cookies rewritten to session
authorRoland Häder <roland@mxchange.org>
Mon, 18 Feb 2008 00:54:03 +0000 (00:54 +0000)
committerRoland Häder <roland@mxchange.org>
Mon, 18 Feb 2008 00:54:03 +0000 (00:54 +0000)
33 files changed:
inc/doubler_send.php
inc/extensions.php
inc/extensions/ext-admins.php
inc/extensions/ext-register.php
inc/extensions/ext-theme.php
inc/functions.php
inc/gen_sql_patches.php
inc/language.php
inc/libs/admins_functions.php
inc/libs/output_functions.php
inc/libs/security_functions.php
inc/libs/task_functions.php
inc/modules/admin.php
inc/modules/admin/admin-inc.php
inc/modules/admin/overview-inc.php
inc/modules/admin/what-add_rallye.php
inc/modules/admin/what-admins_edit.php
inc/modules/admin/what-extensions.php
inc/modules/admin/what-list_task.php
inc/modules/admin/what-theme_edit.php
inc/modules/chk_login.php
inc/modules/guest/what-confirm.php
inc/modules/guest/what-login.php
inc/modules/guest/what-register.php
inc/modules/member/what-logout.php
inc/modules/member/what-mydata.php
inc/modules/member/what-themes.php
inc/mysql-connect.php
inc/mysql-manager.php
inc/session.php
inc/theme-manager.php
index.php
lead-confirm.php

index 7e38020..9763b4e 100644 (file)
@@ -52,7 +52,7 @@ if ($DOUBLER_POINTS == 0)
 // If not currently doubled set it to zero
 unset($_GET['DOUBLER_UID']);
 unset($_POST['DOUBLER_UID']);
-unset($_COOKIE['DOUBLER_UID']);
+unset($_SESSION['DOUBLER_UID']);
 if (empty($DOUBLER_UID)) $DOUBLER_UID = "0";
 
 // Check for doubles which we can pay out
index 6aee0ca..f4a8f7f 100644 (file)
@@ -433,7 +433,7 @@ function EXTENSION_UPDATE($file, $ext, $EXT_VER, $dry_run=false)
                        {
                                // Task not created so it's a brand-new extension which we need to register and create a task for!
                                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created) VALUES ('%s', '0', 'NEW', 'EXTENSION_UPDATE', '%s', '%s', UNIX_TIMESTAMP())",
-                                array(GET_ADMIN_ID(SQL_ESCAPE($_COOKIE['admin_login'])), $ext_subj, addslashes($NOTES)), __FILE__, __LINE__);
+                                array(GET_ADMIN_ID(SQL_ESCAPE($_SESSION['admin_login'])), $ext_subj, addslashes($NOTES)), __FILE__, __LINE__);
                        }
 
                        // Free memory
index 18ac248..ba5b722 100644 (file)
@@ -96,7 +96,7 @@ case "update": // Update an extension
                $SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_admins ADD default_acl enum('deny', 'allow') not null default 'deny'";
 
                // But allow current admin everything (THIS SHALL BE YOU!)
-               $SQLs[] = "UPDATE "._MYSQL_PREFIX."_admins SET default_acl='allow' WHERE login='".$_COOKIE['admin_login']."' LIMIT 1";
+               $SQLs[] = "UPDATE "._MYSQL_PREFIX."_admins SET default_acl='allow' WHERE login='".$_SESSION['admin_login']."' LIMIT 1";
                $SQLs[] = "DROP TABLE IF EXISTS "._MYSQL_PREFIX."_admins_acls";
                $SQLs[] = "CREATE TABLE "._MYSQL_PREFIX."_admins_acls (
 id bigint(20) not null auto_increment,
@@ -267,7 +267,7 @@ PRIMARY KEY (id)
 
        case "0.6.8": // SQL queries for v0.6.8
                // Update notes (these will be set as task text!)
-               $UPDATE_NOTES = "<STRONG>setcookie()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";
+               $UPDATE_NOTES = "<STRONG>set_session()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";
                break;
 
        case "0.6.9": // SQL queries for v0.6.9
index 25efaa1..a4df053 100644 (file)
@@ -292,7 +292,7 @@ PRIMARY KEY(id)
 
        case "0.4.7": // SQL queries for v0.4.7
                // Update notes (these will be set as task text!)
-               $UPDATE_NOTES = "<STRONG>setcookie()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";
+               $UPDATE_NOTES = "<STRONG>set_session()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";
                break;
 
        case "0.4.8": // SQL queries for v0.4.8
index 80e3b92..970fcef 100644 (file)
@@ -94,7 +94,7 @@ case "update": // Update an extension
 
        case "0.0.5": // SQL queries for v0.0.5
                // Update notes (these will be set as task text!)
-               $UPDATE_NOTES = "<STRONG>setcookie()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";
+               $UPDATE_NOTES = "<STRONG>set_session()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";
                break;
 
        case "0.0.6": // SQL queries for v0.0.6
index 456e1a5..c41ca16 100644 (file)
@@ -640,7 +640,7 @@ function TRANSLATE_STATUS($status)
 //
 function GET_LANGUAGE()
 {
-       global $_COOKIE, $_GET;
+       global $_SESSION, $_GET;
 
        if (!empty($_GET['mx_lang']))
        {
@@ -666,10 +666,10 @@ function GET_LANGUAGE()
                        SET_LANGUAGE($lang);
                }
        }
-        elseif (!empty($_COOKIE['mx_lang']))
+        elseif (!empty($_SESSION['mx_lang']))
        {
                // Return stored value from cookie
-               $ret = $_COOKIE['mx_lang'];
+               $ret = $_SESSION['mx_lang'];
        }
        return $ret;
 }
@@ -682,10 +682,10 @@ function SET_LANGUAGE($lang)
        $lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2);
 
        // Set cookie
-       @setcookie("mx_lang", $lang, (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+       set_session("mx_lang", $lang);
 
        // Set array
-       $_COOKIE['mx_lang'] = $lang;
+       $_SESSION['mx_lang'] = $lang;
 }
 //
 function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0")
@@ -701,11 +701,11 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0")
        $HTTP_USER_AGENT  = getenv('HTTP_USER_AGENT');
 
