Location: PHPKode > projects > PhpInv > phpInv-0.8.0/admin/inc/session.php
<?

// This program is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License as published by the Free
// Software Foundation; either version 2 of the License, or (at your option)
// any later version.

// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
// more details.

// You should have received a copy of the GNU General Public License along with
// this program; if not, write to the Free Software Foundation, Inc., 59 Temple
// Place - Suite 330, Boston, MA 02111-1307, USA.

// Copyright: (C) 2002/2003 Stefan Cyris 


$sid = str_prepare($hash);

// validate session
if (!empty($sid)) {
	$session["hash"] = $sid;
	$session['ip']=str_prepare($remote_addr);
	$session['useragent']=str_prepare(substr($http_user_agent, 0, 50));
	$session['acceptlanguage']=str_prepare($http_accept_lang); //for later use

	unset($array);
	unset($group);
	$array = $DB->query_first("SELECT * FROM ".$DB->tableprefix."session WHERE hash='".$session["hash"]."' AND ip='".$session["ip"]."' AND useragent='".$session["useragent"]."'");
	if (!empty($array)) {
		// session valid
		$result = $DB->query("SELECT user.userid,user.login,usergroup.* FROM ".$DB->tableprefix."user AS user, ".$DB->tableprefix."usertogroup AS usertogroup, ".$DB->tableprefix."usergroup AS usergroup WHERE user.userid='".$array["userid"]."' AND usertogroup.userid='".$array["userid"]."' AND usertogroup.usergroupid=usergroup.usergroupid");

		 while ($array = $DB->fetch_array($result)) {
			//user details
			$session["userid"] = $array["userid"];
			$session["login"] = $array["login"];
			//groups
			$group[$array["usergroupid"]]["title"] = $array["usergrouptitle"];
			$group[$array["usergroupid"]]["canview"] = $array["canview"];
			$group[$array["usergroupid"]]["canedit"] = $array["canedit"];
			$group[$array["usergroupid"]]["cannew"] = $array["cannew"];
			$group[$array["usergroupid"]]["candelete"] = $array["candelete"];
		}

		$session["group"]=$group;
	} else {
		// session no valid
		unset($session);
	}
}

// no session or session not valid
if (!isset($session["hash"])) {
	// Session management
	$session["hash"] = md5(uniqid(microtime()));
	$hash = $session["hash"];

	//groups
	$session["group"]=array();

	//user details
	$session["login"] = "guest";
	$session["userid"] = 1;	// Guest ID
	
	$session['ip']=str_prepare($remote_addr);
	$session['useragent']=str_prepare(substr($http_user_agent, 0, 50));
	$session['acceptlanguage']=str_prepare($http_accept_lang); //for later use
	$DB->query("INSERT INTO ".$DB->tableprefix."session (hash, userid, ip, useragent, activity) VALUES ('".$session["hash"]."','".$session["userid"]."','".$session["ip"]."','".$session["useragent"]."',now() )");
}

// delete old sessions
$result = $DB->query("DELETE from ".$DB->tableprefix."session WHERE activity<=date_sub(now(), INTERVAL ".$sessiontimeout." SECOND)");
Return current item: PhpInv