usesid=true; * in config.php. * Based on code from php manual by Richard at postamble.co.uk * Attempts to use cookies if cookies not present then uses session ids attached to all urls and forms to pass session id from page to page. * If site is open to google, google is given guest access as usual and there are no sessions. No session ids will be attached to urls for googlebot. * This doesn't require trans_sid to be turned on but this is recommended for better performance * you should put : * session.use_trans_sid = 1 * in your php.ini file and make sure that you don't have a line like this in your php.ini * session.use_only_cookies = 1 * @author Richard at postamble.co.uk and Jamie Pratt * @license http://www.gnu.org/copyleft/gpl.html GNU Public License */ class cookieless_sid { /** * @var string Using this variable to store $CFG->wwwroot. Found that in some versions of php the $CFG global was null in * the callback functions used by the output buffer. */ var $httproot = null; /** * @var string Using this variable to store $CFG->httpswwwroot. */ var $httpsroot = null; /** * @var boolean Using this variable to store $CFG->usesid. */ var $usesid = false; /** * You won't call this function directly. This function is used to process * text buffered by php in an output buffer. All output is run through this function * before it is ouput. * @param string $buffer is the output sent from php * @return string the output sent to the browser */ function ob_rewrite($buffer){ $replacements = array( '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")([^"]*)(")/i', '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')([^\']*)(\')/i'); $buffer = preg_replace_callback($replacements, array($this, "rewrite_link_tag"), $buffer); $buffer = preg_replace('/]*>/i', '\0', $buffer); return $buffer; } /** * You won't call this function directly. This function is used to process * text buffered by php in an output buffer. All output is run through this function * before it is ouput. * This function only processes absolute urls, it is used when we decide that * php is processing other urls itself but needs some help with internal absolute urls still. * @param string $buffer is the output sent from php * @return string the output sent to the browser */ function ob_rewrite_absolute($buffer){ $replacements = array( '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")((?:http|https)[^"]*)(")/i', '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')((?:http|https)[^\']*)(\')/i'); $buffer = preg_replace_callback($replacements, array($this, "rewrite_link_tag"), $buffer); $buffer = preg_replace('/]*>/i', '\0', $buffer); return $buffer; } /** * A function to process link, a and script tags found * by preg_replace_callback in ob_rewrite($buffer). */ function rewrite_link_tag($matches){ $url = $matches[4]; $url= $this->process_url($url); return $matches[1]. $url.$matches[5]; } /** * You can call this function directly. This function is used to process * urls to add a moodle session id to the url for internal links. * @param string $url is a url * @return string the processed url */ function process_url($url) { if ((preg_match('/^(http|https):/i', $url)) // absolute url && ((stripos($url, $this->httproot)!==0) && stripos($url, $this->httpsroot)!==0)) { // and not local one //error_log("non local url : $url ; \$CFG->wwwroot : ".$this->httproot); return $url; //don't attach sessid to non local urls } if ($url[0]=='#' || (stripos($url, 'javascript:')===0)) { //error_log("anchor : $url"); return $url; //don't attach sessid to anchors } if (strpos($url, session_name())!==FALSE) { //error_log("already has one sessid : $url"); return $url; //don't attach sessid to url that already has one sessid } if (strpos($url, "?")===FALSE){ $append="?".strip_tags(session_name() . '=' . session_id() ); } else { $append="&".strip_tags(session_name() . '=' . session_id() ); } //put sessid before any anchor $p = strpos($url, "#"); if($p!==FALSE){ $anch = substr($url, $p); $url = substr($url, 0, $p).$append.$anch ; } else { $url .= $append ; } //error_log("added sid : $url"); return $url; } /** * Call this function before there has been any output to the browser to * buffer output and add session ids to all internal links. */ function start_ob(){ global $CFG; $this->httproot = $CFG->wwwroot; $this->httpsroot = $CFG->httpswwwroot; $this->usesid = !empty($CFG->usesid); //don't attach sess id for bots if (!empty($_SERVER['HTTP_USER_AGENT'])) { if (!empty($CFG->opentogoogle)) { if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) { @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid $CFG->usesid=false; return; } if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid $CFG->usesid=false; return; } } if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false ) { @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid $CFG->usesid=false; return; } } @ini_set('session.use_trans_sid', '1'); // try and turn on trans_sid if (ini_get('session.use_trans_sid')!=0 ){ // use trans sid as its available ini_set('url_rewriter.tags', 'a=href,area=href,script=src,link=href,' . 'frame=src,form=fakeentry'); ob_start(array($this, 'ob_rewrite_absolute')); }else{ //rewrite all links ourselves ob_start(array($this, 'ob_rewrite')); } } } $url_processor_for_cookieless_sessions = new cookieless_sid(); $url_processor_for_cookieless_sessions->start_ob(); /** * You can call this function directly. This function is used to process * urls to add a moodle session id to the url for internal links. * Still using this function as a facade to access the instantiated object, * that actually does the processing, to preserve the old api. * @param string $url is a url * @return string the processed url */ function sid_process_url($url) { global $url_processor_for_cookieless_sessions; return $url_processor_for_cookieless_sessions->process_url($url); } ?>