1: <?php
2:
3: /**
4: * session.php
5: *
6: * PHP version 8
7: *
8: * LICENSE: This program is free software: you can redistribute it and/or modify
9: * it under the terms of the GNU Affero General Public License as
10: * published by the Free Software Foundation, either version 3 of the
11: * License, or (at your option) any later version.
12: * This program is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15: * GNU Affero General Public License for more details.
16: * You should have received a copy of the GNU Affero General Public License
17: * along with this program. If not, see <http://www.gnu.org/licenses/>.
18: *
19: * @category Login
20: * @package Session
21: * @author Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
22: * @author Henri Schumacher <henri.hulski@gazeta.pl>
23: * @copyright 2007-2014 Henri Schumacher
24: * @license http://www.gnu.org/licenses/agpl.html GNU Affero General Public License v3
25: * @version 1.0
26: * @link https://research.openhomeo.info/download/OpenHomeopath_1.0.2.tar.gz
27: * @see login.php
28: */
29:
30: include("include/functions/common.php");
31: include_once("include/classes/login/database.php");
32: include_once("include/classes/login/mailer.php");
33: include_once("include/classes/login/form.php");
34:
35: $tabbed = false;
36:
37: /**
38: * The Session class is meant to simplify the task of keeping
39: * track of logged in users and also guests.
40: *
41: * @category Login
42: * @package Session
43: * @author Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
44: * @author Henri Schumacher <henri.hulski@gazeta.pl>
45: * @copyright 2007-2014 Henri Schumacher
46: * @license http://www.gnu.org/licenses/agpl.html GNU Affero General Public License v3
47: */
48: class Session {
49:
50: /**
51: * Username given on sign-up
52: * @var string
53: * @access public
54: */
55: public $username;
56:
57:
58: /**
59: * email with which the user is registered
60: * @var string
61: * @access public
62: */
63: public $email;
64:
65:
66: /**
67: * Random value generated on current login
68: * @var string
69: * @access public
70: */
71: public $userid;
72:
73:
74: /**
75: * ID signed to user by auto_increment
76: * @var integer
77: * @access public
78: */
79: public $id_user;
80:
81:
82: /**
83: * The level to which the user pertains
84: * @var integer
85: * @access public
86: */
87: public $userlevel;
88:
89:
90: /**
91: * Is 1, when the user want to hide his email, otherwise 0
92: * @var integer
93: * @access public
94: */
95: public $hide_email;
96:
97:
98: /**
99: * True if user is logged in, false otherwise
100: * @var boolean
101: * @access public
102: */
103: public $logged_in;
104:
105:
106: /**
107: * The array holding all user info
108: * @var array
109: * @access public
110: */
111: public $userinfo = array();
112:
113:
114: /**
115: * The page url current being viewed
116: * @var string
117: * @access public
118: */
119: public $url;
120:
121:
122: /**
123: * Last recorded site page viewed
124: *
125: * Note: referrer should really only be considered the actual
126: * page referrer in process.php, any other time it may be
127: * inaccurate.
128: *
129: * @var string
130: * @access public
131: */
132: public $referrer;
133:
134: /**
135: * skin the user uses
136: * @var string
137: * @access public
138: */
139: public $skin = DEFAULT_SKIN;
140:
141:
142: /**
143: * language the user uses
144: * @var string
145: * @access public
146: */
147: public $lang = DEFAULT_LANGUAGE;
148:
149: /**
150: * Class constructor
151: *
152: * @return Session
153: * @access public
154: */
155: function __construct() {
156: ini_set("date.timezone", "Europe/Berlin");
157: $this->startSession();
158: $current_dir = getcwd();
159: $skin = $this->skin;
160: require_once("skins/$skin/skin_config.php");
161: }
162:
163: /**
164: * startSession performs all the actions necessary to
165: * initialize this session object. Tries to determine if the
166: * the user has logged in already, and sets the variables
167: * accordingly. Also takes advantage of this page load to
168: * update the active visitors tables.
169: *
170: * @return void
171: * @access private
172: */
173: private function startSession(){
174: global $db; //The database connection
175: $current_dir = getcwd();
176: session_start(); //Tell PHP to start the session
177:
178: $db = new UserDB;
179: $db->db_connect();
180: $db->get_num_visitors();
181:
182: /* Determine if user is logged in */
183: $this->logged_in = $this->checkLogin();
184: $this->setSkin();
185: $this->setLanguage();
186:
187:
188: /**
189: * Set guest value to users not logged in, and update
190: * active guests table accordingly.
