aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_session.inc.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/functions_session.inc.php135
1 files changed, 135 insertions, 0 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
new file mode 100644
index 000000000..e85447221
--- /dev/null
+++ b/include/functions_session.inc.php
@@ -0,0 +1,135 @@
+<?php
+/***************************************************************************
+ * functions_session.inc.php *
+ * ------------------- *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************
+
+ ***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+function generate_key()
+{
+ global $conf;
+ $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] );
+ $init = "";
+ for ( $i = 0; $i < strlen( $md5 ); $i++ )
+ {
+ if ( is_numeric( $md5[$i] ) )
+ {
+ $init.= "$md5[$i]";
+ }
+ }
+ $init = substr( $init, 0, 8 );
+ mt_srand( $init );
+ $key = "";
+ for ( $i = 0; $i < $conf['session_id_size']; $i++ )
+ {
+ $c = mt_rand( 0, 2 );
+ if ( $c == 0 )
+ {
+ $key .= chr( mt_rand( 65, 90 ) );
+ }
+ elseif ( $c == 1 )
+ {
+ $key .= chr( mt_rand( 97, 122 ) );
+ }
+ else
+ {
+ $key .= mt_rand( 0, 9 );
+ }
+ }
+ return $key;
+}
+
+function session_create( $pseudo )
+{
+ global $conf,$prefixeTable,$REMOTE_ADDR;
+ // 1. trouver une clé de session inexistante
+ $id_found = false;
+ while ( !$id_found )
+ {
+ $generated_id = generate_key();
+ $query = 'select id';
+ $query.= ' from '.$prefixeTable.'sessions';
+ $query.= " where id = '".$generated_id."';";
+ $result = mysql_query( $query );
+ if ( mysql_num_rows( $result ) == 0 )
+ {
+ $id_found = true;
+ }
+ }
+ // 2. récupération de l'id de l'utilisateur dont le pseudo
+ // est passé en paramètre
+ $query = 'select id';
+ $query.= ' from '.$prefixeTable.'users';
+ $query.= " where pseudo = '".$pseudo."';";
+ $row = mysql_fetch_array( mysql_query( $query ) );
+ $user_id = $row['id'];
+ // 3. insertion de la session dans la base de donnée
+ $expiration = $conf['session_time']*60+time();
+ $query = 'insert into '.$prefixeTable.'sessions';
+ $query.= ' (id,user_id,expiration,ip) values';
+ $query.= "('".$generated_id."','".$user_id;
+ $query.= "','".$expiration."','".$REMOTE_ADDR."');";
+ mysql_query( $query );
+
+ return $generated_id;
+}
+
+function add_session_id_to_url( $url, $redirect = false )
+{
+ global $page, $user;
+ $amp = "&amp;";
+ if ( $redirect )
+ {
+ $amp = "&";
+ }
+ if ( !$user['is_the_guest'] )
+ {
+ if ( ereg( "\.php\?",$url ) )
+ {
+ return $url.$amp."id=".$page['session_id'];
+ }
+ else
+ {
+ return $url."?id=".$page['session_id'];
+ }
+ }
+ else
+ {
+ return $url;
+ }
+}
+
+function add_session_id( $url, $redirect = false )
+{
+ global $page, $user;
+ $amp = "&amp;";
+ if ( $redirect )
+ {
+ $amp = "&";
+ }
+ if ( !$user['is_the_guest'] )
+ {
+ if ( ereg( "\.php\?",$url ) )
+ {
+ return $url.$amp."id=".$page['session_id'];
+ }
+ else
+ {
+ return $url."?id=".$page['session_id'];
+ }
+ }
+ else
+ {
+ return $url;
+ }
+}
+?> \ No newline at end of file