<?PHP //Make sure there are no whitespaces before '<' on this line.
// +----------------------------------------------------------------------+
// | DB_eSession, Copyright (c) 2004 Lawrence Osiris, All Rights Reserved |
// +----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation; either version 2 of the License, or |
// | (at your option) any later version. Read the full included license. |
// | |
// | This configuration file is optional for the DB_eSession class but |
// | probably needed (and recommended). |
// | |
// | All the parameter settings here are set to the same defaults the |
// | DB_eSession class would set them to (when not specified here). |
// +----------------------------------------------------------------------+
$sess_param = array();
/**
* Set the path and filename of the file containing the errors array constants.
* You can use relative (recommended) or absolute file paths. For security,
* specify a filename without the '.php' because the class will automatically
* add '.php' to the end. i.e. If you specify 'errors.php' the class will try
* to locate a file called 'errors.php.php'. So, just specify 'errors'. The
* default path is the current directory (where your script is running from),
* but recommend to put the errors file off the web directory along with the
* class.DB_eSession.php file.
*/
$sess_param['errors_path'] = './';
$sess_param['errors_file'] = 'errors.DB_eSession';
/**
* Set the default and current language codes for displaying error and
* warning messages. Default is 'en' for English.
*/
$sess_param['default_lang'] = 'en';
// i.e: Gets 'en' out of 'en-us...' possible value, otherwise assigns 'en'.
$sess_param['current_lang'] = IsSet($_SERVER['HTTP_ACCEPT_LANGUAGE']) ?
substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2) : 'en';
/**
* To have the class initiate a session_start(). You may want to turn
* it off when using the maintenance type of member functions. A database
* connection will still be opened, but you will have to initiate the
* session_start() from within your script.
*/
$sess_param['session_start'] = TRUE;
/**
* Set $sess_param['stop_on_error'] = FALSE to not have the class
* stop execution upon an error. Default is to stop (TRUE).
* This can be turned on and off at any time by using stopOnErrors()
* or endStopOnErrors().
*/
$sess_param['stop_on_error'] = TRUE;
/**
* Set the font color and size for error messages (any valid HTML syntax)
*/
$sess_param['error_color'] = 'RED';
$sess_param['error_size'] = '+0';
/**
* Set $sess_param['stop_on_warn'] = TRUE to have the class
* stop execution upon a warning. Default is not to stop (FALSE).
* This can be turned on and off at any time by using stopOnWarnings()
* or endStopOnWarnings().
*/
$sess_param['stop_on_warn'] = FALSE;
/**
* Set the font color and size for warning messages (any valid HTML syntax)
*/
$sess_param['warn_color'] = 'BLUE';
$sess_param['warn_size'] = '+0';
/**
* Set to TRUE to display SQL syntax and other values when displaying
* errors or warning messages encountered. Default is FALSE for security
* purposes. Turn on mostly when in development or testing your site,
* but remember to turn it off for a production ready site.
*/
$sess_param['detail_err_msgs'] = FALSE;
/**
* Set $sess_param['buffer'] = TRUE to have the class
* execute the ob_start() command to start buffering the output.
* You may want to use if you can't resolve the 'headers already sent'
* warning message generated by PHP or the class. The ob_end_flush()
* is called implicitly at the end of your script. It flushes out the
* contents of the buffer to the browser, and destroys the current
* output buffer. The default is not to execute ob_start() (FALSE).
*/
$sess_param['buffer'] = FALSE;
/**
* Set any arbitrary value for MD5 hashing keys. Don't make too long.
*/
$sess_param['key_prefix'] = 'O9R^3mp#i|34';
$sess_param['key_suffix'] = '+t97!u0K-2L5';
/**
* A password used to pass to the delete all session/lock functions as a way
* to confirm the intent of modifying all rows in the sessions table.
*/
$sess_param['confirm_pswd'] = '!*CONFIRMED*!';
/**
* Whether or not to encrypt/decrypt the whole session data. The other built-in
* encrypt/decrypt functions are used if no mcrypt library is installed.
