Documentation is available at session.php
- <?
- /**
- * session.php
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- * @author Stephan Raabe
- */
- if (empty($_GET["export"]))
- {
- session_name("sid");
- session_start();
- if (!isset($_SESSION["initiated"]))
- {
- if ($check_useragent == 1)
- {
- session_regenerate_id();
- }
- $_SESSION['initiated'] = true;
- setGuest();
- }
- if ($_SESSION["site_url_key"] != $site_url)
- {
- setGuest();
- }
- if (SID != '')
- {
- ob_start('rewriteURL');
- }
- if ($check_useragent == 1)
- {
- if ((isset($_SESSION["account_group"])) && (isset($_SESSION["HTTP_USER_AGENT"])))
- {
- if ($_SESSION["HTTP_USER_AGENT"] != $system_fingerprint)
- {
- setGuest();
- }
- }
- else
- {
- $_SESSION["HTTP_USER_AGENT"] = $system_fingerprint;
- setGuest();
- }
- }
- else
- {
- if (empty($_SESSION["account_group"]))
- {
- setGuest();
- }
- }
- }
- if (empty($_SESSION["account_group"]))
- {
- setGuest();
- }
- /**
- * Rewrites URL
- * @return string
- */
- function rewriteURL($strBuffer)
- {
- if (!isAdmin())
- {
- $sid = session_id();
- $strBuffer = preg_replace('#website.php\?id=(/.+)(\'|")#U','website.php?sid='.$sid.'&id=\\1\\2',$strBuffer);
- }
- return $strBuffer;
- }
- /**
- * sets the SESSION to the guest status
- */
- function setGuest()
- {
- global $db_praefix,$site_url;
- $link = connectDB();
- $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 0";
- $result = mysql_query($query);
- $menge = mysql_num_fields($result);
- $row = mysql_fetch_row($result);
- $user_rows = mysql_num_rows($result);
- for($x = 0; $x < $menge; $x++)
- {
- $_SESSION[mysql_field_name($result,$x)] = $row[$x];
- }
- $_SESSION["site_url_key"] = $site_url;
- closeDB($link);
- }
- /**
- * user login function external
- * @return bool
- */
- function login($account_email,$account_password,$page_pathn)
- {
- global $db_praefix,$site_url;
- $account_password = md5($account_password);
- $link = connectDB();
- $query = "SELECT * FROM ".$db_praefix."account WHERE (account_email = '$account_email') AND (account_password = '$account_password') AND (account_lock = 0)";
- $result = mysql_query($query);
- closeDB($link);
- $user_rows = mysql_num_rows($result);
- if ($user_rows == 1)
- {
- $menge = mysql_num_fields($result);
- $row = mysql_fetch_row($result);
- for($x = 0; $x < $menge; $x++)
- {
- $_SESSION[mysql_field_name($result,$x)] = $row[$x];
- }
- return true;
- }
- else
- {
- return false;
- }
- }
- /**
- * user login function internal
- * @return bool
- */
- function loginInt($account_email,$account_password,$page_pathn)
- {
- global $db_praefix,$site_url;
- $account_password = md5($account_password);
- $link = connectDB();
- $query = "SELECT * FROM ".$db_praefix."account WHERE (account_email = '$account_email') AND (account_password = '$account_password') AND (account_lock = 0)";
- $result = mysql_query($query);
- closeDB($link);
- $user_rows = mysql_num_rows($result);
- if ($user_rows == 1)
- {
- $menge = mysql_num_fields($result);
- $row = mysql_fetch_row($result);
- for($x = 0; $x < $menge; $x++)
- {
- $_SESSION[mysql_field_name($result,$x)] = $row[$x];
- }
- if (isAdmin())
- {
- ?>
- <script language="Javascript">
- window.opener.location.href="website.php?id=<?= $page_pathn; ?>";
- location.href = "website.php?admin=greeting&id=<?= $page_pathn; ?>";
- </script>
- <?
- }
- else
- {
- ?>
- <script language="Javascript">
- window.opener.location.href="website.php?id=<?= $page_pathn; ?>";
- window.close();
- </script>
- <?
- }
- return true;
- }
- else
- {
- return false;
- }
- }
- /**
- * user logout function external
- */
- function logout($page_path)
- {
- global $check_useragent;
- if ($check_useragent == 1)
- {
- session_regenerate_id();
- }
- $page_new = get_page($page_path);
- setGuest();
- if ($page_new["page_status"] != 0)
- {
- ?>
- <script language="javascript">
- location.href = "website.php";
- </script>
- <?
