merge changes from trunk into beta

lib/session.php

@@ -2,7 +2,7 @@
 // To use:
 // include_once "session.php"
 // $mysession = new Session;
-// 
+//
 // $mysession->loggedin is TRUE if they have logged in
 //
 // other attributes are :
@@ -11,7 +11,6 @@
 // lastseen   - unix timestamp for their previous page access
 // data   - var/array for persistant data, commit by calling the 'save' method
 
-
 // Session management and authentication mechanism.
 class Session {
 public	$loggedin=FALSE;	// Is this a valid logged in user ?
@@ -23,7 +22,7 @@ public  $groups  =array();	// users groups
 public	$printbalance;		// printer balance
 public	$data='';		// Var/array for session persistant data
 public	$token='';		// session identifier
-public  $logintime='';  // Time which user last gave us credentials
+public  $logintime='';		// Time which user last gave us credentials
 public	$lastseen='';		// Time of last page request
 private	$timeout = 2880;	// Idle timeout limit in minutes (session deleted), 2880 == 48 hours
 private $anonymous_timeout = 120; // Idle timeout limit for sessions which aren't logged in (set lower to stop the session table getting swamped)
@@ -32,19 +31,17 @@ private $max_session_length = 11520; // maximum length of a session, 11520 == 8
 private	$table = "session";	// session storage table (const)
 private $datahash='';		// hash of data field
 
-
-
 	// Create a new (insecure) session
 	private function newsession()
 	{
-		global $DB, $preferred_hostname;
+		global $DB, $preferred_hostname, $dbname;
 
-		$token = $this->genSessionID(); 
+		$token = $this->genSessionID();
 		$DB->Execute("insert into {$this->table} (hash, lastseen, ip) values (?,NOW(),?)", array($token, $_SERVER['REMOTE_ADDR']));
-		setcookie("sucssite_session", $token, NULL, "/", $preferred_hostname);
-	
+		setcookie($dbname."_session", $token, NULL, "/", $preferred_hostname);
+
 		// delete loggedin cookie if it exists
-		setcookie("sucssite_loggedin", FALSE, time(), "/");
+		setcookie($dbname."_loggedin", FALSE, time(), "/");
 		$this->token = $token;
 		return;
 	}
@@ -65,11 +62,11 @@ private $datahash='';		// hash of data field
 	// Public Object constructor
 	function __construct()
 	{
-		global $DB, $preferred_hostname, $baseurl;
+		global $DB, $preferred_hostname, $baseurl, $dbname;
 		unset($token);
 
 		// if user requests a page via HTTP and claims to be logged in, bump them to HTTPS
-		if (!isset($_SERVER['HTTPS']) && (@$_COOKIE['sucssite_loggedin'] == "true")) {
+		if (!isset($_SERVER['HTTPS']) && (@$_COOKIE[$dbname.'_loggedin'] == "true")) {
 			header("HTTP/1.0 307 Temporary redirect");
 			header("Location: https://{$preferred_hostname}{$baseurl}{$_SERVER['PATH_INFO']}"); 
 			return;
@@ -93,13 +90,13 @@ private $datahash='';		// hash of data field
 
 
 		// the possible token data passed from a form
-		if (isset($_REQUEST['token'])) 
+		if (isset($_REQUEST['token']))
 			$token = $_REQUEST['token'];
 
 		// Check if we were handed a specific token identifier
 		// Otherwise use the value from the cookie we gave out
-		if (!isset($token) && isset($_COOKIE['sucssite_session'])) 
-			$token=@$_COOKIE['sucssite_session'];
+		if (!isset($token) && isset($_COOKIE[$dbname.'_session']))
+			$token=@$_COOKIE[$dbname.'_session'];
 
 		if (isset($token)) $this->token = $token;
 
@@ -111,7 +108,7 @@ private $datahash='';		// hash of data field
 
 		// Okay, so we still dont have a session id
 		// so issue a new one and go back to core
-		if (!isset($token))  
+		if (!isset($token))
 		{
 			$this->newsession();
 			return;
@@ -159,7 +156,7 @@ private $datahash='';		// hash of data field
 		if (isset($this->data['messages'])) {
 			global $messages;
 			if (is_array($messages)) {
-				$messages += $this->data['messages']; 
+				$messages += $this->data['messages'];
 			} else {
 				$messages = $this->data['messages'];
 			}
@@ -167,9 +164,9 @@ private $datahash='';		// hash of data field
 			$this->save();
 		}
 	}
-	
+
 	// generate a string suitable to be used as a session ID
-	private function genSessionID() 
+	private function genSessionID()
 	{
 		global $DB;
 		$try = 0;
@@ -203,11 +200,11 @@ private $datahash='';		// hash of data field
 	// Public function: force a logout of the session
 	public function logout( )
 	{
-		global $DB;
+		global $DB, $dbname;
 		$DB->Execute("delete from {$this->table} where hash=?", array($this->token));
 		$this->newsession();
 		$this->loggedin = FALSE;
-		setcookie("sucssite_loggedin", FALSE, time(), "/");
+		setcookie($dbname."_loggedin", FALSE, time(), "/");
 	}
 
 	// Fill out any extra details we know about the user
@@ -246,7 +243,7 @@ private $datahash='';		// hash of data field
 
 	}
 
-	/* check using mod_auth_externals helper 
+	/* check using mod_auth_externals helper
 	private function check_pass($user, $pass)
 	{
 
@@ -322,7 +319,7 @@ private $datahash='';		// hash of data field
 	// Private function: process login form
 	private function session_init($user, $pass)
 	{
-		global $DB, $preferred_hostname;
+		global $DB, $preferred_hostname, $dbname;
 		// Check that this is a valid session start
 		// This prevents replay attacks
 		$sess = $DB->GetAll("select * from {$this->table} where hash=? and username is NULL", array($this->token));
@@ -338,11 +335,11 @@ private $datahash='';		// hash of data field
 		// so generate a new one with the secure flag set
 		$oldtoken = $this->token;
 		$this->token = $this->genSessionID();
-		setcookie("sucssite_session", $this->token, time() + $this->max_session_length * 60, "/", $preferred_hostname, TRUE);
+		setcookie($dbname."_session", $this->token, time() + $this->max_session_length * 60, "/", $preferred_hostname, TRUE);
 
 		// set a cookie as a hint that we're logged in
 		// this can be checked for to allow redirecting to SSL to get the secure cookie
-		setcookie("sucssite_loggedin", "true", time() + $this->max_session_length * 60, "/");
+		setcookie($dbname."_loggedin", "true", time() + $this->max_session_length * 60, "/");
 
 		// Update the session, filling in the blanks
 		$DB->Execute("update {$this->table} set hash=?, username=?, logintime='NOW()', lastseen='NOW()', ip=? where hash=?",