1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
<?php
/***************************************************************************
* sessions.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*
***************************************************************************/
/**
* new_session()
* Adds a new session to the database for the given userid.
* Returns the new session ID.
* Also deletes all expired sessions from the database, based on the given session lifespan.
*/
function new_session($userid, $remote_ip, $lifespan, $db)
{
mt_srand( (double) microtime() * 1000000);
$sessid = mt_rand();
$currtime = (string) (time());
$expirytime = (string) (time() - $lifespan);
$deleteSQL = "DELETE FROM ".SESSIONS_TABLE." WHERE (start_time < $expirytime)";
$delresult = $db->sql_query($deleteSQL);
if (!$delresult)
{
error_die($db, SESSION_CREATE);
}
$sql = "INSERT INTO ".SESSIONS_TABLE." (sess_id, user_id, start_time, remote_ip) VALUES ($sessid, $userid, $currtime, '$remote_ip')";
$result = $db->sql_query($sql);
if ($result)
{
return $sessid;
}
else
{
error_die($db, SESSION_CREATE);
} // if/else
} // new_session()
/*
* Sets the sessID cookie for the given session ID. the $cookietime parameter
* is no longer used, but just hasn't been removed yet. It'll break all the modules
* (just login) that call this code when it gets removed.
* Sets a cookie with no specified expiry time. This makes the cookie last until the
* user's browser is closed. (at last that's the case in IE5 and NS4.7.. Haven't tried
* it with anything else.)
*/
function set_session_cookie($sessid, $cookietime, $cookiename, $cookiepath, $cookiedomain, $cookiesecure)
{
// This sets a cookie that will persist until the user closes their browser window.
// since session expiry is handled on the server-side, cookie expiry time isn't a big deal.
setcookie($cookiename, $sessid, '', $cookiepath, $cookiedomain, $cookiesecure);
} // set_session_cookie()
/*
* Returns the userID associated with the given session, based on
* the given session lifespan $cookietime and the given remote IP
* address. If no match found, returns 0.
*/
function get_userid_from_session($sessid, $cookietime, $remote_ip, $db)
{
$mintime = time() - $cookietime;
$sql = "SELECT user_id
FROM ".SESSIONS_TABLE."
WHERE (sess_id = $sessid)
AND (start_time > $mintime)
AND (remote_ip = '$remote_ip')";
$result = $db->sql_query($sql);
if (!$result)
{
error_die($db, "Error doing DB query in get_userid_from_session()");
}
$rowset = $db->sql_fetchrowset();
$num_rows = $db->sql_numrows();
if ($num_rows == 0)
{
return 0;
}
else
{
return $rowset[0]["user_id"];
}
} // get_userid_from_session()
function update_session_time($sessid, $db)
{
$newtime = (string) time();
$sql = "UPDATE ".SESSIONS_TABLE." SET start_time=$newtime WHERE (sess_id = $sessid)";
$result = $db->sql_query($sql);
if (!$result)
{
$db_error = $db->sql_error();
error_die($db, "Error doing DB update in update_session_time(). Reason: " . $db_error["message"]);
}
return 1;
} // update_session_time()
function end_user_session($userid, $db)
{
$sql = "DELETE FROM ".SESSIONS_TABLE." WHERE (user_id = $userid)";
$result = $db->sql_query($sql, $db);
if (!$result)
{
$db_error = $db->sql_error();
error_die($db, "Delete failed in end_user_session(). Reason: " . $db_error["message"]);
}
return 1;
} // end_session()
?>
|
