/** * session_start() creates a session or resumes the current one based on the current session id * that's being passed via a cookie. * * If you want to use a named session, you must call session_name() before calling session_start(). * * session_start() will register internal output handler for URL rewriting when trans-sid is enabled. * If a user uses ob_gzhandler or like with ob_start(), the order of output handler is important for proper output. * For example, user must register ob_gzhandler before session start. * * @param boolean $noNewSession False: Create new session if none there, True: Do not create new session * @return boolean True: ok, False: already started */ public function session_start($noNewSession = false) { if ($this->_session_var !== null) { // session already started: return false; } if ($this->_mode == 'cookie') { $cookie = CBCookie::getcookie($this->_cookie_name, null); if ($cookie !== null) { // session existing in browser: $session_id = substr($cookie, 0, 32); } else { $session_id = null; } } elseif ($this->_mode == 'sessionid') { $session_id = substr($this->_session_id, 0, 32); } else { return false; } if ($session_id) { $session_data = $this->read($session_id); if ($session_data) { // session found in database: $session_var = unserialize($session_data); if ($session_var !== false && $this->_validateSession($session_id, $session_data)) { // valid session has been retrieved: $this->_session_id = $session_id; $this->_session_var = $session_var; return true; } } } if ($noNewSession) { return false; } // no valid session has been found: create a new one: $this->_session_id = $this->generateRandSessionid(32); $this->_session_var = array('cbsessions.verify' => $this->generateRandSessionid(32)); $this->_validateSession(); // set the session if ($this->_mode == 'cookie') { $this->_sendSessionCookies(); } return true; }
/** * Checks messaging anti-spam * * @param boolean $autoBack TRUE: returns code 403 and attempts a "back" in browser with Javascript, FALSE: Returns error text * @param boolean $allowPublic TRUE: Also checks for guests, FALSE: Only for registered and logged-in users * @return null|string NULL: Ok, String: translated error text */ function cbAntiSpamCheck($autoBack = true, $allowPublic = false) { global $_POST; $validateValuePost = cbGetParam($_POST, 'cbvssps', ''); cbimport('cb.session'); $validateValueCookie = CBCookie::getcookie('cbvs'); $parts0 = explode('_', $validateValuePost); $parts1 = explode('_', $validateValueCookie); $match = false; if (count($parts0) == 3 && count($parts1) == 3) { $validate = cbGetAntiSpams($parts0[2], $parts1[2], $allowPublic); $match = $validateValuePost === $validate[0] || $validateValueCookie === $validate[1]; } if (!$match) { if ($autoBack) { _cbExpiredSessionJSterminate(); } else { return CBTxt::Th('UE_SESSION_EXPIRED', 'Session expired or cookies are not enabled in your browser. Please press "reload page" in your browser, and enable cookies in your browser.') . ' ' . CBTxt::Th('UE_PLEASE_REFRESH', 'Please refresh/reload page before filling-in.'); } } return null; }
function cbAntiSpamCheck($autoBack = true) { global $_POST; $validateValuePost = cbGetParam($_POST, 'cbvssps', ''); cbimport('cb.session'); $validateValueCookie = CBCookie::getcookie('cbvs'); $parts0 = explode('_', $validateValuePost); $parts1 = explode('_', $validateValueCookie); if (count($parts0) == 3 && count($parts1) == 3) { $validate = cbGetAntiSpams($parts0[2], $parts1[2]); } if (count($parts0) != 3 || count($parts1) != 3 || $validateValuePost !== $validate[0] || $validateValueCookie !== $validate[1]) { if ($autoBack) { _cbExpiredSessionJSterminate(); } else { return _UE_SESSION_EXPIRED . ' ' . _UE_PLEASE_REFRESH; } } return null; }
/** * Gets a cleaned value from a PHP global * * @param string $arn * @param string $name * @param mixed $def * @return mixed */ protected static function _globalConv($arn, $name, $def = null) { switch ($arn) { case 'request': global $_REQUEST; $value = cbGetParam($_REQUEST, $name, $def); break; case 'get': global $_GET; $value = cbGetParam($_GET, $name, $def); break; case 'post': global $_POST; $value = cbGetParam($_POST, $name, $def); break; case 'cookie': global $_COOKIE; $value = cbGetParam($_COOKIE, $name, $def); break; case 'cbcookie': cbimport('cb.session'); $value = CBCookie::getcookie($name, $def); break; case 'session': global $_SESSION; $value = cbGetParam($_SESSION, $name, $def); break; case 'server': global $_SERVER; $value = cbGetParam($_SERVER, $name, $def); break; case 'env': global $_ENV; $value = cbGetParam($_ENV, $name, $def); break; default: trigger_error(sprintf('SQLXML::globalconv error: unknown type %s for %s.', $arn, $name), E_USER_NOTICE); $value = null; break; } return stripslashes($value); }