Ejemplo n.º 1
0
function ldSetCredentials($login, $ARUserDir = "/system/users/")
{
    global $ARCurrent, $AR, $LD_NO_SESSION_SUPPORT;
    if ($LD_NO_SESSION_SUPPORT) {
        debug("ldSetCredentials({$login}): no session support");
        return;
    }
    if (!$ARUserDir || $ARUserDir == "") {
        $ARUserDir = "/system/users/";
    }
    // Make sure the login is lower case. Because of the
    // numerous checks on "admin".
    $login = strtolower($login);
    debug("ldSetCredentials({$login})", "object");
    if (!$ARCurrent->session) {
        ldStartSession();
    } else {
        /* use the same sessionid if the user didn't login before */
        ldStartSession($ARCurrent->session->id);
    }
    $ARCurrent->session->put("ARLogin", $login);
    $ARCurrent->session->put("ARUserDir", $ARUserDir, true);
    /* create the session key */
    $session_key = bin2hex(random_bytes(16));
    $ARCurrent->session->put("ARSessionKey", $session_key, true);
    $ARCurrent->session->put("ARSessionTimedout", 0, 1);
    /* now save our session */
    $ARCurrent->session->save();
    $cookies = (array) $_COOKIE["ARSessionCookie"];
    foreach ($cookies as $sessionid => $cookie) {
        if (!$AR->hideSessionIDfromURL) {
            if (!$ARCurrent->session->sessionstore->exists("/{$sessionid}/")) {
                $data = ldDecodeCookie($cookie);
                if (is_array($data)) {
                    // don't just kill it, it may be from another ariadne installation
                    if ($data['timestamp'] < time() - 86400) {
                        // but do kill it if it's older than one day
                        unset($cookie[$sessionid]);
                        setcookie("ARSessionCookie[" . $sessionid . "]", null);
                    }
                }
            }
        } else {
            // only 1 cookie allowed, unset all cookies
            if ($sessionid != $ARCurrent->session->id) {
                setcookie("ARSessionCookie[" . $sessionid . "]", null);
            }
        }
    }
    $data = array();
    $data['login'] = $login;
    $data['timestamp'] = time();
    $data['check'] = ldGenerateSessionKeyCheck();
    $cookie = ldEncodeCookie($data);
    $cookiename = "ARSessionCookie[" . $ARCurrent->session->id . "]";
    debug("setting cookie ()({$cookie})");
    header('P3P: CP="NOI CUR OUR"');
    $https = $_SERVER['HTTPS'] == 'on';
    setcookie($cookiename, $cookie, 0, '/', false, $https, true);
}
Ejemplo n.º 2
0
function ldSetSession($session = '')
{
    global $AR, $ARCurrent;
    $nls = $ARCurrent->nls;
    if ($AR->hideSessionIDfromURL) {
        $cookies = (array) ldGetCredentials();
        $https = $_SERVER['HTTPS'] == 'on';
        if (!isset($cookies[$ARCurrent->session->id]) && $ARCurrent->session->id !== 0) {
            $data = array();
            $data['timestamp'] = time();
            $cookie = ldEncodeCookie($data);
            $cookiename = "ARSessionCookie[" . $ARCurrent->session->id . "]";
            debug("setting cookie (" . $ARCurrent->session->id . ")(" . $cookie . ")");
            header('P3P: CP="NOI CUR OUR"');
            setcookie('ARCurrentSession', $ARCurrent->session->id, 0, '/', false, $https, true);
            setcookie($cookiename, $cookie, 0, '/', false, $https, true);
        }
    }
    ldSetRoot($session, $nls);
}