191: */
192: if (!$this->logged_in) {
193: $this->username = $_SESSION['username'] = GUEST_NAME;
194: $this->userlevel = GUEST_LEVEL;
195: if (!bot_detected()) {
196: $db->addActiveGuest($_SERVER['REMOTE_ADDR']);
197: }
198: }
199: /* Update users last active timestamp */
200: else {
201: $db->addActiveUser($this->username);
202: }
203:
204: /* Remove inactive visitors from database */
205: $db->removeInactiveUsers();
206: $db->removeInactiveGuests();
207:
208: /* Set referrer page */
209: if (isset($_SESSION['url'])) {
210: $this->referrer = $_SESSION['url'];
211: } else {
212: $this->referrer = "/";
213: }
214:
215: /* Set current url */
216: $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
217: }
218:
219: /**
220: * checkLogin - Checks if the user has already previously
221: * logged in, and a session with the user has already been
222: * established. Also checks to see if user has been remembered.
223: * If so, the database is queried to make sure of the user's
224: * authenticity. Returns true if the user has logged in.
225: *
226: * @return boolean
227: * @access private
228: */
229: private function checkLogin(){
230: global $db; //The database connection
231: /* Check if user has been remembered */
232: if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])) {
233: $this->username = $_SESSION['username'] = $_COOKIE['cookname'];
234: $this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];
235: }
236:
237: /* Username and userid have been set and not guest */
238: if (isset($_SESSION['username']) && isset($_SESSION['userid']) &&
239: $_SESSION['username'] != GUEST_NAME) {
240: /* Confirm that username and userid are valid */
241: if ($db->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0) {
242: /* Variables are incorrect, user not logged in */
243: unset($_SESSION['username']);
244: unset($_SESSION['userid']);
245: return false;
246: }
247:
248: /* User is logged in, set class variables */
249: $this->userinfo = $db->getUserInfo($_SESSION['username'], 'username, userid, userlevel, hide_email, id_user, email');
250: $this->username = $this->userinfo[0];
251: $this->userid = $this->userinfo[1];
252: $this->userlevel = $this->userinfo[2];
253: $this->hide_email = $this->userinfo[3];
254: $this->id_user = $this->userinfo[4];
255: $this->email = $this->userinfo[5];
256: return true;
257: } else { /* User not logged in */
258: return false;
259: }
260: }
261:
262: /**
263: * setSkin - Set the current skin.
264: *
265: * @return void
266: * @access private
267: */
268: private function setSkin() {
269: global $db; //The database connection
270: if (!empty($_GET['skin'])) {
271: $this->skin = $_GET['skin'];
272: $_SESSION['skin'] = $_GET['skin'];
273: } elseif (!empty($_SESSION['skin'])) {
274: $this->skin = $_SESSION['skin'];
275: } elseif ($this->logged_in) {
276: $skin = $db->getUserInfo($this->username, 'skin_name');
277: if (!empty($skin[0])) {
278: $this->skin = $skin[0];
279: }
280: }
281: }
282:
283: /**
284: * setLanguage - Set the current user-language.
285: *
286: * @return void
287: * @access private
288: */
289: private function setLanguage() {
290: global $db; //The database connection
291: if (!empty($_GET['lang'])) {
292: $this->lang = $_GET['lang'];
293: $_SESSION['lang'] = $_GET['lang'];
294: } elseif (!empty($_SESSION['lang'])) {
295: $this->lang = $_SESSION['lang'];
296: } elseif ($this->logged_in) {
297: $lang = $db->getUserInfo($this->username, 'lang_id');
298: if (!empty($lang[0])) {
299: $this->lang = $lang[0];
300: }
301: } else {
302: $allowed_langs = array ('de', 'en');
303: $this->lang = get_browser_language($allowed_langs, DEFAULT_LANGUAGE, null, false);
304: }
305: }
306:
307: /**
308: * login - The user has submitted his username and password
309: * through the login form, this function checks the authenticity
310: * of that information in the database and creates the session.
311: * Effectively logging in the user if all goes well.
