/[dtapublic]/to_be_filed/webprojs/fboprime/sw/phplib/sess.inc
ViewVC logotype

Annotation of /to_be_filed/webprojs/fboprime/sw/phplib/sess.inc

Parent Directory Parent Directory | Revision Log Revision Log


Revision 31 - (hide annotations) (download)
Sat Oct 8 18:44:20 2016 UTC (7 years, 8 months ago) by dashley
File size: 82022 byte(s)
Initial commit.
1 dashley 31 <?php
2     //$Header: /home/dashley/cvsrep/e3ft_gpl01/e3ft_gpl01/webprojs/fboprime/sw/phplib/sess.inc,v 1.25 2006/11/05 18:26:05 dashley Exp $
3     //--------------------------------------------------------------------------------------------------------------
4     //sess.inc--FboPrime Session and Authentication Management Functions and Constants
5     //Copyright (C) 2006 David T. Ashley
6     //
7     //This program is free software; you can redistribute it and/or
8     //modify it under the terms of the GNU General Public License
9     //as published by the Free Software Foundation; either version 2
10     //of the License, or (at your option) any later version.
11     //
12     //This program is distributed in the hope that it will be useful,
13     //but WITHOUT ANY WARRANTY; without even the implied warranty of
14     //MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15     //GNU General Public License for more details.
16     //
17     //You should have received a copy of the GNU General Public License
18     //along with this program; if not, write to the Free Software
19     //Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20     //********************************************************************************
21     //Implement session and authentication functions.
22     //-------------------------------------------------------------------------------------------------
23     //Copyright 2006 David T. Ashley
24     //-------------------------------------------------------------------------------------------------
25     //This source code and any program in which it is compiled/used is provided under the GNU GENERAL
26     //PUBLIC LICENSE, Version 3, full license text below.
27     //-------------------------------------------------------------------------------------------------
28     // GNU GENERAL PUBLIC LICENSE
29     // Version 3, 29 June 2007
30     //
31     // Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
32     // Everyone is permitted to copy and distribute verbatim copies
33     // of this license document, but changing it is not allowed.
34     //
35     // Preamble
36     //
37     // The GNU General Public License is a free, copyleft license for
38     //software and other kinds of works.
39     //
40     // The licenses for most software and other practical works are designed
41     //to take away your freedom to share and change the works. By contrast,
42     //the GNU General Public License is intended to guarantee your freedom to
43     //share and change all versions of a program--to make sure it remains free
44     //software for all its users. We, the Free Software Foundation, use the
45     //GNU General Public License for most of our software; it applies also to
46     //any other work released this way by its authors. You can apply it to
47     //your programs, too.
48     //
49     // When we speak of free software, we are referring to freedom, not
50     //price. Our General Public Licenses are designed to make sure that you
51     //have the freedom to distribute copies of free software (and charge for
52     //them if you wish), that you receive source code or can get it if you
53     //want it, that you can change the software or use pieces of it in new
54     //free programs, and that you know you can do these things.
55     //
56     // To protect your rights, we need to prevent others from denying you
57     //these rights or asking you to surrender the rights. Therefore, you have
58     //certain responsibilities if you distribute copies of the software, or if
59     //you modify it: responsibilities to respect the freedom of others.
60     //
61     // For example, if you distribute copies of such a program, whether
62     //gratis or for a fee, you must pass on to the recipients the same
63     //freedoms that you received. You must make sure that they, too, receive
64     //or can get the source code. And you must show them these terms so they
65     //know their rights.
66     //
67     // Developers that use the GNU GPL protect your rights with two steps:
68     //(1) assert copyright on the software, and (2) offer you this License
69     //giving you legal permission to copy, distribute and/or modify it.
70     //
71     // For the developers' and authors' protection, the GPL clearly explains
72     //that there is no warranty for this free software. For both users' and
73     //authors' sake, the GPL requires that modified versions be marked as
74     //changed, so that their problems will not be attributed erroneously to
75     //authors of previous versions.
76     //
77     // Some devices are designed to deny users access to install or run
78     //modified versions of the software inside them, although the manufacturer
79     //can do so. This is fundamentally incompatible with the aim of
80     //protecting users' freedom to change the software. The systematic
81     //pattern of such abuse occurs in the area of products for individuals to
82     //use, which is precisely where it is most unacceptable. Therefore, we
83     //have designed this version of the GPL to prohibit the practice for those
84     //products. If such problems arise substantially in other domains, we
85     //stand ready to extend this provision to those domains in future versions
86     //of the GPL, as needed to protect the freedom of users.
87     //
88     // Finally, every program is threatened constantly by software patents.
89     //States should not allow patents to restrict development and use of
90     //software on general-purpose computers, but in those that do, we wish to
91     //avoid the special danger that patents applied to a free program could
92     //make it effectively proprietary. To prevent this, the GPL assures that
93     //patents cannot be used to render the program non-free.
94     //
95     // The precise terms and conditions for copying, distribution and
96     //modification follow.
97     //
98     // TERMS AND CONDITIONS
99     //
100     // 0. Definitions.
101     //
102     // "This License" refers to version 3 of the GNU General Public License.
103     //
104     // "Copyright" also means copyright-like laws that apply to other kinds of
105     //works, such as semiconductor masks.
106     //
107     // "The Program" refers to any copyrightable work licensed under this
108     //License. Each licensee is addressed as "you". "Licensees" and
109     //"recipients" may be individuals or organizations.
110     //
111     // To "modify" a work means to copy from or adapt all or part of the work
112     //in a fashion requiring copyright permission, other than the making of an
113     //exact copy. The resulting work is called a "modified version" of the
114     //earlier work or a work "based on" the earlier work.
115     //
116     // A "covered work" means either the unmodified Program or a work based
117     //on the Program.
118     //
119     // To "propagate" a work means to do anything with it that, without
120     //permission, would make you directly or secondarily liable for
121     //infringement under applicable copyright law, except executing it on a
122     //computer or modifying a private copy. Propagation includes copying,
123     //distribution (with or without modification), making available to the
124     //public, and in some countries other activities as well.
125     //
126     // To "convey" a work means any kind of propagation that enables other
127     //parties to make or receive copies. Mere interaction with a user through
128     //a computer network, with no transfer of a copy, is not conveying.
129     //
130     // An interactive user interface displays "Appropriate Legal Notices"
131     //to the extent that it includes a convenient and prominently visible
132     //feature that (1) displays an appropriate copyright notice, and (2)
133     //tells the user that there is no warranty for the work (except to the
134     //extent that warranties are provided), that licensees may convey the
135     //work under this License, and how to view a copy of this License. If
136     //the interface presents a list of user commands or options, such as a
137     //menu, a prominent item in the list meets this criterion.
138     //
139     // 1. Source Code.
140     //
141     // The "source code" for a work means the preferred form of the work
142     //for making modifications to it. "Object code" means any non-source
143     //form of a work.
144     //
145     // A "Standard Interface" means an interface that either is an official
146     //standard defined by a recognized standards body, or, in the case of
147     //interfaces specified for a particular programming language, one that
148     //is widely used among developers working in that language.
149     //
150     // The "System Libraries" of an executable work include anything, other
151     //than the work as a whole, that (a) is included in the normal form of
152     //packaging a Major Component, but which is not part of that Major
153     //Component, and (b) serves only to enable use of the work with that
154     //Major Component, or to implement a Standard Interface for which an
155     //implementation is available to the public in source code form. A
156     //"Major Component", in this context, means a major essential component
157     //(kernel, window system, and so on) of the specific operating system
158     //(if any) on which the executable work runs, or a compiler used to
159     //produce the work, or an object code interpreter used to run it.
160     //
161     // The "Corresponding Source" for a work in object code form means all
162     //the source code needed to generate, install, and (for an executable
163     //work) run the object code and to modify the work, including scripts to
164     //control those activities. However, it does not include the work's
165     //System Libraries, or general-purpose tools or generally available free
166     //programs which are used unmodified in performing those activities but
167     //which are not part of the work. For example, Corresponding Source
168     //includes interface definition files associated with source files for
169     //the work, and the source code for shared libraries and dynamically
170     //linked subprograms that the work is specifically designed to require,
171     //such as by intimate data communication or control flow between those
172     //subprograms and other parts of the work.
173     //
174     // The Corresponding Source need not include anything that users
175     //can regenerate automatically from other parts of the Corresponding
176     //Source.
177     //
178     // The Corresponding Source for a work in source code form is that
179     //same work.
180     //
181     // 2. Basic Permissions.
182     //
183     // All rights granted under this License are granted for the term of
184     //copyright on the Program, and are irrevocable provided the stated
185     //conditions are met. This License explicitly affirms your unlimited
186     //permission to run the unmodified Program. The output from running a
187     //covered work is covered by this License only if the output, given its
188     //content, constitutes a covered work. This License acknowledges your
189     //rights of fair use or other equivalent, as provided by copyright law.
190     //
191     // You may make, run and propagate covered works that you do not
192     //convey, without conditions so long as your license otherwise remains
193     //in force. You may convey covered works to others for the sole purpose
194     //of having them make modifications exclusively for you, or provide you
195     //with facilities for running those works, provided that you comply with
196     //the terms of this License in conveying all material for which you do
197     //not control copyright. Those thus making or running the covered works
198     //for you must do so exclusively on your behalf, under your direction
199     //and control, on terms that prohibit them from making any copies of
200     //your copyrighted material outside their relationship with you.
