/** * session_check_session_cookie() - Check that session cookie passed from user is ok * * @param string Value of the session cookie * @return user_id if cookie is ok, false otherwise */ function session_check_session_cookie($session_cookie) { list($session_serial, $hash) = explode('-*-', $session_cookie); $session_serial = base64_decode($session_serial); $new_hash = md5($session_serial . $GLOBALS['sys_session_key']); if ($hash != $new_hash) { return false; } list($user_id, $time, $ip, $user_agent) = explode('-*-', $session_serial, 4); if (!session_check_ip($ip, getStringFromServer('REMOTE_ADDR'))) { return false; } if (trim($user_agent) != getStringFromServer('HTTP_USER_AGENT')) { return false; } if ($GLOBALS['sys_session_expire'] > 0 && $time - time() >= $GLOBALS['sys_session_expire']) { return false; } return $user_id; }
/** * session_check_session_cookie() - Check that session cookie passed from user is ok * * @param string Value of the session cookie * @return user_id if cookie is ok, false otherwise */ function session_check_session_cookie($session_cookie) { list($encrypted_session_serial, $hash) = explode('-', $session_cookie); $encrypted_session_serial = base64_decode($encrypted_session_serial); $new_hash = md5($encrypted_session_serial . $GLOBALS['sys_session_key']); if ($hash != $new_hash) { return false; } $td = mcrypt_module_open($GLOBALS['sys_session_cypher'], "", $GLOBALS['sys_session_cyphermode'], ""); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); mcrypt_generic_init($td, $GLOBALS['sys_session_key'], $iv); $session_serial = mdecrypt_generic($td, $encrypted_session_serial); mcrypt_generic_end($td); list($user_id, $time, $ip, $user_agent) = explode('-', $session_serial, 4); if (!session_check_ip($ip, $GLOBALS['REMOTE_ADDR'])) { return false; } if (trim($user_agent) != $GLOBALS['HTTP_USER_AGENT']) { return false; } if ($time - time() >= $GLOBALS['sys_session_expire']) { return false; } return $user_id; }