cookies rewritten to session

diff --git a/inc/doubler_send.php b/inc/doubler_send.php
index 7e38020dcf3ce0dff4870d8b3a1f8042d1e58026..9763b4e8bfbcdbc7ccd170b245c42e9cd184301c 100644 (file)
--- a/inc/doubler_send.php
+++ b/inc/doubler_send.php
@@ -52,7 +52,7 @@ if ($DOUBLER_POINTS == 0)
 // If not currently doubled set it to zero
 unset($_GET['DOUBLER_UID']);
 unset($_POST['DOUBLER_UID']);
 // If not currently doubled set it to zero
 unset($_GET['DOUBLER_UID']);
 unset($_POST['DOUBLER_UID']);

-unset($_COOKIE['DOUBLER_UID']);
+unset($_SESSION['DOUBLER_UID']);

 if (empty($DOUBLER_UID)) $DOUBLER_UID = "0";
 
 // Check for doubles which we can pay out
 if (empty($DOUBLER_UID)) $DOUBLER_UID = "0";
 
 // Check for doubles which we can pay out

diff --git a/inc/extensions.php b/inc/extensions.php
index 6aee0ca33c5e28589c7a70d4977ccabcf0bc7445..f4a8f7fbd579e84002d2c9d73cd50077ad33ec4c 100644 (file)
--- a/inc/extensions.php
+++ b/inc/extensions.php
@@ -433,7 +433,7 @@ function EXTENSION_UPDATE($file, $ext, $EXT_VER, $dry_run=false)
                        {
                                // Task not created so it's a brand-new extension which we need to register and create a task for!
                                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created) VALUES ('%s', '0', 'NEW', 'EXTENSION_UPDATE', '%s', '%s', UNIX_TIMESTAMP())",
                        {
                                // Task not created so it's a brand-new extension which we need to register and create a task for!
                                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created) VALUES ('%s', '0', 'NEW', 'EXTENSION_UPDATE', '%s', '%s', UNIX_TIMESTAMP())",

-                                array(GET_ADMIN_ID(SQL_ESCAPE($_COOKIE['admin_login'])), $ext_subj, addslashes($NOTES)), __FILE__, __LINE__);
+                                array(GET_ADMIN_ID(SQL_ESCAPE($_SESSION['admin_login'])), $ext_subj, addslashes($NOTES)), __FILE__, __LINE__);

                        }
 
                        // Free memory
                        }
 
                        // Free memory

diff --git a/inc/extensions/ext-admins.php b/inc/extensions/ext-admins.php
index 18ac24865b3a70d6eb0248184dd9d7060782593d..ba5b7225b298bbc04216713bb9127792a6b6034b 100644 (file)
--- a/inc/extensions/ext-admins.php
+++ b/inc/extensions/ext-admins.php
@@ -96,7 +96,7 @@ case "update": // Update an extension
                $SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_admins ADD default_acl enum('deny', 'allow') not null default 'deny'";
 
                // But allow current admin everything (THIS SHALL BE YOU!)
                $SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_admins ADD default_acl enum('deny', 'allow') not null default 'deny'";
 
                // But allow current admin everything (THIS SHALL BE YOU!)

-               $SQLs[] = "UPDATE "._MYSQL_PREFIX."_admins SET default_acl='allow' WHERE login='".$_COOKIE['admin_login']."' LIMIT 1";
+               $SQLs[] = "UPDATE "._MYSQL_PREFIX."_admins SET default_acl='allow' WHERE login='".$_SESSION['admin_login']."' LIMIT 1";

                $SQLs[] = "DROP TABLE IF EXISTS "._MYSQL_PREFIX."_admins_acls";
                $SQLs[] = "CREATE TABLE "._MYSQL_PREFIX."_admins_acls (
 id bigint(20) not null auto_increment,
                $SQLs[] = "DROP TABLE IF EXISTS "._MYSQL_PREFIX."_admins_acls";
                $SQLs[] = "CREATE TABLE "._MYSQL_PREFIX."_admins_acls (
 id bigint(20) not null auto_increment,


@@ -267,7 +267,7 @@ PRIMARY KEY (id)
 
        case "0.6.8": // SQL queries for v0.6.8
                // Update notes (these will be set as task text!)
 
        case "0.6.8": // SQL queries for v0.6.8
                // Update notes (these will be set as task text!)

-               $UPDATE_NOTES = "<STRONG>setcookie()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";
+               $UPDATE_NOTES = "<STRONG>set_session()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";

                break;
 
        case "0.6.9": // SQL queries for v0.6.9
                break;
 
        case "0.6.9": // SQL queries for v0.6.9

diff --git a/inc/extensions/ext-register.php b/inc/extensions/ext-register.php
index 25efaa16d8d774e172a9dae041191b779ffe3333..a4df053cdfdc20d8940da475b4e3c617d59c6b90 100644 (file)
--- a/inc/extensions/ext-register.php
+++ b/inc/extensions/ext-register.php
@@ -292,7 +292,7 @@ PRIMARY KEY(id)
 
        case "0.4.7": // SQL queries for v0.4.7
                // Update notes (these will be set as task text!)
 
        case "0.4.7": // SQL queries for v0.4.7
                // Update notes (these will be set as task text!)

-               $UPDATE_NOTES = "<STRONG>setcookie()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";
+               $UPDATE_NOTES = "<STRONG>set_session()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";

                break;
 
        case "0.4.8": // SQL queries for v0.4.8
                break;
 
        case "0.4.8": // SQL queries for v0.4.8

diff --git a/inc/extensions/ext-theme.php b/inc/extensions/ext-theme.php
index 80e3b925f2f8a45bc8bab777ab9bf089fc91421e..970fcef79901b259413081ea41021811586fb1ce 100644 (file)
--- a/inc/extensions/ext-theme.php
+++ b/inc/extensions/ext-theme.php
@@ -94,7 +94,7 @@ case "update": // Update an extension
 
        case "0.0.5": // SQL queries for v0.0.5
                // Update notes (these will be set as task text!)
 
        case "0.0.5": // SQL queries for v0.0.5
                // Update notes (these will be set as task text!)

-               $UPDATE_NOTES = "<STRONG>setcookie()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";
+               $UPDATE_NOTES = "<STRONG>set_session()</STRONG> mit @-Zeichen gegen ungewollte Ausgaben abgesichert.";

                break;
 
        case "0.0.6": // SQL queries for v0.0.6
                break;
 
        case "0.0.6": // SQL queries for v0.0.6

diff --git a/inc/functions.php b/inc/functions.php
index 456e1a5bf8cf84b77c8ba63c8fa3766281ba8afb..c41ca16b82f1967d71ee8c5b9641185bb6078aa5 100644 (file)
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -640,7 +640,7 @@ function TRANSLATE_STATUS($status)
 //
 function GET_LANGUAGE()
 {
 //
 function GET_LANGUAGE()
 {

-       global $_COOKIE, $_GET;
+       global $_SESSION, $_GET;

 
        if (!empty($_GET['mx_lang']))
        {
 
        if (!empty($_GET['mx_lang']))
        {


@@ -666,10 +666,10 @@ function GET_LANGUAGE()
                        SET_LANGUAGE($lang);
                }
        }
                        SET_LANGUAGE($lang);
                }
        }

-        elseif (!empty($_COOKIE['mx_lang']))
+        elseif (!empty($_SESSION['mx_lang']))

        {
                // Return stored value from cookie
        {
                // Return stored value from cookie

-               $ret = $_COOKIE['mx_lang'];
+               $ret = $_SESSION['mx_lang'];

        }
        return $ret;
 }
        }
        return $ret;
 }


@@ -682,10 +682,10 @@ function SET_LANGUAGE($lang)
        $lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2);
 
        // Set cookie
        $lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2);
 
        // Set cookie

-       @setcookie("mx_lang", $lang, (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+       set_session("mx_lang", $lang);

 
        // Set array
 
        // Set array

-       $_COOKIE['mx_lang'] = $lang;
+       $_SESSION['mx_lang'] = $lang;

 }
 //
 function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0")
 }
 //
 function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0")


@@ -701,11 +701,11 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0")
        $HTTP_USER_AGENT  = getenv('HTTP_USER_AGENT');
 
        $ADMIN = MAIN_TITLE;
        $HTTP_USER_AGENT  = getenv('HTTP_USER_AGENT');
 
        $ADMIN = MAIN_TITLE;

-       if (!empty($_COOKIE['admin_login']))
+       if (!empty($_SESSION['admin_login']))

        {
                // Load Admin data
                $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
        {
                // Load Admin data
                $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",

-                       array(SQL_ESCAPE($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                       array(SQL_ESCAPE($_SESSION['admin_login'])), __FILE__, __LINE__);

                list($ADMIN) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
        }
                list($ADMIN) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
        }


@@ -1223,11 +1223,11 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="")
        $data   = $code.":".$uid.":".$DATA;
 
        // Add more additional data
        $data   = $code.":".$uid.":".$DATA;
 
        // Add more additional data

-       if (isset($_COOKIE['u_hash']))         $data .= ":".$_COOKIE['u_hash'];
+       if (isset($_SESSION['u_hash']))         $data .= ":".$_SESSION['u_hash'];

        if (isset($GLOBALS['userid']))         $data .= ":".$GLOBALS['userid'];
        if (isset($GLOBALS['userid']))         $data .= ":".$GLOBALS['userid'];

-       if (isset($_COOKIE['lifetime']))       $data .= ":".$_COOKIE['lifetime'];
-       if (isset($_COOKIE['mxchange_theme'])) $data .= ":".$_COOKIE['mxchange_theme'];
-       if (isset($_COOKIE['mx_lang']))        $data .= ":".$_COOKIE['mx_lang'];
+       if (isset($_SESSION['lifetime']))       $data .= ":".$_SESSION['lifetime'];
+       if (isset($_SESSION['mxchange_theme'])) $data .= ":".$_SESSION['mxchange_theme'];
+       if (isset($_SESSION['mx_lang']))        $data .= ":".$_SESSION['mx_lang'];

        if (isset($GLOBALS['refid']))          $data .= ":".$GLOBALS['refid'];
 
        // Calculate number for generating the code
        if (isset($GLOBALS['refid']))          $data .= ":".$GLOBALS['refid'];
 
        // Calculate number for generating the code


@@ -2035,8 +2035,8 @@ function FIX_DELETED_COOKIES ($cookies) {
                // Then check all cookies if they are marked as deleted!
                foreach ($cookies as $cookieName) {
                        // Is the cookie set to "deleted"?
                // Then check all cookies if they are marked as deleted!
                foreach ($cookies as $cookieName) {
                        // Is the cookie set to "deleted"?

