# Copyright (C) 2006 Jason Woofenden
#
-# This file is part of wfpl.
-#
-# wfpl is free software; you can redistribute it and/or modify it under the
-# terms of the GNU Lesser General Public License as published by the Free
-# Software Foundation; either version 2.1 of the License, or (at your option)
-# any later version.
-#
-# wfpl is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
-# more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with wfpl; if not, write to the Free Software Foundation, Inc., 51
-# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
-# you'll need this file that calls db_connect()
-if(!isset($GLOBALS['wfpl_db_handle'])) {
- if(file_exists('db_connect.php')) {
- require_once('db_connect.php');
- } elseif(file_exists('code/db_connect.php')) {
- require_once('code/db_connect.php');
- } else {
- die("session.php requires a file db_connect.php or that you call db_connect() first. See code/wfpl/db.php for more information.");
- }
-}
-
-# and these database tables:
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+# you'll need these database tables:
# create table wfpl_sessions (id int unique auto_increment, session_key varchar(16), length int, expires int);
# create table wfpl_session_data (id int unique auto_increment, session_id int, name varchar(100), value text);
# run this command to install/clear the tables:
-# mysql DATABASE_NAME < code/wfpl/examples/session.sql
+# mysql DATABASE_NAME < inc/wfpl/examples/session.sql
# note: you may need these parameters for mysql: -u USERNAME -p
# GLOSSARY
#
# session_key 16 digit string identifying the session
-# session_id integer id of the record in the "sessions" table of the database
+# session_id integer id of the record in the "wfpl_sessions" table of the database
# UNTIL_CLOSE a constant passed as session length to indicate "until browser window closes"
# generate a new random 16-character string
function session_generate_key() {
$character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
- $id = " ";
+ $id = " ";
# PHP 4.2.0 and up seed the random number generator for you.
# Lets hope that it seeds with something harder to guess than the clock.
- for($i = 0; $i < 16; ++$i) {
- $id{$i} = $character_set{mt_rand(0, 61)};
- }
+ for($i = 0; $i < 16; ++$i) {
+ $id{$i} = $character_set{mt_rand(0, 61)};
+ }
- return $id;
+ return $id;
}
# track this user with a session cookie (ie a cookie that goes away when the
db_insert('wfpl_sessions', 'session_key,length', $session_key, $length);
$GLOBALS['session_id'] = db_auto_id();
$GLOBALS['session_key'] = $session_key;
- $_REQUEST['session_key'] = $session_key; #just in case someone calls session_exists() after session_new()
+ $_COOKIE['session_key'] = $session_key; #just in case someone calls session_exists() after session_new()
session_touch($length);
return $GLOBALS['session_key'];
}
# call to renew the timeout for the session.
-# assumes there's a session. call session_init() if you'd like one auto-create one if not found.
+# assumes there's a session. call init_session() if you'd like one auto-create one if not found.
function session_touch($length = false) {
if(!$length) {
$length = db_get_value('wfpl_sessions', 'length', 'where id=%i', $GLOBALS['session_id']);
}
$expires = time() + $length;
- header('Set-Cookie: session_key=' . $GLOBALS['session_key']);
+ header('Set-Cookie: session_key=' . $GLOBALS['session_key'] . '; Path=/');
db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['session_id']);
}
# return true if a session exists
function session_exists() {
- if(!isset($_REQUEST['session_key'])) {
+ if(!isset($_COOKIE['session_key'])) {
return false;
}
return true;
}
- $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_REQUEST['session_key']);
+ $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_COOKIE['session_key']);
if(!strlen($session_key) == 16) {
return false;
return true;
}
-# return username if a session exists and is authenticated
+# depricated
function session_exists_and_authed() {
+ return logged_in();
+}
+
+
+# generate a random password using only letters and numbers that look
+# particularly unique
+function new_readable_password($length = 8) {
+ $character_set = "ABCDEFHJKLMNPQRTUVWXY34789";
+ $code = "";
+
+ # PHP 4.2.0 and up seed the random number generator for you.
+ # Lets hope that it seeds with something harder to guess than the clock.
+ while($length--) {
+ $code .= $character_set{mt_rand(0, 25)}; # inclusive
+ }
+
+ return $code;
+}
+
+# return username if a session exists and is authenticated
+function logged_in() {
if(!session_exists()) {
return false;
}
}
-# find existing session, or make one
+
+# return true if a session exists and is authenticated
+function logged_in_as_admin() {
+ if(!session_exists()) {
+ return false;
+ }
+
+ if(session_get('auth_admin')) {
+ return true;
+ }
+ return false;
+}
+
+
+# find existing session, or make one (name "session_init" was taken)
function init_session() {
if(!session_exists()) {
session_new();
Got questions, comments, patches, etc.? Contact Jason Woofenden