        $ADMIN = MAIN_TITLE;
-       if (!empty($_COOKIE['admin_login']))
+       if (!empty($_SESSION['admin_login']))
        {
                // Load Admin data
                $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                       array(SQL_ESCAPE($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                       array(SQL_ESCAPE($_SESSION['admin_login'])), __FILE__, __LINE__);
                list($ADMIN) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
        }
@@ -1223,11 +1223,11 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="")
        $data   = $code.":".$uid.":".$DATA;
 
        // Add more additional data
-       if (isset($_COOKIE['u_hash']))         $data .= ":".$_COOKIE['u_hash'];
+       if (isset($_SESSION['u_hash']))         $data .= ":".$_SESSION['u_hash'];
        if (isset($GLOBALS['userid']))         $data .= ":".$GLOBALS['userid'];
-       if (isset($_COOKIE['lifetime']))       $data .= ":".$_COOKIE['lifetime'];
-       if (isset($_COOKIE['mxchange_theme'])) $data .= ":".$_COOKIE['mxchange_theme'];
-       if (isset($_COOKIE['mx_lang']))        $data .= ":".$_COOKIE['mx_lang'];
+       if (isset($_SESSION['lifetime']))       $data .= ":".$_SESSION['lifetime'];
+       if (isset($_SESSION['mxchange_theme'])) $data .= ":".$_SESSION['mxchange_theme'];
+       if (isset($_SESSION['mx_lang']))        $data .= ":".$_SESSION['mx_lang'];
        if (isset($GLOBALS['refid']))          $data .= ":".$GLOBALS['refid'];
 
        // Calculate number for generating the code
@@ -2035,8 +2035,8 @@ function FIX_DELETED_COOKIES ($cookies) {
                // Then check all cookies if they are marked as deleted!
                foreach ($cookies as $cookieName) {
                        // Is the cookie set to "deleted"?
-                       if ((isset($_COOKIE[$cookieName])) && ($_COOKIE[$cookieName] == "deleted")) {
-                               unset($_COOKIE[$cookieName]);
+                       if ((isset($_SESSION[$cookieName])) && ($_SESSION[$cookieName] == "deleted")) {
+                               unset($_SESSION[$cookieName]);
                        }
                }
        }
@@ -2084,6 +2084,29 @@ function DISPLAY_PARSING_TIME_FOOTER() {
        LOAD_TEMPLATE("footer_stats", false, $content);
 }
 
+// Unset/set session variables
+function set_session ($var, $value) {
+       global $CSS;
+       // Abort in CSS mode here
+       if ($CSS == 1) return true;
+
+       // Trim value and session variable
+       $var = trim(SQL_ESCAPE($var)); $value = trim($value);
+
+       // Is the session variable set?
+       if (("".$value."" == "") && (isset($_SESSION[$var]))) {
+               // Remove the session
+               //* DEBUG: */ echo "UNSET:".$var."=".$_SESSION[$var]."<br />\n";
+               unset($_SESSION[$var]);
+               return @session_register($var);
+       } elseif (("".$value."" != "") && (!isset($_SESSION[$var]))) {
+               // Set session
+               //* DEBUG: */ echo "SET:".$var."=".$value."<br />\n";
+               $_SESSION[$var] =  $value;
+               return true;
+       }
+}
+
 //
 //////////////////////////////////////////////
 //                                          //
index e5584c7..c638eb4 100644 (file)
@@ -96,9 +96,9 @@ if (empty($_CONFIG['file_hash']))
                 @chmod($file, 0644);
 
                 //* DEBUG: */ unlink($file);
-                //* DEBUG: */ $test = hexdec($_COOKIE['u_hash']) / hexdec($secretKey);
+                //* DEBUG: */ $test = hexdec($_SESSION['u_hash']) / hexdec($secretKey);
                 //* DEBUG: */ $test = generateHash(str_replace('.', '', $test));
-                //* DEBUG: */ die("Secret-Key: ".$secretKey."<br>Cookie: ".$_COOKIE['u_hash']."<br>Test: ".$test);
+                //* DEBUG: */ die("Secret-Key: ".$secretKey."<br>Cookie: ".$_SESSION['u_hash']."<br>Test: ".$test);
 
                 // Write $file_hash to database
                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET file_hash='%s' WHERE config='0' LIMIT 1",
index 89f7bba..4516d20 100644 (file)
@@ -45,7 +45,7 @@ $file = sprintf(PATH."inc/language/%s.php", $mx_lang);
 if (!file_exists($file))
 {
        // Switch to default (DO NOT CHANGE!!!)
-       @setcookie("mx_lang", "de", (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+       set_session("mx_lang", "de");
        $mx_lang = "de";
        $file = sprintf(PATH."inc/language/%s.php", $mx_lang);
 }
index b9ce4dd..dd0b442 100644 (file)
@@ -49,22 +49,22 @@ function ADMINS_CHECK_ACL($act, $wht)
        $ret = false;
 
        // Get admin's defult access right
-       if (!empty($ADMINS['def_acl'][$_COOKIE['admin_login']])) {
+       if (!empty($ADMINS['def_acl'][$_SESSION['admin_login']])) {
                // Load from cache
-               $default = $ADMINS['def_acl'][$_COOKIE['admin_login']];
+               $default = $ADMINS['def_acl'][$_SESSION['admin_login']];
 
                // Count cache hits
                $_CONFIG['cache_hits']++;
        } elseif (!is_object($CACHE)) {
                // Load from database
                $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                array($_COOKIE['admin_login']), __FILE__, __LINE__);
+                array($_SESSION['admin_login']), __FILE__, __LINE__);
                list($default) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
        }
 
        // Get admin's ID
-       $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
+       $aid = GET_ADMIN_ID($_SESSION['admin_login']);
 
        if (!empty($wht))
        {
index 49a2d83..8d64e70 100644 (file)
@@ -77,12 +77,12 @@ function get_template ($template, $return=false, $content="")
 {
        // Add more variables which you want to use in your template files
        global $DATA, $ACTION, $WHAT;
-       $REFID = bigintval($_COOKIE['refid']);
+       $REFID = bigintval($_SESSION['refid']);
 
        if ($template == "member_support_form")
        {
                // Support request of a member
-               $ID = bigintval($_COOKIE['userid']);
+               $ID = bigintval($_SESSION['userid']);
                $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__);
                list($sex, $surname, $family) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
index 73875e3..79599e4 100644 (file)
@@ -82,10 +82,10 @@ if (!isset($_POST))
        global $_POST;
        $_POST = $GLOBALS['_POST'];
 }
-if (!isset($_COOKIE))
+if (!isset($_SESSION))
 {
-       global $_COOKIE;
-       $_COOKIE = $GLOBALS['_COOKIE'];
+       global $_SESSION;
+       $_SESSION = $GLOBALS['_COOKIE'];
 }
 
