X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fsession.php;h=2c7ab4488d4d59ca92eef7bf279a9ccf2469027b;hb=4c934f57eb7749817b41b78818c90766f7777500;hp=b8143d261719da51ea8037746008c6150b2bff81;hpb=8383fc52cd2340ea1756f9e1808fa3589e27c341;p=mailer.git diff --git a/inc/session.php b/inc/session.php index b8143d2617..2c7ab4488d 100644 --- a/inc/session.php +++ b/inc/session.php @@ -32,7 +32,7 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -47,18 +47,20 @@ if (($VIEW == 1) && ($_SERVER['PHP_SELF'])) return; // Start the session @session_start(); +global $PHPSESSID; $PHPSESSID = @session_id(); // Store language code in cookie set_session("mx_lang", $mx_lang); +// Load extensions here +require_once(PATH."inc/load_extensions.php"); + // Check if refid is set if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click.php")) { // The variable user comes from the click-counter script click.php and we only accept this here $GLOBALS['refid'] = bigintval($_GET['user']); -} - -if (!empty($_POST['refid'])) { +} elseif (!empty($_POST['refid'])) { // Get referral id from variable refid (so I hope this makes my script more compatible to other scripts) $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_POST['refid'])); } elseif (!empty($_GET['refid'])) { @@ -70,7 +72,7 @@ if (!empty($_POST['refid'])) { } elseif (isSessionVariableSet('refid')) { // Set session refid als global $GLOBALS['refid'] = bigintval(get_session('refid')); -} elseif (GET_EXT_VERSION("sql_patches") != '') { +} elseif (GET_EXT_VERSION("sql_patches") != "") { // Set default refid as refid in URL $GLOBALS['refid'] = bigintval($_CONFIG['def_refid']); } else { @@ -84,6 +86,18 @@ if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_sessi set_session("refid", $GLOBALS['refid']); } +// Transfer userid from session and validate it +if (isset($_SESSION['userid'])) { + // Get it secured from session + $GLOBALS['userid'] = bigintval($_SESSION['userid']); + + // Is it valid? + if (!IS_MEMBER()) { + // Then destroy the user id + destroy_user_session(); + } // END - if +} + // Test session if index.php or modules.php is loaded if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (isBooleanConstantAndTrue('mxchange_installing'))) { if (count($_SESSION) > 0) {