From b5912168d72ae511eb623c3d92540c82d31b93c5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Mon, 18 Feb 2008 00:54:03 +0000 Subject: [PATCH] cookies rewritten to session --- inc/doubler_send.php | 2 +- inc/extensions.php | 2 +- inc/extensions/ext-admins.php | 4 +- inc/extensions/ext-register.php | 2 +- inc/extensions/ext-theme.php | 2 +- inc/functions.php | 49 ++++++++++++++------ inc/gen_sql_patches.php | 4 +- inc/language.php | 2 +- inc/libs/admins_functions.php | 8 ++-- inc/libs/output_functions.php | 4 +- inc/libs/security_functions.php | 14 +++--- inc/libs/task_functions.php | 8 ++-- inc/modules/admin.php | 22 ++++----- inc/modules/admin/admin-inc.php | 12 ++--- inc/modules/admin/overview-inc.php | 16 +++---- inc/modules/admin/what-add_rallye.php | 2 +- inc/modules/admin/what-admins_edit.php | 20 ++++---- inc/modules/admin/what-extensions.php | 2 +- inc/modules/admin/what-list_task.php | 10 ++-- inc/modules/admin/what-theme_edit.php | 4 +- inc/modules/chk_login.php | 6 +-- inc/modules/guest/what-confirm.php | 8 ++-- inc/modules/guest/what-login.php | 12 ++--- inc/modules/guest/what-register.php | 2 +- inc/modules/member/what-logout.php | 4 +- inc/modules/member/what-mydata.php | 4 +- inc/modules/member/what-themes.php | 6 +-- inc/mysql-connect.php | 4 +- inc/mysql-manager.php | 64 ++++++++++++-------------- inc/session.php | 28 ++++------- inc/theme-manager.php | 24 +++++----- index.php | 8 ++-- lead-confirm.php | 6 +-- 33 files changed, 186 insertions(+), 179 deletions(-) diff --git a/inc/doubler_send.php b/inc/doubler_send.php index 7e38020dcf..9763b4e8bf 100644 --- a/inc/doubler_send.php +++ b/inc/doubler_send.php @@ -52,7 +52,7 @@ if ($DOUBLER_POINTS == 0) // If not currently doubled set it to zero unset($_GET['DOUBLER_UID']); unset($_POST['DOUBLER_UID']); -unset($_COOKIE['DOUBLER_UID']); +unset($_SESSION['DOUBLER_UID']); if (empty($DOUBLER_UID)) $DOUBLER_UID = "0"; // Check for doubles which we can pay out diff --git a/inc/extensions.php b/inc/extensions.php index 6aee0ca33c..f4a8f7fbd5 100644 --- a/inc/extensions.php +++ b/inc/extensions.php @@ -433,7 +433,7 @@ function EXTENSION_UPDATE($file, $ext, $EXT_VER, $dry_run=false) { // Task not created so it's a brand-new extension which we need to register and create a task for! $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created) VALUES ('%s', '0', 'NEW', 'EXTENSION_UPDATE', '%s', '%s', UNIX_TIMESTAMP())", - array(GET_ADMIN_ID(SQL_ESCAPE($_COOKIE['admin_login'])), $ext_subj, addslashes($NOTES)), __FILE__, __LINE__); + array(GET_ADMIN_ID(SQL_ESCAPE($_SESSION['admin_login'])), $ext_subj, addslashes($NOTES)), __FILE__, __LINE__); } // Free memory diff --git a/inc/extensions/ext-admins.php b/inc/extensions/ext-admins.php index 18ac24865b..ba5b7225b2 100644 --- a/inc/extensions/ext-admins.php +++ b/inc/extensions/ext-admins.php @@ -96,7 +96,7 @@ case "update": // Update an extension $SQLs[] = "ALTER TABLE "._MYSQL_PREFIX."_admins ADD default_acl enum('deny', 'allow') not null default 'deny'"; // But allow current admin everything (THIS SHALL BE YOU!) - $SQLs[] = "UPDATE "._MYSQL_PREFIX."_admins SET default_acl='allow' WHERE login='".$_COOKIE['admin_login']."' LIMIT 1"; + $SQLs[] = "UPDATE "._MYSQL_PREFIX."_admins SET default_acl='allow' WHERE login='".$_SESSION['admin_login']."' LIMIT 1"; $SQLs[] = "DROP TABLE IF EXISTS "._MYSQL_PREFIX."_admins_acls"; $SQLs[] = "CREATE TABLE "._MYSQL_PREFIX."_admins_acls ( id bigint(20) not null auto_increment, @@ -267,7 +267,7 @@ PRIMARY KEY (id) case "0.6.8": // SQL queries for v0.6.8 // Update notes (these will be set as task text!) - $UPDATE_NOTES = "setcookie() mit @-Zeichen gegen ungewollte Ausgaben abgesichert."; + $UPDATE_NOTES = "set_session() mit @-Zeichen gegen ungewollte Ausgaben abgesichert."; break; case "0.6.9": // SQL queries for v0.6.9 diff --git a/inc/extensions/ext-register.php b/inc/extensions/ext-register.php index 25efaa16d8..a4df053cdf 100644 --- a/inc/extensions/ext-register.php +++ b/inc/extensions/ext-register.php @@ -292,7 +292,7 @@ PRIMARY KEY(id) case "0.4.7": // SQL queries for v0.4.7 // Update notes (these will be set as task text!) - $UPDATE_NOTES = "setcookie() mit @-Zeichen gegen ungewollte Ausgaben abgesichert."; + $UPDATE_NOTES = "set_session() mit @-Zeichen gegen ungewollte Ausgaben abgesichert."; break; case "0.4.8": // SQL queries for v0.4.8 diff --git a/inc/extensions/ext-theme.php b/inc/extensions/ext-theme.php index 80e3b925f2..970fcef799 100644 --- a/inc/extensions/ext-theme.php +++ b/inc/extensions/ext-theme.php @@ -94,7 +94,7 @@ case "update": // Update an extension case "0.0.5": // SQL queries for v0.0.5 // Update notes (these will be set as task text!) - $UPDATE_NOTES = "setcookie() mit @-Zeichen gegen ungewollte Ausgaben abgesichert."; + $UPDATE_NOTES = "set_session() mit @-Zeichen gegen ungewollte Ausgaben abgesichert."; break; case "0.0.6": // SQL queries for v0.0.6 diff --git a/inc/functions.php b/inc/functions.php index 456e1a5bf8..c41ca16b82 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -640,7 +640,7 @@ function TRANSLATE_STATUS($status) // function GET_LANGUAGE() { - global $_COOKIE, $_GET; + global $_SESSION, $_GET; if (!empty($_GET['mx_lang'])) { @@ -666,10 +666,10 @@ function GET_LANGUAGE() SET_LANGUAGE($lang); } } - elseif (!empty($_COOKIE['mx_lang'])) + elseif (!empty($_SESSION['mx_lang'])) { // Return stored value from cookie - $ret = $_COOKIE['mx_lang']; + $ret = $_SESSION['mx_lang']; } return $ret; } @@ -682,10 +682,10 @@ function SET_LANGUAGE($lang) $lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2); // Set cookie - @setcookie("mx_lang", $lang, (time() + $_CONFIG['online_timeout']), COOKIE_PATH); + set_session("mx_lang", $lang); // Set array - $_COOKIE['mx_lang'] = $lang; + $_SESSION['mx_lang'] = $lang; } // function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") @@ -701,11 +701,11 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") $HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); $ADMIN = MAIN_TITLE; - if (!empty($_COOKIE['admin_login'])) + if (!empty($_SESSION['admin_login'])) { // Load Admin data $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array(SQL_ESCAPE($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(SQL_ESCAPE($_SESSION['admin_login'])), __FILE__, __LINE__); list($ADMIN) = SQL_FETCHROW($result); SQL_FREERESULT($result); } @@ -1223,11 +1223,11 @@ function GEN_RANDOM_CODE($length, $code, $uid, $DATA="") $data = $code.":".