 // Include IP-Filter here
@@ -172,12 +172,12 @@ if (basename($_SERVER['PHP_SELF']) != "install.php")
        }
 
        // ... and finally cookies
-       foreach ($_COOKIE as $seckey=>$secvalue)
+       foreach ($_SESSION as $seckey=>$secvalue)
        {
                if (is_array($secvalue))
                {
                        // Throw arrays away...
-                       unset($_COOKIE[$seckey]);
+                       unset($_SESSION[$seckey]);
                }
                 else
                {
@@ -185,11 +185,11 @@ if (basename($_SERVER['PHP_SELF']) != "install.php")
                        foreach ($SEC_CHARS['from'] as $key=>$char)
                        {
                                // Pass all through
-                               $_COOKIE[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_COOKIE[$seckey]);
+                               $_SESSION[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_SESSION[$seckey]);
                        }
 
                        // Strip all other out
-                       $_COOKIE[$seckey] = strip_tags($_COOKIE[$seckey]);
+                       $_SESSION[$seckey] = strip_tags($_SESSION[$seckey]);
                }
        }
 }
index 1afe82a..9e07345 100644 (file)
@@ -46,7 +46,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 //
 function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
 {
-       global $_COOKIE, $_CONFIG;
+       global $_SESSION, $_CONFIG;
 
        // Init variables/arrays
        $EXTRAS = ""; $OUT = ""; $SQLs = array(); $WHATs = array(); $DESCRs = array(); $TITLEs = array();
@@ -57,7 +57,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
        if (!$JOBS_DONE) {
                // New extensions or updates found
                $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND status='NEW' AND task_type='EXTENSION_UPDATE'",
-                array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
 
                $value = SQL_NUMROWS($result);
                SQL_FREERESULT($result);
@@ -150,7 +150,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
        // Solved tasks
        //
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE status = 'SOLVED' AND assigned_admin='%s'",
-        array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
        $value = SQL_NUMROWS($result);
        SQL_FREERESULT($result);
 
@@ -164,7 +164,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
        // Your tasks
        //
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND status = 'NEW' AND task_type != 'EXTENSION_UPDATE'",
-        array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
        $value = SQL_NUMROWS($result);
        SQL_FREERESULT($result);
 
index b5b6b02..058b1f8 100644 (file)
@@ -154,10 +154,10 @@ if (!admin_registered)
                LOAD_TEMPLATE("admin_reg_form");
        }
 }
- elseif ((empty($_COOKIE['admin_login'])) || (empty($_COOKIE['admin_md5'])) || (empty($_COOKIE['admin_last'])) || (empty($_COOKIE['admin_to'])) || (($_COOKIE['admin_last'] + bigintval($_COOKIE['admin_to']) * 3600 * 24) < time()))
+ elseif ((empty($_SESSION['admin_login'])) || (empty($_SESSION['admin_md5'])) || (empty($_SESSION['admin_last'])) || (empty($_SESSION['admin_to'])) || (($_SESSION['admin_last'] + bigintval($_SESSION['admin_to']) * 3600 * 24) < time()))
 {
        // At leat one administrator account was created
-       if ((!empty($_COOKIE['admin_login'])) && (!empty($_COOKIE['admin_md5'])) && (!empty($_COOKIE['admin_last'])) && (!empty($_COOKIE['admin_to'])))
+       if ((!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])) && (!empty($_SESSION['admin_last'])) && (!empty($_SESSION['admin_to'])))
        {
                // Timeout for last login, we have to logout first!
                $URL = URL."/modules.php?module=admin&amp;action=login&amp;logout=1";
@@ -180,7 +180,7 @@ if (!admin_registered)
                {
                case "done": // Admin and password are okay, so we log in now
                        $TIMEOUT = time() + (3600 * 24 * $_POST['timeout']);
-                       if ((@setcookie("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_login", $_POST['login'], $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_to", $_POST['timeout'], $TIMEOUT, COOKIE_PATH)))
+                       if ((set_session("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_login", $_POST['login'], $TIMEOUT, COOKIE_PATH)) && (set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_to", $_POST['timeout'], $TIMEOUT, COOKIE_PATH)))
                        {
                                // Construct URL and redirect
                                $URL = URL."/modules.php?module=admin&amp;";
@@ -298,13 +298,13 @@ if (!admin_registered)
  elseif ($_GET['logout'] == "1")
 {
        // Only try to remove cookies
-       if (@setcookie("admin_login", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_md5", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_last", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_to", "", (time() - 3600), COOKIE_PATH))
+       if (set_session("admin_login", "", (time() - 3600), COOKIE_PATH) && set_session("admin_md5", "", (time() - 3600), COOKIE_PATH) && set_session("admin_last", "", (time() - 3600), COOKIE_PATH) && set_session("admin_to", "", (time() - 3600), COOKIE_PATH))
        {
                // Also remove array elements
-               unset($_COOKIE['admin_login']);
-               unset($_COOKIE['admin_md5']);
-               unset($_COOKIE['admin_last']);
-               unset($_COOKIE['admin_to']);
+               unset($_SESSION['admin_login']);
+               unset($_SESSION['admin_md5']);
+               unset($_SESSION['admin_last']);
+               unset($_SESSION['admin_to']);
 
