Source for file session.php

Documentation is available at session.php

  1. <?
  2. /**
  3. * session.php
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License as published by
  7. * the Free Software Foundation; either version 2 of the License, or
  8. * (at your option) any later version.
  9. * This program is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU General Public License for more details.
  13. * @author Stephan Raabe
  14. */
  15.  
  16. if (empty($_GET["export"]))
  17. {
  18. session_name("sid");
  19. session_start();
  20. if (!isset($_SESSION["initiated"]))
  21. {
  22. if ($check_useragent == 1)
  23. {
  24. session_regenerate_id();
  25. }
  26. $_SESSION['initiated'] = true;
  27. setGuest();
  28. }
  29. if ($_SESSION["site_url_key"] != $site_url)
  30. {
  31. setGuest();
  32. }
  33. if (SID != '')
  34. {
  35. ob_start('rewriteURL');
  36. }
  37. if ($check_useragent == 1)
  38. {
  39. if ((isset($_SESSION["account_group"])) && (isset($_SESSION["HTTP_USER_AGENT"])))
  40. {
  41. if ($_SESSION["HTTP_USER_AGENT"] != $system_fingerprint)
  42. {
  43. setGuest();
  44. }
  45. }
  46. else
  47. {
  48. $_SESSION["HTTP_USER_AGENT"] = $system_fingerprint;
  49. setGuest();
  50. }
  51. }
  52. else
  53. {
  54. if (empty($_SESSION["account_group"]))
  55. {
  56. setGuest();
  57. }
  58. }
  59. }
  60.  
  61. if (empty($_SESSION["account_group"]))
  62. {
  63. setGuest();
  64. }
  65.  
  66. /**
  67. * Rewrites URL
  68. * @return string
  69. */
  70. function rewriteURL($strBuffer)
  71. {
  72. if (!isAdmin())
  73. {
  74. $sid = session_id();
  75. $strBuffer = preg_replace('#website.php\?id=(/.+)(\'|")#U','website.php?sid='.$sid.'&id=\\1\\2',$strBuffer);
  76. }
  77. return $strBuffer;
  78. }
  79.  
  80. /**
  81. * sets the SESSION to the guest status
  82. */
  83. function setGuest()
  84. {
  85. global $db_praefix,$site_url;
  86. $link = connectDB();
  87. $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 0";
  88. $result = mysql_query($query);
  89. $menge = mysql_num_fields($result);
  90. $row = mysql_fetch_row($result);
  91. $user_rows = mysql_num_rows($result);
  92. for($x = 0; $x < $menge; $x++)
  93. {
  94. $_SESSION[mysql_field_name($result,$x)] = $row[$x];
  95. }
  96. $_SESSION["site_url_key"] = $site_url;
  97. closeDB($link);
  98. }
  99.  
  100. /**
  101. * user login function external
  102. * @return bool
  103. */
  104. function login($account_email,$account_password,$page_pathn)
  105. {
  106. global $db_praefix,$site_url;
  107. $account_password = md5($account_password);
  108. $link = connectDB();
  109. $query = "SELECT * FROM ".$db_praefix."account WHERE (account_email = '$account_email') AND (account_password = '$account_password') AND (account_lock = 0)";
  110. $result = mysql_query($query);
  111. closeDB($link);
  112. $user_rows = mysql_num_rows($result);
  113. if ($user_rows == 1)
  114. {
  115. $menge = mysql_num_fields($result);
  116. $row = mysql_fetch_row($result);
  117. for($x = 0; $x < $menge; $x++)
  118. {
  119. $_SESSION[mysql_field_name($result,$x)] = $row[$x];
  120. }
  121. return true;
  122. }
  123. else
  124. {
  125. return false;
  126. }
  127. }
  128.  
