From 3c8309a7e621ede168cf7f6dfd8c8d55144525ea Mon Sep 17 00:00:00 2001 From: z0rglub Date: Sat, 2 Oct 2004 23:12:50 +0000 Subject: - deletion of session_time and session_id_size as config parameter - new feature : "remember me" creates a long time cookie - possibility to set the default authentication method to URI or cookie - really technical parameters (session identifier size, session duration) are set in the config file and not in database + configuration.php git-svn-id: http://piwigo.org/svn/trunk@541 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/functions_session.inc.php | 63 ++++++++++++++++++++++++--------------- 1 file changed, 39 insertions(+), 24 deletions(-) (limited to 'include/functions_session.inc.php') diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index a92deb7a4..ce66e3a30 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -31,7 +31,7 @@ // "Er4Tgh6", "Rrp08P", "54gj" // input : none (using global variable) // output : $key -function generate_key() +function generate_key($size) { global $conf; @@ -44,7 +44,7 @@ function generate_key() $init = substr( $init, 0, 8 ); mt_srand( $init ); $key = ''; - for ( $i = 0; $i < $conf['session_id_size']; $i++ ) + for ( $i = 0; $i < $size; $i++ ) { $c = mt_rand( 0, 2 ); if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) ); @@ -54,38 +54,53 @@ function generate_key() return $key; } -// The function create_session finds a non-already-used session key and -// returns it once found for the given user. -function session_create( $username ) +/** + * create a new session and returns the session identifier + * + * - find a non-already-used session key + * - create a session in database + * - return session identifier + * + * @param int userid + * @param string method : cookie or URI + * @param int session_lentgh : in seconds + * @return string + */ +function session_create($userid, $method, $session_length) { global $conf; + // 1. searching an unused session key $id_found = false; - while ( !$id_found ) + while (!$id_found) { - $generated_id = generate_key(); - $query = 'select id'; - $query.= ' from '.PREFIX_TABLE.'sessions'; - $query.= " where id = '".$generated_id."';"; - $result = mysql_query( $query ); - if ( mysql_num_rows( $result ) == 0 ) + $generated_id = generate_key($conf['session_id_size_'.$method]); + $query = ' +SELECT id + FROM '.SESSIONS_TABLE.' + WHERE id = \''.$generated_id.'\' +;'; + $result = mysql_query($query); + if (mysql_num_rows($result) == 0) { $id_found = true; } } - // 2. retrieving id of the username given in parameter - $query = 'select id'; - $query.= ' from '.USERS_TABLE; - $query.= " where username = '".$username."';"; - $row = mysql_fetch_array( mysql_query( $query ) ); - $user_id = $row['id']; // 3. inserting session in database - $expiration = $conf['session_time'] * 60 + time(); - $query = 'insert into '.PREFIX_TABLE.'sessions'; - $query.= ' (id,user_id,expiration,ip) values'; - $query.= "('".$generated_id."','".$user_id; - $query.= "','".$expiration."','".$_SERVER['REMOTE_ADDR']."');"; - mysql_query( $query ); + $expiration = $session_length + time(); + $query = ' +INSERT INTO '.SESSIONS_TABLE.' + (id,user_id,expiration,ip) + VALUES + (\''.$generated_id.'\','.$userid.','.$expiration.', + \''.$_SERVER['REMOTE_ADDR'].'\') +;'; + mysql_query($query); + + if ($method == 'cookie') + { + setcookie('id', $generated_id, $session_length+time(), cookie_path()); + } return $generated_id; } -- cgit v1.2.3