                // Destroy session
                @session_destroy();
@@ -324,13 +324,13 @@ if (!admin_registered)
  else
 {
        // Maybe an Admin want's to login?
-       $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE($_COOKIE['admin_login']), SQL_ESCAPE($_COOKIE['admin_md5']));
+       $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE($_SESSION['admin_login']), SQL_ESCAPE($_SESSION['admin_md5']));
        switch ($ret)
        {
        case "done":
                // Cookie-Data accepted
-               $TIMEOUT = time() + bigintval($_COOKIE['admin_to']);
-               if ((@setcookie("admin_md5", SQL_ESCAPE($_COOKIE['admin_md5']), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_login", SQL_ESCAPE($_COOKIE['admin_login']), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_to", bigintval($_COOKIE['admin_to']), $TIMEOUT, COOKIE_PATH)))
+               $TIMEOUT = time() + bigintval($_SESSION['admin_to']);
+               if ((set_session("admin_md5", SQL_ESCAPE($_SESSION['admin_md5']), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_login", SQL_ESCAPE($_SESSION['admin_login']), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_to", bigintval($_SESSION['admin_to']), $TIMEOUT, COOKIE_PATH)))
                {
                        // Ok, Cookie-Update done
                        if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))
index 9e2e39a..cb17ba3 100644 (file)
@@ -249,8 +249,8 @@ function ADMIN_DO_ACTION($wht)
        $act = GET_ACTION($GLOBALS['module'], $wht);
 
        // Define admin login name and ID number
-       define('__ADMIN_LOGIN', SQL_ESCAPE($_COOKIE['admin_login']));
-       define('__ADMIN_ID'   , GET_ADMIN_ID($_COOKIE['admin_login']));
+       define('__ADMIN_LOGIN', SQL_ESCAPE($_SESSION['admin_login']));
+       define('__ADMIN_ID'   , GET_ADMIN_ID($_SESSION['admin_login']));
 
        // Preload templates
        if (EXT_IS_ACTIVE("admins")) {
@@ -679,23 +679,23 @@ function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user")
 //
 function ADMIN_CHECK_MENU_MODE()
 {
-       global $_CONFIG, $ADMINS, $_COOKIE;
+       global $_CONFIG, $ADMINS, $_SESSION;
 
        // Set the global mode as the mode for all admins
        $MODE = $_CONFIG['admin_menu']; $ADMIN = $MODE;
 
        // Check individual settings of current admin
-       if (isset($ADMINS['la_mode'][$_COOKIE['admin_login']]))
+       if (isset($ADMINS['la_mode'][$_SESSION['admin_login']]))
        {
                // Load from cache
-               $ADMIN = $ADMINS['la_mode'][$_COOKIE['admin_login']];
+               $ADMIN = $ADMINS['la_mode'][$_SESSION['admin_login']];
                $_CONFIG['cache_hits']++;
        }
         elseif (GET_EXT_VERSION("admins") >= "0.6.7")
        {
                // Load from database when version of "admins" is enough
                $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                array($_COOKIE['admin_login']), __FILE__, __LINE__);
+                array($_SESSION['admin_login']), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1)
                {
                        // Load data
index 3568b70..bea4c69 100644 (file)
@@ -44,7 +44,7 @@ function OUTPUT_STANDARD_OVERVIEW(&$result_tasks)
 
        // First check for solved and not assigned tasks and assign them to current admin
        $result_task = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE assigned_admin < 1 AND status != 'NEW'",
-        array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
 
        // We currently don't want to install an extension so let's find out if we need...
        $EXT_LOAD_MODE = "register"; $JOBS_DONE = true;
@@ -111,7 +111,7 @@ function OUTPUT_STANDARD_OVERVIEW(&$result_tasks)
                                        $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created)
 VALUES ('%s', '0', 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())",
  array(
-       GET_ADMIN_ID($_COOKIE['admin_login']),
+       GET_ADMIN_ID($_SESSION['admin_login']),
        $ext_subj,
        addslashes($MSG),
 ),  __FILE__, __LINE__, true, false);
@@ -158,7 +158,7 @@ VALUES ('%s', '0', 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())",
 FROM "._MYSQL_PREFIX."_task_system
 WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')
 ORDER BY userid DESC, task_type DESC, subject, task_created DESC",
-        array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result_tasks) > 0)
        {
                // New jobs found!
@@ -178,7 +178,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                foreach ($_POST['task'] as $id=>$sel)
                {
                        $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",
-                        array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result_task) == 1)
                        {
                                // Task is valid...
@@ -188,7 +188,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                                {
                                        // Assgin current admin to unassgigned task
                                        $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%d LIMIT 1",
-                                        array(GET_ADMIN_ID($_COOKIE['admin_login']), bigintval($tid)), __FILE__, __LINE__);
+                                        array(GET_ADMIN_ID($_SESSION['admin_login']), bigintval($tid)), __FILE__, __LINE__);
                                }
                                $ADD = "";
                                if ($type == "SUPPORT_MEMBER")
@@ -449,7 +449,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
-                                        array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
                                }
                        }
                         elseif (isset($_POST['del']))
@@ -458,13 +458,13 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1",
-                                        array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
                                }
                        }
 
                        // Update query
                        $result_tasks = SQL_QUERY_ESC("SELECT id, assigned_admin, userid, task_type, subject, text, task_created FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW') ORDER BY task_created DESC",
-                        array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
                }
 
                // There are uncompleted jobs!
index 1f831ca..a3b5f79 100644 (file)
@@ -56,7 +56,7 @@ if (isset($_POST['ok']))
                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_data (admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify)
 VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
  array(
-       GET_ADMIN_ID($_COOKIE['admin_login']),
+       GET_ADMIN_ID($_SESSION['admin_login']),
        $_POST['title'],
        $_POST['descr'],
        $_POST['template'],
index 49d9b21..80c4301 100644 (file)
@@ -107,30 +107,30 @@ if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))
                        if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'";
 
                        // Get admin's ID
-                       $salt = substr(GET_ADMIN_HASH($_COOKIE['admin_login']), 0, -40);
-                       $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
+                       $salt = substr(GET_ADMIN_HASH($_SESSION['admin_login']), 0, -40);
+                       $aid = GET_ADMIN_ID($_SESSION['admin_login']);
 
                        // Rewrite cookie when it's own account
                        if ($aid == $id)
                        {
                                // Timeout
-                               $TIMEOUT = time() + bigintval($_COOKIE['admin_to']);
+                               $TIMEOUT = time() + bigintval($_SESSION['admin_to']);
 
                                // Set timeout cookie
-                               @setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH);
+                               set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH);
 
-                               if ($login != $_COOKIE['admin_login'])
+                               if ($login != $_SESSION['admin_login'])
                                {
                                        // Update login cookie
-                                       @setcookie("admin_login", $login, $TIMEOUT, COOKIE_PATH);
+                                       set_session("admin_login", $login, $TIMEOUT, COOKIE_PATH);
 
