reading and checking for session variables rewritten

diff --git a/inc/doubler_send.php b/inc/doubler_send.php
index fd72454f9aaf555558ee153ed7377f2b44c6aea0..e7ad280fcbfa836189f2e659ae72c99cc2c3f102 100644 (file)
--- a/inc/doubler_send.php
+++ b/inc/doubler_send.php
@@ -52,7 +52,7 @@ if ($DOUBLER_POINTS == 0)
 // If not currently doubled set it to zero
 unset($_GET['DOUBLER_UID']);
 unset($_POST['DOUBLER_UID']);
-unset($_SESSION['DOUBLER_UID']);
+set_session('DOUBLER_UID', "");
 if (empty($DOUBLER_UID)) $DOUBLER_UID = "0";
 
 // Check for doubles which we can pay out

diff --git a/inc/extensions.php b/inc/extensions.php
index 3e301719a8b3b297f4cb36d1a5f4765d707d873b..ddb3cb813ed8bd688f9239b8089b9eaa8fe0e7b6 100644 (file)
--- a/inc/extensions.php
+++ b/inc/extensions.php
@@ -433,7 +433,7 @@ function EXTENSION_UPDATE($file, $ext, $EXT_VER, $dry_run=false)
                        {
                                // Task not created so it's a brand-new extension which we need to register and create a task for!
                                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created) VALUES ('%s', '0', 'NEW', 'EXTENSION_UPDATE', '%s', '%s', UNIX_TIMESTAMP())",
-                                array(GET_ADMIN_ID(SQL_ESCAPE($_SESSION['admin_login'])), $ext_subj, addslashes($NOTES)), __FILE__, __LINE__);
+                                array(GET_ADMIN_ID(SQL_ESCAPE(get_session('admin_login'))), $ext_subj, addslashes($NOTES)), __FILE__, __LINE__);
                        }
 
                        // Free memory

diff --git a/inc/extensions/ext-admins.php b/inc/extensions/ext-admins.php
index ba5b7225b298bbc04216713bb9127792a6b6034b..35886053752691d72d5b56888d1e781bb7940e9a 100644 (file)
--- a/inc/extensions/ext-admins.php
+++ b/inc/extensions/ext-admins.php
@@ -96,7 +96,7 @@ case "update": // Update an extension
                $SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_admins ADD default_acl enum('deny', 'allow') not null default 'deny'";
 
                // But allow current admin everything (THIS SHALL BE YOU!)
-               $SQLs[] = "UPDATE "._MYSQL_PREFIX."_admins SET default_acl='allow' WHERE login='".$_SESSION['admin_login']."' LIMIT 1";
+               $SQLs[] = "UPDATE "._MYSQL_PREFIX."_admins SET default_acl='allow' WHERE login='".get_session('admin_login')."' LIMIT 1";
                $SQLs[] = "DROP TABLE IF EXISTS "._MYSQL_PREFIX."_admins_acls";
                $SQLs[] = "CREATE TABLE "._MYSQL_PREFIX."_admins_acls (
 id bigint(20) not null auto_increment,

diff --git a/inc/functions.php b/inc/functions.php
index 30106b29732fc3060fd16093aff4da1ed3ce91fc..f6fbbb1cc6ccc1ce3d72d67d3ebb296802b37c9c 100644 (file)
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -638,15 +638,11 @@ function TRANSLATE_STATUS($status)
        return $ret;
 }
 //
-function GET_LANGUAGE()
-{
-       if (!empty($_GET['mx_lang']))
-       {
+function GET_LANGUAGE() {
+       if (!empty($_GET['mx_lang'])) {
                // Accept only first 2 chars
                $lang = substr($_GET['mx_lang'], 0, 2);
-       }
-        else
-       {
+       } else {
                // Do nothing
                $lang = "";
        }
@@ -655,25 +651,20 @@ function GET_LANGUAGE()
        $ret = DEFAULT_LANG;
 
        // Check GET variable and cookie
-       if (!empty($lang))
-       {
+       if (!empty($lang)) {
                // Check if main language file does exist
-               if (file_exists(PATH."inc/language/".$lang.".php"))
-               {
+               if (file_exists(PATH."inc/language/".$lang.".php")) {
                        // Okay found, so let's update cookies
                        SET_LANGUAGE($lang);
                }
-       }
-        elseif (!empty($_SESSION['mx_lang']))
-       {
+       } elseif (!isSessionVariableSet('mx_lang')) {
                // Return stored value from cookie
-               $ret = $_SESSION['mx_lang'];
+               $ret = get_session('mx_lang');
        }
        return $ret;
 }
 //
-function SET_LANGUAGE($lang)
-{
+function SET_LANGUAGE($lang) {
        global $_CONFIG;
 
        // Accept only first 2 chars!
@@ -681,9 +672,6 @@ function SET_LANGUAGE($lang)
 
        // Set cookie
        set_session("mx_lang", $lang);
-
-       // Set array
-       $_SESSION['mx_lang'] = $lang;
 }
 //
 function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0")
@@ -699,11 +687,10 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0")
        $HTTP_USER_AGENT  = getenv('HTTP_USER_AGENT');
 
        $ADMIN = MAIN_TITLE;
-       if (!empty($_SESSION['admin_login']))
-       {
+       if (isSessionVariableSet('admin_login')) {
                // Load Admin data
                $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                       array(SQL_ESCAPE($_SESSION['admin_login'])), __FILE__, __LINE__);
+                       array(SQL_ESCAPE(get_session('admin_login'))), __FILE__, __LINE__);
                list($ADMIN) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
        }
@@ -1221,12 +1208,12 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="")
        $data   = $code.":".$uid.":".$DATA;
 
        // Add more additional data
-       if (isset($_SESSION['u_hash']))         $data .= ":".$_SESSION['u_hash'];
-       if (isset($GLOBALS['userid']))         $data .= ":".$GLOBALS['userid'];
-       if (isset($_SESSION['lifetime']))       $data .= ":".$_SESSION['lifetime'];
-       if (isset($_SESSION['mxchange_theme'])) $data .= ":".$_SESSION['mxchange_theme'];
-       if (isset($_SESSION['mx_lang']))        $data .= ":".$_SESSION['mx_lang'];
-       if (isset($GLOBALS['refid']))          $data .= ":".$GLOBALS['refid'];
+       if (isSessionVariableSet('u_hash'))                     $data .= ":".get_session('u_hash');
+       if (isset($GLOBALS['userid']))                          $data .= ":".$GLOBALS['userid'];
+       if (isSessionVariableSet('lifetime'))           $data .= ":".get_session('lifetime');
+       if (isSessionVariableSet('mxchange_theme'))     $data .= ":".get_session('mxchange_theme');
+       if (isSessionVariableSet('mx_lang'))            $data .= ":".GET_LANGUAGE();
+       if (isset($GLOBALS['refid']))                           $data .= ":".$GLOBALS['refid'];
 