-                       if ((isset($_COOKIE[$cookieName])) && ($_COOKIE[$cookieName] == "deleted")) {
-                               unset($_COOKIE[$cookieName]);
+                       if ((isset($_SESSION[$cookieName])) && ($_SESSION[$cookieName] == "deleted")) {
+                               unset($_SESSION[$cookieName]);

                        }
                }
        }
                        }
                }
        }


@@ -2084,6 +2084,29 @@ function DISPLAY_PARSING_TIME_FOOTER() {
        LOAD_TEMPLATE("footer_stats", false, $content);
 }
 
        LOAD_TEMPLATE("footer_stats", false, $content);
 }
 

+// Unset/set session variables
+function set_session ($var, $value) {
+       global $CSS;
+       // Abort in CSS mode here
+       if ($CSS == 1) return true;
+
+       // Trim value and session variable
+       $var = trim(SQL_ESCAPE($var)); $value = trim($value);
+
+       // Is the session variable set?
+       if (("".$value."" == "") && (isset($_SESSION[$var]))) {
+               // Remove the session
+               //* DEBUG: */ echo "UNSET:".$var."=".$_SESSION[$var]."<br />\n";
+               unset($_SESSION[$var]);
+               return @session_register($var);
+       } elseif (("".$value."" != "") && (!isset($_SESSION[$var]))) {
+               // Set session
+               //* DEBUG: */ echo "SET:".$var."=".$value."<br />\n";
+               $_SESSION[$var] =  $value;
+               return true;
+       }
+}
+

 //
 //////////////////////////////////////////////
 //                                          //
 //
 //////////////////////////////////////////////
 //                                          //

diff --git a/inc/gen_sql_patches.php b/inc/gen_sql_patches.php
index e5584c7474d628c2c0e85d3df3fae151259052ee..c638eb4b5a26ee2d9114a2fa515cc16cf861bf7c 100644 (file)
--- a/inc/gen_sql_patches.php
+++ b/inc/gen_sql_patches.php
@@ -96,9 +96,9 @@ if (empty($_CONFIG['file_hash']))
                 @chmod($file, 0644);
 
                 //* DEBUG: */ unlink($file);
                 @chmod($file, 0644);
 
                 //* DEBUG: */ unlink($file);

-                //* DEBUG: */ $test = hexdec($_COOKIE['u_hash']) / hexdec($secretKey);
+                //* DEBUG: */ $test = hexdec($_SESSION['u_hash']) / hexdec($secretKey);

                 //* DEBUG: */ $test = generateHash(str_replace('.', '', $test));
                 //* DEBUG: */ $test = generateHash(str_replace('.', '', $test));

-                //* DEBUG: */ die("Secret-Key: ".$secretKey."<br>Cookie: ".$_COOKIE['u_hash']."<br>Test: ".$test);
+                //* DEBUG: */ die("Secret-Key: ".$secretKey."<br>Cookie: ".$_SESSION['u_hash']."<br>Test: ".$test);

 
                 // Write $file_hash to database
                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET file_hash='%s' WHERE config='0' LIMIT 1",
 
                 // Write $file_hash to database
                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET file_hash='%s' WHERE config='0' LIMIT 1",

diff --git a/inc/language.php b/inc/language.php
index 89f7bba9ead15a2bc5e3e94dbc07acca0328f1ef..4516d20bec9fe07bdd1caf60f82e77ea556fc0d6 100644 (file)
--- a/inc/language.php
+++ b/inc/language.php
@@ -45,7 +45,7 @@ $file = sprintf(PATH."inc/language/%s.php", $mx_lang);
 if (!file_exists($file))
 {
        // Switch to default (DO NOT CHANGE!!!)
 if (!file_exists($file))
 {
        // Switch to default (DO NOT CHANGE!!!)

-       @setcookie("mx_lang", "de", (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+       set_session("mx_lang", "de");

        $mx_lang = "de";
        $file = sprintf(PATH."inc/language/%s.php", $mx_lang);
 }
        $mx_lang = "de";
        $file = sprintf(PATH."inc/language/%s.php", $mx_lang);
 }

diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php
index b9ce4dd9718c9ab237bac105a9dac61cdca1db4e..dd0b4422ca6e45d4bd7a5ce9eb041f88382e342a 100644 (file)
--- a/inc/libs/admins_functions.php
+++ b/inc/libs/admins_functions.php
@@ -49,22 +49,22 @@ function ADMINS_CHECK_ACL($act, $wht)
        $ret = false;
 
        // Get admin's defult access right
        $ret = false;
 
        // Get admin's defult access right

-       if (!empty($ADMINS['def_acl'][$_COOKIE['admin_login']])) {
+       if (!empty($ADMINS['def_acl'][$_SESSION['admin_login']])) {

                // Load from cache
                // Load from cache

-               $default = $ADMINS['def_acl'][$_COOKIE['admin_login']];
+               $default = $ADMINS['def_acl'][$_SESSION['admin_login']];

 
                // Count cache hits
                $_CONFIG['cache_hits']++;
        } elseif (!is_object($CACHE)) {
                // Load from database
                $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
 
                // Count cache hits
                $_CONFIG['cache_hits']++;
        } elseif (!is_object($CACHE)) {
                // Load from database
                $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",

-                array($_COOKIE['admin_login']), __FILE__, __LINE__);
+                array($_SESSION['admin_login']), __FILE__, __LINE__);

                list($default) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
        }
 
        // Get admin's ID
                list($default) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
        }
 
        // Get admin's ID

-       $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
+       $aid = GET_ADMIN_ID($_SESSION['admin_login']);

 
        if (!empty($wht))
        {
 
        if (!empty($wht))
        {

diff --git a/inc/libs/output_functions.php b/inc/libs/output_functions.php
index 49a2d8385fa577721e7658c861e9f8491f1a82af..8d64e7023e74a155456b7f7f6e5b1818e5caf768 100644 (file)
--- a/inc/libs/output_functions.php
+++ b/inc/libs/output_functions.php
@@ -77,12 +77,12 @@ function get_template ($template, $return=false, $content="")
 {
        // Add more variables which you want to use in your template files
        global $DATA, $ACTION, $WHAT;
 {
        // Add more variables which you want to use in your template files
        global $DATA, $ACTION, $WHAT;

-       $REFID = bigintval($_COOKIE['refid']);
+       $REFID = bigintval($_SESSION['refid']);

 
        if ($template == "member_support_form")
        {
                // Support request of a member
 
        if ($template == "member_support_form")
        {
                // Support request of a member

-               $ID = bigintval($_COOKIE['userid']);
+               $ID = bigintval($_SESSION['userid']);

                $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__);
                list($sex, $surname, $family) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
                $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__);
                list($sex, $surname, $family) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);

diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php
index 73875e3bcb3d9258d69c80934a0cc5435116aac1..79599e4558dd6ace5280466af69a3b894f3ac18d 100644 (file)
--- a/inc/libs/security_functions.php
+++ b/inc/libs/security_functions.php
@@ -82,10 +82,10 @@ if (!isset($_POST))
        global $_POST;
        $_POST = $GLOBALS['_POST'];
 }
        global $_POST;
        $_POST = $GLOBALS['_POST'];
 }

-if (!isset($_COOKIE))
+if (!isset($_SESSION))

 {
 {

-       global $_COOKIE;
-       $_COOKIE = $GLOBALS['_COOKIE'];
+       global $_SESSION;
+       $_SESSION = $GLOBALS['_COOKIE'];

 }
 
 // Include IP-Filter here
 }
 
 // Include IP-Filter here


@@ -172,12 +172,12 @@ if (basename($_SERVER['PHP_SELF']) != "install.php")
        }
 
        // ... and finally cookies
        }
 
        // ... and finally cookies

-       foreach ($_COOKIE as $seckey=>$secvalue)
+       foreach ($_SESSION as $seckey=>$secvalue)

        {
                if (is_array($secvalue))
                {
                        // Throw arrays away...
        {
                if (is_array($secvalue))
                {
                        // Throw arrays away...