201     //
202     // Conveying under any other circumstances is permitted solely under
203     //the conditions stated below. Sublicensing is not allowed; section 10
204     //makes it unnecessary.
205     //
206     // 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
207     //
208     // No covered work shall be deemed part of an effective technological
209     //measure under any applicable law fulfilling obligations under article
210     //11 of the WIPO copyright treaty adopted on 20 December 1996, or
211     //similar laws prohibiting or restricting circumvention of such
212     //measures.
213     //
214     // When you convey a covered work, you waive any legal power to forbid
215     //circumvention of technological measures to the extent such circumvention
216     //is effected by exercising rights under this License with respect to
217     //the covered work, and you disclaim any intention to limit operation or
218     //modification of the work as a means of enforcing, against the work's
219     //users, your or third parties' legal rights to forbid circumvention of
220     //technological measures.
221     //
222     // 4. Conveying Verbatim Copies.
223     //
224     // You may convey verbatim copies of the Program's source code as you
225     //receive it, in any medium, provided that you conspicuously and
226     //appropriately publish on each copy an appropriate copyright notice;
227     //keep intact all notices stating that this License and any
228     //non-permissive terms added in accord with section 7 apply to the code;
229     //keep intact all notices of the absence of any warranty; and give all
230     //recipients a copy of this License along with the Program.
231     //
232     // You may charge any price or no price for each copy that you convey,
233     //and you may offer support or warranty protection for a fee.
234     //
235     // 5. Conveying Modified Source Versions.
236     //
237     // You may convey a work based on the Program, or the modifications to
238     //produce it from the Program, in the form of source code under the
239     //terms of section 4, provided that you also meet all of these conditions:
240     //
241     // a) The work must carry prominent notices stating that you modified
242     // it, and giving a relevant date.
243     //
244     // b) The work must carry prominent notices stating that it is
245     // released under this License and any conditions added under section
246     // 7. This requirement modifies the requirement in section 4 to
247     // "keep intact all notices".
248     //
249     // c) You must license the entire work, as a whole, under this
250     // License to anyone who comes into possession of a copy. This
251     // License will therefore apply, along with any applicable section 7
252     // additional terms, to the whole of the work, and all its parts,
253     // regardless of how they are packaged. This License gives no
254     // permission to license the work in any other way, but it does not
255     // invalidate such permission if you have separately received it.
256     //
257     // d) If the work has interactive user interfaces, each must display
258     // Appropriate Legal Notices; however, if the Program has interactive
259     // interfaces that do not display Appropriate Legal Notices, your
260     // work need not make them do so.
261     //
262     // A compilation of a covered work with other separate and independent
263     //works, which are not by their nature extensions of the covered work,
264     //and which are not combined with it such as to form a larger program,
265     //in or on a volume of a storage or distribution medium, is called an
266     //"aggregate" if the compilation and its resulting copyright are not
267     //used to limit the access or legal rights of the compilation's users
268     //beyond what the individual works permit. Inclusion of a covered work
269     //in an aggregate does not cause this License to apply to the other
270     //parts of the aggregate.
271     //
272     // 6. Conveying Non-Source Forms.
273     //
274     // You may convey a covered work in object code form under the terms
275     //of sections 4 and 5, provided that you also convey the
276     //machine-readable Corresponding Source under the terms of this License,
277     //in one of these ways:
278     //
279     // a) Convey the object code in, or embodied in, a physical product
280     // (including a physical distribution medium), accompanied by the
281     // Corresponding Source fixed on a durable physical medium
282     // customarily used for software interchange.
283     //
284     // b) Convey the object code in, or embodied in, a physical product
285     // (including a physical distribution medium), accompanied by a
286     // written offer, valid for at least three years and valid for as
287     // long as you offer spare parts or customer support for that product
288     // model, to give anyone who possesses the object code either (1) a
289     // copy of the Corresponding Source for all the software in the
290     // product that is covered by this License, on a durable physical
291     // medium customarily used for software interchange, for a price no
292     // more than your reasonable cost of physically performing this
293     // conveying of source, or (2) access to copy the
294     // Corresponding Source from a network server at no charge.
295     //
296     // c) Convey individual copies of the object code with a copy of the
297     // written offer to provide the Corresponding Source. This
298     // alternative is allowed only occasionally and noncommercially, and
299     // only if you received the object code with such an offer, in accord
300     // with subsection 6b.
301     //
302     // d) Convey the object code by offering access from a designated
303     // place (gratis or for a charge), and offer equivalent access to the
304     // Corresponding Source in the same way through the same place at no
305     // further charge. You need not require recipients to copy the
306     // Corresponding Source along with the object code. If the place to
307     // copy the object code is a network server, the Corresponding Source
308     // may be on a different server (operated by you or a third party)
309     // that supports equivalent copying facilities, provided you maintain
310     // clear directions next to the object code saying where to find the
311     // Corresponding Source. Regardless of what server hosts the
312     // Corresponding Source, you remain obligated to ensure that it is
313     // available for as long as needed to satisfy these requirements.
314     //
315     // e) Convey the object code using peer-to-peer transmission, provided
316     // you inform other peers where the object code and Corresponding
317     // Source of the work are being offered to the general public at no
318     // charge under subsection 6d.
319     //
320     // A separable portion of the object code, whose source code is excluded
321     //from the Corresponding Source as a System Library, need not be
322     //included in conveying the object code work.
323     //
324     // A "User Product" is either (1) a "consumer product", which means any
325     //tangible personal property which is normally used for personal, family,
326     //or household purposes, or (2) anything designed or sold for incorporation
327     //into a dwelling. In determining whether a product is a consumer product,
328     //doubtful cases shall be resolved in favor of coverage. For a particular
329     //product received by a particular user, "normally used" refers to a
330     //typical or common use of that class of product, regardless of the status
331     //of the particular user or of the way in which the particular user
332     //actually uses, or expects or is expected to use, the product. A product
333     //is a consumer product regardless of whether the product has substantial
334     //commercial, industrial or non-consumer uses, unless such uses represent
335     //the only significant mode of use of the product.
336     //
337     // "Installation Information" for a User Product means any methods,
338     //procedures, authorization keys, or other information required to install
339     //and execute modified versions of a covered work in that User Product from
340     //a modified version of its Corresponding Source. The information must
341     //suffice to ensure that the continued functioning of the modified object
342     //code is in no case prevented or interfered with solely because
343     //modification has been made.
344     //
345     // If you convey an object code work under this section in, or with, or
346     //specifically for use in, a User Product, and the conveying occurs as
347     //part of a transaction in which the right of possession and use of the
348     //User Product is transferred to the recipient in perpetuity or for a
349     //fixed term (regardless of how the transaction is characterized), the
350     //Corresponding Source conveyed under this section must be accompanied
351     //by the Installation Information. But this requirement does not apply
352     //if neither you nor any third party retains the ability to install
353     //modified object code on the User Product (for example, the work has
354     //been installed in ROM).
355     //
356     // The requirement to provide Installation Information does not include a
357     //requirement to continue to provide support service, warranty, or updates
358     //for a work that has been modified or installed by the recipient, or for
359     //the User Product in which it has been modified or installed. Access to a
360     //network may be denied when the modification itself materially and
361     //adversely affects the operation of the network or violates the rules and
362     //protocols for communication across the network.
363     //
364     // Corresponding Source conveyed, and Installation Information provided,
365     //in accord with this section must be in a format that is publicly
366     //documented (and with an implementation available to the public in
367     //source code form), and must require no special password or key for
368     //unpacking, reading or copying.
369     //
370     // 7. Additional Terms.
371     //
372     // "Additional permissions" are terms that supplement the terms of this
373     //License by making exceptions from one or more of its conditions.
374     //Additional permissions that are applicable to the entire Program shall
375     //be treated as though they were included in this License, to the extent
376     //that they are valid under applicable law. If additional permissions
377     //apply only to part of the Program, that part may be used separately
378     //under those permissions, but the entire Program remains governed by
379     //this License without regard to the additional permissions.
380     //
381     // When you convey a copy of a covered work, you may at your option
382     //remove any additional permissions from that copy, or from any part of
383     //it. (Additional permissions may be written to require their own
384     //removal in certain cases when you modify the work.) You may place
385     //additional permissions on material, added by you to a covered work,
386     //for which you have or can give appropriate copyright permission.
387     //
388     // Notwithstanding any other provision of this License, for material you
389     //add to a covered work, you may (if authorized by the copyright holders of
390     //that material) supplement the terms of this License with terms:
391     //
392     // a) Disclaiming warranty or limiting liability differently from the
393     // terms of sections 15 and 16 of this License; or
394     //
395     // b) Requiring preservation of specified reasonable legal notices or
396     // author attributions in that material or in the Appropriate Legal
397     // Notices displayed by works containing it; or
398     //
399     // c) Prohibiting misrepresentation of the origin of that material, or
400     // requiring that modified versions of such material be marked in
401     // reasonable ways as different from the original version; or
402     //
403     // d) Limiting the use for publicity purposes of names of licensors or
404     // authors of the material; or
405     //
406     // e) Declining to grant rights under trademark law for use of some
407     // trade names, trademarks, or service marks; or
408     //
409     // f) Requiring indemnification of licensors and authors of that
410     // material by anyone who conveys the material (or modified versions of
411     // it) with contractual assumptions of liability to the recipient, for
412     // any liability that these contractual assumptions directly impose on
413     // those licensors and authors.