        // Calculate number for generating the code
        $a = $code + _ADD - 1;
@@ -2036,8 +2023,8 @@ function FIX_DELETED_COOKIES ($cookies) {
                // Then check all cookies if they are marked as deleted!
                foreach ($cookies as $cookieName) {
                        // Is the cookie set to "deleted"?
-                       if ((isset($_SESSION[$cookieName])) && ($_SESSION[$cookieName] == "deleted")) {
-                               unset($_SESSION[$cookieName]);
+                       if (get_session($cookieName) == "deleted") {
+                               set_session($cookieName, "");
                        }
                }
        }
@@ -2095,12 +2082,12 @@ function set_session ($var, $value) {
        $var = trim(SQL_ESCAPE($var)); $value = trim($value);
 
        // Is the session variable set?
-       if (("".$value."" == "") && (isset($_SESSION[$var]))) {
+       if (("".$value."" == "") && (isSessionVariableSet($var))) {
                // Remove the session
-               //* DEBUG: */ echo "UNSET:".$var."=".$_SESSION[$var]."<br />\n";
+               //* DEBUG: */ echo "UNSET:".$var."=".get_session($var)."<br />\n";
                unset($_SESSION[$var]);
                return session_unregister($var);
-       } elseif (("".$value."" != "") && (!isset($_SESSION[$var]))) {
+       } elseif (("".$value."" != "") && (!isSessionVariableSet($var))) {
                // Set session
                //* DEBUG: */ echo "SET:".$var."=".$value."<br />\n";
                $_SESSION[$var] =  $value;
@@ -2120,6 +2107,28 @@ function isBooleanConstantAndTrue($constname) { // : Boolean
        return($res);
 }
 
+// Check wether a session variable is set
+function isSessionVariableSet($var) {
+       return (isset($_SESSION[$var]));
+}
+
+// Returns wether the value of the session variable or NULL if not set
+function get_session($var) {
+       if (!isset($_SESSION)) session_start();
+
+       // Default is not found! ;-)
+       $value = null;
+
+       // Is the variable there?
+       if (isSessionVariableSet($var)) {
+               // Then  get it secured!
+               $value = SQL_ESCAPE($_SESSION[$var]);
+       }
+
+       // Return the value
+       return $value;
+}
+
 //
 //////////////////////////////////////////////
 //                                          //

diff --git a/inc/gen_sql_patches.php b/inc/gen_sql_patches.php
index dd6aace8f9fb6e02c8b3f4c280133de4df637cac..1e402e0fa28c5366217d4d849b57599fdd23ec69 100644 (file)
--- a/inc/gen_sql_patches.php
+++ b/inc/gen_sql_patches.php
@@ -96,9 +96,9 @@ if (empty($_CONFIG['file_hash']))
                 @chmod($file, 0644);
 
                 //* DEBUG: */ unlink($file);
-                //* DEBUG: */ $test = hexdec($_SESSION['u_hash']) / hexdec($secretKey);
+                //* DEBUG: */ $test = hexdec(get_session('u_hash')) / hexdec($secretKey);
                 //* DEBUG: */ $test = generateHash(str_replace('.', '', $test));
-                //* DEBUG: */ die("Secret-Key: ".$secretKey."<br>Cookie: ".$_SESSION['u_hash']."<br>Test: ".$test);
+                //* DEBUG: */ die("Secret-Key: ".$secretKey."<br>Cookie: ".get_session('u_hash')."<br>Test: ".$test);
 
                 // Write $file_hash to database
                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET file_hash='%s' WHERE config=0 LIMIT 1",

diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php
index d4ced65b01a0e87bb6b2b575251a1fec9b6dc33f..b10cd3757c705063d58202de66c9b69c60f8bb59 100644 (file)
--- a/inc/libs/admins_functions.php
+++ b/inc/libs/admins_functions.php
@@ -49,22 +49,22 @@ function ADMINS_CHECK_ACL($act, $wht) {
        $ret = false;
 
        // Get admin's defult access right
-       if (!empty($cacheArray['admins']['def_acl'][$_SESSION['admin_login']])) {
+       if (!empty($cacheArray['admins']['def_acl'][get_session('admin_login')])) {
                // Load from cache
-               $default = $cacheArray['admins']['def_acl'][$_SESSION['admin_login']];
+               $default = $cacheArray['admins']['def_acl'][get_session('admin_login')];
 
                // Count cache hits
                $_CONFIG['cache_hits']++;
        } elseif (!is_object($cacheInstance)) {
                // Load from database
                $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                array($_SESSION['admin_login']), __FILE__, __LINE__);
+                array(get_session('admin_login')), __FILE__, __LINE__);
                list($default) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
        }
 
        // Get admin's ID
-       $aid = GET_ADMIN_ID($_SESSION['admin_login']);
+       $aid = GET_ADMIN_ID(get_session('admin_login'));
 
        if (!empty($wht)) {
                // Check for parent menu:
@@ -195,21 +195,21 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) {
                        if (!empty($POST['pass1'][$id])) $ADD = sprintf(", password='%s'", SQL_ESCAPE($hash));
 
                        // Get admin's ID
-                       $salt = substr(GET_ADMIN_HASH($_SESSION['admin_login']), 0, -40);
-                       $aid = GET_ADMIN_ID($_SESSION['admin_login']);
+                       $salt = substr(GET_ADMIN_HASH(get_session('admin_login')), 0, -40);
+                       $aid = GET_ADMIN_ID(get_session('admin_login'));
 
                        // Rewrite cookie when it's own account
                        if ($aid == $id) {
                                // Set timeout cookie
                                set_session("admin_last", time());
 
-                               if ($login != $_SESSION['admin_login']) {
+                               if ($login != get_session('admin_login')) {
                                        // Update login cookie
                                        set_session("admin_login", $login);
 
                                        // Update password cookie as well?
                                        if (!empty($ADD)) set_session("admin_md5", $hash);
-                               } elseif (generateHash($POST['pass1'][$id], $salt) != $_SESSION['admin_md5']) {
+                               } elseif (generateHash($POST['pass1'][$id], $salt) != get_session('admin_md5')) {
                                        // Update password cookie
                                        set_session("admin_md5", $hash);
                                }
@@ -218,7 +218,7 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) {
 
                        // Get default ACL from admin to check if we can allow him to change the default ACL
                        $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                        array($_SESSION['admin_login']), __FILE__, __LINE__);
+                        array(get_session('admin_login')), __FILE__, __LINE__);
                        list($default) = SQL_FETCHROW($result);
 
                        // Free result
@@ -368,7 +368,7 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) {
                $id = bigintval($id);
 
