X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fsession.php;h=a4ed2cde4dffccf7fd6d42095537776a1d14673c;hp=1d5a04c60b7839f2dcd2527aef3be31b6547e3fd;hb=fa3cca8d61ae4840e6781eb39ed69c9ca89fe172;hpb=addbb8351784d33ba1c7ebc52771defd09ddf2f0 diff --git a/inc/session.php b/inc/session.php index 1d5a04c60b..a4ed2cde4d 100644 --- a/inc/session.php +++ b/inc/session.php @@ -32,8 +32,7 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (!defined('__SECURITY')) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -46,30 +45,28 @@ if (empty($VIEW)) $VIEW = 0; // Skip updating of cookies when viewing a banner if (($VIEW == 1) && ($_SERVER['PHP_SELF'])) return; -// Session management initalization -if (empty($PHPSESSID)) { - // This fixes some strange session cookie problems - if (empty($_COOKIE['PHPSESSID'])) unset($_COOKIE['PHPSESSID']); - @session_start(); - $PHPSESSID = @session_id(); -} else { - @session_id($PHPSESSID); - @session_start(); -} +// Set session save path if set +if (!empty($_CONFIG['session_save_path'])) { + // Please make sure this valid! + @session_save_path($_CONFIG['session_save_path']); +} // END - if -// Store PHPSESSID -@setcookie("PHPSESSID", $PHPSESSID, (time() + $CONFIG['online_timeout']), COOKIE_PATH); +// Start the session +@session_start(); +global $PHPSESSID; +$PHPSESSID = @session_id(); -// Store language code in cookie -@setcookie("mx_lang", $mx_lang, (time() + $CONFIG['online_timeout']), COOKIE_PATH); +// Load extensions here +require_once(PATH."inc/load_extensions.php"); + +// Load language system +require_once(PATH."inc/language.php"); // Check if refid is set -if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click.php")) { +if ((!empty($_GET['user'])) && ($CLICK == 1) && (basename($_SERVER['PHP_SELF']) == "click.php")) { // The variable user comes from the click-counter script click.php and we only accept this here $GLOBALS['refid'] = bigintval($_GET['user']); -} - -if (!empty($_POST['refid'])) { +} elseif (!empty($_POST['refid'])) { // Get referral id from variable refid (so I hope this makes my script more compatible to other scripts) $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_POST['refid'])); } elseif (!empty($_GET['refid'])) { @@ -78,36 +75,50 @@ if (!empty($_POST['refid'])) { } elseif (!empty($_GET['ref'])) { // Set refid=ref (the referral link uses such variable) $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref'])); -} elseif (!empty($_COOKIE['refid'])) { - // Simply reset cookie - $GLOBALS['refid'] = bigintval($_COOKIE['refid']); +} elseif (isSessionVariableSet('refid')) { + // Set session refid als global + $GLOBALS['refid'] = bigintval(get_session('refid')); } elseif (GET_EXT_VERSION("sql_patches") != "") { // Set default refid as refid in URL - $GLOBALS['refid'] = $CONFIG['def_refid']; + $GLOBALS['refid'] = bigintval($_CONFIG['def_refid']); } else { // No default ID when sql_patches is not installed $GLOBALS['refid'] = 0; } // Set cookie when default refid > 0 -if (empty($_COOKIE['refid']) || (!empty($GLOBALS['refid'])) || (($_COOKIE['refid'] == "0") && ($CONFIG['def_refid'] > 0))) { +if (!isSessionVariableSet('refid') || (!empty($GLOBALS['refid'])) || ((get_session('refid') == "0") && (isset($_CONFIG['def_refid'])) && ($_CONFIG['def_refid'] > 0))) { // Set cookie - @setcookie("refid", $GLOBALS['refid'], (time() + $CONFIG['online_timeout']), COOKIE_PATH); -} + set_session('refid', $GLOBALS['refid']); +} // END - if + +// Transfer userid from session and validate it +if (isset($_SESSION['userid'])) { + // Get it secured from session + $GLOBALS['userid'] = bigintval($_SESSION['userid']); -// Test cookies if index.php or modules.php is loaded -if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (mxchange_installing)) -{ - if (count($_COOKIE) > 0) - { - // Cookies accepted! + // Is it valid? + if (!IS_MEMBER()) { + // Then destroy the user id + destroy_user_session(); + + // Kill userid + $GLOBALS['userid'] = 0; + } // END - if +} // END - if + +// Test session if index.php or modules.php is loaded +if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (isBooleanConstantAndTrue('mxchange_installing'))) { + if (count($_SESSION) > 0) { + // Session variables accepted! define('__COOKIES', true); - } - else - { + } else { // Cookies rejected! define('__COOKIES', false); } -} +} // END - if + +//* DEBUG: */ print("
".print_r($_SESSION, true)."
"); + // ?>