aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_session.inc.php
blob: 34032b5725d7459910794b44f6924995140b44d4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
/***************************************************************************
 *                         functions_session.inc.php                       *
 *                            -------------------                          *
 *   application          : PhpWebGallery 1.3                              *
 *   author               : Pierrick LE GALL <pierrick@z0rglub.com>        *
 *                                                                         *
 ***************************************************************************

 ***************************************************************************
 *                                                                         *
 *   This program is free software; you can redistribute it and/or modify  *
 *   it under the terms of the GNU General Public License as published by  *
 *   the Free Software Foundation;                                         *
 *                                                                         *
 ***************************************************************************/

// The function generate_key creates a string with pseudo random characters.
// the size of the string depends on the $conf['session_id_size'].
// Characters used are a-z A-Z and numerical values. Examples :
//                    "Er4Tgh6", "Rrp08P", "54gj"
// input  : none (using global variable)
// output : $key
function generate_key()
{
  global $conf;

  $md5 = md5( substr( microtime(), 2, 6 ).$conf['session_keyword'] );
  $init = '';
  for ( $i = 0; $i < strlen( $md5 ); $i++ )
  {
    if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
  }
  $init = substr( $init, 0, 8 );
  mt_srand( $init );
  $key = '';
  for ( $i = 0; $i < $conf['session_id_size']; $i++ )
  {
    $c = mt_rand( 0, 2 );
    if ( $c == 0 )      $key .= chr( mt_rand( 65, 90 ) );
    else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
    else                $key .= mt_rand( 0, 9 );
  }
  return $key;
}

// The function create_session finds a non-already-used session key and
// returns it once found for the given user.
function session_create( $username )
{
  global $conf;
  // 1. searching an unused session key
  $id_found = false;
  while ( !$id_found )
  {
    $generated_id = generate_key();
    $query = 'select id';
    $query.= ' from '.PREFIX_TABLE.'sessions';
    $query.= " where id = '".$generated_id."';";
    $result = mysql_query( $query );
    if ( mysql_num_rows( $result ) == 0 )
    {
      $id_found = true;
    }
  }
  // 2. retrieving id of the username given in parameter
  $query = 'select id';
  $query.= ' from '.PREFIX_TABLE.'users';
  $query.= " where username = '".$username."';";
  $row = mysql_fetch_array( mysql_query( $query ) );
  $user_id = $row['id'];
  // 3. inserting session in database
  $expiration = $conf['session_time'] * 60 + time();
  $query = 'insert into '.PREFIX_TABLE.'sessions';
  $query.= ' (id,user_id,expiration,ip) values';
  $query.= "('".$generated_id."','".$user_id;
  $query.= "','".$expiration."','".$_SERVER['REMOTE_ADDR']."');";
  mysql_query( $query );
                
  return $generated_id;
}

// add_session_id adds the id of the session to the string given in
// parameter as $url. If the session id is the first parameter to the url,
// it is preceded by a '?', else it is preceded by a '&amp;'. If the
// parameter $redirect is set to true, '&' is used instead of '&'.
function add_session_id( $url, $redirect = false )
{
  global $page, $user;

  if ( $user['has_cookie'] ) return $url;

  $amp = '&amp;';
  if ( $redirect )
  {
    $amp = '&';
  }
  if ( !$user['is_the_guest'] )
  {
    if ( preg_match( '/\.php\?/',$url ) )
    {
      return $url.$amp.'id='.$page['session_id'];
    }
    else
    {
      return $url.'?id='.$page['session_id'];
    }
  }
  else
  {
    return $url;
  }
}

// cookie_path returns the path to use for the PhpWebGallery cookie.
// If PhpWebGallery is installed on :
// http://domain.org/meeting/gallery/category.php
// cookie_path will return : "/meeting/gallery"
function cookie_path()
{
  return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));
}
?>