includes/sessions.php
changeset 266 917dcc6c4ceb
parent 248 ed13b72b13cc
parent 263 d57af0b0302e
child 271 f088805540ae
equal deleted inserted replaced
265:7e0cdf71b1bb 266:917dcc6c4ceb
  1058     }
  1058     }
  1059     else
  1059     else
  1060     {
  1060     {
  1061       // Stash it in a cookie
  1061       // Stash it in a cookie
  1062       // For now, make the cookie last forever, we can change this in 1.1.x
  1062       // For now, make the cookie last forever, we can change this in 1.1.x
  1063       setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/', null, ( isset($_SERVER['HTTPS']) ) );
  1063       setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/', null, ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ) );
  1064       $_COOKIE['sid'] = $session_key;
  1064       $_COOKIE['sid'] = $session_key;
  1065     }
  1065     }
  1066     // $keyhash is stored in the database, this is for compatibility with the older DB structure
  1066     // $keyhash is stored in the database, this is for compatibility with the older DB structure
  1067     $keyhash = md5($session_key);
  1067     $keyhash = md5($session_key);
  1068     // Record the user's IP
  1068     // Record the user's IP
  2630    * @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
  2630    * @return string A unique identifier assigned to the code. This hash should be passed to sessionManager::getCaptcha() to retrieve the code.
  2631    */
  2631    */
  2632   
  2632   
  2633   function make_captcha($len = 7)
  2633   function make_captcha($len = 7)
  2634   {
  2634   {
  2635     $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
  2635     $code = $this->generate_captcha_code($len);
  2636     $s = '';
       
  2637     for($i=0;$i<$len;$i++) $s .= $chars[mt_rand(0, count($chars)-1)];
       
  2638     $hash = md5(microtime() . mt_rand());
  2636     $hash = md5(microtime() . mt_rand());
  2639     $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);');
  2637     $this->sql('INSERT INTO '.table_prefix.'session_keys(session_key,salt,auth_level,source_ip,user_id) VALUES(\''.$hash.'\', \''.$s.'\', -1, \''.ip2hex($_SERVER['REMOTE_ADDR']).'\', -2);');
  2640     return $hash;
  2638     return $hash;
  2641   }
  2639   }
  2642   
  2640   
  2643   /**
  2641   /**
       
  2642    * Generates the actual confirmation code text.
       
  2643    * @param int String length
       
  2644    * @return string
       
  2645    */
       
  2646   
       
  2647   function generate_captcha_code($len = 7)
       
  2648   {
       
  2649     $chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
       
  2650     $s = '';
       
  2651     for ( $i = 0; $i < $len; $i++ )
       
  2652     {
       
  2653       $s .= $chars[mt_rand(0, count($chars)-1)];
       
  2654     }
       
  2655     return $s;
       
  2656   }
       
  2657   
       
  2658   /**
  2644    * For the given code ID, returns the correct CAPTCHA code, or false on failure
  2659    * For the given code ID, returns the correct CAPTCHA code, or false on failure
  2645    * @param string $hash The unique ID assigned to the code
  2660    * @param string $hash The unique ID assigned to the code
  2646    * @return string The correct confirmation code
  2661    * @return string The correct confirmation code
  2647    */
  2662    */
  2648   
  2663   
  2649   function get_captcha($hash)
  2664   function get_captcha($hash)
  2650   {
  2665   {
  2651     global $db, $session, $paths, $template, $plugins; // Common objects
  2666     global $db, $session, $paths, $template, $plugins; // Common objects
  2652     $s = $this->sql('SELECT salt FROM '.table_prefix.'session_keys WHERE session_key=\''.$db->escape($hash).'\' AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
  2667     $s = $this->sql('SELECT salt FROM '.table_prefix.'session_keys WHERE session_key=\''.$db->escape($hash).'\' AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
  2653     if($db->numrows() < 1) return false;
  2668     if ( $db->numrows() < 1 )
       
  2669     {
       
  2670       return false;
       
  2671     }
  2654     $r = $db->fetchrow();
  2672     $r = $db->fetchrow();
       
  2673     $db->free_result();
       
  2674     $this->sql('DELETE FROM ' . table_prefix . 'session_keys WHERE salt=\'' . $db->escape($r['salt']) . '\';');
  2655     return $r['salt'];
  2675     return $r['salt'];
  2656   }
  2676   }
  2657   
  2677   
  2658   /**
  2678   /**
  2659    * Deletes all CAPTCHA codes cached in the DB for this user.
  2679    * (AS OF 1.0.2: Deprecated. Captcha codes are now killed on first fetch for security.) Deletes all CAPTCHA codes cached in the DB for this user.
  2660    */
  2680    */
  2661   
  2681   
  2662   function kill_captcha()
  2682   function kill_captcha()
  2663   {
  2683   {
  2664     $this->sql('DELETE FROM '.table_prefix.'session_keys WHERE user_id=-2 AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
  2684     // $this->sql('DELETE FROM '.table_prefix.'session_keys WHERE user_id=-2 AND source_ip=\''.ip2hex($_SERVER['REMOTE_ADDR']).'\';');
       
  2685     return true;
  2665   }
  2686   }
  2666   
  2687   
  2667   /**
  2688   /**
  2668    * Generates a random password.
  2689    * Generates a random password.
  2669    * @param int $length Optional - length of password
  2690    * @param int $length Optional - length of password