*/
$sess_param['encrypt'] = FALSE;
/**
* The key used to encrypt/decrypt individual field data or the whole
* session data. Keep this key a secret (keep this config file off the web
* directory). Use readable characters and make at least 62 characters long.
* The key default specified is made up of single UNIQUE characters of:
* "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
*
*Ruler-Tens: 1 2 3 4 5 6
*Ruler-Ones: 12345678901234567890123456789012345678901234567890123456789012
*/
$sess_param['encrypt_key'] =
"z1Mc6KRxAfNwZ0dGjY5qBXhtrPgJO7eCaUmHvQT3yW8nDsI2VkEpiS4blFoLu9";
// /\--- EACH CHARACTER MUST BE UNIQUE. NO DUPS ---/\
/**
* Assign these fields if you have libmcrypt installed. Otherwise, just ignore
* these fields. For algorithm/cipher, set to one that supports up to 256 bits
* (32 byte) keys. Important: If you have ver 2.2.x installed, then make sure
* you select a cipher that will be supported by a newer version as well.
* Like: MCRYPT_3DES, MCRYPT_CAST_256, MCRYPT_DES, MCRYPT_GOST, MCRYPT_SAFER128
* For the encryption mode, this class only supports ECB, CBC, CFB, or OFB.
* Use one: MCRYPT_MODE_ECB, MCRYPT_MODE_CBC, MCRYPT_MODE_CFB, MCRYPT_MODE_OFB
* Cipher default is MCRYPT_GOST, and encryption mode is: MCRYPT_MODE_CFB
* Once set, do not change often (or at least don't change while sessions active
* or you have session rows still in the table, otherwise decryption will fail).
*/
$sess_param['encrypt_cipher'] = (defined('MCRYPT_GOST')) ? MCRYPT_GOST : NULL;
$sess_param['encrypt_mode'] = (defined('MCRYPT_MODE_CFB')) ?
MCRYPT_MODE_CFB : NULL;
/**
* When set to TRUE, locked session rows will be deleted right
* away, regardless of their current expiry or timeout settings when
* the Garbage Collection cleanup/delete function is invoked.
*/
$sess_param['gc_del_locked'] = FALSE;
/**
* Database related variables with assigned default values.
* Assign these necessary fields to allow connection to your database.
* Remember to give 'sess_user' access privileges to 'db_esessions'.
* Make sure the password is correct (sess1234 is the default).
*/
$sess_param['db_host'] = 'localhost'; // Your host name
$sess_param['db_user'] = 'sess_user'; // Your user name assigned
$sess_param['db_pswd'] = 'sess1234'; // Your assigned password
$sess_param['db_name'] = 'db_esessions'; // Your database name
/**
* MySQL database connection type; Normal or persistent.
* The default is for a normal connection (FALSE).
*/
$sess_param['db_persistent'] = FALSE;
/**
* Optionally supply a database resource link. The class will NOT
* attempt to connect to MySQL and use the link you provide instead.
* This overrides the 'db_persistent' option above.
* The default is NULL (to force the class to make a MySQL connection).
*/
$sess_param['db_resource'] = NULL;
/**
* Table related variables with assigned default values.
* Assign these necessary fields to allow connection to the 'sessions'
* table. Specify what each column name is defined as in the table.
*/
$sess_param['tb_name'] = 'eSessions'; // Session table name
$sess_param['tb_id_col'] = 'sess_id'; // Session ID key column name
$sess_param['tb_sl_col'] = 'sess_sec_level'; // Security level column name
$sess_param['tb_cr_col'] = 'sess_created'; // Session created column name
$sess_param['tb_ex_col'] = 'sess_expiry'; // Expiry column name
$sess_param['tb_to_col'] = 'sess_timeout'; // Session timeout column name
$sess_param['tb_lk_col'] = 'sess_locked'; // Session locked column name
$sess_param['tb_vl_col'] = 'sess_value'; // Session data column name
$sess_param['tb_iv_col'] = 'sess_enc_iv'; // Session encrypt IV col. name
$sess_param['tb_si_col'] = 'sess_sec_id'; // Session security ID column
$sess_param['tb_tr_col'] = 'sess_trace'; // Session trace column name
/**
* Security Level: A numerical method to represent access authority for
* current session/web page. The lower the number means the higher the
* security clearance. In other words, security level 5 can only access
* all level 5 or higher session/web pages, and nothing lower than 5.
