diff --git a/config.php b/config.php
index 2fb11e5d..6ed2c1b2 100644
--- a/config.php
+++ b/config.php
@@ -30,6 +30,7 @@ $config = array(
// used for the Downloads page and some templates aswell
'client' => 1098, // 954 = client 9.54
+ 'session_prefix' => 'myaac_', // must be unique for every site on your server
'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: http://my-aac.org/guilds/Testing instead of http://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles
diff --git a/install/steps/finish.php b/install/steps/finish.php
index 95647f5c..f8a0426f 100644
--- a/install/steps/finish.php
+++ b/install/steps/finish.php
@@ -78,7 +78,7 @@ else {
else
$player_db->setAccountId($account_db->getId());
- $_SESSION['account'] = $account_db->getId();
+ setSession('account', $account_db->getId());
}
else {
$new_account = new OTS_Account();
@@ -108,12 +108,12 @@ else {
else
$player_db->setAccountId($new_account->getId());
- $_SESSION['account'] = $new_account->getId();
+ setSession('account', $new_account->getId());
}
success($locale['step_database_created_account']);
- $_SESSION['password'] = encrypt($password);
- $_SESSION['remember_me'] = true;
+ setSession('password', encrypt($password));
+ setSession('remember_me', true);
if($player_db->isLoaded()) {
$player_db->save();
@@ -143,31 +143,31 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl
$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Rook Sample'));
if($query->rowCount() == 0) {
- if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . $_SESSION['account'] . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+ if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
$success = false;
}
$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Sorcerer Sample'));
if($query->rowCount() == 0) {
- if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . $_SESSION['account'] . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+ if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
$success = false;
}
$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Druid Sample'));
if($query->rowCount() == 0) {
- if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . $_SESSION['account'] . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+ if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
$success = false;
}
$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Paladin Sample'));
if($query->rowCount() == 0) {
- if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . $_SESSION['account'] . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+ if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
$success = false;
}
$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Knight Sample'));
if($query->rowCount() == 0) {
- if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . $_SESSION['account'] . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+ if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
$success = false;
}
diff --git a/system/functions.php b/system/functions.php
index 5c8593c0..581f39e7 100644
--- a/system/functions.php
+++ b/system/functions.php
@@ -943,6 +943,19 @@ function str_replace_first($search, $replace, $subject) {
return $subject;
}
+function setSession($key, $data) {
+ global $config;
+ $_SESSION[$config['session_prefix'] . $key] = $data;
+}
+function getSession($key) {
+ global $config;
+ return (isset($_SESSION[$config['session_prefix'] . $key])) ? $_SESSION[$config['session_prefix'] . $key] : false;
+}
+function unsetSession($key) {
+ global $config;
+ unset($_SESSION[$config['session_prefix'] . $key]);
+}
+
// validator functions
require_once(LIBS . 'validator.php');
?>
diff --git a/system/login.php b/system/login.php
index d5724446..f4db23d2 100644
--- a/system/login.php
+++ b/system/login.php
@@ -15,9 +15,9 @@ $logged_flags = 0;
$action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : '';
if($action == 'logout' && !isset($_REQUEST['account_login']))
{
- unset($_SESSION['account']);
- unset($_SESSION['password']);
- unset($_SESSION['remember_me']);
+ unsetSession('account');
+ unsetSession('password');
+ unsetSession('remember_me');
if(isset($_REQUEST['redirect']))
{
@@ -68,19 +68,19 @@ else
&& (!isset($t) || $t['attempts'] < 5)
)
{
- $_SESSION['account'] = $account_logged->getId();
- $_SESSION['password'] = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password);
+ setSession('account', $account_logged->getId());
+ setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
if(isset($_POST['remember_me']))
- $_SESSION['remember_me'] = true;
+ setSession('remember_me', true);
$logged = true;
$logged_flags = $account_logged->getWebFlags();
if(isset($_POST['admin']) && !admin()) {
$errors[] = 'This account has no admin privileges.';
