Source for file session.php

Documentation is available at session.php

  1. <?
  2. /**
  3. * session.php
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License as published by
  7. * the Free Software Foundation; either version 2 of the License, or
  8. * (at your option) any later version.
  9. * This program is distributed in the hope that it will be useful,
  10. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. * GNU General Public License for more details.
  13. * @author Stephan Raabe
  14. */
  15.  
  16. if (empty($_GET["export"]))
  17. {
  18. session_name("sid");
  19. session_start();
  20. if (!isset($_SESSION["initiated"]))
  21. {
  22. session_regenerate_id();
  23. $_SESSION['initiated'] = true;
  24. setGuest();
  25. }
  26. if ($_SESSION["site_url_key"] != $site_url)
  27. {
  28. setGuest();
  29. }
  30. if (SID != '')
  31. {
  32. ob_start('rewriteURL');
  33. }
  34. if ($check_useragent == 0)
  35. {
  36. if ((isset($_SESSION["account_group"])) && (isset($_SESSION["HTTP_USER_AGENT"])))
  37. {
  38. if ($_SESSION["HTTP_USER_AGENT"] != $system_fingerprint)
  39. {
  40. setGuest();
  41. }
  42. }
  43. else
  44. {
  45. $_SESSION["HTTP_USER_AGENT"] = $system_fingerprint;
  46. setGuest();
  47. }
  48. }
  49. else
  50. {
  51. if (empty($_SESSION["account_group"]))
  52. {
  53. setGuest();
  54. }
  55. }
  56. }
  57.  
  58. if (empty($_SESSION["account_group"]))
  59. {
  60. setGuest();
  61. }
  62.  
  63. /**
  64. * Rewrites URL
  65. * @return string
  66. */
  67. function rewriteURL($strBuffer)
  68. {
  69. if (!isAdmin())
  70. {
  71. $sid = session_id();
  72. $strBuffer = preg_replace('#website.php\?id=(/.+)(\'|")#U','website.php?sid='.$sid.'&id=\\1\\2',$strBuffer);
  73. }
  74. return $strBuffer;
  75. }
  76.  
  77. /**
  78. * sets the SESSION to the guest status
  79. */
  80. function setGuest()
  81. {
  82. global $db_praefix,$site_url;
  83. $link = connectDB();
  84. $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 0";
  85. $result = mysql_query($query);
  86. $menge = mysql_num_fields($result);
  87. $row = mysql_fetch_row($result);
  88. $user_rows = mysql_num_rows($result);
  89. for($x = 0; $x < $menge; $x++)
  90. {
  91. $_SESSION[mysql_field_name($result,$x)] = $row[$x];
  92. }
  93. $_SESSION["site_url_key"] = $site_url;
  94. closeDB($link);
  95. }
  96.  
  97. /**
  98. * user login function external
  99. * @return bool
  100. */
  101. function login($account_email,$account_password,$page_pathn)
  102. {
  103. global $db_praefix,$site_url;
  104. $account_password = md5($account_password);
  105. $link = connectDB();
  106. $query = "SELECT * FROM ".$db_praefix."account WHERE (account_email = '$account_email') AND (account_password = '$account_password') AND (account_lock = 0)";
  107. $result = mysql_query($query);
  108. closeDB($link);
  109. $user_rows = mysql_num_rows($result);
  110. if ($user_rows == 1)
  111. {
  112. $menge = mysql_num_fields($result);
  113. $row = mysql_fetch_row($result);
  114. for($x = 0; $x < $menge; $x++)
  115. {
  116. $_SESSION[mysql_field_name($result,$x)] = $row[$x];
  117. }
  118. return true;
  119. }
  120. else
  121. {
  122. return false;
  123. }
  124. }
  125.  
