function startSessionIfRequired()
{
global $SETTINGS;
// don't run this more than once
if (defined('SESSION_STARTED')) {
return;
}
define('SESSION_STARTED', true);
// error-checking for custom session settings
$customSessionErrors = getCustomSessionErrors(@$SETTINGS['advanced']['session_cookie_domain'], @$SETTINGS['advanced']['session_save_path']);
if ($customSessionErrors) {
$customSessionErrors .= sprintf(t('To change %1$s settings edit %2$s'), 'session', '/data/' . SETTINGS_FILENAME);
die($customSessionErrors);
}
// Initialize session
$session_name = cookiePrefix() . 'PHPSESSID';
// use a unique session cookie for each CMS installation
ini_set('session.name', $session_name);
// sets session.name
ini_set('session.cookie_secure', isHTTPS());
// use/require secure cookies when on HTTPS:// connections
ini_set('session.use_cookies', true);
ini_set('session.use_only_cookies', true);
ini_set('session.cookie_domain', @$SETTINGS['advanced']['session_cookie_domain']);
// use this to allow shared login access between subdomains such as host1.example.com, host2.example.com, example.com
ini_set('session.cookie_path', '/');
ini_set('session.cookie_httponly', true);
ini_set('session.cookie_lifetime', 60 * 60 * 24 * 365 * 25);
// save session cookies forever (or 25 years) so they'll work even if users who have turned their system clocks back a few years
ini_set('session.gc_maxlifetime', 60 * 60 * 24);
// session garbage-collection code starts getting randomly called after this many seconds of inactiity
ini_set('session.use_trans_sid', false);
if (@$SETTINGS['advanced']['session_save_path']) {
ini_set('session.save_path', @$SETTINGS['advanced']['session_save_path']);
// use this if your host imposes restrictive session removal timeouts
ini_set('session.gc_probability', 1);
// after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests
ini_set('session.gc_divisor', 100);
// after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests
// we don't set gc_ values by default because they cause errors on some server configs: http://bugs.php.net/bug.php?id=20720
}
unset($php_errormsg);
@session_start();
// session_start doesn't output correct return value until PHP 5.3.0+ so we test on the next line
if (isset($php_errormsg)) {
die("Couldn't start session! '{$php_errormsg}'!");
}
}
function loginCookie_name($addCookiePrefix = false)
{
$cookieName = 'loginsession';
if ($addCookiePrefix) {
$cookieName = cookiePrefix() . $cookieName;
}
return $cookieName;
}
function getCurrentUserFromCMS()
{
// NOTE: Keep this in /lib/common.php, not login_functions.php or user_functions.php so no extra libraries need to be loaded to call it
require_once SCRIPT_DIR . "/lib/login_functions.php";
// if not already loaded by a plugin - loads getCurrentUser() and accountsTable();
// save old cookiespace and accounts table
$oldCookiePrefix = array_first(cookiePrefix(false, true));
// save old cookiespace
$oldAccountsTable = accountsTable();
// save old accounts table
// switch to cms admin cookiespace and accounts table and load current CMS user
cookiePrefix('cms');
// switch to CMS Admin cookiespace
accountsTable('accounts');
// switch to CMS Admin accounts table
$cmsUser = getCurrentUser($loginExpired);
// 2.52 - load cms users accessList (needed by viewer_functions.php for previewing)
if ($cmsUser['num']) {
// 2.64 - only add if user found
$records = mysql_select('_accesslist', array('userNum' => $cmsUser['num']));
foreach ($records as $record) {
$cmsUser['accessList'][$record['tableName']]['accessLevel'] = $record['accessLevel'];
$cmsUser['accessList'][$record['tableName']]['maxRecords'] = $record['maxRecords'];
}
}
// switch back to previoius cookiespace and accounts table
cookiePrefix($oldCookiePrefix);
accountsTable($oldAccountsTable);
//
return $cmsUser;
}