$uid.":".$DATA; // Add more additional data - if (isset($_COOKIE['u_hash'])) $data .= ":".$_COOKIE['u_hash']; + if (isset($_SESSION['u_hash'])) $data .= ":".$_SESSION['u_hash']; if (isset($GLOBALS['userid'])) $data .= ":".$GLOBALS['userid']; - if (isset($_COOKIE['lifetime'])) $data .= ":".$_COOKIE['lifetime']; - if (isset($_COOKIE['mxchange_theme'])) $data .= ":".$_COOKIE['mxchange_theme']; - if (isset($_COOKIE['mx_lang'])) $data .= ":".$_COOKIE['mx_lang']; + if (isset($_SESSION['lifetime'])) $data .= ":".$_SESSION['lifetime']; + if (isset($_SESSION['mxchange_theme'])) $data .= ":".$_SESSION['mxchange_theme']; + if (isset($_SESSION['mx_lang'])) $data .= ":".$_SESSION['mx_lang']; if (isset($GLOBALS['refid'])) $data .= ":".$GLOBALS['refid']; // Calculate number for generating the code @@ -2035,8 +2035,8 @@ function FIX_DELETED_COOKIES ($cookies) { // Then check all cookies if they are marked as deleted! foreach ($cookies as $cookieName) { // Is the cookie set to "deleted"? - if ((isset($_COOKIE[$cookieName])) && ($_COOKIE[$cookieName] == "deleted")) { - unset($_COOKIE[$cookieName]); + if ((isset($_SESSION[$cookieName])) && ($_SESSION[$cookieName] == "deleted")) { + unset($_SESSION[$cookieName]); } } } @@ -2084,6 +2084,29 @@ function DISPLAY_PARSING_TIME_FOOTER() { LOAD_TEMPLATE("footer_stats", false, $content); } +// Unset/set session variables +function set_session ($var, $value) { + global $CSS; + // Abort in CSS mode here + if ($CSS == 1) return true; + + // Trim value and session variable + $var = trim(SQL_ESCAPE($var)); $value = trim($value); + + // Is the session variable set? + if (("".$value."" == "") && (isset($_SESSION[$var]))) { + // Remove the session + //* DEBUG: */ echo "UNSET:".$var."=".$_SESSION[$var]."
\n"; + unset($_SESSION[$var]); + return @session_register($var); + } elseif (("".$value."" != "") && (!isset($_SESSION[$var]))) { + // Set session + //* DEBUG: */ echo "SET:".$var."=".$value."
\n"; + $_SESSION[$var] = $value; + return true; + } +} + // ////////////////////////////////////////////// // // diff --git a/inc/gen_sql_patches.php b/inc/gen_sql_patches.php index e5584c7474..c638eb4b5a 100644 --- a/inc/gen_sql_patches.php +++ b/inc/gen_sql_patches.php @@ -96,9 +96,9 @@ if (empty($_CONFIG['file_hash'])) @chmod($file, 0644); //* DEBUG: */ unlink($file); - //* DEBUG: */ $test = hexdec($_COOKIE['u_hash']) / hexdec($secretKey); + //* DEBUG: */ $test = hexdec($_SESSION['u_hash']) / hexdec($secretKey); //* DEBUG: */ $test = generateHash(str_replace('.', '', $test)); - //* DEBUG: */ die("Secret-Key: ".$secretKey."
Cookie: ".$_COOKIE['u_hash']."
Test: ".$test); + //* DEBUG: */ die("Secret-Key: ".$secretKey."
Cookie: ".$_SESSION['u_hash']."
Test: ".$test); // Write $file_hash to database $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET file_hash='%s' WHERE config='0' LIMIT 1", diff --git a/inc/language.php b/inc/language.php index 89f7bba9ea..4516d20bec 100644 --- a/inc/language.php +++ b/inc/language.php @@ -45,7 +45,7 @@ $file = sprintf(PATH."inc/language/%s.php", $mx_lang); if (!file_exists($file)) { // Switch to default (DO NOT CHANGE!!!) - @setcookie("mx_lang", "de", (time() + $_CONFIG['online_timeout']), COOKIE_PATH); + set_session("mx_lang", "de"); $mx_lang = "de"; $file = sprintf(PATH."inc/language/%s.php", $mx_lang); } diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index b9ce4dd971..dd0b4422ca 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -49,22 +49,22 @@ function ADMINS_CHECK_ACL($act, $wht) $ret = false; // Get admin's defult access right - if (!empty($ADMINS['def_acl'][$_COOKIE['admin_login']])) { + if (!empty($ADMINS['def_acl'][$_SESSION['admin_login']])) { // Load from cache - $default = $ADMINS['def_acl'][$_COOKIE['admin_login']]; + $default = $ADMINS['def_acl'][$_SESSION['admin_login']]; // Count cache hits $_CONFIG['cache_hits']++; } elseif (!is_object($CACHE)) { // Load from database $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array($_COOKIE['admin_login']), __FILE__, __LINE__); + array($_SESSION['admin_login']), __FILE__, __LINE__); list($default) = SQL_FETCHROW($result); SQL_FREERESULT($result); } // Get admin's ID - $aid = GET_ADMIN_ID($_COOKIE['admin_login']); + $aid = GET_ADMIN_ID($_SESSION['admin_login']); if (!empty($wht)) { diff --git a/inc/libs/output_functions.php b/inc/libs/output_functions.php index 49a2d8385f..8d64e7023e 100644 --- a/inc/libs/output_functions.php +++ b/inc/libs/output_functions.php @@ -77,12 +77,12 @@ function get_template ($template, $return=false, $content="") { // Add more variables which you want to use in your template files global $DATA, $ACTION, $WHAT; - $REFID = bigintval($_COOKIE['refid']); + $REFID = bigintval($_SESSION['refid']); if ($template == "member_support_form") { // Support request of a member - $ID = bigintval($_COOKIE['userid']); + $ID = bigintval($_SESSION['userid']); $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid='%s' LIMIT 1", array($ID), __FILE__, __LINE__); list($sex, $surname, $family) = SQL_FETCHROW($result); SQL_FREERESULT($result); diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php index 73875e3bcb..79599e4558 100644 --- a/inc/libs/security_functions.php +++ b/inc/libs/security_functions.php @@ -82,10 +82,10 @@ if (!isset($_POST)) global $_POST; $_POST = $GLOBALS['_POST']; } -if (!isset($_COOKIE)) +if (!isset($_SESSION)) { - global $_COOKIE; - $_COOKIE = $GLOBALS['_COOKIE']; + global $_SESSION; + $_SESSION = $GLOBALS['_COOKIE']; } // Include IP-Filter here @@ -172,12 +172,12 @@ if (basename($_SERVER['PHP_SELF']) != "install.php") } // ... and finally cookies - foreach ($_COOKIE as $seckey=>$secvalue) + foreach ($_SESSION as $seckey=>$secvalue) { if (is_array($secvalue)) { // Throw arrays away... - unset($_COOKIE[$seckey]); + unset($_SESSION[$seckey]); } else { @@ -185,11 +185,11 @@ if (basename($_SERVER['PHP_SELF']) != "install.php") foreach ($SEC_CHARS['from'] as $key=>$char) { // Pass all through - $_COOKIE[$seckey] = str_replace($char , $SEC_CHARS['to'][$key], $_COOKIE[$seckey]); + $_SESSION[$seckey] = str_replace($char , $SEC_CHARS['to'][$key], $_SESSION[$seckey]); } // Strip all other out - $_COOKIE[$seckey] = strip_tags($_COOKIE[$seckey]); + $_SESSION[$seckey] = strip_tags($_SESSION[$seckey]); } } } diff --git a/inc/libs/task_functions.php b/inc/libs/task_functions.php index 1afe82a27c..9e073455fc 100644 --- a/inc/libs/task_functions.php +++ b/inc/libs/task_functions.php @@ -46,7 +46,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { // function OUTPUT_ADVANCED_OVERVIEW (&$result_main) { - global $_COOKIE, $_CONFIG; + global $_SESSION, $_CONFIG; // Init variables/arrays $EXTRAS = ""; $OUT = ""; $SQLs = array(); $WHATs = array(); $DESCRs = array(); $TITLEs = array(); @@ -57,7 +57,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main) if (!