function pkwk_session_start()
{
global $use_trans_sid_address;
static $use_session;
if (!isset($use_session)) {
$use_session = intval(PLUS_ALLOW_SESSION);
if ($use_session > 0) {
if (!is_array($use_trans_sid_address)) {
$use_trans_sid_address = array();
}
if (in_the_net($use_trans_sid_address, $_SERVER['REMOTE_ADDR'])) {
ini_set('session.use_cookies', 0);
} else {
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
}
session_name('pukiwiki');
@session_start();
if (ini_get('session.use_cookies') == 0 && ini_get('session.use_trans_sid') == 0) {
output_add_rewrite_var(session_name(), session_id());
}
}
}
return $use_session;
}
/**
* コンストラクタ
*
* ここでPHPの標準セッションがスタートする
*/
public function __construct($session_name = null, $session_id = null, $use_cookies = true)
{
$this->setCookieHttpOnly();
// キャッシュ制御なし
session_cache_limiter('none');
// セッション名およびセッションIDを設定
if ($session_name) {
session_name($session_name);
}
if ($session_id) {
session_id($session_id);
}
// Cookie使用の可否に応じてiniディレクティブを変更
if ($use_cookies) {
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
} else {
ini_set('session.use_cookies', 0);
ini_set('session.use_only_cookies', 0);
}
// セッションデータを初期化する
session_start();
self::$_session_started = true;
// Cookieが使用できず、session.use_trans_sidがOffの場合
if (!$use_cookies && !ini_get('session.use_trans_sid')) {
$snm = session_name();
$sid = session_id();
output_add_rewrite_var($snm, $sid);
}
/*
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
*/
}
public function shutdown($bus)
{
$session = $bus->get("session");
if ($session->isStarted() && !$session->isCookieEnabled() && ini_get("session.use_trans_sid") === "0") {
output_add_rewrite_var($session->getName(), $session->getId());
}
}
static function Prep()
{
global $page;
if (!isset($page->rewrite_urls)) {
return;
}
ini_set('arg_separator.output', '&');
foreach ($page->rewrite_urls as $key => $value) {
output_add_rewrite_var($key, $value);
}
}
function session_use_trans_sid($flag)
{
if (ini_set('session.use_trans_sid', $flag) !== false) {
if ($flag) {
$session_name = session_name();
if (isset($_REQUEST[$session_name]) && preg_match('/^\\w+$/', $_REQUEST[$session_name])) {
session_id($_REQUEST[$session_name]);
output_add_rewrite_var($session_name, $_REQUEST[$session_name]);
}
}
}
}
/**
* Call this to add a CSRF protection code to all the
* forms and links on the generated page. Note that
* you don't need to pass any content, and nothing is
* returned - this function uses PHP to change it's
* output so as to insert the data.
*
* Note: output_add_rewrite_var() used in here does a really bad job
* on your URIs within the HTML. It adds parameters without considering
* whether it should use '&' or '&'. This results in invalid HTML!
*/
public static function add_code()
{
if (!self::__is_logged_in()) {
return;
}
if (self::$already_added_code) {
return;
}
// do not add CSRF code in case current request is an AJAX request. They're secure
// by definition and also, they're much more delicate in
// what can be returned - and they usually exceed the
// request amount limit pretty quickly (see active_decrease etc)
if (self::__is_ajax()) {
return;
}
self::$already_added_code = true;
$code = self::__get_code();
output_add_rewrite_var(self::$formkey, $code);
}
$path = "../libraries/";
//Define default path
/** The configuration file.*/
require_once $path . "configuration.php";
$benchmark = new EfrontBenchmark($debug_TimeStart);
$benchmark->set('init');
//Set headers in order to eliminate browser cache (especially IE's)
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// Date in the past
header("cache-control: no-transform");
//To prevent 3G carriers from compressing the site, which will break all grids
//If the page is shown as a popup, make sure it remains in such mode
if (!isset($_GET['reset_popup']) && (isset($_GET['popup']) || isset($_POST['popup']) || isset($_SERVER['HTTP_REFERER']) && strpos(strtolower($_SERVER['HTTP_REFERER']), 'popup') !== false && strpos(strtolower($_SERVER['HTTP_REFERER']), 'reset_popup') === false)) {
output_add_rewrite_var('popup', 1);
$smarty->assign("T_POPUP_MODE", true);
$popup = 1;
}
$search_message = $message = $message_type = '';
//Initialize messages, because if register_globals is turned on, some messages will be displayed twice
$load_editor = false;
$loadScripts = array();
try {
if ($_GET['student']) {
$currentUser = EfrontUserFactory::factory('student', false, 'student');
$currentUser->login($currentUser->user['password'], true);
} else {
$currentUser = EfrontUser::checkUserAccess(false, 'student');
}
if ($currentUser->user['user_type'] == 'administrator') {
//***************************************************************************//
// Reverse magic quotes if they are enabled.
