X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;f=session.php;h=901315770ab44afd73a8d7a85ad0bc2b883a599e;hb=cd68b6037f8558fd98e07486282e2a25f9c4626b;hp=9dc3f4e855b76fcb81fc11f0727edadc00259d93;hpb=bf91aed8316e74c8d80c1c4b5e4645eeb6ba9dcd;p=wfpl.git diff --git a/session.php b/session.php index 9dc3f4e..9013157 100644 --- a/session.php +++ b/session.php @@ -26,7 +26,7 @@ # GLOSSARY # # session_key 16 digit string identifying the session -# session_id integer id of the record in the "sessions" table of the database +# session_id integer id of the record in the "wfpl_sessions" table of the database # UNTIL_CLOSE a constant passed as session length to indicate "until browser window closes" @@ -56,7 +56,7 @@ function session_new($length = 86400) { db_insert('wfpl_sessions', 'session_key,length', $session_key, $length); $GLOBALS['session_id'] = db_auto_id(); $GLOBALS['session_key'] = $session_key; - $_REQUEST['session_key'] = $session_key; #just in case someone calls session_exists() after session_new() + $_COOKIE['session_key'] = $session_key; #just in case someone calls session_exists() after session_new() session_touch($length); return $GLOBALS['session_key']; } @@ -99,7 +99,7 @@ function session_purge_old() { # return true if a session exists function session_exists() { - if(!isset($_REQUEST['session_key'])) { + if(!isset($_COOKIE['session_key'])) { return false; } @@ -107,7 +107,7 @@ function session_exists() { return true; } - $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_REQUEST['session_key']); + $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_COOKIE['session_key']); if(!strlen($session_key) == 16) { return false; @@ -130,6 +130,22 @@ function session_exists_and_authed() { return logged_in(); } + +# generate a random password using only letters and numbers that look +# particularly unique +function new_readable_password($length = 8) { + $character_set = "ABCDEFHJKLMNPQRTUVWXY34789"; + $code = ""; + + # PHP 4.2.0 and up seed the random number generator for you. + # Lets hope that it seeds with something harder to guess than the clock. + while($length--) { + $code .= $character_set{mt_rand(0, 25)}; # inclusive + } + + return $code; +} + # return username if a session exists and is authenticated function logged_in() { if(!session_exists()) { @@ -154,7 +170,7 @@ function logged_in_as_admin() { } -# find existing session, or make one +# find existing session, or make one (name "session_init" was taken) function init_session() { if(!session_exists()) { session_new();