Thanks
2003-12-15, Mark Doliner
var $sid = ""; /* Session ID */ /******************************************************************** * The Session() constructor ********************************************************************/ function startSession() { global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS; if ((!isset($sid)) || (empty($sid))) { return; } $this->sid = $sid = urldecode($sid); "SELECT * FROM Users WHERE SESSION_ID='" . $sid . "'" if ($db->num_rows() == 0) { * Oops, a cookie is set but there is no session info. * You know what we have to do... KILL THE COOKIE! unset($HTTP_COOKIE_VARS["sid"]); function login($user, $password) { global $HTTP_USER_AGENT, $PHP_SELF, $HTTP_COOKIE_VARS; $GLOBALS["user_missing"] = false; $GLOBALS["password_missing"] = false; if (!$users->user_exists($user)) { $GLOBALS["user_missing"] = -1; $GLOBALS["password_missing"] = -1; $GLOBALS["user_missing"] = -1; $GLOBALS["password_missing"] = -1; if ($missinginfo) { return false; } if ($users->logged_in()) { "SELECT * FROM Users WHERE USERNAME='".$user."'" if ($db->num_rows() > 0) { $info = $db->result_array(); $salt = substr($info["PASSWORD"], 0, 2); $newpass = crypt($password, $salt); if ($newpass != $info["PASSWORD"]) { $this->sid = $this->generate_get_sid(); "UPDATE Users SET SESSION_ID='" . $this->sid . "'" . " WHERE USER_ID=" . $info["USER_ID"] $HTTP_COOKIE_VARS["sid"] = $this->sid; $expdate = time() + 63072000; setcookie("sid", $this->sid, $expdate); header("Location: " . $this->localUrl($PHP_SELF) . "\n"); /******************************************************************** * function generate_get_sid() * Generates a Session ID based on the date/time and IP address. ********************************************************************/ function generate_get_sid() { return "s" . md5(uniqid(rand())); /******************************************************************** * Returns the session ID in a pib_sessionid=... way. ********************************************************************/ return "sid=" . urlencode($this->sid); /******************************************************************** * Returns the session ID. ********************************************************************/ return urlencode($this->sid); function localUrl($url) { return $url . "?" . $this->get_sid(); return "<input type=\"hidden\" name=\"sid\"" . " value=\"" . $this->get_sid() . "\" />"; /******************************************************************** * Destroys the Session and removes all data and variables ********************************************************************/ "UPDATE Users SET SESSION_ID='' WHERE SESSION_ID='" . /* We don't care if this is a valid result or not. */ /* If it doesn't exist already, it's already deleted :) */ // header("Location: $PHP_SELF");