414     //
415     // All other non-permissive additional terms are considered "further
416     //restrictions" within the meaning of section 10. If the Program as you
417     //received it, or any part of it, contains a notice stating that it is
418     //governed by this License along with a term that is a further
419     //restriction, you may remove that term. If a license document contains
420     //a further restriction but permits relicensing or conveying under this
421     //License, you may add to a covered work material governed by the terms
422     //of that license document, provided that the further restriction does
423     //not survive such relicensing or conveying.
424     //
425     // If you add terms to a covered work in accord with this section, you
426     //must place, in the relevant source files, a statement of the
427     //additional terms that apply to those files, or a notice indicating
428     //where to find the applicable terms.
429     //
430     // Additional terms, permissive or non-permissive, may be stated in the
431     //form of a separately written license, or stated as exceptions;
432     //the above requirements apply either way.
433     //
434     // 8. Termination.
435     //
436     // You may not propagate or modify a covered work except as expressly
437     //provided under this License. Any attempt otherwise to propagate or
438     //modify it is void, and will automatically terminate your rights under
439     //this License (including any patent licenses granted under the third
440     //paragraph of section 11).
441     //
442     // However, if you cease all violation of this License, then your
443     //license from a particular copyright holder is reinstated (a)
444     //provisionally, unless and until the copyright holder explicitly and
445     //finally terminates your license, and (b) permanently, if the copyright
446     //holder fails to notify you of the violation by some reasonable means
447     //prior to 60 days after the cessation.
448     //
449     // Moreover, your license from a particular copyright holder is
450     //reinstated permanently if the copyright holder notifies you of the
451     //violation by some reasonable means, this is the first time you have
452     //received notice of violation of this License (for any work) from that
453     //copyright holder, and you cure the violation prior to 30 days after
454     //your receipt of the notice.
455     //
456     // Termination of your rights under this section does not terminate the
457     //licenses of parties who have received copies or rights from you under
458     //this License. If your rights have been terminated and not permanently
459     //reinstated, you do not qualify to receive new licenses for the same
460     //material under section 10.
461     //
462     // 9. Acceptance Not Required for Having Copies.
463     //
464     // You are not required to accept this License in order to receive or
465     //run a copy of the Program. Ancillary propagation of a covered work
466     //occurring solely as a consequence of using peer-to-peer transmission
467     //to receive a copy likewise does not require acceptance. However,
468     //nothing other than this License grants you permission to propagate or
469     //modify any covered work. These actions infringe copyright if you do
470     //not accept this License. Therefore, by modifying or propagating a
471     //covered work, you indicate your acceptance of this License to do so.
472     //
473     // 10. Automatic Licensing of Downstream Recipients.
474     //
475     // Each time you convey a covered work, the recipient automatically
476     //receives a license from the original licensors, to run, modify and
477     //propagate that work, subject to this License. You are not responsible
478     //for enforcing compliance by third parties with this License.
479     //
480     // An "entity transaction" is a transaction transferring control of an
481     //organization, or substantially all assets of one, or subdividing an
482     //organization, or merging organizations. If propagation of a covered
483     //work results from an entity transaction, each party to that
484     //transaction who receives a copy of the work also receives whatever
485     //licenses to the work the party's predecessor in interest had or could
486     //give under the previous paragraph, plus a right to possession of the
487     //Corresponding Source of the work from the predecessor in interest, if
488     //the predecessor has it or can get it with reasonable efforts.
489     //
490     // You may not impose any further restrictions on the exercise of the
491     //rights granted or affirmed under this License. For example, you may
492     //not impose a license fee, royalty, or other charge for exercise of
493     //rights granted under this License, and you may not initiate litigation
494     //(including a cross-claim or counterclaim in a lawsuit) alleging that
495     //any patent claim is infringed by making, using, selling, offering for
496     //sale, or importing the Program or any portion of it.
497     //
498     // 11. Patents.
499     //
500     // A "contributor" is a copyright holder who authorizes use under this
501     //License of the Program or a work on which the Program is based. The
502     //work thus licensed is called the contributor's "contributor version".
503     //
504     // A contributor's "essential patent claims" are all patent claims
505     //owned or controlled by the contributor, whether already acquired or
506     //hereafter acquired, that would be infringed by some manner, permitted
507     //by this License, of making, using, or selling its contributor version,
508     //but do not include claims that would be infringed only as a
509     //consequence of further modification of the contributor version. For
510     //purposes of this definition, "control" includes the right to grant
511     //patent sublicenses in a manner consistent with the requirements of
512     //this License.
513     //
514     // Each contributor grants you a non-exclusive, worldwide, royalty-free
515     //patent license under the contributor's essential patent claims, to
516     //make, use, sell, offer for sale, import and otherwise run, modify and
517     //propagate the contents of its contributor version.
518     //
519     // In the following three paragraphs, a "patent license" is any express
520     //agreement or commitment, however denominated, not to enforce a patent
521     //(such as an express permission to practice a patent or covenant not to
522     //sue for patent infringement). To "grant" such a patent license to a
523     //party means to make such an agreement or commitment not to enforce a
524     //patent against the party.
525     //
526     // If you convey a covered work, knowingly relying on a patent license,
527     //and the Corresponding Source of the work is not available for anyone
528     //to copy, free of charge and under the terms of this License, through a
529     //publicly available network server or other readily accessible means,
530     //then you must either (1) cause the Corresponding Source to be so
531     //available, or (2) arrange to deprive yourself of the benefit of the
532     //patent license for this particular work, or (3) arrange, in a manner
533     //consistent with the requirements of this License, to extend the patent
534     //license to downstream recipients. "Knowingly relying" means you have
535     //actual knowledge that, but for the patent license, your conveying the
536     //covered work in a country, or your recipient's use of the covered work
537     //in a country, would infringe one or more identifiable patents in that
538     //country that you have reason to believe are valid.
539     //
540     // If, pursuant to or in connection with a single transaction or
541     //arrangement, you convey, or propagate by procuring conveyance of, a
542     //covered work, and grant a patent license to some of the parties
543     //receiving the covered work authorizing them to use, propagate, modify
544     //or convey a specific copy of the covered work, then the patent license
545     //you grant is automatically extended to all recipients of the covered
546     //work and works based on it.
547     //
548     // A patent license is "discriminatory" if it does not include within
549     //the scope of its coverage, prohibits the exercise of, or is
550     //conditioned on the non-exercise of one or more of the rights that are
551     //specifically granted under this License. You may not convey a covered
552     //work if you are a party to an arrangement with a third party that is
553     //in the business of distributing software, under which you make payment
554     //to the third party based on the extent of your activity of conveying
555     //the work, and under which the third party grants, to any of the
556     //parties who would receive the covered work from you, a discriminatory
557     //patent license (a) in connection with copies of the covered work
558     //conveyed by you (or copies made from those copies), or (b) primarily
559     //for and in connection with specific products or compilations that
560     //contain the covered work, unless you entered into that arrangement,
561     //or that patent license was granted, prior to 28 March 2007.
562     //
563     // Nothing in this License shall be construed as excluding or limiting
564     //any implied license or other defenses to infringement that may
565     //otherwise be available to you under applicable patent law.
566     //
567     // 12. No Surrender of Others' Freedom.
568     //
569     // If conditions are imposed on you (whether by court order, agreement or
570     //otherwise) that contradict the conditions of this License, they do not
571     //excuse you from the conditions of this License. If you cannot convey a
572     //covered work so as to satisfy simultaneously your obligations under this
573     //License and any other pertinent obligations, then as a consequence you may
574     //not convey it at all. For example, if you agree to terms that obligate you
575     //to collect a royalty for further conveying from those to whom you convey
576     //the Program, the only way you could satisfy both those terms and this
577     //License would be to refrain entirely from conveying the Program.
578     //
579     // 13. Use with the GNU Affero General Public License.
580     //
581     // Notwithstanding any other provision of this License, you have
582     //permission to link or combine any covered work with a work licensed
583     //under version 3 of the GNU Affero General Public License into a single
584     //combined work, and to convey the resulting work. The terms of this
585     //License will continue to apply to the part which is the covered work,
586     //but the special requirements of the GNU Affero General Public License,
587     //section 13, concerning interaction through a network will apply to the
588     //combination as such.
589     //
590     // 14. Revised Versions of this License.
591     //
592     // The Free Software Foundation may publish revised and/or new versions of
593     //the GNU General Public License from time to time. Such new versions will
594     //be similar in spirit to the present version, but may differ in detail to
595     //address new problems or concerns.
596     //
597     // Each version is given a distinguishing version number. If the
598     //Program specifies that a certain numbered version of the GNU General
599     //Public License "or any later version" applies to it, you have the
600     //option of following the terms and conditions either of that numbered
601     //version or of any later version published by the Free Software
602     //Foundation. If the Program does not specify a version number of the
603     //GNU General Public License, you may choose any version ever published
604     //by the Free Software Foundation.
605     //
606     // If the Program specifies that a proxy can decide which future
607     //versions of the GNU General Public License can be used, that proxy's
608     //public statement of acceptance of a version permanently authorizes you
609     //to choose that version for the Program.
610     //
611     // Later license versions may give you additional or different
612     //permissions. However, no additional obligations are imposed on any
613     //author or copyright holder as a result of your choosing to follow a
614     //later version.
615     //
616     // 15. Disclaimer of Warranty.
617     //
618     // THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
619     //APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
620     //HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
621     //OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
622     //THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
623     //PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
624     //IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
625     //ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
626     //
627     // 16. Limitation of Liability.
