db = &$site_db; $this->session_timeout = $config['session_timeout'] * 60; $this->actualip = (!empty($HTTP_SERVER_VARS['REMOTE_ADDR'])) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ((!empty($HTTP_ENV_VARS['REMOTE_ADDR'])) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR); $this->actualip = substr($this->actualip, 0, 50); $this->cookie_session_name = COOKIE_NAME."_sid"; $this->cookie_data_name = COOKIE_NAME."_data"; if (isset($HTTP_COOKIE_VARS[$this->cookie_session_name])) { $this->session_id = stripslashes($HTTP_COOKIE_VARS[$this->cookie_session_name]); $this->mode = COOKIE; } else { if (isset($HTTP_GET_VARS[SESSION_NAME])) { $this->session_id = $HTTP_GET_VARS[SESSION_NAME]; } elseif (isset($HTTP_POST_VARS[SESSION_NAME])) { $this->session_id = $HTTP_POST_VARS[SESSION_NAME]; } else { $this->session_id = ""; } } if (isset($HTTP_COOKIE_VARS[$this->cookie_data_name])) { $this->cookie_session_data = unserialize(stripslashes($HTTP_COOKIE_VARS[$this->cookie_data_name])); $this->mode = COOKIE; } $this->demand_session(); } function demand_session() { global $scriptpath; $location = (defined("IN_CP")) ? "Control Panel" : $scriptpath; $location = preg_replace(array("/([?|&])action=[^?|&]*/", "/[?|&]id=[^?|&]*/", "/[?|&]".SESSION_NAME."=[^?|&]*/"), array("\\1", "", ""), $location); $current_time = time(); unset($this->user_info); if(!empty($this->session_id)) { $sql = "SELECT session_id, session_lastaction, session_location, session_ip, session_user_id FROM ".SESSIONS_TABLE." WHERE session_id = '$this->session_id' AND session_ip = '$this->actualip'"; $this->session_info = $this->db->query_firstrow($sql); if($this->session_info) { $this->user_info = $this->load_user_info($this->session_info['session_user_id']); $last_update = ($this->user_info['user_level'] == GUEST) ? $this->session_info['session_lastaction'] : $this->user_info['user_lastaction']; if($current_time - $last_update > 60) { if($this->user_info['user_level'] == GUEST) { $this->cookie_session_data['lastvisit'] = $current_time; $sql = "UPDATE ".SESSIONS_TABLE." SET session_lastaction = '$current_time', session_location = '$location' WHERE session_id = '".$this->session_id."' AND session_ip = '$this->actualip'"; } else { $sql = "UPDATE ".USERS_TABLE." SET user_lastaction = '$current_time', user_location = '$location' WHERE user_id = ".$this->user_info['user_id']; } $this->db->query($sql); $expiry_time = $current_time - $this->session_timeout; // Delete old sessions $this->db->query("DELETE FROM ".SESSIONS_TABLE." WHERE session_lastaction < $expiry_time AND session_id <> '$this->session_id'"); // Delete sessionvars $result = $this->db->query("SELECT session_id FROM ".SESSIONS_TABLE); if ($result) { $session_ids_sql = ""; while ($row = $this->db->fetch_array($result)) { $session_ids_sql .= (($session_ids_sql !== "") ? ", " : "") . "'".$row['session_id']."'"; } } if (!empty($session_ids_sql)) { $this->db->query("DELETE FROM ".SESSION_VARS_TABLE." WHERE session_id NOT IN ($session_ids_sql)"); } } setcookie($this->cookie_data_name, serialize($this->cookie_session_data), ($current_time + 31536000), COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE); setcookie($this->cookie_session_name, $this->session_id, 0, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE); return $this->user_info; } } $user_id = (isset($this->cookie_session_data['userid'])) ? $this->cookie_session_data['userid'] : "0"; $this->session_id = $this->start_session($user_id, 1); $sql = "SELECT session_id, session_lastaction, session_location, session_ip, session_user_id FROM ".SESSIONS_TABLE." WHERE session_id = '$this->session_id' AND session_ip = '$this->actualip'"; $this->session_info = $this->db->query_firstrow($sql); $this->user_info = $this->load_user_info($this->session_info['session_user_id']); return $this->user_info; } function start_session($user_id = "0", $auto_create = 0, $auto_login = 0) { global $scriptpath; $location = (defined("IN_CP")) ? "Control Panel" : $scriptpath; $location = preg_replace(array("/([?|&])action=[^?|&]*/", "/[?|&]id=[^?|&]*/", "/[?|&]".SESSION_NAME."=[^?|&]*/"), array("\\1", "", ""), $location); $last_visit = 0; $current_time = time(); $expiry_time = $current_time - $this->session_timeout; if ($user_id !