function pkwk_session_start() { global $use_trans_sid_address; static $use_session; if (!isset($use_session)) { $use_session = intval(PLUS_ALLOW_SESSION); if ($use_session > 0) { if (!is_array($use_trans_sid_address)) { $use_trans_sid_address = array(); } if (in_the_net($use_trans_sid_address, $_SERVER['REMOTE_ADDR'])) { ini_set('session.use_cookies', 0); } else { ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); } session_name('pukiwiki'); @session_start(); if (ini_get('session.use_cookies') == 0 && ini_get('session.use_trans_sid') == 0) { output_add_rewrite_var(session_name(), session_id()); } } } return $use_session; }
/** * コンストラクタ * * ここでPHPの標準セッションがスタートする */ public function __construct($session_name = null, $session_id = null, $use_cookies = true) { $this->setCookieHttpOnly(); // キャッシュ制御なし session_cache_limiter('none'); // セッション名およびセッションIDを設定 if ($session_name) { session_name($session_name); } if ($session_id) { session_id($session_id); } // Cookie使用の可否に応じてiniディレクティブを変更 if ($use_cookies) { ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); } else { ini_set('session.use_cookies', 0); ini_set('session.use_only_cookies', 0); } // セッションデータを初期化する session_start(); self::$_session_started = true; // Cookieが使用できず、session.use_trans_sidがOffの場合 if (!$use_cookies && !ini_get('session.use_trans_sid')) { $snm = session_name(); $sid = session_id(); output_add_rewrite_var($snm, $sid); } /* Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache */ }
public function shutdown($bus) { $session = $bus->get("session"); if ($session->isStarted() && !$session->isCookieEnabled() && ini_get("session.use_trans_sid") === "0") { output_add_rewrite_var($session->getName(), $session->getId()); } }
static function Prep() { global $page; if (!isset($page->rewrite_urls)) { return; } ini_set('arg_separator.output', '&'); foreach ($page->rewrite_urls as $key => $value) { output_add_rewrite_var($key, $value); } }
function session_use_trans_sid($flag) { if (ini_set('session.use_trans_sid', $flag) !== false) { if ($flag) { $session_name = session_name(); if (isset($_REQUEST[$session_name]) && preg_match('/^\\w+$/', $_REQUEST[$session_name])) { session_id($_REQUEST[$session_name]); output_add_rewrite_var($session_name, $_REQUEST[$session_name]); } } } }
/** * Call this to add a CSRF protection code to all the * forms and links on the generated page. Note that * you don't need to pass any content, and nothing is * returned - this function uses PHP to change it's * output so as to insert the data. * * Note: output_add_rewrite_var() used in here does a really bad job * on your URIs within the HTML. It adds parameters without considering * whether it should use '&' or '&'. This results in invalid HTML! */ public static function add_code() { if (!self::__is_logged_in()) { return; } if (self::$already_added_code) { return; } // do not add CSRF code in case current request is an AJAX request. They're secure // by definition and also, they're much more delicate in // what can be returned - and they usually exceed the // request amount limit pretty quickly (see active_decrease etc) if (self::__is_ajax()) { return; } self::$already_added_code = true; $code = self::__get_code(); output_add_rewrite_var(self::$formkey, $code); }
