From 1727df70826fe0d29c6bc2ba0efd17fe883d7127 Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 17 Oct 2017 16:09:07 +0200 Subject: [PATCH] * new configurable: session_prefix, to allow more websites on one machine * must be unique for every website on your dedicated server! --- config.php | 1 + install/steps/finish.php | 18 +++++------ system/functions.php | 13 ++++++++ system/login.php | 38 +++++++++++++----------- system/pages/account/change_password.php | 2 +- system/pages/polls.php | 8 ++--- system/template.php | 17 ++++++----- 7 files changed, 57 insertions(+), 40 deletions(-) diff --git a/config.php b/config.php index 2fb11e5d..6ed2c1b2 100644 --- a/config.php +++ b/config.php @@ -30,6 +30,7 @@ $config = array( // used for the Downloads page and some templates aswell 'client' => 1098, // 954 = client 9.54 + 'session_prefix' => 'myaac_', // must be unique for every site on your server 'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: http://my-aac.org/guilds/Testing instead of http://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess 'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles diff --git a/install/steps/finish.php b/install/steps/finish.php index 95647f5c..f8a0426f 100644 --- a/install/steps/finish.php +++ b/install/steps/finish.php @@ -78,7 +78,7 @@ else { else $player_db->setAccountId($account_db->getId()); - $_SESSION['account'] = $account_db->getId(); + setSession('account', $account_db->getId()); } else { $new_account = new OTS_Account(); @@ -108,12 +108,12 @@ else { else $player_db->setAccountId($new_account->getId()); - $_SESSION['account'] = $new_account->getId(); + setSession('account', $new_account->getId()); } success($locale['step_database_created_account']); - $_SESSION['password'] = encrypt($password); - $_SESSION['remember_me'] = true; + setSession('password', encrypt($password)); + setSession('remember_me', true); if($player_db->isLoaded()) { $player_db->save(); @@ -143,31 +143,31 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl $query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Rook Sample')); if($query->rowCount() == 0) { - if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . $_SESSION['account'] . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');")) + if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');")) $success = false; } $query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Sorcerer Sample')); if($query->rowCount() == 0) { - if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . $_SESSION['account'] . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');")) + if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');")) $success = false; } $query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Druid Sample')); if($query->rowCount() == 0) { - if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . $_SESSION['account'] . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');")) + if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');")) $success = false; } $query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Paladin Sample')); if($query->rowCount() == 0) { - if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . $_SESSION['account'] . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');")) + if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');")) $success = false; } $query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Knight Sample')); if($query->rowCount() == 0) { - if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . $_SESSION['account'] . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');")) + if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');")) $success = false; } diff --git a/system/functions.php b/system/functions.php index 5c8593c0..581f39e7 100644 --- a/system/functions.php +++ b/system/functions.php @@ -943,6 +943,19 @@ function str_replace_first($search, $replace, $subject) { return $subject; } +function setSession($key, $data) { + global $config; + $_SESSION[$config['session_prefix'] . $key] = $data; +} +function getSession($key) { + global $config; + return (isset($_SESSION[$config['session_prefix'] . $key])) ? $_SESSION[$config['session_prefix'] . $key] : false; +} +function unsetSession($key) { + global $config; + unset($_SESSION[$config['session_prefix'] . $key]); +} + // validator functions require_once(LIBS . 'validator.php'); ?