/** * Function to start the session and store the cookie with the session_id as * HttpOnly cookie which means that the cookie isn't accessible by javascript * (IE6 only) * Note that as sqsession_is_active() no longer discriminates as to when * it calls this function, session_start() has to have E_NOTICE suppression * (thus the @ sign). */ function sqsession_start() { global $base_uri; sq_call_function_suppress_errors('session_start'); // was: @session_start(); $session_id = session_id(); // session_starts sets the sessionid cookie but without the httponly var // setting the cookie again sets the httponly cookie attribute // // need to check if headers have been sent, since sqsession_is_active() // has become just a passthru to this function, so the sqsetcookie() // below is called every time, even after headers have already been sent // if (!headers_sent()) { sqsetcookie(session_name(), $session_id, false, $base_uri); } }
function saveAttachedFiles($session) { global $composeMessage, $username, $attachment_dir; /* get out of here if no file was attached at all */ if (!is_uploaded_file($_FILES['attachfile']['tmp_name'])) { return true; } $hashed_attachment_dir = getHashedDir($username, $attachment_dir); $localfilename = sq_get_attach_tempfile(); $fullpath = $hashed_attachment_dir . '/' . $localfilename; // m_u_f works better with restricted PHP installs (safe_mode, open_basedir), // if that doesn't work, try a simple rename. if (!sq_call_function_suppress_errors('move_uploaded_file', array($_FILES['attachfile']['tmp_name'], $fullpath))) { if (!sq_call_function_suppress_errors('rename', array($_FILES['attachfile']['tmp_name'], $fullpath))) { return true; } } $type = strtolower($_FILES['attachfile']['type']); $name = $_FILES['attachfile']['name']; $composeMessage->initAttachment($type, $name, $localfilename); }