function ldSetCredentials($login, $ARUserDir = "/system/users/")
{
global $ARCurrent, $AR, $LD_NO_SESSION_SUPPORT;
if ($LD_NO_SESSION_SUPPORT) {
debug("ldSetCredentials({$login}): no session support");
return;
}
if (!$ARUserDir || $ARUserDir == "") {
$ARUserDir = "/system/users/";
}
// Make sure the login is lower case. Because of the
// numerous checks on "admin".
$login = strtolower($login);
debug("ldSetCredentials({$login})", "object");
if (!$ARCurrent->session) {
ldStartSession();
} else {
/* use the same sessionid if the user didn't login before */
ldStartSession($ARCurrent->session->id);
}
$ARCurrent->session->put("ARLogin", $login);
$ARCurrent->session->put("ARUserDir", $ARUserDir, true);
/* create the session key */
$session_key = bin2hex(random_bytes(16));
$ARCurrent->session->put("ARSessionKey", $session_key, true);
$ARCurrent->session->put("ARSessionTimedout", 0, 1);
/* now save our session */
$ARCurrent->session->save();
$cookies = (array) $_COOKIE["ARSessionCookie"];
foreach ($cookies as $sessionid => $cookie) {
if (!$AR->hideSessionIDfromURL) {
if (!$ARCurrent->session->sessionstore->exists("/{$sessionid}/")) {
$data = ldDecodeCookie($cookie);
if (is_array($data)) {
// don't just kill it, it may be from another ariadne installation
if ($data['timestamp'] < time() - 86400) {
// but do kill it if it's older than one day
unset($cookie[$sessionid]);
setcookie("ARSessionCookie[" . $sessionid . "]", null);
}
}
}
} else {
// only 1 cookie allowed, unset all cookies
if ($sessionid != $ARCurrent->session->id) {
setcookie("ARSessionCookie[" . $sessionid . "]", null);
}
}
}
$data = array();
$data['login'] = $login;
$data['timestamp'] = time();
$data['check'] = ldGenerateSessionKeyCheck();
$cookie = ldEncodeCookie($data);
$cookiename = "ARSessionCookie[" . $ARCurrent->session->id . "]";
debug("setting cookie ()({$cookie})");
header('P3P: CP="NOI CUR OUR"');
$https = $_SERVER['HTTPS'] == 'on';
setcookie($cookiename, $cookie, 0, '/', false, $https, true);
}
function ldSetSession($session = '')
{
global $AR, $ARCurrent;
$nls = $ARCurrent->nls;
if ($AR->hideSessionIDfromURL) {
$cookies = (array) ldGetCredentials();
$https = $_SERVER['HTTPS'] == 'on';
if (!isset($cookies[$ARCurrent->session->id]) && $ARCurrent->session->id !== 0) {
$data = array();
$data['timestamp'] = time();
$cookie = ldEncodeCookie($data);
$cookiename = "ARSessionCookie[" . $ARCurrent->session->id . "]";
debug("setting cookie (" . $ARCurrent->session->id . ")(" . $cookie . ")");
header('P3P: CP="NOI CUR OUR"');
setcookie('ARCurrentSession', $ARCurrent->session->id, 0, '/', false, $https, true);
setcookie($cookiename, $cookie, 0, '/', false, $https, true);
}
}
ldSetRoot($session, $nls);
}