$JOBS_DONE) { // New extensions or updates found $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND status='NEW' AND task_type='EXTENSION_UPDATE'", - array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__); $value = SQL_NUMROWS($result); SQL_FREERESULT($result); @@ -150,7 +150,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main) // Solved tasks // $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE status = 'SOLVED' AND assigned_admin='%s'", - array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__); $value = SQL_NUMROWS($result); SQL_FREERESULT($result); @@ -164,7 +164,7 @@ function OUTPUT_ADVANCED_OVERVIEW (&$result_main) // Your tasks // $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND status = 'NEW' AND task_type != 'EXTENSION_UPDATE'", - array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__); $value = SQL_NUMROWS($result); SQL_FREERESULT($result); diff --git a/inc/modules/admin.php b/inc/modules/admin.php index b5b6b02582..058b1f8f0e 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -154,10 +154,10 @@ if (!admin_registered) LOAD_TEMPLATE("admin_reg_form"); } } - elseif ((empty($_COOKIE['admin_login'])) || (empty($_COOKIE['admin_md5'])) || (empty($_COOKIE['admin_last'])) || (empty($_COOKIE['admin_to'])) || (($_COOKIE['admin_last'] + bigintval($_COOKIE['admin_to']) * 3600 * 24) < time())) + elseif ((empty($_SESSION['admin_login'])) || (empty($_SESSION['admin_md5'])) || (empty($_SESSION['admin_last'])) || (empty($_SESSION['admin_to'])) || (($_SESSION['admin_last'] + bigintval($_SESSION['admin_to']) * 3600 * 24) < time())) { // At leat one administrator account was created - if ((!empty($_COOKIE['admin_login'])) && (!empty($_COOKIE['admin_md5'])) && (!empty($_COOKIE['admin_last'])) && (!empty($_COOKIE['admin_to']))) + if ((!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])) && (!empty($_SESSION['admin_last'])) && (!empty($_SESSION['admin_to']))) { // Timeout for last login, we have to logout first! $URL = URL."/modules.php?module=admin&action=login&logout=1"; @@ -180,7 +180,7 @@ if (!admin_registered) { case "done": // Admin and password are okay, so we log in now $TIMEOUT = time() + (3600 * 24 * $_POST['timeout']); - if ((@setcookie("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_login", $_POST['login'], $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_to", $_POST['timeout'], $TIMEOUT, COOKIE_PATH))) + if ((set_session("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_login", $_POST['login'], $TIMEOUT, COOKIE_PATH)) && (set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_to", $_POST['timeout'], $TIMEOUT, COOKIE_PATH))) { // Construct URL and redirect $URL = URL."/modules.php?module=admin&"; @@ -298,13 +298,13 @@ if (!admin_registered) elseif ($_GET['logout'] == "1") { // Only try to remove cookies - if (@setcookie("admin_login", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_md5", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_last", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_to", "", (time() - 3600), COOKIE_PATH)) + if (set_session("admin_login", "", (time() - 3600), COOKIE_PATH) && set_session("admin_md5", "", (time() - 3600), COOKIE_PATH) && set_session("admin_last", "", (time() - 3600), COOKIE_PATH) && set_session("admin_to", "", (time() - 3600), COOKIE_PATH)) { // Also remove array elements - unset($_COOKIE['admin_login']); - unset($_COOKIE['admin_md5']); - unset($_COOKIE['admin_last']); - unset($_COOKIE['admin_to']); + unset($_SESSION['admin_login']); + unset($_SESSION['admin_md5']); + unset($_SESSION['admin_last']); + unset($_SESSION['admin_to']); // Destroy session @session_destroy(); @@ -324,13 +324,13 @@ if (!admin_registered) else { // Maybe an Admin want's to login? - $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE($_COOKIE['admin_login']), SQL_ESCAPE($_COOKIE['admin_md5'])); + $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE($_SESSION['admin_login']), SQL_ESCAPE($_SESSION['admin_md5'])); switch ($ret) { case "done": // Cookie-Data accepted - $TIMEOUT = time() + bigintval($_COOKIE['admin_to']); - if ((@setcookie("admin_md5", SQL_ESCAPE($_COOKIE['admin_md5']), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_login", SQL_ESCAPE($_COOKIE['admin_login']), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_to", bigintval($_COOKIE['admin_to']), $TIMEOUT, COOKIE_PATH))) + $TIMEOUT = time() + bigintval($_SESSION['admin_to']); + if ((set_session("admin_md5", SQL_ESCAPE($_SESSION['admin_md5']), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_login", SQL_ESCAPE($_SESSION['admin_login']), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (set_session("admin_to", bigintval($_SESSION['admin_to']), $TIMEOUT, COOKIE_PATH))) { // Ok, Cookie-Update done if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 9e2e39a423..cb17ba380c 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -249,8 +249,8 @@ function ADMIN_DO_ACTION($wht) $act = GET_ACTION($GLOBALS['module'], $wht); // Define admin login name and ID number - define('__ADMIN_LOGIN', SQL_ESCAPE($_COOKIE['admin_login'])); - define('__ADMIN_ID' , GET_ADMIN_ID($_COOKIE['admin_login'])); + define('__ADMIN_LOGIN', SQL_ESCAPE($_SESSION['admin_login'])); + define('__ADMIN_ID' , GET_ADMIN_ID($_SESSION['admin_login'])); // Preload templates if (EXT_IS_ACTIVE("admins")) { @@ -679,23 +679,23 @@ function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user") // function ADMIN_CHECK_MENU_MODE() { - global $_CONFIG, $ADMINS, $_COOKIE; + global $_CONFIG, $ADMINS, $_SESSION; // Set the global mode as the mode for all admins $MODE = $_CONFIG['admin_menu']; $ADMIN = $MODE; // Check individual settings of current admin - if (isset($ADMINS['la_mode'][$_COOKIE['admin_login']])) + if (isset($ADMINS['la_mode'][$_SESSION['admin_login']])) { // Load from cache - $ADMIN = $ADMINS['la_mode'][$_COOKIE['admin_login']]; + $ADMIN = $ADMINS['la_mode'][$_SESSION['admin_login']]; $_CONFIG['cache_hits']++; } elseif (GET_EXT_VERSION("admins") >= "0.6.7") { // Load from database when version of "admins" is enough $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array($_COOKIE['admin_login']), __FILE__, __LINE__); + array($_SESSION['admin_login']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load data diff --git a/inc/modules/admin/overview-inc.php b/inc/modules/admin/overview-inc.php index 3568b70afb..bea4c69967 100644 --- a/inc/modules/admin/overview-inc.php +++ b/inc/modules/admin/overview-inc.php @@ -44,7 +44,7 @@ function OUTPUT_STANDARD_OVERVIEW(&$result_tasks) // First check for solved and not assigned tasks and assign them to current admin $result_task = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE assigned_admin < 1 AND status != 'NEW'", - array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__); // We currently don't want to install an extension so let's find out if we need... $EXT_LOAD_MODE = "register"; $JOBS_DONE = true; @@ -111,7 +111,7 @@ function OUTPUT_STANDARD_OVERVIEW(&$result_tasks) $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_task_system (assigned_admin, userid, status, task_type, subject, text, task_created) VALUES ('%s', '0', 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())", array( - GET_ADMIN_ID($_COOKIE['admin_login']), + GET_ADMIN_ID($_SESSION['admin_login']), $ext_subj, addslashes($MSG), ), __FILE__, __LINE__, true, false); @@ -158,7 +158,7 @@ VALUES ('%s', '0', 'NEW', 'EXTENSION', '%s', '%s', UNIX_TIMESTAMP())", FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW') ORDER BY userid DESC, task_type DESC, subject, task_created DESC", - array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__); if (SQL_NUMROWS($result_tasks) > 0) { // New jobs found! @@ -178,7 +178,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) foreach ($_POST['task'] as $id=>$sel) { $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1", - array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__); if (SQL_NUMROWS($result_task) == 1) { // Task is valid... @@ -188,7 +188,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) { // Assgin current admin to unassgigned task $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%d LIMIT 1", - array(GET_ADMIN_ID($_COOKIE['admin_login']), bigintval($tid)), __FILE__, __LINE__); + array(GET_ADMIN_ID($_SESSION['admin_login']), bigintval($tid)), __FILE__, __LINE__); } $ADD = ""; if ($type == "SUPPORT_MEMBER") @@ -449,7 +449,7 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) foreach ($_POST['task'] as $id=>$sel) { $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1", - array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__); } } elseif (isset($_POST['del'])) @@ -458,13 +458,13 @@ function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) foreach ($_POST['task'] as $id=>$sel) { $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%d AND (assigned_admin='%s' OR assigned_admin='0') LIMIT 1", - array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__); } } // Update query $result_tasks = SQL_QUERY_ESC("SELECT id, assigned_admin, userid, task_type, subject, text, task_created FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW') ORDER BY task_created DESC", - array(GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__); } // There are uncompleted jobs! diff --git a/inc/modules/admin/what-add_rallye.php b/inc/modules/admin/what-add_rallye.php index 1f831ca13b..a3b5f799c1 100644 --- a/inc/modules/admin/what-add_rallye.php +++ b/inc/modules/admin/what-add_rallye.php @@ -56,7 +56,7 @@ if (isset($_POST['ok'])) $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_data (admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", array( - GET_ADMIN_ID($_COOKIE['admin_login']), + GET_ADMIN_ID($_SESSION['admin_login']), $_POST['title'], $_POST['descr'], $_POST['template'], diff --git a/inc/modules/admin/what-admins_edit.php b/inc/modules/admin/what-admins_edit.php index 49d9b2108a..80c4301711 100644 --- a/inc/modules/admin/what-admins_edit.php +++ b/inc/modules/admin/what-admins_edit.php @@ -107,30 +107,30 @@ if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0)) if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'"; // Get admin's ID - $salt = substr(GET_ADMIN_HASH($_COOKIE['admin_login']), 0, -40); - $aid = GET_ADMIN_ID($_COOKIE['admin_login']); + $salt = substr(GET_ADMIN_HASH($_SESSION['admin_login']), 0, -40); + $aid = GET_ADMIN_ID($_SESSION['admin_login']); // Rewrite cookie when it's own account if ($aid == $id) { // Timeout - $TIMEOUT = time() + bigintval($_COOKIE['admin_to']); + $TIMEOUT = time() + bigintval($_SESSION['admin_to']); // Set timeout cookie - @setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH); + set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH); - if ($login != $_COOKIE['admin_login']) + if ($login != $_SESSION['admin_login']) { // Update login cookie - @setcookie("admin_login", $login, $TIMEOUT, COOKIE_PATH); + set_session("admin_login", $login, $TIMEOUT, COOKIE_PATH); // Update password cookie as well? - if (!empty($ADD)) @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH); + if (!empty($ADD)) set_session("admin_md5", $hash, $TIMEOUT, COOKIE_PATH); } - elseif (generateHash($_POST['pass1'][$id], $salt) != $_COOKIE['admin_md5']) + elseif (generateHash($_POST['pass1'][$id], $salt) != $_SESSION['admin_md5']) { // Update password cookie - @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH); + set_session("admin_md5", $hash, $TIMEOUT, COOKIE_PATH); } } @@ -225,7 +225,7 @@ WHERE id=%d LIMIT 1", foreach ($_POST['sel'] as $id=>$del) { // Delete only when it's not your own account! - if (($del == 1) && (GET_ADMIN_ID($_COOKIE['admin_login']) != $id)) + if (($del == 1) && (GET_ADMIN_ID($_SESSION['admin_login']) != $id)) { // Rewrite his tasks to all admins $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'", diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index 36c06cf9c7..0bff9ad22c 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -282,7 +282,7 @@ case "overview": // List all registered extensions case "register": // Register new extension $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin='%s' AND task_type='EXTENSION' LIMIT 1", - array(bigintval(GET_ADMIN_ID($_COOKIE['admin_login']))), __FILE__, __LINE__); + array(bigintval(GET_ADMIN_ID($_SESSION['admin_login']))), __FILE__, __LINE__); $task_found = SQL_NUMROWS($result); // Free result diff --git a/inc/modules/admin/what-list_task.php b/inc/modules/admin/what-list_task.php index 3d8601cf28..eeb86ea837 100644 --- a/inc/modules/admin/what-list_task.php +++ b/inc/modules/admin/what-list_task.php @@ -46,15 +46,15 @@ if (empty($_GET['type'])) $_GET['type'] = "your"; switch ($_GET['type']) { case "your": // List only your own open (new) tasks - $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='NEW' AND task_type != 'EXTENSION_UPDATE'"; + $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='NEW' AND task_type != 'EXTENSION_UPDATE'"; break; case "updates": // List only updates assigned to you - $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='NEW' AND task_type = 'EXTENSION_UPDATE'"; + $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='NEW' AND task_type = 'EXTENSION_UPDATE'"; break; case "solved": // List only solved tasks assigned to you - $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='SOLVED'"; + $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='SOLVED'"; break; case "unassigned": // List unassigned (but not deleted) tasks @@ -66,7 +66,7 @@ case "deleted": // List all deleted break; case "closed": // List all closed - $whereStatement = "assigned_admin='".GET_ADMIN_ID($_COOKIE['admin_login'])."' AND status='CLOSED'"; + $whereStatement = "assigned_admin='".GET_ADMIN_ID($_SESSION['admin_login'])."' AND status='CLOSED'"; break; default: // Unknown type @@ -101,7 +101,7 @@ ORDER BY userid DESC, task_type DESC, subject, task_created DESC", __FILE__, __L foreach ($_POST['task'] as $id=>$sel) { $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE id=%d AND assigned_admin='%s' LIMIT 1", - array(bigintval($id), GET_ADMIN_ID($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(bigintval($id), GET_ADMIN_ID($_SESSION['admin_login'])), __FILE__, __LINE__); } } elseif (isset($_POST['del'])) diff --git a/inc/modules/admin/what-theme_edit.php b/inc/modules/admin/what-theme_edit.php index 7b2afc072f..cf103df5d2 100644 --- a/inc/modules/admin/what-theme_edit.php +++ b/inc/modules/admin/what-theme_edit.php @@ -83,8 +83,8 @@ if ($SEL > 0) { // Save theme $POST['default_theme'] = $_GET['default_theme']; - @setcookie("mxchange_theme", $POST['default_theme'], (time() + 60*60*24*365), COOKIE_PATH); - $_COOKIE['mxchange_theme'] = $POST['default_theme']; + set_session("mxchange_theme", $POST['default_theme'], (time() + 60*60*24*365), COOKIE_PATH); + $_SESSION['mxchange_theme'] = $POST['default_theme']; ADMIN_SAVE_SETTINGS($POST); } diff --git a/inc/modules/chk_login.php b/inc/modules/chk_login.php index f17aad35c5..e64ac5ab9e 100644 --- a/inc/modules/chk_login.php +++ b/inc/modules/chk_login.php @@ -42,7 +42,7 @@ OPEN_TABLE("500", "guest_login_header dashed", "center"); OUTPUT_HTML("
".VALIDATING_LOGIN."
"); -if (!empty($GLOBALS['userid']) && !empty($_COOKIE['u_hash']) && !empty($_COOKIE['lifetime'])) +if (!empty($GLOBALS['userid']) && !empty($_SESSION['u_hash']) && !empty($_SESSION['lifetime'])) { // Get theme from profile $result = SQL_QUERY_ESC("SELECT curr_theme FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", @@ -51,8 +51,8 @@ if (!empty($GLOBALS['userid']) && !empty($_COOKIE['u_hash']) && !empty($_COOKIE[ SQL_FREERESULT($result); // Change to new theme - @setcookie("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH); - $_COOKIE['mxchange_theme'] = $NewTheme; + set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH); + $_SESSION['mxchange_theme'] = $NewTheme; $bonus = false; if ((GET_EXT_VERSION("sql_patches") >= "0.2.8") && (GET_EXT_VERSION("bonus") >= "0.2.1") && ($_CONFIG['bonus_login_yn'] == 'N') && ($_CONFIG['bonus_login_yn'] == 'Y')) { diff --git a/inc/modules/guest/what-confirm.php b/inc/modules/guest/what-confirm.php index 3c20c0156d..3b34f5197a 100644 --- a/inc/modules/guest/what-confirm.php +++ b/inc/modules/guest/what-confirm.php @@ -115,8 +115,8 @@ if (!empty($_GET['hash'])) // Account confirmed! if (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) { // Set special lead cookie - setcookie("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH); - $_COOKIE['lead_uid'] = bigintval($uid); + set_session("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH); + $_SESSION['lead_uid'] = bigintval($uid); // Lead-Code mode enabled LOAD_URL("lead-confirm.php"); @@ -127,8 +127,8 @@ if (!empty($_GET['hash'])) } } elseif (defined('LEAD_CODE_ENABLED') && defined('LEAD_EXPIRY_TIME')) { // Set special lead cookie - setcookie("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH); - $_COOKIE['lead_uid'] = bigintval($uid); + set_session("lead_uid", bigintval($uid), (time() + LEAD_EXPIRY_TIME), COOKIE_PATH); + $_SESSION['lead_uid'] = bigintval($uid); // Lead-Code mode enabled LOAD_URL("lead-confirm.php"); diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index 75527e51ba..93fc1bd2cf 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -49,7 +49,7 @@ global $DATA, $FATAL; $probe_nickname = false; $UID = false; $hash = ""; unset($login); unset($online); -if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash']))) +if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash']))) { // Already logged in? $UID = $GLOBALS['userid']; @@ -175,14 +175,14 @@ if (IS_LOGGED_IN()) $hash = generatePassString($hash); // Update cookies - $login = (@setcookie("userid" , $UID , $life, COOKIE_PATH) - && @setcookie("u_hash" , $hash, $life, COOKIE_PATH) - && @setcookie("lifetime", $l , $life, COOKIE_PATH)); + $login = (set_session("userid" , $UID , $life, COOKIE_PATH) + && set_session("u_hash" , $hash, $life, COOKIE_PATH) + && set_session("lifetime", $l , $life, COOKIE_PATH)); // Update global array $GLOBALS['userid'] = $UID; - $_COOKIE['u_hash'] = $hash; - $_COOKIE['lifetime'] = $l; + $_SESSION['u_hash'] = $hash; + $_SESSION['lifetime'] = $l; } else { diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php index 7303c4895d..114694c8b6 100644 --- a/inc/modules/guest/what-register.php +++ b/inc/modules/guest/what-register.php @@ -167,7 +167,7 @@ if (isset($_POST['ok'])) { // Not found so we set your refid! $_POST['refid'] = $_CONFIG['def_refid']; - @setcookie("refid", $_CONFIG['def_refid'], (time() + $_CONFIG['online_timeout']), COOKIE_PATH); + set_session("refid", $_CONFIG['def_refid']); } // Free memory diff --git a/inc/modules/member/what-logout.php b/inc/modules/member/what-logout.php index 26c468efc4..797f8e262d 100644 --- a/inc/modules/member/what-logout.php +++ b/inc/modules/member/what-logout.php @@ -50,10 +50,10 @@ $URL = URL."/modules.php?module=index"; // NEW: Fixed the Set of Cookies, you mus add right TimeSet, if you changed it in What_login.php! (eg. time()- cookieTime -if (@setcookie("userid", "", time() - 3600, COOKIE_PATH) && @setcookie("u_hash", "", time() - 3600, COOKIE_PATH) && @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH)) +if (set_session("userid", "", time() - 3600, COOKIE_PATH) && set_session("u_hash", "", time() - 3600, COOKIE_PATH) && set_session("lifetime", "", time() - 3600, COOKIE_PATH)) { // Remove theme cookie as well - @setcookie("mxchange_theme", "", time() - 3600, COOKIE_PATH); + set_session("mxchange_theme", "", time() - 3600, COOKIE_PATH); // Logout completed $URL .= "&msg=".CODE_LOGOUT_DONE; diff --git a/inc/modules/member/what-mydata.php b/inc/modules/member/what-mydata.php index 70f63e3478..2a13fa112e 100644 --- a/inc/modules/member/what-mydata.php +++ b/inc/modules/member/what-mydata.php @@ -275,7 +275,7 @@ WHERE userid=%d AND password='%s' LIMIT 1", bigintval($_POST['year']), bigintval($_POST['max_mails']), UID_VALUE, - $_COOKIE['u_hash'] + $_SESSION['u_hash'] ), __FILE__, __LINE__); } else @@ -306,7 +306,7 @@ WHERE userid=%d AND password='%s' LIMIT 1", bigintval($_POST['year']), bigintval($_POST['max_mails']), UID_VALUE, - $_COOKIE['u_hash'] + $_SESSION['u_hash'] ), __FILE__, __LINE__); } diff --git a/inc/modules/member/what-themes.php b/inc/modules/member/what-themes.php index 7404646cd7..0e25541d34 100644 --- a/inc/modules/member/what-themes.php +++ b/inc/modules/member/what-themes.php @@ -55,8 +55,8 @@ if (!empty($_POST['member_theme'])) $NewTheme = $_POST['member_theme']; // Change to new theme - @setcookie("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH); - $_COOKIE['mxchange_theme'] = $NewTheme; + set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH); + $_SESSION['mxchange_theme'] = $NewTheme; // Theme saved! LOAD_TEMPLATE("admin_settings_saved", false, MEMBER_THEME_SAVED); @@ -110,7 +110,7 @@ $OUT = ""; $SW = 2; foreach ($THEMES['theme_unix'] as $key=>$unix) { $default = ""; - if ($_COOKIE['mxchange_theme'] == $unix) $default = " checked selected"; + if ($_SESSION['mxchange_theme'] == $unix) $default = " checked selected"; // Add row $OUT .= " diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php index 2ce61d8c16..5cb91d0103 100644 --- a/inc/mysql-connect.php +++ b/inc/mysql-connect.php @@ -161,10 +161,10 @@ if ((!mxchange_installing) && (mxchange_installed)) UPDATE_LOGIN_DATA(); // Get session ID - if (empty($_COOKIE['PHPSESSID'])) $_COOKIE['PHPSESSID'] = session_id(); + if (empty($_SESSION['PHPSESSID'])) $_SESSION['PHPSESSID'] = session_id(); // Update online list - UPDATE_ONLINE_LIST($_COOKIE['PHPSESSID'], $GLOBALS['module'], $GLOBALS['action'], $GLOBALS['what']); + UPDATE_ONLINE_LIST($_SESSION['PHPSESSID'], $GLOBALS['module'], $GLOBALS['action'], $GLOBALS['what']); // Load theme name $CurrTheme = GET_CURR_THEME(); diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 92292cfeaf..bbd581d8a0 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -389,14 +389,14 @@ function ADD_MENU($MODE, $act, $wht) { // This patched function will reduce many SELECT queries for the specified or current admin login function IS_ADMIN($admin="") { - global $_COOKIE, $ADMINS, $_CONFIG; + global $_SESSION, $ADMINS, $_CONFIG; $ret = false; $passCookie = ""; $valPass = ""; //* DEBUG: */ echo __LINE__."ADMIN:".$admin."
"; // If admin login is not given take current from cookies... - if ((empty($admin)) && (!empty($_COOKIE['admin_login'])) && (!empty($_COOKIE['admin_md5']))) + if ((empty($admin)) && (!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5']))) { - $admin = SQL_ESCAPE($_COOKIE['admin_login']); $passCookie = $_COOKIE['admin_md5']; + $admin = SQL_ESCAPE($_SESSION['admin_login']); $passCookie = $_SESSION['admin_md5']; } //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."
"; @@ -538,7 +538,7 @@ function WHAT_IS_VALID($act, $wht, $type="guest") // function IS_LOGGED_IN() { - global $_COOKIE, $status, $LAST; + global $_SESSION, $status, $LAST; if (!is_array($LAST)) $LAST = array(); $ret = false; @@ -546,7 +546,7 @@ function IS_LOGGED_IN() FIX_DELETED_COOKIES(array('userid', 'u_hash', 'lifetime')); // Are cookies set? - if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash'])) && (!empty($_COOKIE['lifetime'])) && (defined('COOKIE_PATH'))) + if ((!empty($GLOBALS['userid'])) && (!empty($_SESSION['u_hash'])) && (!empty($_SESSION['lifetime'])) && (defined('COOKIE_PATH'))) { // Cookies are set with values, but are they valid? $result = SQL_QUERY_ESC("SELECT password, status, last_module, last_online FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", @@ -563,8 +563,8 @@ function IS_LOGGED_IN() if ((!empty($mod)) && (empty($LAST['module']))) { $LAST['module'] = $mod; $LAST['online'] = $onl; } // So did we now have valid data and an unlocked user? - //* DEBUG: */ echo $valPass."
".$_COOKIE['u_hash']."
"; - if (($status == "CONFIRMED") && ($valPass == $_COOKIE['u_hash'])) + //* DEBUG: */ echo $valPass."
".$_SESSION['u_hash']."
