diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/config.inc.php | 12 | ||||
| -rw-r--r-- | include/functions_session.inc.php | 10 | ||||
| -rw-r--r-- | include/user.inc.php | 20 |
3 files changed, 15 insertions, 27 deletions
diff --git a/include/config.inc.php b/include/config.inc.php index a2a3b0d4c..07ec9e8a6 100644 --- a/include/config.inc.php +++ b/include/config.inc.php @@ -96,9 +96,11 @@ $conf['remember_me_length'] = 31536000; // time of validity for normal session, in seconds. $conf['session_length'] = 3600; -// session id length when session id in URI -$conf['session_id_size_URI'] = 4; - -// session id length when session id in cookie -$conf['session_id_size_cookie'] = 50; +// session id size. A session identifier is compound of alphanumeric +// characters and is case sensitive. Each character is among 62 +// possibilities. The number of possible sessions is +// 62^$conf['session_id_size']. +// 62^5 = 916,132,832 +// 62^10 = 839,299,365,868,340,224 +$conf['session_id_size'] = 10; ?> diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index ce66e3a30..bb0fca11c 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -62,11 +62,10 @@ function generate_key($size) * - return session identifier * * @param int userid - * @param string method : cookie or URI * @param int session_lentgh : in seconds * @return string */ -function session_create($userid, $method, $session_length) +function session_create($userid, $session_length) { global $conf; @@ -74,7 +73,7 @@ function session_create($userid, $method, $session_length) $id_found = false; while (!$id_found) { - $generated_id = generate_key($conf['session_id_size_'.$method]); + $generated_id = generate_key($conf['session_id_size']); $query = ' SELECT id FROM '.SESSIONS_TABLE.' @@ -97,10 +96,7 @@ INSERT INTO '.SESSIONS_TABLE.' ;'; mysql_query($query); - if ($method == 'cookie') - { - setcookie('id', $generated_id, $session_length+time(), cookie_path()); - } + setcookie('id', $generated_id, $expiration, cookie_path()); return $generated_id; } diff --git a/include/user.inc.php b/include/user.inc.php index 01a7243d1..a39441bb2 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -39,25 +39,15 @@ $query_user = 'SELECT * FROM '.USERS_TABLE; $query_done = false; $user['is_the_guest'] = false; -// cookie deletion if administrator don't authorize them anymore -if (!$conf['authorize_remembering'] and isset($_COOKIE['id'])) +if (isset($_COOKIE['id'])) { - setcookie('id', '', 0, cookie_path()); - $url = 'category.php'; - redirect($url); + $session_id = $_COOKIE['id']; + $user['has_cookie'] = true; } - -if (isset($_GET['id'])) +else if (isset($_GET['id'])) { $session_id = $_GET['id']; $user['has_cookie'] = false; - $session_id_size = $conf['session_id_size_URI']; -} -elseif (isset($_COOKIE['id'])) -{ - $session_id = $_COOKIE['id']; - $user['has_cookie'] = true; - $session_id_size = $conf['session_id_size_cookie']; } else { @@ -65,7 +55,7 @@ else } if (isset($session_id) - and ereg("^[0-9a-zA-Z]{".$session_id_size."}$", $session_id)) + and ereg("^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id)) { $page['session_id'] = $session_id; $query = ' |