Source for file session.php

Documentation is available at session.php

  1. <?
  2. /**
  3. * session.php
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License as published by
  7. * the Free Software Foundation; either version 2 of the License, or
  8. * (at your option) any later version.
  9. * This program is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU General Public License for more details.
  13. * @package generator
  14. * @author Stephan Raabe
  15. */
  16.  
  17. if (empty($_GET["export"]))
  18. {
  19. session_name("sid");
  20. session_start();
  21. if (!isset($_SESSION["initiated"]))
  22. {
  23. session_regenerate_id();
  24. $_SESSION['initiated'] = true;
  25. setGuest();
  26. }
  27. if ($_SESSION["site_url_key"] != $site_url)
  28. {
  29. setGuest();
  30. }
  31. if (SID != '')
  32. {
  33. ob_start('rewriteURL');
  34. }
  35. if ($check_useragent == 0)
  36. {
  37. if ((isset($_SESSION["account_group"])) && (isset($_SESSION["HTTP_USER_AGENT"])))
  38. {
  39. if ($_SESSION["HTTP_USER_AGENT"] != $system_fingerprint)
  40. {
  41. setGuest();
  42. }
  43. }
  44. else
  45. {
  46. $_SESSION["HTTP_USER_AGENT"] = $system_fingerprint;
  47. setGuest();
  48. }
  49. }
  50. else
  51. {
  52. if (empty($_SESSION["account_group"]))
  53. {
  54. setGuest();
  55. }
  56. }
  57. }
  58.  
  59. if (empty($_SESSION["account_group"]))
  60. {
  61. setGuest();
  62. }
  63.  
  64. /**
  65. * Rewrites URL
  66. * @return string
  67. */
  68. function rewriteURL($strBuffer)
  69. {
  70. if (!isAdmin())
  71. {
  72. $sid = session_id();
  73. $strBuffer = preg_replace('#website.php\?id=(/.+)(\'|")#U','website.php?sid='.$sid.'&id=\\1\\2',$strBuffer);
  74. }
  75. return $strBuffer;
  76. }
  77.  
  78. /**
  79. * sets the SESSION to the guest status
  80. */
  81. function setGuest()
  82. {
  83. global $db_praefix,$site_url;
  84. $link = connectDB();
  85. $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 0";
  86. $result = mysql_query($query);
  87. $menge = mysql_num_fields($result);
  88. $row = mysql_fetch_row($result);
  89. $user_rows = mysql_num_rows($result);
  90. for($x = 0; $x < $menge; $x++)
  91. {
  92. $_SESSION[mysql_field_name($result,$x)] = $row[$x];
  93. }
  94. $_SESSION["site_url_key"] = $site_url;
  95. closeDB($link);
  96. }
  97.  
  98. /**
  99. * user login function external
  100. * @return bool
  101. */
  102. function login($account_email,$account_password,$page_pathn)
  103. {
  104. global $db_praefix,$site_url;
  105. $account_password = md5($account_password);
  106. $link = connectDB();
  107. $query = "SELECT * FROM ".$db_praefix."account WHERE (account_email = '$account_email') AND (account_password = '$account_password') AND (account_lock = 0)";
  108. $result = mysql_query($query);
  109. closeDB($link);
  110. $user_rows = mysql_num_rows($result);
  111. if ($user_rows == 1)
  112. {
  113. $menge = mysql_num_fields($result);
  114. $row = mysql_fetch_row($result);
  115. for($x = 0; $x < $menge; $x++)
  116. {
  117. $_SESSION[mysql_field_name($result,$x)] = $row[$x];
  118. }
  119. return true;
  120. }
  121. else
  122. {
  123. return false;
  124. }
  125. }
  126.  
