session.php (1491B)
1 <?php 2 class ControllerStartupSession extends Controller { 3 public function index() { 4 if (isset($this->request->get['route']) && substr($this->request->get['route'], 0, 4) == 'api/') { 5 $this->db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, date_modified) < NOW()"); 6 7 // Make sure the IP is allowed 8 $api_query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (a.api_id = as.api_id) LEFT JOIN " . DB_PREFIX . "api_ip `ai` ON (a.api_id = ai.api_id) WHERE a.status = '1' AND `as`.`session_id` = '" . $this->db->escape($this->request->get['api_token']) . "' AND ai.ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'"); 9 10 if ($api_query->num_rows) { 11 $this->session->start($this->request->get['api_token']); 12 13 // keep the session alive 14 $this->db->query("UPDATE `" . DB_PREFIX . "api_session` SET `date_modified` = NOW() WHERE `api_session_id` = '" . (int)$api_query->row['api_session_id'] . "'"); 15 } 16 } else { 17 if (isset($_COOKIE[$this->config->get('session_name')])) { 18 $session_id = $_COOKIE[$this->config->get('session_name')]; 19 } else { 20 $session_id = ''; 21 } 22 23 $this->session->start($session_id); 24 25 setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain')); 26 } 27 } 28 }