* new configurable: session_prefix, to allow more websites on one machine

* must be unique for every website on your dedicated server!

config.php

@@ -30,6 +30,7 @@ $config = array(
 	// used for the Downloads page and some templates aswell
 	'client' => 1098, // 954 = client 9.54
 
+	'session_prefix' => 'myaac_', // must be unique for every site on your server
 	'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: http://my-aac.org/guilds/Testing instead of http://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
 	'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles
 

install/steps/finish.php

@@ -78,7 +78,7 @@ else {
 			else
 				$player_db->setAccountId($account_db->getId());
 			
-			$_SESSION['account'] = $account_db->getId();
+			setSession('account', $account_db->getId());
 		}
 		else {
 			$new_account = new OTS_Account();
@@ -108,12 +108,12 @@ else {
 			else
 				$player_db->setAccountId($new_account->getId());
 			
-			$_SESSION['account'] = $new_account->getId();
+			setSession('account', $new_account->getId());
 		}
 
 		success($locale['step_database_created_account']);
-		$_SESSION['password'] = encrypt($password);
-		$_SESSION['remember_me'] = true;
+		setSession('password', encrypt($password));
+		setSession('remember_me', true);
 
 		if($player_db->isLoaded()) {
 			$player_db->save();
@@ -143,31 +143,31 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Rook Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . $_SESSION['account'] . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Sorcerer Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . $_SESSION['account'] . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Druid Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . $_SESSION['account'] . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Paladin Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . $_SESSION['account'] . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Knight Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . $_SESSION['account'] . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 

system/functions.php

@@ -943,6 +943,19 @@ function str_replace_first($search, $replace, $subject) {
 	return $subject;
 }
 
+function setSession($key, $data) {
+	global $config;
+	$_SESSION[$config['session_prefix'] . $key] = $data;
+}
+function getSession($key) {
+	global $config;
+	return (isset($_SESSION[$config['session_prefix'] . $key])) ? $_SESSION[$config['session_prefix'] . $key] : false;
+}
+function unsetSession($key) {
+	global $config;
+	unset($_SESSION[$config['session_prefix'] . $key]);
+}
+
 // validator functions
 require_once(LIBS . 'validator.php');
 ?>

system/login.php

@@ -15,9 +15,9 @@ $logged_flags = 0;
 $action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : '';
 if($action == 'logout' && !isset($_REQUEST['account_login']))
 {
-	unset($_SESSION['account']);
-	unset($_SESSION['password']);
-	unset($_SESSION['remember_me']);
+	unsetSession('account');
+	unsetSession('password');
+	unsetSession('remember_me');
 
 	if(isset($_REQUEST['redirect']))
 	{
@@ -68,19 +68,19 @@ else
 				&& (!isset($t) || $t['attempts'] < 5)
 				)
 			{
-				$_SESSION['account'] = $account_logged->getId();
-				$_SESSION['password'] = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password);
+				setSession('account', $account_logged->getId());
+				setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
 				if(isset($_POST['remember_me']))
-					$_SESSION['remember_me'] = true;
+					setSession('remember_me', true);
 
 				$logged = true;
 				$logged_flags = $account_logged->getWebFlags();
 				
 				if(isset($_POST['admin']) && !admin()) {
 					$errors[] = 'This account has no admin privileges.';
-					unset($_SESSION['account']);
-					unset($_SESSION['password']);
-					unset($_SESSION['remember_me']);
+					unsetSession('account');
+					unsetSession('password');
+					unsetSession('remember_me');
 					$logged = false;
 				}
 				else {
@@ -119,19 +119,20 @@ else
 	}
 
 	// stay-logged with sessions
-	if(isset($_SESSION['account']))
+	$current_session = getSession('account');
+	if($current_session !== false)
 	{
 		$account_logged = new OTS_Account();
-		$account_logged->load($_SESSION['account']);
-		if($account_logged->isLoaded() && $account_logged->getPassword() == $_SESSION['password']
+		$account_logged->load($current_session);
+		if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
 			//&& (!isset($_SESSION['admin']) || admin())
-			&& (isset($_SESSION['remember_me']) || $_SESSION['last_visit'] > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
+			&& (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
 				$logged = true;
 		}
 		else
 		{
 			$logged = false;
-			unset($_SESSION['account']);
+			unsetSession('account');
 			unset($account_logged);
 		}
 	}
@@ -143,8 +144,9 @@ else
 	}
 }
 
