/** * Initialise session */ function pnSessionInit() { global $HTTP_SERVER_VARS; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // First thing we do is ensure that there is no attempted pollution // of the session namespace //--pennfirm /* foreach($GLOBALS as $k=>$v) { if (preg_match('/^PNSV/', $k)) { return false; } } */ // Kick it if (!session_id) { session_start(); } // Have to re-write the cache control header to remove no-save, this // allows downloading of files to disk for application handlers // adam_baum - no-cache was stopping modules (andromeda) from caching the playlists, et al. // any strange behaviour encountered, revert to commented out code. //Header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0'); Header('Cache-Control: cache'); $sessid = session_id(); // Get (actual) client IP addr $ipaddr = $HTTP_SERVER_VARS['REMOTE_ADDR']; if (empty($ipaddr)) { $ipaddr = getenv('REMOTE_ADDR'); } if (!empty($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) { $ipaddr = $HTTP_SERVER_VARS['HTTP_CLIENT_IP']; } $tmpipaddr = getenv('HTTP_CLIENT_IP'); if (!empty($tmpipaddr)) { $ipaddr = $tmpipaddr; } if (!empty($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) { $ipaddr = preg_replace('/,.*/', '', $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']); } $tmpipaddr = getenv('HTTP_X_FORWARDED_FOR'); if (!empty($tmpipaddr)) { $ipaddr = preg_replace('/,.*/', '', $tmpipaddr); } $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $query = "SELECT {$sessioninfocolumn['ipaddr']}\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'"; $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return false; } if (!$result->EOF) { // jgm - this has been commented out so that the nice AOL people // can view PN pages, will examine full implications of this // later // list($dbipaddr) = $result->fields; $result->Close(); // if ($ipaddr == $dbipaddr) { pnSessionCurrent($sessid); // } else { // // Mismatch - destroy the session // session_destroy(); // pnRedirect('index.php'); // return false; // } } else { pnSessionNew($sessid, $ipaddr); // Generate a random number, used for // some authentication srand((double) microtime() * 1000000); pnSessionSetVar('rand', rand()); } return true; }
/** Initialise session. * @return bool */ function pnSessionInit() { global $HTTP_SERVER_VARS; // Fetch database aliases list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // First thing we do is ensure that there is no attempted pollution // of the session namespace foreach ($GLOBALS as $k => $v) { if (preg_match('/^PNSV/', $k)) { return false; } } // Kick it session_start(); // Have to re-write the cache control header to remove no-save, this // allows downloading of files to disk for application handlers // adam_baum - no-cache was stopping modules (andromeda) from caching the playlists, et al. // any strange behaviour encountered, revert to commented out code. //Header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0'); Header('Cache-Control: cache'); // Get session id $sessid = session_id(); // Get (actual) client IP addr $ipaddr = $HTTP_SERVER_VARS['REMOTE_ADDR']; if (empty($ipaddr)) { $ipaddr = getenv('REMOTE_ADDR'); } if (!empty($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) { $ipaddr = $HTTP_SERVER_VARS['HTTP_CLIENT_IP']; } $tmpipaddr = getenv('HTTP_CLIENT_IP'); if (!empty($tmpipaddr)) { $ipaddr = $tmpipaddr; } if (!empty($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) { $ipaddr = preg_replace('/,.*/', '', $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']); } $tmpipaddr = getenv('HTTP_X_FORWARDED_FOR'); if (!empty($tmpipaddr)) { $ipaddr = preg_replace('/,.*/', '', $tmpipaddr); } // END IP addr retrieval // Table columns used to store session data in database $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; // Find out if session already exists $query = "SELECT {$sessioninfocolumn['ipaddr']}\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'"; $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return false; } // Die on any error except "no results" // Session already exists, we define it as current if (!$result->EOF) { $result->Close(); pnSessionCurrent($sessid); } else { pnSessionNew($sessid, $ipaddr); // Generate a random number, used for // some authentication srand((double) microtime() * 1000000); pnSessionSetVar('rand', rand()); } return true; }