628     //
629     // IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
630     //WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
631     //THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
632     //GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
633     //USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
634     //DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
635     //PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
636     //EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
637     //SUCH DAMAGES.
638     //
639     // 17. Interpretation of Sections 15 and 16.
640     //
641     // If the disclaimer of warranty and limitation of liability provided
642     //above cannot be given local legal effect according to their terms,
643     //reviewing courts shall apply local law that most closely approximates
644     //an absolute waiver of all civil liability in connection with the
645     //Program, unless a warranty or assumption of liability accompanies a
646     //copy of the Program in return for a fee.
647     //
648     // END OF TERMS AND CONDITIONS
649     //
650     // How to Apply These Terms to Your New Programs
651     //
652     // If you develop a new program, and you want it to be of the greatest
653     //possible use to the public, the best way to achieve this is to make it
654     //free software which everyone can redistribute and change under these terms.
655     //
656     // To do so, attach the following notices to the program. It is safest
657     //to attach them to the start of each source file to most effectively
658     //state the exclusion of warranty; and each file should have at least
659     //the "copyright" line and a pointer to where the full notice is found.
660     //
661     // <one line to give the program's name and a brief idea of what it does.>
662     // Copyright (C) <year> <name of author>
663     //
664     // This program is free software: you can redistribute it and/or modify
665     // it under the terms of the GNU General Public License as published by
666     // the Free Software Foundation, either version 3 of the License, or
667     // (at your option) any later version.
668     //
669     // This program is distributed in the hope that it will be useful,
670     // but WITHOUT ANY WARRANTY; without even the implied warranty of
671     // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
672     // GNU General Public License for more details.
673     //
674     // You should have received a copy of the GNU General Public License
675     // along with this program. If not, see <http://www.gnu.org/licenses/>.
676     //
677     //Also add information on how to contact you by electronic and paper mail.
678     //
679     // If the program does terminal interaction, make it output a short
680     //notice like this when it starts in an interactive mode:
681     //
682     // <program> Copyright (C) <year> <name of author>
683     // This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
684     // This is free software, and you are welcome to redistribute it
685     // under certain conditions; type `show c' for details.
686     //
687     //The hypothetical commands `show w' and `show c' should show the appropriate
688     //parts of the General Public License. Of course, your program's commands
689     //might be different; for a GUI interface, you would use an "about box".
690     //
691     // You should also get your employer (if you work as a programmer) or school,
692     //if any, to sign a "copyright disclaimer" for the program, if necessary.
693     //For more information on this, and how to apply and follow the GNU GPL, see
694     //<http://www.gnu.org/licenses/>.
695     //
696     // The GNU General Public License does not permit incorporating your program
697     //into proprietary programs. If your program is a subroutine library, you
698     //may consider it more useful to permit linking proprietary applications with
699     //the library. If this is what you want to do, use the GNU Lesser General
700     //Public License instead of this License. But first, please read
701     //<http://www.gnu.org/philosophy/why-not-lgpl.html>.
702     //-------------------------------------------------------------------------------------------------
703     //--------------------------------------------------------------------------------------------------------------
704     require_once("global.inc");
705     require_once("log.inc");
706     require_once("passwd.inc");
707     require_once("perm.inc");
708     require_once("sguid.inc");
709     require_once("sid.inc");
710     require_once("strfunc.inc");
711     require_once("usrs.inc");
712     require_once("utime.inc");
713     //
714     //--------------------------------------------------------------------------------------------------------------
715     //Constants for database storage, software internals, function parameters, and function return values of
716     //this module.
717     //
718     //Session reap time, in seconds. This is how old an inactive session must be in order to reap it by
719     //nightly cron job.
720     //
721     define("SESS_REAP_INACTIVE_TIME", 172800 ); //48 hours, in seconds.
722     //
723     //
724     //Function return values.
725     define("SESS_RCODE_SUCCESS", 0 ); //Successful action.
726     define("SESS_RCODE_SUCCESS_TEMP_PASSWORD", 1 ); //Authentication action was successful, but
727     //authentication was performed based on the
728     //temporary password. The user should be
729     //prompted to change their password as soon as
730     //possible.
731     define("SESS_RCODE_FAIL_USERID_EXPIRED_INACTIVE", 2 ); //Intended action failed because the userid
732     //and password specified authenticated
733     //properly, but the underlying userid is either
734     //expired or inactive. The user should be
735     //granted no privileges and instructed to contact
736     //the FBO.
737     define("SESS_RCODE_FAIL_USERID_NOEXIST", 3 ); //Intended action failed because specified
738     //userid does not exist.
739     define("SESS_RCODE_FAIL_PASSWD", 4 ); //Intended action failed because the password
740     //supplied was incorrect.
741     //
742     //Session constants for the logical page currently being visited.
743     //
744     define("SESS_LPAGE_UNDEFINED", 0); //Not yet defined or invalid SQL query
745     //result.
746     define("SESS_LPAGE_SCHEDDAYVIEW", 1); //Day view scheduler.
747     define("SESS_LPAGE_SCHEDWEEKVIEW", 2); //Week view scheduler.
748     define("SESS_LPAGE_SCHEDMONTHVIEW", 3); //Month view scheduler.
749     define("SESS_LPAGE_LOGRESOURCESCHEDULER", 4); //Log file viewing.
750     define("SESS_LPAGE_DBSTATS", 5); //Database statistics.
751     define("SESS_LPAGE_RESOURCELIST", 6); //Resource list (or all resources).
752     define("SESS_LPAGE_RESOURCERENUMBER", 7); //Resource list.
753     define("SESS_LPAGE_RESOURCEVIEW", 8); //Resource view (of individual resource).
754     define("SESS_LPAGE_RESOURCEEDIT", 9); //Resource edit (of individual resource).
755     define("SESS_LPAGE_RESOURCEADD", 10); //Resource edit (of individual resource).
756     define("SESS_LPAGE_USERSACTIVELIST", 11); //Users list (active).
757     define("SESS_LPAGE_USERSINACTIVELIST", 12); //Users list (active).
758     define("SESS_LPAGE_USERSVIEW", 13); //User view.
759     define("SESS_LPAGE_USERSEDIT", 14); //User edit.
760     define("SESS_LPAGE_USERSADD", 15); //User add.
761     define("SESS_LPAGE_MYRESERVATIONSLIST", 16); //Self-reservations list.
762     //
763     //
764     //--------------------------------------------------------------------------------------------------------------
765     //Eats the session identifier cookie, if any exists on the browser side.
766     //
767     function SESS_eat_fbopsid_cookie()
768     {
769     setcookie("fbopsid", //Cookie name.
770     FALSE, //Value. FALSE means eat the cookie.
771     0, //Expire when browser closes. The PHP documentation
772     //suggests to set this to a time well before the current
773     //time, but I don't believe this is necessary to eat a cookie.
774     CONFIG_URL_FSPATH . "/", //Path within the domain.
775     CONFIG_URL_DOMAIN, //Domain.
776     0); //Don't require secure connection.
777     }
778     //
779     //--------------------------------------------------------------------------------------------------------------
780     //Issues the SID to the browser.
781     //
782     function SESS_issue_fbopsid_cookie($sid)
783     {
784     setcookie("fbopsid", //Cookie name.
785     $sid, //Value. FALSE means eat the cookie.
786     0, //Value. 0 (according to the manual) means to keep cookie
787     //until browser closed.
788     CONFIG_URL_FSPATH . "/", //Path within the domain.
789     CONFIG_URL_DOMAIN, //Domain.
790     0); //Don't require secure connection.
791     }
792     //
793     //--------------------------------------------------------------------------------------------------------------
794     //Inserts a new record into the SESS database, using the passed associative array to assign the fields.
795     //Each element of the associative array is indexed by a field name.
796     //
797     //The function returns the integer index of the record added.
798     //
799     //This operation cannot fail. The autoincrement index is the primary key, so no duplicates or other
800     //error conditions are meaningful.
801     //
802     function SESS_insert($arg)
803     {
804     global $GLOBAL_dbhandle;
805     global $GLOBAL_dblocked;
806    
807     //Build the query string with each successive parameter.