-                       unset($_COOKIE[$seckey]);
+                       unset($_SESSION[$seckey]);

                }
                 else
                {
                }
                 else
                {


@@ -185,11 +185,11 @@ if (basename($_SERVER['PHP_SELF']) != "install.php")
                        foreach ($SEC_CHARS['from'] as $key=>$char)
                        {
                                // Pass all through
                        foreach ($SEC_CHARS['from'] as $key=>$char)
                        {
                                // Pass all through

-                               $_COOKIE[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_COOKIE[$seckey]);
+                               $_SESSION[$seckey] = str_replace($char  , $SEC_CHARS['to'][$key], $_SESSION[$seckey]);

                        }
 
                        // Strip all other out
                        }
 
                        // Strip all other out

-                       $_COOKIE[$seckey] = strip_tags($_COOKIE[$seckey]);
+                       $_SESSION[$seckey] = strip_tags($_SESSION[$seckey]);

                }
        }
 }
                }
        }
 }

diff --git a/inc/libs/task_functions.php b/inc/libs/task_functions.php
index 1afe82a27c1dc7ca6869dc1cede10e23e2b4eddb..9e073455fc2aa4d54db331066434afc3144bb659 100644 (file)
--- a/inc/libs/task_functions.php
+++ b/inc/libs/task_functions.php
@@ -46,7 +46,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 //
 function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
 {
 //
 function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
 {

-       global $_COOKIE, $_CONFIG;
+       global $_SESSION, $_CONFIG;

 
        // Init variables/arrays
        $EXTRAS = ""; $OUT = ""; $SQLs = array(); $WHATs = array(); $DESCRs = array(); $TITLEs = array();
 
        // Init variables/arrays
        $EXTRAS = ""; $OUT = ""; $SQLs = array(); $WHATs = array(); $DESCRs = array(); $TITLEs = array();


@@ -57,7 +57,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
        if (!$JOBS_DONE) {
                // New extensions or updates found
                $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND status='NEW' AND task_type='EXTENSION_UPDATE'",
        if (!$JOBS_DONE) {
                // New extensions or updates found
                $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND status='NEW' AND task_type='EXTENSION_UPDATE'",

-                array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);

 
                $value = SQL_NUMROWS($result);
                SQL_FREERESULT($result);
 
                $value = SQL_NUMROWS($result);
                SQL_FREERESULT($result);


@@ -150,7 +150,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
        // Solved tasks
        //
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE status = 'SOLVED' AND assigned_admin='%s'",
        // Solved tasks
        //
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE status = 'SOLVED' AND assigned_admin='%s'",

-        array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);

        $value = SQL_NUMROWS($result);
        SQL_FREERESULT($result);
 
        $value = SQL_NUMROWS($result);
        SQL_FREERESULT($result);
 


@@ -164,7 +164,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main)
        // Your tasks
        //
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND status = 'NEW' AND task_type != 'EXTENSION_UPDATE'",
        // Your tasks
        //
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND status = 'NEW' AND task_type != 'EXTENSION_UPDATE'",

-        array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);

        $value = SQL_NUMROWS($result);
        SQL_FREERESULT($result);
 
        $value = SQL_NUMROWS($result);
        SQL_FREERESULT($result);
 

diff --git a/inc/modules/admin.php b/inc/modules/admin.php
index b5b6b02582a31bbd2e46e69dcb736983b2a5b88d..058b1f8f0ef42e08344990ab2f7b616a23624a8f 100644 (file)
--- a/inc/modules/admin.php
+++ b/inc/modules/admin.php
@@ -154,10 +154,10 @@ if (!admin_registered)
                LOAD_TEMPLATE("admin_reg_form");
        }
 }
                LOAD_TEMPLATE("admin_reg_form");
        }
 }

- elseif ((empty($_COOKIE['admin_login'])) || (empty($_COOKIE['admin_md5'])) || (empty($_COOKIE['admin_last'])) || (empty($_COOKIE['admin_to'])) || (($_COOKIE['admin_last'] + bigintval($_COOKIE['admin_to']) * 3600 * 24) < time()))
+ elseif ((empty($_SESSION['admin_login'])) || (empty($_SESSION['admin_md5'])) || (empty($_SESSION['admin_last'])) || (empty($_SESSION['admin_to'])) || (($_SESSION['admin_last'] + bigintval($_SESSION['admin_to']) * 3600 * 24) < time()))

 {
        // At leat one administrator account was created
 {
        // At leat one administrator account was created

-       if ((!empty($_COOKIE['admin_login'])) && (!empty($_COOKIE['admin_md5'])) && (!empty($_COOKIE['admin_last'])) && (!empty($_COOKIE['admin_to'])))
+       if ((!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])) && (!empty($_SESSION['admin_last'])) && (!empty($_SESSION['admin_to'])))

        {
                // Timeout for last login, we have to logout first!
                $URL = URL."/modules.php?module=admin&amp;action=login&amp;logout=1";
        {
                // Timeout for last login, we have to logout first!
                $URL = URL."/modules.php?module=admin&amp;action=login&amp;logout=1";


@@ -180,7 +180,7 @@ if (!admin_registered)
                {
                case "done": // Admin and password are okay, so we log in now
                        $TIMEOUT = time() + (3600 * 24 * $_POST['timeout']);
                {
                case "done": // Admin and password are okay, so we log in now
                        $TIMEOUT = time() + (3600 * 24 * $_POST['timeout']);

-                       if ((@setcookie("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_login", $_POST['login'], $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_to", $_POST['timeout'], $TIMEOUT, COOKIE_PATH)))
+                       if ((set_session("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_login", $_POST['login'], $TIMEOUT, COOKIE_PATH)) && (set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_to", $_POST['timeout'], $TIMEOUT, COOKIE_PATH)))

                        {
                                // Construct URL and redirect
                                $URL = URL."/modules.php?module=admin&amp;";
                        {
                                // Construct URL and redirect
                                $URL = URL."/modules.php?module=admin&amp;";


@@ -298,13 +298,13 @@ if (!admin_registered)
  elseif ($_GET['logout'] == "1")
 {
        // Only try to remove cookies
  elseif ($_GET['logout'] == "1")
 {
        // Only try to remove cookies

-       if (@setcookie("admin_login", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_md5", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_last", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_to", "", (time() - 3600), COOKIE_PATH))
+       if (set_session("admin_login", "", (time() - 3600), COOKIE_PATH) && set_session("admin_md5", "", (time() - 3600), COOKIE_PATH) && set_session("admin_last", "", (time() - 3600), COOKIE_PATH) && set_session("admin_to", "", (time() - 3600), COOKIE_PATH))

        {
                // Also remove array elements
        {
                // Also remove array elements

-               unset($_COOKIE['admin_login']);
-               unset($_COOKIE['admin_md5']);
-               unset($_COOKIE['admin_last']);
-               unset($_COOKIE['admin_to']);
+               unset($_SESSION['admin_login']);
+               unset($_SESSION['admin_md5']);
+               unset($_SESSION['admin_last']);
+               unset($_SESSION['admin_to']);

 
                // Destroy session
                @session_destroy();
 
                // Destroy session
                @session_destroy();


@@ -324,13 +324,13 @@ if (!admin_registered)
  else
 {
        // Maybe an Admin want's to login?
  else
 {
        // Maybe an Admin want's to login?

-       $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE($_COOKIE['admin_login']), SQL_ESCAPE($_COOKIE['admin_md5']));
+       $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE($_SESSION['admin_login']), SQL_ESCAPE($_SESSION['admin_md5']));

        switch ($ret)
        {
        case "done":
                // Cookie-Data accepted
        switch ($ret)
        {
        case "done":
                // Cookie-Data accepted

-               $TIMEOUT = time() + bigintval($_COOKIE['admin_to']);
-               if ((@setcookie("admin_md5", SQL_ESCAPE($_COOKIE['admin_md5']), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_login", SQL_ESCAPE($_COOKIE['admin_login']), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_to", bigintval($_COOKIE['admin_to']), $TIMEOUT, COOKIE_PATH)))
+               $TIMEOUT = time() + bigintval($_SESSION['admin_to']);
+               if ((set_session("admin_md5", SQL_ESCAPE($_SESSION['admin_md5']), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_login", SQL_ESCAPE($_SESSION['admin_login']), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_to", bigintval($_SESSION['admin_to']), $TIMEOUT, COOKIE_PATH)))

                {
                        // Ok, Cookie-Update done
                        if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))
                {
                        // Ok, Cookie-Update done
                        if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 9e2e39a423da4f3f4c8646bd4dc6727e15c89a44..cb17ba380cafae6ce4333fc4375bd1839a3cd176 100644 (file)
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -249,8 +249,8 @@ function ADMIN_DO_ACTION($wht)
        $act = GET_ACTION($GLOBALS['module'], $wht);
 
        // Define admin login name and ID number
        $act = GET_ACTION($GLOBALS['module'], $wht);
 
        // Define admin login name and ID number

-       define('__ADMIN_LOGIN', SQL_ESCAPE($_COOKIE['admin_login']));
-       define('__ADMIN_ID'   , GET_ADMIN_ID($_COOKIE['admin_login']));
+       define('__ADMIN_LOGIN', SQL_ESCAPE($_SESSION['admin_login']));
+       define('__ADMIN_ID'   , GET_ADMIN_ID($_SESSION['admin_login']));