  127. /**
  128. * user login function internal
  129. * @return bool
  130. */
  131. function loginInt($account_email,$account_password,$page_pathn)
  132. {
  133. global $db_praefix,$site_url;
  134. $account_password = md5($account_password);
  135. $link = connectDB();
  136. $query = "SELECT * FROM ".$db_praefix."account WHERE (account_email = '$account_email') AND (account_password = '$account_password') AND (account_lock = 0)";
  137. $result = mysql_query($query);
  138. closeDB($link);
  139. $user_rows = mysql_num_rows($result);
  140. if ($user_rows == 1)
  141. {
  142. $menge = mysql_num_fields($result);
  143. $row = mysql_fetch_row($result);
  144. for($x = 0; $x < $menge; $x++)
  145. {
  146. $_SESSION[mysql_field_name($result,$x)] = $row[$x];
  147. }
  148. if (isAdmin())
  149. {
  150. ?>
  151. <script language="Javascript">
  152. window.opener.location.href="website.php?id=<?= $page_pathn; ?>";
  153. location.href = "website.php?admin=greeting&id=<?= $page_pathn; ?>";
  154. </script>
  155. <?
  156. }
  157. else
  158. {
  159. ?>
  160. <script language="Javascript">
  161. window.opener.location.href="website.php?id=<?= $page_pathn; ?>";
  162. window.close();
  163. </script>
  164. <?
  165. }
  166. return true;
  167. }
  168. else
  169. {
  170. return false;
  171. }
  172. }
  173.  
  174. /**
  175. * user logout function external
  176. */
  177. function logout($page_path)
  178. {
  179. session_regenerate_id();
  180. setGuest();
  181. header("Location: website.php?id=".$page_path);
  182. }
  183.  
  184. /**
  185. * user logout function internal
  186. */
  187. function logoutInt($page_path)
  188. {
  189. session_regenerate_id();
  190. setGuest();
  191. ?>
  192. <script language="Javascript">
  193. window.opener.location.href="website.php?id=<?= $page_path; ?>";
  194. window.close();
  195. </script>
  196. <?
  197. }
  198.  
  199. /**
  200. * external user password e-mail
  201. */
  202. function getAccountExt($accountn_email)
  203. {
  204. global $site_url,$db_praefix,$site_home,$site_name,$site_admin,$admin_lang,$nl_encoding;
  205. if ($accountn_email != "")
  206. {
  207. $link = connectDB();
  208. $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_email' and account_group = 1";
  209. $result = mysql_query($query);
  210. closeDB($link);
  211. if (mysql_num_rows($result) == 1)
  212. {
  213. $acc_key = mysql_fetch_array($result);
  214. $account_key = $acc_key["account_key"];
  215. $pass_new_output = rand(10000000,99999999);
  216. $pass_new = md5($pass_new_output);
  217. $link = connectDB();
  218. $query = "UPDATE ".$db_praefix."account SET account_password = '$pass_new' WHERE account_key = $account_key";
  219. $result = mysql_query($query);
  220. closeDB($link);
  221. require("system/admin/phpmailer/class.phpmailer.php");
  222. $mail = new phpmailer();
  223. $mail->From = $site_admin;
  224. $mail->FromName = "";
  225. $mail->AddAddress($accountn_email);
  226. $mail->Subject = $site_name;
  227. $mail->Encoding = "8bit";
  228. $mail->CharSet = $nl_encoding;
  229. $text_body = "Your Password: ".$pass_new_output;
  230. $mail->Body = $text_body;
  231. $mail->Send();
  232. $mail->ClearAddresses();
  233. $mail->ClearAttachments();
  234. ?>
  235. <script language="Javascript">
  236. alert("<?= $admin_lang["profile"][6]; ?>");
  237. location.href="index.php";
  238. </script>
  239. <?
  240. }
  241. else
  242. {
  243. ?>
  244. <script language="Javascript">
  245. alert("<?= $admin_lang["profile"][5]; ?>");
  246. </script>
  247. <?
  248. }
  249. }
  250. }
  251.  