808     //
809     //sguid
810     //-----
811     if (! isset($arg["sguid"]))
812     $pushval = "";
813     else
814     $pushval = $arg["sguid"];
815     $query_string = "INSERT INTO sess SET sguid=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"";
816     //
817     //ip
818     //------
819     if (! isset($arg["ip"]))
820     $pushval = "";
821     else
822     $pushval = $arg["ip"];
823     $query_string .= (", ip=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
824     //
825     //sid
826     //---
827     if (! isset($arg["sid"]))
828     $pushval = "";
829     else
830     $pushval = $arg["sid"];
831     $query_string .= (", sid=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
832     //
833     //revaltime
834     //---------
835     if (! isset($arg["revaltime"]))
836     $pushval = "";
837     else
838     $pushval = $arg["revaltime"];
839     $query_string .= (", revaltime=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
840     //
841     //lifetime
842     //--------
843     if (! isset($arg["lifetime"]))
844     $pushval = 0;
845     else
846     $pushval = $arg["lifetime"];
847     $query_string .= (", lifetime=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
848     //
849     //usrsidx
850     //-------
851     if (! isset($arg["usrsidx"]))
852     $pushval = 0;
853     else
854     $pushval = $arg["usrsidx"];
855     $query_string .= (", usrsidx=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
856     //
857     //menulvl
858     //-------
859     if (! isset($arg["menulvl"]))
860     $pushval = 0;
861     else
862     $pushval = $arg["menulvl"];
863     $query_string .= (", menulvl=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
864     //
865     //pagereloadtime
866     //--------------
867     if (! isset($arg["pagereloadtime"]))
868     $pushval = 0;
869     else
870     $pushval = $arg["pagereloadtime"];
871     $query_string .= (", pagereloadtime=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
872     //
873     //sddt
874     //----
875     if (! isset($arg["sddt"]))
876     $pushval = "";
877     else
878     $pushval = $arg["sddt"];
879     $query_string .= (", sddt=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
880     //
881     //sdtim
882     //-----
883     if (! isset($arg["sdtim"]))
884     $pushval = "";
885     else
886     $pushval = $arg["sdtim"];
887     $query_string .= (", sdtim=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
888     //
889     //logicalpage
890     //-----------
891     if (! isset($arg["logicalpage"]))
892     $pushval = 0;
893     else
894     $pushval = $arg["logicalpage"];
895     $query_string .= (", logicalpage=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
896     //
897     //curuser
898     //-------
899     if (! isset($arg["curuser"]))
900     $pushval = 0;
901     else
902     $pushval = $arg["curuser"];
903     $query_string .= (", curuser=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
904     //
905     //curresource
906     //-----------
907     if (! isset($arg["curresource"]))
908     $pushval = 0;
909     else
910     $pushval = $arg["curresource"];
911     $query_string .= (", curresource=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
912     //
913     //curreservation
914     //--------------
915     if (! isset($arg["curreservation"]))
916     $pushval = 0;
917     else
918     $pushval = $arg["curreservation"];
919     $query_string .= (", curreservation=\"" . mysql_real_escape_string ($pushval, $GLOBAL_dbhandle) . "\"");
920     //
921     //Execute the query to insert the record.
922     $result = mysql_query($query_string, $GLOBAL_dbhandle);
923     //
924     //If the insert failed, our caller gets FALSE.
925     if ($result == FALSE)
926     {
927     $rv = FALSE;
928     }
929     else
930     {
931     //The insert was successful. Figure out the index that was assigned.
932     $result = mysql_query("SELECT LAST_INSERT_ID()");
933    
934     //If we have a failure, the caller gets FALSE, otherwise the caller gets the
935     //index.
936     if ($result === FALSE)
937     {
938     $rv = FALSE;
939     }
940     else
941     {
942     //Pick apart the result.
943     $row = mysql_fetch_array($result, MYSQL_NUM);
944    
945     //Extract the integer.
946     $rv = $row[0];
947    
948     //Free the result memory.
949     mysql_free_result($result);
950     }
951     }
952    
953     //Return the result.
954     return($rv);
955     }
956     //
957     //--------------------------------------------------------------------------------------------------------------
958     //Retrieves a two dimensional associative array corresponding to the SESS record with
959     //the passed SID, or FALSE if the record does not exist.
960     //
961     function SESS_retrieve_by_sid($sid)
962     {
963     global $GLOBAL_dbhandle;
964    
965     //Form the query string.
966     $query_string = "SELECT * FROM sess WHERE sid=\""
967     .
968     mysql_real_escape_string($sid, $GLOBAL_dbhandle)
969     .
970     "\"";
971    
972     //Execute the query.
973     $result = mysql_query($query_string, $GLOBAL_dbhandle);
974    
975     if ($result === FALSE)
976     {
977     //Unknown query failure. Return FALSE to the caller. No need to free,
978     //as this is not a result.
979     $rv = FALSE;
980     }
981     else
982     {
983     //Figure out how many rows in the result.
984     $nrows = mysql_num_rows($result);
985    
986     if ($nrows == 0)
987     {
988     //No rows in the result. The query failed to give us a record, but still
989     //we need to free the result set.
990    
991     //Free the result.
992     mysql_free_result($result);
993    
994     //The caller gets FALSE. No record with that SID.
995     $rv = FALSE;
996     }
997     else
998     {
999     //We have at least one record. Assume just one, because the SID is supposed
1000     //to be unique.
1001     $rv = mysql_fetch_assoc($result); //Get the associative record.
1002    
1003     //Free the result.
1004     mysql_free_result($result);
1005     }
1006    
1007     //Return the value to the caller.
1008     return($rv);
1009     }
1010     }
1011     //
1012     //--------------------------------------------------------------------------------------------------------------
1013     //Deletes the server-side session information corresponding to the passed SID, if it exists in the
1014     //SESS table. Returns TRUE if at least one record is deleted, or FALSE otherwise.
1015     //
1016     function SESS_delete_by_sid($sid)
1017     {
1018     global $GLOBAL_dbhandle;
1019    
1020     //Form the query string.
1021     $query_string = "DELETE FROM sess WHERE sid=\""
1022     .
1023     mysql_real_escape_string($sid, $GLOBAL_dbhandle)
1024     .
1025     "\"";
1026    
1027     //Execute the query.
1028     mysql_query($query_string, $GLOBAL_dbhandle);
1029    
1030     //Figure out how many rows were affected.
1031     $ar = mysql_affected_rows($GLOBAL_dbhandle);
1032    
1033     //Return the right value to the caller.
1034     if ($ar <= 0)
1035     return(FALSE);
1036     else
1037     return(TRUE);
1038     }
1039     //
1040     //--------------------------------------------------------------------------------------------------------------
1041     //Description:
1042     // Authenticates a supplied password against the non-temporary password hash stored with the supplied
1043     // database record from the user information. There is also a possibility that the non-temporary
1044     // hash field is the empty string, which means that no password will authenticate.
1045     //
1046     // Returns TRUE if the authentication was successful or FALSE otherwise.
1047     //
1048     function SESS_nontemppwauth($userinfo, $password)
1049     {
1050     if (PASSWD_pwd_hash_auth($userinfo["pwhash"], $password) == 1)
1051     return(TRUE);
1052     else
1053     return(FALSE);
1054     }
1055     //
1056     //--------------------------------------------------------------------------------------------------------------
1057     //Description:
1058     // Authenticates a supplied password against the temporary password hash stored with the supplied
1059     // database record from the user information. In order to authenticate, the the temporary
1060     // password also must not be expired.
1061     //
1062     // Returns TRUE if the authentication was successful or FALSE otherwise.
1063     //
1064     function SESS_temppwauth($userinfo, $password)
1065     {
1066     global $GLOBAL_utime_ut;
1067    
1068     if (!strlen($userinfo["lostpwgentime"]) || !strlen($userinfo["lostpwhash"]))
1069     {
1070     return(FALSE);
1071     }
1072     else
1073     {
1074     if (
1075     UTIME_time_diff_coarse_28($GLOBAL_utime_ut, $userinfo["lostpwgentime"])
1076     > //Waiting time elapsed.
1077     (CONFIG_LOGIN_REC_TEMP_PW_LIFETIME * 60) //*60 because constant in minutes.
1078     )
1079     {
1080     return(FALSE); //Temporary password has expired, so can't authenticate.
1081     }
1082     else
1083     {
1084     if (PASSWD_pwd_hash_auth($userinfo["lostpwhash"], $password) == 1)
1085     return(TRUE);
1086     }
1087     }
1088    
1089     //If we're lost and get here, authentication failed.
1090     return(FALSE);
1091     }
1092     //
1093     //--------------------------------------------------------------------------------------------------------------
1094     //Description:
1095     // Opens a new session on the server based on the passed user information and returns the
1096     // SID.
1097     //
1098     function SESS_open_new_uinfo($userinfo)
1099     {
1100     global $GLOBAL_client_ip;
1101     global $GLOBAL_utime_ut;
1102    
1103     //Populate the SGUID.
1104     $sess["sguid"] = SGUID_sguid();
1105    
1106     //Populate the IP address.
1107     $sess["ip"] = $GLOBAL_client_ip;
1108    
1109     //Populate the session identifier.
1110     $sid = SID_sid();
1111     $sess["sid"] = $sid;
1112    
1113     //Populate the revalidation time.
1114     $sess["revaltime"] = $GLOBAL_utime_ut;
1115    
1116     //Populate the lifetime. The lifetime is either the value stored in the permission string (if it
1117     //exists there), or else the default value.
1118     $sess["lifetime"] = PERM_get_val_from_string($userinfo["perm"], "sesslifetimedefault");
1119     if ($sess["lifetime"] === FALSE) //If that permission/attribute does not exist.
1120     $sess["lifetime"] = CONFIG_SESS_LIFETIME_DEFAULT;
1121    
1122     //Populate the index of the relevant user.
1123     $sess["usrsidx"] = $userinfo["idx"];
1124    
1125     //Insert the record into the database.
1126     SESS_insert($sess);
1127    
1128     //Return the session ID to the caller.
1129     return($sid);
1130     }
1131     //
1132     //--------------------------------------------------------------------------------------------------------------
1133     //Description:
1134     // Authenticates a supplied userid and password, and returns result information to the caller.
1135     // If the userid/password authenticate, retract the old cookie, open a new session on the server side,
1136     // and issue a new cookie.
1137     //
1138     // This function is called from the main scheduling page when a userid/password is entered.
1139     //
1140     // If the userid supplied corresponds to a non-existent account:
1141     //
1142     // a)Destroy any existing server-side session information based on the current SID cookie.
1143     // b)Eat the current SID cookie, if any, on the client side.
1144     // c)Set the $curuserinfo to FALSE.