                                        // Update password cookie as well?
-                                       if (!empty($ADD)) @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
+                                       if (!empty($ADD)) set_session("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
                                }
-                                elseif (generateHash($_POST['pass1'][$id], $salt) != $_COOKIE['admin_md5'])
+                                elseif (generateHash($_POST['pass1'][$id], $salt) != $_SESSION['admin_md5'])
                                {
                                        // Update password cookie
-                                       @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
+                                       set_session("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
                                }
 
                        }
@@ -225,7 +225,7 @@ WHERE id=%d LIMIT 1",
                foreach ($_POST['sel'] as $id=>$del)
                {
                        // Delete only when it's not your own account!
-                       if (($del == 1) && (GET_ADMIN_ID($_COOKIE['admin_login']) != $id))
+                       if (($del == 1) && (GET_ADMIN_ID($_SESSION['admin_login']) != $id))
                        {
                                // Rewrite his tasks to all admins
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",
index 36c06cf..0bff9ad 100644 (file)
@@ -282,7 +282,7 @@ case "overview": // List all registered extensions
 
 case "register": // Register new extension
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND task_type='EXTENSION' LIMIT 1",
-        array(bigintval(GET_ADMIN_ID($_COOKIE['admin_login']))), __FILE__, __LINE__);
+        array(bigintval(GET_ADMIN_ID($_SESSION['admin_login']))), __FILE__, __LINE__);
        $task_found = SQL_NUMROWS($result);
 
        // Free result
index 3d8601c..eeb86ea 100644 (file)
@@ -46,15 +46,15 @@ if (empty($_GET['type'])) $_GET['type'] = "your";
 switch ($_GET['type'])
 {
 case "your": // List only your own open (new) tasks
-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='NEW' AND task_type != 'EXTENSION_UPDATE'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='NEW' AND task_type != 'EXTENSION_UPDATE'";
        break;
 
 case "updates": // List only updates assigned to you
-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='NEW' AND task_type = 'EXTENSION_UPDATE'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='NEW' AND task_type = 'EXTENSION_UPDATE'";
        break;
 
 case "solved": // List only solved tasks assigned to you
-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='SOLVED'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='SOLVED'";
        break;
 
 case "unassigned": // List unassigned (but not deleted) tasks
@@ -66,7 +66,7 @@ case "deleted": // List all deleted
        break;
 
 case "closed": // List all closed
-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='CLOSED'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='CLOSED'";
        break;
 
 default: // Unknown type
@@ -101,7 +101,7 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
-                                        array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);
                                }
                        }
                         elseif (isset($_POST['del']))
index 7b2afc0..cf103df 100644 (file)
@@ -83,8 +83,8 @@ if ($SEL > 0)
 {
        // Save theme
        $POST['default_theme'] = $_GET['default_theme'];
-       @setcookie("mxchange_theme", $POST['default_theme'], (time() + 60*60*24*365), COOKIE_PATH);
-       $_COOKIE['mxchange_theme'] = $POST['default_theme'];
+       set_session("mxchange_theme", $POST['default_theme'], (time() + 60*60*24*365), COOKIE_PATH);
+       $_SESSION['mxchange_theme'] = $POST['default_theme'];
        ADMIN_SAVE_SETTINGS($POST);
 }
 
index f17aad3..e64ac5a 100644 (file)
@@ -42,7 +42,7 @@ OPEN_TABLE("500", "guest_login_header dashed", "center");
 
 OUTPUT_HTML("<br /><STRONG>".VALIDATING_LOGIN."</STRONG><br />");
 
-if (!empty($GLOBALS['userid']) && !empty($_COOKIE['u_hash']) && !empty($_COOKIE['lifetime']))
+if (!empty($GLOBALS['userid']) && !empty($_SESSION['u_hash']) && !empty($_SESSION['lifetime']))
 {
        // Get theme from profile
        $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
@@ -51,8 +51,8 @@ if (!empty($GLOBALS['userid']) && !empty($_COOKIE['u_hash']) && !empty($_COOKIE[
        SQL_FREERESULT($result);
 
        // Change to new theme
-       @setcookie("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
-       $_COOKIE['mxchange_theme'] = $NewTheme;
+       set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
+       $_SESSION['mxchange_theme'] = $NewTheme;
 
        $bonus = false;
        if ((GET_EXT_VERSION("sql_patches") >= "0.2.8") && (GET_EXT_VERSION("bonus") >= "0.2.1") && ($_CONFIG['bonus_login_yn'] == 'N') && ($_CONFIG['bonus_login_yn'] == 'Y')) {
index 3c20c01..3b34f51 100644 (file)
@@ -115,8 +115,8 @@ if (!empty($_GET['hash']))
                        // Account confirmed!
                        if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                                // Set special lead cookie
-                               setcookie("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
-                               $_COOKIE['lead_uid'] = bigintval($uid);
+                               set_session("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
+                               $_SESSION['lead_uid'] = bigintval($uid);
 
                                // Lead-Code mode enabled
                                LOAD_URL("lead-confirm.php");
@@ -127,8 +127,8 @@ if (!empty($_GET['hash']))
                        }
                } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                        // Set special lead cookie
-                       setcookie("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
-                       $_COOKIE['lead_uid'] = bigintval($uid);
+                       set_session("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
+                       $_SESSION['lead_uid'] = bigintval($uid);
 
                        // Lead-Code mode enabled
                        LOAD_URL("lead-confirm.php");
index 75527e5..93fc1bd 100644 (file)
@@ -49,7 +49,7 @@ global $DATA, $FATAL;
 $probe_nickname = false; $UID = false; $hash = "";
 unset($login); unset($online);
 
-if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash'])))
+if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])))
 {
        // Already logged in?
        $UID = $GLOBALS['userid'];
@@ -175,14 +175,14 @@ if (IS_LOGGED_IN())
                                        $hash = generatePassString($hash);
 
                                        // Update cookies
-                                       $login = (@setcookie("userid"  , $UID , $life, COOKIE_PATH)
-                                              && @setcookie("u_hash"  , $hash, $life, COOKIE_PATH)
-                                              && @setcookie("lifetime", $l   , $life, COOKIE_PATH));
+                                       $login = (set_session("userid"  , $UID , $life, COOKIE_PATH)
+                                              && set_session("u_hash"  , $hash, $life, COOKIE_PATH)
+                                              && set_session("lifetime", $l   , $life, COOKIE_PATH));
 