-$_SESSION['last_visit'] = time();
-if(defined('PAGE'))
-	$_SESSION['last_page'] = PAGE;
-$_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];
+setSession('last_visit', time());
+if(defined('PAGE')) {
+	setSession('last_page', PAGE);
+}
+setSession('last_uri', $_SERVER['REQUEST_URI']);
 ?>

system/pages/account/change_password.php

@@ -77,7 +77,7 @@ else
 			'title' => 'Password Changed',
 			'description' => 'Your password has been changed.' . $message
 		));
-		$_SESSION['password'] = $new_password;
+		setSession('password', $new_password);
 	}
 }
 

system/pages/polls.php

@@ -325,13 +325,13 @@ function getColorByPercent($percent)
 		$show = false;
         if(isset($_POST['submit']))
         {
-            $_SESSION['answers'] = $_POST['answers'];
+            setSession('answers', $_POST['answers']);
             echo '<form method="post" action=""><b><font size=3>Adding Poll</font></b><br><br>
             <input type=text name=question value="" /> Question<br>
             <input type=text name=description value="" /> Description<br>
             <input type=text name=end value="" /> Time to end, in days<br>';
 
-            for( $x = 1; $x <= $_SESSION['answers']; $x++ )
+            for( $x = 1; $x <= getSession('answers'); $x++ )
             {
                 echo '<input type=text name='.$x.' value="" /> Answer no. '.$x.'<br>';
             }
@@ -344,12 +344,12 @@ function getColorByPercent($percent)
                 $id = $db->query('SELECT MAX(id) FROM `z_polls`')->fetch();
                 $id_next = $id[0] + 1;
 
-                for( $x = 1; $x <= $_SESSION['answers']; $x++ )
+                for( $x = 1; $x <= getSession('answers'); $x++ )
                 {
                     $INSERT_answer = $db->query('INSERT INTO `z_polls_answers` (`poll_id`,`answer_id`,`answer`) VALUES ('.$db->quote($id_next).','.$db->quote($x).','.$db->quote($_POST[$x]).')');
                 }
                 $end = $time+24*60*60*$_POST['end'];
-                $INSERT_poll = $db->query('INSERT INTO `z_polls` (`id`,`question`, `description`,`end`,`answers`,`start`) VALUES ('.$db->quote($id_next).','.$db->quote($_POST['question']).','.$db->quote($_POST['description']).','.$db->quote($end).','.$db->quote($_SESSION['answers']).','.$db->quote($time).')');
+                $INSERT_poll = $db->query('INSERT INTO `z_polls` (`id`,`question`, `description`,`end`,`answers`,`start`) VALUES ('.$db->quote($id_next).','.$db->quote($_POST['question']).','.$db->quote($_POST['description']).','.$db->quote($end).','.$db->quote(getSession('answers')).','.$db->quote($time).')');
         }
 
         $POLLS_check = $db->query('SELECT MAX(end) FROM '.$db->tableName('z_polls').'');

system/template.php

@@ -19,18 +19,19 @@ if($config['template_allow_change'])
 		$template_name = $_GET['template'];
 		if(!preg_match("/[^A-z0-9_\-]/", $template_name)) { // validate template
 			//setcookie('template', $template_name, 0, BASE_DIR . '/', $_SERVER["SERVER_NAME"]);
-			$_SESSION['template'] = $template_name;
+			setSession('template', $template_name);
 		}
 		else
 			$template_name = $config['template'];
 	}
-	else if(isset($_SESSION['template']))
-	{
-		if(!preg_match("/[^A-z0-9_\-]/", $_SESSION['template'])) {
-			$template_name = $_SESSION['template'];
-		}
-		else {
-			$template_name = $config['template'];
+	else {
+		$template_session = getSession('template');
+		if ($template_session !== false) {
+			if (!preg_match("/[^A-z0-9_\-]/", $template_session)) {
+				$template_name = $template_session;
+			} else {
+				$template_name = $config['template'];
+			}
 		}
 	}
 }