                // Delete only when it's not your own account!
-               if (($del == 1) && (GET_ADMIN_ID($_SESSION['admin_login']) != $id)) {
+               if (($del == 1) && (GET_ADMIN_ID(get_session('admin_login')) != $id)) {
                        // Rewrite his tasks to all admins
                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",
                         array($id), __FILE__, __LINE__);

diff --git a/inc/libs/output_functions.php b/inc/libs/output_functions.php
index 8d64e7023e74a155456b7f7f6e5b1818e5caf768..060927966717e3db8bd44fb4eb41cf748e44cbe1 100644 (file)
--- a/inc/libs/output_functions.php
+++ b/inc/libs/output_functions.php
@@ -77,12 +77,12 @@ function get_template ($template, $return=false, $content="")
 {
        // Add more variables which you want to use in your template files
        global $DATA, $ACTION, $WHAT;
-       $REFID = bigintval($_SESSION['refid']);
+       $REFID = bigintval(get_session('refid'));
 
        if ($template == "member_support_form")
        {
                // Support request of a member
-               $ID = bigintval($_SESSION['userid']);
+               $ID = bigintval($GLOBALS['userid']);
                $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__);
                list($sex, $surname, $family) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);

diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php
index 8c032b722af6bf1c0ae399a9125e7d755e044275..b46309ee9291bb8fe15e22141dcabedbb8131b39 100644 (file)
--- a/inc/libs/security_functions.php
+++ b/inc/libs/security_functions.php
@@ -76,10 +76,10 @@ if (!isset($_POST))
        global $_POST;
        $_POST = $GLOBALS['_POST'];
 }
-if (!isset($_SESSION))
+if (!isset($_COOKIE))
 {
-       global $_SESSION;
-       $_SESSION = $GLOBALS['_COOKIE'];
+       global $_COOKIE;
+       $_COOKIE = $GLOBALS['_COOKIE'];
 }
 
 // Include IP-Filter here
@@ -166,12 +166,12 @@ if (basename($_SERVER['PHP_SELF']) != "install.php")
        }
 
        // ... and finally cookies
-       foreach ($_SESSION as $seckey=>$secvalue)
+       foreach ($_COOKIE as $seckey=>$secvalue)
        {
                if (is_array($secvalue))
                {
                        // Throw arrays away...
-                       unset($_SESSION[$seckey]);
+                       unset($_COOKIE[$seckey]);
                }
                 else
                {
@@ -179,11 +179,11 @@ if (basename($_SERVER['PHP_SELF']) != "install.php")
                        foreach ($SEC_CHARS['from'] as $key=>$char)
                        {
                                // Pass all through
-                               $_SESSION[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_SESSION[$seckey]);
+                               $_COOKIE[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_COOKIE[$seckey]);
                        }
 
                        // Strip all other out
-                       $_SESSION[$seckey] = strip_tags($_SESSION[$seckey]);
+                       $_COOKIE[$seckey] = strip_tags($_COOKIE[$seckey]);
                }
        }
 }

diff --git a/inc/libs/task_functions.php b/inc/libs/task_functions.php
index 53f8feb9a8d9735ce4e4ede3841cccd224474180..ce4b5f6039b8fb7df39af7fd59e47cda03ff856c 100644 (file)
--- a/inc/libs/task_functions.php
+++ b/inc/libs/task_functions.php
@@ -57,7 +57,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
        if (!$JOBS_DONE) {
                // New extensions or updates found
                $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND status='NEW' AND task_type='EXTENSION_UPDATE'",
-                array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
+                array(GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
 
                $value = SQL_NUMROWS($result);
                SQL_FREERESULT($result);
@@ -150,7 +150,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
        // Solved tasks
        //
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE status = 'SOLVED' AND assigned_admin='%s'",
-        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
        $value = SQL_NUMROWS($result);
        SQL_FREERESULT($result);
 
@@ -164,7 +164,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
        // Your tasks
        //
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND status = 'NEW' AND task_type != 'EXTENSION_UPDATE'",
-        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
        $value = SQL_NUMROWS($result);
        SQL_FREERESULT($result);
 

diff --git a/inc/load_extensions.php b/inc/load_extensions.php
index b7499dae519648d1ada089037c92741ba0755c33..e2f44a0faba76513d6821c35fe08de9eb3bb967a 100644 (file)
--- a/inc/load_extensions.php
+++ b/inc/load_extensions.php
@@ -46,15 +46,12 @@ $ADD = "";
 if ((!isBooleanConstantAndTrue('mxchange_installed')) || (isBooleanConstantAndTrue('mxchange_installing'))) return;
 
 // Load default sql_patches extension if present
-if (file_exists(PATH."inc/extensions/ext-sql_patches.php") && is_readable(PATH."inc/extensions/ext-sql_patches.php"))
-{
+if (file_exists(PATH."inc/extensions/ext-sql_patches.php") && is_readable(PATH."inc/extensions/ext-sql_patches.php")) {
        // Load it...
        $EXT_LOAD_MODE = "";
        require_once(PATH."inc/extensions/ext-sql_patches.php");
        $cacheArray['active_extensions'] = array('sql_patches' => 'Y'); // KEEP THIS ALWAYS ACTIVE!
-}
- else
-{
+} else {
        // Initialize array for "always keep active extensions"
        $cacheArray['active_extensions'] = array();
 }
@@ -79,9 +76,7 @@ if (EXT_IS_ACTIVE("cache"))
 
        // Load language
        if ($cacheMode == "load") include(PATH."inc/language/cache_".GET_LANGUAGE().".php");
-}
- else
-{
+} else {
        $cacheMode = "no";
 }
 

diff --git a/inc/modules/admin.php b/inc/modules/admin.php
index 083009f303cfaac823b7ad6dfc62bd85afcd8cc9..e7aabd542decdb44844cb008233164661fd5712f 100644 (file)
--- a/inc/modules/admin.php
+++ b/inc/modules/admin.php
@@ -137,9 +137,9 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                // Load register template
                LOAD_TEMPLATE("admin_reg_form");
        }
-} elseif ((empty($_SESSION['admin_login'])) || (empty($_SESSION['admin_md5'])) || (empty($_SESSION['admin_last'])) || (empty($_SESSION['admin_to'])) || (($_SESSION['admin_last'] + bigintval($_SESSION['admin_to']) * 3600 * 24) < time())) {
+} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((get_session('admin_last') + bigintval(get_session('admin_to')) * 3600 * 24) < time())) {
        // At leat one administrator account was created
-       if ((!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])) && (!empty($_SESSION['admin_last'])) && (!empty($_SESSION['admin_to']))) {
+       if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) {
                // Timeout for last login, we have to logout first!
                $URL = URL."/modules.php?module=admin&amp;action=login&amp;logout=1";
                LOAD_URL($URL);
@@ -257,10 +257,10 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
        // Only try to remove cookies
        if (set_session("admin_login", "") && set_session("admin_md5", "") && set_session("admin_last", "") && set_session("admin_to", "")) {
                // Also remove array elements
-               unset($_SESSION['admin_login']);
-               unset($_SESSION['admin_md5']);
-               unset($_SESSION['admin_last']);
-               unset($_SESSION['admin_to']);
+               set_session('admin_login'       , "");
+               set_session('admin_md5'         , "");
+               set_session('admin_last'        , "");
+               set_session('admin_to'          , "");
 
