session_check.php at Article System

<?php

/*
 *	Article System
 *	Online journal management tool written in PHP/MySQL/PostgreSQL.
 *	This code is available at http://sourceforge.net/projects/artsys
 *
 *	Copyright (C) 2001-2005 Jan Hnatek
 *	Distributed under the terms of the GNU General Public License
 *
 *	Date:	  05/08/2005
 *	Version:  0.6   	
 */

###############################################################################
# session check : included directly
# REQUIRED ON EVERY ADMIN PAGE (refreshes kick timeout)
#

// Note:
//	this block appears in admin/{main.php, images.php, art_view.php}
//	a modification is in public/article.php

// *** session check begin

	// clear old sessions from DB
	$old = time () - $config['session_lifetime'];
	$db->open ();
	$db->exec ("DELETE FROM Sessions WHERE time < $old");

	// get session_id and compare it with database
	session_start ();

	// set the globals from session
	$user_id =& $_SESSION['user_id'];
	$user_name =& $_SESSION['user_name'];
	if ($_SESSION['session_id']) {
		// some session is opened
		$db->exec ("SELECT * FROM Sessions WHERE id='{$_SESSION['session_id']}';");
		// if such session is not in DB
		if ($db->num_rows () != 1) {
			header('Location: index.php');
			exit;
		}
	} else {
		// no session is opened
		header('Location: index.php');
		exit;
	}
	// there is something in the sessions after all ... so check user_ip
	$session_data = $db->get_result_array ();
	if ($session_data && $session_data['ip'])
		if ($_SERVER['REMOTE_ADDR'] != $session_data['ip']) {
	  		header ('Location: index.php');
	  		exit;
		}
	// update session time
	$time = time();
	$db->exec ("UPDATE Sessions SET time='$time' WHERE id='{$_SESSION['session_id']}';");

// *** session check end

?>