  126. /**
  127. * user login function internal
  128. * @return bool
  129. */
  130. function loginInt($account_email,$account_password,$page_pathn)
  131. {
  132. global $db_praefix,$site_url;
  133. $account_password = md5($account_password);
  134. $link = connectDB();
  135. $query = "SELECT * FROM ".$db_praefix."account WHERE (account_email = '$account_email') AND (account_password = '$account_password') AND (account_lock = 0)";
  136. $result = mysql_query($query);
  137. closeDB($link);
  138. $user_rows = mysql_num_rows($result);
  139. if ($user_rows == 1)
  140. {
  141. $menge = mysql_num_fields($result);
  142. $row = mysql_fetch_row($result);
  143. for($x = 0; $x < $menge; $x++)
  144. {
  145. $_SESSION[mysql_field_name($result,$x)] = $row[$x];
  146. }
  147. if (isAdmin())
  148. {
  149. ?>
  150. <script language="Javascript">
  151. window.opener.location.href="website.php?id=<?= $page_pathn; ?>";
  152. location.href = "website.php?admin=greeting&id=<?= $page_pathn; ?>";
  153. </script>
  154. <?
  155. }
  156. else
  157. {
  158. ?>
  159. <script language="Javascript">
  160. window.opener.location.href="website.php?id=<?= $page_pathn; ?>";
  161. window.close();
  162. </script>
  163. <?
  164. }
  165. return true;
  166. }
  167. else
  168. {
  169. return false;
  170. }
  171. }
  172.  
  173. /**
  174. * user logout function external
  175. */
  176. function logout($page_path)
  177. {
  178. session_regenerate_id();
  179. setGuest();
  180. header("Location: website.php?id=".$page_path);
  181. }
  182.  
  183. /**
  184. * user logout function internal
  185. */
  186. function logoutInt($page_path)
  187. {
  188. session_regenerate_id();
  189. setGuest();
  190. ?>
  191. <script language="Javascript">
  192. window.opener.location.href="website.php?id=<?= $page_path; ?>";
  193. window.close();
  194. </script>
  195. <?
  196. }
  197.  
  198. /**
  199. * external user password e-mail
  200. */
  201. function getAccountExt($accountn_email)
  202. {
  203. global $site_url,$db_praefix,$site_home,$site_name,$site_admin,$admin_lang,$nl_encoding;
  204. if ($accountn_email != "")
  205. {
  206. $link = connectDB();
  207. $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_email' and account_group = 1";
  208. $result = mysql_query($query);
  209. closeDB($link);
  210. if (mysql_num_rows($result) == 1)
  211. {
  212. $acc_key = mysql_fetch_array($result);
  213. $account_key = $acc_key["account_key"];
  214. $pass_new_output = rand(10000000,99999999);
  215. $pass_new = md5($pass_new_output);
  216. $link = connectDB();
  217. $query = "UPDATE ".$db_praefix."account SET account_password = '$pass_new' WHERE account_key = $account_key";
  218. $result = mysql_query($query);
  219. closeDB($link);
  220. require("system/admin/phpmailer/class.phpmailer.php");
  221. $mail = new phpmailer();
  222. $mail->From = $site_admin;
  223. $mail->FromName = "";
  224. $mail->AddAddress($accountn_email);
  225. $mail->Subject = $site_name;
  226. $mail->Encoding = "8bit";
  227. $mail->CharSet = $nl_encoding;
  228. $text_body = "Your Password: ".$pass_new_output;
  229. $mail->Body = $text_body;
  230. $mail->Send();
  231. $mail->ClearAddresses();
  232. $mail->ClearAttachments();
  233. ?>
  234. <script language="Javascript">
  235. alert("<?= $admin_lang["profile"][6]; ?>");
  236. location.href="index.php";
  237. </script>
  238. <?
  239. }
  240. else
  241. {
  242. ?>
  243. <script language="Javascript">
  244. alert("<?= $admin_lang["profile"][5]; ?>");
  245. </script>
  246. <?
  247. }
  248. }
  249. }
  250.  