                // Destroy session
                @session_destroy();
@@ -276,11 +276,11 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
        }
 } else {
        // Maybe an Admin want's to login?
-       $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE($_SESSION['admin_login']), SQL_ESCAPE($_SESSION['admin_md5']));
+       $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE(get_session('admin_login')), SQL_ESCAPE(get_session('admin_md5')));
        switch ($ret) {
        case "done":
                // Cookie-Data accepted
-               if ((set_session("admin_md5", SQL_ESCAPE($_SESSION['admin_md5']))) && (set_session("admin_login", SQL_ESCAPE($_SESSION['admin_login']))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval($_SESSION['admin_to'])))) {
+               if ((set_session("admin_md5", SQL_ESCAPE(get_session('admin_md5')))) && (set_session("admin_login", SQL_ESCAPE(get_session('admin_login')))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) {
                        // Ok, Cookie-Update done
                        if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) {
                                // Check if action GET variable was set

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 3d31335d5fe1d2004a7b756dac2903e58e17208a..385f7375d9e220eae2883a071cf78b17ec2886e1 100644 (file)
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -245,8 +245,8 @@ function ADMIN_DO_ACTION($wht)
        $act = GET_ACTION($GLOBALS['module'], $wht);
 
        // Define admin login name and ID number
-       define('__ADMIN_LOGIN', SQL_ESCAPE($_SESSION['admin_login']));
-       define('__ADMIN_ID'   , GET_ADMIN_ID($_SESSION['admin_login']));
+       define('__ADMIN_LOGIN', SQL_ESCAPE(get_session('admin_login')));
+       define('__ADMIN_ID'   , GET_ADMIN_ID(get_session('admin_login')));
 
        // Preload templates
        if (EXT_IS_ACTIVE("admins")) {
@@ -680,17 +680,17 @@ function ADMIN_CHECK_MENU_MODE()
        $MODE = $_CONFIG['admin_menu']; $ADMIN = $MODE;
 
        // Check individual settings of current admin
-       if (isset($cacheArray['admins']['la_mode'][$_SESSION['admin_login']]))
+       if (isset($cacheArray['admins']['la_mode'][get_session('admin_login')]))
        {
                // Load from cache
-               $ADMIN = $cacheArray['admins']['la_mode'][$_SESSION['admin_login']];
+               $ADMIN = $cacheArray['admins']['la_mode'][get_session('admin_login')];
                $_CONFIG['cache_hits']++;
        }
         elseif (GET_EXT_VERSION("admins") >= "0.6.7")
        {
                // Load from database when version of "admins" is enough
                $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                array($_SESSION['admin_login']), __FILE__, __LINE__);
+                array(get_session('admin_login')), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
                        // Load data

diff --git a/inc/modules/admin/overview-inc.php b/inc/modules/admin/overview-inc.php
index f9314a45c5fbdfd02f2499f757ed39aca10c7eea..4ba25cae160f45e43764803d108fdd77752e3006 100644 (file)
--- a/inc/modules/admin/overview-inc.php
+++ b/inc/modules/admin/overview-inc.php
@@ -44,7 +44,7 @@ function OUTPUT_STANDARD_OVERVIEW(&$result_tasks)
 
        // First check for solved and not assigned tasks and assign them to current admin
        $result_task = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE assigned_admin < 1 AND status != 'NEW'",
-        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
 
        // We currently don't want to install an extension so let's find out if we need...
        $EXT_LOAD_MODE = "register"; $JOBS_DONE = true;
@@ -111,7 +111,7 @@ function OUTPUT_STANDARD_OVERVIEW(&$result_tasks)
                                        $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created)
 VALUES ('%s', '0', 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())",
  array(
-       GET_ADMIN_ID($_SESSION['admin_login']),
+       GET_ADMIN_ID(get_session('admin_login')),
        $ext_subj,
        addslashes($MSG),
 ),  __FILE__, __LINE__, true, false);
@@ -158,7 +158,7 @@ VALUES ('%s', '0', 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())",
 FROM "._MYSQL_PREFIX."_task_system
 WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')
 ORDER BY userid DESC, task_type DESC, subject, task_created DESC",
-        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_tasks) > 0)
        {
                // New jobs found!
@@ -178,7 +178,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                foreach ($_POST['task'] as $id=>$sel)
                {
                        $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",
-                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
+                        array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result_task) == 1)
                        {
                                // Task is valid...
@@ -188,7 +188,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                                {
                                        // Assgin current admin to unassgigned task
                                        $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%d LIMIT 1",
-                                        array(GET_ADMIN_ID($_SESSION['admin_login']), bigintval($tid)), __FILE__, __LINE__);
+                                        array(GET_ADMIN_ID(get_session('admin_login')), bigintval($tid)), __FILE__, __LINE__);
                                }
                                $ADD = "";
                                if ($type == "SUPPORT_MEMBER")
@@ -449,7 +449,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
-                                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
+                                        array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                                }
                        }
                         elseif (isset($_POST['del']))
@@ -458,13 +458,13 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1",
-                                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
+                                        array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                                }
                        }
 
                        // Update query
                        $result_tasks = SQL_QUERY_ESC("SELECT id, assigned_admin, userid, task_type, subject, text, task_created FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW') ORDER BY task_created DESC",
-                        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
+                        array(GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                }
 
                // There are uncompleted jobs!

diff --git a/inc/modules/admin/what-add_rallye.php b/inc/modules/admin/what-add_rallye.php
index a3b5f799c114424e95fd5188cec39f31f00d0227..d2ee8c934d57c7b0d9fb667ac5da92b91752816a 100644 (file)
--- a/inc/modules/admin/what-add_rallye.php
+++ b/inc/modules/admin/what-add_rallye.php
@@ -56,7 +56,7 @@ if (isset($_POST['ok']))
                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_data (admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify)
 VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
  array(
-       GET_ADMIN_ID($_SESSION['admin_login']),
+       GET_ADMIN_ID(get_session('admin_login')),
        $_POST['title'],
        $_POST['descr'],
        $_POST['template'],

diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php
index 4bb2f5481bf97eeb62d291267514f366a7e2e60a..fb0f2f2c266d9c00aefdd047c527612a9baaff14 100644 (file)
--- a/inc/modules/admin/what-extensions.php
+++ b/inc/modules/admin/what-extensions.php
@@ -282,7 +282,7 @@ case "overview": // List all registered extensions
 
 case "register": // Register new extension
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND task_type='EXTENSION' LIMIT 1",
-        array(bigintval(GET_ADMIN_ID($_SESSION['admin_login']))), __FILE__, __LINE__);
+        array(bigintval(GET_ADMIN_ID(get_session('admin_login')))), __FILE__, __LINE__);
        $task_found = SQL_NUMROWS($result);
 
