// This patched function will reduce many SELECT queries for the specified or current admin login
function IS_ADMIN($admin="")
{
- global $_COOKIE, $ADMINS, $_CONFIG;
+ global $_SESSION, $ADMINS, $_CONFIG;
$ret = false; $passCookie = ""; $valPass = "";
//* DEBUG: */ echo __LINE__."ADMIN:".$admin."<br />";
// If admin login is not given take current from cookies...
- if ((empty($admin)) && (!empty($_COOKIE['admin_login'])) && (!empty($_COOKIE['admin_md5'])))
+ if ((empty($admin)) && (!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])))
{
- $admin = SQL_ESCAPE($_COOKIE['admin_login']); $passCookie = $_COOKIE['admin_md5'];
+ $admin = SQL_ESCAPE($_SESSION['admin_login']); $passCookie = $_SESSION['admin_md5'];
}
//* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
//
function IS_LOGGED_IN()
{
- global $_COOKIE, $status, $LAST;
+ global $_SESSION, $status, $LAST;
if (!is_array($LAST)) $LAST = array();
$ret = false;
FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime'));
// Are cookies set?
- if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash'])) && (!empty($_COOKIE['lifetime'])) && (defined('COOKIE_PATH')))
+ if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])) && (!empty($_SESSION['lifetime'])) && (defined('COOKIE_PATH')))
{
// Cookies are set with values, but are they valid?
$result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
// So did we now have valid data and an unlocked user?
- //* DEBUG: */ echo $valPass."<br>".$_COOKIE['u_hash']."<br>";
- if (($status == "CONFIRMED") && ($valPass == $_COOKIE['u_hash']))
+ //* DEBUG: */ echo $valPass."<br>".$_SESSION['u_hash']."<br>";
+ if (($status == "CONFIRMED") && ($valPass == $_SESSION['u_hash']))
{
// Account is confirmed and all cookie data is valid so he is definely logged in! :-)
$ret = true;
{
// Maybe got locked etc.
//* DEBUG: */ echo __LINE__."!!!<br>";
- @setcookie("userid", "", time() - 3600, COOKIE_PATH);
- @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
- @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+ set_session("userid", "", time() - 3600, COOKIE_PATH);
+ set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+ set_session("lifetime", "", time() - 3600, COOKIE_PATH);
// Remove array elements to prevent errors
unset($GLOBALS['userid']);
- unset($_COOKIE['u_hash']);
- unset($_COOKIE['lifetime']);
}
}
else
{
// Cookie data is invalid!
//* DEBUG: */ echo __LINE__."***<br>";
- @setcookie("userid", "", time() - 3600, COOKIE_PATH);
- @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
- @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+ set_session("userid", "", time() - 3600, COOKIE_PATH);
+ set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+ set_session("lifetime", "", time() - 3600, COOKIE_PATH);
// Remove array elements to prevent errors
unset($GLOBALS['userid']);
- unset($_COOKIE['u_hash']);
- unset($_COOKIE['lifetime']);
}
// Free memory
{
// Cookie data is invalid!
//* DEBUG: */ echo __LINE__."///<br>";
- @setcookie("userid", "", time() - 3600, COOKIE_PATH);
- @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
- @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+ set_session("userid", "", time() - 3600, COOKIE_PATH);
+ set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+ set_session("lifetime", "", time() - 3600, COOKIE_PATH);
// Remove array elements to prevent errors
unset($GLOBALS['userid']);
- unset($_COOKIE['u_hash']);
- unset($_COOKIE['lifetime']);
}
return $ret;
}
if (!is_array($LAST)) $LAST = array();
// Are the required cookies set?
- if ((!isset($GLOBALS['userid'])) || (!isset($_COOKIE['u_hash'])) || (!isset($_COOKIE['lifetime']))) {
+ if ((!isset($GLOBALS['userid'])) || (!isset($_SESSION['u_hash'])) || (!isset($_SESSION['lifetime']))) {
// Nope, then return here to caller function
return false;
} else {
// Secure user ID
- $GLOBALS['userid'] = bigintval($_COOKIE['userid']);
+ $GLOBALS['userid'] = bigintval($_SESSION['userid']);
}
// Extract last online time (life) and how long is auto-login valid (time)
- $newl = time() + bigintval($_COOKIE['lifetime']);
+ $newl = time() + bigintval($_SESSION['lifetime']);
// Recheck if logged in
if (!IS_LOGGED_IN()) return false;
// Maybe first login time?
if (empty($mod)) $mod = "login";
- if (@setcookie("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && @setcookie("u_hash", SQL_ESCAPE($_COOKIE['u_hash']), $newl, COOKIE_PATH) && @setcookie("lifetime", bigintval($_COOKIE['lifetime']), $newl, COOKIE_PATH)) {
+ if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE($_SESSION['u_hash']), $newl, COOKIE_PATH) && set_session("lifetime", bigintval($_SESSION['lifetime']), $newl, COOKIE_PATH)) {
// This will be displayed on welcome page! :-)
if (empty($LAST['module'])) {
$LAST['module'] = $mod; $LAST['online'] = $onl;
else
{
// Destroy session, we cannot update!
- @setcookie("userid", "", time() - 3600, COOKIE_PATH);
- @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
- @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+ set_session("userid", "", time() - 3600, COOKIE_PATH);
+ set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+ set_session("lifetime", "", time() - 3600, COOKIE_PATH);
}
}
//
list($hashDB) = SQL_FETCHROW($result_main);
// Extract salt from cookie
- $salt = substr($_COOKIE['u_hash'], 0, -40);
+ $salt = substr($_SESSION['u_hash'], 0, -40);
// Now let's compare passwords
$hash = generatePassString($hashDB);
- if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
+ if (($hash == $_SESSION['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
// Load user's data
$result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
// Is administrator
$ADMIN = 'Y';
}
- if (!empty($_COOKIE['refid']))
+ if (!empty($_SESSION['refid']))
{
// Check cookie
- if ($_COOKIE['refid'] > 0) $rid = $GLOBALS['refid'];
+ if ($_SESSION['refid'] > 0) $rid = $GLOBALS['refid'];
}
// Now Read data
//
function IS_DEMO()
{
- global $_COOKIE;
- return ((EXT_IS_ACTIVE("demo")) && ($_COOKIE['admin_login'] == "demo"));
+ global $_SESSION;
+ return ((EXT_IS_ACTIVE("demo")) && ($_SESSION['admin_login'] == "demo"));
}
//
function LOAD_CONFIG($no="0")