  129. /**
  130. * user login function internal
  131. * @return bool
  132. */
  133. function loginInt($account_email,$account_password,$page_pathn)
  134. {
  135. global $db_praefix,$site_url;
  136. $account_password = md5($account_password);
  137. $link = connectDB();
  138. $query = "SELECT * FROM ".$db_praefix."account WHERE (account_email = '$account_email') AND (account_password = '$account_password') AND (account_lock = 0)";
  139. $result = mysql_query($query);
  140. closeDB($link);
  141. $user_rows = mysql_num_rows($result);
  142. if ($user_rows == 1)
  143. {
  144. $menge = mysql_num_fields($result);
  145. $row = mysql_fetch_row($result);
  146. for($x = 0; $x < $menge; $x++)
  147. {
  148. $_SESSION[mysql_field_name($result,$x)] = $row[$x];
  149. }
  150. if (isAdmin())
  151. {
  152. ?>
  153. <script language="Javascript">
  154. window.opener.location.href="website.php?id=<?= $page_pathn; ?>";
  155. location.href = "website.php?admin=greeting&id=<?= $page_pathn; ?>";
  156. </script>
  157. <?
  158. }
  159. else
  160. {
  161. ?>
  162. <script language="Javascript">
  163. window.opener.location.href="website.php?id=<?= $page_pathn; ?>";
  164. window.close();
  165. </script>
  166. <?
  167. }
  168. return true;
  169. }
  170. else
  171. {
  172. return false;
  173. }
  174. }
  175.  
  176. /**
  177. * user logout function external
  178. */
  179. function logout($page_path)
  180. {
  181. global $check_useragent;
  182. if ($check_useragent == 1)
  183. {
  184. session_regenerate_id();
  185. }
  186. $page_new = get_page($page_path);
  187. setGuest();
  188. if ($page_new["page_status"] != 0)
  189. {
  190. ?>
  191. <script language="javascript">
  192. location.href = "website.php";
  193. </script>
  194. <?
  195. }
  196. }
  197.  
  198. /**
  199. * user logout function internal
  200. */
  201. function logoutInt($page_path)
  202. {
  203. global $check_useragent;
  204. if ($check_useragent == 1)
  205. {
  206. session_regenerate_id();
  207. }
  208. setGuest();
  209. ?>
  210. <script language="javascript">
  211. window.opener.location.href = "website.php";
  212. </script>
  213. <?
  214. }
  215.  
  216. /**
  217. * external user password e-mail
  218. */
  219. function getAccountExt($accountn_email)
  220. {
  221. global $site_url,$db_praefix,$site_home,$site_name,$site_admin,$admin_lang,$nl_encoding;
  222. if ($accountn_email != "")
  223. {
  224. $link = connectDB();
  225. $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_email' and account_group = 1";
  226. $result = mysql_query($query);
  227. closeDB($link);
  228. if (mysql_num_rows($result) == 1)
  229. {
  230. $acc_key = mysql_fetch_array($result);
  231. $account_key = $acc_key["account_key"];
  232. $pass_new_output = rand(10000000,99999999);
  233. $pass_new = md5($pass_new_output);
  234. $link = connectDB();
  235. $query = "UPDATE ".$db_praefix."account SET account_password = '$pass_new' WHERE account_key = $account_key";
  236. $result = mysql_query($query);
  237. closeDB($link);
  238. require("system/admin/phpmailer/class.phpmailer.php");
  239. $mail = new phpmailer();
  240. $mail->From = $site_admin;
  241. $mail->FromName = "";
  242. $mail->AddAddress($accountn_email);
  243. $mail->Subject = $site_name;
  244. $mail->Encoding = "8bit";
  245. $mail->CharSet = $nl_encoding;
  246. $text_body = "Your Password: ".$pass_new_output;
  247. $mail->Body = $text_body;
  248. $mail->Send();
  249. $mail->ClearAddresses();
  250. $mail->ClearAttachments();
  251. ?>
  252. <script language="Javascript">
  253. alert("<?= $admin_lang["profile"][6]; ?>");
  254. location.href="index.php";
  255. </script>
  256. <?