        // Free result

diff --git a/inc/modules/admin/what-list_task.php b/inc/modules/admin/what-list_task.php
index eeb86ea83761db4b56cf9da30b4c81c23f6685d8..7587438b1167d463bc03fa66f8c37b009946d246 100644 (file)
--- a/inc/modules/admin/what-list_task.php
+++ b/inc/modules/admin/what-list_task.php
@@ -46,15 +46,15 @@ if (empty($_GET['type'])) $_GET['type'] = "your";
 switch ($_GET['type'])
 {
 case "your": // List only your own open (new) tasks
-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='NEW' AND task_type != 'EXTENSION_UPDATE'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID(get_session('admin_login'))."' AND status='NEW' AND task_type != 'EXTENSION_UPDATE'";
        break;
 
 case "updates": // List only updates assigned to you
-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='NEW' AND task_type = 'EXTENSION_UPDATE'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID(get_session('admin_login'))."' AND status='NEW' AND task_type = 'EXTENSION_UPDATE'";
        break;
 
 case "solved": // List only solved tasks assigned to you
-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='SOLVED'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID(get_session('admin_login'))."' AND status='SOLVED'";
        break;
 
 case "unassigned": // List unassigned (but not deleted) tasks
@@ -66,7 +66,7 @@ case "deleted": // List all deleted
        break;
 
 case "closed": // List all closed
-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='CLOSED'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID(get_session('admin_login'))."' AND status='CLOSED'";
        break;
 
 default: // Unknown type
@@ -101,7 +101,7 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
-                                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
+                                        array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
                                }
                        }
                         elseif (isset($_POST['del']))

diff --git a/inc/modules/admin/what-theme_edit.php b/inc/modules/admin/what-theme_edit.php
index cf103df5d2938b6670793e1aaf45033e3c3f6aae..15418d191cb147ff6d22b74768d46c1670caee25 100644 (file)
--- a/inc/modules/admin/what-theme_edit.php
+++ b/inc/modules/admin/what-theme_edit.php
@@ -78,13 +78,10 @@ if ($SEL > 0)
 
        // Output generated?
        if (empty($OUT)) ADMIN_THEME_NO_OUTPUT;
-}
- elseif (!empty($_GET['default_theme']))
-{
+} elseif (!empty($_GET['default_theme'])) {
        // Save theme
-       $POST['default_theme'] = $_GET['default_theme'];
+       $POST['default_theme'] = SQL_ESCAPE($_GET['default_theme']);
        set_session("mxchange_theme", $POST['default_theme'], (time() + 60*60*24*365), COOKIE_PATH);
-       $_SESSION['mxchange_theme'] = $POST['default_theme'];
        ADMIN_SAVE_SETTINGS($POST);
 }
 

diff --git a/inc/modules/chk_login.php b/inc/modules/chk_login.php
index e64ac5ab9ed785146f166b522b91f1f142be68e7..745fc31efd231e5b5c6ee861a8065265c8c17185 100644 (file)
--- a/inc/modules/chk_login.php
+++ b/inc/modules/chk_login.php
@@ -42,8 +42,7 @@ OPEN_TABLE("500", "guest_login_header dashed", "center");
 
 OUTPUT_HTML("<br /><STRONG>".VALIDATING_LOGIN."</STRONG><br />");
 
-if (!empty($GLOBALS['userid']) && !empty($_SESSION['u_hash']) && !empty($_SESSION['lifetime']))
-{
+if (!empty($GLOBALS['userid']) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime'))) {
        // Get theme from profile
        $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
         array($GLOBALS['userid']), __FILE__, __LINE__);
@@ -52,7 +51,6 @@ if (!empty($GLOBALS['userid']) && !empty($_SESSION['u_hash']) && !empty($_SESSIO
 
        // Change to new theme
        set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
-       $_SESSION['mxchange_theme'] = $NewTheme;
 
        $bonus = false;
        if ((GET_EXT_VERSION("sql_patches") >= "0.2.8") && (GET_EXT_VERSION("bonus") >= "0.2.1") && ($_CONFIG['bonus_login_yn'] == 'N') && ($_CONFIG['bonus_login_yn'] == 'Y')) {

diff --git a/inc/modules/guest/what-confirm.php b/inc/modules/guest/what-confirm.php
index 3b34f5197aefa229f9d1281e633fc4666d702426..40a1c513d55a1f925bc2d2b62aa0f5bb6fd826b7 100644 (file)
--- a/inc/modules/guest/what-confirm.php
+++ b/inc/modules/guest/what-confirm.php
@@ -116,7 +116,6 @@ if (!empty($_GET['hash']))
                        if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                                // Set special lead cookie
                                set_session("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
-                               $_SESSION['lead_uid'] = bigintval($uid);
 
                                // Lead-Code mode enabled
                                LOAD_URL("lead-confirm.php");
@@ -128,7 +127,6 @@ if (!empty($_GET['hash']))
                } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                        // Set special lead cookie
                        set_session("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
-                       $_SESSION['lead_uid'] = bigintval($uid);
 
                        // Lead-Code mode enabled
                        LOAD_URL("lead-confirm.php");

diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php
index 93fc1bd2cf185c7a94977abc8d3a2c4e84b92b2f..9aea8f972b276cbd4270e926cabd2de5e95b4af9 100644 (file)
--- a/inc/modules/guest/what-login.php
+++ b/inc/modules/guest/what-login.php
@@ -49,34 +49,26 @@ global $DATA, $FATAL;
 $probe_nickname = false; $UID = false; $hash = "";
 unset($login); unset($online);
 
-if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])))
+if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')))
 {
        // Already logged in?
        $UID = $GLOBALS['userid'];
-}
- elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok'])))
-{
+} elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok']))) {
        // Set userid and crypt password when login data was submitted
        $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id']));
        if ($probe_nickname)
        {
                // Nickname entered
                $UID = SQL_ESCAPE($_POST['id']);
-       }
-        else
-       {
+       } else {
                // Direct userid entered
                $UID  = bigintval($_POST['id']);
        }
-}
- elseif (!empty($_POST['new_pass']))
-{
+} elseif (!empty($_POST['new_pass'])) {
        // New password requested
        $UID = "0";
        if (!empty($_POST['id'])) $UID = $_POST['id'];
-}
- else
-{
+} else {
        // Not logged in
        $UID = "0"; $hash = "";
 }
@@ -86,59 +78,46 @@ $URL = ""; $ADD = "";
 if (empty($_POST['new_pass'])) $_POST['new_pass'] = "";
 if (empty($_GET['login']))     $_GET['login']     = "";
 
-if (IS_LOGGED_IN())
-{
+if (IS_LOGGED_IN()) {
        // Login immidiately...
        $URL = URL."/modules.php?module=login";
-}
- elseif (isset($_POST['ok']))
-{
+} elseif (isset($_POST['ok'])) {
        // Add last_login if available
        $LAST = "";
-       if (GET_EXT_VERSION("sql_patches") >= "0.2.8")
-       {
+       if (GET_EXT_VERSION("sql_patches") >= "0.2.8") {
                $LAST = ", last_login";
        }
 
        // Check login data
        $password = "";
-       if ($probe_nickname)
-       {
+       if ($probe_nickname) {
                // Nickname entered
                $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",
                 array($UID), __FILE__, __LINE__);
                list($UID2, $password, $online, $login) = SQL_FETCHROW($result);
                if (!empty($UID2)) $UID = $UID2;
-       }
-        else
-       {
+       } else {
                // Direct userid entered
                $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
                 array(bigintval($UID), $hash), __FILE__, __LINE__);
                list($dmy, $password, $online, $login) = SQL_FETCHROW($result);
        }
-       if (SQL_NUMROWS($result) == 1)
-       {
+       if (SQL_NUMROWS($result) == 1) {
                // Valid data found so let's load the last login data
-               if (isset($_POST['ok']))
-               {
+               if (isset($_POST['ok'])) {
                        // By default the hash is empty
                        $hash = "";
 
