Go to most recent revision | Blame | Last modification | View Log | Download
<?php// +-----------------------------------------------------------------------+// | PhpWebGallery - a PHP based picture gallery |// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |// +-----------------------------------------------------------------------+// | branch : BSF (Best So Far)// | file : $RCSfile: functions_session.inc.php,v $// | last update : $Date: 2005/01/07 23:10:51 $// | last modifier : $Author: plg $// | revision : $Revision: 1.15 $// +-----------------------------------------------------------------------+// | This program is free software; you can redistribute it and/or modify |// | it under the terms of the GNU General Public License as published by |// | the Free Software Foundation |// | |// | This program is distributed in the hope that it will be useful, but |// | WITHOUT ANY WARRANTY; without even the implied warranty of |// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |// | General Public License for more details. |// | |// | You should have received a copy of the GNU General Public License |// | along with this program; if not, write to the Free Software |// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |// | USA. |// +-----------------------------------------------------------------------+// The function generate_key creates a string with pseudo random characters.// the size of the string depends on the $conf['session_id_size'].// Characters used are a-z A-Z and numerical values. Examples :// "Er4Tgh6", "Rrp08P", "54gj"// input : none (using global variable)// output : $keyfunction generate_key($size){global $conf;$md5 = md5(substr(microtime(), 2, 6));$init = '';for ( $i = 0; $i < strlen( $md5 ); $i++ ){if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];}$init = substr( $init, 0, 8 );mt_srand( $init );$key = '';for ( $i = 0; $i < $size; $i++ ){$c = mt_rand( 0, 2 );if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );else $key .= mt_rand( 0, 9 );}return $key;}/*** create a new session and returns the session identifier** - find a non-already-used session key* - create a session in database* - return session identifier** @param int userid* @param int session_lentgh : in seconds* @return string*/function session_create($userid, $session_length){global $conf;// 1. searching an unused session key$id_found = false;while (!$id_found){$generated_id = generate_key($conf['session_id_size']);$query = 'SELECT idFROM '.SESSIONS_TABLE.'WHERE id = \''.$generated_id.'\';';$result = pwg_query($query);if (mysql_num_rows($result) == 0){$id_found = true;}}// 3. inserting session in database$query = 'INSERT INTO '.SESSIONS_TABLE.'(id,user_id,expiration)VALUES(\''.$generated_id.'\','.$userid.',ADDDATE(NOW(), INTERVAL '.$session_length.' SECOND));';pwg_query($query);$expiration = $session_length + time();setcookie('id', $generated_id, $expiration, cookie_path());return $generated_id;}// add_session_id adds the id of the session to the string given in// parameter as $url. If the session id is the first parameter to the url,// it is preceded by a '?', else it is preceded by a '&'. If the// parameter $redirect is set to true, '&' is used instead of '&'.function add_session_id( $url, $redirect = false ){global $page, $user;if ( $user['has_cookie'] ) return $url;$amp = '&';if ( $redirect ){$amp = '&';}if ( !$user['is_the_guest'] ){if ( preg_match( '/\.php\?/',$url ) ){return $url.$amp.'id='.$page['session_id'];}else{return $url.'?id='.$page['session_id'];}}else{return $url;}}// cookie_path returns the path to use for the PhpWebGallery cookie.// If PhpWebGallery is installed on :// http://domain.org/meeting/gallery/category.php// cookie_path will return : "/meeting/gallery"function cookie_path(){return substr($_SERVER['PHP_SELF'],0,strrpos( $_SERVER['PHP_SELF'],'/'));}?>