function &getCurrent()
{
static $currentSession;
if (!is_object($currentSession)) {
$currentSession = new mosSession();
mosSession::purge();
$sessionCookieName = md5('site' . mamboCore::get('mosConfig_live_site'));
$sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null);
$usercookie = mosGetParam($_COOKIE, 'usercookie', null);
if ($currentSession->load(md5($sessioncookie . $_SERVER['REMOTE_ADDR']))) {
// Session cookie exists, update time in session table
$currentSession->time = time();
$currentSession->update();
} else {
$currentSession->generateId();
if (!$currentSession->insert()) {
die($currentSession->getError());
}
setcookie($sessionCookieName, $currentSession->getCookie(), time() + 43200, '/');
//$_COOKIE["sessioncookie"] = $session->getCookie();
if ($usercookie) {
// Remember me cookie exists. Login with usercookie info.
require_once mamboCore::get('mosConfig_absolute_path') . '/includes/authenticator.php';
$authenticator =& mamboAuthenticator::getInstance();
$authenticator->authenticateUser($message, $usercookie['username'], $usercookie['password'], null, $currentSession);
}
}
}
return $currentSession;
}
/**
* Initialises the user session
*
* Old sessions are flushed based on the configuration value for the cookie
* lifetime. If an existing session, then the last access time is updated.
* If a new session, a session id is generated and a record is created in
* the jos_sessions table.
*/
function initSession()
{
// initailize session variables
$session =& $this->_session;
$session = new mosSession($this->_db);
// purge expired sessions
$session->purge('core');
// Session Cookie `name`
$sessionCookieName = mosMainFrame::sessionCookieName();
// Get Session Cookie `value`
$sessioncookie = strval(mosGetParam($_COOKIE, $sessionCookieName, null));
// Session ID / `value`
$sessionValueCheck = mosMainFrame::sessionCookieValue($sessioncookie);
// Check if existing session exists in db corresponding to Session cookie `value`
// extra check added in 1.0.8 to test sessioncookie value is of correct length
if ($sessioncookie && strlen($sessioncookie) == 32 && $sessioncookie != '-' && $session->load($sessionValueCheck)) {
// update time in session table
$session->time = time();
$session->update();
} else {
// Remember Me Cookie `name`
$remCookieName = mosMainFrame::remCookieName_User();
// test if cookie found
$cookie_found = false;
if (isset($_COOKIE[$sessionCookieName]) || isset($_COOKIE[$remCookieName]) || isset($_POST['force_session'])) {
$cookie_found = true;
}
// check if neither remembermecookie or sessioncookie found
if (!$cookie_found) {
// create sessioncookie and set it to a test value set to expire on session end
setcookie($sessionCookieName, '-', false, '/');
} else {
// otherwise, sessioncookie was found, but set to test val or the session expired, prepare for session registration and register the session
$url = strval(mosGetParam($_SERVER, 'REQUEST_URI', null));
// stop sessions being created for requests to syndicated feeds
if (strpos($url, 'option=com_rss') === false && strpos($url, 'feed=') === false) {
$session->guest = 1;
$session->username = '';
$session->time = time();
$session->gid = 0;
// Generate Session Cookie `value`
$session->generateId();
if (!$session->insert()) {
die($session->getError());
}
// create Session Tracking Cookie set to expire on session end
setcookie($sessionCookieName, $session->getCookie(), false, '/');
}
}
// Cookie used by Remember me functionality
$remCookieValue = strval(mosGetParam($_COOKIE, $remCookieName, null));
// test if cookie is correct length
if (strlen($remCookieValue) > 64) {
// Separate Values from Remember Me Cookie
$remUser = substr($remCookieValue, 0, 32);
$remPass = substr($remCookieValue, 32, 32);
$remID = intval(substr($remCookieValue, 64));
// check if Remember me cookie exists. Login with usercookie info.
if (strlen($remUser) == 32 && strlen($remPass) == 32) {
$this->login($remUser, $remPass, 1, $remID);
}
}
}
}