                        // Check for old MD5 passwords
-                       if ((strlen($password) == 32) && (md5($_POST['password']) == $password))
-                       {
+                       if ((strlen($password) == 32) && (md5($_POST['password']) == $password)) {
                                // Just set the hash to the password from DB... :)
                                $hash = $password;
-                       }
-                        else
-                       {
+                       } else {
                                // Encrypt hash for comparsion
                                $hash = generateHash($_POST['password'], substr($password, 0, -40));
                        }
 
-                       if ($hash == $password)
-                       {
+                       if ($hash == $password) {
                                // New hashed password found so let's generate a new one
                                $hash = generateHash($_POST['password']);
 
@@ -152,8 +131,7 @@ if (IS_LOGGED_IN())
                                // Probe for last online timemark
                                $probe = time() -  $online;
                                if (!empty($login)) $probe = time() - $login;
-                               if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $_CONFIG['login_timeout']))
-                               {
+                               if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $_CONFIG['login_timeout'])) {
                                        // Add login bonus to user's account
                                        $ADD = ", login_bonus=login_bonus+'".$_CONFIG['login_bonus']."'";
                                        $BONUS = true;
@@ -166,8 +144,7 @@ if (IS_LOGGED_IN())
                                // Secure lifetime from input form
                                $l = bigintval($_POST['lifetime']);
                                $life = "-1";
-                               if ($l > 0)
-                               {
+                               if ($l > 0) {
                                        // Calculate lifetime of cookies
                                        $life = time() + $l;
 
@@ -181,60 +158,41 @@ if (IS_LOGGED_IN())
 
                                        // Update global array
                                        $GLOBALS['userid'] = $UID;
-                                       $_SESSION['u_hash'] = $hash;
-                                       $_SESSION['lifetime'] = $l;
-                               }
-                                else
-                               {
+                               } else {
                                        // Check for login data
                                        $login = IS_LOGGED_IN();
                                }
 
-                               if ($login)
-                               {
+                               if ($login) {
                                        // Update database records
                                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1",
                                         array(bigintval($UID)), __FILE__, __LINE__);
-                                       if (SQL_AFFECTEDROWS($link) == 1)
-                                       {
+                                       if (SQL_AFFECTEDROWS($link) == 1) {
                                                // Procedure to checking for login data
-                                               if (($BONUS) && (EXT_IS_ACTIVE("bonus")))
-                                               {
+                                               if (($BONUS) && (EXT_IS_ACTIVE("bonus"))) {
                                                        // Bonus added (just displaying!)
                                                        $URL = URL."/modules.php?module=chk_login&mode=bonus";
-                                               }
-                                                else
-                                               {
+                                               } else {
                                                        // Bonus not added
                                                        $URL = URL."/modules.php?module=chk_login&mode=login";
                                                }
-                                       }
-                                        else
-                                       {
+                                       } else {
                                                // Cannot update counter!
                                                $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED;
                                        }
-                               }
-                                else
-                               {
+                               } else {
                                        // Cookies not setable!
                                        $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES;
                                }
-                       }
-                        else
-                       {
+                       } else {
                                // Wrong password!
                                $ERROR = CODE_WRONG_PASS;
                        }
-               }
-                else
-               {
+               } else {
                        // Fatal error!
                        $ERROR = CODE_LOGIN_FAILED;
                }
-       }
-        else
-       {
+       } else {
                // Other account status?
                $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
                 array(bigintval($UID)), __FILE__, __LINE__);

diff --git a/inc/modules/member/what-logout.php b/inc/modules/member/what-logout.php
index 797f8e262dd4e7fcf06fc66ead931e53b9045502..6c7926ac2a9376c7ee3897e5c84dbcffb2ca23f1 100644 (file)
--- a/inc/modules/member/what-logout.php
+++ b/inc/modules/member/what-logout.php
@@ -50,10 +50,10 @@ $URL = URL."/modules.php?module=index";
 // NEW: Fixed the Set of Cookies, you mus add right TimeSet, if you changed it in What_login.php! (eg. time()- cookieTime
 
 
-if (set_session("userid", "", time() - 3600, COOKIE_PATH) && set_session("u_hash", "", time() - 3600, COOKIE_PATH) && set_session("lifetime", "", time() - 3600, COOKIE_PATH))
+if (set_session("userid", "") && set_session("u_hash", "") && set_session("lifetime", ""))
 {
        // Remove theme cookie as well
-       set_session("mxchange_theme", "", time() - 3600, COOKIE_PATH);
+       set_session("mxchange_theme", "");
 
        // Logout completed
        $URL .= "&msg=".CODE_LOGOUT_DONE;

diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php
index 2a13fa112edc2d65b2fce4dae6765c2be0935a31..ee8c3d97156d12977889a46882c4a2c306023c02 100644 (file)
--- a/inc/modules/member/what-mydata.php
+++ b/inc/modules/member/what-mydata.php
@@ -261,21 +261,21 @@ last_update=UNIX_TIMESTAMP()".$AND.",
 notified='N',
 last_profile_sent=UNIX_TIMESTAMP()
 WHERE userid=%d AND password='%s' LIMIT 1",
- array(
-  $_POST['sex'],
-  $_POST['surname'],
-  $_POST['family_name'],
-  $_POST['street_nr'],
-  bigintval($_POST['country_code']),
-  bigintval($_POST['zip']),
-  $_POST['city'],
-  $_POST['addy'],
-  bigintval($_POST['day']),
-  bigintval($_POST['month']),
-  bigintval($_POST['year']),
-  bigintval($_POST['max_mails']),
-  UID_VALUE,
-  $_SESSION['u_hash']
+array(
+       $_POST['sex'],
+       $_POST['surname'],
+       $_POST['family_name'],
+       $_POST['street_nr'],
+       bigintval($_POST['country_code']),
+       bigintval($_POST['zip']),
+       $_POST['city'],
+       $_POST['addy'],
+       bigintval($_POST['day']),
+       bigintval($_POST['month']),
+       bigintval($_POST['year']),
+       bigintval($_POST['max_mails']),
+       UID_VALUE,
+       get_session('u_hash')
  ), __FILE__, __LINE__);
                        }
                         else
@@ -292,21 +292,21 @@ last_update=UNIX_TIMESTAMP()".$AND.",
 notified='N',
 last_profile_sent=UNIX_TIMESTAMP()
 WHERE userid=%d AND password='%s' LIMIT 1",
- array(
-  $_POST['sex'],
-  $_POST['surname'],
-  $_POST['family_name'],
-  $_POST['street_nr'],
-  $_POST['cntry'],
-  bigintval($_POST['zip']),
-  $_POST['city'],
-  $_POST['addy'],
-  bigintval($_POST['day']),
-  bigintval($_POST['month']),
-  bigintval($_POST['year']),
-  bigintval($_POST['max_mails']),
-  UID_VALUE,
-  $_SESSION['u_hash']
+array(
+       $_POST['sex'],
+       $_POST['surname'],
+       $_POST['family_name'],
+       $_POST['street_nr'],
+       $_POST['cntry'],
+       bigintval($_POST['zip']),
+       $_POST['city'],
+       $_POST['addy'],
+       bigintval($_POST['day']),
+       bigintval($_POST['month']),
+       bigintval($_POST['year']),
+       bigintval($_POST['max_mails']),
+       UID_VALUE,
+       get_session('u_hash')
  ), __FILE__, __LINE__);
                        }
 

diff --git a/inc/modules/member/what-themes.php b/inc/modules/member/what-themes.php
index 0e25541d34489d4bbc2ed20f58bfde34ea1140e5..87785380106e65320609deb7c294261cb8adb8bd 100644 (file)
--- a/inc/modules/member/what-themes.php
+++ b/inc/modules/member/what-themes.php
@@ -56,7 +56,6 @@ if (!empty($_POST['member_theme']))
 
