/**
* Determine if $session_id represents a valid session and if so start the session
*
*/
function start($session_id)
{
global $langmessage, $dataDir, $gp_random, $gp_admin_html;
//get the session file
$sessions = gpsession::GetSessionIds();
if (!isset($sessions[$session_id])) {
gpsession::cookie(gp_session_cookie, '', time() - 42000);
//make sure the cookie is deleted
message($langmessage['Session Expired'] . ' (timeout)');
return false;
}
$sess_info = $sessions[$session_id];
//check ~ip, ~user agent ...
if (gp_browser_auth && isset($sess_info['uid'])) {
$auth_uid = gpsession::auth_browseruid();
$auth_uid_legacy = gpsession::auth_browseruid(true);
//legacy option added to prevent logging users out, added 2.0b2
if ($sess_info['uid'] != $auth_uid && $sess_info['uid'] != $auth_uid_legacy) {
gpsession::cookie(gp_session_cookie, '', time() - 42000);
//make sure the cookie is deleted
message($langmessage['Session Expired'] . ' (browser auth)');
return false;
}
}
$session_file = $dataDir . '/data/_sessions/' . $sess_info['file_name'];
if ($session_file === false || !file_exists($session_file)) {
gpsession::cookie(gp_session_cookie, '', time() - 42000);
//make sure the cookie is deleted
message($langmessage['Session Expired'] . ' (invalid)');
return false;
}
//lock to prevent conflicting edits
$locked = false;
$last_sess_id = false;
$last_sess_time = 0;
$since_last_session = 0;
foreach ($sessions as $sess_temp_id => $sess_temp_info) {
if (!isset($sess_temp_info['time']) || !$sess_temp_info['time']) {
continue;
}
$diff = (time() - $sess_temp_info['time']) / 60;
if ($diff < gp_lock_time && $last_sess_time < $sess_temp_info['time']) {
$last_sess_id = $sess_temp_id;
$last_sess_time = $sess_temp_info['time'];
$since_last_session = time() - $last_sess_time;
}
}
if ($last_sess_id && $last_sess_id != $session_id) {
$expires = ceil((gp_lock_time - $since_last_session) / 60);
//no longer locked
if ($expires > 0) {
$locked = true;
message($langmessage['site_locked'] . ' ' . sprintf($langmessage['lock_expires_in'], $expires));
}
}
//prevent browser caching when editing
Header('Last-Modified: ' . gmdate('D, j M Y H:i:s') . ' GMT');
Header('Expires: ' . gmdate('D, j M Y H:i:s', time()) . ' GMT');
Header('Cache-Control: no-store, no-cache, must-revalidate');
// HTTP/1.1
Header('Cache-Control: post-check=0, pre-check=0', false);
Header('Pragma: no-cache');
// HTTP/1.0
$GLOBALS['gpAdmin'] = gpsession::SessionData($session_file, $checksum);
if ($locked) {
$GLOBALS['gpAdmin']['locked'] = true;
} else {
unset($GLOBALS['gpAdmin']['locked']);
}
register_shutdown_function(array('gpsession', 'close'), $session_file, $checksum);
gpsession::SaveSetting();
//update time and move to end of $sessions array
if (!$locked && (!$since_last_session || $since_last_session > gp_lock_time / 2)) {
$sessions[$session_id]['time'] = time();
gpsession::SaveSessionIds($sessions);
}
//make sure forms have admin nonce
ob_start(array('gpsession', 'AdminBuffer'));
//make sure each logged in request has the gp_admin_html area
$gp_admin_html = '<div id="gp_admin_html"></div>';
return true;
}