"; + if (($status == "CONFIRMED") && ($valPass == $_SESSION['u_hash'])) { // Account is confirmed and all cookie data is valid so he is definely logged in! :-) $ret = true; @@ -573,28 +573,24 @@ function IS_LOGGED_IN() { // Maybe got locked etc. //* DEBUG: */ echo __LINE__."!!!
"; - @setcookie("userid", "", time() - 3600, COOKIE_PATH); - @setcookie("u_hash", "", time() - 3600, COOKIE_PATH); - @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH); + set_session("userid", "", time() - 3600, COOKIE_PATH); + set_session("u_hash", "", time() - 3600, COOKIE_PATH); + set_session("lifetime", "", time() - 3600, COOKIE_PATH); // Remove array elements to prevent errors unset($GLOBALS['userid']); - unset($_COOKIE['u_hash']); - unset($_COOKIE['lifetime']); } } else { // Cookie data is invalid! //* DEBUG: */ echo __LINE__."***
"; - @setcookie("userid", "", time() - 3600, COOKIE_PATH); - @setcookie("u_hash", "", time() - 3600, COOKIE_PATH); - @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH); + set_session("userid", "", time() - 3600, COOKIE_PATH); + set_session("u_hash", "", time() - 3600, COOKIE_PATH); + set_session("lifetime", "", time() - 3600, COOKIE_PATH); // Remove array elements to prevent errors unset($GLOBALS['userid']); - unset($_COOKIE['u_hash']); - unset($_COOKIE['lifetime']); } // Free memory @@ -604,14 +600,12 @@ function IS_LOGGED_IN() { // Cookie data is invalid! //* DEBUG: */ echo __LINE__."///
"; - @setcookie("userid", "", time() - 3600, COOKIE_PATH); - @setcookie("u_hash", "", time() - 3600, COOKIE_PATH); - @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH); + set_session("userid", "", time() - 3600, COOKIE_PATH); + set_session("u_hash", "", time() - 3600, COOKIE_PATH); + set_session("lifetime", "", time() - 3600, COOKIE_PATH); // Remove array elements to prevent errors unset($GLOBALS['userid']); - unset($_COOKIE['u_hash']); - unset($_COOKIE['lifetime']); } return $ret; } @@ -621,16 +615,16 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) { if (!is_array($LAST)) $LAST = array(); // Are the required cookies set? - if ((!isset($GLOBALS['userid'])) || (!isset($_COOKIE['u_hash'])) || (!isset($_COOKIE['lifetime']))) { + if ((!isset($GLOBALS['userid'])) || (!isset($_SESSION['u_hash'])) || (!isset($_SESSION['lifetime']))) { // Nope, then return here to caller function return false; } else { // Secure user ID - $GLOBALS['userid'] = bigintval($_COOKIE['userid']); + $GLOBALS['userid'] = bigintval($_SESSION['userid']); } // Extract last online time (life) and how long is auto-login valid (time) - $newl = time() + bigintval($_COOKIE['lifetime']); + $newl = time() + bigintval($_SESSION['lifetime']); // Recheck if logged in if (!IS_LOGGED_IN()) return false; @@ -645,7 +639,7 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) { // Maybe first login time? if (empty($mod)) $mod = "login"; - if (@setcookie("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && @setcookie("u_hash", SQL_ESCAPE($_COOKIE['u_hash']), $newl, COOKIE_PATH) && @setcookie("lifetime", bigintval($_COOKIE['lifetime']), $newl, COOKIE_PATH)) { + if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", SQL_ESCAPE($_SESSION['u_hash']), $newl, COOKIE_PATH) && set_session("lifetime", bigintval($_SESSION['lifetime']), $newl, COOKIE_PATH)) { // This will be displayed on welcome page! :-) if (empty($LAST['module'])) { $LAST['module'] = $mod; $LAST['online'] = $onl; @@ -662,9 +656,9 @@ function UPDATE_LOGIN_DATA ($UPDATE=true) { else { // Destroy session, we cannot update! - @setcookie("userid", "", time() - 3600, COOKIE_PATH); - @setcookie("u_hash", "", time() - 3600, COOKIE_PATH); - @setcookie("lifetime", "0", time() - 3600, COOKIE_PATH); + set_session("userid", "", time() - 3600, COOKIE_PATH); + set_session("u_hash", "", time() - 3600, COOKIE_PATH); + set_session("lifetime", "", time() - 3600, COOKIE_PATH); } } // @@ -742,11 +736,11 @@ function SEND_MODE_MAILS($mod, $modes) list($hashDB) = SQL_FETCHROW($result_main); // Extract salt from cookie - $salt = substr($_COOKIE['u_hash'], 0, -40); + $salt = substr($_SESSION['u_hash'], 0, -40); // Now let's compare passwords $hash = generatePassString($hashDB); - if (($hash == $_COOKIE['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) { + if (($hash == $_SESSION['u_hash']) || ($_POST['pass1'] == $_POST['pass2'])) { // Load user's data $result = SQL_QUERY_ESC("SELECT sex, surname, family, street_nr, country, zip, city, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND password='%s' LIMIT 1", array($GLOBALS['userid'], $hashDB), __FILE__, __LINE__); @@ -1196,10 +1190,10 @@ function UPDATE_ONLINE_LIST($SID, $mod, $act, $wht) // Is administrator $ADMIN = 'Y'; } - if (!empty($_COOKIE['refid'])) + if (!empty($_SESSION['refid'])) { // Check cookie - if ($_COOKIE['refid'] > 0) $rid = $GLOBALS['refid']; + if ($_SESSION['refid'] > 0) $rid = $GLOBALS['refid']; } // Now Read data @@ -1516,8 +1510,8 @@ function SUB_JACKPOT($points) // function IS_DEMO() { - global $_COOKIE; - return ((EXT_IS_ACTIVE("demo")) && ($_COOKIE['admin_login'] == "demo")); + global $_SESSION; + return ((EXT_IS_ACTIVE("demo")) && ($_SESSION['admin_login'] == "demo")); } // function LOAD_CONFIG($no="0") diff --git a/inc/session.php b/inc/session.php index 49d7c98625..268c2d4715 100644 --- a/inc/session.php +++ b/inc/session.php @@ -46,22 +46,12 @@ if (empty($VIEW)) $VIEW = 0; // Skip updating of cookies when viewing a banner if (($VIEW == 1) && ($_SERVER['PHP_SELF'])) return; -// Session management initalization -if (empty($PHPSESSID)) { - // This fixes some strange session cookie problems - if (empty($_COOKIE['PHPSESSID'])) unset($_COOKIE['PHPSESSID']); - @session_start(); - $PHPSESSID = @session_id(); -} else { - @session_id($PHPSESSID); - @session_start(); -} - -// Store PHPSESSID -@setcookie("PHPSESSID", $PHPSESSID, (time() + $_CONFIG['online_timeout']), COOKIE_PATH); +// Start the session +@session_start(); +$PHPSESSID = @session_id(); // Store language code in cookie -@setcookie("mx_lang", $mx_lang, (time() + $_CONFIG['online_timeout']), COOKIE_PATH); +set_session("mx_lang", $mx_lang); // Check