X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;f=session.php;h=9dc3f4e855b76fcb81fc11f0727edadc00259d93;hb=7596b1ca035ff09e584e915a6e5572ffb46d7625;hp=c3be9e939aef32066ec69b02256fbfded8776911;hpb=af5b67ada7a9801a6ed36df4026a2a09110700e6;p=wfpl.git

diff --git a/session.php b/session.php
index c3be9e9..9dc3f4e 100644
--- a/session.php
+++ b/session.php
@@ -2,36 +2,26 @@
 
 #  Copyright (C) 2006 Jason Woofenden
 #
-#  This file is part of wfpl.
-#
-#  wfpl is free software; you can redistribute it and/or modify it under the
-#  terms of the GNU Lesser General Public License as published by the Free
-#  Software Foundation; either version 2.1 of the License, or (at your option)
-#  any later version.
-#
-#  wfpl is distributed in the hope that it will be useful, but WITHOUT ANY
-#  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-#  FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for
-#  more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with wfpl; if not, write to the Free Software Foundation, Inc., 51
-#  Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-# you'll need this file that calles db_connect()
-if(!isset($GLOBALS['wfpl_db_handle'])) {
-	if(file_exists('db_connect.php')) {
-		require_once('db_connect.php');
-	} elseif(file_exists('code/db_connect.php')) {
-		require_once('code/db_connect.php');
-	} else {
-		die("session.php requires a file db_connect.php or that you call db_connect() first. See code/wfpl/db.php for more information.");
-	}
-}
-
-# and these database tables:
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#  
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#  
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+# you'll need these database tables:
 # create table wfpl_sessions (id int unique auto_increment, session_key varchar(16), length int, expires int);
 # create table wfpl_session_data (id int unique auto_increment, session_id int, name varchar(100), value text);
+# run this command to install/clear the tables:
+#   mysql DATABASE_NAME < code/wfpl/examples/session.sql
+# note: you may need these parameters for mysql:  -u USERNAME -p
 
 # GLOSSARY
 #
@@ -45,7 +35,7 @@ if(!isset($GLOBALS['wfpl_db_handle'])) {
 
 # generate a new random 16-character string
 function session_generate_key() {
-	$character_set = "abcdefghijklmnopqrstuvwqyzABCDEFGHIJKLMNOPQRSTUVWQYZ0123456789";
+	$character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
     $id = "                ";
 
 	# PHP 4.2.0 and up seed the random number generator for you.
@@ -68,10 +58,11 @@ function session_new($length = 86400) {
 	$GLOBALS['session_key'] = $session_key;
 	$_REQUEST['session_key'] = $session_key; #just in case someone calls session_exists() after session_new()
 	session_touch($length);
+	return $GLOBALS['session_key'];
 }
 
 # call to renew the timeout for the session.
-# assumes there's a session. call session_init() if you'd like one auto-create one if not found.
+# assumes there's a session. call init_session() if you'd like one auto-create one if not found.
 function session_touch($length = false) {
 	if(!$length) {
 		$length = db_get_value('wfpl_sessions', 'length', 'where id=%i', $GLOBALS['session_id']);
@@ -100,7 +91,7 @@ function _kill_session($id) {
 # delete expired sessions from database
 function session_purge_old() {
 	$now = time();
-	$exired_sessions = db_get_column('wfpl_sessions', 'id', 'where expires < %i', $now);
+	$expired_sessions = db_get_column('wfpl_sessions', 'id', 'where expires < %i', $now);
 	if($expired_sessions) foreach($expired_sessions as $expired_session) {
 		_kill_session($expired_session);
 	}
@@ -112,6 +103,10 @@ function session_exists() {
 		return false;
 	}
 
+	if(isset($GLOBALS['session_id'])) {
+		return true;
+	}
+
 	$session_key = ereg_replace('[^a-zA-Z0-9]', '', $_REQUEST['session_key']);
 
 	if(!strlen($session_key) == 16) {
@@ -130,8 +125,13 @@ function session_exists() {
 	return true;
 }
 
-# return username if a session exists and is authenticated
+# depricated
 function session_exists_and_authed() {
+	return logged_in();
+}
+
+# return username if a session exists and is authenticated
+function logged_in() {
 	if(!session_exists()) {
 		return false;
 	}
@@ -140,6 +140,20 @@ function session_exists_and_authed() {
 }
 
 
+
+# return username if a session exists and is authenticated
+function logged_in_as_admin() {
+	if(!session_exists()) {
+		return false;
+	}
+
+	if(session_get('auth_admin')) {
+		return true;
+	}
+	return false;
+}
+
+
 # find existing session, or make one
 function init_session() {
 	if(!session_exists()) {