 
        // Preload templates
        if (EXT_IS_ACTIVE("admins")) {
 
        // Preload templates
        if (EXT_IS_ACTIVE("admins")) {


@@ -679,23 +679,23 @@ function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user")
 //
 function ADMIN_CHECK_MENU_MODE()
 {
 //
 function ADMIN_CHECK_MENU_MODE()
 {

-       global $_CONFIG, $ADMINS, $_COOKIE;
+       global $_CONFIG, $ADMINS, $_SESSION;

 
        // Set the global mode as the mode for all admins
        $MODE = $_CONFIG['admin_menu']; $ADMIN = $MODE;
 
        // Check individual settings of current admin
 
        // Set the global mode as the mode for all admins
        $MODE = $_CONFIG['admin_menu']; $ADMIN = $MODE;
 
        // Check individual settings of current admin

-       if (isset($ADMINS['la_mode'][$_COOKIE['admin_login']]))
+       if (isset($ADMINS['la_mode'][$_SESSION['admin_login']]))

        {
                // Load from cache
        {
                // Load from cache

-               $ADMIN = $ADMINS['la_mode'][$_COOKIE['admin_login']];
+               $ADMIN = $ADMINS['la_mode'][$_SESSION['admin_login']];

                $_CONFIG['cache_hits']++;
        }
         elseif (GET_EXT_VERSION("admins") >= "0.6.7")
        {
                // Load from database when version of "admins" is enough
                $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
                $_CONFIG['cache_hits']++;
        }
         elseif (GET_EXT_VERSION("admins") >= "0.6.7")
        {
                // Load from database when version of "admins" is enough
                $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",

-                array($_COOKIE['admin_login']), __FILE__, __LINE__);
+                array($_SESSION['admin_login']), __FILE__, __LINE__);

                if (SQL_NUMROWS($result) == 1)
                {
                        // Load data
                if (SQL_NUMROWS($result) == 1)
                {
                        // Load data

diff --git a/inc/modules/admin/overview-inc.php b/inc/modules/admin/overview-inc.php
index 3568b70afb07d667dd572d38098b3043c5c2f0f8..bea4c69967b3bce17228a93bbe516308c3b4c59a 100644 (file)
--- a/inc/modules/admin/overview-inc.php
+++ b/inc/modules/admin/overview-inc.php
@@ -44,7 +44,7 @@ function OUTPUT_STANDARD_OVERVIEW(&$result_tasks)
 
        // First check for solved and not assigned tasks and assign them to current admin
        $result_task = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE assigned_admin < 1 AND status != 'NEW'",
 
        // First check for solved and not assigned tasks and assign them to current admin
        $result_task = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE assigned_admin < 1 AND status != 'NEW'",

-        array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);

 
        // We currently don't want to install an extension so let's find out if we need...
        $EXT_LOAD_MODE = "register"; $JOBS_DONE = true;
 
        // We currently don't want to install an extension so let's find out if we need...
        $EXT_LOAD_MODE = "register"; $JOBS_DONE = true;


@@ -111,7 +111,7 @@ function OUTPUT_STANDARD_OVERVIEW(&$result_tasks)
                                        $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created)
 VALUES ('%s', '0', 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())",
  array(
                                        $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created)
 VALUES ('%s', '0', 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())",
  array(

-       GET_ADMIN_ID($_COOKIE['admin_login']),
+       GET_ADMIN_ID($_SESSION['admin_login']),

        $ext_subj,
        addslashes($MSG),
 ),  __FILE__, __LINE__, true, false);
        $ext_subj,
        addslashes($MSG),
 ),  __FILE__, __LINE__, true, false);


@@ -158,7 +158,7 @@ VALUES ('%s', '0', 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())",
 FROM "._MYSQL_PREFIX."_task_system
 WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')
 ORDER BY userid DESC, task_type DESC, subject, task_created DESC",
 FROM "._MYSQL_PREFIX."_task_system
 WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')
 ORDER BY userid DESC, task_type DESC, subject, task_created DESC",

-        array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);

        if (SQL_NUMROWS($result_tasks) > 0)
        {
                // New jobs found!
        if (SQL_NUMROWS($result_tasks) > 0)
        {
                // New jobs found!


@@ -178,7 +178,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                foreach ($_POST['task'] as $id=>$sel)
                {
                        $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",
                foreach ($_POST['task'] as $id=>$sel)
                {
                        $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",

-                        array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);

                        if (SQL_NUMROWS($result_task) == 1)
                        {
                                // Task is valid...
                        if (SQL_NUMROWS($result_task) == 1)
                        {
                                // Task is valid...


@@ -188,7 +188,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                                {
                                        // Assgin current admin to unassgigned task
                                        $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%d LIMIT 1",
                                {
                                        // Assgin current admin to unassgigned task
                                        $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%d LIMIT 1",

-                                        array(GET_ADMIN_ID($_COOKIE['admin_login']), bigintval($tid)), __FILE__, __LINE__);
+                                        array(GET_ADMIN_ID($_SESSION['admin_login']), bigintval($tid)), __FILE__, __LINE__);

                                }
                                $ADD = "";
                                if ($type == "SUPPORT_MEMBER")
                                }
                                $ADD = "";
                                if ($type == "SUPPORT_MEMBER")


@@ -449,7 +449,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",

-                                        array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);

                                }
                        }
                         elseif (isset($_POST['del']))
                                }
                        }
                         elseif (isset($_POST['del']))


@@ -458,13 +458,13 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks)
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1",
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1",

-                                        array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);

                                }
                        }
 
                        // Update query
                        $result_tasks = SQL_QUERY_ESC("SELECT id, assigned_admin, userid, task_type, subject, text, task_created FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW') ORDER BY task_created DESC",
                                }
                        }
 
                        // Update query
                        $result_tasks = SQL_QUERY_ESC("SELECT id, assigned_admin, userid, task_type, subject, text, task_created FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW') ORDER BY task_created DESC",

-                        array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                        array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);

                }
 
                // There are uncompleted jobs!
                }
 
                // There are uncompleted jobs!

diff --git a/inc/modules/admin/what-add_rallye.php b/inc/modules/admin/what-add_rallye.php
index 1f831ca13bde8d24cdf8e7b97aa7010bf1add825..a3b5f799c114424e95fd5188cec39f31f00d0227 100644 (file)
--- a/inc/modules/admin/what-add_rallye.php
+++ b/inc/modules/admin/what-add_rallye.php
@@ -56,7 +56,7 @@ if (isset($_POST['ok']))
                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_data (admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify)
 VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
  array(
                $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_data (admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify)
 VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
  array(

-       GET_ADMIN_ID($_COOKIE['admin_login']),
+       GET_ADMIN_ID($_SESSION['admin_login']),

        $_POST['title'],
        $_POST['descr'],
        $_POST['template'],
        $_POST['title'],
        $_POST['descr'],
        $_POST['template'],

diff --git a/inc/modules/admin/what-admins_edit.php b/inc/modules/admin/what-admins_edit.php
index 49d9b2108aa916be35c486387192db7b0aa9d10f..80c4301711d7d339af2d98c019523b4b37b6b22f 100644 (file)
--- a/inc/modules/admin/what-admins_edit.php
+++ b/inc/modules/admin/what-admins_edit.php
@@ -107,30 +107,30 @@ if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))
                        if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'";
 
                        // Get admin's ID
                        if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'";
 
                        // Get admin's ID

-                       $salt = substr(GET_ADMIN_HASH($_COOKIE['admin_login']), 0, -40);
-                       $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
+                       $salt = substr(GET_ADMIN_HASH($_SESSION['admin_login']), 0, -40);
+                       $aid = GET_ADMIN_ID($_SESSION['admin_login']);

 
                        // Rewrite cookie when it's own account
                        if ($aid == $id)
                        {
                                // Timeout
 
                        // Rewrite cookie when it's own account
                        if ($aid == $id)
                        {
                                // Timeout

-                               $TIMEOUT = time() + bigintval($_COOKIE['admin_to']);
+                               $TIMEOUT = time() + bigintval($_SESSION['admin_to']);

 
                                // Set timeout cookie
 
                                // Set timeout cookie

-                               @setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH);
+                               set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH);

 
 

-                               if ($login != $_COOKIE['admin_login'])
+                               if ($login != $_SESSION['admin_login'])

                                {
                                        // Update login cookie
                                {
                                        // Update login cookie

-                                       @setcookie("admin_login", $login, $TIMEOUT, COOKIE_PATH);
+                                       set_session("admin_login", $login, $TIMEOUT, COOKIE_PATH);

 
                                        // Update password cookie as well?
 
                                        // Update password cookie as well?

-                                       if (!empty($ADD)) @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
+                                       if (!empty($ADD)) set_session("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);

                                }
                                }

-                                elseif (generateHash($_POST['pass1'][$id], $salt) != $_COOKIE['admin_md5'])
+                                elseif (generateHash($_POST['pass1'][$id], $salt) != $_SESSION['admin_md5'])

                                {
                                        // Update password cookie
                                {
                                        // Update password cookie

-                                       @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
+                                       set_session("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);

                                }
 
                        }
                                }
 
                        }


@@ -225,7 +225,7 @@ WHERE id=%d LIMIT 1",
                foreach ($_POST['sel'] as $id=>$del)
                {
                        // Delete only when it's not your own account!
                foreach ($_POST['sel'] as $id=>$del)
                {
                        // Delete only when it's not your own account!