                                        // Update global array
                                        $GLOBALS['userid'] = $UID;
-                                       $_COOKIE['u_hash'] = $hash;
-                                       $_COOKIE['lifetime'] = $l;
+                                       $_SESSION['u_hash'] = $hash;
+                                       $_SESSION['lifetime'] = $l;
                                }
                                 else
                                {
index 7303c48..114694c 100644 (file)
@@ -167,7 +167,7 @@ if (isset($_POST['ok']))
        {
                // Not found so we set your refid!
                $_POST['refid'] = $_CONFIG['def_refid'];
-               @setcookie("refid", $_CONFIG['def_refid'], (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+               set_session("refid", $_CONFIG['def_refid']);
        }
 
        // Free memory
index 26c468e..797f8e2 100644 (file)
@@ -50,10 +50,10 @@ $URL = URL."/modules.php?module=index";
 // NEW: Fixed the Set of Cookies, you mus add right TimeSet, if you changed it in What_login.php! (eg. time()- cookieTime
 
 
-if (@setcookie("userid", "", time() - 3600, COOKIE_PATH) && @setcookie("u_hash", "", time() - 3600, COOKIE_PATH) && @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH))
+if (set_session("userid", "", time() - 3600, COOKIE_PATH) && set_session("u_hash", "", time() - 3600, COOKIE_PATH) && set_session("lifetime", "", time() - 3600, COOKIE_PATH))
 {
        // Remove theme cookie as well
-       @setcookie("mxchange_theme", "", time() - 3600, COOKIE_PATH);
+       set_session("mxchange_theme", "", time() - 3600, COOKIE_PATH);
 
        // Logout completed
        $URL .= "&msg=".CODE_LOGOUT_DONE;
index 70f63e3..2a13fa1 100644 (file)
@@ -275,7 +275,7 @@ WHERE userid=%d AND password='%s' LIMIT 1",
   bigintval($_POST['year']),
   bigintval($_POST['max_mails']),
   UID_VALUE,
-  $_COOKIE['u_hash']
+  $_SESSION['u_hash']
  ), __FILE__, __LINE__);
                        }
                         else
@@ -306,7 +306,7 @@ WHERE userid=%d AND password='%s' LIMIT 1",
   bigintval($_POST['year']),
   bigintval($_POST['max_mails']),
   UID_VALUE,
-  $_COOKIE['u_hash']
+  $_SESSION['u_hash']
  ), __FILE__, __LINE__);
                        }
 
index 7404646..0e25541 100644 (file)
@@ -55,8 +55,8 @@ if (!empty($_POST['member_theme']))
        $NewTheme = $_POST['member_theme'];
 
        // Change to new theme
-       @setcookie("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
-       $_COOKIE['mxchange_theme'] = $NewTheme;
+       set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
+       $_SESSION['mxchange_theme'] = $NewTheme;
 
        // Theme saved!
        LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_THEME_SAVED);
@@ -110,7 +110,7 @@ $OUT = ""; $SW = 2;
 foreach ($THEMES['theme_unix'] as $key=>$unix)
 {
        $default = "";
-       if ($_COOKIE['mxchange_theme'] == $unix) $default = " checked selected";
+       if ($_SESSION['mxchange_theme'] == $unix) $default = " checked selected";
 
        // Add row
        $OUT .= "<TR>
index 2ce61d8..5cb91d0 100644 (file)
@@ -161,10 +161,10 @@ if ((!mxchange_installing) && (mxchange_installed))
                                        UPDATE_LOGIN_DATA();
 
                                        // Get session ID
-                                       if (empty($_COOKIE['PHPSESSID'])) $_COOKIE['PHPSESSID'] = session_id();
+                                       if (empty($_SESSION['PHPSESSID'])) $_SESSION['PHPSESSID'] = session_id();
 
                                        // Update online list
-                                       UPDATE_ONLINE_LIST($_COOKIE['PHPSESSID'], $GLOBALS['module'], $GLOBALS['action'], $GLOBALS['what']);
+                                       UPDATE_ONLINE_LIST($_SESSION['PHPSESSID'], $GLOBALS['module'], $GLOBALS['action'], $GLOBALS['what']);
 
                                        // Load theme name
                                        $CurrTheme = GET_CURR_THEME();
index 92292cf..bbd581d 100644 (file)
@@ -389,14 +389,14 @@ function ADD_MENU($MODE, $act, $wht) {
 // This patched function will reduce many SELECT queries for the specified or current admin login
 function IS_ADMIN($admin="")
 {
-       global $_COOKIE, $ADMINS, $_CONFIG;
+       global $_SESSION, $ADMINS, $_CONFIG;
        $ret = false; $passCookie = ""; $valPass = "";
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."<br />";
 
        // If admin login is not given take current from cookies...
-       if ((empty($admin)) && (!empty($_COOKIE['admin_login'])) && (!empty($_COOKIE['admin_md5'])))
+       if ((empty($admin)) && (!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])))
        {
-               $admin = SQL_ESCAPE($_COOKIE['admin_login']); $passCookie = $_COOKIE['admin_md5'];
+               $admin = SQL_ESCAPE($_SESSION['admin_login']); $passCookie = $_SESSION['admin_md5'];
        }
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 
@@ -538,7 +538,7 @@ function WHAT_IS_VALID($act, $wht, $type="guest")
 //
 function IS_LOGGED_IN()
 {
-       global $_COOKIE, $status, $LAST;
+       global $_SESSION, $status, $LAST;
        if (!is_array($LAST)) $LAST = array();
        $ret = false;
 
@@ -546,7 +546,7 @@ function IS_LOGGED_IN()
        FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime'));
 
        // Are cookies set?
-       if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash'])) && (!empty($_COOKIE['lifetime'])) && (defined('COOKIE_PATH')))
+       if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])) && (!empty($_SESSION['lifetime'])) && (defined('COOKIE_PATH')))
        {
                // Cookies are set with values, but are they valid?
                $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
@@ -563,8 +563,8 @@ function IS_LOGGED_IN()
                        if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
 