312: *
313: * @param string $subuser username
314: * @param string $subpass password
315: * @param boolean $subremember is true if the user want to stay logged in
316: * @return boolean true if login completed successfully
317: * @access public
318: */
319: function login($subuser, $subpass, $subremember) {
320: global $db, $form; //The database and form object
321:
322: /* Username error checking */
323: $field = "user"; // Use field name for username
324: if (!$subuser || strlen($subuser = trim($subuser)) == 0) {
325: $form->setError($field, _("* Username not entered"));
326: } else {
327: /* Check if username is not alphanumeric */
328: if(!preg_match("/^([0-9a-z_])*$/i", $subuser)){
329: $form->setError($field, _("* Username not alphanumeric (incl. '_')"));
330: }
331: }
332:
333: /* Password error checking */
334: $field = "pass"; // Use field name for password
335: if (!$subpass) {
336: $form->setError($field, _("* Password not entered"));
337: }
338:
339: /* Return if form errors exist */
340: if ($form->num_errors > 0) {
341: return false;
342: }
343:
344: /* Checks that username is in database and password is correct */
345: $subuser = stripslashes($subuser);
346: $result = $db->confirmUserPass($subuser, md5($subpass));
347:
348: /* Check error codes */
349: if ($result == 1) {
350: $field = "user";
351: $form->setError($field, _("* Username not found"));
352: } elseif ($result == 2) {
353: $field = "pass";
354: $form->setError($field, _("* Invalid password"));
355: }
356:
357: /* Return if form errors exist */
358: if ($form->num_errors > 0) {
359: return false;
360: }
361:
362: /* Username and password correct, register session variables */
363: $this->userinfo = $db->getUserInfo($subuser, 'username, userlevel');
364: $this->username = $_SESSION['username'] = $this->userinfo[0];
365: $this->userid = $_SESSION['userid'] = $this->generateRandID();
366: $this->userlevel = $this->userinfo[1];
367: $this->logged_in = true;
368:
369: /* Insert userid into database and update active users table */
370: $db->updateUserField($this->username, "userid", $this->userid);
371: $db->addActiveUser($this->username);
372: $db->removeActiveGuest($_SERVER['REMOTE_ADDR']);
373:
374: /**
375: * This is the cool part: the user has requested that we remember that
376: * he's logged in, so we set two cookies. One to hold his username,
377: * and one to hold his random value userid. It expires by the time
378: * specified in constants.php. Now, next time he comes to our site, we will
379: * log him in automatically, but only if he didn't log out before he left.
380: */
381:
382: if ($subremember) {
383: setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
384: setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
385: }
386: if (isset($_SESSION['skin'])) {
387: $user_skin = $db->getUserInfo($subuser, 'skin_name');
388: if (!empty($user_skin[0])) {
389: unset($_SESSION['skin']);
390: }
391: }
392: if (isset($_SESSION['lang'])) {
393: $user_lang = $db->getUserInfo($subuser, 'lang_id');
394: if (!empty($user_lang[0])) {
395: unset($_SESSION['lang']);
396: }
397: }
398:
399: /* Login completed successfully */
400: return true;
401: }
402:
403: /**
404: * logout - Gets called when the user wants to be logged out of the
405: * website. It deletes any cookies that were stored on the users
406: * computer as a result of him wanting to be remembered, and also
407: * unsets session variables and demotes his user level to guest.
408: *
409: * @return void
410: * @access public
411: */
412: function logout() {
413: //The database connection
414: global $db;
415: /**
416: * Delete cookies - the time must be in the past,
417: * so just negate what you added when creating the
418: * cookie.
419: */
420: if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])) {
421: setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
422: setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
423: }
424:
425: /* Unset PHP session variables */
426: unset($_SESSION['username']);
427: unset($_SESSION['userid']);
428:
429: /* Reflect fact that user has logged out */
430: $this->logged_in = false;
431:
432: /**
433: * Remove from active users table and add to
434: * active guests tables.
435: */
436: $db->removeActiveUser($this->username);
437: $db->addActiveGuest($_SERVER['REMOTE_ADDR']);
438:
439: /* Set user level to guest */
440: $this->username = GUEST_NAME;
441: $this->userlevel = GUEST_LEVEL;
442: }
443:
444: /**
445: * register - Gets called when the user has just submitted the
446: * registration form. Determines if there were any errors with
447: * the entry fields, if so, it records the errors and returns
448: * 1. If no errors were found, it registers the new user and
449: * returns 0. Returns 2 if registration failed.
