class Session {
var $db;
var $cookie_session_name;
var $cookie_data_name;
var $actualip;
var $session_timeout;
var $mode = GET;
var $session_id;
var $cookie_session_data = array();
var $session_info = array();
var $user_info = array();
function Session() {
global $site_db, $config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $REMOTE_ADDR, $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
$this->db = &$site_db;
$this->session_timeout = $config['session_timeout'] * 60;
$this->actualip = (!empty($HTTP_SERVER_VARS['REMOTE_ADDR'])) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ((!empty($HTTP_ENV_VARS['REMOTE_ADDR'])) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR);
$this->actualip = substr($this->actualip, 0, 50);
$this->cookie_session_name = COOKIE_NAME."_sid";
$this->cookie_data_name = COOKIE_NAME."_data";
if (isset($HTTP_COOKIE_VARS[$this->cookie_session_name])) {
$this->session_id = stripslashes($HTTP_COOKIE_VARS[$this->cookie_session_name]);
$this->mode = COOKIE;
}
else {
if (isset($HTTP_GET_VARS[SESSION_NAME])) {
$this->session_id = $HTTP_GET_VARS[SESSION_NAME];
}
elseif (isset($HTTP_POST_VARS[SESSION_NAME])) {
$this->session_id = $HTTP_POST_VARS[SESSION_NAME];
}
else {
$this->session_id = "";
}
}
if (isset($HTTP_COOKIE_VARS[$this->cookie_data_name])) {
$this->cookie_session_data = unserialize(stripslashes($HTTP_COOKIE_VARS[$this->cookie_data_name]));
$this->mode = COOKIE;
}
$this->demand_session();
}
function demand_session() {
global $scriptpath;
$location = (defined("IN_CP")) ? "Control Panel" : $scriptpath;
$location = preg_replace(array("/([?|&])action=[^?|&]*/", "/[?|&]id=[^?|&]*/", "/[?|&]".SESSION_NAME."=[^?|&]*/"), array("\\1", "", ""), $location);
$current_time = time();
unset($this->user_info);
if(!empty($this->session_id)) {
$sql = "SELECT session_id, session_lastaction, session_location, session_ip, session_user_id
FROM ".SESSIONS_TABLE."
WHERE session_id = '$this->session_id'
AND session_ip = '$this->actualip'";
$this->session_info = $this->db->query_firstrow($sql);
if($this->session_info) {
$this->user_info = $this->load_user_info($this->session_info['session_user_id']);
$last_update = ($this->user_info['user_level'] == GUEST) ? $this->session_info['session_lastaction'] : $this->user_info['user_lastaction'];
if($current_time - $last_update > 60) {
if($this->user_info['user_level'] == GUEST) {
$this->cookie_session_data['lastvisit'] = $current_time;
$sql = "UPDATE ".SESSIONS_TABLE."
SET session_lastaction = '$current_time', session_location = '$location'
WHERE session_id = '".$this->session_id."'
AND session_ip = '$this->actualip'";
}
else {
$sql = "UPDATE ".USERS_TABLE."
SET user_lastaction = '$current_time', user_location = '$location'
WHERE user_id = ".$this->user_info['user_id'];
}
$this->db->query($sql);
$expiry_time = $current_time - $this->session_timeout;
// Delete old sessions
$this->db->query("DELETE FROM ".SESSIONS_TABLE."
WHERE session_lastaction < $expiry_time
AND session_id <> '$this->session_id'");
// Delete sessionvars
$result = $this->db->query("SELECT session_id
FROM ".SESSIONS_TABLE);
if ($result) {
$session_ids_sql = "";
while ($row = $this->db->fetch_array($result)) {
$session_ids_sql .= (($session_ids_sql !== "") ? ", " : "") . "'".$row['session_id']."'";
}
}
if (!empty($session_ids_sql)) {
$this->db->query("DELETE FROM ".SESSION_VARS_TABLE."
