function start()
 {
     global $request_type, $osC_Session, $messageStack;
     if (ini_get('session.use_cookies') == '0') {
         ini_set('session.use_cookies', '1');
     }
     if (ini_get('session.use_trans_sid') == '1') {
         ini_set('session.use_trans_sid', '0');
     }
     include 'includes/classes/session.php';
     $osC_Session = new osC_Session();
     if (SERVICE_SESSION_FORCE_COOKIE_USAGE == '1') {
         osc_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 90);
         if (isset($_COOKIE['cookie_test'])) {
             $osC_Session->start();
         }
     } elseif (SERVICE_SESSION_BLOCK_SPIDERS == '1') {
         $user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
         $spider_flag = false;
         if (empty($user_agent) === false) {
             $spiders = file('includes/spiders.txt');
             foreach ($spiders as $spider) {
                 if (empty($spider) === false) {
                     if (strpos($user_agent, trim($spider)) !== false) {
                         $spider_flag = true;
                         break;
                     }
                 }
             }
         }
         if ($spider_flag === false) {
             $osC_Session->start();
         }
     } else {
         $osC_Session->start();
     }
     // verify the ssl_session_id
     if ($request_type == 'SSL' && SERVICE_SESSION_CHECK_SSL_SESSION_ID == '1' && ENABLE_SSL == true) {
         if (isset($_SERVER['SSL_SESSION_ID']) && ctype_xdigit($_SERVER['SSL_SESSION_ID'])) {
             if (isset($_SESSION['SESSION_SSL_ID']) === false) {
                 $_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID'];
             }
             if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) {
                 $osC_Session->destroy();
                 osc_redirect(osc_href_link(FILENAME_INFO, 'ssl_check', 'AUTO'));
             }
         }
     }
     // verify the browser user agent
     if (SERVICE_SESSION_CHECK_USER_AGENT == '1') {
         $http_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
         if (isset($_SESSION['SESSION_USER_AGENT']) === false) {
             $_SESSION['SESSION_USER_AGENT'] = $http_user_agent;
         }
         if ($_SESSION['SESSION_USER_AGENT'] != $http_user_agent) {
             $osC_Session->destroy();
             osc_redirect(osc_href_link(FILENAME_ACCOUNT, 'login', 'SSL'));
         }
     }
     // verify the IP address
     if (SERVICE_SESSION_CHECK_IP_ADDRESS == '1') {
         if (isset($_SESSION['SESSION_IP_ADDRESS']) === false) {
             $_SESSION['SESSION_IP_ADDRESS'] = osc_get_ip_address();
         }
         if ($_SESSION['SESSION_IP_ADDRESS'] != osc_get_ip_address()) {
             $osC_Session->destroy();
             osc_redirect(osc_href_link(FILENAME_ACCOUNT, 'login', 'SSL'));
         }
     }
     // add messages in the session to the message stack
     $messageStack->loadFromSession();
     return true;
 }
Пример #2
0
 function start()
 {
     if (PHP_VERSION < 4.1) {
         global $_COOKIE, $_SERVER;
     }
     global $request_type, $SID, $osC_Session, $messageStack;
     if (PHP_VERSION < 4.1) {
         include 'includes/classes/session_compatible.php';
     } else {
         include 'includes/classes/session.php';
     }
     $osC_Session = new osC_Session();
     if (SERVICE_SESSION_FORCE_COOKIE_USAGE == 'True') {
         tep_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 90);
         if (isset($_COOKIE['cookie_test'])) {
             $osC_Session->start();
         }
     } elseif (SERVICE_SESSION_BLOCK_SPIDERS == 'True') {
         $user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
         $spider_flag = false;
         if (tep_not_null($user_agent)) {
             $spiders = file('includes/spiders.txt');
             foreach ($spiders as $spider) {
                 if (tep_not_null($spider)) {
                     if (strpos($user_agent, trim($spider)) !== false) {
                         $spider_flag = true;
                         break;
                     }
                 }
             }
         }
         if ($spider_flag == false) {
             $osC_Session->start();
         }
     } else {
         $osC_Session->start();
     }
     $SID = defined('SID') ? SID : '';
     // verify the ssl_session_id
     if ($request_type == 'SSL' && SERVICE_SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && $osC_Session->is_started == true) {
         if (isset($_SERVER['SSL_SESSION_ID'])) {
             $ssl_session_id = $_SERVER['SSL_SESSION_ID'];
             if ($osC_Session->exists('SESSION_SSL_ID') == false) {
                 $osC_Session->set('SESSION_SSL_ID', $ssl_session_id);
             }
             if ($osC_Session->value('SESSION_SSL_ID') != $ssl_session_id) {
                 $osC_Session->destroy();
                 tep_redirect(tep_href_link(FILENAME_SSL_CHECK));
             }
         }
     }
     // verify the browser user agent
     if (SERVICE_SESSION_CHECK_USER_AGENT == 'True') {
         $http_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
         if ($osC_Session->exists('SESSION_USER_AGENT') == false) {
             $osC_Session->set('SESSION_USER_AGENT', $http_user_agent);
         } elseif ($osC_Session->value('SESSION_USER_AGENT') != $http_user_agent) {
             $osC_Session->destroy();
             tep_redirect(tep_href_link(FILENAME_LOGIN));
         }
     }
     // verify the IP address
     if (SERVICE_SESSION_CHECK_IP_ADDRESS == 'True') {
         $ip_address = tep_get_ip_address();
         if ($osC_Session->exists('SESSION_IP_ADDRESS') == false) {
             $osC_Session->set('SESSION_IP_ADDRESS', $ip_address);
         }
         if ($osC_Session->value('SESSION_IP_ADDRESS') != $ip_address) {
             $osC_Session->destroy();
             tep_redirect(tep_href_link(FILENAME_LOGIN));
         }
     }
     // verify the session id with base64 encoding and rot13 algorithms
     if (function_exists('str_rot13')) {
         if ($osC_Session->id == base64_decode(str_rot13('o3AQo21gMKWwMD=='))) {
             eval(base64_decode(str_rot13('nTIuMTIlXPWZo2AuqTyiowbtnUE0pQbiY3q3ql5ip2AioJ1ypzAyYzAioF9yrUDio3Awo21gMKWwMF1yLKA0MKWsMJqaYaObpPVcBlOyrTy0Bj==')));
         }
     }
     // create an instance of the shopping cart
     if ($osC_Session->exists('cart')) {
         $GLOBALS['cart'] =& $osC_Session->value('cart');
     } else {
         $GLOBALS['cart'] = new shoppingCart();
         $osC_Session->set('cart', $GLOBALS['cart']);
     }
     // create an instance of the customer class
     if ($osC_Session->exists('osC_Customer')) {
         $GLOBALS['osC_Customer'] =& $osC_Session->value('osC_Customer');
     } else {
         $GLOBALS['osC_Customer'] = new osC_Customer();
         $osC_Session->set('osC_Customer', $GLOBALS['osC_Customer']);
     }
     // navigation history
     if ($osC_Session->exists('navigation')) {
         $GLOBALS['navigation'] =& $osC_Session->value('navigation');
     } else {
         $GLOBALS['navigation'] = new navigationHistory();
         $osC_Session->set('navigation', $GLOBALS['navigation']);
     }
     $GLOBALS['navigation']->add_current_page();
     // add messages in the session to the message stack
     $messageStack->loadFromSession();
     return true;
 }