X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fsession.php;h=4c93c2267c51fb210b80a6e9a8b34b8a4596b7f9;hb=831c60d4cec333ea95e0ce23d9e53fd5d8133ce6;hp=6999d8c9d7aeadd313ee27ef07adb8430fa6e2f8;hpb=8a49da96622bc6f9b3bb2da7eb4d2dad003db9f2;p=mailer.git diff --git a/inc/session.php b/inc/session.php index 6999d8c9d7..4c93c2267c 100644 --- a/inc/session.php +++ b/inc/session.php @@ -32,7 +32,7 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -47,6 +47,7 @@ if (($VIEW == 1) && ($_SERVER['PHP_SELF'])) return; // Start the session @session_start(); +global $PHPSESSID; $PHPSESSID = @session_id(); // Store language code in cookie @@ -56,7 +57,7 @@ set_session("mx_lang", $mx_lang); require_once(PATH."inc/load_extensions.php"); // Check if refid is set -if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click.php")) { +if ((!empty($_GET['user'])) && ($CLICK == 1) && (basename($_SERVER['PHP_SELF']) == "click.php")) { // The variable user comes from the click-counter script click.php and we only accept this here $GLOBALS['refid'] = bigintval($_GET['user']); } elseif (!empty($_POST['refid'])) { @@ -82,7 +83,19 @@ if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click. // Set cookie when default refid > 0 if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_session('refid') == "0") && ($_CONFIG['def_refid'] > 0))) { // Set cookie - set_session("refid", $GLOBALS['refid']); + set_session('refid', $GLOBALS['refid']); +} // END - if + +// Transfer userid from session and validate it +if (isset($_SESSION['userid'])) { + // Get it secured from session + $GLOBALS['userid'] = bigintval($_SESSION['userid']); + + // Is it valid? + if (!IS_MEMBER()) { + // Then destroy the user id + destroy_user_session(); + } // END - if } // Test session if index.php or modules.php is loaded