== "0") { $row = $this->db->query_firstrow("SELECT user_level, user_password, user_lastaction, user_email FROM ".USERS_TABLE." WHERE user_id = '$user_id'"); $auto_login_key = $row['user_password']; if($auto_create) { if(isset($this->cookie_session_data['autologinid']) && $row['user_level'] > 1) { if ($this->cookie_session_data['autologinid'] == $auto_login_key) { $auto_login = 1; $this->cookie_session_data['lastvisit'] = ($row['user_lastaction'] > 0) ? $row['user_lastaction'] : $current_time; } else { $auto_login = 0; $user_id = "0"; } } else { $auto_login = 0; $user_id = "0"; } } else { $this->cookie_session_data['lastvisit'] = ($row['user_lastaction'] > 0) ? $row['user_lastaction'] : $current_time; } } else { $auto_login = 0; } // Create or update the session $result = $this->db->query("UPDATE ".SESSIONS_TABLE." SET session_lastaction = '$current_time', session_location = '$location', session_user_id = '$user_id' WHERE session_id = '$this->session_id' AND session_ip = '$this->actualip'"); if(!$result || !$this->db->affected_rows()) { $this->session_id = $this->generate_sessionid(); $this->db->query("INSERT INTO ".SESSIONS_TABLE." (session_id, session_user_id, session_lastaction, session_location, session_ip) VALUES ('$this->session_id', '$user_id', '$current_time', '$location', '$this->actualip')"); } if($user_id !== "0") { $this->db->query("UPDATE ".USERS_TABLE." SET user_lastaction = '$current_time', user_location = '$location', user_lastvisit = '".$this->cookie_session_data['lastvisit']."' WHERE user_id = '$user_id'"); $this->cookie_session_data['autologinid'] = ($auto_login && $this->mode == COOKIE) ? $auto_login_key : ""; $this->cookie_session_data['userid'] = $user_id; } setcookie($this->cookie_data_name, serialize($this->cookie_session_data), ($current_time + 31536000), COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE); setcookie($this->cookie_session_name, $this->session_id, 0, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE); return $this->session_id; } function logout($user_id) { $current_time = time(); $this->db->query("DELETE FROM ".SESSIONS_TABLE." WHERE session_id = '$this->session_id' OR session_user_id = '$user_id'"); if($user_id !== "0") { if(isset($this->cookie_session_data['autologinid']) && $this->mode == COOKIE) { unset($this->cookie_session_data['autologinid']); } } $this->cookie_session_data['userid'] = "0"; setcookie($this->cookie_data_name, serialize($this->cookie_session_data), ($current_time + 31536000), COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE); setcookie($this->cookie_session_name, $this->session_id, 0, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE); return true; } function generate_sessionid() { $sid = ""; mt_srand ((double) microtime() * 1000000); $Puddle = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; for($i=0; $i < SESSION_CODE_LENGTH; $i++) { $sid .= substr($Puddle, (mt_rand()%(strlen($Puddle))), 1); } if ($this->db->not_empty("SELECT session_id FROM ".SESSIONS_TABLE." WHERE session_id = '$sid'")) { $sid = 'INVALID'; } return $sid; } function return_session_info() { $result = $this->db->get_result("SELECT sessionvars_name, sessionvars_value FROM ".SESSION_VARS_TABLE." WHERE session_id = '$this->session_id'"); if ($result) { while (list($key, $val) = each($result)) { $this->session_info[$val['sessionvars_name']] = $val['sessionvars_value']; } } return $this->session_info; } function return_user_info() { return $this->user_info; } function load_user_info($user_id = "0") { if ($user_id !== "0") { $user_info = $this->db->query_firstrow("SELECT u.*, l.* FROM ".USERS_TABLE." u, ".LIGHTBOXES_TABLE." l WHERE u.user_id = '$user_id' AND l.user_id = '$user_id'"); if (!$user_info) { $user_info = $this->db->query_firstrow("SELECT * FROM ".USERS_TABLE." WHERE user_id = '$user_id'"); $this->db->query("INSERT INTO ".LIGHTBOXES_TABLE." (user_id, lightbox_lastaction, lightbox_image_ids) VALUES ('".$user_info['user_id']."','".time()."','')"); $user_info['lightbox_lastaction'] = time(); $user_info['lightbox_image_ids'] = ""; } } else { $user_info['user_id'] = "0"; $user_info['user_level'] = GUEST; } return $user_info; } function set_var($varname, $value) { $sql = "SELECT session_id FROM ".SESSION_VARS_TABLE." WHERE sessionvars_name = '$varname' AND session_id = '$this->session_id'"; if ($this->db->is_empty($sql)) { $this->db->query("INSERT INTO ".SESSION_VARS_TABLE." (session_id, sessionvars_name, sessionvars_value) VALUES ('$this->session_id', '$varname', '$value')"); } else { $this->db->query("UPDATE ".SESSION_VARS_TABLE." SET sessionvars_value = '$value' WHERE sessionvars_name = '$varname' AND session_id = '$this->session_id'"); } $this->session_info[$varname] = $value; } function get_var($varname){ if (isset($this->session_info[$varname])) { return $this->session_info[$varname]; } else { $value = $this->db->query_firstrow("SELECT sessionvars_value FROM ".SESSION_VARS_TABLE." WHERE sessionvars_name = '$varname' AND session_id = '$this->session_id'"); if ($value) { $this->session_info[$varname] = $value['value']; return $value['value']; } } } function drop_var($varname) { $this->db->query("DELETE from ".SESSION_VARS_TABLE." WHERE sessionvars_name = '$varname' AND session_id = '$this->session_id'"); return true; } function url($url, $amp = "&") { $dummy_array = split("#", $url); $url = $dummy_array[0]; $url = preg_replace("/[?|&]".SESSION_NAME."=[^?|&]*/", "", $url); $url = ereg_replace("[&?]+$", "", $url); if (preg_match("/&/", $url) && !preg_match("/\?/", $url)) { // 4ter Parameter für "preg_replace()" erst ab 4.0.1pl2 $url = preg_replace("/&/", "?", $url, 1); } if ($this->mode == GET) { $url .= preg_match("/\?/", $url) ? "$amp" : "?"; $url .= SESSION_NAME."=".$this->session_id; } $url .= isset($dummy_array[1]) ? "#".$dummy_array[1] : ""; $url = str_replace(array("<", ">", " ", "\"", "'"), array("%3C", "%3E", "+", "%22", "%27"), $url); return $url; } } //end of class //----------------------------------------------------- //--- Start Session ----------------------------------- //----------------------------------------------------- define('SESSION_NAME', 'sessionid'); define('SESSION_CODE_LENGTH', '32'); //define('COOKIE_NAME', '4images'); define('COOKIE_NAME', 'kult'); define('COOKIE_DOMAIN', ''); define('COOKIE_PATH', '/'); define('COOKIE_SECURE', '0'); //Start Session $site_sess = new Session(); // Get Userinfo $userinfo = $site_sess->return_user_info(); $sessioninfo = $site_sess->return_session_info(); //----------------------------------------------------- //--- Get User Caches --------------------------------- //----------------------------------------------------- if (defined("GET_USER_ONLINE") || defined("GET_USER_CACHE")) { $result = $site_db->query("SELECT * FROM ".USERS_TABLE); while ($row = $site_db->fetch_array($result)){ $user_cache[$row['user_id']] = $row; } } $num_total_online = 0; $num_visible_online = 0; $num_invisible_online = 0; $num_registered_online = 0; $num_guests_online = 0; $user_online_list = ""; $prev_user_id = ""; $prev_ip = ""; $time_out = time() - ($config['session_timeout'] * 60); //Get User Online Cache -------------------------- if (defined("GET_USER_ONLINE") && ($config['display_whosonline'] == 1 || $userinfo['user_level'] == ADMIN)) { $result = $site_db->query("SELECT session_user_id, session_lastaction, session_ip FROM ".SESSIONS_TABLE." ORDER BY session_ip ASC"); while ($row = $site_db->fetch_array($result)) { if ($row['session_user_id'] !== "0" && isset($user_cache[$row['session_user_id']])) { if ($row['session_user_id'] != $prev_user_id && $user_cache[$row['session_user_id']]['user_lastaction'] > $time_out) { $username = stripslashes($user_cache[$row['session_user_id']]['user_name']); if ($user_cache[$row['session_user_id']]['user_invisible'] == 1) { // Invisible User but show to Admin $invisibleuser = "*"; } else { $invisibleuser = ""; } if ($user_cache[$row['session_user_id']]['user_level'] == ADMIN && $config['highlight_admin'] == 1) { $username = sprintf("%s", $username); } if ($user_cache[$row['session_user_id']]['user_invisible'] == 0 || $userinfo['user_level'] == ADMIN) { if ($user_online_list !== "") { $user_online_list .= ", "; } $user_online_list .= "url("member.php?action=showprofile&".URL_USER_ID."=".$row['session_user_id'])."\">".$username."".$invisibleuser; $num_visible_online++; $user_online_cache[$row['session_user_id']] = $row; } $num_registered_online++; } } else { if ($row['session_ip'] != $prev_ip && $row['session_lastaction'] > $time_out) { $num_guests_online++; } } $prev_ip = $row['session_ip']; $prev_user_id = $row['session_user_id']; } $num_total_online = $num_registered_online + $num_guests_online; $num_invisible_online = $num_registered_online - $num_visible_online; $site_template->register_vars(array("num_total_online" => $num_total_online, "num_invisible_online" => $num_invisible_online, "num_registered_online" => $num_registered_online, "num_guests_online" => $num_guests_online, "user_online_list" => $user_online_list )); $whos_online = $site_template->parse_template("whos_online"); $site_template->register_vars("whos_online", $whos_online); } ?>