$path = "../libraries/"; //Define default path /** The configuration file.*/ require_once $path . "configuration.php"; $benchmark = new EfrontBenchmark($debug_TimeStart); $benchmark->set('init'); //Set headers in order to eliminate browser cache (especially IE's) header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header("cache-control: no-transform"); //To prevent 3G carriers from compressing the site, which will break all grids //If the page is shown as a popup, make sure it remains in such mode if (!isset($_GET['reset_popup']) && (isset($_GET['popup']) || isset($_POST['popup']) || isset($_SERVER['HTTP_REFERER']) && strpos(strtolower($_SERVER['HTTP_REFERER']), 'popup') !== false && strpos(strtolower($_SERVER['HTTP_REFERER']), 'reset_popup') === false)) { output_add_rewrite_var('popup', 1); $smarty->assign("T_POPUP_MODE", true); $popup = 1; } $search_message = $message = $message_type = ''; //Initialize messages, because if register_globals is turned on, some messages will be displayed twice $load_editor = false; $loadScripts = array(); try { if ($_GET['student']) { $currentUser = EfrontUserFactory::factory('student', false, 'student'); $currentUser->login($currentUser->user['password'], true); } else { $currentUser = EfrontUser::checkUserAccess(false, 'student'); } if ($currentUser->user['user_type'] == 'administrator') {
//***************************************************************************// // Reverse magic quotes if they are enabled. if (get_magic_quotes_gpc()) { $_REQUEST = dmq($_REQUEST); } // Set errors accordingly. error_reporting(E_ALL ^ E_NOTICE); // Start the session. ini_set('arg_separator.output', '&'); session_name('s'); session_start(); // Don't screw with our URLs, you crazy PHP you. output_reset_rewrite_vars(); // Add the session ID to all local URLs (if it hasn't been saved to a cookie). if (SID) { output_add_rewrite_var('s', stripslashes(session_id())); } // Are they specifying a step? if ($_REQUEST['step'] == 1) { // Yes, so set the step. $_SESSION['step'] = 1; } // Are they specifying an install type? if (isset($_REQUEST['setup'])) { // Yes, so set the install type. $_SESSION['setup'] = $_REQUEST['setup']; } // Are they wanting to install or upgrade? if ($_SESSION['setup'] == 'install') { require './includes/install.inc.php'; } else {
<?php session_start(); output_add_rewrite_var('var', 'value'); echo '<a href="file.php">link</a>'; ob_flush(); output_reset_rewrite_vars(); echo '<a href="file.php">link</a>';
<?php $string = "<a href='a?q=1'>asd</a>"; output_add_rewrite_var('a', 'b'); echo $string; ob_flush(); ob_end_clean();
if (isset($_GET['lang'])) { $_REQUEST['lang'] =& $_GET['lang']; } elseif (isset($_POST['lang'])) { $_REQUEST['lang'] =& $_POST['lang']; } /* Check for valid language and include the local file */ if (!isset($_GET['langchooser']) && (isset($_REQUEST['lang']) && isset($valid_langs[(string) $_REQUEST['lang']]) || ($lang = valid_http_lang()) || !empty($_REQUEST['url']))) { if (empty($lang)) { $lang = isset($_REQUEST['lang']) ? $_REQUEST['lang'] : 'en'; } else { $redir = true; } if (empty($_COOKIE['lang']) || $lang != $_COOKIE['lang']) { setcookie('lang', $lang, time() + 60 * 60 * 24 * 90, '/', 'validator.aborla.net'); } output_add_rewrite_var('lang', $lang); require './local/en.inc'; // fallback for not translated messages if ($lang != 'en') { require "./local/{$lang}.inc"; } //load localized messages common_header(); if (isset($redir)) { echo '<p id="redir">We have automatically choosen the "' . $valid_langs[$lang] . '" language for you. <a href="/?langchooser">Click here to change</a>.</p>'; } /*************** LANGUAGE CHOOSER ***************/ } else { require "./local/en.inc"; common_header(); echo "<p>Choose a language, please:</p>\n" . "<form method=\"get\" action=\"index.php\">\n" . "<p><select name=\"lang\">\n";
/** * @access private * @return boolean */ function outputAddRewirteSID() { global $_conf; $session_name = session_name(); $r = true; if (!ini_get('session.use_trans_sid') and session_id() && !isset($_COOKIE[$session_name]) || !empty($_conf['disable_cookie'])) { $r = output_add_rewrite_var($session_name, session_id()); } return $r; }
<?php ini_set('session.use_only_cookies', true); session_start(); $salt = 'YourSpecialValueHere'; $tokenstr = strval(date('W')) . $salt; $token = md5($tokenstr); if (!isset($_REQUEST['token']) || $_REQUEST['token'] != $token) { // prompt for login exit; } $_SESSION['token'] = $token; output_add_rewrite_var('token', $token);
