forked from web-cyradm/web-cyradm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
session.php
60 lines (55 loc) · 1.65 KB
/
session.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<?php
if (!defined('WC_BASE')) define('WC_BASE', dirname(__FILE__));
$ref=WC_BASE."/index.php";
if ($ref!=$_SERVER['SCRIPT_FILENAME']){
header("Location: index.php");
exit();
}
?>
<?php
session_name('web-cyradm-session');
session_start();
$sess_timeout = $SESS_TIMEOUT; // seconds
// if (!isset($first)) $first = 1;
$current_time = time();
// $newid = time();
// Check session of current user.
// If the user doesn't have a session, create a new
// session and set session_ok to FALSE, so that he can
// login.
// If the user already had a session, check if the
// session expired.
// If it has expired, set session_ok to FALSE and
// redirect to timeout.php.
// If the session has NOT expired, update timestamp in session.
// Read old timestamp
$old_time = isset($_SESSION['timestamp'])?($_SESSION['timestamp']):(-1);
// Update timestamp
$_SESSION['timestamp'] = $current_time;
if (! isset($_SESSION['session_ok'])){
// User doesn't have a session.
$_SESSION['session_ok'] = FALSE;
} else {
// User seems to have a session.
// If it pretends to be a valid session, check if
// has expired. If it has, invalidate the session.
// If the session is already invalid, pass through,
// so that the login screen is shown.
if ($_SESSION['session_ok'] === TRUE){
if ($current_time > ($old_time + $SESS_TIMEOUT)){
// Session has expired
# $_SESSION['session_ok'] = FALSE;
$_SESSION['timestamp'] = -1;
$LANG = $_SESSION['LANG'];
include ("header.inc.php");
include ("timeout.php");
include ("footer.inc.php");
$_SESSION['session_ok'] = FALSE;
session_unset();
die();
} else {
// Session has NOT expired
$_SESSION['session_ok'] = TRUE;
}
}
}