1145     // d)Set the $cursessioninfo to FALSE.
1146     // e)Set the $rcode to SESS_RCODE_FAIL_USERID_NOEXIST.
1147     //
1148     // Else if the userid exists and the password authenticates:
1149     //
1150     // If the account is inactive or expired:
1151     //
1152     // a)Destroy any existing server-side session information based on the current SID
1153     // cookie.
1154     // b)Eat the current SID cookie, if any, on the client side.
1155     // c)Set the $curuserinfo to FALSE.
1156     // d)Set the $cursessioninfo to FALSE.
1157     // e)Set the $rcode to SESS_RCODE_FAIL_USERID_EXPIRED_INACTIVE.
1158     //
1159     // Else if authentication was successful based on a temporary password:
1160     //
1161     // a)Destroy any existing server-side session information based on the current SID
1162     // cookie.
1163     // b)Open a new session on the server side.
1164     // c)Issue a new SID cookie to the client.
1165     // d)Set the $curuserinfo to the user specified.
1166     // e)Set the $cursessioninfo to the newly-created session.
1167     // f)Set the $rcode to SESS_RCODE_SUCCESS_TEMP_PASSWORD.
1168     //
1169     // Else if authentication was successful:
1170     //
1171     // a)Destroy any existing server-side session information based on the current SID
1172     // cookie.
1173     // b)Open a new session on the server side.
1174     // c)Issue a new SID cookie to the client.
1175     // d)Set the $curuserinfo to the user specified.
1176     // e)Set the $cursessioninfo to the newly-created session.
1177     // f)Set the $rcode to SESS_RCODE_SUCCESS.
1178     //
1179     // Else if the userid exists but the password does not authenticate:
1180     //
1181     // a)Destroy any existing server-side session information based on the current SID
1182     // cookie.
1183     // b)Eat the current SID cookie, if any, on the client side.
1184     // c)Set the $curuserinfo to FALSE.
1185     // d)Set the $cursessioninfo to FALSE.
1186     // e)Set the $rcode to SESS_RCODE_FAIL_PASSWD.
1187     //
1188     //Return Value:
1189     // $rcode : Set to a constant defined at the start of this file to indicate
1190     // what occurred.
1191     // $curuserinfo : Set to an associative array containing full user information
1192     // about a user who logs in, or FALSE if no user has successfully
1193     // authenticated.
1194     // $cursessioninfo : An associative array containing the complete record for the now
1195     // active session, or FALSE if no session is active.
1196     //
1197     function SESS_userid_pwd_authenticate_open_session($userid, $password, &$rcode, &$curuserinfo, &$cursessioninfo)
1198     {
1199     global $PAR_fbopsid;
1200     global $GLOBAL_stime_string;
1201     global $GLOBAL_client_ip;
1202    
1203     //Condition the userid to exclude forbidden characters.
1204     $userid = STRFUNC_force_into_subset($userid, "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
1205    
1206     //Convert the userid to all lower-case. This is the canonical form for userids.
1207     $userid = StrToLower($userid);
1208    
1209     //Remove all invalid characters from the password. However, don't convert it to lower-case. Passwords are
1210     //case-sensitive.
1211     $password = STRFUNC_force_into_subset($password, "-0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
1212    
1213     //Try to obtain the user information from the database corresponding to the userid.
1214     $curuserinfo = USRS_retrieve_by_userid($userid);
1215    
1216     //print_r($curuserinfo);
1217     //return;
1218    
1219     //If the userid does not exist, return the correct error code.
1220     if ($curuserinfo === FALSE)
1221     {
1222     //Log the authentication failure.
1223     LOG_log(LOG_ET_LOGIN_FAIL,
1224     $GLOBAL_stime_string,
1225     $GLOBAL_client_ip,
1226     "",
1227     ($PAR_fbopsid === FALSE) ? ("") : ($PAR_fbopsid),
1228     $_SERVER["PHP_SELF"],
1229     "",
1230     __FILE__,
1231     __LINE__,
1232     "Password authentication failure, non-existent userid=\"" . $userid . "\".");
1233    
1234     //Destroy any existing server-side session information based on the current SID cookie.
1235     if ($PAR_fbopsid !== FALSE)
1236     SESS_delete_by_sid($PAR_fbopsid);
1237    
1238     //Eat the client-side cookie.
1239     SESS_eat_fbopsid_cookie();
1240    
1241     //Set the $curuserinfo to FALSE.
1242     $curuserinfo = FALSE;
1243    
1244     //Set the $cursessioninfo to FALSE.
1245     $cursessioninfo = FALSE;
1246    
1247     //Set the $rcode to SESS_RCODE_FAIL_USERID_NOEXIST.
1248     $rcode = SESS_RCODE_FAIL_USERID_NOEXIST;
1249    
1250     return;
1251     }
1252    
1253     //If the userid exists but is not active, refuse the authentication.
1254     if ($curuserinfo["status"] != USRS_STATUS_ACTIVE)
1255     {
1256     //Log the authentication failure.
1257     LOG_log(LOG_ET_LOGIN_FAIL,
1258     $GLOBAL_stime_string,
1259     $GLOBAL_client_ip,
1260     "",
1261     ($PAR_fbopsid === FALSE) ? ("") : ($PAR_fbopsid),
1262     $_SERVER["PHP_SELF"],
1263     "",
1264     __FILE__,
1265     __LINE__,
1266     "Password authentication failure, expired or inactive userid=\"" . $userid . "\".");
1267    
1268     //Destroy any existing server-side session information based on the current SID cookie.
1269     if ($PAR_fbopsid !== FALSE)
1270     SESS_delete_by_sid($PAR_fbopsid);
1271    
1272     //Eat the client-side cookie.
1273     SESS_eat_fbopsid_cookie();
1274    
1275     //Set the $curuserinfo to FALSE.
1276     $curuserinfo = FALSE;
1277    
1278     //Set the $cursessioninfo to FALSE.
1279     $cursessioninfo = FALSE;
1280    
1281     //Set the $rcode to SESS_RCODE_FAIL_USERID_EXPIRED_INACTIVE.
1282     $rcode = SESS_RCODE_FAIL_USERID_EXPIRED_INACTIVE;
1283    
1284     return;
1285     }
1286    
1287     //The user exists and the user's status is active. Figure out if the password is consistent
1288     //with the stored non-temporary password.
1289     //
1290     if (SESS_nontemppwauth($curuserinfo, $password))
1291     {
1292     //The password supplied matches the non-temporary password hash in the database.
1293     //
1294     //Open a new session on the server side.
1295     $sid = SESS_open_new_uinfo($curuserinfo);
1296     //
1297     //Log the authentication success.
1298     LOG_log(LOG_ET_LOGIN_OK,
1299     $GLOBAL_stime_string,
1300     $GLOBAL_client_ip,
1301     $userid,
1302     $sid,
1303     $_SERVER["PHP_SELF"],
1304     "",
1305     __FILE__,
1306     __LINE__,
1307     "Password authentication.");
1308     //
1309     //Issue the new cookie to the browser. It isn't necessary to replace any existing old,
1310     //as this one will just replace it.
1311     SESS_issue_fbopsid_cookie($sid);
1312     //
1313     //The current user information has already been obtained. Pull the
1314     //session information.
1315     $cursessioninfo = SESS_retrieve_by_sid($sid);
1316     //
1317     //Set the return code.
1318     $rcode = SESS_RCODE_SUCCESS;
1319     //
1320     return;
1321     }
1322    
1323    
1324     //The user exists and the user's status is active. Figure out if the password is consistent
1325     //with the stored temporary password.
1326     //
1327     if (SESS_temppwauth($curuserinfo, $password))
1328     {
1329     //The password supplied matches the temporary password hash in the database.
1330     //
1331     //Open a new session on the server side.
1332     $sid = SESS_open_new_uinfo($curuserinfo);
1333     //
1334     //Log the authentication success.
1335     LOG_log(LOG_ET_LOGIN_OK,
1336     $GLOBAL_stime_string,
1337     $GLOBAL_client_ip,
1338     $userid,
1339     $sid,
1340     $_SERVER["PHP_SELF"],
1341     "",
1342     __FILE__,
1343     __LINE__,
1344     "Temporary password authentication.");
1345     //
1346     //Issue the new cookie to the browser. It isn't necessary to replace any existing old,
1347     //as this one will just replace it.
1348     SESS_issue_fbopsid_cookie($sid);
1349     //
1350     //The current user information has already been obtained. Pull the
1351     //session information.
1352     $cursessioninfo = SESS_retrieve_by_sid($sid);
1353     //
1354     //Set the return code.
1355     $rcode = SESS_RCODE_SUCCESS_TEMP_PASSWORD;
1356     //
1357     return;
1358     }
1359    
1360     //If we're here, the userid was OK, but the password was wrong.
1361     //Log the authentication failure.
1362     LOG_log(LOG_ET_LOGIN_FAIL,
1363     $GLOBAL_stime_string,
1364     $GLOBAL_client_ip,
1365     $userid,
1366     ($PAR_fbopsid === FALSE) ? ("") : ($PAR_fbopsid),
1367     $_SERVER["PHP_SELF"],
1368     "",
1369     __FILE__,
1370     __LINE__,
1371     "Password authentication failure, bad password.");
1372    
1373     //Destroy any existing server-side session information based on the current SID cookie.
1374     if ($PAR_fbopsid !== FALSE)
1375     SESS_delete_by_sid($PAR_fbopsid);
1376    
1377     //Eat the client-side cookie.
