function fp_get_session_str
Search API
7.x misc.inc | fp_get_session_str() |
6.x misc.inc | fp_get_session_str() |
This function will provide the session_id as a string, as well as a secret token we can use to make sure the session_id is authentic and came from us and not a hacker.
File
- includes/
misc.inc, line 1655 - This file contains misc functions for FlightPath
Code
function fp_get_session_str() {
$session_id = session_id(); // Get the PHP session_id
$ip = @$_SERVER ["REMOTE_ADDR"];
if ($ip == "") {
$ip = "000";
}
// NOTE: We cannot use fp_token() here, since the get function (below) is called before the various bootstrap files are loaded.
// Create a string where we can confirm the ip and server name the session came from.
// TODO: Might be able to add more entropy later on, as long as it does not involve the database, since bootstrap isn't loaded yet when validating.
$str = $session_id . "~_" . md5($session_id . $ip . php_uname('n'));
return $str;
}