예제 #1
0
/**
 * Attempt to start the session, unless it already has been.
 */
function loadSession()
{
    global $HTTP_SESSION_VARS, $modSettings, $boardurl, $sc;
    // Attempt to change a few PHP settings.
    @ini_set('session.use_cookies', true);
    @ini_set('session.use_only_cookies', false);
    @ini_set('url_rewriter.tags', '');
    @ini_set('session.use_trans_sid', false);
    @ini_set('arg_separator.output', '&');
    if (!empty($modSettings['globalCookies'])) {
        $parsed_url = parse_url($boardurl);
        if (preg_match('~^\\d{1,3}(\\.\\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\\.]+\\.)?([^\\.]{2,}\\..+)\\z~i', $parsed_url['host'], $parts) == 1) {
            @ini_set('session.cookie_domain', '.' . $parts[1]);
        }
    }
    // @todo Set the session cookie path?
    // If it's already been started... probably best to skip this.
    if (ini_get('session.auto_start') == 1 && !empty($modSettings['databaseSession_enable']) || session_id() == '') {
        // Attempt to end the already-started session.
        if (ini_get('session.auto_start') == 1) {
            session_write_close();
        }
        // This is here to stop people from using bad junky PHPSESSIDs.
        if (isset($_REQUEST[session_name()]) && preg_match('~^[A-Za-z0-9,-]{16,64}$~', $_REQUEST[session_name()]) == 0 && !isset($_COOKIE[session_name()])) {
            $session_id = md5(md5('smf_sess_' . time()) . mt_rand());
            $_REQUEST[session_name()] = $session_id;
            $_GET[session_name()] = $session_id;
            $_POST[session_name()] = $session_id;
        }
        // Use database sessions? (they don't work in 4.1.x!)
        if (!empty($modSettings['databaseSession_enable'])) {
            session_set_save_handler('sessionOpen', 'sessionClose', 'sessionRead', 'sessionWrite', 'sessionDestroy', 'sessionGC');
            @ini_set('session.gc_probability', '1');
        } elseif (ini_get('session.gc_maxlifetime') <= 1440 && !empty($modSettings['databaseSession_lifetime'])) {
            @ini_set('session.gc_maxlifetime', max($modSettings['databaseSession_lifetime'], 60));
        }
        // Use cache setting sessions?
        if (empty($modSettings['databaseSession_enable']) && !empty($modSettings['cache_enable']) && php_sapi_name() != 'cli') {
            call_integration_hook('integrate_session_handlers');
            // @todo move these to a plugin.
            if (function_exists('mmcache_set_session_handlers')) {
                mmcache_set_session_handlers();
            } elseif (function_exists('eaccelerator_set_session_handlers')) {
                eaccelerator_set_session_handlers();
            }
        }
        session_start();
        // Change it so the cache settings are a little looser than default.
        if (!empty($modSettings['databaseSession_loose'])) {
            header('Cache-Control: private');
        }
    }
    // Set the randomly generated code.
    if (!isset($_SESSION['session_var'])) {
        $_SESSION['session_value'] = md5(session_id() . mt_rand());
        $_SESSION['session_var'] = substr(preg_replace('~^\\d+~', '', sha1(mt_rand() . session_id() . mt_rand())), 0, rand(7, 12));
    }
    $sc = $_SESSION['session_value'];
}
예제 #2
0
파일: Load.php 프로젝트: alencarmo/OCF
function loadSession()
{
    global $HTTP_SESSION_VARS, $modSettings, $boardurl, $sc;
    // Attempt to change a few PHP settings.
    @ini_set('session.use_cookies', true);
    @ini_set('session.use_only_cookies', false);
    @ini_set('url_rewriter.tags', '');
    @ini_set('session.use_trans_sid', false);
    @ini_set('arg_separator.output', '&amp;');
    if (!empty($modSettings['globalCookies'])) {
        $parsed_url = parse_url($boardurl);
        if (preg_match('~^\\d{1,3}(\\.\\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\\.]+\\.)?([^\\.]{2,}\\..+)\\z~i', $parsed_url['host'], $parts) == 1) {
            @ini_set('session.cookie_domain', '.' . $parts[1]);
        }
    }
    // !!! Set the session cookie path?
    // If it's already been started... probably best to skip this.
    if (@ini_get('session.auto_start') == 1 && !empty($modSettings['databaseSession_enable']) || session_id() == '') {
        // Attempt to end the already-started session.
        if (@ini_get('session.auto_start') == 1) {
            @session_write_close();
        }
        // This is here to stop people from using bad junky PHPSESSIDs.
        if (isset($_REQUEST[session_name()]) && preg_match('~^[A-Za-z0-9]{16,32}$~', $_REQUEST[session_name()]) == 0 && !isset($_COOKIE[session_name()])) {
            $_REQUEST[session_name()] = md5(md5('smf_sess_' . time()) . mt_rand());
            $_GET[session_name()] = md5(md5('smf_sess_' . time()) . mt_rand());
            $_POST[session_name()] = md5(md5('smf_sess_' . time()) . mt_rand());
        }
        // Use database sessions? (they don't work in 4.1.x!)
        if (!empty($modSettings['databaseSession_enable']) && @version_compare(PHP_VERSION, '4.2.0') != -1) {
            session_set_save_handler('sessionOpen', 'sessionClose', 'sessionRead', 'sessionWrite', 'sessionDestroy', 'sessionGC');
            @ini_set('session.gc_probability', '1');
        } elseif (@ini_get('session.gc_maxlifetime') <= 1440 && !empty($modSettings['databaseSession_lifetime'])) {
            @ini_set('session.gc_maxlifetime', max($modSettings['databaseSession_lifetime'], 60));
        }
        // Use cache setting sessions?
        if (empty($modSettings['databaseSession_enable']) && !empty($modSettings['cache_enable']) && php_sapi_name() != 'cli') {
            if (function_exists('mmcache_set_session_handlers')) {
                mmcache_set_session_handlers();
            } elseif (function_exists('eaccelerator_set_session_handlers')) {
                eaccelerator_set_session_handlers();
            }
        }
        session_start();
        // Change it so the cache settings are a little looser than default.
        if (!empty($modSettings['databaseSession_loose'])) {
            header('Cache-Control: private');
        }
    }
    // Set the randomly generated code.
    if (!isset($_SESSION['rand_code'])) {
        $_SESSION['rand_code'] = md5(session_id() . mt_rand() . (string) microtime() . $modSettings['rand_seed']);
    }
    $sc = $_SESSION['rand_code'];
    // While PHP 4.1.x should use $_SESSION, it seems to need this to do it right. Also reseed the random generator.
    if (@version_compare(PHP_VERSION, '4.2.0') == -1) {
        $HTTP_SESSION_VARS['php_412_bugfix'] = true;
        mt_srand((double) microtime() * 10000010 + $modSettings['rand_seed']);
    } else {
        mt_srand();
    }
}