-                       if (($del == 1) && (GET_ADMIN_ID($_COOKIE['admin_login']) != $id))
+                       if (($del == 1) && (GET_ADMIN_ID($_SESSION['admin_login']) != $id))

                        {
                                // Rewrite his tasks to all admins
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",
                        {
                                // Rewrite his tasks to all admins
                                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",

diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php
index 36c06cf9c77b2a164d7474554d7968cc0bb1b8f3..0bff9ad22c1e379a7b7a78be1bc62a504b07538f 100644 (file)
--- a/inc/modules/admin/what-extensions.php
+++ b/inc/modules/admin/what-extensions.php
@@ -282,7 +282,7 @@ case "overview": // List all registered extensions
 
 case "register": // Register new extension
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND task_type='EXTENSION' LIMIT 1",
 
 case "register": // Register new extension
        $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND task_type='EXTENSION' LIMIT 1",

-        array(bigintval(GET_ADMIN_ID($_COOKIE['admin_login']))), __FILE__, __LINE__);
+        array(bigintval(GET_ADMIN_ID($_SESSION['admin_login']))), __FILE__, __LINE__);

        $task_found = SQL_NUMROWS($result);
 
        // Free result
        $task_found = SQL_NUMROWS($result);
 
        // Free result

diff --git a/inc/modules/admin/what-list_task.php b/inc/modules/admin/what-list_task.php
index 3d8601cf28ee1e4bdad7a4341fc9b5ac08873e2e..eeb86ea83761db4b56cf9da30b4c81c23f6685d8 100644 (file)
--- a/inc/modules/admin/what-list_task.php
+++ b/inc/modules/admin/what-list_task.php
@@ -46,15 +46,15 @@ if (empty($_GET['type'])) $_GET['type'] = "your";
 switch ($_GET['type'])
 {
 case "your": // List only your own open (new) tasks
 switch ($_GET['type'])
 {
 case "your": // List only your own open (new) tasks

-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='NEW' AND task_type != 'EXTENSION_UPDATE'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='NEW' AND task_type != 'EXTENSION_UPDATE'";

        break;
 
 case "updates": // List only updates assigned to you
        break;
 
 case "updates": // List only updates assigned to you

-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='NEW' AND task_type = 'EXTENSION_UPDATE'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='NEW' AND task_type = 'EXTENSION_UPDATE'";

        break;
 
 case "solved": // List only solved tasks assigned to you
        break;
 
 case "solved": // List only solved tasks assigned to you

-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='SOLVED'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='SOLVED'";

        break;
 
 case "unassigned": // List unassigned (but not deleted) tasks
        break;
 
 case "unassigned": // List unassigned (but not deleted) tasks


@@ -66,7 +66,7 @@ case "deleted": // List all deleted
        break;
 
 case "closed": // List all closed
        break;
 
 case "closed": // List all closed

-       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='CLOSED'";
+       $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='CLOSED'";

        break;
 
 default: // Unknown type
        break;
 
 default: // Unknown type


@@ -101,7 +101,7 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",
                                foreach ($_POST['task'] as $id=>$sel)
                                {
                                        $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1",

-                                        array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__);
+                                        array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__);

                                }
                        }
                         elseif (isset($_POST['del']))
                                }
                        }
                         elseif (isset($_POST['del']))

diff --git a/inc/modules/admin/what-theme_edit.php b/inc/modules/admin/what-theme_edit.php
index 7b2afc072f296eec2ddf8ca82ce039dd3bbf973d..cf103df5d2938b6670793e1aaf45033e3c3f6aae 100644 (file)
--- a/inc/modules/admin/what-theme_edit.php
+++ b/inc/modules/admin/what-theme_edit.php
@@ -83,8 +83,8 @@ if ($SEL > 0)
 {
        // Save theme
        $POST['default_theme'] = $_GET['default_theme'];
 {
        // Save theme
        $POST['default_theme'] = $_GET['default_theme'];

-       @setcookie("mxchange_theme", $POST['default_theme'], (time() + 60*60*24*365), COOKIE_PATH);
-       $_COOKIE['mxchange_theme'] = $POST['default_theme'];
+       set_session("mxchange_theme", $POST['default_theme'], (time() + 60*60*24*365), COOKIE_PATH);
+       $_SESSION['mxchange_theme'] = $POST['default_theme'];

        ADMIN_SAVE_SETTINGS($POST);
 }
 
        ADMIN_SAVE_SETTINGS($POST);
 }
 

diff --git a/inc/modules/chk_login.php b/inc/modules/chk_login.php
index f17aad35c5c14603d602cb85f5b78909a5df9a94..e64ac5ab9ed785146f166b522b91f1f142be68e7 100644 (file)
--- a/inc/modules/chk_login.php
+++ b/inc/modules/chk_login.php
@@ -42,7 +42,7 @@ OPEN_TABLE("500", "guest_login_header dashed", "center");
 
 OUTPUT_HTML("<br /><STRONG>".VALIDATING_LOGIN."</STRONG><br />");
 
 
 OUTPUT_HTML("<br /><STRONG>".VALIDATING_LOGIN."</STRONG><br />");
 

-if (!empty($GLOBALS['userid']) && !empty($_COOKIE['u_hash']) && !empty($_COOKIE['lifetime']))
+if (!empty($GLOBALS['userid']) && !empty($_SESSION['u_hash']) && !empty($_SESSION['lifetime']))

 {
        // Get theme from profile
        $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
 {
        // Get theme from profile
        $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",


@@ -51,8 +51,8 @@ if (!empty($GLOBALS['userid']) && !empty($_COOKIE['u_hash']) && !empty($_COOKIE[
        SQL_FREERESULT($result);
 
        // Change to new theme
        SQL_FREERESULT($result);
 
        // Change to new theme

-       @setcookie("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
-       $_COOKIE['mxchange_theme'] = $NewTheme;
+       set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
+       $_SESSION['mxchange_theme'] = $NewTheme;

 
        $bonus = false;
        if ((GET_EXT_VERSION("sql_patches") >= "0.2.8") && (GET_EXT_VERSION("bonus") >= "0.2.1") && ($_CONFIG['bonus_login_yn'] == 'N') && ($_CONFIG['bonus_login_yn'] == 'Y')) {
 
        $bonus = false;
        if ((GET_EXT_VERSION("sql_patches") >= "0.2.8") && (GET_EXT_VERSION("bonus") >= "0.2.1") && ($_CONFIG['bonus_login_yn'] == 'N') && ($_CONFIG['bonus_login_yn'] == 'Y')) {

diff --git a/inc/modules/guest/what-confirm.php b/inc/modules/guest/what-confirm.php
index 3c20c0156d25a1f6c7447663f89bd57d03782c85..3b34f5197aefa229f9d1281e633fc4666d702426 100644 (file)
--- a/inc/modules/guest/what-confirm.php
+++ b/inc/modules/guest/what-confirm.php
@@ -115,8 +115,8 @@ if (!empty($_GET['hash']))
                        // Account confirmed!
                        if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                                // Set special lead cookie
                        // Account confirmed!
                        if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                                // Set special lead cookie

-                               setcookie("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
-                               $_COOKIE['lead_uid'] = bigintval($uid);
+                               set_session("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
+                               $_SESSION['lead_uid'] = bigintval($uid);

 
                                // Lead-Code mode enabled
                                LOAD_URL("lead-confirm.php");
 
                                // Lead-Code mode enabled
                                LOAD_URL("lead-confirm.php");


@@ -127,8 +127,8 @@ if (!empty($_GET['hash']))
                        }
                } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                        // Set special lead cookie
                        }
                } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) {
                        // Set special lead cookie

-                       setcookie("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
-                       $_COOKIE['lead_uid'] = bigintval($uid);
+                       set_session("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH);
+                       $_SESSION['lead_uid'] = bigintval($uid);

 
                        // Lead-Code mode enabled
                        LOAD_URL("lead-confirm.php");
 
                        // Lead-Code mode enabled
                        LOAD_URL("lead-confirm.php");

diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php
index 75527e51ba03e55ffaab621877794cc9209319a5..93fc1bd2cf185c7a94977abc8d3a2c4e84b92b2f 100644 (file)
--- a/inc/modules/guest/what-login.php
+++ b/inc/modules/guest/what-login.php
@@ -49,7 +49,7 @@ global $DATA, $FATAL;
 $probe_nickname = false; $UID = false; $hash = "";
 unset($login); unset($online);
 
 $probe_nickname = false; $UID = false; $hash = "";
 unset($login); unset($online);
 

-if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash'])))
+if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])))

 {
        // Already logged in?
        $UID = $GLOBALS['userid'];
 {
        // Already logged in?
        $UID = $GLOBALS['userid'];


@@ -175,14 +175,14 @@ if (IS_LOGGED_IN())
                                        $hash = generatePassString($hash);
 
                                        // Update cookies
                                        $hash = generatePassString($hash);
 
