MDL-10689:
[moodle-linuxchix.git] / lib / cookieless.php
blobe7ca80b3307a4a21c6617150b74e3a1fdc68ec7c
1 <?php // $Id$
2 /**
3 * Enable cookieless sessions by including $CFG->usesid=true;
4 * in config.php.
5 * Based on code from php manual by Richard at postamble.co.uk
6 * Attempts to use cookies if cookies not present then uses session ids attached to all urls and forms to pass session id from page to page.
7 * If site is open to google, google is given guest access as usual and there are no sessions. No session ids will be attached to urls for googlebot.
8 * This doesn't require trans_sid to be turned on but this is recommended for better performance
9 * you should put :
10 * session.use_trans_sid = 1
11 * in your php.ini file and make sure that you don't have a line like this in your php.ini
12 * session.use_only_cookies = 1
13 * @author Richard at postamble.co.uk and Jamie Pratt
14 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
16 /**
17 * You won't call this function directly. This function is used to process
18 * text buffered by php in an output buffer. All output is run through this function
19 * before it is ouput.
20 * @param string $buffer is the output sent from php
21 * @return string the output sent to the browser
23 function sid_ob_rewrite($buffer){
24 $replacements = array(
25 '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")([^"]*)(")/i',
26 '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')([^\']*)(\')/i');
28 $buffer = preg_replace_callback($replacements, "sid_rewrite_link_tag", $buffer);
29 $buffer = preg_replace('/<form\s[^>]*>/i',
30 '\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
32 return $buffer;
34 /**
35 * You won't call this function directly. This function is used to process
36 * text buffered by php in an output buffer. All output is run through this function
37 * before it is ouput.
38 * This function only processes absolute urls, it is used when we decide that
39 * php is processing other urls itself but needs some help with internal absolute urls still.
40 * @param string $buffer is the output sent from php
41 * @return string the output sent to the browser
43 function sid_ob_rewrite_absolute($buffer){
44 $replacements = array(
45 '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")((?:http|https)[^"]*)(")/i',
46 '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')((?:http|https)[^\']*)(\')/i');
48 $buffer = preg_replace_callback($replacements, "sid_rewrite_link_tag", $buffer);
49 $buffer = preg_replace('/<form\s[^>]*>/i',
50 '\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
51 return $buffer;
53 /**
54 * A function to process link, a and script tags found
55 * by preg_replace_callback in {@link sid_ob_rewrite($buffer)}.
57 function sid_rewrite_link_tag($matches){
58 $url = $matches[4];
59 $url=sid_process_url($url);
60 return $matches[1]. $url.$matches[5];
62 /**
63 * You can call this function directly. This function is used to process
64 * urls to add a moodle session id to the url for internal links.
65 * @param string $url is a url
66 * @return string the processed url
68 function sid_process_url($url) {
69 global $CFG;
70 if ((preg_match('/^(http|https):/i', $url)) // absolute url
71 && ((stripos($url, $CFG->wwwroot)!==0) && stripos($url, $CFG->httpswwwroot)!==0)) { // and not local one
72 return $url; //don't attach sessid to non local urls
74 if ($url[0]=='#' || (stripos($url, 'javascript:')===0)) {
75 return $url; //don't attach sessid to anchors
77 if (strpos($url, session_name())!==FALSE)
79 return $url; //don't attach sessid to url that already has one sessid
81 if (strpos($url, "?")===FALSE){
82 $append="?".strip_tags(session_name() . '=' . session_id() );
83 } else {
84 $append="&amp;".strip_tags(session_name() . '=' . session_id() );
86 //put sessid before any anchor
87 $p = strpos($url, "#");
88 if($p!==FALSE){
89 $anch = substr($url, $p);
90 $url = substr($url, 0, $p).$append.$anch ;
91 } else {
92 $url .= $append ;
94 return $url;
98 /**
99 * Call this function before there has been any output to the browser to
100 * buffer output and add session ids to all internal links.
102 function sid_start_ob(){
103 global $CFG;
104 //don't attach sess id for bots
106 if (!empty($_SERVER['HTTP_USER_AGENT'])) {
107 if (!empty($CFG->opentogoogle)) {
108 if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
109 @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
110 $CFG->usesid=false;
111 return;
113 if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) {
114 @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
115 $CFG->usesid=false;
116 return;
119 if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false ) {
120 @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
121 $CFG->usesid=false;
122 return;
125 @ini_set('session.use_trans_sid', '1'); // try and turn on trans_sid
126 if (ini_get('session.use_trans_sid')!=0 ){
127 // use trans sid as its available
128 ini_set('url_rewriter.tags', 'a=href,area=href,script=src,link=href,'
129 . 'frame=src,form=fakeentry');
130 ob_start('sid_ob_rewrite_absolute');
131 }else{
132 //rewrite all links ourselves
133 ob_start('sid_ob_rewrite');