WHERE session_id NOT IN ($session_ids_sql)");
}
}
setcookie($this->cookie_data_name, serialize($this->cookie_session_data), ($current_time + 31536000), COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie($this->cookie_session_name, $this->session_id, 0, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
return $this->user_info;
}
}
$user_id = (isset($this->cookie_session_data['userid'])) ? $this->cookie_session_data['userid'] : "0";
$this->session_id = $this->start_session($user_id, 1);
$sql = "SELECT session_id, session_lastaction, session_location, session_ip, session_user_id
FROM ".SESSIONS_TABLE."
WHERE session_id = '$this->session_id'
AND session_ip = '$this->actualip'";
$this->session_info = $this->db->query_firstrow($sql);
$this->user_info = $this->load_user_info($this->session_info['session_user_id']);
return $this->user_info;
}
function start_session($user_id = "0", $auto_create = 0, $auto_login = 0) {
global $scriptpath;
$location = (defined("IN_CP")) ? "Control Panel" : $scriptpath;
$location = preg_replace(array("/([?|&])action=[^?|&]*/", "/[?|&]id=[^?|&]*/", "/[?|&]".SESSION_NAME."=[^?|&]*/"), array("\\1", "", ""), $location);
$last_visit = 0;
$current_time = time();
$expiry_time = $current_time - $this->session_timeout;
if ($user_id !== "0") {
$row = $this->db->query_firstrow("SELECT user_level, user_password, user_lastaction, user_email
FROM ".USERS_TABLE."
WHERE user_id = '$user_id'");
$auto_login_key = $row['user_password'];
if($auto_create) {
if(isset($this->cookie_session_data['autologinid']) && $row['user_level'] > 1) {
if ($this->cookie_session_data['autologinid'] == $auto_login_key) {
$auto_login = 1;
$this->cookie_session_data['lastvisit'] = ($row['user_lastaction'] > 0) ? $row['user_lastaction'] : $current_time;
}
else {
$auto_login = 0;
$user_id = "0";
}
}
else {
$auto_login = 0;
$user_id = "0";
}
}
else {
$this->cookie_session_data['lastvisit'] = ($row['user_lastaction'] > 0) ? $row['user_lastaction'] : $current_time;
}
}
else {
$auto_login = 0;
}
// Create or update the session
$result = $this->db->query("UPDATE ".SESSIONS_TABLE."
SET session_lastaction = '$current_time', session_location = '$location', session_user_id = '$user_id'
WHERE session_id = '$this->session_id'
AND session_ip = '$this->actualip'");
if(!$result || !$this->db->affected_rows()) {
$this->session_id = $this->generate_sessionid();
$this->db->query("INSERT INTO ".SESSIONS_TABLE."
(session_id, session_user_id, session_lastaction, session_location, session_ip)
VALUES
('$this->session_id', '$user_id', '$current_time', '$location', '$this->actualip')");
}
if($user_id !== "0") {
$this->db->query("UPDATE ".USERS_TABLE."
SET user_lastaction = '$current_time', user_location = '$location', user_lastvisit = '".$this->cookie_session_data['lastvisit']."'
WHERE user_id = '$user_id'");
$this->cookie_session_data['autologinid'] = ($auto_login && $this->mode == COOKIE) ? $auto_login_key : "";
$this->cookie_session_data['userid'] = $user_id;
}
setcookie($this->cookie_data_name, serialize($this->cookie_session_data), ($current_time + 31536000), COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie($this->cookie_session_name, $this->session_id, 0, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
return $this->session_id;
}
function logout($user_id) {
$current_time = time();
$this->db->query("DELETE FROM ".SESSIONS_TABLE."
