cookies rewritten to session

[mailer.git] / inc / mysql-manager.php

diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php
index 92292cfeaf58a6e435d52085cc1b989d353ff2e9..bbd581d8a03a6b3a09768c36d7eb2ab3690622d1 100644 (file)
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -389,14 +389,14 @@ function ADD_MENU($MODE, $act, $wht) {
 // This patched function will reduce many SELECT queries for the specified or current admin login
 function IS_ADMIN($admin="")
 {
-       global $_COOKIE, $ADMINS, $_CONFIG;
+       global $_SESSION, $ADMINS, $_CONFIG;
        $ret = false; $passCookie = ""; $valPass = "";
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."<br />";
 
        // If admin login is not given take current from cookies...
-       if ((empty($admin)) && (!empty($_COOKIE['admin_login'])) && (!empty($_COOKIE['admin_md5'])))
+       if ((empty($admin)) && (!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])))
        {
-               $admin = SQL_ESCAPE($_COOKIE['admin_login']); $passCookie = $_COOKIE['admin_md5'];
+               $admin = SQL_ESCAPE($_SESSION['admin_login']); $passCookie = $_SESSION['admin_md5'];
        }
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 
@@ -538,7 +538,7 @@ function WHAT_IS_VALID($act, $wht, $type="guest")
 //
 function IS_LOGGED_IN()
 {
-       global $_COOKIE, $status, $LAST;
+       global $_SESSION, $status, $LAST;
        if (!is_array($LAST)) $LAST = array();
        $ret = false;
 
@@ -546,7 +546,7 @@ function IS_LOGGED_IN()
        FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime'));
 
        // Are cookies set?
-       if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash'])) && (!empty($_COOKIE['lifetime'])) && (defined('COOKIE_PATH')))
+       if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])) && (!empty($_SESSION['lifetime'])) && (defined('COOKIE_PATH')))
        {
                // Cookies are set with values, but are they valid?
                $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
@@ -563,8 +563,8 @@ function IS_LOGGED_IN()
                        if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
 
                        // So did we now have valid data and an unlocked user?
-                       //* DEBUG: */ echo $valPass."<br>".$_COOKIE['u_hash']."<br>";
-                       if (($status == "CONFIRMED") && ($valPass == $_COOKIE['u_hash']))
+                       //* DEBUG: */ echo $valPass."<br>".$_SESSION['u_hash']."<br>";
+                       if (($status == "CONFIRMED") && ($valPass == $_SESSION['u_hash']))
                        {
                                // Account is confirmed and all cookie data is valid so he is definely logged in! :-)
                                $ret = true;
@@ -573,28 +573,24 @@ function IS_LOGGED_IN()
                        {
                                // Maybe got locked etc.
                                //* DEBUG: */ echo __LINE__."!!!<br>";
-                               @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-                               @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-                               @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+                               set_session("userid", "", time() - 3600, COOKIE_PATH);
+                               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+                               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
 
                                // Remove array elements to prevent errors
                                unset($GLOBALS['userid']);
-                               unset($_COOKIE['u_hash']);
-                               unset($_COOKIE['lifetime']);
                        }
                }
                 else
                {
                        // Cookie data is invalid!
                        //* DEBUG: */ echo __LINE__."***<br>";
-                       @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-                       @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-                       @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+                       set_session("userid", "", time() - 3600, COOKIE_PATH);
+                       set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+                       set_session("lifetime", "", time() - 3600, COOKIE_PATH);
 
                        // Remove array elements to prevent errors
                        unset($GLOBALS['userid']);
-                       unset($_COOKIE['u_hash']);
-                       unset($_COOKIE['lifetime']);
                }
 
                // Free memory
@@ -604,14 +600,12 @@ function IS_LOGGED_IN()
        {
                // Cookie data is invalid!
                //* DEBUG: */ echo __LINE__."///<br>";
-               @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-               @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-               @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+               set_session("userid", "", time() - 3600, COOKIE_PATH);
+               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
 
                // Remove array elements to prevent errors
                unset($GLOBALS['userid']);
-               unset($_COOKIE['u_hash']);
-               unset($_COOKIE['lifetime']);
        }
        return $ret;
 }
@@ -621,16 +615,16 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
        if (!is_array($LAST)) $LAST = array();
 
        // Are the required cookies set?
-       if ((!isset($GLOBALS['userid'])) || (!isset($_COOKIE['u_hash'])) || (!isset($_COOKIE['lifetime']))) {
+       if ((!isset($GLOBALS['userid'])) || (!isset($_SESSION['u_hash'])) || (!isset($_SESSION['lifetime']))) {
                // Nope, then return here to caller function
                return false;
        } else {
                // Secure user ID
-               $GLOBALS['userid'] = bigintval($_COOKIE['userid']);
+               $GLOBALS['userid'] = bigintval($_SESSION['userid']);
        }
 
        // Extract last online time (life) and how long is auto-login valid (time)
-       $newl = time() + bigintval($_COOKIE['lifetime']);
+       $newl = time() + bigintval($_SESSION['lifetime']);
 
        // Recheck if logged in
        if (!IS_LOGGED_IN()) return false;
@@ -645,7 +639,7 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
                // Maybe first login time?
                if (empty($mod)) $mod = "login";
 
-               if (@setcookie("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && @setcookie("u_hash", SQL_ESCAPE($_COOKIE['u_hash']), $newl, COOKIE_PATH) && @setcookie("lifetime", bigintval($_COOKIE['lifetime']), $newl, COOKIE_PATH)) {
+               if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE($_SESSION['u_hash']), $newl, COOKIE_PATH) && set_session("lifetime", bigintval($_SESSION['lifetime']), $newl, COOKIE_PATH)) {
                        // This will be displayed on welcome page! :-)
                        if (empty($LAST['module'])) {
                                $LAST['module'] = $mod; $LAST['online'] = $onl;
@@ -662,9 +656,9 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
         else
        {
                // Destroy session, we cannot update!
-               @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-               @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-               @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+               set_session("userid", "", time() - 3600, COOKIE_PATH);
+               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
        }
 }
 //
@@ -742,11 +736,11 @@ function SEND_MODE_MAILS($mod, $modes)
                list($hashDB) = SQL_FETCHROW($result_main);
 
                // Extract salt from cookie
-               $salt = substr($_COOKIE['u_hash'], 0, -40);
+               $salt = substr($_SESSION['u_hash'], 0, -40);
 
                // Now let's compare passwords
                $hash = generatePassString($hashDB);
-               if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
+               if (($hash == $_SESSION['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
                        // Load user's data
                        $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
                         array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
@@ -1196,10 +1190,10 @@ function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht)
                // Is administrator
                $ADMIN = 'Y';
        }
-       if (!empty($_COOKIE['refid']))
+       if (!empty($_SESSION['refid']))
        {
                // Check cookie
-               if ($_COOKIE['refid'] > 0) $rid = $GLOBALS['refid'];
+               if ($_SESSION['refid'] > 0) $rid = $GLOBALS['refid'];
        }
 
        // Now Read data
@@ -1516,8 +1510,8 @@ function SUB_JACKPOT($points)
 //
 function IS_DEMO()
 {
-       global $_COOKIE;
-       return ((EXT_IS_ACTIVE("demo")) && ($_COOKIE['admin_login'] == "demo"));
+       global $_SESSION;
+       return ((EXT_IS_ACTIVE("demo")) && ($_SESSION['admin_login'] == "demo"));
 }
 //
 function LOAD_CONFIG($no="0")