450: *
451: * @param string $subuser username
452: * @param string $subpass password
453: * @param string $subpass2 control password
454: * @param string $subemail email
455: * @return integer 0 | 1 | 2
456: * @access public
457: */
458: function register($subuser, $subpass, $subpass2, $subemail) {
459: global $db, $form, $mailer; //The database, form and mailer object
460:
461: /* Username error checking */
462: $field = "user"; // Use field name for username
463: if (!$subuser || strlen($subuser = trim($subuser)) == 0) {
464: $form->setError($field, _("* Username not entered"));
465: } else {
466: /* Spruce up username, check length */
467: $subuser = stripslashes($subuser);
468: if (strlen($subuser) < 5) {
469: $form->setError($field, _("* Username below 5 characters"));
470: } elseif (strlen($subuser) > 30) {
471: $form->setError($field, _("* Username above 30 characters"));
472: } elseif (!preg_match("/^([0-9a-z_])+$/i", $subuser)) { /* Check if username is not alphanumeric */
473: $form->setError($field, _("* Username not alphanumeric (incl. '_')"));
474: } elseif (strcasecmp($subuser, GUEST_NAME) == 0) { /* Check if username is reserved */
475: $form->setError($field, "* Benutzername ist ein reserviertes Wort");
476: } elseif ($db->usernameTaken($subuser)) { /* Check if username is already in use */
477: $form->setError($field, _("* Username already in use"));
478: } elseif ($db->usernameBanned($subuser)) { /* Check if username is banned */
479: $form->setError($field, _("* Username banned"));
480: }
481: }
482: if (!REGISTER_VERIFY_EMAIL) {
483: /* Password error checking */
484: $field = "pass"; // Use field name for password
485: if (!$subpass) {
486: $form->setError($field, _("* Password not entered"));
487: } else {
488: /* Spruce up password and check length*/
489: $subpass = stripslashes($subpass);
490: if (strlen($subpass) < 4) {
491: $form->setError($field, _("* Password too short"));
492: }
493: /* Check if password is not alphanumeric */
494: elseif (!preg_match("/^([0-9a-z])+$/i", ($subpass = trim($subpass)))) {
495: $form->setError($field, _("* Password not alphanumeric"));
496: }
497: /**
498: * Note: I trimmed the password only after I checked the length
499: * because if you fill the password field up with spaces
500: * it looks like a lot more characters than 4, so it looks
501: * kind of stupid to report "password too short".
502: */
503: }
504:
505: /* Password2 error checking */
506: $field = "pass2"; // Use field name for second password
507: if (!$subpass) {
508: $form->setError($field, _("* Password not re-entered"));
509: } else {
510: if ($subpass != $subpass2) {
511: $form->setError($field, _("* Passwords not the same"));
512: }
513: }
514: }
515:
516: /* Email error checking */
517: $field = "email"; // Use field name for email
518: if (!$subemail || strlen($subemail = trim($subemail)) == 0) {
519: $form->setError($field, _("* E-mail not entered"));
520: } else {
521: /* Check if valid email address */
522: $atIndex = strrpos($subemail, "@");
523: if ((is_bool($atIndex) && !$atIndex) || !filter_var($subemail, FILTER_VALIDATE_EMAIL) || !(checkdnsrr(substr($subemail, $atIndex+1),"MX") || checkdnsrr(substr($subemail, $atIndex+1),"A"))) {
524: $form->setError($field, _("* E-mail invalid"));
525: }
526: $subemail = stripslashes($subemail);
527: }
528:
529: /* Errors exist, have user correct them */
530: if ($form->num_errors > 0) {
531: return 1; // Errors with form
532: } else { /* No errors, add the new account to the database */
533: if (REGISTER_VERIFY_EMAIL) {
534: $subpass = $this->generateRandStr(8);
535: }
536: if ($db->addNewUser($subuser, md5($subpass), $subemail)) {
537: if (REGISTER_VERIFY_EMAIL) {
538: $mailer->sendWelcomePass($subuser,$subemail,$subpass);
539: } elseif (EMAIL_WELCOME) {
540: $mailer->sendWelcome($subuser,$subemail,$subpass);
541: }
542: return 0; //New user added succesfully
543: } else {
544: return 2; //Registration attempt failed
545: }
546: }
547: }
548:
549: /**
550: * editAccount - Attempts to edit the user's account information
551: * including the password, which it first makes sure is correct
552: * if entered, if so and the new password is in the right
553: * format, the change is made. All other fields are changed
554: * automatically.
