projects / mailer.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
reading and checking for session variables rewritten
[mailer.git] / inc / mysql-manager.php
diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php
index f8b4da5cde92d9a270470721b5b09e5a23ea6645..46154a41084d7508073acf6f18619de9225ccf75 100644 (file)
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -388,8 +388,8 @@ function IS_ADMIN($admin="")
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."<br />";
 
        // If admin login is not given take current from cookies...
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."<br />";
 
        // If admin login is not given take current from cookies...
-       if ((empty($admin)) && (!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5']))) {
-               $admin = SQL_ESCAPE($_SESSION['admin_login']); $passCookie = $_SESSION['admin_md5'];
+       if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) {
+               $admin = SQL_ESCAPE(get_session('admin_login')); $passCookie = get_session('admin_md5');
        }
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 
        }
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 
@@ -534,7 +534,7 @@ function IS_LOGGED_IN()
        FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime'));
 
        // Are cookies set?
        FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime'));
 
        // Are cookies set?
-       if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])) && (!empty($_SESSION['lifetime'])) && (defined('COOKIE_PATH')))
+       if ((!empty($GLOBALS['userid'])) && (isSessionVariableSet('u_hash')) && (isSessionVariableSet('lifetime')) && (defined('COOKIE_PATH')))
        {
                // Cookies are set with values, but are they valid?
                $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
        {
                // Cookies are set with values, but are they valid?
                $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
@@ -551,31 +551,26 @@ function IS_LOGGED_IN()
                        if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
 
                        // So did we now have valid data and an unlocked user?
                        if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
 
                        // So did we now have valid data and an unlocked user?
-                       //* DEBUG: */ echo $valPass."<br>".$_SESSION['u_hash']."<br>";
-                       if (($status == "CONFIRMED") && ($valPass == $_SESSION['u_hash']))
-                       {
+                       //* DEBUG: */ echo $valPass."<br>".get_session('u_hash')."<br>";
+                       if (($status == "CONFIRMED") && ($valPass == get_session('u_hash'))) {
                                // Account is confirmed and all cookie data is valid so he is definely logged in! :-)
                                $ret = true;
                                // Account is confirmed and all cookie data is valid so he is definely logged in! :-)
                                $ret = true;
-                       }
-                        else
-                       {
+                       } else {
                                // Maybe got locked etc.
                                //* DEBUG: */ echo __LINE__."!!!<br>";
                                // Maybe got locked etc.
                                //* DEBUG: */ echo __LINE__."!!!<br>";
-                               set_session("userid", "", time() - 3600, COOKIE_PATH);
-                               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-                               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+                               set_session("userid", "");
+                               set_session("u_hash", "");
+                               set_session("lifetime", "");
 
                                // Remove array elements to prevent errors
                                unset($GLOBALS['userid']);
                        }
 
                                // Remove array elements to prevent errors
                                unset($GLOBALS['userid']);
                        }
-               }
-                else
-               {
+               } else {
                        // Cookie data is invalid!
                        //* DEBUG: */ echo __LINE__."***<br>";
                        // Cookie data is invalid!
                        //* DEBUG: */ echo __LINE__."***<br>";
-                       set_session("userid", "", time() - 3600, COOKIE_PATH);
-                       set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-                       set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+                       set_session("userid", "");
+                       set_session("u_hash", "");
+                       set_session("lifetime", "");
 
                        // Remove array elements to prevent errors
                        unset($GLOBALS['userid']);
 
                        // Remove array elements to prevent errors
                        unset($GLOBALS['userid']);
@@ -588,9 +583,9 @@ function IS_LOGGED_IN()
        {
                // Cookie data is invalid!
                //* DEBUG: */ echo __LINE__."///<br>";
        {
                // Cookie data is invalid!
                //* DEBUG: */ echo __LINE__."///<br>";
-               set_session("userid", "", time() - 3600, COOKIE_PATH);
-               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+               set_session("userid", "");
+               set_session("u_hash", "");
+               set_session("lifetime", "");
 
                // Remove array elements to prevent errors
                unset($GLOBALS['userid']);
 
                // Remove array elements to prevent errors
                unset($GLOBALS['userid']);
@@ -603,16 +598,16 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
        if (!is_array($LAST)) $LAST = array();
 
        // Are the required cookies set?
        if (!is_array($LAST)) $LAST = array();
 