  251. /**
  252. * external user deletion
  253. */
  254. function deleteAccountExt($accountn_email,$accountn_key)
  255. {
  256. global $site_url,$db_praefix,$site_home,$site_name,$site_admin,$admin_lang;
  257. if ($accountn_email != "")
  258. {
  259. $link = connectDB();
  260. $query = "DELETE FROM ".$db_praefix."account WHERE account_email = '$accountn_email' and account_key = $accountn_key";
  261. $result = mysql_query($query);
  262. closeDB($link);
  263. setGuest();
  264. ?>
  265. <script language="Javascript">
  266. alert("<?= $admin_lang["profile"][8]; ?>");
  267. location.href="index.php";
  268. </script>
  269. <?
  270. }
  271. }
  272.  
  273. /**
  274. * extrenal user registration
  275. */
  276. function newAccountExt($accountn_firstname,$accountn_lastname,$accountn_telefon,$accountn_company,$accountn_homepage,$accountn_email,$accountn_password,$accountn_info,$accountn_lock,$link_redirect)
  277. {
  278. global $site_url,$db_praefix,$site_home,$admin_lang,$account_register;
  279. $link = connectDB();
  280. $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_email'";
  281. $result = mysql_query($query);
  282. closeDB($link);
  283. if (mysql_num_rows($result) == 0)
  284. {
  285. $accountn_passwordold = $accountn_password;
  286. $accountn_password = md5($accountn_password);
  287. $link = connectDB();
  288. $query = "INSERT ".$db_praefix."account (account_email,account_password,account_firstname,account_lastname,account_telefon,account_company,account_homepage,account_group,account_info,account_lock) VALUES ('$accountn_email','$accountn_password','$accountn_firstname','$accountn_lastname','$accountn_telefon','$accountn_company','$accountn_homepage','1','$accountn_info','$accountn_lock')";
  289. $result = mysql_query($query);
  290. closeDB($link);
  291. ?>
  292. <script language="Javascript">
  293. alert("<?= $admin_lang["profile"][4]; ?>");
  294. </script>
  295. <?
  296. if ($account_register == 0)
  297. {
  298. login($accountn_email,$accountn_passwordold,$link_redirect);
  299. }
  300. else
  301. {
  302. ?>
  303. <script language="Javascript">
  304. location.href="index.php";
  305. </script>
  306. <?
  307. }
  308. }
  309. else
  310. {
  311. ?>
  312. <script language="Javascript">
  313. alert("<?= $admin_lang["profile"][5]; ?>");
  314. </script>
  315. <?
  316. }
  317. }
  318.  
  319. /**
  320. * external user update
  321. */
  322. function updateAccountExt($accountn_firstname,$accountn_lastname,$accountn_telefon,$accountn_company,$accountn_homepage,$accountn_email,$accountn_emailnew,$accountn_password,$accountn_key,$accountn_lang,$accountn_info)
  323. {
  324. global $site_url,$db_praefix,$admin_lang;
  325. $checker = true;
  326. if ($accountn_email != $accountn_emailnew)
  327. {
  328. $link = connectDB();
  329. $query = "SELECT account_key FROM ".$db_praefix."account WHERE account_email = '$accountn_emailnew'";
  330. $result = mysql_query($query);
  331. closeDB($link);
  332. if (mysql_num_rows($result) != 0)
  333. {
  334. ?>
  335. <script language="Javascript">
  336. alert("<?= $admin_lang["profile"][5]; ?>");
  337. </script>
  338. <?