                                        // Update cookies

-                                       $login = (@setcookie("userid"  , $UID , $life, COOKIE_PATH)
-                                              && @setcookie("u_hash"  , $hash, $life, COOKIE_PATH)
-                                              && @setcookie("lifetime", $l   , $life, COOKIE_PATH));
+                                       $login = (set_session("userid"  , $UID , $life, COOKIE_PATH)
+                                              && set_session("u_hash"  , $hash, $life, COOKIE_PATH)
+                                              && set_session("lifetime", $l   , $life, COOKIE_PATH));

 
                                        // Update global array
                                        $GLOBALS['userid'] = $UID;
 
                                        // Update global array
                                        $GLOBALS['userid'] = $UID;

-                                       $_COOKIE['u_hash'] = $hash;
-                                       $_COOKIE['lifetime'] = $l;
+                                       $_SESSION['u_hash'] = $hash;
+                                       $_SESSION['lifetime'] = $l;

                                }
                                 else
                                {
                                }
                                 else
                                {

diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php
index 7303c4895d832b45a1285ba1aa44cfd5763e9ab5..114694c8b6dd51ab012f66f0a11d7a4893bcf828 100644 (file)
--- a/inc/modules/guest/what-register.php
+++ b/inc/modules/guest/what-register.php
@@ -167,7 +167,7 @@ if (isset($_POST['ok']))
        {
                // Not found so we set your refid!
                $_POST['refid'] = $_CONFIG['def_refid'];
        {
                // Not found so we set your refid!
                $_POST['refid'] = $_CONFIG['def_refid'];

-               @setcookie("refid", $_CONFIG['def_refid'], (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+               set_session("refid", $_CONFIG['def_refid']);

        }
 
        // Free memory
        }
 
        // Free memory

diff --git a/inc/modules/member/what-logout.php b/inc/modules/member/what-logout.php
index 26c468efc41487da75c1415e6798341411faf0bf..797f8e262dd4e7fcf06fc66ead931e53b9045502 100644 (file)
--- a/inc/modules/member/what-logout.php
+++ b/inc/modules/member/what-logout.php
@@ -50,10 +50,10 @@ $URL = URL."/modules.php?module=index";
 // NEW: Fixed the Set of Cookies, you mus add right TimeSet, if you changed it in What_login.php! (eg. time()- cookieTime
 
 
 // NEW: Fixed the Set of Cookies, you mus add right TimeSet, if you changed it in What_login.php! (eg. time()- cookieTime
 
 

-if (@setcookie("userid", "", time() - 3600, COOKIE_PATH) && @setcookie("u_hash", "", time() - 3600, COOKIE_PATH) && @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH))
+if (set_session("userid", "", time() - 3600, COOKIE_PATH) && set_session("u_hash", "", time() - 3600, COOKIE_PATH) && set_session("lifetime", "", time() - 3600, COOKIE_PATH))

 {
        // Remove theme cookie as well
 {
        // Remove theme cookie as well

-       @setcookie("mxchange_theme", "", time() - 3600, COOKIE_PATH);
+       set_session("mxchange_theme", "", time() - 3600, COOKIE_PATH);

 
        // Logout completed
        $URL .= "&msg=".CODE_LOGOUT_DONE;
 
        // Logout completed
        $URL .= "&msg=".CODE_LOGOUT_DONE;

diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php
index 70f63e34783a90a72a8508f36d4f7fcce59f24fb..2a13fa112edc2d65b2fce4dae6765c2be0935a31 100644 (file)
--- a/inc/modules/member/what-mydata.php
+++ b/inc/modules/member/what-mydata.php
@@ -275,7 +275,7 @@ WHERE userid=%d AND password='%s' LIMIT 1",
   bigintval($_POST['year']),
   bigintval($_POST['max_mails']),
   UID_VALUE,
   bigintval($_POST['year']),
   bigintval($_POST['max_mails']),
   UID_VALUE,

-  $_COOKIE['u_hash']
+  $_SESSION['u_hash']

  ), __FILE__, __LINE__);
                        }
                         else
  ), __FILE__, __LINE__);
                        }
                         else


@@ -306,7 +306,7 @@ WHERE userid=%d AND password='%s' LIMIT 1",
   bigintval($_POST['year']),
   bigintval($_POST['max_mails']),
   UID_VALUE,
   bigintval($_POST['year']),
   bigintval($_POST['max_mails']),
   UID_VALUE,

-  $_COOKIE['u_hash']
+  $_SESSION['u_hash']

  ), __FILE__, __LINE__);
                        }
 
  ), __FILE__, __LINE__);
                        }
 

diff --git a/inc/modules/member/what-themes.php b/inc/modules/member/what-themes.php
index 7404646cd74ba64be97698480e67cb720c49cd07..0e25541d34489d4bbc2ed20f58bfde34ea1140e5 100644 (file)
--- a/inc/modules/member/what-themes.php
+++ b/inc/modules/member/what-themes.php
@@ -55,8 +55,8 @@ if (!empty($_POST['member_theme']))
        $NewTheme = $_POST['member_theme'];
 
        // Change to new theme
        $NewTheme = $_POST['member_theme'];
 
        // Change to new theme

-       @setcookie("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
-       $_COOKIE['mxchange_theme'] = $NewTheme;
+       set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
+       $_SESSION['mxchange_theme'] = $NewTheme;

 
        // Theme saved!
        LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_THEME_SAVED);
 
        // Theme saved!
        LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_THEME_SAVED);


@@ -110,7 +110,7 @@ $OUT = ""; $SW = 2;
 foreach ($THEMES['theme_unix'] as $key=>$unix)
 {
        $default = "";
 foreach ($THEMES['theme_unix'] as $key=>$unix)
 {
        $default = "";

-       if ($_COOKIE['mxchange_theme'] == $unix) $default = " checked selected";
+       if ($_SESSION['mxchange_theme'] == $unix) $default = " checked selected";

 
        // Add row
        $OUT .= "<TR>
 
        // Add row
        $OUT .= "<TR>

diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php
index 2ce61d8c16b78b208564ea3438b7f0657adebfc0..5cb91d010394b186eabf43351d0ee54da8342d5e 100644 (file)
--- a/inc/mysql-connect.php
+++ b/inc/mysql-connect.php
@@ -161,10 +161,10 @@ if ((!mxchange_installing) && (mxchange_installed))
                                        UPDATE_LOGIN_DATA();
 
                                        // Get session ID
                                        UPDATE_LOGIN_DATA();
 
                                        // Get session ID

-                                       if (empty($_COOKIE['PHPSESSID'])) $_COOKIE['PHPSESSID'] = session_id();
+                                       if (empty($_SESSION['PHPSESSID'])) $_SESSION['PHPSESSID'] = session_id();

 
                                        // Update online list
 
                                        // Update online list

-                                       UPDATE_ONLINE_LIST($_COOKIE['PHPSESSID'], $GLOBALS['module'], $GLOBALS['action'], $GLOBALS['what']);
+                                       UPDATE_ONLINE_LIST($_SESSION['PHPSESSID'], $GLOBALS['module'], $GLOBALS['action'], $GLOBALS['what']);

 
                                        // Load theme name
                                        $CurrTheme = GET_CURR_THEME();
 
                                        // Load theme name
                                        $CurrTheme = GET_CURR_THEME();

diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php
index 92292cfeaf58a6e435d52085cc1b989d353ff2e9..bbd581d8a03a6b3a09768c36d7eb2ab3690622d1 100644 (file)
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -389,14 +389,14 @@ function ADD_MENU($MODE, $act, $wht) {
 // This patched function will reduce many SELECT queries for the specified or current admin login
 function IS_ADMIN($admin="")
 {
 // This patched function will reduce many SELECT queries for the specified or current admin login
 function IS_ADMIN($admin="")
 {

-       global $_COOKIE, $ADMINS, $_CONFIG;
+       global $_SESSION, $ADMINS, $_CONFIG;

        $ret = false; $passCookie = ""; $valPass = "";
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."<br />";
 
        // If admin login is not given take current from cookies...
        $ret = false; $passCookie = ""; $valPass = "";
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."<br />";
 
        // If admin login is not given take current from cookies...

-       if ((empty($admin)) && (!empty($_COOKIE['admin_login'])) && (!empty($_COOKIE['admin_md5'])))
+       if ((empty($admin)) && (!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])))

        {
        {

-               $admin = SQL_ESCAPE($_COOKIE['admin_login']); $passCookie = $_COOKIE['admin_md5'];
+               $admin = SQL_ESCAPE($_SESSION['admin_login']); $passCookie = $_SESSION['admin_md5'];

        }
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 
        }
        //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
 


@@ -538,7 +538,7 @@ function WHAT_IS_VALID($act, $wht, $type="guest")
 //
 function IS_LOGGED_IN()
 {
 //
 function IS_LOGGED_IN()
 {

-       global $_COOKIE, $status, $LAST;
+       global $_SESSION, $status, $LAST;

        if (!is_array($LAST)) $LAST = array();
        $ret = false;
 
        if (!is_array($LAST)) $LAST = array();
        $ret = false;
 


@@ -546,7 +546,7 @@ function IS_LOGGED_IN()
        FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime'));
 
        // Are cookies set?
        FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime'));
 
        // Are cookies set?

-       if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash'])) && (!empty($_COOKIE['lifetime'])) && (defined('COOKIE_PATH')))
+       if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])) && (!empty($_SESSION['lifetime'])) && (defined('COOKIE_PATH')))

        {
                // Cookies are set with values, but are they valid?
                $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
        {
                // Cookies are set with values, but are they valid?
                $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",


@@ -563,8 +563,8 @@ function IS_LOGGED_IN()
                        if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
 
                        // So did we now have valid data and an unlocked user?
                        if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; }
 
                        // So did we now have valid data and an unlocked user?