- unset($_SESSION['account']);
- unset($_SESSION['password']);
- unset($_SESSION['remember_me']);
+ unsetSession('account');
+ unsetSession('password');
+ unsetSession('remember_me');
$logged = false;
}
else {
@@ -119,19 +119,20 @@ else
}
// stay-logged with sessions
- if(isset($_SESSION['account']))
+ $current_session = getSession('account');
+ if($current_session !== false)
{
$account_logged = new OTS_Account();
- $account_logged->load($_SESSION['account']);
- if($account_logged->isLoaded() && $account_logged->getPassword() == $_SESSION['password']
+ $account_logged->load($current_session);
+ if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
//&& (!isset($_SESSION['admin']) || admin())
- && (isset($_SESSION['remember_me']) || $_SESSION['last_visit'] > time() - 15 * 60)) { // login for 15 minutes if "remember me" is not used
+ && (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) { // login for 15 minutes if "remember me" is not used
$logged = true;
}
else
{
$logged = false;
- unset($_SESSION['account']);
+ unsetSession('account');
unset($account_logged);
}
}
@@ -143,8 +144,9 @@ else
}
}
-$_SESSION['last_visit'] = time();
-if(defined('PAGE'))
- $_SESSION['last_page'] = PAGE;
-$_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];
+setSession('last_visit', time());
+if(defined('PAGE')) {
+ setSession('last_page', PAGE);
+}
+setSession('last_uri', $_SERVER['REQUEST_URI']);
?>
diff --git a/system/pages/account/change_password.php b/system/pages/account/change_password.php
index 91a7027c..8cc1f7c3 100644
--- a/system/pages/account/change_password.php
+++ b/system/pages/account/change_password.php
@@ -77,7 +77,7 @@ else
'title' => 'Password Changed',
'description' => 'Your password has been changed.' . $message
));
- $_SESSION['password'] = $new_password;
+ setSession('password', $new_password);
}
}
diff --git a/system/pages/polls.php b/system/pages/polls.php
index f92af295..42030dc2 100644
--- a/system/pages/polls.php
+++ b/system/pages/polls.php
@@ -325,13 +325,13 @@ function getColorByPercent($percent)
$show = false;
if(isset($_POST['submit']))
{
- $_SESSION['answers'] = $_POST['answers'];
+ setSession('answers', $_POST['answers']);
echo '<form method="post" action=""><b><font size=3>Adding Poll</font></b><br><br>
<input type=text name=question value="" /> Question<br>
<input type=text name=description value="" /> Description<br>
<input type=text name=end value="" /> Time to end, in days<br>';
- for( $x = 1; $x <= $_SESSION['answers']; $x++ )
+ for( $x = 1; $x <= getSession('answers'); $x++ )
{
echo '<input type=text name='.$x.' value="" /> Answer no. '.$x.'<br>';
}
@@ -344,12 +344,12 @@ function getColorByPercent($percent)
$id = $db->query('SELECT MAX(id) FROM `z_polls`')->fetch();
$id_next = $id[0] + 1;
- for( $x = 1; $x <= $_SESSION['answers']; $x++ )
+ for( $x = 1; $x <= getSession('answers'); $x++ )
{
$INSERT_answer = $db->query('INSERT INTO `z_polls_answers` (`poll_id`,`answer_id`,`answer`) VALUES ('.$db->quote($id_next).','.$db->quote($x).','.$db->quote($_POST[$x]).')');
}
$end = $time+24*60*60*$_POST['end'];
- $INSERT_poll = $db->query('INSERT INTO `z_polls` (`id`,`question`, `description`,`end`,`answers`,`start`) VALUES ('.$db->quote($id_next).','.$db->quote($_POST['question']).','.$db->quote($_POST['description']).','.$db->quote($end).','.$db->quote($_SESSION['answers']).','.$db->quote($time).')');
+ $INSERT_poll = $db->query('INSERT INTO `z_polls` (`id`,`question`, `description`,`end`,`answers`,`start`) VALUES ('.$db->quote($id_next).','.$db->quote($_POST['question']).','.$db->quote($_POST['description']).','.$db->quote($end).','.$db->quote(getSession('answers')).','.$db->quote($time).')');
}
$POLLS_check = $db->query('SELECT MAX(end) FROM '.$db->tableName('z_polls').'');
diff --git a/system/template.php b/system/template.php
index d7c0cc5f..858f4a14 100644
--- a/system/template.php
+++ b/system/template.php
@@ -19,18 +19,19 @@ if($config['template_allow_change'])
$template_name = $_GET['template'];
if(!preg_match("/[^A-z0-9_\-]/", $template_name)) { // validate template
//setcookie('template', $template_name, 0, BASE_DIR . '/', $_SERVER["SERVER_NAME"]);
- $_SESSION['template'] = $template_name;
+ setSession('template', $template_name);
}
else
$template_name = $config['template'];
}
- else if(isset($_SESSION['template']))
- {
- if(!preg_match("/[^A-z0-9_\-]/", $_SESSION['template'])) {
- $template_name = $_SESSION['template'];
- }
- else {
- $template_name = $config['template'];
+ else {
+ $template_session = getSession('template');
+ if ($template_session !== false) {
+ if (!preg_match("/[^A-z0-9_\-]/", $template_session)) {
+ $template_name = $template_session;
+ } else {
+ $template_name = $config['template'];
+ }
}
}
}