function requireMembership() { global $session; if (!isLoggedIn()) requireLogin(); if (!empty($session['id']) && isSessionAuthorized(session_id())) { return true; } return false; }
function authorizeSession($userid) { global $database, $db, $service, $session; if (!is_numeric($userid)) return false; $session['id'] = $_SESSION['_app_id_'] = $userid; if (isSessionAuthorized(session_id())) return true; for ($i = 0; $i < 100; $i++) { $sid = makeSessionId(); $db->execute("INSERT INTO {$database['prefix']}SessionsData(id, address, updated) VALUES('$sid', '{$_SERVER['REMOTE_IP']}', UNIX_TIMESTAMP())"); if (!$db->affectedRows()) return false; $db->execute("INSERT INTO {$database['prefix']}Sessions(id, address, userid, created, updated) VALUES('$sid', '{$_SERVER['REMOTE_IP']}', $userid, UNIX_TIMESTAMP(), UNIX_TIMESTAMP())"); if ($db->affectedRows()) { session_id($sid); $domain = ((substr(strtolower($_SERVER['HTTP_HOST']), 0, 4) == 'www.') ? substr($_SERVER['HTTP_HOST'], 3) : $_SERVER['HTTP_HOST']); $port = strpos($domain, ':'); if ( $port !== false ) $domain = substr($domain, 0, $port); header('Set-Cookie: S20_BLOGLOUNGE_SESSION='.$sid.'; path=/; domain='.$domain); return true; } } return false; }