-                       //* DEBUG: */ echo $valPass."<br>".$_COOKIE['u_hash']."<br>";
-                       if (($status == "CONFIRMED") && ($valPass == $_COOKIE['u_hash']))
+                       //* DEBUG: */ echo $valPass."<br>".$_SESSION['u_hash']."<br>";
+                       if (($status == "CONFIRMED") && ($valPass == $_SESSION['u_hash']))

                        {
                                // Account is confirmed and all cookie data is valid so he is definely logged in! :-)
                                $ret = true;
                        {
                                // Account is confirmed and all cookie data is valid so he is definely logged in! :-)
                                $ret = true;


@@ -573,28 +573,24 @@ function IS_LOGGED_IN()
                        {
                                // Maybe got locked etc.
                                //* DEBUG: */ echo __LINE__."!!!<br>";
                        {
                                // Maybe got locked etc.
                                //* DEBUG: */ echo __LINE__."!!!<br>";

-                               @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-                               @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-                               @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+                               set_session("userid", "", time() - 3600, COOKIE_PATH);
+                               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+                               set_session("lifetime", "", time() - 3600, COOKIE_PATH);

 
                                // Remove array elements to prevent errors
                                unset($GLOBALS['userid']);
 
                                // Remove array elements to prevent errors
                                unset($GLOBALS['userid']);

-                               unset($_COOKIE['u_hash']);
-                               unset($_COOKIE['lifetime']);

                        }
                }
                 else
                {
                        // Cookie data is invalid!
                        //* DEBUG: */ echo __LINE__."***<br>";
                        }
                }
                 else
                {
                        // Cookie data is invalid!
                        //* DEBUG: */ echo __LINE__."***<br>";

-                       @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-                       @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-                       @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+                       set_session("userid", "", time() - 3600, COOKIE_PATH);
+                       set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+                       set_session("lifetime", "", time() - 3600, COOKIE_PATH);

 
                        // Remove array elements to prevent errors
                        unset($GLOBALS['userid']);
 
                        // Remove array elements to prevent errors
                        unset($GLOBALS['userid']);

-                       unset($_COOKIE['u_hash']);
-                       unset($_COOKIE['lifetime']);

                }
 
                // Free memory
                }
 
                // Free memory


@@ -604,14 +600,12 @@ function IS_LOGGED_IN()
        {
                // Cookie data is invalid!
                //* DEBUG: */ echo __LINE__."///<br>";
        {
                // Cookie data is invalid!
                //* DEBUG: */ echo __LINE__."///<br>";

-               @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-               @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-               @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+               set_session("userid", "", time() - 3600, COOKIE_PATH);
+               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+               set_session("lifetime", "", time() - 3600, COOKIE_PATH);

 
                // Remove array elements to prevent errors
                unset($GLOBALS['userid']);
 
                // Remove array elements to prevent errors
                unset($GLOBALS['userid']);

-               unset($_COOKIE['u_hash']);
-               unset($_COOKIE['lifetime']);

        }
        return $ret;
 }
        }
        return $ret;
 }


@@ -621,16 +615,16 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
        if (!is_array($LAST)) $LAST = array();
 
        // Are the required cookies set?
        if (!is_array($LAST)) $LAST = array();
 
        // Are the required cookies set?

-       if ((!isset($GLOBALS['userid'])) || (!isset($_COOKIE['u_hash'])) || (!isset($_COOKIE['lifetime']))) {
+       if ((!isset($GLOBALS['userid'])) || (!isset($_SESSION['u_hash'])) || (!isset($_SESSION['lifetime']))) {

                // Nope, then return here to caller function
                return false;
        } else {
                // Secure user ID
                // Nope, then return here to caller function
                return false;
        } else {
                // Secure user ID

-               $GLOBALS['userid'] = bigintval($_COOKIE['userid']);
+               $GLOBALS['userid'] = bigintval($_SESSION['userid']);

        }
 
        // Extract last online time (life) and how long is auto-login valid (time)
        }
 
        // Extract last online time (life) and how long is auto-login valid (time)

-       $newl = time() + bigintval($_COOKIE['lifetime']);
+       $newl = time() + bigintval($_SESSION['lifetime']);

 
        // Recheck if logged in
        if (!IS_LOGGED_IN()) return false;
 
        // Recheck if logged in
        if (!IS_LOGGED_IN()) return false;


@@ -645,7 +639,7 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
                // Maybe first login time?
                if (empty($mod)) $mod = "login";
 
                // Maybe first login time?
                if (empty($mod)) $mod = "login";
 

-               if (@setcookie("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && @setcookie("u_hash", SQL_ESCAPE($_COOKIE['u_hash']), $newl, COOKIE_PATH) && @setcookie("lifetime", bigintval($_COOKIE['lifetime']), $newl, COOKIE_PATH)) {
+               if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE($_SESSION['u_hash']), $newl, COOKIE_PATH) && set_session("lifetime", bigintval($_SESSION['lifetime']), $newl, COOKIE_PATH)) {

                        // This will be displayed on welcome page! :-)
                        if (empty($LAST['module'])) {
                                $LAST['module'] = $mod; $LAST['online'] = $onl;
                        // This will be displayed on welcome page! :-)
                        if (empty($LAST['module'])) {
                                $LAST['module'] = $mod; $LAST['online'] = $onl;


@@ -662,9 +656,9 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) {
         else
        {
                // Destroy session, we cannot update!
         else
        {
                // Destroy session, we cannot update!

-               @setcookie("userid", "", time() - 3600, COOKIE_PATH);
-               @setcookie("u_hash", "", time() - 3600, COOKIE_PATH);
-               @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH);
+               set_session("userid", "", time() - 3600, COOKIE_PATH);
+               set_session("u_hash", "", time() - 3600, COOKIE_PATH);
+               set_session("lifetime", "", time() - 3600, COOKIE_PATH);

        }
 }
 //
        }
 }
 //


@@ -742,11 +736,11 @@ function SEND_MODE_MAILS($mod, $modes)
                list($hashDB) = SQL_FETCHROW($result_main);
 
                // Extract salt from cookie
                list($hashDB) = SQL_FETCHROW($result_main);
 
                // Extract salt from cookie

-               $salt = substr($_COOKIE['u_hash'], 0, -40);
+               $salt = substr($_SESSION['u_hash'], 0, -40);

 
                // Now let's compare passwords
                $hash = generatePassString($hashDB);
 
                // Now let's compare passwords
                $hash = generatePassString($hashDB);

-               if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {
+               if (($hash == $_SESSION['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) {

                        // Load user's data
                        $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
                         array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);
                        // Load user's data
                        $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1",
                         array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__);


@@ -1196,10 +1190,10 @@ function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht)
                // Is administrator
                $ADMIN = 'Y';
        }
                // Is administrator
                $ADMIN = 'Y';
        }

-       if (!empty($_COOKIE['refid']))
+       if (!empty($_SESSION['refid']))

        {
                // Check cookie
        {
                // Check cookie

-               if ($_COOKIE['refid'] > 0) $rid = $GLOBALS['refid'];
+               if ($_SESSION['refid'] > 0) $rid = $GLOBALS['refid'];

        }
 
        // Now Read data
        }
 
        // Now Read data


@@ -1516,8 +1510,8 @@ function SUB_JACKPOT($points)
 //
 function IS_DEMO()
 {
 //
 function IS_DEMO()
 {

-       global $_COOKIE;
-       return ((EXT_IS_ACTIVE("demo")) && ($_COOKIE['admin_login'] == "demo"));
+       global $_SESSION;
+       return ((EXT_IS_ACTIVE("demo")) && ($_SESSION['admin_login'] == "demo"));

 }
 //
 function LOAD_CONFIG($no="0")
 }
 //
 function LOAD_CONFIG($no="0")

diff --git a/inc/session.php b/inc/session.php
index 49d7c986255fde34b279fb48507d0d7072aa0afc..268c2d4715fe818e0a2669a7c54652dc2ba04d3d 100644 (file)
--- a/inc/session.php
+++ b/inc/session.php
@@ -46,22 +46,12 @@ if (empty($VIEW))  $VIEW  = 0;
 // Skip updating of cookies when viewing a banner
 if (($VIEW == 1) && ($_SERVER['PHP_SELF'])) return;
 
 // Skip updating of cookies when viewing a banner
 if (($VIEW == 1) && ($_SERVER['PHP_SELF'])) return;
 

-// Session management initalization
-if (empty($PHPSESSID)) {
-       // This fixes some strange session cookie problems
-       if (empty($_COOKIE['PHPSESSID'])) unset($_COOKIE['PHPSESSID']);
-       @session_start();
-       $PHPSESSID = @session_id();
-} else {
-       @session_id($PHPSESSID);
-       @session_start();
-}
-
-// Store PHPSESSID
-@setcookie("PHPSESSID", $PHPSESSID, (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+// Start the session
+@session_start();
+$PHPSESSID = @session_id();

 
 // Store language code in cookie
 
 // Store language code in cookie

-@setcookie("mx_lang", $mx_lang, (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+set_session("mx_lang", $mx_lang);

 
 // Check if refid is set
 if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click.php")) {
 
