# generate a new random 16-character string
function session_generate_key() {
$character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
- $id = " ";
+ $id = " ";
# PHP 4.2.0 and up seed the random number generator for you.
# Lets hope that it seeds with something harder to guess than the clock.
- for($i = 0; $i < 16; ++$i) {
- $id{$i} = $character_set{mt_rand(0, 61)};
- }
+ for($i = 0; $i < 16; ++$i) {
+ $id{$i} = $character_set{mt_rand(0, 61)};
+ }
- return $id;
+ return $id;
}
# track this user with a session cookie (ie a cookie that goes away when the
}
$expires = time() + $length;
- header('Set-Cookie: session_key=' . $GLOBALS['session_key']);
+ header('Set-Cookie: session_key=' . $GLOBALS['session_key'] . '; Path=/');
db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['session_id']);
}
-# return username if a session exists and is authenticated
+# return true if a session exists and is authenticated
function logged_in_as_admin() {
if(!session_exists()) {
return false;