aboutsummaryrefslogtreecommitdiffstats
path: root/include/user.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/user.inc.php')
-rw-r--r--include/user.inc.php63
1 files changed, 47 insertions, 16 deletions
diff --git a/include/user.inc.php b/include/user.inc.php
index 04adde9ac..8b51935a0 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -26,24 +26,55 @@
// +-----------------------------------------------------------------------+
// retrieving connected user informations
-if (isset($_COOKIE[session_name()]))
+if (isset($_COOKIE['id']))
{
- session_start();
- if (isset($_SESSION['id']))
- {
- $user['id'] = $_SESSION['id'];
- }
- else
- {
- // session timeout
- $user['id'] = $conf['guest_id'];
- $user['is_the_guest'] = true;
- }
-}
-else
+ $session_id = $_COOKIE['id'];
+ $user['has_cookie'] = true;
+}
+else if (isset($_GET['id']))
+{
+ $session_id = $_GET['id'];
+ $user['has_cookie'] = false;
+}
+else
+{
+ $user['has_cookie'] = false;
+}
+
+if (isset($session_id)
+ and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id))
+{
+ $page['session_id'] = $session_id;
+ $query = '
+SELECT user_id,expiration,NOW() AS now
+ FROM '.SESSIONS_TABLE.'
+ WHERE id = \''.$page['session_id'].'\'
+;';
+ $result = pwg_query($query);
+ if (mysql_num_rows($result) > 0)
+ {
+ $row = mysql_fetch_array($result);
+ if (strnatcmp($row['expiration'], $row['now']) < 0)
+ {
+ // deletion of the session from the database, because it is
+ // out-of-date
+ $delete_query = '
+DELETE FROM '.SESSIONS_TABLE.'
+ WHERE id = \''.$page['session_id'].'\'
+;';
+ pwg_query($delete_query);
+ }
+ else
+ {
+ $user['id'] = $row['user_id'];
+ $user['is_the_guest'] = false;
+ }
+ }
+}
+if (!isset($user['id']))
{
- $user['id'] = $conf['guest_id'];
- $user['is_the_guest'] = true;
+ $user['id'] = $conf['guest_id'];
+ $user['is_the_guest'] = true;
}
// using Apache authentication override the above user search
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-16 04:29:12 +0000