- }
- }
- /**
- * user logout function internal
- */
- function logoutInt($page_path)
- {
- global $check_useragent;
- if ($check_useragent == 1)
- {
- session_regenerate_id();
- }
- setGuest();
- ?>
- <script language="javascript">
- window.opener.location.href = "website.php";
- </script>
- <?
- }
- /**
- * external user password e-mail
- */
- function getAccountExt($accountn_email)
- {
- global $site_url,$db_praefix,$site_home,$site_name,$site_admin,$admin_lang,$nl_encoding;
- if ($accountn_email != "")
- {
- $link = connectDB();
- $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_email' and account_group = 1";
- $result = mysql_query($query);
- closeDB($link);
- if (mysql_num_rows($result) == 1)
- {
- $acc_key = mysql_fetch_array($result);
- $account_key = $acc_key["account_key"];
- $pass_new_output = rand(10000000,99999999);
- $pass_new = md5($pass_new_output);
- $link = connectDB();
- $query = "UPDATE ".$db_praefix."account SET account_password = '$pass_new' WHERE account_key = $account_key";
- $result = mysql_query($query);
- closeDB($link);
- require("system/admin/phpmailer/class.phpmailer.php");
- $mail = new phpmailer();
- $mail->From = $site_admin;
- $mail->FromName = "";
- $mail->AddAddress($accountn_email);
- $mail->Subject = $site_name;
- $mail->Encoding = "8bit";
- $mail->CharSet = $nl_encoding;
- $text_body = "Your Password: ".$pass_new_output;
- $mail->Body = $text_body;
- $mail->Send();
- $mail->ClearAddresses();
- $mail->ClearAttachments();
- ?>
- <script language="Javascript">
- alert("<?= $admin_lang["profile"][6]; ?>");
- location.href="index.php";
- </script>
- <?
- }
- else
- {
- ?>
- <script language="Javascript">
- alert("<?= $admin_lang["profile"][5]; ?>");
- </script>
- <?
- }
- }
- }
- /**
- * external user deletion
- */
- function deleteAccountExt($accountn_email,$accountn_key)
- {
- global $site_url,$db_praefix,$site_home,$site_name,$site_admin,$admin_lang;
- if ($accountn_email != "")
- {
- $link = connectDB();
- $query = "DELETE FROM ".$db_praefix."account WHERE account_email = '$accountn_email' and account_key = $accountn_key";
- $result = mysql_query($query);
- closeDB($link);
- setGuest();
- ?>
- <script language="Javascript">
- alert("<?= $admin_lang["profile"][8]; ?>");
- location.href="index.php";
- </script>
- <?
- }
- }
- /**
- * extrenal user registration
- */
- function newAccountExt($accountn_firstname,$accountn_lastname,$accountn_telefon,$accountn_company,$accountn_homepage,$accountn_email,$accountn_password,$accountn_info,$accountn_lock,$link_redirect)
- {
- global $site_url,$db_praefix,$site_home,$admin_lang,$account_register;
- $link = connectDB();
- $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_email'";
- $result = mysql_query($query);
- closeDB($link);
- if (mysql_num_rows($result) == 0)
- {
- $accountn_passwordold = $accountn_password;
- $accountn_password = md5($accountn_password);
- $link = connectDB();
- $query = "INSERT ".$db_praefix."account (account_email,account_password,account_firstname,account_lastname,account_telefon,account_company,account_homepage,account_group,account_info,account_lock) VALUES ('$accountn_email','$accountn_password','$accountn_firstname','$accountn_lastname','$accountn_telefon','$accountn_company','$accountn_homepage','1','$accountn_info','$accountn_lock')";
- $result = mysql_query($query);
- closeDB($link);
- ?>
- <script language="Javascript">
- alert("<?= $admin_lang["profile"][4]; ?>");
- </script>
- <?
- if ($account_register == 0)
- {
- login($accountn_email,$accountn_passwordold,$link_redirect);
- }
- else
- {
- ?>
- <script language="Javascript">
- location.href="index.php";
- </script>
- <?
- }
- }
- else
- {
- ?>
- <script language="Javascript">
- alert("<?= $admin_lang["profile"][5]; ?>");
- </script>
- <?
