} /** * Delete a session variable. * @param string Session variable name */ function session_delete( $p_name ) { global $g_session; $g_session->delete( $p_name ); } /** * Destroy the session entirely. */ function session_clean() { global $g_session; $g_session->destroy(); } # Initialize the session if ( PHP_CGI == php_mode() ) { $t_session_id = gpc_get_string( 'session_id', '' ); if ( empty( $t_session_id ) ) { session_init(); } else { session_init( $t_session_id ); } }
/** * Purge form security tokens that are older than 3 days, or used * for form validation. * @param string Form name */ function form_security_purge($p_form_name) { if (PHP_CLI == php_mode() || OFF == config_get_global('form_security_validation')) { return; } $t_tokens = session_get('form_security_tokens', array()); # Short-circuit if we don't have any tokens for the given form name if (!isset($t_tokens[$p_form_name]) || !is_array($t_tokens[$p_form_name]) || count($t_tokens[$p_form_name]) < 1) { return; } # Get the form input $t_form_token = $p_form_name . '_token'; $t_input = gpc_get_string($t_form_token, ''); # Get the date claimed by the token $t_date = utf8_substr($t_input, 0, 8); # Generate a date string of three days ago $t_purge_date = date('Ymd', time() - 3 * 24 * 60 * 60); # Purge old token data, and the currently-used token unset($t_tokens[$p_form_name][$t_date][$t_input]); foreach ($t_tokens as $t_form_name => $t_dates) { foreach ($t_dates as $t_date => $t_date_tokens) { if ($t_date < $t_purge_date) { unset($t_tokens[$t_form_name][$t_date]); } } } session_set('form_security_tokens', $t_tokens); return; }