  257. }
  258. else
  259. {
  260. ?>
  261. <script language="Javascript">
  262. alert("<?= $admin_lang["profile"][5]; ?>");
  263. </script>
  264. <?
  265. }
  266. }
  267. }
  268.  
  269. /**
  270. * external user deletion
  271. */
  272. function deleteAccountExt($accountn_email,$accountn_key)
  273. {
  274. global $site_url,$db_praefix,$site_home,$site_name,$site_admin,$admin_lang;
  275. if ($accountn_email != "")
  276. {
  277. $link = connectDB();
  278. $query = "DELETE FROM ".$db_praefix."account WHERE account_email = '$accountn_email' and account_key = $accountn_key";
  279. $result = mysql_query($query);
  280. closeDB($link);
  281. setGuest();
  282. ?>
  283. <script language="Javascript">
  284. alert("<?= $admin_lang["profile"][8]; ?>");
  285. location.href="index.php";
  286. </script>
  287. <?
  288. }
  289. }
  290.  
  291. /**
  292. * extrenal user registration
  293. */
  294. function newAccountExt($accountn_firstname,$accountn_lastname,$accountn_telefon,$accountn_company,$accountn_homepage,$accountn_email,$accountn_password,$accountn_info,$accountn_lock,$link_redirect)
  295. {
  296. global $site_url,$db_praefix,$site_home,$admin_lang,$account_register;
  297. $link = connectDB();
  298. $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_email'";
  299. $result = mysql_query($query);
  300. closeDB($link);
  301. if (mysql_num_rows($result) == 0)
  302. {
  303. $accountn_passwordold = $accountn_password;
  304. $accountn_password = md5($accountn_password);
  305. $link = connectDB();
  306. $query = "INSERT ".$db_praefix."account (account_email,account_password,account_firstname,account_lastname,account_telefon,account_company,account_homepage,account_group,account_info,account_lock) VALUES ('$accountn_email','$accountn_password','$accountn_firstname','$accountn_lastname','$accountn_telefon','$accountn_company','$accountn_homepage','1','$accountn_info','$accountn_lock')";
  307. $result = mysql_query($query);
  308. closeDB($link);
  309. ?>
  310. <script language="Javascript">
  311. alert("<?= $admin_lang["profile"][4]; ?>");
  312. </script>
  313. <?
  314. if ($account_register == 0)
  315. {
  316. login($accountn_email,$accountn_passwordold,$link_redirect);
  317. }
  318. else
  319. {
  320. ?>
  321. <script language="Javascript">
  322. location.href="index.php";
  323. </script>
  324. <?
  325. }
  326. }
  327. else
  328. {
  329. ?>
  330. <script language="Javascript">
  331. alert("<?= $admin_lang["profile"][5]; ?>");
  332. </script>
  333. <?
  334. }
  335. }
  336.  
  337. /**
  338. * external user update
  339. */
  340. function updateAccountExt($accountn_firstname,$accountn_lastname,$accountn_telefon,$accountn_company,$accountn_homepage,$accountn_email,$accountn_emailnew,$accountn_password,$accountn_key,$accountn_lang,$accountn_info)
  341. {
  342. global $site_url,$db_praefix,$admin_lang;
  343. $checker = true;
  344. if ($accountn_email != $accountn_emailnew)
  345. {
  346. $link = connectDB();
  347. $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_emailnew'";
  348. $result = mysql_query($query);
  349. closeDB($link);
  350. if (mysql_num_rows($result) != 0)
  351. {
  352. ?>
  353. <script language="Javascript">
  354. alert("<?= $admin_lang["profile"][5]; ?>");
  355. </script>
  356. <?