  252. /**
  253. * external user deletion
  254. */
  255. function deleteAccountExt($accountn_email,$accountn_key)
  256. {
  257. global $site_url,$db_praefix,$site_home,$site_name,$site_admin,$admin_lang;
  258. if ($accountn_email != "")
  259. {
  260. $link = connectDB();
  261. $query = "DELETE FROM ".$db_praefix."account WHERE account_email = '$accountn_email' and account_key = $accountn_key";
  262. $result = mysql_query($query);
  263. closeDB($link);
  264. setGuest();
  265. ?>
  266. <script language="Javascript">
  267. alert("<?= $admin_lang["profile"][8]; ?>");
  268. location.href="index.php";
  269. </script>
  270. <?
  271. }
  272. }
  273.  
  274. /**
  275. * extrenal user registration
  276. */
  277. function newAccountExt($accountn_firstname,$accountn_lastname,$accountn_telefon,$accountn_company,$accountn_homepage,$accountn_email,$accountn_password,$accountn_info,$accountn_lock,$link_redirect)
  278. {
  279. global $site_url,$db_praefix,$site_home,$admin_lang,$account_register;
  280. $link = connectDB();
  281. $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_email'";
  282. $result = mysql_query($query);
  283. closeDB($link);
  284. if (mysql_num_rows($result) == 0)
  285. {
  286. $accountn_passwordold = $accountn_password;
  287. $accountn_password = md5($accountn_password);
  288. $link = connectDB();
  289. $query = "INSERT ".$db_praefix."account (account_email,account_password,account_firstname,account_lastname,account_telefon,account_company,account_homepage,account_group,account_info,account_lock) VALUES ('$accountn_email','$accountn_password','$accountn_firstname','$accountn_lastname','$accountn_telefon','$accountn_company','$accountn_homepage','1','$accountn_info','$accountn_lock')";
  290. $result = mysql_query($query);
  291. closeDB($link);
  292. ?>
  293. <script language="Javascript">
  294. alert("<?= $admin_lang["profile"][4]; ?>");
  295. </script>
  296. <?
  297. if ($account_register == 0)
  298. {
  299. login($accountn_email,$accountn_passwordold,$link_redirect);
  300. }
  301. else
  302. {
  303. ?>
  304. <script language="Javascript">
  305. location.href="index.php";
  306. </script>
  307. <?
  308. }
  309. }
  310. else
  311. {
  312. ?>
  313. <script language="Javascript">
  314. alert("<?= $admin_lang["profile"][5]; ?>");
  315. </script>
  316. <?
  317. }
  318. }
  319.  
  320. /**
  321. * external user update
  322. */
  323. function updateAccountExt($accountn_firstname,$accountn_lastname,$accountn_telefon,$accountn_company,$accountn_homepage,$accountn_email,$accountn_emailnew,$accountn_password,$accountn_key,$accountn_lang,$accountn_info)
  324. {
  325. global $site_url,$db_praefix,$admin_lang;
  326. $checker = true;
  327. if ($accountn_email != $accountn_emailnew)
  328. {
  329. $link = connectDB();
  330. $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_emailnew'";
  331. $result = mysql_query($query);
  332. closeDB($link);
  333. if (mysql_num_rows($result) != 0)
  334. {
  335. ?>
  336. <script language="Javascript">
  337. alert("<?= $admin_lang["profile"][5]; ?>");
  338. </script>
  339. <?