WHERE session_id = '$this->session_id'
OR session_user_id = '$user_id'");
if($user_id !== "0") {
if(isset($this->cookie_session_data['autologinid']) && $this->mode == COOKIE) {
unset($this->cookie_session_data['autologinid']);
}
}
$this->cookie_session_data['userid'] = "0";
setcookie($this->cookie_data_name, serialize($this->cookie_session_data), ($current_time + 31536000), COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie($this->cookie_session_name, $this->session_id, 0, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
return true;
}
function generate_sessionid() {
$sid = "";
mt_srand ((double) microtime() * 1000000);
$Puddle = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
for($i=0; $i < SESSION_CODE_LENGTH; $i++) {
$sid .= substr($Puddle, (mt_rand()%(strlen($Puddle))), 1);
}
if ($this->db->not_empty("SELECT session_id FROM ".SESSIONS_TABLE." WHERE session_id = '$sid'")) {
$sid = 'INVALID';
}
return $sid;
}
function return_session_info() {
$result = $this->db->get_result("SELECT sessionvars_name, sessionvars_value
FROM ".SESSION_VARS_TABLE."
WHERE session_id = '$this->session_id'");
if ($result) {
while (list($key, $val) = each($result)) {
$this->session_info[$val['sessionvars_name']] = $val['sessionvars_value'];
}
}
return $this->session_info;
}
function return_user_info() {
return $this->user_info;
}
function load_user_info($user_id = "0") {
if ($user_id !== "0") {
$user_info = $this->db->query_firstrow("SELECT u.*, l.*
FROM ".USERS_TABLE." u, ".LIGHTBOXES_TABLE." l
WHERE u.user_id = '$user_id' AND l.user_id = '$user_id'");
if (!$user_info) {
$user_info = $this->db->query_firstrow("SELECT *
FROM ".USERS_TABLE."
WHERE user_id = '$user_id'");
$this->db->query("INSERT INTO ".LIGHTBOXES_TABLE."
(user_id, lightbox_lastaction, lightbox_image_ids)
VALUES
('".$user_info['user_id']."','".time()."','')");
$user_info['lightbox_lastaction'] = time();
$user_info['lightbox_image_ids'] = "";
}
}
else {
$user_info['user_id'] = "0";
$user_info['user_level'] = GUEST;
}
return $user_info;
}
function set_var($varname, $value) {
$sql = "SELECT session_id
FROM ".SESSION_VARS_TABLE."
WHERE sessionvars_name = '$varname' AND session_id = '$this->session_id'";
if ($this->db->is_empty($sql)) {
$this->db->query("INSERT INTO ".SESSION_VARS_TABLE."
(session_id, sessionvars_name, sessionvars_value)
VALUES
('$this->session_id', '$varname', '$value')");
}
else {
$this->db->query("UPDATE ".SESSION_VARS_TABLE."
SET sessionvars_value = '$value'
WHERE sessionvars_name = '$varname' AND session_id = '$this->session_id'");
}
$this->session_info[$varname] = $value;
}
function get_var($varname){
if (isset($this->session_info[$varname])) {
return $this->session_info[$varname];
}
else {
$value = $this->db->query_firstrow("SELECT sessionvars_value
FROM ".SESSION_VARS_TABLE."
WHERE sessionvars_name = '$varname' AND session_id = '$this->session_id'");
if ($value) {
$this->session_info[$varname] = $value['value'];
return $value['value'];
}
}
}
function drop_var($varname) {
$this->db->query("DELETE from ".SESSION_VARS_TABLE."
