1 files changed, 28 insertions, 0 deletions

diff --git a/public/catalog/controller/startup/session.php b/public/catalog/controller/startup/session.php
new file mode 100644
index 0000000..5a2ad04
--- /dev/null
+++ b/public/catalog/controller/startup/session.php
@@ -0,0 +1,28 @@
+<?php
+class ControllerStartupSession extends Controller {
+	public function index() {
+		if (isset($this->request->get['api_token']) && isset($this->request->get['route']) && substr($this->request->get['route'], 0, 4) == 'api/') {
+			$this->db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, date_modified) < NOW()");
+					
+			// Make sure the IP is allowed
+			$api_query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api` `a` LEFT JOIN `" . DB_PREFIX . "api_session` `as` ON (a.api_id = as.api_id) LEFT JOIN " . DB_PREFIX . "api_ip `ai` ON (a.api_id = ai.api_id) WHERE a.status = '1' AND `as`.`session_id` = '" . $this->db->escape($this->request->get['api_token']) . "' AND ai.ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'");
+		 
+			if ($api_query->num_rows) {
+				$this->session->start($this->request->get['api_token']);
+				
+				// keep the session alive
+				$this->db->query("UPDATE `" . DB_PREFIX . "api_session` SET `date_modified` = NOW() WHERE `api_session_id` = '" . (int)$api_query->row['api_session_id'] . "'");
+			}
+		} else {
+			if (isset($_COOKIE[$this->config->get('session_name')])) {
+				$session_id = $_COOKIE[$this->config->get('session_name')];
+			} else {
+				$session_id = '';
+			}
+			
+			$this->session->start($session_id);
+			
+			setcookie($this->config->get('session_name'), $this->session->getId(), ini_get('session.cookie_lifetime'), ini_get('session.cookie_path'), ini_get('session.cookie_domain'));	
+		}
+	}
+}
\ No newline at end of file