$mtime + $nMaxLifeTime)
{
$bReturn = (deleteDirectory($szSessionDir)) ? $bReturn : false;
}
closedir($hDir);
return $bReturn;
}
}
////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////
function deleteDirectory($szFile)
{
if (PHP_OS != "WINNT" && PHP_OS != "WIN32")
chmod($szFile,0777);
if (is_dir($szFile))
{
$handle = opendir($szFile);
while($szFileName = readdir($handle))
{
if ($szFileName != "." && $szFileName != "..")
{
deleteDirectory($szFile."/".$szFileName);
}
}
closedir($handle);
rmdir($szFile);
}
else
{
unlink($szFile);
}
}
function installSessionDirectoryHandler($szGCCallBack="")
{
$GLOBALS['gszGarbageColectionCallBackFunction'] = $szGCCallBack;
// Set handler functions
session_set_save_handler("_open",
"_close",
"_read",
"_write",
"_destroy",
"_gc");
}
function initializeSession( $szSessName="sid", $szSessSavePath="", $szSessionID="" )
{
if ($GLOBALS["bDebug"])
{
debug_msg("initializeSession( $szSessName, $szSessSavePath, $szSessionID )");
}
//if session was run already don't execute again
if (isset($GLOBALS['session_started']))
{
return true;
}
if ($szSessName == "")
{
echo "FATAL ERROR: Sessionname not specified";
exit;
}
else
ini_set("session.name", $szSessName);
if ($szSessSavePath != "")
{
ini_set("session.save_path", $szSessSavePath);
}
clearstatcache();
// Check if save path is writable
if (!(file_exists(ini_get("session.save_path")) &&
is_writable(ini_get("session.save_path"))))
{
echo "FATAL ERROR: Session save path (".ini_get("session.save_path").") doesn't exist or is not writable";
exit;
}
//turn off cookies for propagating session ids
ini_set( "session.use_cookies", "0" );
// turn off tranparent SID (becuase of buffer problem)
ini_set( "session.use_trans_sid", "0" );
// intialize tmp id
$szTmpID = "";
// check both get and post variables
if ( isset($GLOBALS['_GET'][ini_get('session.name')]) )
$szTmpID = $GLOBALS['_GET'][ini_get('session.name')];
elseif (isset($GLOBALS['_POST'][ini_get('session.name')]))
$szTmpID = $GLOBALS['_POST'][ini_get('session.name')];
// create new if necessary
if ( strlen( $szTmpID ) <= 0 )
{
if ($GLOBALS["bDebug"])
{
debug_msg("creating a new session because .$szTmpID. has zero characters ");
}
// create new and set IP flag
if ( strlen( $szSessionID ) > 0 )
{
$szTmpID = $szSessionID;
}
else
{
$szTmpID = uniqid("");
}
$bNewSession = true;
if ($GLOBALS["bDebug"])
{
debug_msg("creating a new session with id ");
}
}
else
$bNewSession = false;
// initialize flag variable
$bSessionOK = true;
// set the session ID
session_id( $szTmpID );
// Check if session is expired
if (!$bNewSession)
{
$szSavePath = getSessionSavePath();
$szSessionFile = $szSavePath."/session_file";
if (file_exists($szSessionFile))
if ($atime=@filemtime($szSessionFile))
if (time() > $atime + ini_get("session.gc_maxlifetime"))
{
$szTmpID = uniqid("");
// reset the session ID
session_id( $szTmpID );
$bNewSession = true;
$bSessionOK = false;
}
}
//start the session
session_start();
register_shutdown_function( "session_write_close" );
// set IP if a new session
if ( $bNewSession ) $_SESSION["gszRemoteAdd"] = $_SERVER["REMOTE_ADDR"];
/* ============================================================================
* Check IP to see if it is the same
* ========================================================================= */
// check if the IP has been set and validate
if ( isset( $_SESSION["gszRemoteAdd"] ) &&
strlen(trim($_SESSION["gszRemoteAdd"])) > 0 )
{
// check if IP matches current client
if ( trim( $_SESSION["gszRemoteAdd"] ) !=
trim( $_SERVER["REMOTE_ADDR"] ) )
{
// possible security breach void session
/* if the session address is the loopback interface then it is
* likely that the application was configured to use an external
* address but someone is trying to test locally using localhost
*/
if ($_SESSION['gszRemoteAdd'] != '127.0.0.1')
{
$bSessionOK = false;
}
}
}
else
{
// possible security breach void session
$bSessionOK = false;
}
// return success or failure and set global so we
// know session has been inited.
if ($bSessionOK)
{
$GLOBALS['session_started'] = true;
}
return $bSessionOK;
// end intializeSession() function
}
function getSessionSavePath()
{
$szReturn = ini_get("session.save_path")."/sess_".session_id()."/";
$szReturn = str_replace( "\\", "/", $szReturn );
return $szReturn;
}
function debug_msg( $szMsg )
{
list($usec, $sec) = explode(" ",microtime());
$ts = sprintf( "%s.%4d", date( "H:s", $sec), round( 10000 * $usec ));
$fh = fopen($GLOBALS['szDebugDir']."session.log", "a+");
fwrite($fh, "$ts : ".$GLOBALS['szDebugPage']." : $szMsg\n");
fclose($fh);
}
?>