- }
- }
- /**
- * external user update
- */
- function updateAccountExt($accountn_firstname,$accountn_lastname,$accountn_telefon,$accountn_company,$accountn_homepage,$accountn_email,$accountn_emailnew,$accountn_password,$accountn_key,$accountn_lang,$accountn_info)
- {
- global $site_url,$db_praefix,$admin_lang;
- $checker = true;
- if ($accountn_email != $accountn_emailnew)
- {
- $link = connectDB();
- $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_emailnew'";
- $result = mysql_query($query);
- closeDB($link);
- if (mysql_num_rows($result) != 0)
- {
- ?>
- <script language="Javascript">
- alert("<?= $admin_lang["profile"][5]; ?>");
- </script>
- <?
- $checker = false;
- }
- }
- if ($checker == true)
- {
- $link = connectDB();
- if ($accountn_password != "")
- {
- $accountn_password = md5($accountn_password);
- $query = "UPDATE ".$db_praefix."account SET account_password = '$accountn_password' WHERE account_key = $accountn_key";
- $result = mysql_query($query);
- $_SESSION["account_password"] = $accountn_password;
- }
- $query = "UPDATE ".$db_praefix."account SET account_email = '$accountn_emailnew', account_firstname = '$accountn_firstname', account_lastname = '$accountn_lastname', account_telefon = '$accountn_telefon', account_company = '$accountn_company', account_homepage = '$accountn_homepage', account_lang = '$accountn_lang', account_info = $accountn_info WHERE account_key = $accountn_key";
- $result = mysql_query($query);
- closeDB($link);
- $_SESSION["account_email"] = $accountn_emailnew;
- $_SESSION["account_firstname"] = $accountn_firstname;
- $_SESSION["account_lastname"] = $accountn_lastname;
- $_SESSION["account_company"] = $accountn_company;
- $_SESSION["account_homepage"] = $accountn_homepage;
- $_SESSION["account_telefon"] = $accountn_telefon;
- $_SESSION["account_info"] = $accountn_info;
- $_SESSION["account_lang"] = $accountn_lang;
- ?>
- <script language="Javascript">
- alert("<?= $admin_lang["profile"][4]; ?>");
- location.href="index.php";
- </script>
- <?
- }
- }
- /**
- * returns all admin accounts
- * @return resource
- */
- function get_Admins()
- {
- global $db_praefix;
- $link = connectDB();
- $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 2 ORDER BY account_lastname";
- $result = mysql_query($query);
- closeDB($link);
- return $result;
- }
- /**
- * returns all author accounts
- * @return resource
- */
- function get_Authors()
- {
- global $db_praefix;
- $link = connectDB();
- $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 3 ORDER BY account_lastname";
- $result = mysql_query($query);
- closeDB($link);
- return $result;
- }
- /**
- * return the group name by group key
- * @return string
- */
- function getGroup($account_group)
- {
- switch ($account_group)
- {
- case "1":
- return "User";
- break;
- case "2":
- return "Administrator";
- break;
- case "3":
- return "Author";
- break;
- }
- }
- /**
- * check the login status for administrators and authors
- * @return bool
- */
- function isAdmin()
- {
- if (isset($_GET["preview"]))
- {
- return false;
- }
- else
- {
- if ($_SESSION["account_group"] > 1)
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- }
- /**
- * saves the admin menu position
- */
- function saveMenu($page_key,$accountn_menux,$accountn_menuy)
- {
- global $db_praefix;
- $accountn_key = $_SESSION["account_key"];
- $accountn_menux = str_replace("px", "", $accountn_menux);
- $accountn_menuy = str_replace("px", "", $accountn_menuy);
- $link = connectDB();
- $query = "UPDATE ".$db_praefix."account SET account_menux = $accountn_menux, account_menuy = $accountn_menuy where account_key = $accountn_key";
- $result = mysql_query($query);
- closeDB($link);
- $_SESSION["account_menux"] = $accountn_menux;
- $_SESSION["account_menuy"] = $accountn_menuy;
- $pagekey = get_page_key($page_key);
- ?>
- <script language="JavaScript">
- location.href = "website.php?id=<?= $pagekey["page_path"]; ?>";
- </script>
- <?
- }
- ?>
Documentation generated on Tue, 04 Oct 2005 11:13:42 +0200 by phpDocumentor 1.3.0RC3