<?php
function session_init( $die_on_failure = false )
{
global $sql, $config, $sid, $ua;
if( $config['session_method'] == QUERY )
{
$sid = isset( $_GET[SID_NAME] ) ? (string) $_GET[SID_NAME] : '';
}
else
{
if( isset($_GET[SID_NAME]) )
{
$sid = (string) $_GET[SID_NAME];
}
else if( isset($_COOKIE[SID_NAME]) )
{
$sid = (string) $_COOKIE[SID_NAME];
}
else
{
$sid = '';
}
}
if( get_magic_quotes_gpc() )
{
$sid = stripslashes( $sid );
}
if( isset($_GET['logout']) )
{
$sql->query("DELETE FROM `" . CATALOGUE_SESSIONS . "` WHERE BINARY `sid` = '" . $sql->escape_string($sid) . "';");
$_SESSION = array();
}
if( !$sql->query("DELETE FROM `" . CATALOGUE_SESSIONS . "` WHERE UNIX_TIMESTAMP() - `time` > " . $config['session_lifetime'] . ";") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
if( !$sql->query("SELECT * FROM `" . CATALOGUE_SESSIONS . "` WHERE BINARY `sid` = '" . $sql->escape_string($sid) . "';") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
if( $sql->num_rows() < 1 )
{
if( $die_on_failure )
{
exit;
}
if( !$sql->query("SELECT COUNT(*) FROM `" . CATALOGUE_SESSIONS . "` WHERE `ip` = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "') AND `dt` > UNIX_TIMESTAMP() - 300;") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
$quantity = $sql->result($sql->result, 0);
if( $quantity > 50)
{
put_error(MESSAGE, 'Access Denied');
}
$config['session_sid_len'] = ($config['session_sid_len'] < 6 || $config['session_sid_len'] > 20) ? 8 : $config['session_sid_len'];
do
{
$sid = random_string( $config['session_sid_len'] );
}
while( $sql->num_rows($sql->query("SELECT * FROM `" . CATALOGUE_SESSIONS . "` WHERE BINARY `sid` = '" . $sql->escape_string($sid) . "';")) == 1 );
if( !$sql->query("INSERT INTO `" . CATALOGUE_SESSIONS . "` SET `sid` = '" . $sql->escape_string($sid) . "', `time` = UNIX_TIMESTAMP(), `ip` = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "'), `ua` = '" . mysql_escape_string($ua) . "', `dt` = UNIX_TIMESTAMP();") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
}
if( $config['session_save_path'] !== '' && is_dir( ROOTPATH . '/' . $config['session_save_path'] ) )
{
session_save_path( ROOTPATH . '/' . $config['session_save_path'] );
}
ini_set('session.gc_maxlifetime', $config['session_lifetime']);
ini_set('session.use_only_cookies', 0);
ini_set('session.use_cookies', 0);
ini_set('session.use_trans_sid', 0);
session_name( SID_NAME );
session_id( $sid );
if( !session_start() )
{
return false;
}
if( !isset($_SESSION['init_time']) )
{
$_SESSION['init_time'] = time();
if( $config['session_method'] == AUTO )
{
setcookie(SID_NAME, $sid, time() + $config['session_lifetime'], PATH);
}
define('METHOD', QUERY);
}
else
{
if( !$sql->query("UPDATE `" . CATALOGUE_SESSIONS . "` SET `dt` = UNIX_TIMESTAMP() WHERE BINARY `sid` = '" . $sql->escape_string($sid) . "';") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
if( $config['session_method'] == AUTO && isset($_COOKIE[SID_NAME]) )
{
define('METHOD', COOKIE);
}
else
{
define('METHOD', QUERY);
}
}
return true;
}
function append_sid($url)
{
if( METHOD == QUERY )
{
if( !empty($url) && ( strpos($url, SID_NAME . '=') === false ) )
{
$url .= ( ( strpos($url, '?') !== false ) ? '&' : '?') . SID;
}
}
return $url;
}
?>