$Qcfg = $osC_Database->query('select configuration_key as cfgKey, configuration_value as cfgValue from :table_configuration'); $Qcfg->bindTable(':table_configuration', TABLE_CONFIGURATION); $Qcfg->setCache('configuration'); $Qcfg->execute(); while ($Qcfg->next()) { define($Qcfg->value('cfgKey'), $Qcfg->value('cfgValue')); } $Qcfg->freeResult(); // define our general functions used application-wide require '../includes/functions/general.php'; require 'includes/functions/general.php'; require '../includes/functions/html_output.php'; require 'includes/functions/html_output.php'; // include session class require '../includes/classes/session.php'; $osC_Session = osC_Session::load('osCAdminID'); $osC_Session->start(); if (!isset($_SESSION['admin']) && basename($_SERVER['PHP_SELF']) != FILENAME_RPC) { $redirect = false; if (empty($_GET)) { $redirect = true; } else { $first_array = array_slice($_GET, 0, 1); $_module = osc_sanitize_string(basename(key($first_array))); if ($_module != 'login') { if (!isset($_SESSION['redirect_origin'])) { $_SESSION['redirect_origin'] = array('module' => $_module, 'get' => $_GET); } $redirect = true; } }
function start() { global $request_type, $osC_Session; include 'includes/classes/session.php'; $osC_Session = osC_Session::load(); if (SERVICE_SESSION_FORCE_COOKIE_USAGE == '1') { osc_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 90); if (isset($_COOKIE['cookie_test'])) { $osC_Session->start(); } } elseif (SERVICE_SESSION_BLOCK_SPIDERS == '1') { $user_agent = strtolower($_SERVER['HTTP_USER_AGENT']); $spider_flag = false; if (empty($user_agent) === false) { $spiders = file('includes/spiders.txt'); foreach ($spiders as $spider) { if (empty($spider) === false) { if (strpos($user_agent, trim($spider)) !== false) { $spider_flag = true; break; } } } } if ($spider_flag === false) { $osC_Session->start(); } } else { $osC_Session->start(); } // verify the ssl_session_id if ($request_type == 'SSL' && SERVICE_SESSION_CHECK_SSL_SESSION_ID == '1' && ENABLE_SSL == true) { if (isset($_SERVER['SSL_SESSION_ID']) && ctype_xdigit($_SERVER['SSL_SESSION_ID'])) { if (isset($_SESSION['SESSION_SSL_ID']) === false) { $_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID']; } if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) { $osC_Session->destroy(); osc_redirect(osc_href_link(FILENAME_INFO, 'ssl_check', 'AUTO')); } } } // verify the browser user agent if (SERVICE_SESSION_CHECK_USER_AGENT == '1') { $http_user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; if (isset($_SESSION['SESSION_USER_AGENT']) === false) { $_SESSION['SESSION_USER_AGENT'] = $http_user_agent; } if ($_SESSION['SESSION_USER_AGENT'] != $http_user_agent) { $osC_Session->destroy(); osc_redirect(osc_href_link(FILENAME_ACCOUNT, 'login', 'SSL')); } } // verify the IP address if (SERVICE_SESSION_CHECK_IP_ADDRESS == '1') { if (isset($_SESSION['SESSION_IP_ADDRESS']) === false) { $_SESSION['SESSION_IP_ADDRESS'] = osc_get_ip_address(); } if ($_SESSION['SESSION_IP_ADDRESS'] != osc_get_ip_address()) { $osC_Session->destroy(); osc_redirect(osc_href_link(FILENAME_ACCOUNT, 'login', 'SSL')); } } return true; }