|
ZenCart_Documentation
1.5.0
http://www.collinsharper.com
|
|
ZenCart_Documentation
1.5.0
http://www.collinsharper.com
|
00001 <?php 00009 if (!defined('IS_ADMIN_FLAG')) { 00010 die('Illegal Access'); 00011 } 00012 // require the session handling functions 00013 require(DIR_FS_CATALOG . DIR_WS_FUNCTIONS . 'sessions.php'); 00014 00015 zen_session_name('zenAdminID'); 00016 zen_session_save_path(SESSION_WRITE_DIRECTORY); 00017 00018 // set the session cookie parameters 00019 $path = str_replace('\\', '/', dirname($_SERVER['SCRIPT_NAME'])); 00020 if (defined('SESSION_USE_ROOT_COOKIE_PATH') && SESSION_USE_ROOT_COOKIE_PATH == 'True') $path = '/'; 00021 $path = (defined('CUSTOM_COOKIE_PATH')) ? CUSTOM_COOKIE_PATH : $path; 00022 $domainPrefix = (!defined('SESSION_ADD_PERIOD_PREFIX') || SESSION_ADD_PERIOD_PREFIX == 'True') ? '.' : ''; 00023 $secureFlag = ((ENABLE_SSL_ADMIN == 'true' && substr(HTTP_SERVER, 0, 6) == 'https:' && substr(HTTPS_SERVER, 0, 6) == 'https:') || (ENABLE_SSL_ADMIN == 'false' && substr(HTTP_SERVER, 0, 6) == 'https:')) ? TRUE : FALSE; 00024 00025 if (PHP_VERSION >= '5.2.0') { 00026 session_set_cookie_params(0, $path, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag, TRUE); 00027 } else { 00028 session_set_cookie_params(0, $path, (zen_not_null($cookieDomain) ? $domainPrefix . $cookieDomain : ''), $secureFlag); 00029 } 00030 00031 // lets start our session 00032 zen_session_start(); 00033 $session_started = true; 00034 00035 if (! isset ( $_SESSION ['securityToken'] )) 00036 { 00037 $_SESSION ['securityToken'] = md5 ( uniqid ( rand (), true ) ); 00038 } 00039 if ((isset ( $_GET ['action'] ) || isset($_POST['action']) ) && $_SERVER['REQUEST_METHOD'] == 'POST') 00040 { 00041 if ((! isset ( $_SESSION ['securityToken'] ) || ! isset ( $_POST ['securityToken'] )) || ($_SESSION ['securityToken'] !== $_POST ['securityToken'])) 00042 { 00043 zen_redirect ( zen_href_link ( FILENAME_DEFAULT, '', 'SSL' ) ); 00044 } 00045 }
1.7.6.1 
