X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;f=session.php;h=bcf23578215b3401f2fe524af5dd4670db2774de;hb=56892b42cb4895e601c8de375d833806772673e9;hp=c3c1f44bd3e1d6b7eef447debb0a8c89d6729e98;hpb=c4575213df3077d1b9956dd12132f13ba7567970;p=wfpl.git

diff --git a/session.php b/session.php
index c3c1f44..bcf2357 100644
--- a/session.php
+++ b/session.php
@@ -20,7 +20,7 @@
 # create table wfpl_sessions (id int unique auto_increment, session_key varchar(16), length int, expires int);
 # create table wfpl_session_data (id int unique auto_increment, session_id int, name varchar(100), value text);
 # run this command to install/clear the tables:
-#   mysql DATABASE_NAME < code/wfpl/examples/session.sql
+#   mysql DATABASE_NAME < inc/wfpl/examples/session.sql
 # note: you may need these parameters for mysql:  -u USERNAME -p
 
 # GLOSSARY
@@ -36,15 +36,15 @@
 # generate a new random 16-character string
 function session_generate_key() {
 	$character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-    $id = "                ";
+	$id = "                ";
 
 	# PHP 4.2.0 and up seed the random number generator for you.
 	# Lets hope that it seeds with something harder to guess than the clock.
-    for($i = 0; $i < 16; ++$i) {
-        $id{$i} = $character_set{mt_rand(0, 61)};
-    }
+	for($i = 0; $i < 16; ++$i) {
+		$id{$i} = $character_set{mt_rand(0, 61)};
+	}
 
-    return $id;
+	return $id;
 }
 
 # track this user with a session cookie (ie a cookie that goes away when the
@@ -56,7 +56,7 @@ function session_new($length = 86400) {
 	db_insert('wfpl_sessions', 'session_key,length', $session_key, $length);
 	$GLOBALS['session_id'] = db_auto_id();
 	$GLOBALS['session_key'] = $session_key;
-	$_REQUEST['session_key'] = $session_key; #just in case someone calls session_exists() after session_new()
+	$_COOKIE['session_key'] = $session_key; #just in case someone calls session_exists() after session_new()
 	session_touch($length);
 	return $GLOBALS['session_key'];
 }
@@ -69,7 +69,7 @@ function session_touch($length = false) {
 	}
 	$expires = time() + $length;
 
-	header('Set-Cookie: session_key=' . $GLOBALS['session_key']);
+	header('Set-Cookie: session_key=' . $GLOBALS['session_key'] . '; Path=/');
 
 	db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['session_id']);
 }
@@ -99,7 +99,7 @@ function session_purge_old() {
 
 # return true if a session exists
 function session_exists() {
-	if(!isset($_REQUEST['session_key'])) {
+	if(!isset($_COOKIE['session_key'])) {
 		return false;
 	}
 
@@ -107,7 +107,7 @@ function session_exists() {
 		return true;
 	}
 
-	$session_key = ereg_replace('[^a-zA-Z0-9]', '', $_REQUEST['session_key']);
+	$session_key = ereg_replace('[^a-zA-Z0-9]', '', $_COOKIE['session_key']);
 
 	if(!strlen($session_key) == 16) {
 		return false;
@@ -157,7 +157,7 @@ function logged_in() {
 
 
 
-# return username if a session exists and is authenticated
+# return true if a session exists and is authenticated
 function logged_in_as_admin() {
 	if(!session_exists()) {
 		return false;