1378     SESS_eat_fbopsid_cookie();
1379    
1380     //Set the $curuserinfo to FALSE.
1381     $curuserinfo = FALSE;
1382    
1383     //Set the $cursessioninfo to FALSE.
1384     $cursessioninfo = FALSE;
1385    
1386     //Set the $rcode to indicate simple password failure.
1387     $rcode = SESS_RCODE_FAIL_PASSWD;
1388     }
1389     //
1390     //--------------------------------------------------------------------------------------------------------------
1391     //Logs out the user implied by the current SID cookie. The specific actions are:
1392     // a)Destroy any existing server-side session information.
1393     // b)Eat the client side SID cookie.
1394     //
1395     //Return Values:
1396     // $curuserinfo : By the definition of this what this function does, FALSE.
1397     // $cursessioninfo : By the definition of this what this function does, FALSE.
1398     //
1399     function SESS_logout(&$curuserinfo, &$cursessioninfo)
1400     {
1401     global $PAR_fbopsid;
1402     global $GLOBAL_stime_string;
1403     global $GLOBAL_client_ip;
1404    
1405     //Save the $sid cookie, so we can log it.
1406     $log_sid = $PAR_fbopsid;
1407    
1408     //Look up the session table entry.
1409     $cursessioninfo = SESS_retrieve_by_sid($log_sid);
1410    
1411     //Look up the user information based on the index stored with
1412     //the session.
1413     if ($cursessioninfo !== FALSE)
1414     {
1415     $curuserinfo = USRS_retrieve_by_idx($cursessioninfo["usrsidx"]);
1416     }
1417     else
1418     {
1419     $curuserinfo = FALSE;
1420     }
1421    
1422     //Swallow any session cookie.
1423     SESS_eat_fbopsid_cookie();
1424    
1425     //Destroy the server-side session state, if any.
1426     if ($PAR_fbopsid !== FALSE)
1427     SESS_delete_by_sid($PAR_fbopsid);
1428    
1429     //Log the voluntary logout.
1430     LOG_log(LOG_ET_LOGOUT_VOL,
1431     $GLOBAL_stime_string,
1432     $GLOBAL_client_ip,
1433     ($curuserinfo !== FALSE) ? ($curuserinfo["userid"]) : (""),
1434     ($log_sid === FALSE) ? ("") : ($log_sid),
1435     $_SERVER["PHP_SELF"],
1436     "",
1437     __FILE__,
1438     __LINE__,
1439     "Logout.");
1440    
1441    
1442     //Return values are, by definition, FALSE.
1443     $curuserinfo = FALSE;
1444     $cursessioninfo = FALSE;
1445     }
1446     //
1447     //--------------------------------------------------------------------------------------------------------------
1448     //Revalidates the session using the current SID cookie. The specific actions are:
1449     //
1450     // If the SID does not exist on the server side:
1451     // a)Eat the current client SID cookie.
1452     // Else if the session has expired due to inactivity:
1453     // a)Destroy the server-side session state.
1454     // b)Eat the client-side SID cookie.
1455     // Else [if the session is still active]:
1456     // Obtain the user information.
1457     // If the user does not exist or is inactive:
1458     // a)Destroy the server-side session state.
1459     // b)Eat the client-side SID cookie.
1460     // Else
1461     // If the privilege escalation period has expired
1462     // Lower the privelege escalation level.
1463     // Update the revalidation time.
1464     //
1465     //Return Values:
1466     // $curuserinfo : An associative array containing the complete record for the currently
1467     // authenticated user, or FALSE if no user is authenticated.
1468     // $cursessioninfo : An associative array containing the complete record for the currently
1469     // active session, or FALSE if no session is active.
1470     //
1471     function SESS_revalidate(&$curuserinfo, &$cursessioninfo)
1472     {
1473     global $GLOBAL_dbhandle;
1474     global $GLOBAL_dblocked;
1475     global $PAR_fbopsid;
1476     global $GLOBAL_stime_string;
1477     global $GLOBAL_client_ip;
1478     global $GLOBAL_utime_ut;
1479    
1480     $cursessioninfo = FALSE;
1481     $curuserinfo = FALSE;
1482    
1483     //If the SID isn't defined, no user and no session.
1484     if ($PAR_fbopsid === FALSE)
1485     {
1486     $curuserinfo = FALSE;
1487     $cursessioninfo = FALSE;
1488     return;
1489     }
1490    
1491     //Try to look up the session in the database. If it does not exist
1492     //in the database, this is a bit suspicious but not impossible. The database
1493     //could have been reaped while somebody left their browser open for a long time.
1494     //If this is the case, no session and no user.
1495     //
1496     $cursessioninfo = SESS_retrieve_by_sid($PAR_fbopsid);
1497     //
1498     if ($cursessioninfo === FALSE)
1499     {
1500     //It is suspicious. Log it.
1501     LOG_log(LOG_ET_SEC_SID_FORGED,
1502     $GLOBAL_stime_string,
1503     $GLOBAL_client_ip,
1504     "",
1505     $PAR_fbopsid,
1506     $_SERVER["PHP_SELF"],
1507     "",
1508     __FILE__,
1509     __LINE__,
1510     "SID cookie value does not exist in server database, and was possibly forged.");
1511    
1512     //Return value is no session and no user.
1513     $curuserinfo = FALSE;
1514     $cursessioninfo = FALSE;
1515     return;
1516     }
1517    
1518     //Session exists. Try to look up the user identified in the session. If the user does not
1519     //exist, this is also suspicious. The only scenario under which this might happen is if a
1520     //user is expired or deleted during a session.
1521     //
1522     $curuserinfo = USRS_retrieve_by_idx($cursessioninfo["usrsidx"]);
1523     //
1524     if ($curuserinfo === FALSE)
1525     {
1526     //It is suspicious. Log it.
1527     LOG_log(LOG_ET_SEC_SID_FORGED,
1528     $GLOBAL_stime_string,
1529     $GLOBAL_client_ip,
1530     "",
1531     $PAR_fbopsid,
1532     $_SERVER["PHP_SELF"],
1533     "",
1534     __FILE__,
1535     __LINE__,
1536     "User index pointed to by SID record does not exist (idx=" . (string)$cursessioninfo["usrsidx"] . ").");
1537    
1538     //Return value is no session and no user.
1539     $curuserinfo = FALSE;
1540     $cursessioninfo = FALSE;
1541     return;
1542     }
1543    
1544     //If the user pointed to by the session isn't active, this probably means that
1545     //the user was expired or had the status changed manually during a session.
1546     //Destroy the server-side and client side session state, log it, and indicate
1547     //to the caller no user and no session.
1548     //If the userid exists but is not active, refuse the authentication.
1549     if ($curuserinfo["status"] != USRS_STATUS_ACTIVE)
1550     {
1551     //It is suspicious. Log it.
1552     LOG_log(LOG_ET_SEC_SID_FORGED,
1553     $GLOBAL_stime_string,
1554     $GLOBAL_client_ip,
1555     "",
1556     $PAR_fbopsid,
1557     $_SERVER["PHP_SELF"],
1558     "",
1559     __FILE__,
1560     __LINE__,
1561     "User pointed to by SID record has inactive status (idx=" . (string)$cursessioninfo["usrsidx"] . ").");
1562    
1563     //Destroy any existing server-side session information based on the current SID cookie.
1564     if ($PAR_fbopsid !== FALSE)
1565     SESS_delete_by_sid($PAR_fbopsid);
1566    
1567     //Eat the client-side cookie.
1568     SESS_eat_fbopsid_cookie();
1569    
1570     //Return value is no session and no user.
1571     $curuserinfo = FALSE;
1572     $cursessioninfo = FALSE;
1573     return;
1574     }
1575    
1576     //If the session has expired due to time, then log it and force the user out.
1577     //
1578     if (UTIME_time_diff_coarse_28($GLOBAL_utime_ut, $cursessioninfo["revaltime"]) > (int)$cursessioninfo["lifetime"])
1579     {
1580     //Log it.
1581     LOG_log(LOG_ET_LOGOUT_TIME,
1582     $GLOBAL_stime_string,
1583     $GLOBAL_client_ip,
1584     $curuserinfo["userid"],
1585     $PAR_fbopsid,
1586     $_SERVER["PHP_SELF"],
1587     "",
1588     __FILE__,
1589     __LINE__,
1590     "Session expired due to inactive time.");
1591    
1592     //Destroy any existing server-side session information based on the current SID cookie.
1593     if ($PAR_fbopsid !== FALSE)
1594     SESS_delete_by_sid($PAR_fbopsid);
1595    
1596     //Eat the client-side cookie.
1597     SESS_eat_fbopsid_cookie();
1598    
1599     //Return value is no session and no user.
1600     $curuserinfo = FALSE;
1601     $cursessioninfo = FALSE;
1602     return;
1603     }
1604    
1605     //If the connecting IP of the session has changed, this is bad news and probably some type of
1606     //security issue.
1607     //
1608     if ($cursessioninfo["ip"] != $GLOBAL_client_ip)
1609     {
1610     //Log it.
1611     LOG_log(LOG_ET_SEC_LOGOUT_IP,
1612     $GLOBAL_stime_string,
1613     $GLOBAL_client_ip,
1614     $curuserinfo["userid"],
1615     $PAR_fbopsid,
1616     $_SERVER["PHP_SELF"],
1617     "",
1618     __FILE__,
1619     __LINE__,
1620     "Stored session IP:" . $cursessioninfo["ip"] . " Current connection IP:" . $GLOBAL_client_ip . ".");
1621    
1622     //Destroy any existing server-side session information based on the current SID cookie.