                        // So did we now have valid data and an unlocked user?
-                       //* DEBUG: */ echo $valPass."<br>".$_COOKIE['u_hash']."<br>";
-                       if (($status == "CONFIRMED") && ($valPass == $_COOKIE['u_hash']))
+                       //* DEBUG: */ echo $valPass."<br>".$_SESSION['u_hash']."<br>";
+                       if (($status == "CONFIRMED") && ($valPass == $_SESSION['u_hash']))
                        {
                                // Account is confirmed and all cookie data is valid so he is definely logged in! :-)
                                $ret = true;
@@ -573,28 +573,24 @@ function IS_LOGGED_IN()
                        {
                                // Maybe got locked etc.
                                //* DEBUG: */ echo __LINE__."!!!<br>";
-                               @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-                               @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-                               @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+                               set_session("userid", "", time() - 3600, COOKIE_PATH);
+                               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+                               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
 
                                // Remove array elements to prevent errors
                                unset($GLOBALS['userid']);
-                               unset($_COOKIE['u_hash']);
-                               unset($_COOKIE['lifetime']);
                        }
                }
                 else
                {
                        // Cookie data is invalid!
                        //* DEBUG: */ echo __LINE__."***<br>";
-                       @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-                       @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-                       @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+                       set_session("userid", "", time() - 3600, COOKIE_PATH);
+                       set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+                       set_session("lifetime", "", time() - 3600, COOKIE_PATH);
 
                        // Remove array elements to prevent errors
                        unset($GLOBALS['userid']);
-                       unset($_COOKIE['u_hash']);
-                       unset($_COOKIE['lifetime']);
                }
 
                // Free memory
@@ -604,14 +600,12 @@ function IS_LOGGED_IN()
        {
                // Cookie data is invalid!
                //* DEBUG: */ echo __LINE__."///<br>";
-               @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-               @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-               @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+               set_session("userid", "", time() - 3600, COOKIE_PATH);
+               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
 
                // Remove array elements to prevent errors
                unset($GLOBALS['userid']);
-               unset($_COOKIE['u_hash']);
-               unset($_COOKIE['lifetime']);
        }
        return $ret;
 }
@@ -621,16 +615,16 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
        if (!is_array($LAST)) $LAST = array();
 
        // Are the required cookies set?
-       if ((!isset($GLOBALS['userid'])) || (!isset($_COOKIE['u_hash'])) || (!isset($_COOKIE['lifetime']))) {
+       if ((!isset($GLOBALS['userid'])) || (!isset($_SESSION['u_hash'])) || (!isset($_SESSION['lifetime']))) {
                // Nope, then return here to caller function
                return false;
        } else {
                // Secure user ID
-               $GLOBALS['userid'] = bigintval($_COOKIE['userid']);
+               $GLOBALS['userid'] = bigintval($_SESSION['userid']);
        }
 
        // Extract last online time (life) and how long is auto-login valid (time)
-       $newl = time() + bigintval($_COOKIE['lifetime']);
+       $newl = time() + bigintval($_SESSION['lifetime']);
 
        // Recheck if logged in
        if (!IS_LOGGED_IN()) return false;
@@ -645,7 +639,7 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
                // Maybe first login time?
                if (empty($mod)) $mod = "login";
 
-               if (@setcookie("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && @setcookie("u_hash", SQL_ESCAPE($_COOKIE['u_hash']), $newl, COOKIE_PATH) && @setcookie("lifetime", bigintval($_COOKIE['lifetime']), $newl, COOKIE_PATH)) {
+               if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE($_SESSION['u_hash']), $newl, COOKIE_PATH) && set_session("lifetime", bigintval($_SESSION['lifetime']), $newl, COOKIE_PATH)) {
                        // This will be displayed on welcome page! :-)
                        if (empty($LAST['module'])) {
                                $LAST['module'] = $mod; $LAST['online'] = $onl;
@@ -662,9 +656,9 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
         else
        {
                // Destroy session, we cannot update!
-               @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-               @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-               @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+               set_session("userid", "", time() - 3600, COOKIE_PATH);
+               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+               set_session("lifetime", "", time() - 3600, COOKIE_PATH);
        }
 }
 //
@@ -742,11 +736,11 @@ function SEND_MODE_MAILS($mod, $modes)
                list($hashDB) = SQL_FETCHROW($result_main);
 
                // Extract salt from cookie
-               $salt = substr($_COOKIE['u_hash'], 0, -40);
+               $salt = substr($_SESSION['u_hash'], 0, -40);
 
                // Now let's compare passwords
                $hash = generatePassString($hashDB);
-               if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
+               if (($hash == $_SESSION['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
                        // Load user's data
                        $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
                         array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
@@ -1196,10 +1190,10 @@ function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht)
                // Is administrator
                $ADMIN = 'Y';
        }
-       if (!empty($_COOKIE['refid']))
+       if (!empty($_SESSION['refid']))
        {
                // Check cookie
-               if ($_COOKIE['refid'] > 0) $rid = $GLOBALS['refid'];
+               if ($_SESSION['refid'] > 0) $rid = $GLOBALS['refid'];
        }
 
        // Now Read data
@@ -1516,8 +1510,8 @@ function SUB_JACKPOT($points)
 //
 function IS_DEMO()
 {
-       global $_COOKIE;
-       return ((EXT_IS_ACTIVE("demo")) && ($_COOKIE['admin_login'] == "demo"));
+       global $_SESSION;
+       return ((EXT_IS_ACTIVE("demo")) && ($_SESSION['admin_login'] == "demo"));
 }
 //
 function LOAD_CONFIG($no="0")
index 49d7c98..268c2d4 100644 (file)
@@ -46,22 +46,12 @@ if (empty($VIEW))  $VIEW  = 0;
 // Skip updating of cookies when viewing a banner
 if (($VIEW == 1) && ($_SERVER['PHP_SELF'])) return;
 
-// Session management initalization
-if (empty($PHPSESSID)) {
-       // This fixes some strange session cookie problems
-       if (empty($_COOKIE['PHPSESSID'])) unset($_COOKIE['PHPSESSID']);
-       @session_start();
-       $PHPSESSID = @session_id();
-} else {
-       @session_id($PHPSESSID);
-       @session_start();
-}
-
-// Store PHPSESSID
-@setcookie("PHPSESSID", $PHPSESSID, (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+// Start the session
+@session_start();
+$PHPSESSID = @session_id();
 
 // Store language code in cookie
-@setcookie("mx_lang", $mx_lang, (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+set_session("mx_lang", $mx_lang);
 
