View file includes/functions_session.php

File size: 3.66Kb
<?php
function session_init( $die_on_failure = false )
{
	global $sql, $config, $sid, $ua;

	if( $config['session_method'] == QUERY )
	{
		$sid = isset( $_GET[SID_NAME] ) ? (string) $_GET[SID_NAME] : '';
	}
	else
	{
		if( isset($_GET[SID_NAME]) )
		{
			$sid = (string) $_GET[SID_NAME];
		}
		else if( isset($_COOKIE[SID_NAME]) )
		{
			$sid = (string) $_COOKIE[SID_NAME];		
		}
		else
		{
			$sid = '';
		}
	}

	if( get_magic_quotes_gpc() )
	{
		$sid = stripslashes( $sid );
	}

	if( isset($_GET['logout']) )
	{
		$sql->query("DELETE FROM `" . CATALOGUE_SESSIONS . "` WHERE BINARY `sid` = '" . $sql->escape_string($sid) . "';");
		
		$_SESSION = array();
	}

	if( !$sql->query("DELETE FROM `" . CATALOGUE_SESSIONS . "` WHERE UNIX_TIMESTAMP() - `time` > " . $config['session_lifetime'] . ";") )
	{
		put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
	} 

	if( !$sql->query("SELECT * FROM `" . CATALOGUE_SESSIONS . "` WHERE BINARY `sid` = '" . $sql->escape_string($sid) . "';") )
	{
		put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
	}

	if( $sql->num_rows() < 1 )
	{
		if( $die_on_failure )
		{
			exit;
		}

		if( !$sql->query("SELECT COUNT(*) FROM `" . CATALOGUE_SESSIONS . "` WHERE `ip` = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "') AND `dt` > UNIX_TIMESTAMP() - 300;") )
		{
			put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
		}

		$quantity = $sql->result($sql->result, 0);

		if( $quantity > 50)
		{
			put_error(MESSAGE, 'Access Denied');
		}

		$config['session_sid_len'] = ($config['session_sid_len'] < 6 || $config['session_sid_len'] > 20) ? 8 : $config['session_sid_len'];

		do
		{
			$sid = random_string( $config['session_sid_len'] );
		}
		while( $sql->num_rows($sql->query("SELECT * FROM `" . CATALOGUE_SESSIONS . "` WHERE BINARY `sid` = '" . $sql->escape_string($sid) . "';")) == 1 );

		if( !$sql->query("INSERT INTO `" . CATALOGUE_SESSIONS . "` SET `sid` = '" . $sql->escape_string($sid) . "', `time` = UNIX_TIMESTAMP(), `ip` = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "'), `ua` = '" . mysql_escape_string($ua) . "', `dt` = UNIX_TIMESTAMP();") )
		{
			put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
		}
	}

	if( $config['session_save_path'] !== '' && is_dir( ROOTPATH . '/' . $config['session_save_path'] ) )
	{
		session_save_path( ROOTPATH . '/' . $config['session_save_path'] );
	}

	ini_set('session.gc_maxlifetime', $config['session_lifetime']);
	ini_set('session.use_only_cookies', 0);
	ini_set('session.use_cookies', 0);
	ini_set('session.use_trans_sid', 0);

	session_name( SID_NAME );
	session_id( $sid );

	if( !session_start() )
	{
		return false;
	}

	if( !isset($_SESSION['init_time']) )
	{
		$_SESSION['init_time'] = time();

		if( $config['session_method'] == AUTO )
		{
			setcookie(SID_NAME, $sid, time() + $config['session_lifetime'], PATH);
		}

		define('METHOD', QUERY);
	}
	else
	{
		if( !$sql->query("UPDATE `" . CATALOGUE_SESSIONS . "` SET `dt` = UNIX_TIMESTAMP() WHERE BINARY `sid` = '" . $sql->escape_string($sid) . "';") )
		{
			put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
		}

		if( $config['session_method'] == AUTO && isset($_COOKIE[SID_NAME]) )
		{
			define('METHOD', COOKIE);
		}
		else
		{
			define('METHOD', QUERY);			
		}
	}

	return true;
}

function append_sid($url)
{
	if( METHOD == QUERY )
	{
		if( !empty($url) && ( strpos($url, SID_NAME . '=') === false ) )
		{
			$url .= ( ( strpos($url, '?') !== false ) ? '&amp;' : '?') . SID;
		}
	}

	return $url;
}
?>