  340. $checker = false;
  341. }
  342. }
  343. if ($checker == true)
  344. {
  345. $link = connectDB();
  346. if ($accountn_password != "")
  347. {
  348. $accountn_password = md5($accountn_password);
  349. $query = "UPDATE ".$db_praefix."account SET account_password = '$accountn_password' WHERE account_key = $accountn_key";
  350. $result = mysql_query($query);
  351. $_SESSION["account_password"] = $accountn_password;
  352. }
  353. $query = "UPDATE ".$db_praefix."account SET account_email = '$accountn_emailnew', account_firstname = '$accountn_firstname', account_lastname = '$accountn_lastname', account_telefon = '$accountn_telefon', account_company = '$accountn_company', account_homepage = '$accountn_homepage', account_lang = '$accountn_lang', account_info = $accountn_info WHERE account_key = $accountn_key";
  354. $result = mysql_query($query);
  355. closeDB($link);
  356. $_SESSION["account_email"] = $accountn_emailnew;
  357. $_SESSION["account_firstname"] = $accountn_firstname;
  358. $_SESSION["account_lastname"] = $accountn_lastname;
  359. $_SESSION["account_company"] = $accountn_company;
  360. $_SESSION["account_homepage"] = $accountn_homepage;
  361. $_SESSION["account_telefon"] = $accountn_telefon;
  362. $_SESSION["account_info"] = $accountn_info;
  363. $_SESSION["account_lang"] = $accountn_lang;
  364. ?>
  365. <script language="Javascript">
  366. alert("<?= $admin_lang["profile"][4]; ?>");
  367. location.href="index.php";
  368. </script>
  369. <?
  370. }
  371. }
  372.  
  373. /**
  374. * returns all admin accounts
  375. * @return resource
  376. */
  377. function get_Admins()
  378. {
  379. global $db_praefix;
  380. $link = connectDB();
  381. $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 2 ORDER BY account_lastname";
  382. $result = mysql_query($query);
  383. closeDB($link);
  384. return $result;
  385. }
  386.  
  387. /**
  388. * returns all author accounts
  389. * @return resource
  390. */
  391. function get_Authors()
  392. {
  393. global $db_praefix;
  394. $link = connectDB();
  395. $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 3 ORDER BY account_lastname";
  396. $result = mysql_query($query);
  397. closeDB($link);
  398. return $result;
  399. }
  400.  
  401. /**
  402. * return the group name by group key
  403. * @return string
  404. */
  405. function getGroup($account_group)
  406. {
  407. switch ($account_group)
  408. {
  409. case "1":
  410. return "User";
  411. break;
  412. case "2":
  413. return "Administrator";
  414. break;
  415. case "3":
  416. return "Author";
  417. break;
  418. }
  419. }
  420.  
  421. /**
  422. * check the login status for administrators and authors
  423. * @return bool
  424. */
  425. function isAdmin()
  426. {
  427. if (isset($_GET["preview"]))
  428. {
  429. return false;
  430. }
  431. else
  432. {
  433. if ($_SESSION["account_group"] > 1)
  434. {
  435. return true;
  436. }
  437. else
  438. {
  439. return false;
  440. }
  441. }
  442. }
  443.  
  444. /**
  445. * saves the admin menu position
  446. */
  447. function saveMenu($page_key,$accountn_menux,$accountn_menuy)
  448. {
  449. global $db_praefix;
  450. $accountn_key = $_SESSION["account_key"];
  451. $accountn_menux = str_replace("px", "", $accountn_menux);
  452. $accountn_menuy = str_replace("px", "", $accountn_menuy);
  453. $link = connectDB();
  454. $query = "UPDATE ".$db_praefix."account SET account_menux = $accountn_menux, account_menuy = $accountn_menuy where account_key = $accountn_key";
  455. $result = mysql_query($query);
  456. closeDB($link);
  457. $_SESSION["account_menux"] = $accountn_menux;
  458. $_SESSION["account_menuy"] = $accountn_menuy;
  459. $pagekey = get_page_key($page_key);
  460. ?>
  461. <script language="JavaScript">
  462. location.href = "website.php?id=<?= $pagekey["page_path"]; ?>";
  463. </script>
  464. <?
  465. }
  466. ?>

Documentation generated on Tue, 16 Aug 2005 17:28:49 +0200 by phpDocumentor 1.3.0RC3