X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl.git;a=blobdiff_plain;f=session.php;h=bcf23578215b3401f2fe524af5dd4670db2774de;hp=c61be6f40bab23af704cd86b04410554ad1ce246;hb=15459c86d0996ab3037b1738a8be6efd378c1258;hpb=ed5b82e026ec9a6f0fd844ba42fff3f268d949d3 diff --git a/session.php b/session.php index c61be6f..bcf2357 100644 --- a/session.php +++ b/session.php @@ -2,34 +2,31 @@ # Copyright (C) 2006 Jason Woofenden # -# This file is part of wfpl. -# -# wfpl is free software; you can redistribute it and/or modify it under the -# terms of the GNU Lesser General Public License as published by the Free -# Software Foundation; either version 2.1 of the License, or (at your option) -# any later version. -# -# wfpl is distributed in the hope that it will be useful, but WITHOUT ANY -# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for -# more details. -# -# You should have received a copy of the GNU Lesser General Public License -# along with wfpl; if not, write to the Free Software Foundation, Inc., 51 -# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . # you'll need these database tables: # create table wfpl_sessions (id int unique auto_increment, session_key varchar(16), length int, expires int); # create table wfpl_session_data (id int unique auto_increment, session_id int, name varchar(100), value text); # run this command to install/clear the tables: -# mysql DATABASE_NAME < code/wfpl/examples/session.sql +# mysql DATABASE_NAME < inc/wfpl/examples/session.sql # note: you may need these parameters for mysql: -u USERNAME -p # GLOSSARY # # session_key 16 digit string identifying the session -# session_id integer id of the record in the "sessions" table of the database +# session_id integer id of the record in the "wfpl_sessions" table of the database # UNTIL_CLOSE a constant passed as session length to indicate "until browser window closes" @@ -39,15 +36,15 @@ # generate a new random 16-character string function session_generate_key() { $character_set = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; - $id = " "; + $id = " "; # PHP 4.2.0 and up seed the random number generator for you. # Lets hope that it seeds with something harder to guess than the clock. - for($i = 0; $i < 16; ++$i) { - $id{$i} = $character_set{mt_rand(0, 61)}; - } + for($i = 0; $i < 16; ++$i) { + $id{$i} = $character_set{mt_rand(0, 61)}; + } - return $id; + return $id; } # track this user with a session cookie (ie a cookie that goes away when the @@ -59,7 +56,7 @@ function session_new($length = 86400) { db_insert('wfpl_sessions', 'session_key,length', $session_key, $length); $GLOBALS['session_id'] = db_auto_id(); $GLOBALS['session_key'] = $session_key; - $_REQUEST['session_key'] = $session_key; #just in case someone calls session_exists() after session_new() + $_COOKIE['session_key'] = $session_key; #just in case someone calls session_exists() after session_new() session_touch($length); return $GLOBALS['session_key']; } @@ -72,7 +69,7 @@ function session_touch($length = false) { } $expires = time() + $length; - header('Set-Cookie: session_key=' . $GLOBALS['session_key']); + header('Set-Cookie: session_key=' . $GLOBALS['session_key'] . '; Path=/'); db_update('wfpl_sessions', 'expires', $expires, 'where id=%i', $GLOBALS['session_id']); } @@ -102,7 +99,7 @@ function session_purge_old() { # return true if a session exists function session_exists() { - if(!isset($_REQUEST['session_key'])) { + if(!isset($_COOKIE['session_key'])) { return false; } @@ -110,7 +107,7 @@ function session_exists() { return true; } - $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_REQUEST['session_key']); + $session_key = ereg_replace('[^a-zA-Z0-9]', '', $_COOKIE['session_key']); if(!strlen($session_key) == 16) { return false; @@ -128,8 +125,29 @@ function session_exists() { return true; } -# return username if a session exists and is authenticated +# depricated function session_exists_and_authed() { + return logged_in(); +} + + +# generate a random password using only letters and numbers that look +# particularly unique +function new_readable_password($length = 8) { + $character_set = "ABCDEFHJKLMNPQRTUVWXY34789"; + $code = ""; + + # PHP 4.2.0 and up seed the random number generator for you. + # Lets hope that it seeds with something harder to guess than the clock. + while($length--) { + $code .= $character_set{mt_rand(0, 25)}; # inclusive + } + + return $code; +} + +# return username if a session exists and is authenticated +function logged_in() { if(!session_exists()) { return false; } @@ -138,7 +156,21 @@ function session_exists_and_authed() { } -# find existing session, or make one + +# return true if a session exists and is authenticated +function logged_in_as_admin() { + if(!session_exists()) { + return false; + } + + if(session_get('auth_admin')) { + return true; + } + return false; +} + + +# find existing session, or make one (name "session_init" was taken) function init_session() { if(!session_exists()) { session_new();