 // Check if refid is set
 if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click.php")) {
@@ -78,9 +68,9 @@ if (!empty($_POST['refid'])) {
 } elseif (!empty($_GET['ref'])) {
        // Set refid=ref (the referral link uses such variable)
        $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref']));
-} elseif (!empty($_COOKIE['refid'])) {
+} elseif (!empty($_SESSION['refid'])) {
        // Simply reset cookie
-       $GLOBALS['refid'] = bigintval($_COOKIE['refid']);
+       $GLOBALS['refid'] = bigintval($_SESSION['refid']);
 } elseif (GET_EXT_VERSION("sql_patches") != "") {
        // Set default refid as refid in URL
        $GLOBALS['refid'] = $_CONFIG['def_refid'];
@@ -90,15 +80,15 @@ if (!empty($_POST['refid'])) {
 }
 
 // Set cookie when default refid > 0
-if (empty($_COOKIE['refid']) || (!empty($GLOBALS['refid'])) || (($_COOKIE['refid'] == "0") && ($_CONFIG['def_refid'] > 0))) {
+if (empty($_SESSION['refid']) || (!empty($GLOBALS['refid'])) || (($_SESSION['refid'] == "0") && ($_CONFIG['def_refid'] > 0))) {
        // Set cookie
-       @setcookie("refid", $GLOBALS['refid'], (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+       set_session("refid", $GLOBALS['refid']);
 }
 
 // Test cookies if index.php or modules.php is loaded
 if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (mxchange_installing))
 {
-       if (count($_COOKIE) > 0)
+       if (count($_SESSION) > 0)
        {
                // Cookies accepted!
                define('__COOKIES', true);
index c188a19..81e2fad 100644 (file)
@@ -48,15 +48,15 @@ function GET_CURR_THEME() {
        // Load default theme if not empty from configuration
        if (!empty($_CONFIG['default_theme'])) $ret = $_CONFIG['default_theme'];
 
-       if (empty($_COOKIE['mxchange_theme'])) {
+       if (empty($_SESSION['mxchange_theme'])) {
                // Set default theme
-               @setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
-       } elseif ((!empty($_COOKIE['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {
+               set_session("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
+       } elseif ((!empty($_SESSION['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {
                // Get theme from cookie
-               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($_COOKIE['mxchange_theme']), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($_SESSION['mxchange_theme']), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Design is valid!
-                       $ret = $_COOKIE['mxchange_theme'];
+                       $ret = $_SESSION['mxchange_theme'];
                }
 
                // Free memory
@@ -68,19 +68,19 @@ function GET_CURR_THEME() {
                // Installation mode active
                if ((!empty($_GET['theme'])) && (file_exists($theme)) && (is_readable($theme))) {
                        // Set cookie from URL data
-                       @setcookie("mxchange_theme", $_GET['theme'], (time() + 60*60*24*365), COOKIE_PATH);
-                       $_COOKIE['mxchange_theme'] = $_GET['theme'];
+                       set_session("mxchange_theme", $_GET['theme'], (time() + 60*60*24*365), COOKIE_PATH);
+                       $_SESSION['mxchange_theme'] = $_GET['theme'];
                } elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php")) {
                        // Set cookie from posted data
-                       @setcookie("mxchange_theme", $_POST['theme'], (time() + 60*60*24*365), COOKIE_PATH);
-                       $_COOKIE['mxchange_theme'] = $_POST['theme'];
+                       set_session("mxchange_theme", $_POST['theme'], (time() + 60*60*24*365), COOKIE_PATH);
+                       $_SESSION['mxchange_theme'] = $_POST['theme'];
                }
 
                // Set return value
-               $ret = $_COOKIE['mxchange_theme'];
+               $ret = $_SESSION['mxchange_theme'];
        } else {
                // Invalid design, reset cookie
-               @setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
+               set_session("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
        }
 
        // Add (maybe) found theme.php file to inclusion list
@@ -151,7 +151,7 @@ if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $CurrTheme))
        $NewTheme = $_POST['new_theme'];
 
        // Change to new theme
-       @setcookie("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
+       set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
 
        // Remove current from array and set new
        $theme = PATH."theme/".$CurrTheme."/theme.php";
index 07097cf..d2ade5d 100644 (file)
--- a/index.php
+++ b/index.php
@@ -55,14 +55,14 @@ if (defined('mxchange_installed') && (mxchange_installed)) {
        if (!isset($_CONFIG['index_cookie']))   $_CONFIG['index_cookie'] = 0;
 
        // Check for cookies
-       if ((empty($_COOKIE['visited'])) || ($_CONFIG['index_delay'] == 0) || ($_CONFIG['index_cookie'] == 0)) {
+       if ((empty($_SESSION['visited'])) || ($_CONFIG['index_delay'] == 0) || ($_CONFIG['index_cookie'] == 0)) {
                // Is the index page configured for redirect pr not?
                if ($_CONFIG['index_cookie'] > 0) {
                        // Set cookie and remeber it for specified time
-                       @setcookie("visited", "true", (time() + $_CONFIG['index_cookie']), COOKIE_PATH);
-               } elseif (!empty($_COOKIE['visited'])) {
+                       set_session("visited", "true", (time() + $_CONFIG['index_cookie']), COOKIE_PATH);
+               } elseif (!empty($_SESSION['visited'])) {
                        // Remove cookie when admin set 0 in setup
-                       @setcookie("visited", "", (time() - 3600), COOKIE_PATH);
+                       set_session("visited", "", (time() - 3600), COOKIE_PATH);
                }
 
                // Template laden
index e04ea25..389f3a1 100644 (file)
@@ -57,13 +57,13 @@ if (defined('mxchange_installed') && (mxchange_installed)) {
        );
 
        // Is the cookie set?
-       if (isset($_COOKIE['lead_uid'])) {
+       if (isset($_SESSION['lead_uid'])) {
                // Is the user-account unlocked and valid?
                $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
-                       array(bigintval($_COOKIE['lead_uid'])), __FILE__, __LINE__);
+                       array(bigintval($_SESSION['lead_uid'])), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Secure the ID number
-                       $content['lead_uid'] = bigintval($_COOKIE['lead_uid']);
+                       $content['lead_uid'] = bigintval($_SESSION['lead_uid']);
 
                        // Load the email address
                        list($content['lead_email']) = COMPILE_CODE(SQL_FETCHROW($result));