 // Check if refid is set
 if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click.php")) {


@@ -78,9 +68,9 @@ if (!empty($_POST['refid'])) {
 } elseif (!empty($_GET['ref'])) {
        // Set refid=ref (the referral link uses such variable)
        $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref']));
 } elseif (!empty($_GET['ref'])) {
        // Set refid=ref (the referral link uses such variable)
        $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref']));

-} elseif (!empty($_COOKIE['refid'])) {
+} elseif (!empty($_SESSION['refid'])) {

        // Simply reset cookie
        // Simply reset cookie

-       $GLOBALS['refid'] = bigintval($_COOKIE['refid']);
+       $GLOBALS['refid'] = bigintval($_SESSION['refid']);

 } elseif (GET_EXT_VERSION("sql_patches") != "") {
        // Set default refid as refid in URL
        $GLOBALS['refid'] = $_CONFIG['def_refid'];
 } elseif (GET_EXT_VERSION("sql_patches") != "") {
        // Set default refid as refid in URL
        $GLOBALS['refid'] = $_CONFIG['def_refid'];


@@ -90,15 +80,15 @@ if (!empty($_POST['refid'])) {
 }
 
 // Set cookie when default refid > 0
 }
 
 // Set cookie when default refid > 0

-if (empty($_COOKIE['refid']) || (!empty($GLOBALS['refid'])) || (($_COOKIE['refid'] == "0") && ($_CONFIG['def_refid'] > 0))) {
+if (empty($_SESSION['refid']) || (!empty($GLOBALS['refid'])) || (($_SESSION['refid'] == "0") && ($_CONFIG['def_refid'] > 0))) {

        // Set cookie
        // Set cookie

-       @setcookie("refid", $GLOBALS['refid'], (time() + $_CONFIG['online_timeout']), COOKIE_PATH);
+       set_session("refid", $GLOBALS['refid']);

 }
 
 // Test cookies if index.php or modules.php is loaded
 if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (mxchange_installing))
 {
 }
 
 // Test cookies if index.php or modules.php is loaded
 if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (mxchange_installing))
 {

-       if (count($_COOKIE) > 0)
+       if (count($_SESSION) > 0)

        {
                // Cookies accepted!
                define('__COOKIES', true);
        {
                // Cookies accepted!
                define('__COOKIES', true);

diff --git a/inc/theme-manager.php b/inc/theme-manager.php
index c188a19663ec6eddfa515822c669825101e61147..81e2fadfbc9a7dfdbd23ae7c4361de23cd47baa9 100644 (file)
--- a/inc/theme-manager.php
+++ b/inc/theme-manager.php
@@ -48,15 +48,15 @@ function GET_CURR_THEME() {
        // Load default theme if not empty from configuration
        if (!empty($_CONFIG['default_theme'])) $ret = $_CONFIG['default_theme'];
 
        // Load default theme if not empty from configuration
        if (!empty($_CONFIG['default_theme'])) $ret = $_CONFIG['default_theme'];
 

-       if (empty($_COOKIE['mxchange_theme'])) {
+       if (empty($_SESSION['mxchange_theme'])) {

                // Set default theme
                // Set default theme

-               @setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
-       } elseif ((!empty($_COOKIE['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {
+               set_session("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
+       } elseif ((!empty($_SESSION['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) {

                // Get theme from cookie
                // Get theme from cookie

-               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($_COOKIE['mxchange_theme']), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($_SESSION['mxchange_theme']), __FILE__, __LINE__);

                if (SQL_NUMROWS($result) == 1) {
                        // Design is valid!
                if (SQL_NUMROWS($result) == 1) {
                        // Design is valid!

-                       $ret = $_COOKIE['mxchange_theme'];
+                       $ret = $_SESSION['mxchange_theme'];

                }
 
                // Free memory
                }
 
                // Free memory


@@ -68,19 +68,19 @@ function GET_CURR_THEME() {
                // Installation mode active
                if ((!empty($_GET['theme'])) && (file_exists($theme)) && (is_readable($theme))) {
                        // Set cookie from URL data
                // Installation mode active
                if ((!empty($_GET['theme'])) && (file_exists($theme)) && (is_readable($theme))) {
                        // Set cookie from URL data

-                       @setcookie("mxchange_theme", $_GET['theme'], (time() + 60*60*24*365), COOKIE_PATH);
-                       $_COOKIE['mxchange_theme'] = $_GET['theme'];
+                       set_session("mxchange_theme", $_GET['theme'], (time() + 60*60*24*365), COOKIE_PATH);
+                       $_SESSION['mxchange_theme'] = $_GET['theme'];

                } elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php")) {
                        // Set cookie from posted data
                } elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php")) {
                        // Set cookie from posted data

-                       @setcookie("mxchange_theme", $_POST['theme'], (time() + 60*60*24*365), COOKIE_PATH);
-                       $_COOKIE['mxchange_theme'] = $_POST['theme'];
+                       set_session("mxchange_theme", $_POST['theme'], (time() + 60*60*24*365), COOKIE_PATH);
+                       $_SESSION['mxchange_theme'] = $_POST['theme'];

                }
 
                // Set return value
                }
 
                // Set return value

-               $ret = $_COOKIE['mxchange_theme'];
+               $ret = $_SESSION['mxchange_theme'];

        } else {
                // Invalid design, reset cookie
        } else {
                // Invalid design, reset cookie

-               @setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);
+               set_session("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH);

        }
 
        // Add (maybe) found theme.php file to inclusion list
        }
 
        // Add (maybe) found theme.php file to inclusion list


@@ -151,7 +151,7 @@ if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $CurrTheme))
        $NewTheme = $_POST['new_theme'];
 
        // Change to new theme
        $NewTheme = $_POST['new_theme'];
 
        // Change to new theme

-       @setcookie("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);
+       set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH);

 
        // Remove current from array and set new
        $theme = PATH."theme/".$CurrTheme."/theme.php";
 
        // Remove current from array and set new
        $theme = PATH."theme/".$CurrTheme."/theme.php";

diff --git a/index.php b/index.php
index 07097cf45b9db32f86909d34415c02afa9ba029a..d2ade5d6df1ddaae2b4a56254bc71b3645bd6201 100644 (file)
--- a/index.php
+++ b/index.php
@@ -55,14 +55,14 @@ if (defined('mxchange_installed') && (mxchange_installed)) {
        if (!isset($_CONFIG['index_cookie']))   $_CONFIG['index_cookie'] = 0;
 
        // Check for cookies
        if (!isset($_CONFIG['index_cookie']))   $_CONFIG['index_cookie'] = 0;
 
        // Check for cookies

-       if ((empty($_COOKIE['visited'])) || ($_CONFIG['index_delay'] == 0) || ($_CONFIG['index_cookie'] == 0)) {
+       if ((empty($_SESSION['visited'])) || ($_CONFIG['index_delay'] == 0) || ($_CONFIG['index_cookie'] == 0)) {

                // Is the index page configured for redirect pr not?
                if ($_CONFIG['index_cookie'] > 0) {
                        // Set cookie and remeber it for specified time
                // Is the index page configured for redirect pr not?
                if ($_CONFIG['index_cookie'] > 0) {
                        // Set cookie and remeber it for specified time

-                       @setcookie("visited", "true", (time() + $_CONFIG['index_cookie']), COOKIE_PATH);
-               } elseif (!empty($_COOKIE['visited'])) {
+                       set_session("visited", "true", (time() + $_CONFIG['index_cookie']), COOKIE_PATH);
+               } elseif (!empty($_SESSION['visited'])) {

                        // Remove cookie when admin set 0 in setup
                        // Remove cookie when admin set 0 in setup

-                       @setcookie("visited", "", (time() - 3600), COOKIE_PATH);
+                       set_session("visited", "", (time() - 3600), COOKIE_PATH);

                }
 
                // Template laden
                }
 
                // Template laden

diff --git a/lead-confirm.php b/lead-confirm.php
index e04ea259b5c6ba0b8b0f2bdb56aa5cc000e3ed49..389f3a11684f24f09af94e6f8216b75d5c2baf39 100644 (file)
--- a/lead-confirm.php
+++ b/lead-confirm.php
@@ -57,13 +57,13 @@ if (defined('mxchange_installed') && (mxchange_installed)) {
        );
 
        // Is the cookie set?
        );
 
        // Is the cookie set?

-       if (isset($_COOKIE['lead_uid'])) {
+       if (isset($_SESSION['lead_uid'])) {

                // Is the user-account unlocked and valid?
                $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
                // Is the user-account unlocked and valid?
                $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",

-                       array(bigintval($_COOKIE['lead_uid'])), __FILE__, __LINE__);
+                       array(bigintval($_SESSION['lead_uid'])), __FILE__, __LINE__);

                if (SQL_NUMROWS($result) == 1) {
                        // Secure the ID number
                if (SQL_NUMROWS($result) == 1) {
                        // Secure the ID number

-                       $content['lead_uid'] = bigintval($_COOKIE['lead_uid']);
+                       $content['lead_uid'] = bigintval($_SESSION['lead_uid']);

 
                        // Load the email address
                        list($content['lead_email']) = COMPILE_CODE(SQL_FETCHROW($result));
 
                        // Load the email address
                        list($content['lead_email']) = COMPILE_CODE(SQL_FETCHROW($result));