* Range 0-255. The default is 128. For administration or sensitive pages
* use 0 (zero) or 1 (one) as a value. For example: Set a member area page to
* 10, and an employee area page to 5. The employees will be able to access
* their own area, plus the members area. The members will be able to access
* their own area, but not the employee area because the security level number
* required to access the employee area is lower. Members can only access any
* session/web pages with security level number of 10 or higher.
* Remember, a security level can't be changed after a session has been
* created. So, the first time the session is created with a set security
* level, it dictates the access authority for the rest of that active session.
*/
$sess_param['security_level'] = 128; // Range 0-255
/**
* Set $sess_param['new_sid'] = TRUE to force a new session ID to be created.
* Default is FALSE. Takes effect before a session_start().
* This can be set TRUE without setting $_param['sess_id'], in which case,
* a session ID will be automatically generated by the class/PHP.
*/
$sess_param['new_sid'] = FALSE;
/**
* Optionally set $sess_param['sess_id'] to a valid session ID you created.
* Works in conjunction with $sess_param['new_sid'], which must be set to TRUE.
* The default is NULL (no custom session ID specified).
*/
$sess_param['sess_id'] = NULL;
/**
* Set $sess_param['sess_id_len'] to be the length of the session ID.
* Defaults to PHP's 32 character session ID. Highly recommended to keep at 32.
*/
$sess_param['sess_id_len'] = 32;
/**
* There is a form bug in IE v6 while using PHP sessions which causes
* the loss of filled-in information when returning to the form, after
* already leaving the form page (by any means). A work around is to use
* the HTTP 1.1 header "Cache-Control: private".
* Set $sess_param['ie_fix'] = TRUE (default) to send a header output to
* fix the IE bug.
*/
$sess_param['ie_fix'] = TRUE;
/**
* Set TRUE to force addslashes() to occur on session data regardless
* of the magic quotes GPC option setting. Default is on (TRUE).
* If you find that data has slashes incorrectly, then turn this off.
*/
$sess_param['slash_anyway'] = TRUE;
/**
* Set TRUE to force stripslashes() to occur on encrypted session data
* regardless of the magic quotes GPC option setting. The default
* is on (TRUE). If you find that data is saved incorrectly, then
* turn this off.
*/
$sess_param['strip_anyway'] = TRUE;
/**
* Session Runtime Configurations. See:
* http://us2.php.net/manual/en/ref.session.php
*
* Not all can be set or take effect outside of the php.ini
* configuration file. Some options can be set at runtime without
* an error produced, but have no effect. i.e. session.auto_start
*
* All session options are used here in case there is future support
* to make option take effect at runtime. i.e. session.use_trans_sid
*
* Uncomment and assign the values you need set. Don't add 'session.' to key.
*/
$sess_param['save_path'] = 'db_esessions'; // Set to name of database
/**
* For security reasons, it's recommended you use a different session name than
* PHP's default of PHPSESSID. Once set, don't change it for the life of the
* session. Defaults to eSESSION.
*/
$sess_param['name'] = 'eSESSION'; // Assign your own session name
/**
* Let $sess_param['save_handler'] be set to the default of 'user'. Do not try
* to change it here.
*/
//$sess_param['auto_start'] = '1'; // 1 = auto start, 0 = off
/**
* PHP's garbage collection default is 1. It's recommended you use at least 10.
