set the cookie prefix to the dbname instead of sucssite so you can be logged...

set the cookie prefix to the dbname instead of sucssite so you can be logged into multipule versions of the sucssite without errors

set the cookie prefix to the dbname instead of sucssite so you can be logged...
set the cookie prefix to the dbname instead of sucssite so you can be logged into multipule versions of the sucssite without errors
eec7280f · Imran Hussain · 76af36b2 · eec7280f
Commit eec7280f authored Apr 21, 2015 by Imran Hussain
--- a/lib/session.php
+++ b/lib/session.php
@@ -2,7 +2,7 @@
 // To use:
 // include_once "session.php"
 // $mysession = new Session;
-// 
+//
 // $mysession->loggedin is TRUE if they have logged in
 //
 // other attributes are :
@@ -11,7 +11,6 @@
 // lastseen   - unix timestamp for their previous page access
 // data   - var/array for persistant data, commit by calling the 'save' method

-
 // Session management and authentication mechanism.
 class Session {
 public	$loggedin=FALSE;	// Is this a valid logged in user ?
@@ -23,7 +22,7 @@ public  $groups  =array();	// users groups
 public	$printbalance;		// printer balance
 public	$data='';		// Var/array for session persistant data
 public	$token='';		// session identifier
-public  $logintime='';  // Time which user last gave us credentials
+public  $logintime='';		// Time which user last gave us credentials
 public	$lastseen='';		// Time of last page request
 private	$timeout = 2880;	// Idle timeout limit in minutes (session deleted), 2880 == 48 hours
 private $anonymous_timeout = 120; // Idle timeout limit for sessions which aren't logged in (set lower to stop the session table getting swamped)
@@ -32,19 +31,17 @@ private $max_session_length = 11520; // maximum length of a session, 11520 == 8
 private	$table = "session";	// session storage table (const)
 private $datahash='';		// hash of data field

-
-
 	// Create a new (insecure) session
 	private function newsession()
 	{
-		global $DB, $preferred_hostname;
+		global $DB, $preferred_hostname, $dbname;

-		$token = $this->genSessionID(); 
+		$token = $this->genSessionID();
 		$DB->Execute("insert into {$this->table} (hash, lastseen, ip) values (?,NOW(),?)", array($token, $_SERVER['REMOTE_ADDR']));
-		setcookie("sucssite_session", $token, NULL, "/", $preferred_hostname);
-	
+		setcookie($dbname."_session", $token, NULL, "/", $preferred_hostname);
+
 		// delete loggedin cookie if it exists
-		setcookie("sucssite_loggedin", FALSE, time(), "/");
+		setcookie($dbname."_loggedin", FALSE, time(), "/");
 		$this->token = $token;
 		return;
 	}
@@ -65,11 +62,11 @@ private $datahash='';		// hash of data field
 	// Public Object constructor
 	function __construct()
 	{
-		global $DB, $preferred_hostname, $baseurl;
+		global $DB, $preferred_hostname, $baseurl, $dbname;
 		unset($token);

 		// if user requests a page via HTTP and claims to be logged in, bump them to HTTPS
-		if (!isset($_SERVER['HTTPS']) && (@$_COOKIE['sucssite_loggedin'] == "true")) {
+		if (!isset($_SERVER['HTTPS']) && (@$_COOKIE[$dbname.'_loggedin'] == "true")) {
 			header("HTTP/1.0 307 Temporary redirect");
 			header("Location: https://{$preferred_hostname}{$baseurl}{$_SERVER['PATH_INFO']}"); 
 			return;
@@ -93,13 +90,13 @@ private $datahash='';		// hash of data field


 		// the possible token data passed from a form
-		if (isset($_REQUEST['token'])) 
+		if (isset($_REQUEST['token']))
 			$token = $_REQUEST['token'];

 		// Check if we were handed a specific token identifier
 		// Otherwise use the value from the cookie we gave out
-		if (!isset($token) && isset($_COOKIE['sucssite_session'])) 
-			$token=@$_COOKIE['sucssite_session'];
+		if (!isset($token) && isset($_COOKIE[$dbname.'_session']))
+			$token=@$_COOKIE[$dbname.'_session'];

 		if (isset($token)) $this->token = $token;

@@ -111,7 +108,7 @@ private $datahash='';		// hash of data field

 		// Okay, so we still dont have a session id
 		// so issue a new one and go back to core
-		if (!isset($token))  
+		if (!isset($token))
 		{
 			$this->newsession();
 			return;
@@ -159,7 +156,7 @@ private $datahash='';		// hash of data field
 		if (isset($this->data['messages'])) {
 			global $messages;
 			if (is_array($messages)) {
-				$messages += $this->data['messages']; 
+				$messages += $this->data['messages'];
 			} else {
 				$messages = $this->data['messages'];
 			}
@@ -167,9 +164,9 @@ private $datahash='';		// hash of data field
 			$this->save();
 		}
 	}
-	
+
 	// generate a string suitable to be used as a session ID
-	private function genSessionID() 
+	private function genSessionID()
 	{
 		global $DB;
 		$try = 0;
@@ -203,11 +200,11 @@ private $datahash='';		// hash of data field
 	// Public function: force a logout of the session
 	public function logout( )
 	{
-		global $DB;
+		global $DB, $dbname;
 		$DB->Execute("delete from {$this->table} where hash=?", array($this->token));
 		$this->newsession();
 		$this->loggedin = FALSE;
-		setcookie("sucssite_loggedin", FALSE, time(), "/");
+		setcookie($dbname."_loggedin", FALSE, time(), "/");
 	}

 	// Fill out any extra details we know about the user
@@ -246,7 +243,7 @@ private $datahash='';		// hash of data field

 	}

-	/* check using mod_auth_externals helper 
+	/* check using mod_auth_externals helper
 	private function check_pass($user, $pass)
 	{

@@ -322,7 +319,7 @@ private $datahash='';		// hash of data field
 	// Private function: process login form
 	private function session_init($user, $pass)
 	{
-		global $DB, $preferred_hostname;
+		global $DB, $preferred_hostname, $dbname;
 		// Check that this is a valid session start
 		// This prevents replay attacks
 		$sess = $DB->GetAll("select * from {$this->table} where hash=? and username is NULL", array($this->token));
@@ -338,11 +335,11 @@ private $datahash='';		// hash of data field
 		// so generate a new one with the secure flag set
 		$oldtoken = $this->token;
 		$this->token = $this->genSessionID();
-		setcookie("sucssite_session", $this->token, time() + $this->max_session_length * 60, "/", $preferred_hostname, TRUE);
+		setcookie($dbname."_session", $this->token, time() + $this->max_session_length * 60, "/", $preferred_hostname, TRUE);

 		// set a cookie as a hint that we're logged in
 		// this can be checked for to allow redirecting to SSL to get the secure cookie
-		setcookie("sucssite_loggedin", "true", time() + $this->max_session_length * 60, "/");
+		setcookie($dbname."_loggedin", "true", time() + $this->max_session_length * 60, "/");

 		// Update the session, filling in the blanks
 		$DB->Execute("update {$this->table} set hash=?, username=?, logintime='NOW()', lastseen='NOW()', ip=? where hash=?",