  339. $checker = false;
  340. }
  341. }
  342. if ($checker == true)
  343. {
  344. $link = connectDB();
  345. if ($accountn_password != "")
  346. {
  347. $accountn_password = md5($accountn_password);
  348. $query = "UPDATE ".$db_praefix."account SET account_password = '$accountn_password' WHERE account_key = $accountn_key";
  349. $result = mysql_query($query);
  350. $_SESSION["account_password"] = $accountn_password;
  351. }
  352. $query = "UPDATE ".$db_praefix."account SET account_email = '$accountn_emailnew', account_firstname = '$accountn_firstname', account_lastname = '$accountn_lastname', account_telefon = '$accountn_telefon', account_company = '$accountn_company', account_homepage = '$accountn_homepage', account_lang = '$accountn_lang', account_info = $accountn_info WHERE account_key = $accountn_key";
  353. $result = mysql_query($query);
  354. closeDB($link);
  355. $_SESSION["account_email"] = $accountn_emailnew;
  356. $_SESSION["account_firstname"] = $accountn_firstname;
  357. $_SESSION["account_lastname"] = $accountn_lastname;
  358. $_SESSION["account_company"] = $accountn_company;
  359. $_SESSION["account_homepage"] = $accountn_homepage;
  360. $_SESSION["account_telefon"] = $accountn_telefon;
  361. $_SESSION["account_info"] = $accountn_info;
  362. $_SESSION["account_lang"] = $accountn_lang;
  363. ?>
  364. <script language="Javascript">
  365. alert("<?= $admin_lang["profile"][4]; ?>");
  366. location.href="index.php";
  367. </script>
  368. <?
  369. }
  370. }
  371.  
  372. /**
  373. * returns all admin accounts
  374. * @return resource
  375. */
  376. function get_Admins()
  377. {
  378. global $db_praefix;
  379. $link = connectDB();
  380. $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 2 ORDER BY account_lastname";
  381. $result = mysql_query($query);
  382. closeDB($link);
  383. return $result;
  384. }
  385.  
  386. /**
  387. * returns all author accounts
  388. * @return resource
  389. */
  390. function get_Authors()
  391. {
  392. global $db_praefix;
  393. $link = connectDB();
  394. $query = "SELECT * FROM ".$db_praefix."account WHERE account_group = 3 ORDER BY account_lastname";
  395. $result = mysql_query($query);
  396. closeDB($link);
  397. return $result;
  398. }
  399.  
  400. /**
  401. * return the group name by group key
  402. * @return string
  403. */
  404. function getGroup($account_group)
  405. {
  406. switch ($account_group)
  407. {
  408. case "1":
  409. return "User";
  410. break;
  411. case "2":
  412. return "Administrator";
  413. break;
  414. case "3":
  415. return "Author";
  416. break;
  417. }
  418. }
  419.  
  420. /**
  421. * check the login status for administrators and authors
  422. * @return bool
  423. */
  424. function isAdmin()
  425. {
  426. if (isset($_GET["preview"]))
  427. {
  428. return false;
  429. }
  430. else
  431. {
  432. if ($_SESSION["account_group"] > 1)
  433. {
  434. return true;
  435. }
  436. else
  437. {
  438. return false;
  439. }
  440. }
  441. }
  442.  
  443. /**
  444. * saves the admin menu position
  445. */
  446. function saveMenu($page_key,$accountn_menux,$accountn_menuy)
  447. {
  448. global $db_praefix;
  449. $accountn_key = $_SESSION["account_key"];
  450. $accountn_menux = str_replace("px", "", $accountn_menux);
  451. $accountn_menuy = str_replace("px", "", $accountn_menuy);
  452. $link = connectDB();
  453. $query = "UPDATE ".$db_praefix."account SET account_menux = $accountn_menux, account_menuy = $accountn_menuy where account_key = $accountn_key";
  454. $result = mysql_query($query);
  455. closeDB($link);
  456. $_SESSION["account_menux"] = $accountn_menux;
  457. $_SESSION["account_menuy"] = $accountn_menuy;
  458. $pagekey = get_page_key($page_key);
  459. ?>
  460. <script language="JavaScript">
  461. location.href = "website.php?id=<?= $pagekey["page_path"]; ?>";
  462. </script>
  463. <?
  464. }
  465. ?>

Documentation generated on Tue, 16 Aug 2005 17:32:22 +0200 by phpDocumentor 1.3.0RC3