/** * Determine if $session_id represents a valid session and if so start the session * */ public static function start($session_id, $sessions = false) { global $langmessage, $dataDir, $wbMessageBuffer; static $locked_message = false; //get the session file if (!$sessions) { $sessions = self::GetSessionIds(); if (!isset($sessions[$session_id])) { self::cookie(gp_session_cookie); //make sure the cookie is deleted msg($langmessage['Session Expired'] . ' (timeout)'); return false; } } $sess_info = $sessions[$session_id]; //check ~ip, ~user agent ... if (gp_browser_auth && !empty($sess_info['uid'])) { $auth_uid = self::auth_browseruid(); $auth_uid_legacy = self::auth_browseruid(true); //legacy option added to prevent logging users out, added 2.0b2 if ($sess_info['uid'] != $auth_uid && $sess_info['uid'] != $auth_uid_legacy) { self::cookie(gp_session_cookie); //make sure the cookie is deleted msg($langmessage['Session Expired'] . ' (browser auth)'); return false; } } $session_file = $dataDir . '/data/_sessions/' . $sess_info['file_name']; if ($session_file === false || !\gp\tool\Files::Exists($session_file)) { self::cookie(gp_session_cookie); //make sure the cookie is deleted msg($langmessage['Session Expired'] . ' (invalid)'); return false; } //prevent browser caching when editing Header('Last-Modified: ' . gmdate('D, j M Y H:i:s') . ' GMT'); Header('Expires: ' . gmdate('D, j M Y H:i:s', time()) . ' GMT'); Header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1 Header('Cache-Control: post-check=0, pre-check=0', false); Header('Pragma: no-cache'); // HTTP/1.0 $GLOBALS['gpAdmin'] = self::SessionData($session_file, $checksum); //lock to prevent conflicting edits if (gp_lock_time > 0 && (!empty($GLOBALS['gpAdmin']['editing']) || !empty($GLOBALS['gpAdmin']['granted']))) { $expires = gp_lock_time; if (!\gp\tool\Files::Lock('admin', sha1(sha1($session_id)), $expires)) { msg($langmessage['site_locked'] . ' ' . sprintf($langmessage['lock_expires_in'], ceil($expires / 60))); $locked_message = true; $GLOBALS['gpAdmin']['locked'] = true; } else { unset($GLOBALS['gpAdmin']['locked']); } } //extend cookie? if (isset($GLOBALS['gpAdmin']['remember'])) { $elapsed = time() - $GLOBALS['gpAdmin']['remember']; if ($elapsed > 604800) { //7 days $GLOBALS['gpAdmin']['remember'] = time(); self::cookie(gp_session_cookie, $session_id); } } register_shutdown_function(array('\\gp\\tool\\Session', 'close'), $session_file, $checksum); self::SaveSetting(); //make sure forms have admin nonce ob_start(array('\\gp\\tool\\Session', 'AdminBuffer')); \gp\tool\Output::$lang_values += array('cancel' => 'ca', 'update' => 'up', 'caption' => 'cp', 'Width' => 'Width', 'Height' => 'Height', 'save' => 'Save', 'Saved' => 'Saved', 'Saving' => 'Saving', 'Close' => 'Close', 'Page' => 'Page', 'theme_content' => 'Extra', 'Publish Draft' => 'Draft', 'Publish' => 'Publish'); \gp\tool::LoadComponents('sortable,autocomplete,gp-admin,gp-admin-css'); \gp\admin\Tools::VersionsAndCheckTime(); \gp\tool\Output::$inline_vars += array('gpRem' => \gp\admin\Tools::CanRemoteInstall()); //prepend messages from message buffer if (isset($GLOBALS['gpAdmin']['message_buffer']) && count($GLOBALS['gpAdmin']['message_buffer'])) { $wbMessageBuffer = array_merge($GLOBALS['gpAdmin']['message_buffer'], $wbMessageBuffer); unset($GLOBALS['gpAdmin']['message_buffer']); } //alias if (isset($_COOKIE['gp_alias'])) { $GLOBALS['gpAdmin']['useralias'] = $_COOKIE['gp_alias']; } else { $GLOBALS['gpAdmin']['useralias'] = $GLOBALS['gpAdmin']['username']; } return true; }