/**
* Attempt to start the session, unless it already has been.
*/
function loadSession()
{
global $HTTP_SESSION_VARS, $modSettings, $boardurl, $sc;
// Attempt to change a few PHP settings.
@ini_set('session.use_cookies', true);
@ini_set('session.use_only_cookies', false);
@ini_set('url_rewriter.tags', '');
@ini_set('session.use_trans_sid', false);
@ini_set('arg_separator.output', '&');
if (!empty($modSettings['globalCookies'])) {
$parsed_url = parse_url($boardurl);
if (preg_match('~^\\d{1,3}(\\.\\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\\.]+\\.)?([^\\.]{2,}\\..+)\\z~i', $parsed_url['host'], $parts) == 1) {
@ini_set('session.cookie_domain', '.' . $parts[1]);
}
}
// @todo Set the session cookie path?
// If it's already been started... probably best to skip this.
if (ini_get('session.auto_start') == 1 && !empty($modSettings['databaseSession_enable']) || session_id() == '') {
// Attempt to end the already-started session.
if (ini_get('session.auto_start') == 1) {
session_write_close();
}
// This is here to stop people from using bad junky PHPSESSIDs.
if (isset($_REQUEST[session_name()]) && preg_match('~^[A-Za-z0-9,-]{16,64}$~', $_REQUEST[session_name()]) == 0 && !isset($_COOKIE[session_name()])) {
$session_id = md5(md5('smf_sess_' . time()) . mt_rand());
$_REQUEST[session_name()] = $session_id;
$_GET[session_name()] = $session_id;
$_POST[session_name()] = $session_id;
}
// Use database sessions? (they don't work in 4.1.x!)
if (!empty($modSettings['databaseSession_enable'])) {
session_set_save_handler('sessionOpen', 'sessionClose', 'sessionRead', 'sessionWrite', 'sessionDestroy', 'sessionGC');
@ini_set('session.gc_probability', '1');
} elseif (ini_get('session.gc_maxlifetime') <= 1440 && !empty($modSettings['databaseSession_lifetime'])) {
@ini_set('session.gc_maxlifetime', max($modSettings['databaseSession_lifetime'], 60));
}
// Use cache setting sessions?
if (empty($modSettings['databaseSession_enable']) && !empty($modSettings['cache_enable']) && php_sapi_name() != 'cli') {
call_integration_hook('integrate_session_handlers');
// @todo move these to a plugin.
if (function_exists('mmcache_set_session_handlers')) {
mmcache_set_session_handlers();
} elseif (function_exists('eaccelerator_set_session_handlers')) {
eaccelerator_set_session_handlers();
}
}
session_start();
// Change it so the cache settings are a little looser than default.
if (!empty($modSettings['databaseSession_loose'])) {
header('Cache-Control: private');
}
}
// Set the randomly generated code.
if (!isset($_SESSION['session_var'])) {
$_SESSION['session_value'] = md5(session_id() . mt_rand());
$_SESSION['session_var'] = substr(preg_replace('~^\\d+~', '', sha1(mt_rand() . session_id() . mt_rand())), 0, rand(7, 12));
}
$sc = $_SESSION['session_value'];
}
function loadSession()
{
global $HTTP_SESSION_VARS, $modSettings, $boardurl, $sc;
// Attempt to change a few PHP settings.
@ini_set('session.use_cookies', true);
@ini_set('session.use_only_cookies', false);
@ini_set('url_rewriter.tags', '');
@ini_set('session.use_trans_sid', false);
@ini_set('arg_separator.output', '&');
if (!empty($modSettings['globalCookies'])) {
$parsed_url = parse_url($boardurl);
if (preg_match('~^\\d{1,3}(\\.\\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\\.]+\\.)?([^\\.]{2,}\\..+)\\z~i', $parsed_url['host'], $parts) == 1) {
@ini_set('session.cookie_domain', '.' . $parts[1]);
}
}
// !!! Set the session cookie path?
// If it's already been started... probably best to skip this.
if (@ini_get('session.auto_start') == 1 && !empty($modSettings['databaseSession_enable']) || session_id() == '') {
// Attempt to end the already-started session.
if (@ini_get('session.auto_start') == 1) {
@session_write_close();
}
// This is here to stop people from using bad junky PHPSESSIDs.
if (isset($_REQUEST[session_name()]) && preg_match('~^[A-Za-z0-9]{16,32}$~', $_REQUEST[session_name()]) == 0 && !isset($_COOKIE[session_name()])) {
$_REQUEST[session_name()] = md5(md5('smf_sess_' . time()) . mt_rand());
$_GET[session_name()] = md5(md5('smf_sess_' . time()) . mt_rand());
$_POST[session_name()] = md5(md5('smf_sess_' . time()) . mt_rand());
}
// Use database sessions? (they don't work in 4.1.x!)
if (!empty($modSettings['databaseSession_enable']) && @version_compare(PHP_VERSION, '4.2.0') != -1) {
session_set_save_handler('sessionOpen', 'sessionClose', 'sessionRead', 'sessionWrite', 'sessionDestroy', 'sessionGC');
@ini_set('session.gc_probability', '1');
} elseif (@ini_get('session.gc_maxlifetime') <= 1440 && !empty($modSettings['databaseSession_lifetime'])) {
@ini_set('session.gc_maxlifetime', max($modSettings['databaseSession_lifetime'], 60));
}
// Use cache setting sessions?
if (empty($modSettings['databaseSession_enable']) && !empty($modSettings['cache_enable']) && php_sapi_name() != 'cli') {
if (function_exists('mmcache_set_session_handlers')) {
mmcache_set_session_handlers();
} elseif (function_exists('eaccelerator_set_session_handlers')) {
eaccelerator_set_session_handlers();
}
}
session_start();
// Change it so the cache settings are a little looser than default.
if (!empty($modSettings['databaseSession_loose'])) {
header('Cache-Control: private');
}
}
// Set the randomly generated code.
if (!isset($_SESSION['rand_code'])) {
$_SESSION['rand_code'] = md5(session_id() . mt_rand() . (string) microtime() . $modSettings['rand_seed']);
}
$sc = $_SESSION['rand_code'];
// While PHP 4.1.x should use $_SESSION, it seems to need this to do it right. Also reseed the random generator.
if (@version_compare(PHP_VERSION, '4.2.0') == -1) {
$HTTP_SESSION_VARS['php_412_bugfix'] = true;
mt_srand((double) microtime() * 10000010 + $modSettings['rand_seed']);
} else {
mt_srand();
}
}