> diff --git a/system/login.php b/system/login.php index d5724446..f4db23d2 100644 --- a/system/login.php +++ b/system/login.php @@ -15,9 +15,9 @@ $logged_flags = 0; $action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : ''; if($action == 'logout' && !isset($_REQUEST['account_login'])) { - unset($_SESSION['account']); - unset($_SESSION['password']); - unset($_SESSION['remember_me']); + unsetSession('account'); + unsetSession('password'); + unsetSession('remember_me'); if(isset($_REQUEST['redirect'])) { @@ -68,19 +68,19 @@ else && (!isset($t) || $t['attempts'] < 5) ) { - $_SESSION['account'] = $account_logged->getId(); - $_SESSION['password'] = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password); + setSession('account', $account_logged->getId()); + setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password)); if(isset($_POST['remember_me'])) - $_SESSION['remember_me'] = true; + setSession('remember_me', true); $logged = true; $logged_flags = $account_logged->getWebFlags(); if(isset($_POST['admin']) && !admin()) { $errors[] = 'This account has no admin privileges.'; - unset($_SESSION['account']); - unset($_SESSION['password']); - unset($_SESSION['remember_me']); + unsetSession('account'); + unsetSession('password'); + unsetSession('remember_me'); $logged = false; } else { @@ -119,19 +119,20 @@ else } // stay-logged with sessions - if(isset($_SESSION['account'])) + $current_session = getSession('account'); + if($current_session !== false) { $account_logged = new OTS_Account(); - $account_logged->load($_SESSION['account']); - if($account_logged->isLoaded() && $account_logged->getPassword() == $_SESSION['password'] + $account_logged->load($current_session); + if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password') //&& (!isset($_SESSION['admin']) || admin()) - && (isset($_SESSION['remember_me']) || $_SESSION['last_visit'] > time() - 15 * 60)) { // login for 15 minutes if "remember me" is not used + && (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) { // login for 15 minutes if "remember me" is not used $logged = true; } else { $logged = false; - unset($_SESSION['account']); + unsetSession('account'); unset($account_logged); } } @@ -143,8 +144,9 @@ else } } -$_SESSION['last_visit'] = time(); -if(defined('PAGE')) - $_SESSION['last_page'] = PAGE; -$_SESSION['last_uri'] = $_SERVER['REQUEST_URI']; +setSession('last_visit', time()); +if(defined('PAGE')) { + setSession('last_page', PAGE); +} +setSession('last_uri', $_SERVER['REQUEST_URI']); ?> diff --git a/system/pages/account/change_password.php b/system/pages/account/change_password.php index 91a7027c..8cc1f7c3 100644 --- a/system/pages/account/change_password.php +++ b/system/pages/account/change_password.php @@ -77,7 +77,7 @@ else 'title' => 'Password Changed', 'description' => 'Your password has been changed.' . $message )); - $_SESSION['password'] = $new_password; + setSession('password', $new_password); } } diff --git a/system/pages/polls.php b/system/pages/polls.php index f92af295..42030dc2 100644 --- a/system/pages/polls.php +++ b/system/pages/polls.php @@ -325,13 +325,13 @@ function getColorByPercent($percent) $show = false; if(isset($_POST['submit'])) { - $_SESSION['answers'] = $_POST['answers']; + setSession('answers', $_POST['answers']); echo '
Adding Poll

Question
Description
Time to end, in days
'; - for( $x = 1; $x <= $_SESSION['answers']; $x++ ) + for( $x = 1; $x <= getSession('answers'); $x++ ) { echo ' Answer no. '.$x.'
'; } @@ -344,12 +344,12 @@ function getColorByPercent($percent) $id = $db->query('SELECT MAX(id) FROM `z_polls`')->fetch(); $id_next = $id[0] + 1; - for( $x = 1; $x <= $_SESSION['answers']; $x++ ) + for( $x = 1; $x <= getSession('answers'); $x++ ) { $INSERT_answer = $db->query('INSERT INTO `z_polls_answers` (`poll_id`,`answer_id`,`answer`) VALUES ('.$db->quote($id_next).','.$db->quote($x).','.$db->quote($_POST[$x]).')'); } $end = $time+24*60*60*$_POST['end']; - $INSERT_poll = $db->query('INSERT INTO `z_polls` (`id`,`question`, `description`,`end`,`answers`,`start`) VALUES ('.$db->quote($id_next).','.$db->quote($_POST['question']).','.$db->quote($_POST['description']).','.$db->quote($end).','.$db->quote($_SESSION['answers']).','.$db->quote($time).')'); + $INSERT_poll = $db->query('INSERT INTO `z_polls` (`id`,`question`, `description`,`end`,`answers`,`start`) VALUES ('.$db->quote($id_next).','.$db->quote($_POST['question']).','.$db->quote($_POST['description']).','.$db->quote($end).','.$db->quote(getSession('answers')).','.$db->quote($time).')'); } $POLLS_check = $db->query('SELECT MAX(end) FROM '.$db->tableName('z_polls').''); diff --git a/system/template.php b/system/template.php index d7c0cc5f..858f4a14 100644 --- a/system/template.php +++ b/system/template.php @@ -19,18 +19,19 @@ if($config['template_allow_change']) $template_name = $_GET['template']; if(!preg_match("/[^A-z0-9_\-]/", $template_name)) { // validate template //setcookie('template', $template_name, 0, BASE_DIR . '/', $_SERVER["SERVER_NAME"]); - $_SESSION['template'] = $template_name; + setSession('template', $template_name); } else $template_name = $config['template']; } - else if(isset($_SESSION['template'])) - { - if(!preg_match("/[^A-z0-9_\-]/", $_SESSION['template'])) { - $template_name = $_SESSION['template']; - } - else { - $template_name = $config['template']; + else { + $template_session = getSession('template'); + if ($template_session !== false) { + if (!preg_match("/[^A-z0-9_\-]/", $template_session)) { + $template_name = $template_session; + } else { + $template_name = $config['template']; + } } } }