if (get_magic_quotes_gpc()) {
$_REQUEST = dmq($_REQUEST);
}
// Set errors accordingly.
error_reporting(E_ALL ^ E_NOTICE);
// Start the session.
ini_set('arg_separator.output', '&');
session_name('s');
session_start();
// Don't screw with our URLs, you crazy PHP you.
output_reset_rewrite_vars();
// Add the session ID to all local URLs (if it hasn't been saved to a cookie).
if (SID) {
output_add_rewrite_var('s', stripslashes(session_id()));
}
// Are they specifying a step?
if ($_REQUEST['step'] == 1) {
// Yes, so set the step.
$_SESSION['step'] = 1;
}
// Are they specifying an install type?
if (isset($_REQUEST['setup'])) {
// Yes, so set the install type.
$_SESSION['setup'] = $_REQUEST['setup'];
}
// Are they wanting to install or upgrade?
if ($_SESSION['setup'] == 'install') {
require './includes/install.inc.php';
} else {
<?php
session_start();
output_add_rewrite_var('var', 'value');
echo '<a href="file.php">link</a>';
ob_flush();
output_reset_rewrite_vars();
echo '<a href="file.php">link</a>';
<?php
$string = "<a href='a?q=1'>asd</a>";
output_add_rewrite_var('a', 'b');
echo $string;
ob_flush();
ob_end_clean();
if (isset($_GET['lang'])) {
$_REQUEST['lang'] =& $_GET['lang'];
} elseif (isset($_POST['lang'])) {
$_REQUEST['lang'] =& $_POST['lang'];
}
/* Check for valid language and include the local file */
if (!isset($_GET['langchooser']) && (isset($_REQUEST['lang']) && isset($valid_langs[(string) $_REQUEST['lang']]) || ($lang = valid_http_lang()) || !empty($_REQUEST['url']))) {
if (empty($lang)) {
$lang = isset($_REQUEST['lang']) ? $_REQUEST['lang'] : 'en';
} else {
$redir = true;
}
if (empty($_COOKIE['lang']) || $lang != $_COOKIE['lang']) {
setcookie('lang', $lang, time() + 60 * 60 * 24 * 90, '/', 'validator.aborla.net');
}
output_add_rewrite_var('lang', $lang);
require './local/en.inc';
// fallback for not translated messages
if ($lang != 'en') {
require "./local/{$lang}.inc";
}
//load localized messages
common_header();
if (isset($redir)) {
echo '<p id="redir">We have automatically choosen the "' . $valid_langs[$lang] . '" language for you. <a href="/?langchooser">Click here to change</a>.</p>';
}
/*************** LANGUAGE CHOOSER ***************/
} else {
require "./local/en.inc";
common_header();
echo "<p>Choose a language, please:</p>\n" . "<form method=\"get\" action=\"index.php\">\n" . "<p><select name=\"lang\">\n";
/**
* @access private
* @return boolean
*/
function outputAddRewirteSID()
{
global $_conf;
$session_name = session_name();
$r = true;
if (!ini_get('session.use_trans_sid') and session_id() && !isset($_COOKIE[$session_name]) || !empty($_conf['disable_cookie'])) {
$r = output_add_rewrite_var($session_name, session_id());
}
return $r;
}
<?php
ini_set('session.use_only_cookies', true);
session_start();
$salt = 'YourSpecialValueHere';
$tokenstr = strval(date('W')) . $salt;
$token = md5($tokenstr);
if (!isset($_REQUEST['token']) || $_REQUEST['token'] != $token) {
// prompt for login
exit;
}
$_SESSION['token'] = $token;
output_add_rewrite_var('token', $token);
/**
* This function adds another name/value pair to the URL rewrite mechanism.
*
* The name and value will be added to URLs (as GET parameter) and forms (as hidden input fields) the same way as
* the session ID when transparent URL rewriting is enabled with session.use_trans_sid.