WHERE sessionvars_name = '$varname' AND session_id = '$this->session_id'");
return true;
}
function url($url, $amp = "&") {
$dummy_array = explode("#", $url);
$url = $dummy_array[0];
$url = preg_replace("/[?|&]".SESSION_NAME."=[^?|&]*/", "", $url);
//$url = ereg_replace("[&?]+$", "", $url); ersetzt durch Folgezeile von PK 20.07.2012
$url = preg_replace("/[&?]+$/", "", $url);
if (preg_match("/&/", $url) && !preg_match("/\?/", $url)) {
// 4ter Parameter für "preg_replace()" erst ab 4.0.1pl2
$url = preg_replace("/&/", "?", $url, 1);
}
if ($this->mode == GET) {
$url .= preg_match("/\?/", $url) ? "$amp" : "?";
$url .= SESSION_NAME."=".$this->session_id;
}
$url .= isset($dummy_array[1]) ? "#".$dummy_array[1] : "";
$url = str_replace(array("<", ">", " ", "\"", "'"),
array("%3C", "%3E", "+", "%22", "%27"), $url);
return $url;
}
} //end of class
//-----------------------------------------------------
//--- Start Session -----------------------------------
//-----------------------------------------------------
define('SESSION_NAME', 'sessionid');
define('SESSION_CODE_LENGTH', '32');
//define('COOKIE_NAME', '4images');
define('COOKIE_NAME', 'kult');
define('COOKIE_DOMAIN', '');
define('COOKIE_PATH', '/');
define('COOKIE_SECURE', '0');
//Start Session
$site_sess = new Session();
// Get Userinfo
$userinfo = $site_sess->return_user_info();
$sessioninfo = $site_sess->return_session_info();
//-----------------------------------------------------
//--- Get User Caches ---------------------------------
//-----------------------------------------------------
if (defined("GET_USER_ONLINE") || defined("GET_USER_CACHE")) {
$result = $site_db->query("SELECT *
FROM ".USERS_TABLE);
while ($row = $site_db->fetch_array($result)){
$user_cache[$row['user_id']] = $row;
}
}
$num_total_online = 0;
$num_visible_online = 0;
$num_invisible_online = 0;
$num_registered_online = 0;
$num_guests_online = 0;
$user_online_list = "";
$prev_user_id = "";
$prev_ip = "";
$time_out = time() - ($config['session_timeout'] * 60);
//Get User Online Cache --------------------------
if (defined("GET_USER_ONLINE") && ($config['display_whosonline'] == 1 || $userinfo['user_level'] == ADMIN)) {
$result = $site_db->query("SELECT session_user_id, session_lastaction, session_ip
FROM ".SESSIONS_TABLE."
ORDER BY session_ip ASC");
while ($row = $site_db->fetch_array($result)) {
if ($row['session_user_id'] !== "0" && isset($user_cache[$row['session_user_id']])) {
if ($row['session_user_id'] != $prev_user_id && $user_cache[$row['session_user_id']]['user_lastaction'] > $time_out) {
$username = stripslashes($user_cache[$row['session_user_id']]['user_name']);
if ($user_cache[$row['session_user_id']]['user_invisible'] == 1) { // Invisible User but show to Admin
$invisibleuser = "*";
}
else {
$invisibleuser = "";
}
if ($user_cache[$row['session_user_id']]['user_level'] == ADMIN && $config['highlight_admin'] == 1) {
$username = sprintf("%s", $username);
}
if ($user_cache[$row['session_user_id']]['user_invisible'] == 0 || $userinfo['user_level'] == ADMIN) {
if ($user_online_list !== "") {
$user_online_list .= ", ";
}
$user_online_list .= "url("member.php?action=showprofile&".URL_USER_ID."=".$row['session_user_id'])."\">".$username."".$invisibleuser;
$num_visible_online++;
$user_online_cache[$row['session_user_id']] = $row;
}
$num_registered_online++;
}
}
else {
if ($row['session_ip'] != $prev_ip && $row['session_lastaction'] > $time_out) {
$num_guests_online++;
}
}
$prev_ip = $row['session_ip'];
$prev_user_id = $row['session_user_id'];
}
$num_total_online = $num_registered_online + $num_guests_online;
$num_invisible_online = $num_registered_online - $num_visible_online;
$site_template->register_vars(array("num_total_online" => $num_total_online,
"num_invisible_online" => $num_invisible_online,
"num_registered_online" => $num_registered_online,
"num_guests_online" => $num_guests_online,
"user_online_list" => $user_online_list
));
$whos_online = $site_template->parse_template("whos_online");
$site_template->register_vars("whos_online", $whos_online);
}
?>