|
1
|
|
|
<?php
|
|
2
|
|
|
|
|
3
|
|
|
global $site_sessionname;
|
|
|
|
|
|
|
4
|
|
|
$site_sessionname = genEvoSessionName(); // For legacy extras not using startCMSSession
|
|
5
|
|
|
|
|
6
|
|
|
/**
|
|
7
|
|
|
* @return string
|
|
8
|
|
|
*/
|
|
9
|
|
|
function genEvoSessionName()
|
|
10
|
|
|
{
|
|
11
|
|
|
$_ = crc32(__FILE__);
|
|
|
|
|
|
|
12
|
|
|
$_ = sprintf('%u', $_);
|
|
13
|
|
|
|
|
14
|
|
|
return 'evo' . base_convert($_, 10, 36);
|
|
15
|
|
|
}
|
|
16
|
|
|
|
|
17
|
|
|
/**
|
|
18
|
|
|
* @return void
|
|
19
|
|
|
*/
|
|
20
|
|
|
function startCMSSession()
|
|
|
|
|
|
|
21
|
|
|
{
|
|
22
|
|
|
|
|
23
|
|
|
global $site_sessionname, $https_port, $session_cookie_path, $session_cookie_domain;
|
|
|
|
|
|
|
24
|
|
|
|
|
25
|
|
|
session_name($site_sessionname);
|
|
26
|
|
|
removeInvalidCmsSessionIds($site_sessionname);
|
|
27
|
|
|
$cookieExpiration = 0;
|
|
28
|
|
|
$secure = ((isset ($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') || $_SERVER['SERVER_PORT'] == $https_port);
|
|
29
|
|
|
$cookiePath = !empty($session_cookie_path) ? $session_cookie_path : MODX_BASE_URL;
|
|
30
|
|
|
$cookieDomain = !empty($session_cookie_domain) ? $session_cookie_domain : '';
|
|
31
|
|
|
session_set_cookie_params($cookieExpiration, $cookiePath, $cookieDomain, $secure, true);
|
|
32
|
|
|
session_start();
|
|
33
|
|
|
$key = "modx.mgr.session.cookie.lifetime";
|
|
34
|
|
|
if (isset($_SESSION[$key]) && is_numeric($_SESSION[$key])) {
|
|
35
|
|
|
$cookieLifetime = (int)$_SESSION[$key];
|
|
36
|
|
|
if ($cookieLifetime) {
|
|
37
|
|
|
$cookieExpiration = $_SERVER['REQUEST_TIME'] + $cookieLifetime;
|
|
38
|
|
|
}
|
|
39
|
|
|
setcookie(session_name(), session_id(), $cookieExpiration, $cookiePath, $cookieDomain, $secure, true);
|
|
40
|
|
|
}
|
|
41
|
|
|
if (!isset($_SESSION['modx.session.created.time'])) {
|
|
42
|
|
|
$_SESSION['modx.session.created.time'] = $_SERVER['REQUEST_TIME'];
|
|
43
|
|
|
}
|
|
44
|
|
|
}
|
|
45
|
|
|
|
|
46
|
|
|
/**
|
|
47
|
|
|
* @param $storage
|
|
48
|
|
|
* @param $session_name
|
|
49
|
|
|
* @return void
|
|
50
|
|
|
*/
|
|
51
|
|
|
function removeInvalidCmsSessionFromStorage(&$storage, $session_name)
|
|
52
|
|
|
{
|
|
53
|
|
|
if (isset($storage[$session_name]) && ($storage[$session_name] === '' || $storage[$session_name] === 'deleted')) {
|
|
54
|
|
|
unset($storage[$session_name]);
|
|
55
|
|
|
}
|
|
56
|
|
|
}
|
|
57
|
|
|
|
|
58
|
|
|
/**
|
|
59
|
|
|
* @param $session_name
|
|
60
|
|
|
* @return void
|
|
61
|
|
|
*/
|
|
62
|
|
|
function removeInvalidCmsSessionIds($session_name)
|
|
|
|
|
|
|
63
|
|
|
{
|
|
64
|
|
|
// session ids is invalid iff it is empty string
|
|
65
|
|
|
// storage priorioty can see in PHP source ext/session/session.c
|
|
66
|
|
|
removeInvalidCmsSessionFromStorage($_COOKIE, $session_name);
|
|
67
|
|
|
removeInvalidCmsSessionFromStorage($_GET, $session_name);
|
|
68
|
|
|
removeInvalidCmsSessionFromStorage($_POST, $session_name);
|
|
69
|
|
|
}
|
|
70
|
|
|
|
evolution-cms /
evolution
Loading history...
Instead of relying on
globalstate, we recommend one of these alternatives:1. Pass all data via parameters
2. Create a class that maintains your state