Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict.

2025-04-30 11:19:22 +02:00 · 2014-09-06 13:43:49 +02:00 · 2014-09-06 13:43:49 +02:00 · 8ab9f11ef5
commit 8ab9f11ef5
parent e0ad3aae09
6 changed files with 21 additions and 15 deletions
--- a/buypoints.php
+++ b/buypoints.php
@ -43,7 +43,7 @@ if ($paypal['enabled']) {
 				<input type="hidden" name="cancel_return" value="<?php echo $paypal['failed']; ?>">
 				<input type="hidden" name="rm" value="2">
 				<input type="hidden" name="notify_url" value="<?php echo $paypal['ipn']; ?>" />
-				<input type="hidden" name="custom" value="<?php echo (int)$_SESSION['user_id']; ?>">
+				<input type="hidden" name="custom" value="<?php echo (int)$session_user_id; ?>">
 				<input type="submit" value="  PURCHASE  ">
 			</form>
 		</td>
--- a/config.php
+++ b/config.php
@ -476,6 +476,9 @@
 	$config['use_token'] = false;
 	$config['use_captcha'] = false;
 	// Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict.
 	$config['session_prefix'] = 'znote_';
 	/*	Store visitor data
 		Store visitor data in the database, logging every IP visitng site, 
 		and how many times they have visited the site. And sometimes what
--- a/engine/function/general.php
+++ b/engine/function/general.php
@ -1,4 +1,12 @@
 <?php
 function setSession($key, $data) {
 	global $sessionPrefix;
 	$_SESSION[$sessionPrefix.$key] = $data;
 }
 function getSession($key) {
 	global $sessionPrefix;
 	return (isset($_SESSION[$sessionPrefix.$key])) ? $_SESSION[$sessionPrefix.$key] : false;
 }
 // Fetch and sanitize POST and GET values
 function getValue($value) {
 	return (!empty($value)) ? sanitize($value) : false;
@ -152,7 +160,7 @@ function znote_visitor_insert_detailed_data($type) {
 	$time = time();
 	$ip = ip2long(getIP());
 	if (user_logged_in()) {
-		$acc = $_SESSION['user_id'];
+		$acc = (int)getSession('user_id');
 		mysql_insert("INSERT INTO `znote_visitors_details` (`ip`, `time`, `type`, `account_id`) VALUES ('$ip', '$time', '$type', '$acc')");
 	} else mysql_insert("INSERT INTO `znote_visitors_details` (`ip`, `time`, `type`, `account_id`) VALUES ('$ip', '$time', '$type', '0')");
 }
--- a/engine/function/users.php
+++ b/engine/function/users.php
@ -994,7 +994,7 @@ function user_update_account($update_data) {
 		$update[] = '`'. $field .'` = \''. $data .'\'';
 	}
-	$user_id = sanitize($_SESSION['user_id']);
+	$user_id = (int)getSession('user_id');
 	mysql_update("UPDATE `accounts` SET ". implode(', ', $update) ." WHERE `id`=". $user_id .";");
 }
@ -1008,7 +1008,7 @@ function user_update_znote_account($update_data) {
 		$update[] = '`'. $field .'` = \''. $data .'\'';
 	}
-	$user_id = sanitize($_SESSION['user_id']);
+	$user_id = (int)getSession('user_id');
 	mysql_update("UPDATE `znote_accounts` SET ". implode(', ', $update) ." WHERE `account_id`=". $user_id .";");
 }
@ -1449,7 +1449,7 @@ function user_login_03($username, $password) {
 // Verify that user is logged in
 function user_logged_in() {
-	return (isset($_SESSION['user_id'])) ? true : false;
+	return (getSession('user_id') !== false) ? true : false;
 }
 function guild_war_invitation($cid, $gid) {
--- a/engine/init.php
+++ b/engine/init.php
@ -1,7 +1,4 @@
-<?php
+<?php if (version_compare(phpversion(), '5.3.3', '<')) die('PHP version 5.3.3 or higher is required.');
 // Verify the PHP version, gives tutorial if fail.
 if (version_compare(phpversion(), '5.3.3', '<')) die('PHP 5.3.3 is required<br><br>WINDOWS:<br>Download and use the latest Uniform Server.<br><a href="http://www.uniformserver.com/">CLICK ME</a> to get to their website. <br> XAMPP sucks and is insecure. Kthxbye.<br><br>LINUX DEBIAN:<br>Edit /etc/apt/sources.list<br>etc if you use nano text editor, make sure you are root and do<br>nano /etc/apt/sources.list<br><br>At the bottom, add this:<br><br>deb http://packages.dotdeb.org stable all<br>deb-src http://packages.dotdeb.org stable all<br><br>save file. <br><br>Then in terminal, do these 2 commands:<br>gpg --keyserver keys.gnupg.net --recv-key 89DF5277<br><br>gpg -a --export 89DF5277 | sudo apt-key add -<br><br>And then do these 2 commands:<br><br>apt-get update<br>apt-get upgrade<br><br>You now have the latest stable PHP version.<br>');
 $time = time();
 $version = '1.5_SVN';
@ -12,6 +9,7 @@ $accQueriesData = array();
 session_start();
 ob_start();
 require 'config.php';
 $sessionPrefix = $config['session_prefix'];
 if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) {
 	$curlcheck = function_exists('curl_version') ? true : false;
@ -27,18 +25,15 @@ require 'function/itemparser/itemlistparser.php';
 if (isset($_SESSION['token'])) {
 	$_SESSION['old_token'] = $_SESSION['token'];
 	//var_dump($_SESSION['old_token'], $_SESSION['token']);
 }
 Token::generate();
 if (user_logged_in() === true) {
-	$session_user_id = $_SESSION['user_id'];
+	$session_user_id = getSession('user_id');
 	$user_data = user_data($session_user_id, 'id', 'name', 'password', 'email', 'premdays');
 	$user_znote_data = user_znote_account_data($session_user_id, 'ip', 'created', 'points', 'cooldown');
 }
 $errors = array();
 // Log IP
 if ($config['log_ip']) {
 	$visitor_config = $config['ip_security'];
--- a/login.php
+++ b/login.php
@ -30,10 +30,10 @@ if (empty($_POST) === false) {
 		if ($login === false) {
 			$errors[] = 'Username and password combination is wrong.';
 		} else {
-		$_SESSION['user_id'] = $login;
+		setSession('user_id', $login);
 		// if IP is not set (etc acc created before Znote AAC was in use)
-		$znote_data = user_znote_account_data($_SESSION['user_id']);
+		$znote_data = user_znote_account_data($login);
 		if ($znote_data['ip'] == 0) {
 			$update_data = array(
 			'ip' => ip2long(getIP()),