* new configurable: session_prefix, to allow more websites on one machine

* must be unique for every website on your dedicated server!
2025-04-26 09:19:22 +02:00 · 2017-10-17 16:09:07 +02:00 · 2017-10-17 16:09:07 +02:00 · 1727df7082
commit 1727df7082
parent 3d585a3d02
7 changed files with 57 additions and 40 deletions
--- a/config.php
+++ b/config.php
@ -30,6 +30,7 @@ $config = array(
 	// used for the Downloads page and some templates aswell
 	'client' => 1098, // 954 = client 9.54
 	'session_prefix' => 'myaac_', // must be unique for every site on your server
 	'friendly_urls' => false, // mod_rewrite is required for this, it makes links looks more elegant to eye, and also are SEO friendly (example: http://my-aac.org/guilds/Testing instead of http://my-aac.org/?subtopic=guilds&name=Testing). Remember to rename .htaccess.dist to .htaccess
 	'gzip_output' => false, // gzip page content before sending it to the browser, uses less bandwidth but more cpu cycles
--- a/install/steps/finish.php
+++ b/install/steps/finish.php
@ -78,7 +78,7 @@ else {
 			else
 				$player_db->setAccountId($account_db->getId());
-			$_SESSION['account'] = $account_db->getId();
+			setSession('account', $account_db->getId());
 		}
 		else {
 			$new_account = new OTS_Account();
@ -108,12 +108,12 @@ else {
 			else
 				$player_db->setAccountId($new_account->getId());
-			$_SESSION['account'] = $new_account->getId();
+			setSession('account', $new_account->getId());
 		}
 		success($locale['step_database_created_account']);
-		$_SESSION['password'] = encrypt($password);
+		setSession('password', encrypt($password));
-		$_SESSION['remember_me'] = true;
+		setSession('remember_me', true);
 		if($player_db->isLoaded()) {
 			$player_db->save();
@ -143,31 +143,31 @@ INSERT INTO `myaac_news` (`id`, `type`, `date`, `category`, `title`, `body`, `pl
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Rook Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . $_SESSION['account'] . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Rook Sample', 4, " . getSession('account') . ", 1, 0, 150, 150, 4200, 118, 114, 38, 57, 130, 0, 0, 0, 0, 100, 11, 2200, 1298, 7, '', 400, 1, 1255179613, 2453925456, 1, 1255179614, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Sorcerer Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . $_SESSION['account'] . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Sorcerer Sample', 4, " . getSession('account') . ", 8, 1, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179571, 2453925456, 1, 1255179612, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Druid Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . $_SESSION['account'] . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Druid Sample', 4, " . getSession('account') . ", 8, 2, 185, 185, 4200, 118, 114, 38, 57, 130, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179655, 2453925456, 1, 1255179658, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Paladin Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . $_SESSION['account'] . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Paladin Sample', 4, " . getSession('account') . ", 8, 3, 185, 185, 4200, 118, 114, 38, 57, 129, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179854, 2453925456, 1, 1255179858, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote('Knight Sample'));
 		if($query->rowCount() == 0) {
-			if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . $_SESSION['account'] . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
+			if(!query($insert_into_players . "(null, 'Knight Sample', 4, " . getSession('account') . ", 8, 4, 185, 185, 4200, 118, 114, 38, 57, 131, 0, 35, 35, 0, 100, 11, 2200, 1298, 7, '', 470, 1, 1255179620, 2453925456, 1, 1255179654, 0, 0, UNIX_TIMESTAMP(), 1, '');"))
 				$success = false;
 		}
--- a/system/functions.php
+++ b/system/functions.php
@ -943,6 +943,19 @@ function str_replace_first($search, $replace, $subject) {
 	return $subject;
 }
 function setSession($key, $data) {
 	global $config;
 	$_SESSION[$config['session_prefix'] . $key] = $data;
 }
 function getSession($key) {
 	global $config;
 	return (isset($_SESSION[$config['session_prefix'] . $key])) ? $_SESSION[$config['session_prefix'] . $key] : false;
 }
 function unsetSession($key) {
 	global $config;
 	unset($_SESSION[$config['session_prefix'] . $key]);
 }
 // validator functions
 require_once(LIBS . 'validator.php');
 ?>
--- a/system/login.php
+++ b/system/login.php
@ -15,9 +15,9 @@ $logged_flags = 0;
 $action = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : '';
 if($action == 'logout' && !isset($_REQUEST['account_login']))
 {
-	unset($_SESSION['account']);
+	unsetSession('account');
-	unset($_SESSION['password']);
+	unsetSession('password');
-	unset($_SESSION['remember_me']);
+	unsetSession('remember_me');
 	if(isset($_REQUEST['redirect']))
 	{
@ -68,19 +68,19 @@ else
 				&& (!isset($t) || $t['attempts'] < 5)
 				)
 			{
-				$_SESSION['account'] = $account_logged->getId();
+				setSession('account', $account_logged->getId());
-				$_SESSION['password'] = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password);
+				setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