if refid is set if ((!empty($_GET['user'])) && ($CLICK == 1) && ($_SERVER['PHP_SELF'] == "click.php")) { @@ -78,9 +68,9 @@ if (!empty($_POST['refid'])) { } elseif (!empty($_GET['ref'])) { // Set refid=ref (the referral link uses such variable) $GLOBALS['refid'] = SQL_ESCAPE(strip_tags($_GET['ref'])); -} elseif (!empty($_COOKIE['refid'])) { +} elseif (!empty($_SESSION['refid'])) { // Simply reset cookie - $GLOBALS['refid'] = bigintval($_COOKIE['refid']); + $GLOBALS['refid'] = bigintval($_SESSION['refid']); } elseif (GET_EXT_VERSION("sql_patches") != "") { // Set default refid as refid in URL $GLOBALS['refid'] = $_CONFIG['def_refid']; @@ -90,15 +80,15 @@ if (!empty($_POST['refid'])) { } // Set cookie when default refid > 0 -if (empty($_COOKIE['refid']) || (!empty($GLOBALS['refid'])) || (($_COOKIE['refid'] == "0") && ($_CONFIG['def_refid'] > 0))) { +if (empty($_SESSION['refid']) || (!empty($GLOBALS['refid'])) || (($_SESSION['refid'] == "0") && ($_CONFIG['def_refid'] > 0))) { // Set cookie - @setcookie("refid", $GLOBALS['refid'], (time() + $_CONFIG['online_timeout']), COOKIE_PATH); + set_session("refid", $GLOBALS['refid']); } // Test cookies if index.php or modules.php is loaded if ((basename($_SERVER['PHP_SELF']) == "index.php") || (basename($_SERVER['PHP_SELF']) == "modules.php") || (mxchange_installing)) { - if (count($_COOKIE) > 0) + if (count($_SESSION) > 0) { // Cookies accepted! define('__COOKIES', true); diff --git a/inc/theme-manager.php b/inc/theme-manager.php index c188a19663..81e2fadfbc 100644 --- a/inc/theme-manager.php +++ b/inc/theme-manager.php @@ -48,15 +48,15 @@ function GET_CURR_THEME() { // Load default theme if not empty from configuration if (!empty($_CONFIG['default_theme'])) $ret = $_CONFIG['default_theme']; - if (empty($_COOKIE['mxchange_theme'])) { + if (empty($_SESSION['mxchange_theme'])) { // Set default theme - @setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH); - } elseif ((!empty($_COOKIE['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) { + set_session("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH); + } elseif ((!empty($_SESSION['mxchange_theme'])) && (GET_EXT_VERSION("sql_patches") >= "0.1.4")) { // Get theme from cookie - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($_COOKIE['mxchange_theme']), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' LIMIT 1", array($_SESSION['mxchange_theme']), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Design is valid! - $ret = $_COOKIE['mxchange_theme']; + $ret = $_SESSION['mxchange_theme']; } // Free memory @@ -68,19 +68,19 @@ function GET_CURR_THEME() { // Installation mode active if ((!empty($_GET['theme'])) && (file_exists($theme)) && (is_readable($theme))) { // Set cookie from URL data - @setcookie("mxchange_theme", $_GET['theme'], (time() + 60*60*24*365), COOKIE_PATH); - $_COOKIE['mxchange_theme'] = $_GET['theme']; + set_session("mxchange_theme", $_GET['theme'], (time() + 60*60*24*365), COOKIE_PATH); + $_SESSION['mxchange_theme'] = $_GET['theme']; } elseif (file_exists(PATH."theme/".$_POST['theme']."/theme.php")) { // Set cookie from posted data - @setcookie("mxchange_theme", $_POST['theme'], (time() + 60*60*24*365), COOKIE_PATH); - $_COOKIE['mxchange_theme'] = $_POST['theme']; + set_session("mxchange_theme", $_POST['theme'], (time() + 60*60*24*365), COOKIE_PATH); + $_SESSION['mxchange_theme'] = $_POST['theme']; } // Set return value - $ret = $_COOKIE['mxchange_theme']; + $ret = $_SESSION['mxchange_theme']; } else { // Invalid design, reset cookie - @setcookie("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH); + set_session("mxchange_theme", $ret, (time() + 60*60*24*365), COOKIE_PATH); } // Add (maybe) found theme.php file to inclusion list @@ -151,7 +151,7 @@ if ((!empty($_POST['new_theme'])) && ($_POST['new_theme'] != $CurrTheme)) $NewTheme = $_POST['new_theme']; // Change to new theme - @setcookie("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH); + set_session("mxchange_theme", $NewTheme, (time() + 60*60*24*365), COOKIE_PATH); // Remove current from array and set new $theme = PATH."theme/".$CurrTheme."/theme.php"; diff --git a/index.php b/index.php index 07097cf45b..d2ade5d6df 100644 --- a/index.php +++ b/index.php @@ -55,14 +55,14 @@ if (defined('mxchange_installed') && (mxchange_installed)) { if (!isset($_CONFIG['index_cookie'])) $_CONFIG['index_cookie'] = 0; // Check for cookies - if ((empty($_COOKIE['visited'])) || ($_CONFIG['index_delay'] == 0) || ($_CONFIG['index_cookie'] == 0)) { + if ((empty($_SESSION['visited'])) || ($_CONFIG['index_delay'] == 0) || ($_CONFIG['index_cookie'] == 0)) { // Is the index page configured for redirect pr not? if ($_CONFIG['index_cookie'] > 0) { // Set cookie and remeber it for specified time - @setcookie("visited", "true", (time() + $_CONFIG['index_cookie']), COOKIE_PATH); - } elseif (!empty($_COOKIE['visited'])) { + set_session("visited", "true", (time() + $_CONFIG['index_cookie']), COOKIE_PATH); + } elseif (!empty($_SESSION['visited'])) { // Remove cookie when admin set 0 in setup - @setcookie("visited", "", (time() - 3600), COOKIE_PATH); + set_session("visited", "", (time() - 3600), COOKIE_PATH); } // Template laden diff --git a/lead-confirm.php b/lead-confirm.php index e04ea259b5..389f3a1168 100644 --- a/lead-confirm.php +++ b/lead-confirm.php @@ -57,13 +57,13 @@ if (defined('mxchange_installed') && (mxchange_installed)) { ); // Is the cookie set? - if (isset($_COOKIE['lead_uid'])) { + if (isset($_SESSION['lead_uid'])) { // Is the user-account unlocked and valid? $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1", - array(bigintval($_COOKIE['lead_uid'])), __FILE__, __LINE__); + array(bigintval($_SESSION['lead_uid'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Secure the ID number - $content['lead_uid'] = bigintval($_COOKIE['lead_uid']); + $content['lead_uid'] = bigintval($_SESSION['lead_uid']); // Load the email address list($content['lead_email']) = COMPILE_CODE(SQL_FETCHROW($result)); -- 2.30.2