- /*--------------------------------------------------\
- | | | session.inc |
- |---------------------------------------------------|
- | front_accounting |
- | http://open-accounting.sourceforge.net/ |
- | by KylieTech Consulting |
- | http://frontaccounting.com/ |
- | by Joe Hunt Consulting |
- \--------------------------------------------------*/
-
- if (!isset($path_to_root))
+/**********************************************************************
+ Copyright (C) FrontAccounting, LLC.
+ Released under the terms of the GNU General Public License, GPL,
+ as published by the Free Software Foundation, either version 3
+ of the License, or (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
+
+class SessionManager
+{
+ function sessionStart($name, $limit = 0, $path = '/', $domain = null, $secure = null)
+ {
+ // Set the cookie name
+ session_name($name);
+
+ // Set SSL level
+ $https = isset($secure) ? $secure : (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
+
+ // Set session cookie options
+ session_set_cookie_params($limit, $path, $domain, $https, true);
+ session_start();
+
+ // Make sure the session hasn't expired, and destroy it if it has
+ if ($this->validateSession())
+ {
+ // Check to see if the session is new or a hijacking attempt
+ if(!$this->preventHijacking())
+ {
+ // Reset session data and regenerate id
+ $_SESSION = array();
+ $_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
+ $_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
+ $this->regenerateSession();
+
+ // Give a 5% chance of the session id changing on any request
+ }
+ elseif (rand(1, 100) <= 5)
+ {
+ $this->regenerateSession();
+ }
+ }
+ else
+ {
+ $_SESSION = array();
+ session_destroy();
+ session_start();
+ }
+ }
+
+ function preventHijacking()