555: *
556: * @param string $subcurpass current password
557: * @param string $subnewpass new password
558: * @param string $subnewpass2 verification of the new password
559: * @param string $subemail email
560: * @param string $real_name user real name
561: * @param string $extra extra public information about the user
562: * @param integer $show_active 0 | 1 - 1 if the user wants to see the active users
563: * @param integer $hide_email 0 | 1 - 1 if the user wants to hide his email from other users
564: * @param string $skin original | kraque - skin the user uses
565: * @param string $lang de | en - users interface language
566: * @param string $sym_lang de | en - language the user prefers for symptoms
567: * @return boolean true on success
568: * @access public
569: */
570: function editAccount($subcurpass, $subnewpass, $subnewpass2, $subemail, $real_name, $extra, $show_active, $hide_email, $skin, $lang, $sym_lang) {
571: global $db, $form; //The database and form object
572: /* New password entered */
573: if($subnewpass){
574: /* Current Password error checking */
575: $field = "curpass"; // Use field name for current password
576: if(!$subcurpass){
577: $form->setError($field, _("* Current Password not entered"));
578: }
579: else{
580: /* Check if password too short or is not alphanumeric */
581: $subcurpass = stripslashes($subcurpass);
582: if(strlen($subcurpass) < 4 ||
583: !preg_match("/^([0-9a-z])+$/i", ($subcurpass = trim($subcurpass)))){
584: $form->setError($field, _("* Current Password incorrect"));
585: }
586: /* Password entered is incorrect */
587: if($db->confirmUserPass($this->username,md5($subcurpass)) != 0){
588: $form->setError($field, _("* Current Password incorrect"));
589: }
590: }
591:
592: /* New Password error checking */
593: $field = "newpass"; // Use field name for new password
594: /* Spruce up password and check length*/
595: $subnewpass = stripslashes($subnewpass);
596: if(strlen($subnewpass) < 4){
597: $form->setError($field, _("* New Password too short"));
598: }
599: /* Check if password is not alphanumeric */
600: elseif(!preg_match("/^([0-9a-z])+$/i", ($subnewpass = trim($subnewpass)))){
601: $form->setError($field, _("* New Password not alphanumeric"));
602: }
603:
604: /* Password2 error checking */
605: $field = "newpass2"; // Use field name for second password
606: if(!$subnewpass2){
607: $form->setError($field, _("* Password not re-entered"));
608: }
609: else{
610: if($subnewpass != $subnewpass2) {
611: $form->setError($field, _("* Passwords not the same"));
612: }
613: }
614: }
615: /* Change password attempted */
616:
617: /* Email error checking */
618: $field = "email"; // Use field name for email
619: if($subemail && strlen($subemail = trim($subemail)) > 0){
620: /* Check if valid email address */
621: $atIndex = strrpos($subemail, "@");
622: if ((is_bool($atIndex) && !$atIndex) || !filter_var($subemail, FILTER_VALIDATE_EMAIL) || !(checkdnsrr(substr($subemail, $atIndex+1),"MX") || checkdnsrr(substr($subemail, $atIndex+1),"A"))) {
623: $form->setError($field, _("* E-mail invalid"));
624: }
625: $subemail = stripslashes($subemail);
626: }
627:
628: /* Errors exist, have user correct them */
629: if($form->num_errors > 0){
630: return false; // Errors with form
631: }
632:
633: /* Update password since there were no errors */
634: if($subcurpass && $subnewpass){
635: $db->updateUserField($this->username,"password",md5($subnewpass));
636: }
637:
638: /* Change Email */
639: if(isset($subemail)){
640: $db->updateUserField($this->username,"email",$subemail);
641: }
642:
643: /* Change realname */
644: if(isset($real_name)){
645: $real_name = trim($real_name);
646: $real_name = stripslashes($real_name);
647: $db->updateUserField($this->username,"user_real_name",$real_name);
648: }
649:
650: /* Change skin */
651: if(!empty($skin)){
652: $skin = trim($skin);
653: $skin = stripslashes($skin);
