/**
* This function starts, validates and secures a session.
*
* @param string $name The name of the session.
* @param int $limit Expiration date of the session cookie, 0 for session only
* @param string $path Used to restrict where the browser sends the cookie
* @param string $domain Used to allow subdomains access to the cookie
* @param bool $secure If true the browser only sends the cookie over https
*/
static function sesStart($name = 'echelon', $limit = 0, $path = '/', $domain = null, $secure = null)
{
// Set the cookie name
session_name($name . '_session_' . SES_SALT);
// Set SSL level
$https = isset($secure) ? $secure : detectSSL();
// Set session cookie options
// httpOnly is set to true // this can help prevent identiy theft with XSS hacks
session_set_cookie_params($limit, $path, $domain, $https, true);
session_start();
// Make sure the session hasn't expired, and destroy it if it has
if (self::validateSession()) {
// Check to see if the session is new or a hijacking attempt
if (!self::preventHijacking()) {
// Reset session data and regenerate id
$_SESSION['finger'] = self::getFinger();
self::regenerateSession();
// Give a 20% chance of the session id changing on any request
} elseif (mt_rand(1, 100) <= 20) {
self::regenerateSession();
}
} else {
// logout and send to home page
self::logout();
sendHome();
}
}
function sendMail($receipient, $fileName, $conf, $lang)
{
// *************************************************
// function sendMail
// Parameters:
// $receipient: e-mail adress of receipient
// $fileName: name of file to send the link of
// $conf: the general configuration of SiFiEx
// $lang: to be used language
// Return value: TRUE if mail was send, otherwise FALSE
//
// Sends an e-mail to the named e-mail-adress to notify
// someone of a file on the SiFiEx-server
// *************************************************
$header = "";
$header .= "From: " . $conf['mailSenderName'] . " <" . $conf['mailSenderEmail'] . ">\r\n";
ini_set("sendmail_from", $conf['mailSenderEmail']);
$body = "";
$body .= $lang['mailStart'] . " ";
$pathFull = explode("/", $_SERVER['PHP_SELF']);
array_pop($pathFull);
$pathToScript = implode("/", $pathFull);
$body .= detectSSL() . "://" . $_SERVER['HTTP_HOST'] . $pathToScript . $fileName . "\n\n";
if ($conf['mailInfoPassword']) {
$body .= $lang['mailPassword'] . "\n\n";
}
$body .= "\n\n" . $lang['mailEnd'];
if (!mail($receipient, $lang['mailSubject'], $body, $header)) {
showNotification("Mail send error", $config['appName'], $lang['mailError'], $iconPath);
writeWarning($lang['mailError']);
return FALSE;
} else {
showNotification("Mail has been sent", $config['appName'], $lang['mailSuccess'] . $receipient, $iconPath);
writeSuccess($lang['mailSuccess'] . $receipient);
return TRUE;
}
if ($conf['debug']) {
echo "<pre>" . $header . "\n\n" . $body . "</pre>\n";
}
}
/**
* Get the URL Collabtive is running on
*/
function getMyUrl()
{
if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) {
$requri = $_SERVER['REQUEST_URI'];
} else {
// assume IIS
$requri = $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
$requri .= '?' . $_SERVER['QUERY_STRING'];
}
}
$host = $_SERVER['HTTP_HOST'];
$pos1 = strrpos($requri, "/");
$requri = substr($requri, 0, $pos1 + 1);
if (detectSSL()) {
$host = "https://" . $host;
} else {
$host = "http://" . $host;
}
$url = $host . $requri;
return $url;
}
// load the config file
if (INSTALLED != 'yes') {
// if echelon is not install (a constant is added to the end of the config during install) then die and tell the user to go install Echelon
die('You still need to install Echelon. <a href="install/index.php">Install</a>');
}
require_once 'inc/functions.php';
// require all the basic functions used in this site
require 'classes/dbl-class.php';
// class to preform all DB related actions
$dbl = DBL::getInstance();
// start connection to the local Echelon DB
require 'inc/setup.php';
// class to preform all DB related actions
## If SSL required die if not an ssl connection ##
if ($https_enabled == 1) {
if (!detectSSL() && !isError()) {
// if this is not an SSL secured page and this is not the error page
sendError('ssl');
exit;
}
}
require 'classes/session-class.php';
// class to deal with the management of sesssions
require 'classes/members-class.php';
// class to preform all B3 DB related actions
## fire up the Sessions ##
$ses = new Session();
// create Session instance
$ses->sesStart('echelon', 0, PATH);
// start session (name 'echelon', 0 => session cookie, path is echelon path so no access allowed oustide echelon path is allowed)
## create istance of the members class ##
/**
* Gets a users gravatar from gravatar.com
*
* @param string $email - email address of the current user
* @return string
*/
function getGravatar($email)
{
$size = 32;
$https = detectSSL();
if ($https) {
$grav_url = "https://secure.gravatar.com/avatar.php?\n\t\tgravatar_id=" . md5(strtolower($email)) . '?d=identicon';
} else {
$grav_url = "http://www.gravatar.com/avatar/" . md5(strtolower($email)) . '?d=identicon';
}
$gravatar = '<span class="gravatar">
<a href="http://gravatar.com/" target="_blank" title="Get your own personalised image">
<img width="32" src="' . $grav_url . '" alt="" />
</a>
</span>';
return $gravatar;
}