X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl.git;a=blobdiff_plain;f=session.php;h=bcf23578215b3401f2fe524af5dd4670db2774de;hp=b36af68660469156d8059a3bac5f3f5d8c34ab8c;hb=15459c86d0996ab3037b1738a8be6efd378c1258;hpb=856f805c6cbb6e712c662214f3b5821442f808a0 diff --git a/session.php b/session.php index b36af68..bcf2357 100644 --- a/session.php +++ b/session.php @@ -20,13 +20,13 @@ # create table wfpl_sessions (id int unique auto_increment, session_key varchar(16), length int, expires int); # create table wfpl_session_data (id int unique auto_increment, session_id int, name varchar(100), value text); # run this command to install/clear the tables: -# mysql DATABASE_NAME < code/wfpl/examples/session.sql +# mysql DATABASE_NAME < inc/wfpl/examples/session.sql # note: you may need these parameters for mysql: -u USERNAME -p # GLOSSARY # # session_key 16 digit string identifying the session -# session_id integer id of the record in the "sessions" table of the database +# session_id integer id of the record in the "wfpl_sessions" table of the database # UNTIL_CLOSE a constant passed as session length to indicate "until browser window closes" @@ -36,15 +36,15 @@ # generate a new random 16-character string function session_generate_key() { $character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; - $id = " "; + $id = " "; # PHP 4.2.0 and up seed the random number generator for you. # Lets hope that it seeds with something harder to guess than the clock. - for($i = 0; $i < 16; ++$i) { - $id{$i} = $character_set{mt_rand(0, 61)}; - } + for($i = 0; $i < 16; ++$i) { + $id{$i} = $character_set{mt_rand(0, 61)}; + } - return $id; + return $id; } # track this user with a session cookie (ie a cookie that goes away when the @@ -56,7 +56,7 @@ function session_new($length = 86400) { db_insert('wfpl_sessions', 'session_key,length', $session_key, $length); $GLOBALS['session_id'] = db_auto_id(); $GLOBALS['session_key'] = $session_key; - $_REQUEST['session_key'] = $session_key; #just in case someone calls session_exists() after session_new() + $_COOKIE['session_key'] = $session_key; #just in case someone calls session_exists() after session_new() session_touch($length); return $GLOBALS['session_key']; } @@ -69,7 +69,7 @@ function session_touch($length = false) { } $expires = time() + $length; - header('Set-Cookie: session_key=' . $GLOBALS['session_key']); + header('Set-Cookie: session_key=' . $GLOBALS['session_key'] . '; Path=/'); db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['session_id']); } @@ -99,7 +99,7 @@ function session_purge_old() { # return true if a session exists function session_exists() { - if(!isset($_REQUEST['session_key'])) { + if(!isset($_COOKIE['session_key'])) { return false; } @@ -107,7 +107,7 @@ function session_exists() { return true; } - $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_REQUEST['session_key']); + $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_COOKIE['session_key']); if(!strlen($session_key) == 16) { return false; @@ -125,8 +125,29 @@ function session_exists() { return true; } -# return username if a session exists and is authenticated +# depricated function session_exists_and_authed() { + return logged_in(); +} + + +# generate a random password using only letters and numbers that look +# particularly unique +function new_readable_password($length = 8) { + $character_set = "ABCDEFHJKLMNPQRTUVWXY34789"; + $code = ""; + + # PHP 4.2.0 and up seed the random number generator for you. + # Lets hope that it seeds with something harder to guess than the clock. + while($length--) { + $code .= $character_set{mt_rand(0, 25)}; # inclusive + } + + return $code; +} + +# return username if a session exists and is authenticated +function logged_in() { if(!session_exists()) { return false; } @@ -135,7 +156,21 @@ function session_exists_and_authed() { } -# find existing session, or make one + +# return true if a session exists and is authenticated +function logged_in_as_admin() { + if(!session_exists()) { + return false; + } + + if(session_get('auth_admin')) { + return true; + } + return false; +} + + +# find existing session, or make one (name "session_init" was taken) function init_session() { if(!session_exists()) { session_new();