/**
* session_check_session_cookie() - Check that session cookie passed from user is ok
*
* @param string Value of the session cookie
* @return user_id if cookie is ok, false otherwise
*/
function session_check_session_cookie($session_cookie)
{
list($session_serial, $hash) = explode('-*-', $session_cookie);
$session_serial = base64_decode($session_serial);
$new_hash = md5($session_serial . $GLOBALS['sys_session_key']);
if ($hash != $new_hash) {
return false;
}
list($user_id, $time, $ip, $user_agent) = explode('-*-', $session_serial, 4);
if (!session_check_ip($ip, getStringFromServer('REMOTE_ADDR'))) {
return false;
}
if (trim($user_agent) != getStringFromServer('HTTP_USER_AGENT')) {
return false;
}
if ($GLOBALS['sys_session_expire'] > 0 && $time - time() >= $GLOBALS['sys_session_expire']) {
return false;
}
return $user_id;
}
/**
* session_check_session_cookie() - Check that session cookie passed from user is ok
*
* @param string Value of the session cookie
* @return user_id if cookie is ok, false otherwise
*/
function session_check_session_cookie($session_cookie)
{
list($encrypted_session_serial, $hash) = explode('-', $session_cookie);
$encrypted_session_serial = base64_decode($encrypted_session_serial);
$new_hash = md5($encrypted_session_serial . $GLOBALS['sys_session_key']);
if ($hash != $new_hash) {
return false;
}
$td = mcrypt_module_open($GLOBALS['sys_session_cypher'], "", $GLOBALS['sys_session_cyphermode'], "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $GLOBALS['sys_session_key'], $iv);
$session_serial = mdecrypt_generic($td, $encrypted_session_serial);
mcrypt_generic_end($td);
list($user_id, $time, $ip, $user_agent) = explode('-', $session_serial, 4);
if (!session_check_ip($ip, $GLOBALS['REMOTE_ADDR'])) {
return false;
}
if (trim($user_agent) != $GLOBALS['HTTP_USER_AGENT']) {
return false;
}
if ($time - time() >= $GLOBALS['sys_session_expire']) {
return false;
}
return $user_id;
}