/** * This function adds another name/value pair to the URL rewrite mechanism. * * The name and value will be added to URLs (as GET parameter) and forms (as hidden input fields) the same way as * the session ID when transparent URL rewriting is enabled with session.use_trans_sid. * * @param string $name * @param mixed $value Any scalar value or array. */ public static function addUrlRewriteVar($name, $value) { if (func_num_args() < 3) { self::$rewriteVars[$name] = $value; $name = urlencode($name); if (isset(self::$rewriteVars[$name]) && !is_scalar(self::$rewriteVars[$name])) { $value = self::$rewriteVars[$name]; $cmd = 'clear'; } else { $cmd = 'set'; } } else { $cmd = func_get_arg(2); } if (is_array($value)) { foreach ($value as $k => $v) { self::addUrlRewriteVar($name . '[' . urlencode($k) . ']', $cmd == 'clear' ? null : $v, $cmd); } } else { output_add_rewrite_var($name, $cmd == 'clear' ? null : $value); } }
<?php //incsess.php designed to handle elegantly the nuances of php sessions if (isset($_COOKIE["quartzpos"]) && isset($userid)) { $_SESSION['till'] = $_COOKIE["quartzpos"]; setcookie("quartzpos", $_SESSION['till'], time() + 5184000); //FB::log($_SESSION,"LOGIN php, set cookie, Session="); $date = date('YmdHis'); $_SESSION['id'] = $date . '-' . $userid . '-' . $_SESSION['till']; //FB::log($_SESSION['id'],"INCSESS php Session id="); if (version_compare(phpversion(), '4.3.0') >= 0) { if (!isset($_REQUEST['SESSION_NAME'])) { $_REQUEST['SESSION_NAME'] = ''; } if (!ereg('^SESS[0-9]+$', $_REQUEST['SESSION_NAME'])) { $_REQUEST['SESSION_NAME'] = $_SESSION['id']; } output_add_rewrite_var('SESSION_NAME', $_REQUEST['SESSION_NAME']); session_name($_REQUEST['SESSION_NAME']); //FB::log($_REQUEST,"INCSESS php sets request="); } }
<?php /** * rep2expack - 簡易RSSリーダ(記事一覧) */ // {{{ p2基本設定読み込み&認証 require_once './conf/conf.inc.php'; require_once P2EX_LIB_DIR . '/rss/parser.inc.php'; $_login->authorize(); // }}} if ($_conf['view_forced_by_query']) { output_add_rewrite_var('b', $_conf['b']); } //============================================================ // 変数の初期化 //============================================================ $channel = array(); $items = array(); $num = trim($_REQUEST['num']); $xml = trim($_REQUEST['xml']); $atom = empty($_REQUEST['atom']) ? 0 : 1; $site_en = trim($_REQUEST['site_en']); $xml_en = rawurlencode($xml); $xml_ht = htmlspecialchars($xml, ENT_QUOTES, 'Shift_JIS', false); //============================================================ // RSS読み込み //============================================================ if ($xml) { $rss = p2GetRSS($xml, $atom); if ($rss instanceof XML_RSS) { clearstatcache();
/** * セッション初期処理を行う。 * * @return void */ function initSession() { // セッションIDの受け渡しにクッキーを使用しない。 ini_set('session.use_cookies', '0'); ini_set('session.use_trans_sid', '1'); ini_set('session.use_only_cookies', '0'); // パラメーターから有効なセッションIDを取得する。 $sessionId = $this->getSessionId(); if (!$sessionId) { session_start(); } /* * PHP4 では session.use_trans_sid が PHP_INI_PREDIR なので * ini_set() で設定できない */ if (!ini_get('session.use_trans_sid')) { output_add_rewrite_var(session_name(), session_id()); } // セッションIDまたはセッションデータが無効な場合は、セッションIDを再生成 // し、セッションデータを初期化する。 if ($sessionId === false || !$this->validateSession()) { session_regenerate_id(true); // セッションデータの初期化 $this->state->inisializeSessionData(); // 新しいセッションIDを付加してリダイレクトする。 if ($_SERVER['REQUEST_METHOD'] == 'GET') { // GET の場合は同じページにリダイレクトする。 $objMobile = new SC_Helper_Mobile_Ex(); header('Location: ' . $objMobile->gfAddSessionId()); } else { // GET 以外の場合はトップページへリダイレクトする。 header('Location: ' . TOP_URLPATH . '?' . SID); } exit; } // 有効期限を更新する. $this->state->updateExpire(); }