        // Change to new theme
        set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
-       $_SESSION['mxchange_theme'] = $NewTheme;
 
        // Theme saved!
        LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_THEME_SAVED);
@@ -110,7 +109,7 @@ $OUT = ""; $SW = 2;
 foreach ($THEMES['theme_unix'] as $key=>$unix)
 {
        $default = "";
-       if ($_SESSION['mxchange_theme'] == $unix) $default = " checked selected";
+       if (get_session('mxchange_theme') == $unix) $default = " checked selected";
 
        // Add row
        $OUT .= "<TR>

diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php
index c4aca483a49de8b549663984b00a8cb111b1cccc..e01516610f9900711d3adc77b499b871496e6fdb 100644 (file)
--- a/inc/mysql-connect.php
+++ b/inc/mysql-connect.php
@@ -161,11 +161,8 @@ LIMIT 1", __FILE__, __LINE__);
                                        // Secure and validate user ID from cookie
                                        UPDATE_LOGIN_DATA();
 
-                                       // Get session ID
-                                       if (empty($_SESSION['PHPSESSID'])) $_SESSION['PHPSESSID'] = session_id();
-
                                        // Update online list
-                                       UPDATE_ONLINE_LIST($_SESSION['PHPSESSID'], $GLOBALS['module'], $GLOBALS['action'], $GLOBALS['what']);
+                                       UPDATE_ONLINE_LIST(get_session('PHPSESSID'), $GLOBALS['module'], $GLOBALS['action'], $GLOBALS['what']);
 
                                        // Load theme name
                                        $CurrTheme = GET_CURR_THEME();

diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php
index f8b4da5cde92d9a270470721b5b09e5a23ea6645..46154a41084d7508073acf6f18619de9225ccf75 100644 (file)
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -388,8 +388,8 @@ function IS_ADMIN($admin="")
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."<br />";
 
        // If admin login is not given take current from cookies...
-       if ((empty($admin)) && (!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5']))) {
-               $admin = SQL_ESCAPE($_SESSION['admin_login']); $passCookie = $_SESSION['admin_md5'];
+       if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) {
+               $admin = SQL_ESCAPE(get_session('admin_login')); $passCookie = get_session('admin_md5');
        }
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 
@@ -534,7 +534,7 @@ function IS_LOGGED_IN()
        FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime'));
 
        // Are cookies set?
-       if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])) && (!empty($_SESSION['lifetime'])) && (defined('COOKIE_PATH')))
+       if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH')))
        {
                // Cookies are set with values, but are they valid?
                $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
@@ -551,31 +551,26 @@ function IS_LOGGED_IN()
                        if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
 
                        // So did we now have valid data and an unlocked user?
-                       //* DEBUG: */ echo $valPass."<br>".$_SESSION['u_hash']."<br>";
-                       if (($status == "CONFIRMED") && ($valPass == $_SESSION['u_hash']))
-                       {
+                       //* DEBUG: */ echo $valPass."<br>".get_session('u_hash')."<br>";
+                       if (($status == "CONFIRMED") && ($valPass == get_session('u_hash'))) {
                                // Account is confirmed and all cookie data is valid so he is definely logged in! :-)
                                $ret = true;
-                       }
-                        else
-                       {
+                       } else {
                                // Maybe got locked etc.
                                //* DEBUG: */ echo __LINE__."!!!<br>";
-                               set_session("userid", "", time() - 3600, COOKIE_PATH);
-                               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-                               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+                               set_session("userid", "");
+                               set_session("u_hash", "");
+                               set_session("lifetime", "");
 
                                // Remove array elements to prevent errors
                                unset($GLOBALS['userid']);
                        }
-               }
-                else
-               {
+               } else {
                        // Cookie data is invalid!
                        //* DEBUG: */ echo __LINE__."***<br>";
-                       set_session("userid", "", time() - 3600, COOKIE_PATH);
-                       set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-                       set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+                       set_session("userid", "");
+                       set_session("u_hash", "");
+                       set_session("lifetime", "");
 
                        // Remove array elements to prevent errors
                        unset($GLOBALS['userid']);
@@ -588,9 +583,9 @@ function IS_LOGGED_IN()
        {
                // Cookie data is invalid!
                //* DEBUG: */ echo __LINE__."///<br>";
-               set_session("userid", "", time() - 3600, COOKIE_PATH);
-               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+               set_session("userid", "");
+               set_session("u_hash", "");
+               set_session("lifetime", "");
 
                // Remove array elements to prevent errors
                unset($GLOBALS['userid']);
@@ -603,16 +598,16 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
        if (!is_array($LAST)) $LAST = array();
 
        // Are the required cookies set?
-       if ((!isset($GLOBALS['userid'])) || (!isset($_SESSION['u_hash'])) || (!isset($_SESSION['lifetime']))) {
+       if ((!isset($GLOBALS['userid'])) || (!isSessionVariableSet('u_hash')) || (!isSessionVariableSet('lifetime'))) {
                // Nope, then return here to caller function
                return false;
        } else {
                // Secure user ID
-               $GLOBALS['userid'] = bigintval($_SESSION['userid']);
+               $GLOBALS['userid'] = bigintval(get_session('userid'));
        }
 
        // Extract last online time (life) and how long is auto-login valid (time)
-       $newl = time() + bigintval($_SESSION['lifetime']);
+       $newl = time() + bigintval(get_session('lifetime'));
 
        // Recheck if logged in
        if (!IS_LOGGED_IN()) return false;
@@ -627,7 +622,7 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
                // Maybe first login time?
                if (empty($mod)) $mod = "login";
 
-               if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE($_SESSION['u_hash']), $newl, COOKIE_PATH) && set_session("lifetime", bigintval($_SESSION['lifetime']), $newl, COOKIE_PATH)) {
+               if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE(get_session('u_hash')), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) {
                        // This will be displayed on welcome page! :-)
                        if (empty($LAST['module'])) {
                                $LAST['module'] = $mod; $LAST['online'] = $onl;
@@ -640,13 +635,11 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
                         array($GLOBALS['what'], $GLOBALS['userid']), __FILE__, __LINE__);
                }
-       }
-        else
-       {
+       }  else {
                // Destroy session, we cannot update!
-               set_session("userid", "", time() - 3600, COOKIE_PATH);
-               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+               set_session("userid", "");
+               set_session("u_hash", "");
+               set_session("lifetime", "");
        }
 }
 //
@@ -724,11 +717,11 @@ function SEND_MODE_MAILS($mod, $modes)
                list($hashDB) = SQL_FETCHROW($result_main);
 