1623     if ($PAR_fbopsid !== FALSE)
1624     SESS_delete_by_sid($PAR_fbopsid);
1625    
1626     //Eat the client-side cookie.
1627     SESS_eat_fbopsid_cookie();
1628    
1629     //Return value is no session and no user.
1630     $curuserinfo = FALSE;
1631     $cursessioninfo = FALSE;
1632     return;
1633     }
1634    
1635     //All the error conditions have been ruled out. Give the session a newer timestamp, log it, and return the
1636     //correct user and session information.
1637     mysql_query("UPDATE sess SET revaltime=\""
1638     . mysql_real_escape_string($GLOBAL_utime_ut, $GLOBAL_dbhandle)
1639     . "\" WHERE sid=\""
1640     . mysql_real_escape_string($PAR_fbopsid, $GLOBAL_dbhandle)
1641     . "\"",
1642     $GLOBAL_dbhandle);
1643     //
1644     LOG_log(LOG_ET_REVAL_OK,
1645     $GLOBAL_stime_string,
1646     $GLOBAL_client_ip,
1647     $curuserinfo["userid"],
1648     $PAR_fbopsid,
1649     $_SERVER["PHP_SELF"],
1650     "",
1651     __FILE__,
1652     __LINE__,
1653     "Session revalidation.");
1654    
1655     //The $curuserinfo and $cursessioninfo values are OK for return.
1656     }
1657     //
1658     //--------------------------------------------------------------------------------------------------------------
1659     //Decrements the current menu level, stores it in the correct session record of the database,
1660     //and returns the new level, clipped to [0, 2].
1661     //
1662     //No mutual exclusion should be necessary, as a session is tied to one terminal IP--unless a user
1663     //has multiple browsers open and is doing something unusual, there should be nothing noticeable.
1664     //Even then it is iffy and there will be no ill effects.
1665     //
1666     function SESS_menulevel_decrement($sid_in, $menulevel_current)
1667     {
1668     global $GLOBAL_dbhandle;
1669    
1670     //Adjust the menulevel to be one smaller.
1671     if ($menulevel_current == 2)
1672     $menulevel_new = 1;
1673     else if ($menulevel_current == 1)
1674     $menulevel_new = 0;
1675     else
1676     $menulevel_new = 0;
1677    
1678     //Form a query to reflect assigning the new menu level to the session ID
1679     //record.
1680     $query_string = "UPDATE sess SET menulvl=\"" . (string)$menulevel_new . "\" WHERE sid=\"" . $sid_in . "\"";
1681    
1682     //Run the query. We don't much care whether it fails or succeeds (nothing to be done, anyway).
1683     mysql_query($query_string, $GLOBAL_dbhandle);
1684    
1685     //Return the new value.
1686     return($menulevel_new);
1687     }
1688     //
1689     //--------------------------------------------------------------------------------------------------------------
1690     //Increments the current menu level, stores it in the correct session record of the database,
1691     //and returns the new level, clipped to [0, 2].
1692     //
1693     //No mutual exclusion should be necessary, as a session is tied to one terminal IP--unless a user
1694     //has multiple browsers open and is doing something unusual, there should be nothing noticeable.
1695     //Even then it is iffy and there will be no ill effects.
1696     //
1697     function SESS_menulevel_increment($sid_in, $menulevel_current)
1698     {
1699     global $GLOBAL_dbhandle;
1700    
1701     //Adjust the menulevel to be one larger.
1702     if ($menulevel_current == 0)
1703     $menulevel_new = 1;
1704     else if ($menulevel_current == 1)
1705     $menulevel_new = 2;
1706     else
1707     $menulevel_new = 2;
1708    
1709     //Form a query to reflect assigning the new menu level to the session ID
1710     //record.
1711     $query_string = "UPDATE sess SET menulvl=\"" . (string)$menulevel_new . "\" WHERE sid=\"" . $sid_in . "\"";
1712    
1713     //Run the query. We don't much care whether it fails or succeeds (nothing to be done, anyway).
1714     mysql_query($query_string, $GLOBAL_dbhandle);
1715    
1716     //Return the new value.
1717     return($menulevel_new);
1718     }
1719     //
1720     //--------------------------------------------------------------------------------------------------------------
1721     //Updates the SDDT and SDTIM associated with the session, session identifier passed.
1722     //
1723     //To update only SDDT or SDTIM, set the other parameter FALSE.
1724     //
1725     //If both parameters are FALSE, nothing will be updated.
1726     //
1727     function SESS_update_sddt_sdtim($sid_in, $sddt_in, $sdtim_in)
1728     {
1729     global $GLOBAL_dbhandle;
1730    
1731     //echo "<pre>\n";
1732     //print_r($sid_in);
1733     //print_r($sddt_in);
1734     //print_r($sdtim_in);
1735     //echo "</pre>\n";
1736    
1737     if (($sddt_in !== FALSE) && ($sdtim_in !== FALSE))
1738     {
1739     //Both parameters are specified, the most common case.
1740     $query_string = "UPDATE sess SET sddt=\""
1741     .
1742     mysql_real_escape_string ((string)$sddt_in, $GLOBAL_dbhandle)
1743     .
1744     "\", sdtim=\""
1745     .
1746     mysql_real_escape_string ((string)$sdtim_in, $GLOBAL_dbhandle)
1747     .
1748     "\" WHERE sid=\""
1749     .
1750     $sid_in
1751     .
1752     "\"";
1753    
1754     //Run the query. We don't much care whether it fails or succeeds (nothing to be done, anyway).
1755     mysql_query($query_string, $GLOBAL_dbhandle);
1756     }
1757     else if (($sddt_in === FALSE) && ($sdtim_in !== FALSE))
1758     {
1759     //Only time is specified.
1760     $query_string = "UPDATE sess SET sdtim=\""
1761     .
1762     mysql_real_escape_string ((string)$sdtim_in, $GLOBAL_dbhandle)
1763     .
1764     "\" WHERE sid=\""
1765     .
1766     $sid_in
1767     .
1768     "\"";
1769    
1770     //Run the query. We don't much care whether it fails or succeeds (nothing to be done, anyway).
1771     mysql_query($query_string, $GLOBAL_dbhandle);
1772     }
1773     else if (($sddt_in !== FALSE) && ($sdtim_in === FALSE))
1774     {
1775     //Only date is specified.
1776     $query_string = "UPDATE sess SET sddt=\""
1777     .
1778     mysql_real_escape_string ((string)$sddt_in, $GLOBAL_dbhandle)
1779     .
1780     "\" WHERE sid=\""
1781     .
1782     $sid_in
1783     .
1784     "\"";
1785    
1786     //Run the query. We don't much care whether it fails or succeeds (nothing to be done, anyway).
1787     mysql_query($query_string, $GLOBAL_dbhandle);
1788     }
1789     else
1790     {
1791     //Do nothing. Neither parameter is specified.
1792     }
1793     }
1794     //
1795     //--------------------------------------------------------------------------------------------------------------
1796     //Updates the logicalpage associated with a session.
1797     //
1798     function SESS_logicalpage_set($sid_in, $logicalpage_in)
1799     {
1800     global $GLOBAL_dbhandle;
1801    
1802     $query_string = "UPDATE sess SET logicalpage=\""
1803     .
1804     mysql_real_escape_string ((string)$logicalpage_in, $GLOBAL_dbhandle)
1805     .
1806     "\" WHERE sid=\""
1807     .
1808     $sid_in
1809     .
1810     "\"";
1811    
1812     //Run the query. We don't much care whether it fails or succeeds (nothing to be done, anyway).
1813     mysql_query($query_string, $GLOBAL_dbhandle);
1814     }
1815     //
1816     //--------------------------------------------------------------------------------------------------------------
1817     //Gets the logicalpage integer associated with a session. Returns SESS_LPAGE_UNDEFINED if can't figure
1818     //out what that is.
1819     //
1820     function SESS_logicalpage_get($sid_in)
1821     {
1822     global $GLOBAL_dbhandle;
1823    
1824     //Form the query string.
1825     $query_string = "SELECT logicalpage FROM sess WHERE sid=\""
1826     .
1827     mysql_real_escape_string($sid_in, $GLOBAL_dbhandle)
1828     .
1829     "\"";
1830    
1831     //Execute the query.
1832     $result = mysql_query($query_string, $GLOBAL_dbhandle);
1833    
1834     if ($result === FALSE)
1835     {
1836     //Unknown query failure. Return a result code to the caller indicating
1837     //don't know.
1838     return(SESS_LPAGE_UNDEFINED);
1839     }
1840     else
1841     {
1842     //Get the integer result.
1843     $row = mysql_fetch_array($result, MYSQL_NUM);
1844    
1845     $rv = $row[0];
1846    
1847     //Free the result.
1848     mysql_free_result($result);
1849    
1850     //Return the appropriate.
1851     if($rv > 0)
1852     return($rv);
1853     else
1854     return(SESS_LPAGE_UNDEFINED);
1855     }
1856     }
1857     //
1858     //--------------------------------------------------------------------------------------------------------------
1859     //End of $RCSfile: sess.inc,v $.
1860     //--------------------------------------------------------------------------------------------------------------
1861     ?>

dashley@gmail.com
ViewVC Help
Powered by ViewVC 1.1.25