/** * Determine if $session_id represents a valid session and if so start the session * */ function start($session_id) { global $langmessage, $dataDir, $gp_random, $gp_admin_html; //get the session file $sessions = gpsession::GetSessionIds(); if (!isset($sessions[$session_id])) { gpsession::cookie(gp_session_cookie, '', time() - 42000); //make sure the cookie is deleted message($langmessage['Session Expired'] . ' (timeout)'); return false; } $sess_info = $sessions[$session_id]; //check ~ip, ~user agent ... if (gp_browser_auth && isset($sess_info['uid'])) { $auth_uid = gpsession::auth_browseruid(); $auth_uid_legacy = gpsession::auth_browseruid(true); //legacy option added to prevent logging users out, added 2.0b2 if ($sess_info['uid'] != $auth_uid && $sess_info['uid'] != $auth_uid_legacy) { gpsession::cookie(gp_session_cookie, '', time() - 42000); //make sure the cookie is deleted message($langmessage['Session Expired'] . ' (browser auth)'); return false; } } $session_file = $dataDir . '/data/_sessions/' . $sess_info['file_name']; if ($session_file === false || !file_exists($session_file)) { gpsession::cookie(gp_session_cookie, '', time() - 42000); //make sure the cookie is deleted message($langmessage['Session Expired'] . ' (invalid)'); return false; } //lock to prevent conflicting edits $locked = false; $last_sess_id = false; $last_sess_time = 0; $since_last_session = 0; foreach ($sessions as $sess_temp_id => $sess_temp_info) { if (!isset($sess_temp_info['time']) || !$sess_temp_info['time']) { continue; } $diff = (time() - $sess_temp_info['time']) / 60; if ($diff < gp_lock_time && $last_sess_time < $sess_temp_info['time']) { $last_sess_id = $sess_temp_id; $last_sess_time = $sess_temp_info['time']; $since_last_session = time() - $last_sess_time; } } if ($last_sess_id && $last_sess_id != $session_id) { $expires = ceil((gp_lock_time - $since_last_session) / 60); //no longer locked if ($expires > 0) { $locked = true; message($langmessage['site_locked'] . ' ' . sprintf($langmessage['lock_expires_in'], $expires)); } } //prevent browser caching when editing Header('Last-Modified: ' . gmdate('D, j M Y H:i:s') . ' GMT'); Header('Expires: ' . gmdate('D, j M Y H:i:s', time()) . ' GMT'); Header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1 Header('Cache-Control: post-check=0, pre-check=0', false); Header('Pragma: no-cache'); // HTTP/1.0 $GLOBALS['gpAdmin'] = gpsession::SessionData($session_file, $checksum); if ($locked) { $GLOBALS['gpAdmin']['locked'] = true; } else { unset($GLOBALS['gpAdmin']['locked']); } register_shutdown_function(array('gpsession', 'close'), $session_file, $checksum); gpsession::SaveSetting(); //update time and move to end of $sessions array if (!$locked && (!$since_last_session || $since_last_session > gp_lock_time / 2)) { $sessions[$session_id]['time'] = time(); gpsession::SaveSessionIds($sessions); } //make sure forms have admin nonce ob_start(array('gpsession', 'AdminBuffer')); //make sure each logged in request has the gp_admin_html area $gp_admin_html = '<div id="gp_admin_html"></div>'; return true; }