*
* @param string $name
* @param mixed $value Any scalar value or array.
*/
public static function addUrlRewriteVar($name, $value)
{
if (func_num_args() < 3) {
self::$rewriteVars[$name] = $value;
$name = urlencode($name);
if (isset(self::$rewriteVars[$name]) && !is_scalar(self::$rewriteVars[$name])) {
$value = self::$rewriteVars[$name];
$cmd = 'clear';
} else {
$cmd = 'set';
}
} else {
$cmd = func_get_arg(2);
}
if (is_array($value)) {
foreach ($value as $k => $v) {
self::addUrlRewriteVar($name . '[' . urlencode($k) . ']', $cmd == 'clear' ? null : $v, $cmd);
}
} else {
output_add_rewrite_var($name, $cmd == 'clear' ? null : $value);
}
}
<?php
//incsess.php designed to handle elegantly the nuances of php sessions
if (isset($_COOKIE["quartzpos"]) && isset($userid)) {
$_SESSION['till'] = $_COOKIE["quartzpos"];
setcookie("quartzpos", $_SESSION['till'], time() + 5184000);
//FB::log($_SESSION,"LOGIN php, set cookie, Session=");
$date = date('YmdHis');
$_SESSION['id'] = $date . '-' . $userid . '-' . $_SESSION['till'];
//FB::log($_SESSION['id'],"INCSESS php Session id=");
if (version_compare(phpversion(), '4.3.0') >= 0) {
if (!isset($_REQUEST['SESSION_NAME'])) {
$_REQUEST['SESSION_NAME'] = '';
}
if (!ereg('^SESS[0-9]+$', $_REQUEST['SESSION_NAME'])) {
$_REQUEST['SESSION_NAME'] = $_SESSION['id'];
}
output_add_rewrite_var('SESSION_NAME', $_REQUEST['SESSION_NAME']);
session_name($_REQUEST['SESSION_NAME']);
//FB::log($_REQUEST,"INCSESS php sets request=");
}
}
<?php
/**
* rep2expack - 簡易RSSリーダ(記事一覧)
*/
// {{{ p2基本設定読み込み&認証
require_once './conf/conf.inc.php';
require_once P2EX_LIB_DIR . '/rss/parser.inc.php';
$_login->authorize();
// }}}
if ($_conf['view_forced_by_query']) {
output_add_rewrite_var('b', $_conf['b']);
}
//============================================================
// 変数の初期化
//============================================================
$channel = array();
$items = array();
$num = trim($_REQUEST['num']);
$xml = trim($_REQUEST['xml']);
$atom = empty($_REQUEST['atom']) ? 0 : 1;
$site_en = trim($_REQUEST['site_en']);
$xml_en = rawurlencode($xml);
$xml_ht = htmlspecialchars($xml, ENT_QUOTES, 'Shift_JIS', false);
//============================================================
// RSS読み込み
//============================================================
if ($xml) {
$rss = p2GetRSS($xml, $atom);
if ($rss instanceof XML_RSS) {
clearstatcache();
/**
* セッション初期処理を行う。
*
* @return void
*/
function initSession()
{
// セッションIDの受け渡しにクッキーを使用しない。
ini_set('session.use_cookies', '0');
ini_set('session.use_trans_sid', '1');
ini_set('session.use_only_cookies', '0');
// パラメーターから有効なセッションIDを取得する。
$sessionId = $this->getSessionId();
if (!$sessionId) {
session_start();
}
/*
* PHP4 では session.use_trans_sid が PHP_INI_PREDIR なので
* ini_set() で設定できない
*/
if (!ini_get('session.use_trans_sid')) {
output_add_rewrite_var(session_name(), session_id());
}
// セッションIDまたはセッションデータが無効な場合は、セッションIDを再生成
// し、セッションデータを初期化する。
if ($sessionId === false || !$this->validateSession()) {
session_regenerate_id(true);
// セッションデータの初期化
$this->state->inisializeSessionData();
// 新しいセッションIDを付加してリダイレクトする。
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
// GET の場合は同じページにリダイレクトする。
$objMobile = new SC_Helper_Mobile_Ex();
header('Location: ' . $objMobile->gfAddSessionId());
} else {
// GET 以外の場合はトップページへリダイレクトする。
header('Location: ' . TOP_URLPATH . '?' . SID);
}
exit;
}
// 有効期限を更新する.
$this->state->updateExpire();
}
