/**
* session_start() creates a session or resumes the current one based on the current session id
* that's being passed via a cookie.
*
* If you want to use a named session, you must call session_name() before calling session_start().
*
* session_start() will register internal output handler for URL rewriting when trans-sid is enabled.
* If a user uses ob_gzhandler or like with ob_start(), the order of output handler is important for proper output.
* For example, user must register ob_gzhandler before session start.
*
* @param boolean $noNewSession False: Create new session if none there, True: Do not create new session
* @return boolean True: ok, False: already started
*/
public function session_start($noNewSession = false)
{
if ($this->_session_var !== null) {
// session already started:
return false;
}
if ($this->_mode == 'cookie') {
$cookie = CBCookie::getcookie($this->_cookie_name, null);
if ($cookie !== null) {
// session existing in browser:
$session_id = substr($cookie, 0, 32);
} else {
$session_id = null;
}
} elseif ($this->_mode == 'sessionid') {
$session_id = substr($this->_session_id, 0, 32);
} else {
return false;
}
if ($session_id) {
$session_data = $this->read($session_id);
if ($session_data) {
// session found in database:
$session_var = unserialize($session_data);
if ($session_var !== false && $this->_validateSession($session_id, $session_data)) {
// valid session has been retrieved:
$this->_session_id = $session_id;
$this->_session_var = $session_var;
return true;
}
}
}
if ($noNewSession) {
return false;
}
// no valid session has been found: create a new one:
$this->_session_id = $this->generateRandSessionid(32);
$this->_session_var = array('cbsessions.verify' => $this->generateRandSessionid(32));
$this->_validateSession();
// set the session
if ($this->_mode == 'cookie') {
$this->_sendSessionCookies();
}
return true;
}
/**
* Checks messaging anti-spam
*
* @param boolean $autoBack TRUE: returns code 403 and attempts a "back" in browser with Javascript, FALSE: Returns error text
* @param boolean $allowPublic TRUE: Also checks for guests, FALSE: Only for registered and logged-in users
* @return null|string NULL: Ok, String: translated error text
*/
function cbAntiSpamCheck($autoBack = true, $allowPublic = false)
{
global $_POST;
$validateValuePost = cbGetParam($_POST, 'cbvssps', '');
cbimport('cb.session');
$validateValueCookie = CBCookie::getcookie('cbvs');
$parts0 = explode('_', $validateValuePost);
$parts1 = explode('_', $validateValueCookie);
$match = false;
if (count($parts0) == 3 && count($parts1) == 3) {
$validate = cbGetAntiSpams($parts0[2], $parts1[2], $allowPublic);
$match = $validateValuePost === $validate[0] || $validateValueCookie === $validate[1];
}
if (!$match) {
if ($autoBack) {
_cbExpiredSessionJSterminate();
} else {
return CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . ' ' . CBTxt::Th('UE_PLEASE_REFRESH', 'Please refresh/reload page before filling-in.');
}
}
return null;
}
function cbAntiSpamCheck($autoBack = true)
{
global $_POST;
$validateValuePost = cbGetParam($_POST, 'cbvssps', '');
cbimport('cb.session');
$validateValueCookie = CBCookie::getcookie('cbvs');
$parts0 = explode('_', $validateValuePost);
$parts1 = explode('_', $validateValueCookie);
if (count($parts0) == 3 && count($parts1) == 3) {
$validate = cbGetAntiSpams($parts0[2], $parts1[2]);
}
if (count($parts0) != 3 || count($parts1) != 3 || $validateValuePost !== $validate[0] || $validateValueCookie !== $validate[1]) {
if ($autoBack) {
_cbExpiredSessionJSterminate();
} else {
return _UE_SESSION_EXPIRED . ' ' . _UE_PLEASE_REFRESH;
}
}
return null;
}
/**
* Gets a cleaned value from a PHP global
*
* @param string $arn
* @param string $name
* @param mixed $def
* @return mixed
*/
protected static function _globalConv($arn, $name, $def = null)
{
switch ($arn) {
case 'request':
global $_REQUEST;
$value = cbGetParam($_REQUEST, $name, $def);
break;
case 'get':
global $_GET;
$value = cbGetParam($_GET, $name, $def);
break;
case 'post':
global $_POST;
$value = cbGetParam($_POST, $name, $def);
break;
case 'cookie':
global $_COOKIE;
$value = cbGetParam($_COOKIE, $name, $def);
break;
case 'cbcookie':
cbimport('cb.session');
$value = CBCookie::getcookie($name, $def);
break;
case 'session':
global $_SESSION;
$value = cbGetParam($_SESSION, $name, $def);
break;
case 'server':
global $_SERVER;
$value = cbGetParam($_SERVER, $name, $def);
break;
case 'env':
global $_ENV;
$value = cbGetParam($_ENV, $name, $def);
break;
default:
trigger_error(sprintf('SQLXML::globalconv error: unknown type %s for %s.', $arn, $name), E_USER_NOTICE);
$value = null;
break;
}
return stripslashes($value);
}