 				if(isset($_POST['remember_me']))
-					$_SESSION['remember_me'] = true;
+					setSession('remember_me', true);
 				$logged = true;
 				$logged_flags = $account_logged->getWebFlags();
 				if(isset($_POST['admin']) && !admin()) {
 					$errors[] = 'This account has no admin privileges.';
-					unset($_SESSION['account']);
+					unsetSession('account');
-					unset($_SESSION['password']);
+					unsetSession('password');
-					unset($_SESSION['remember_me']);
+					unsetSession('remember_me');
 					$logged = false;
 				}
 				else {
@ -119,19 +119,20 @@ else
 	}
 	// stay-logged with sessions
-	if(isset($_SESSION['account']))
+	$current_session = getSession('account');
 	if($current_session !== false)
 	{
 		$account_logged = new OTS_Account();
-		$account_logged->load($_SESSION['account']);
+		$account_logged->load($current_session);
-		if($account_logged->isLoaded() && $account_logged->getPassword() == $_SESSION['password']
+		if($account_logged->isLoaded() && $account_logged->getPassword() == getSession('password')
 			//&& (!isset($_SESSION['admin']) || admin())
-			&& (isset($_SESSION['remember_me']) || $_SESSION['last_visit'] > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
+			&& (getSession('remember_me') !== false || getSession('last_visit') > time() - 15 * 60)) {  // login for 15 minutes if "remember me" is not used
 				$logged = true;
 		}
 		else
 		{
 			$logged = false;
-			unset($_SESSION['account']);
+			unsetSession('account');
 			unset($account_logged);
 		}
 	}
@ -143,8 +144,9 @@ else
 	}
 }
-$_SESSION['last_visit'] = time();
+setSession('last_visit', time());
-if(defined('PAGE'))
+if(defined('PAGE')) {
-	$_SESSION['last_page'] = PAGE;
+	setSession('last_page', PAGE);
-$_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];
+}
 setSession('last_uri', $_SERVER['REQUEST_URI']);
 ?>
--- a/system/pages/account/change_password.php
+++ b/system/pages/account/change_password.php
@ -77,7 +77,7 @@ else
 			'title' => 'Password Changed',
 			'description' => 'Your password has been changed.' . $message
 		));
-		$_SESSION['password'] = $new_password;
+		setSession('password', $new_password);
 	}
 }
--- a/system/pages/polls.php
+++ b/system/pages/polls.php
@ -325,13 +325,13 @@ function getColorByPercent($percent)
 		$show = false;
        if(isset($_POST['submit']))
        {
-            $_SESSION['answers'] = $_POST['answers'];
+            setSession('answers', $_POST['answers']);
            echo '<form method="post" action=""><b><font size=3>Adding Poll</font></b><br><br>
            <input type=text name=question value="" /> Question<br>
            <input type=text name=description value="" /> Description<br>
            <input type=text name=end value="" /> Time to end, in days<br>';
-            for( $x = 1; $x <= $_SESSION['answers']; $x++ )
+            for( $x = 1; $x <= getSession('answers'); $x++ )
            {
                echo '<input type=text name='.$x.' value="" /> Answer no. '.$x.'<br>';
            }
@ -344,12 +344,12 @@ function getColorByPercent($percent)
                $id = $db->query('SELECT MAX(id) FROM `z_polls`')->fetch();
                $id_next = $id[0] + 1;
-                for( $x = 1; $x <= $_SESSION['answers']; $x++ )
+                for( $x = 1; $x <= getSession('answers'); $x++ )
                {
                    $INSERT_answer = $db->query('INSERT INTO `z_polls_answers` (`poll_id`,`answer_id`,`answer`) VALUES ('.$db->quote($id_next).','.$db->quote($x).','.$db->quote($_POST[$x]).')');
                }
                $end = $time+24*60*60*$_POST['end'];
-                $INSERT_poll = $db->query('INSERT INTO `z_polls` (`id`,`question`, `description`,`end`,`answers`,`start`) VALUES ('.$db->quote($id_next).','.$db->quote($_POST['question']).','.$db->quote($_POST['description']).','.$db->quote($end).','.$db->quote($_SESSION['answers']).','.$db->quote($time).')');
+                $INSERT_poll = $db->query('INSERT INTO `z_polls` (`id`,`question`, `description`,`end`,`answers`,`start`) VALUES ('.$db->quote($id_next).','.$db->quote($_POST['question']).','.$db->quote($_POST['description']).','.$db->quote($end).','.$db->quote(getSession('answers')).','.$db->quote($time).')');
        }
        $POLLS_check = $db->query('SELECT MAX(end) FROM '.$db->tableName('z_polls').'');
--- a/system/template.php
+++ b/system/template.php
@ -19,18 +19,19 @@ if($config['template_allow_change'])
 		$template_name = $_GET['template'];
 		if(!preg_match("/[^A-z0-9_\-]/", $template_name)) { // validate template
 			//setcookie('template', $template_name, 0, BASE_DIR . '/', $_SERVER["SERVER_NAME"]);
-			$_SESSION['template'] = $template_name;
+			setSession('template', $template_name);
 		}
 		else
 			$template_name = $config['template'];
 	}
-	else if(isset($_SESSION['template']))
+	else {
-	{
+		$template_session = getSession('template');
-		if(!preg_match("/[^A-z0-9_\-]/", $_SESSION['template'])) {
+		if ($template_session !== false) {
-			$template_name = $_SESSION['template'];
+			if (!preg_match("/[^A-z0-9_\-]/", $template_session)) {
-		}
+				$template_name = $template_session;
-		else {
+			} else {
-			$template_name = $config['template'];
+				$template_name = $config['template'];
 			}
 		}
 	}
 }