                // Extract salt from cookie
-               $salt = substr($_SESSION['u_hash'], 0, -40);
+               $salt = substr(get_session('u_hash'), 0, -40);
 
                // Now let's compare passwords
                $hash = generatePassString($hashDB);
-               if (($hash == $_SESSION['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
+               if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) {
                        // Load user's data
                        $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
                         array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
@@ -1178,10 +1171,9 @@ function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht)
                // Is administrator
                $ADMIN = 'Y';
        }
-       if (!empty($_SESSION['refid']))
-       {
+       if (isSessionVariableSet('refid')) {
                // Check cookie
-               if ($_SESSION['refid'] > 0) $rid = $GLOBALS['refid'];
+               if (get_session('refid') > 0) $rid = $GLOBALS['refid'];
        }
 
        // Now Read data
@@ -1496,7 +1488,7 @@ function SUB_JACKPOT($points)
 }
 //
 function IS_DEMO() {
-       return ((EXT_IS_ACTIVE("demo")) && ($_SESSION['admin_login'] == "demo"));
+       return ((EXT_IS_ACTIVE("demo")) && (get_session('admin_login') == "demo"));
 }
 //
 function LOAD_CONFIG($no="0")

diff --git a/inc/session.php b/inc/session.php
index b0420aa12d9ef849f36d6b47ff008dc72ce9521e..306fd1cbf75cde5b984701552861d04977fd9885 100644 (file)
--- a/inc/session.php
+++ b/inc/session.php
@@ -67,9 +67,9 @@ if (!empty($_POST['refid'])) {
 } elseif (!empty($_GET['ref'])) {
        // Set refid=ref (the referral link uses such variable)
        $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref']));
-} elseif (!empty($_SESSION['refid'])) {
+} elseif (isSessionVariableSet('refid')) {
        // Set session refid als global
-       $GLOBALS['refid'] = bigintval($_SESSION['refid']);
+       $GLOBALS['refid'] = bigintval(get_session('refid'));
 } elseif (GET_EXT_VERSION("sql_patches") != "") {
        // Set default refid as refid in URL
        $GLOBALS['refid'] = bigintval($_CONFIG['def_refid']);
@@ -79,7 +79,7 @@ if (!empty($_POST['refid'])) {
 }
 
 // Set cookie when default refid > 0
-if (empty($_SESSION['refid']) || (!empty($GLOBALS['refid'])) || (($_SESSION['refid'] == "0") && ($_CONFIG['def_refid'] > 0))) {
+if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_session('refid') == "0") && ($_CONFIG['def_refid'] > 0))) {
        // Set cookie
        set_session("refid", $GLOBALS['refid']);
 }

diff --git a/inc/theme-manager.php b/inc/theme-manager.php
index d591bbbfcd76967a8e51d270b1afa5f332df1e4b..f463d232337774b46a661166e748d46e9e9eae86 100644 (file)
--- a/inc/theme-manager.php
+++ b/inc/theme-manager.php
@@ -48,15 +48,15 @@ function GET_CURR_THEME() {
        // Load default theme if not empty from configuration
        if (!empty($_CONFIG['default_theme'])) $ret = $_CONFIG['default_theme'];
 
-       if (empty($_SESSION['mxchange_theme'])) {
+       if (!isSessionVariableSet('mxchange_theme')) {
                // Set default theme
                set_session("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
-       } elseif ((!empty($_SESSION['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {
+       } elseif ((isSessionVariableSet('mxchange_theme')) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {
                // Get theme from cookie
-               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($_SESSION['mxchange_theme']), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array(get_session('mxchange_theme')), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Design is valid!
-                       $ret = $_SESSION['mxchange_theme'];
+                       $ret = get_session('mxchange_theme');
                }
 
                // Free memory
@@ -69,15 +69,13 @@ function GET_CURR_THEME() {
                if ((!empty($_GET['theme'])) && (file_exists($theme)) && (is_readable($theme))) {
                        // Set cookie from URL data
                        set_session("mxchange_theme", $_GET['theme'], (time() + 60*60*24*365), COOKIE_PATH);
-                       $_SESSION['mxchange_theme'] = $_GET['theme'];
                } elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php")) {
                        // Set cookie from posted data
                        set_session("mxchange_theme", $_POST['theme'], (time() + 60*60*24*365), COOKIE_PATH);
-                       $_SESSION['mxchange_theme'] = $_POST['theme'];
                }
 
                // Set return value
-               $ret = $_SESSION['mxchange_theme'];
+               $ret = get_session('mxchange_theme');
        } else {
                // Invalid design, reset cookie
                set_session("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);

diff --git a/index.php b/index.php
index 0eb9d8dcc6e71189f1e82bc8d6d26db542f400ea..7f9ea32350949a485af38ee4f4c76995c73b5fe7 100644 (file)
--- a/index.php
+++ b/index.php
@@ -55,12 +55,12 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
        if (!isset($_CONFIG['index_cookie']))   $_CONFIG['index_cookie'] = 0;
 
        // Check for cookies
-       if ((empty($_SESSION['visited'])) || ($_CONFIG['index_delay'] == 0) || ($_CONFIG['index_cookie'] == 0)) {
+       if ((isSessionVariableSet('visited')) || ($_CONFIG['index_delay'] == 0) || ($_CONFIG['index_cookie'] == 0)) {
                // Is the index page configured for redirect pr not?
                if ($_CONFIG['index_cookie'] > 0) {
                        // Set cookie and remeber it for specified time
                        set_session("visited", "true", (time() + $_CONFIG['index_cookie']), COOKIE_PATH);
-               } elseif (!empty($_SESSION['visited'])) {
+               } elseif (isSessionVariableSet('visited')) {
                        // Remove cookie when admin set 0 in setup
                        set_session("visited", "");
                }

diff --git a/lead-confirm.php b/lead-confirm.php
index 382b4070e4fd8cc9e1ccf7f8ae50904b07c0cd52..bb4112b0f912d09ab4e0bf37130420265b518743 100644 (file)
--- a/lead-confirm.php
+++ b/lead-confirm.php
@@ -57,13 +57,13 @@ if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_install
        );
 
        // Is the cookie set?
-       if (isset($_SESSION['lead_uid'])) {
+       if (isSessionVariableSet('lead_uid')) {
                // Is the user-account unlocked and valid?
                $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
-                       array(bigintval($_SESSION['lead_uid'])), __FILE__, __LINE__);
+                       array(bigintval(get_session('lead_uid'))), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Secure the ID number
-                       $content['lead_uid'] = bigintval($_SESSION['lead_uid']);
+                       $content['lead_uid'] = bigintval(get_session('lead_uid'));
 
                        // Load the email address
                        list($content['lead_email']) = COMPILE_CODE(SQL_FETCHROW($result));