  357. $checker = false;
  358. }
  359. }
  360. if ($checker == true)
  361. {
  362. $link = connectDB();
  363. if ($accountn_password != "")
  364. {
  365. $accountn_password = md5($accountn_password);
  366. $query = "UPDATE ".$db_praefix."account SET account_password = '$accountn_password' WHERE account_key = $accountn_key";
  367. $result = mysql_query($query);
  368. $_SESSION["account_password"] = $accountn_password;
  369. }
  370. $query = "UPDATE ".$db_praefix."account SET account_email = '$accountn_emailnew', account_firstname = '$accountn_firstname', account_lastname = '$accountn_lastname', account_telefon = '$accountn_telefon', account_company = '$accountn_company', account_homepage = '$accountn_homepage', account_lang = '$accountn_lang', account_info = $accountn_info WHERE account_key = $accountn_key";
  371. $result = mysql_query($query);
  372. closeDB($link);
  373. $_SESSION["account_email"] = $accountn_emailnew;
  374. $_SESSION["account_firstname"] = $accountn_firstname;
  375. $_SESSION["account_lastname"] = $accountn_lastname;
  376. $_SESSION["account_company"] = $accountn_company;
  377. $_SESSION["account_homepage"] = $accountn_homepage;
  378. $_SESSION["account_telefon"] = $accountn_telefon;
  379. $_SESSION["account_info"] = $accountn_info;
  380. $_SESSION["account_lang"] = $accountn_lang;
  381. ?>
  382. <script language="Javascript">
  383. alert("<?= $admin_lang["profile"][4]; ?>");
  384. location.href="index.php";
  385. </script>
  386. <?
  387. }
  388. }
  389.  
  390. /**
  391. * returns all admin accounts
  392. * @return resource
  393. */
  394. function get_Admins()
  395. {
  396. global $db_praefix;
  397. $link = connectDB();
  398. $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 2 ORDER BY account_lastname";
  399. $result = mysql_query($query);
  400. closeDB($link);
  401. return $result;
  402. }
  403.  
  404. /**
  405. * returns all author accounts
  406. * @return resource
  407. */
  408. function get_Authors()
  409. {
  410. global $db_praefix;
  411. $link = connectDB();
  412. $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 3 ORDER BY account_lastname";
  413. $result = mysql_query($query);
  414. closeDB($link);
  415. return $result;
  416. }
  417.  
  418. /**
  419. * return the group name by group key
  420. * @return string
  421. */
  422. function getGroup($account_group)
  423. {
  424. switch ($account_group)
  425. {
  426. case "1":
  427. return "User";
  428. break;
  429. case "2":
  430. return "Administrator";
  431. break;
  432. case "3":
  433. return "Author";
  434. break;
  435. }
  436. }
  437.  
  438. /**
  439. * check the login status for administrators and authors
  440. * @return bool
  441. */
  442. function isAdmin()
  443. {
  444. if (isset($_GET["preview"]))
  445. {
  446. return false;
  447. }
  448. else
  449. {
  450. if ($_SESSION["account_group"] > 1)
  451. {
  452. return true;
  453. }
  454. else
  455. {
  456. return false;
  457. }
  458. }
  459. }
  460.  
  461. /**
  462. * saves the admin menu position
  463. */
  464. function saveMenu($page_key,$accountn_menux,$accountn_menuy)
  465. {
  466. global $db_praefix;
  467. $accountn_key = $_SESSION["account_key"];
  468. $accountn_menux = str_replace("px", "", $accountn_menux);
  469. $accountn_menuy = str_replace("px", "", $accountn_menuy);
  470. $link = connectDB();
  471. $query = "UPDATE ".$db_praefix."account SET account_menux = $accountn_menux, account_menuy = $accountn_menuy where account_key = $accountn_key";
  472. $result = mysql_query($query);
  473. closeDB($link);
  474. $_SESSION["account_menux"] = $accountn_menux;
  475. $_SESSION["account_menuy"] = $accountn_menuy;
  476. $pagekey = get_page_key($page_key);
  477. ?>
  478. <script language="JavaScript">
  479. location.href = "website.php?id=<?= $pagekey["page_path"]; ?>";
  480. </script>
  481. <?
  482. }
  483. ?>

Documentation generated on Tue, 04 Oct 2005 11:13:42 +0200 by phpDocumentor 1.3.0RC3