/** * Check if user session exists. Adapted from Joomla original code */ function shLookupSession() { global $mainframe; return false; // does not work in 1.5. Not needed anyway, as long as multilingual 303 redirect is not solved $database =& JFactory::getDBO(); // initailize session variables $session = new mosSession($database); $option = strval(strtolower(JRequest::getVar('option'))); $mainframe = new mosMainFrame($database, $option, '.'); // purge expired sessions $session->purge('core'); // can't purge as $mainframe is not initialized yet // Session Cookie `name` // WARNING : I am using the Hack from $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = strval(JRequest::getVar($sessionCookieName, null, 'COOKIE')); // Session ID / `value` $sessionValueCheck = mosMainFrame::sessionCookieValue($sessioncookie); // Check if existing session exists in db corresponding to Session cookie `value` // extra check added in 1.0.8 to test sessioncookie value is of correct length $ret = false; if ($sessioncookie && strlen($sessioncookie) == 32 && $sessioncookie != '-' && $session->load($sessionValueCheck)) { $ret = true; } unset($mainframe); return $ret; }
function &getCurrent() { static $currentSession; if (!is_object($currentSession)) { $currentSession = new mosSession(); mosSession::purge(); $sessionCookieName = md5('site' . mamboCore::get('mosConfig_live_site')); $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null); $usercookie = mosGetParam($_COOKIE, 'usercookie', null); if ($currentSession->load(md5($sessioncookie . $_SERVER['REMOTE_ADDR']))) { // Session cookie exists, update time in session table $currentSession->time = time(); $currentSession->update(); } else { $currentSession->generateId(); if (!$currentSession->insert()) { die($currentSession->getError()); } setcookie($sessionCookieName, $currentSession->getCookie(), time() + 43200, '/'); //$_COOKIE["sessioncookie"] = $session->getCookie(); if ($usercookie) { // Remember me cookie exists. Login with usercookie info. require_once mamboCore::get('mosConfig_absolute_path') . '/includes/authenticator.php'; $authenticator =& mamboAuthenticator::getInstance(); $authenticator->authenticateUser($message, $usercookie['username'], $usercookie['password'], null, $currentSession); } } } return $currentSession; }
// Start ACL require_once $configuration->rootPath() . '/includes/gacl.class.php'; require_once $configuration->rootPath() . '/includes/gacl_api.class.php'; $acl = new gacl_api(); // Handle special admin side options $option = strtolower(mosGetParam($_REQUEST, 'option', 'com_admin')); $domain = substr($option, 4); session_name(md5(mamboCore::get('mosConfig_live_site'))); session_start(); // restore some session variables $my = new mosUser(); $my->getSession(); if (mosSession::validate($my)) { mosSession::purge(); } else { mosSession::purge(); $my = null; } if (!$my and $option == 'login') { $option = 'admin'; require_once $configuration->rootPath() . '/includes/authenticator.php'; $authenticator =& mamboAuthenticator::getInstance(); $my = $authenticator->loginAdmin($acl); } elseif ($option == 'logout') { require $configuration->rootPath() . '/administrator/logout.php'; exit; } // We can now create the mainframe object $mainframe =& new mosMainFrame($database, $option, '..', true); // Provided $my is set, we have a valid admin side session and can include remaining code if ($my) {
/** * Initialises the user session * * Old sessions are flushed based on the configuration value for the cookie * lifetime. If an existing session, then the last access time is updated. * If a new session, a session id is generated and a record is created in * the jos_sessions table. */ function initSession() { // initailize session variables $session =& $this->_session; $session = new mosSession($this->_db); // purge expired sessions $session->purge('core'); // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = strval(mosGetParam($_COOKIE, $sessionCookieName, null)); // Session ID / `value` $sessionValueCheck = mosMainFrame::sessionCookieValue($sessioncookie); // Check if existing session exists in db corresponding to Session cookie `value` // extra check added in 1.0.8 to test sessioncookie value is of correct length if ($sessioncookie && strlen($sessioncookie) == 32 && $sessioncookie != '-' && $session->load($sessionValueCheck)) { // update time in session table $session->time = time(); $session->update(); } else { // Remember Me Cookie `name` $remCookieName = mosMainFrame::remCookieName_User(); // test if cookie found $cookie_found = false; if (isset($_COOKIE[$sessionCookieName]) || isset($_COOKIE[$remCookieName]) || isset($_POST['force_session'])) { $cookie_found = true; } // check if neither remembermecookie or sessioncookie found if (!$cookie_found) { // create sessioncookie and set it to a test value set to expire on session end setcookie($sessionCookieName, '-', false, '/'); } else { // otherwise, sessioncookie was found, but set to test val or the session expired, prepare for session registration and register the session $url = strval(mosGetParam($_SERVER, 'REQUEST_URI', null)); // stop sessions being created for requests to syndicated feeds if (strpos($url, 'option=com_rss') === false && strpos($url, 'feed=') === false) { $session->guest = 1; $session->username = ''; $session->time = time(); $session->gid = 0; // Generate Session Cookie `value` $session->generateId(); if (!$session->insert()) { die($session->getError()); } // create Session Tracking Cookie set to expire on session end setcookie($sessionCookieName, $session->getCookie(), false, '/'); } } // Cookie used by Remember me functionality $remCookieValue = strval(mosGetParam($_COOKIE, $remCookieName, null)); // test if cookie is correct length if (strlen($remCookieValue) > 64) { // Separate Values from Remember Me Cookie $remUser = substr($remCookieValue, 0, 32); $remPass = substr($remCookieValue, 32, 32); $remID = intval(substr($remCookieValue, 64)); // check if Remember me cookie exists. Login with usercookie info. if (strlen($remUser) == 32 && strlen($remPass) == 32) { $this->login($remUser, $remPass, 1, $remID); } } } }