654: $db->updateUserField($this->username,"skin_name",$skin);
655: if (isset($_SESSION['skin'])) {
656: unset($_SESSION['skin']);
657: }
658: }
659:
660: /* Change language */
661: if(!empty($lang)){
662: $lang = trim($lang);
663: $lang = stripslashes($lang);
664: $db->updateUserField($this->username,"lang_id",$lang);
665: if (isset($_SESSION['lang'])) {
666: unset($_SESSION['lang']);
667: }
668: }
669:
670: /* Change symptom-language */
671: if(!empty($sym_lang)){
672: $sym_lang = trim($sym_lang);
673: $sym_lang = stripslashes($sym_lang);
674: if ($sym_lang == "wo") {
675: $sym_lang = "";
676: }
677: $db->updateUserField($this->username,"sym_lang_id",$sym_lang);
678: $db->create_custom_symptom_table();
679: }
680:
681: /* Change extra */
682: if(isset($extra)){
683: $extra = str_replace("\n\r", "<br>", $extra);
684: $extra = str_replace("\n", "<br>", $extra);
685: $extra = trim($extra);
686: $db->updateUserField($this->username,"user_extra",$extra);
687: }
688:
689: /* show active users */
690: if($show_active && !$this->showActive()) {
691: $db->updateUserField($this->username,"userlevel",SHOW_LEVEL);
692: } elseif (!$show_active && $this->userlevel == SHOW_LEVEL) {
693: $db->updateUserField($this->username,"userlevel",USER_LEVEL);
694: }
695:
696: /* hide email */
697: if($hide_email && $this->hide_email == "0") {
698: $db->updateUserField($this->username,"hide_email",1);
699: } elseif (!$hide_email && $this->hide_email == "1") {
700: $db->updateUserField($this->username,"hide_email",0);
701: }
702:
703: /* Success! */
704: return true;
705: }
706:
707: /**
708: * isAdmin - Returns true if currently logged in user is
709: * an administrator, false otherwise.
710: *
711: * @return boolean
712: * @access public
713: */
714: function isAdmin(){
715: return ($this->userlevel == ADMIN_LEVEL || $this->username == ADMIN_NAME);
716: }
717:
718: /**
719: * isEditor - Returns true if currently logged in user is
720: * an editor, false otherwise.
721: *
722: * @return boolean
723: * @access public
724: */
725: function isEditor(){
726: return ($this->userlevel >= EDITOR_LEVEL || $this->username == ADMIN_NAME);
727: }
728:
729: /**
730: * showActiveUsers - Returns true if currently logged in user is
731: * an administrator or if he wants to see active users
732: *
733: * @return boolean
734: * @access public
735: */
736: function showActive(){
737: return ($this->isAdmin() || $this->isEditor() || $this->userlevel == SHOW_LEVEL);
738: }
739:
740: /**
741: * generateRandID - Generates a string made up of randomized
742: * letters (lower and upper case) and digits and returns
743: * the md5 hash of it to be used as a userid.
744: *
745: * @return string
746: * @access public
747: */
748: function generateRandID(){
749: return md5($this->generateRandStr(16));
750: }
751:
752: /**
753: * generateRandStr - Generates a string made up of randomized
754: * letters (lower and upper case) and digits, the length
755: * is a specified parameter.
756: *
757: * @param integer $length string length
758: * @return string
759: * @access public
760: */
761: function generateRandStr($length){
762: $randstr = "";
763:
764: for($i=0; $i<$length; $i++){
765: $randnum = mt_rand(0,61);
766: if($randnum < 10){
767: $randstr .= chr($randnum+48);
768: }elseif($randnum < 36){
769: $randstr .= chr($randnum+55);
770: }else{
771: $randstr .= chr($randnum+61);
772: }
773: }
774: return $randstr;
775: }
776: };
777:
778:
779: /**
780: * Initialize session object - This must be initialized before
781: * the form object because the form uses session variables,
782: * which cannot be accessed unless the session has started.
783: */
784: $session = new Session;
785: include_once("locale/localization.php");
786: if (!$session->logged_in) {
787: $db->update_custom_symptom_table();
788: }
789:
790:
791: /* Initialize form object */
792: $form = new Form;
793:
794: /* tabbed has to be set false at startup */
795: $tabbed = false;
796: