .= mt_rand( 0, 9 );
53
  }
54
  return $key;
55
}
56
 
57
/**
58
 * create a new session and returns the session identifier
59
 *
60
 * - find a non-already-used session key
61
 * - create a session in database
62
 * - return session identifier
63
 *
64
 * @param int userid
65
 * @param int session_lentgh : in seconds
66
 * @return string
67
 */
68
function session_create($userid, $session_length)
69
{
70
  global $conf;
71
 
72
  // 1. searching an unused session key
73
  $id_found = false;
74
  while (!$id_found)
75
  {
76
    $generated_id = generate_key($conf['session_id_size']);
77
    $query = '
78
SELECT id
79
  FROM '.SESSIONS_TABLE.'
80
  WHERE id = \''.$generated_id.'\'
81
;';
82
    $result = pwg_query($query);
83
    if (mysql_num_rows($result) == 0)
84
    {
85
      $id_found = true;
86
    }
87
  }
88
  // 3. inserting session in database
89
  $query = '
90
INSERT INTO '.SESSIONS_TABLE.'
91
  (id,user_id,expiration)
92
  VALUES
93
  (\''.$generated_id.'\','.$userid.',
94
   ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND))
95
;';
96
  pwg_query($query);
97
 
98
  $expiration = $session_length + time();
99
  setcookie('id', $generated_id, $expiration, cookie_path());
100
 
101
  return $generated_id;
102
}
103
 
104
// add_session_id adds the id of the session to the string given in
105
// parameter as $url. If the session id is the first parameter to the url,
106
// it is preceded by a '?', else it is preceded by a '&amp;'. If the
107
// parameter $redirect is set to true, '&' is used instead of '&'.
108
function add_session_id( $url, $redirect = false )
109
{
110
  global $page, $user;
111
 
112
  if ( $user['has_cookie'] ) return $url;
113
 
114
  $amp = '&amp;';
115
  if ( $redirect )
116
  {
117
    $amp = '&';
118
  }
119
  if ( !$user['is_the_guest'] )
120
  {
121
    if ( preg_match( '/\.php\?/',$url ) )
122
    {
123
      return $url.$amp.'id='.$page['session_id'];
124
    }
125
    else
126
    {
127
      return $url.'?id='.$page['session_id'];
128
    }
129
  }
130
  else
131
  {
132
    return $url;
133
  }
134
}
135
 
136
// cookie_path returns the path to use for the PhpWebGallery cookie.
137
// If PhpWebGallery is installed on :
138
// http://domain.org/meeting/gallery/category.php
139
// cookie_path will return : "/meeting/gallery"
140
function cookie_path()
141
{
142
  return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
143
}
144
?>