| // | branch : BSF (Best So Far) | // +-----------------------------------------------------------------------+ // | file : $RCSfile$ // | last update : $Date$ // | last modifier : $Author$ // | revision : $Revision$ // +-----------------------------------------------------------------------+ // | This program is free software; you can redistribute it and/or modify | // | it under the terms of the GNU General Public License as published by | // | the Free Software Foundation | // | | // | This program is distributed in the hope that it will be useful, but | // | WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | // | General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ // The function generate_key creates a string with pseudo random characters. // the size of the string depends on the $conf['session_id_size']. // Characters used are a-z A-Z and numerical values. Examples : // "Er4Tgh6", "Rrp08P", "54gj" // input : none (using global variable) // output : $key function generate_key() { global $conf; $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] ); $init = ''; for ( $i = 0; $i < strlen( $md5 ); $i++ ) { if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i]; } $init = substr( $init, 0, 8 ); mt_srand( $init ); $key = ''; for ( $i = 0; $i < $conf['session_id_size']; $i++ ) { $c = mt_rand( 0, 2 ); if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) ); else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) ); else $key .= mt_rand( 0, 9 ); } return $key; } // The function create_session finds a non-already-used session key and // returns it once found for the given user. function session_create( $username ) { global $conf; // 1. searching an unused session key $id_found = false; while ( !$id_found ) { $generated_id = generate_key(); $query = 'select id'; $query.= ' from '.PREFIX_TABLE.'sessions'; $query.= " where id = '".$generated_id."';"; $result = mysql_query( $query ); if ( mysql_num_rows( $result ) == 0 ) { $id_found = true; } } // 2. retrieving id of the username given in parameter $query = 'select id'; $query.= ' from '.USERS_TABLE; $query.= " where username = '".$username."';"; $row = mysql_fetch_array( mysql_query( $query ) ); $user_id = $row['id']; // 3. inserting session in database $expiration = $conf['session_time'] * 60 + time(); $query = 'insert into '.PREFIX_TABLE.'sessions'; $query.= ' (id,user_id,expiration,ip) values'; $query.= "('".$generated_id."','".$user_id; $query.= "','".$expiration."','".$_SERVER['REMOTE_ADDR']."');"; mysql_query( $query ); return $generated_id; } // add_session_id adds the id of the session to the string given in // parameter as $url. If the session id is the first parameter to the url, // it is preceded by a '?', else it is preceded by a '&'. If the // parameter $redirect is set to true, '&' is used instead of '&'. function add_session_id( $url, $redirect = false ) { global $page, $user; if ( $user['has_cookie'] ) return $url; $amp = '&'; if ( $redirect ) { $amp = '&'; } if ( !$user['is_the_guest'] ) { if ( preg_match( '/\.php\?/',$url ) ) { return $url.$amp.'id='.$page['session_id']; } else { return $url.'?id='.$page['session_id']; } } else { return $url; } } // cookie_path returns the path to use for the PhpWebGallery cookie. // If PhpWebGallery is installed on : // http://domain.org/meeting/gallery/category.php // cookie_path will return : "/meeting/gallery" function cookie_path() { return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/')); } ?>