/**
* Checks for a valid session
*
* Runs a few checks to make sure the same user agent and IP are used in
* addition to the check for a token and timeout. Any failure results in a
* full-on self-destruct for the session.
*
* @return boolean Whether or not a valid session is present
*/
public static function check_session()
{
// If we've already checked this and it's valid, just return TRUE
if (self::$valid_session === TRUE) {
return TRUE;
}
FB::log($_SESSION, "Session Data");
FB::log(time(), "Current Time");
// Create a token if one doesn't exist or has timed out
if (!isset($_SESSION['ecms']) || $_SESSION['ecms']['ttl'] <= time()) {
// Regenerate the session to avoid any unwanted shenanigans
self::destroy_session();
self::create_session();
// Log data for debugging
FB::log("Session doesn't exist or expired. New session created.");
FB::log($_SESSION, "New Session");
return FALSE;
} else {
if ($_SESSION['ecms']['user-agent'] !== $_SERVER['HTTP_USER_AGENT'] || $_SESSION['ecms']['address'] !== $_SERVER['REMOTE_ADDR']) {
// Log data for debugging
FB::log("User agent or remote address is mismatched.");
// Regenerate the session to avoid any unwanted shenanigans
self::destroy_session();
self::create_session();
return FALSE;
} else {
if (is_array($_SESSION['ecms'])) {
$_SESSION['ecms']['ttl'] = time() + 600;
// 10 minutes from now
self::$valid_session = TRUE;
return TRUE;
} else {
// Log data for debugging
FB::log("No conditions met. Something is odd.");
// Regenerate the session to avoid any unwanted shenanigans
self::destroy_session();
self::create_session();
return FALSE;
}
}
}
}
