/** * Checks for a valid session * * Runs a few checks to make sure the same user agent and IP are used in * addition to the check for a token and timeout. Any failure results in a * full-on self-destruct for the session. * * @return boolean Whether or not a valid session is present */ public static function check_session() { // If we've already checked this and it's valid, just return TRUE if (self::$valid_session === TRUE) { return TRUE; } FB::log($_SESSION, "Session Data"); FB::log(time(), "Current Time"); // Create a token if one doesn't exist or has timed out if (!isset($_SESSION['ecms']) || $_SESSION['ecms']['ttl'] <= time()) { // Regenerate the session to avoid any unwanted shenanigans self::destroy_session(); self::create_session(); // Log data for debugging FB::log("Session doesn't exist or expired. New session created."); FB::log($_SESSION, "New Session"); return FALSE; } else { if ($_SESSION['ecms']['user-agent'] !== $_SERVER['HTTP_USER_AGENT'] || $_SESSION['ecms']['address'] !== $_SERVER['REMOTE_ADDR']) { // Log data for debugging FB::log("User agent or remote address is mismatched."); // Regenerate the session to avoid any unwanted shenanigans self::destroy_session(); self::create_session(); return FALSE; } else { if (is_array($_SESSION['ecms'])) { $_SESSION['ecms']['ttl'] = time() + 600; // 10 minutes from now self::$valid_session = TRUE; return TRUE; } else { // Log data for debugging FB::log("No conditions met. Something is odd."); // Regenerate the session to avoid any unwanted shenanigans self::destroy_session(); self::create_session(); return FALSE; } } } }