function &getCurrent() { static $currentSession; if (!is_object($currentSession)) { $currentSession = new mosSession(); mosSession::purge(); $sessionCookieName = md5('site' . mamboCore::get('mosConfig_live_site')); $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null); $usercookie = mosGetParam($_COOKIE, 'usercookie', null); if ($currentSession->load(md5($sessioncookie . $_SERVER['REMOTE_ADDR']))) { // Session cookie exists, update time in session table $currentSession->time = time(); $currentSession->update(); } else { $currentSession->generateId(); if (!$currentSession->insert()) { die($currentSession->getError()); } setcookie($sessionCookieName, $currentSession->getCookie(), time() + 43200, '/'); //$_COOKIE["sessioncookie"] = $session->getCookie(); if ($usercookie) { // Remember me cookie exists. Login with usercookie info. require_once mamboCore::get('mosConfig_absolute_path') . '/includes/authenticator.php'; $authenticator =& mamboAuthenticator::getInstance(); $authenticator->authenticateUser($message, $usercookie['username'], $usercookie['password'], null, $currentSession); } } } return $currentSession; }
/** * Initialises the user session * * Old sessions are flushed based on the configuration value for the cookie * lifetime. If an existing session, then the last access time is updated. * If a new session, a session id is generated and a record is created in * the jos_sessions table. */ function initSession() { // initailize session variables $session =& $this->_session; $session = new mosSession($this->_db); // purge expired sessions $session->purge('core'); // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = strval(mosGetParam($_COOKIE, $sessionCookieName, null)); // Session ID / `value` $sessionValueCheck = mosMainFrame::sessionCookieValue($sessioncookie); // Check if existing session exists in db corresponding to Session cookie `value` // extra check added in 1.0.8 to test sessioncookie value is of correct length if ($sessioncookie && strlen($sessioncookie) == 32 && $sessioncookie != '-' && $session->load($sessionValueCheck)) { // update time in session table $session->time = time(); $session->update(); } else { // Remember Me Cookie `name` $remCookieName = mosMainFrame::remCookieName_User(); // test if cookie found $cookie_found = false; if (isset($_COOKIE[$sessionCookieName]) || isset($_COOKIE[$remCookieName]) || isset($_POST['force_session'])) { $cookie_found = true; } // check if neither remembermecookie or sessioncookie found if (!$cookie_found) { // create sessioncookie and set it to a test value set to expire on session end setcookie($sessionCookieName, '-', false, '/'); } else { // otherwise, sessioncookie was found, but set to test val or the session expired, prepare for session registration and register the session $url = strval(mosGetParam($_SERVER, 'REQUEST_URI', null)); // stop sessions being created for requests to syndicated feeds if (strpos($url, 'option=com_rss') === false && strpos($url, 'feed=') === false) { $session->guest = 1; $session->username = ''; $session->time = time(); $session->gid = 0; // Generate Session Cookie `value` $session->generateId(); if (!$session->insert()) { die($session->getError()); } // create Session Tracking Cookie set to expire on session end setcookie($sessionCookieName, $session->getCookie(), false, '/'); } } // Cookie used by Remember me functionality $remCookieValue = strval(mosGetParam($_COOKIE, $remCookieName, null)); // test if cookie is correct length if (strlen($remCookieValue) > 64) { // Separate Values from Remember Me Cookie $remUser = substr($remCookieValue, 0, 32); $remPass = substr($remCookieValue, 32, 32); $remID = intval(substr($remCookieValue, 64)); // check if Remember me cookie exists. Login with usercookie info. if (strlen($remUser) == 32 && strlen($remPass) == 32) { $this->login($remUser, $remPass, 1, $remID); } } } }