/**
* session_set_new() - Setup session for the given user
*
* This function sets up SourceForge session for the given user,
* making one be "logged in".
*
* @param int The user ID
* @return none
*/
function session_set_new($user_id)
{
global $G_SESSION;
// set session cookie
//
$cookie = session_build_session_cookie($user_id);
session_cookie("session_ser", $cookie);
db_query("\n\t\tINSERT INTO session (session_hash, ip_addr, time, user_id) \n\t\tVALUES (\n\t\t\t'" . session_get_session_cookie_hash($cookie) . "', \n\t\t\t'" . $GLOBALS['REMOTE_ADDR'] . "',\n\t\t\t'" . time() . "',\n\t\t\t{$user_id}\n\t\t)\n\t");
// check uniqueness of the session_hash in the database
//
$res = session_getdata($user_id);
if (!$res || db_numrows($res) < 1) {
exit_error("ERROR", "ERROR - Cannot initialize session: " . db_error());
} else {
//set up the new user object
//
$G_SESSION = user_get_object($user_id, $res);
if ($G_SESSION) {
$G_SESSION->setLoggedIn(true);
}
}
// set username cookie for *.hostname.tld, expiration set in local.inc
//
session_cookie('username', session_build_username_cookie($G_SESSION->getUnixName()), $GLOBALS['sys_username_cookie_urlspace'], time() + $GLOBALS['sys_username_cookie_expiration']);
}
/**
* Metered Release Function
* Looks at the global site config, and determines if a user is
* eligible to access a particular URL. This is used for metered
* rollouts and page access.
* @return bool
**/
function FUNCLIB_metered_release($key, $incoming_key = NULL)
{
// $val = <<<HEREDOC
// 1 exactuser /community 0
// HEREDOC;
// SC::set('board_config.metered_release', $val);
if ($key == 'http://' . MAIN_SERVER . '/comingsoon' || $key == '/comingsoon' || $key == '/comingsoon/' || $key == 'comingsoon') {
return true;
}
// check for any metered value
$meter = SC::get('board_config.metered_release');
if (!$meter) {
return true;
}
$meters = explode('#', $meter);
foreach ($meters as $meter) {
$meter = trim($meter);
$m_pieces = explode(' ', $meter);
if (!$m_pieces[3]) {
$m_pieces[3] = 0;
}
list($threshold, $method, $regex, $offset) = $m_pieces;
if (!$offset) {
$offset = 0;
}
$regex = str_replace(array('*', '?'), array('.*', '\\?'), $regex);
if (!preg_match('#' . $regex . '#i', $key)) {
continue;
}
switch ($method) {
case 'session':
if ($incoming_key) {
$value = $incoming_key + $offset;
} else {
$data = session_cookie();
$value = hexdec(substr($data[1], 0, 4)) + $offset;
}
return $value % METERED_RELEASE_MIGRATION_SIZE < $threshold ? true : false;
case 'userid':
if ($incoming_key) {
$value = $incoming_key + $offset;
} else {
$data = session_cookie();
$user_id = $data[0];
// anon blocked
if ($user_id <= 0) {
return false;
}
$value = $user_id + $offset;
}
return $value % METERED_RELEASE_MIGRATION_SIZE < $threshold ? true : false;
case 'exactuser':
if ($incoming_key) {
$user_id = $incoming_key;
} else {
$data = session_cookie();
$user_id = $data[0];
}
// anon blocked
if ($user_id <= 0) {
return false;
}
return $user_id == $threshold ? true : false;
}
// unknown method
return false;
}
// didn't get denied
return true;
}
/**
* session_set_new() - Setup session for the given user
*
* This function sets up SourceForge session for the given user,
* making one be "logged in".
*
* @param int The user ID
* @return none
*/
function session_set_new($user_id)
{
global $G_SESSION, $session_ser;
// set session cookie
//
$cookie = session_build_session_cookie($user_id);
session_cookie("session_ser", $cookie, "", $GLOBALS['sys_session_expire']);
$session_ser = $cookie;
db_query("\n\t\tINSERT INTO user_session (session_hash, ip_addr, time, user_id) \n\t\tVALUES (\n\t\t\t'" . session_get_session_cookie_hash($cookie) . "', \n\t\t\t'" . getStringFromServer('REMOTE_ADDR') . "',\n\t\t\t'" . time() . "',\n\t\t\t{$user_id}\n\t\t)\n\t");
// check uniqueness of the session_hash in the database
//
$res = session_getdata($user_id);
if (!$res || db_numrows($res) < 1) {
exit_error(_('ERROR'), _('ERROR') . ": " . db_error());
} else {
//set up the new user object
//
$G_SESSION = user_get_object($user_id, $res);
if ($G_SESSION) {
$G_SESSION->setLoggedIn(true);
}
}
}
function session_set()
{
global $G_SESSION;
// assume bad session_hash and session. If all checks work, then allow
// otherwise make new session
$id_is_good = false;
// here also check for good hash, set if new session is needed
if ($GLOBALS['session_hash']) {
$result = session_getdata($GLOBALS['session_hash']);
// does hash exist?
if (db_numrows($result) > 0) {
if (session_checkip(db_result($result, 0, 'ip_addr'), $GLOBALS['REMOTE_ADDR'])) {
$id_is_good = true;
} else {
$id_is_good = false;
session_cookie('session_hash', '');
}
} else {
$id_is_good = false;
session_cookie('session_hash', '');
}
}
// else (hash does not exist) or (session hash is bad)
if ($id_is_good) {
$G_SESSION = user_get_object(db_result($result, 0, 'user_id'), $result);
if ($G_SESSION) {
$G_SESSION->setLoggedIn(true);
}
} else {
$G_SESSION = false;
}
}
<?php
//
// SourceForge: Breaking Down the Barriers to Open Source Development
// Copyright 1999-2000 (c) The SourceForge Crew
// http://sourceforge.net
//
// $Id: logout.php,v 1.2 2003/11/13 11:29:21 helix Exp $
require 'pre.php';
db_query("DELETE FROM session WHERE session_hash='{$session_hash}'");
session_cookie('session_hash', '');
session_redirect('/');