function startSessionIfRequired() { global $SETTINGS; // don't run this more than once if (defined('SESSION_STARTED')) { return; } define('SESSION_STARTED', true); // error-checking for custom session settings $customSessionErrors = getCustomSessionErrors(@$SETTINGS['advanced']['session_cookie_domain'], @$SETTINGS['advanced']['session_save_path']); if ($customSessionErrors) { $customSessionErrors .= sprintf(t('To change %1$s settings edit %2$s'), 'session', '/data/' . SETTINGS_FILENAME); die($customSessionErrors); } // Initialize session $session_name = cookiePrefix() . 'PHPSESSID'; // use a unique session cookie for each CMS installation ini_set('session.name', $session_name); // sets session.name ini_set('session.cookie_secure', isHTTPS()); // use/require secure cookies when on HTTPS:// connections ini_set('session.use_cookies', true); ini_set('session.use_only_cookies', true); ini_set('session.cookie_domain', @$SETTINGS['advanced']['session_cookie_domain']); // use this to allow shared login access between subdomains such as host1.example.com, host2.example.com, example.com ini_set('session.cookie_path', '/'); ini_set('session.cookie_httponly', true); ini_set('session.cookie_lifetime', 60 * 60 * 24 * 365 * 25); // save session cookies forever (or 25 years) so they'll work even if users who have turned their system clocks back a few years ini_set('session.gc_maxlifetime', 60 * 60 * 24); // session garbage-collection code starts getting randomly called after this many seconds of inactiity ini_set('session.use_trans_sid', false); if (@$SETTINGS['advanced']['session_save_path']) { ini_set('session.save_path', @$SETTINGS['advanced']['session_save_path']); // use this if your host imposes restrictive session removal timeouts ini_set('session.gc_probability', 1); // after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests ini_set('session.gc_divisor', 100); // after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests // we don't set gc_ values by default because they cause errors on some server configs: http://bugs.php.net/bug.php?id=20720 } unset($php_errormsg); @session_start(); // session_start doesn't output correct return value until PHP 5.3.0+ so we test on the next line if (isset($php_errormsg)) { die("Couldn't start session! '{$php_errormsg}'!"); } }
function loginCookie_name($addCookiePrefix = false) { $cookieName = 'loginsession'; if ($addCookiePrefix) { $cookieName = cookiePrefix() . $cookieName; } return $cookieName; }
function getCurrentUserFromCMS() { // NOTE: Keep this in /lib/common.php, not login_functions.php or user_functions.php so no extra libraries need to be loaded to call it require_once SCRIPT_DIR . "/lib/login_functions.php"; // if not already loaded by a plugin - loads getCurrentUser() and accountsTable(); // save old cookiespace and accounts table $oldCookiePrefix = array_first(cookiePrefix(false, true)); // save old cookiespace $oldAccountsTable = accountsTable(); // save old accounts table // switch to cms admin cookiespace and accounts table and load current CMS user cookiePrefix('cms'); // switch to CMS Admin cookiespace accountsTable('accounts'); // switch to CMS Admin accounts table $cmsUser = getCurrentUser($loginExpired); // 2.52 - load cms users accessList (needed by viewer_functions.php for previewing) if ($cmsUser['num']) { // 2.64 - only add if user found $records = mysql_select('_accesslist', array('userNum' => $cmsUser['num'])); foreach ($records as $record) { $cmsUser['accessList'][$record['tableName']]['accessLevel'] = $record['accessLevel']; $cmsUser['accessList'][$record['tableName']]['maxRecords'] = $record['maxRecords']; } } // switch back to previoius cookiespace and accounts table cookiePrefix($oldCookiePrefix); accountsTable($oldAccountsTable); // return $cmsUser; }