*/
//$sess_param['gc_probability'] = 10; // Garbage Collection
//$sess_param['gc_divisor'] = 100;
//$sess_param['gc_maxlifetime'] = 1440;
/**
* As a security feature, there's an absolute session life timeout.
* This helps in reducing the risk of session hijacking for extend periods of
* time. It is recommend that you don't set this value too high.
*/
//$sess_param['timeout'] = $sess_param['gc_maxlifetime'] * 3;
//$sess_param['serialize_handler'] = 'php';
/**
* cookie_lifetime specifies the lifetime of the cookie in seconds which is sent
* to the browser. The value 0 means "until the browser is closed." Defaults to
* 0 (zero).
*/
//$sess_param['cookie_lifetime'] = 0;
//$sess_param['cookie_path'] = '/';
//$sess_param['cookie_domain'] = '';
//$sess_param['cookie_secure'] = '0';
//$sess_param['use_cookies'] = 1;
//$sess_param['use_only_cookies'] = 0; // For PHP version >= 4.3.0
//$sess_param['referer_check'] = '';
//$sess_param['entropy_file'] = '';
//$sess_param['entropy_length'] = 0;
//$sess_param['cache_limiter'] = 'nocache';
//$sess_param['cache_expire'] = 180; // For PHP version >= 4.2.0
//$sess_param['bug_compat_42'] = 1;
//$sess_param['bug_compat_warn'] = 1;
//$sess_param['use_trans_sid'] = 1;
//$sess_param['hash_function'] = 0;
//$sess_param['hash_bits_per_character'] = 4;
/**
* Support for url_rewriter.tags option since it relates to sessions.
* Example: Like you might want to add the iframe=src to it, as in:
* a=href,area=href,frame=src,iframe=src,form=,fieldset=,input=src
*/
//$sess_param['tags'] = 'a=href,area=href,frame=src,iframe=src,form=,fieldset=,input=src';
/**
* These defined constants are optional and can be removed. They are here to
* help facilitate your coding when invoking class methods/functions.
*/
define('LOCK_SESS', TRUE); // For: changeSessLock(), changeAllSessLocks()
define('UNLOCK_SESS', FALSE); // For: changeSessLock(), changeAllSessLocks()
define('FULL_EXP', TRUE); // For: getSessInfo()
define('HALF_EXP', FALSE); // For: getSessInfo()
define('ASCENDING', TRUE); // For: getAllSessInfo()
define('DESCENDING', FALSE); // For: getAllSessInfo()
define('KEEP_OPEN', TRUE); // For: sessEncrypt(), sessDecrypt()
define('KEEP_CLOSED', FALSE); // For: sessEncrypt(), sessDecrypt()
define('SHOW_MIN', TRUE); // For: getSessLife(), getSessTimeout()
define('SHOW_SEC', FALSE); // For: getSessLife(), getSessTimeout()
define('ENCRYPT_VALUE', TRUE); // For: setSessVar()
define('DONT_ENCRYPT', FALSE); // For: setSessVar()
define('EXTRA_FIELD', TRUE); // For: setSessVar()
define('NO_EXTRA', FALSE); // For: setSessVar()
define('ENC_SFX', '_enc'); // For: setSessVar(), getSessVar()
define('ENC_IV_SFX', '_enc_iv'); // For: setSessVar(), getSessVar()
define('_BLANK', '_blank'); // For: createLink() - new, unnamed window
define('_SELF', '_self'); // For: createLink() - in the current frame
define('_PARENT', '_parent'); // For: createLink() - FRAMESET parent frame
define('_TOP', '_top'); // For: createLink() - full, unframed window
define('ADD_SESS', TRUE); // For: createLink()
define('NO_SESS', FALSE); // For: createLink()
define('ADD_LINK', TRUE); // For: getSiteWarn()
define('NO_LINK', FALSE); // For: getSiteWarn()
// Make sure there are no whitespaces after the '>' character on the last line.
?> |
Stumble It!
Bookmark in del.icio.us
Download