        // Are the required cookies set?
-       if ((!isset($GLOBALS['userid'])) || (!isset($_SESSION['u_hash'])) || (!isset($_SESSION['lifetime']))) {
+       if ((!isset($GLOBALS['userid'])) || (!isSessionVariableSet('u_hash')) || (!isSessionVariableSet('lifetime'))) {
                // Nope, then return here to caller function
                return false;
        } else {
                // Secure user ID
                // Nope, then return here to caller function
                return false;
        } else {
                // Secure user ID
-               $GLOBALS['userid'] = bigintval($_SESSION['userid']);
+               $GLOBALS['userid'] = bigintval(get_session('userid'));
        }
 
        // Extract last online time (life) and how long is auto-login valid (time)
        }
 
        // Extract last online time (life) and how long is auto-login valid (time)
-       $newl = time() + bigintval($_SESSION['lifetime']);
+       $newl = time() + bigintval(get_session('lifetime'));
 
        // Recheck if logged in
        if (!IS_LOGGED_IN()) return false;
 
        // Recheck if logged in
        if (!IS_LOGGED_IN()) return false;
@@ -627,7 +622,7 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
                // Maybe first login time?
                if (empty($mod)) $mod = "login";
 
                // Maybe first login time?
                if (empty($mod)) $mod = "login";
 
-               if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE($_SESSION['u_hash']), $newl, COOKIE_PATH) && set_session("lifetime", bigintval($_SESSION['lifetime']), $newl, COOKIE_PATH)) {
+               if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE(get_session('u_hash')), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) {
                        // This will be displayed on welcome page! :-)
                        if (empty($LAST['module'])) {
                                $LAST['module'] = $mod; $LAST['online'] = $onl;
                        // This will be displayed on welcome page! :-)
                        if (empty($LAST['module'])) {
                                $LAST['module'] = $mod; $LAST['online'] = $onl;
@@ -640,13 +635,11 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
                         array($GLOBALS['what'], $GLOBALS['userid']), __FILE__, __LINE__);
                }
                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET last_module='%s', last_online=UNIX_TIMESTAMP() WHERE userid=%d LIMIT 1",
                         array($GLOBALS['what'], $GLOBALS['userid']), __FILE__, __LINE__);
                }
-       }
-        else
-       {
+       }  else {
                // Destroy session, we cannot update!
                // Destroy session, we cannot update!
-               set_session("userid", "", time() - 3600, COOKIE_PATH);
-               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
-               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
+               set_session("userid", "");
+               set_session("u_hash", "");
+               set_session("lifetime", "");
        }
 }
 //
        }
 }
 //
@@ -724,11 +717,11 @@ function SEND_MODE_MAILS($mod, $modes)
                list($hashDB) = SQL_FETCHROW($result_main);
 
                // Extract salt from cookie
                list($hashDB) = SQL_FETCHROW($result_main);
 
                // Extract salt from cookie
-               $salt = substr($_SESSION['u_hash'], 0, -40);
+               $salt = substr(get_session('u_hash'), 0, -40);
 
                // Now let's compare passwords
                $hash = generatePassString($hashDB);
 
                // Now let's compare passwords
                $hash = generatePassString($hashDB);
-               if (($hash == $_SESSION['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
+               if (($hash == get_session('u_hash')) || ($_POST['pass1'] == $_POST['pass2'])) {
                        // Load user's data
                        $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
                         array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
                        // Load user's data
                        $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
                         array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
@@ -1178,10 +1171,9 @@ function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht)
                // Is administrator
                $ADMIN = 'Y';
        }
                // Is administrator
                $ADMIN = 'Y';
        }
-       if (!empty($_SESSION['refid']))
-       {
+       if (isSessionVariableSet('refid')) {
                // Check cookie
                // Check cookie
-               if ($_SESSION['refid'] > 0) $rid = $GLOBALS['refid'];
+               if (get_session('refid') > 0) $rid = $GLOBALS['refid'];
        }
 
        // Now Read data
        }
 
        // Now Read data
@@ -1496,7 +1488,7 @@ function SUB_JACKPOT($points)
 }
 //
 function IS_DEMO() {
 }
 //
 function IS_DEMO() {
-       return ((EXT_IS_ACTIVE("demo")) && ($_SESSION['admin_login'] == "demo"));
+       return ((EXT_IS_ACTIVE("demo")) && (get_session('admin_login') == "demo"));
 }
 //
 function LOAD_CONFIG($no="0")
 }
 //
 function LOAD_CONFIG($no="0")
Mailer-Project repository