function start_session($conn)
{
//DEBUG
//END DEBUG
$userAgent = $_SERVER['HTTP_USER_AGENT'];
$time = time();
if (!isset($_COOKIE['token'])) {
$workerId = $_GET['workerId'];
$assignmentId = $_GET['assignmentId'];
$timeExpire = $time + 3600;
$turkSubmitTo = $_GET['turkSubmitTo'];
$token = create_token($workerId, $userAgent, $time);
set_app_cookies($token, $workerId, $turkSubmitTo, $timeExpire);
store_session($conn, $assignmentId, $workerId, $timeExpire, $time, $userAgent, $token);
} else {
$truth = validate_session($conn, $_COOKIE['token'], $_COOKIE['workerId'], $userAgent);
if (!$truth) {
//GOTO FAIL
echo 'failed';
header('Location: /gotofail.html');
}
}
}
<?php
/*************************************************************************
** Bronto T-Reqs E-mail Approval Interface
** Purpose: Main entry point for the approval request interface
** Organization: New York State Senate
** Author: Ken Zalewski
** Last revision: 2010-07-06
*************************************************************************/
require_once 'include/common.inc.php';
require_once 'include/request_forms.php';
set_app_cookies();
// must set the Cookie headers prior to any output
require_once 'include/header.php';
$post_vars = array("stage", "username", "password", "sitename", "siteid", "iscc", "ccemail", "sessionid", "accountid", "msgid", "listids", "segids", "year", "month", "day", "district", "fromaddr", "fromname", "replyaddr", "firstname", "lastname", "email", "phone", "notes", "initials");
foreach ($post_vars as $post_var) {
$post_var = "fm_" . $post_var;
${$post_var} = isset($_POST[$post_var]) ? $_POST[$post_var] : null;
}
// Use the Bronto SessionID to establish a binding to the active session.
if ($fm_sessionid) {
$bapi = connect_bronto_session($fm_sessionid);
if (!is_session_active($bapi)) {
display_errorbox("Your " . APP_NAME . " session has expired; please log in again");
$fm_stage = "start";
}
} else {
$bapi = null;
}
// make sure that both listids and segids are arrays
if (!is_array($fm_listids)) {
