Portalmod sid

[DaBus]

Habe das Problem, das wenn man sich auf dem Intro oder dem Portal einloggt und dann einen der Links im Menü klickt, die sid nicht angehangen wird und man somit im Forum nicht mehr eingeloggt ist.

in welcher Datei muss man das ändern?? welcher Variable ist das dann? $sid, $session_id, oder $userdata

mfg

Daniel

[Garfield312]

Nimm doch mal ne originale includes/sessions.php-Datei, und dann kannst du da die Änderungen zur Google-Freundlichkeit (Entfernung der SessionID für Gäste) wieder reinmachen.

Aber vorher zur Sicherheit Backup der alten nur vorsichtshalber gesagt.

[DaBus]

da hast du mich falsch verstanden glaub ich. Gäste brauchen die ja nicht wirklich.

Wenn ich mich im Intro oder Portal einlogge ist das so, das er das auf den weg bis ins Forum wieder vergessen hat!

Und das ist bei jedem User dann so.

kannst dir gerne mal anschauen

http://www.wachbataillon-berlin.de

danke nochmal

[Garfield312]

Habs grad gesehen.

Also mir scheint da irgendwas an der sessions.php verhackstückt.

Schon mal ne jungfräuliche sessions.php reingesetzt ?

[DaBus]

nein, kann ich das denn?? Wird dann nicht irgendwas überschrieben, was der Portal Mod dort reingeschrieben hat? Denn das muss es ja gewesen sein, ich habe nichts alleine da drin geändert. Welche muss ich denn dann nehmen??

Vielen Dank schonmal

[DaBus]

bekomme es einfach nicht hin. sorry. noch jemand eine Idee??

mfg

[Garfield312]

Ich kann mir einfach nur vorstellen, daß es an der sessions.php liegt.

Hier ist meine, kannst du ja mal versuchen :

Code: Alles auswählen

<?php
/***************************************************************************
 *                                sessions.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: sessions.php,v 1.58.2.11 2004/07/11 16:46:19 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Adds/updates a new session to the database for the given userid.
// Returns the new session ID on success.
//
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0)
{
	global $db, $board_config;
	global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;

	$cookiename = $board_config['cookie_name'];
	$cookiepath = $board_config['cookie_path'];
	$cookiedomain = $board_config['cookie_domain'];
	$cookiesecure = $board_config['cookie_secure'];

	if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
	{
		$session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
		$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
		$sessionmethod = SESSION_METHOD_COOKIE;
	}
	else
	{
		$sessiondata = array();
		$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
		$sessionmethod = SESSION_METHOD_GET;
	}

	//
	if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) 
	{
		$session_id = '';
	}

	$last_visit = 0;
	$current_time = time();
	$expiry_time = $current_time - $board_config['session_length'];

	//
	// Try and pull the last time stored in a cookie, if it exists
	//
	$sql = "SELECT * 
		FROM " . USERS_TABLE . " 
		WHERE user_id = $user_id";
	if ( !($result = $db->sql_query($sql)) )
	{
		message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql);
	}

	$userdata = $db->sql_fetchrow($result);

	if ( $user_id != ANONYMOUS )
	{
		$auto_login_key = $userdata['user_password'];

		if ( $auto_create )
		{
			if ( isset($sessiondata['autologinid']) && $userdata['user_active'] )
			{
				// We have to login automagically
				if( $sessiondata['autologinid'] == $auto_login_key )
				{
					// autologinid matches password
					$login = 1;
					$enable_autologin = 1;
				}
				else
				{
					// No match; don't login, set as anonymous user
					$login = 0; 
					$enable_autologin = 0; 
					$user_id = $userdata['user_id'] = ANONYMOUS;
				}
			}
			else
			{
				// Autologin is not set. Don't login, set as anonymous user
				$login = 0;
				$enable_autologin = 0;
				$user_id = $userdata['user_id'] = ANONYMOUS;
			}
		}
		else
		{
			$login = 1;
		}
	}
	else
	{
		$login = 0;
		$enable_autologin = 0;
	}

	//
	// Initial ban check against user id, IP and email address
	//
	preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);

	$sql = "SELECT ban_ip, ban_userid, ban_email 
		FROM " . BANLIST_TABLE . " 
		WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')
			OR ban_userid = $user_id";
	if ( $user_id != ANONYMOUS )
	{
		$sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $userdata['user_email']) . "' 
			OR ban_email LIKE '" . substr(str_replace("\'", "''", $userdata['user_email']), strpos(str_replace("\'", "''", $userdata['user_email']), "@")) . "'";
	}
	if ( !($result = $db->sql_query($sql)) )
	{
		message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
	}

	if ( $ban_info = $db->sql_fetchrow($result) )
	{
		if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] )
		{
			message_die(CRITICAL_MESSAGE, 'You_been_banned');
		}
	}

	//
	// Create or update the session
	//
	$sql = "UPDATE " . SESSIONS_TABLE . "
		SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, SearchBot = ". $_SERVER["HTTP_USER_AGENT"] ."
		WHERE session_id = '" . $session_id . "' 
			AND session_ip = '$user_ip'";
	if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
	{
		$session_id = md5(uniqid($user_ip));

		$sql = "INSERT INTO " . SESSIONS_TABLE . "
			(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, SearchBot)
			VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, '". $_SERVER["HTTP_USER_AGENT"] ."')";
		if ( !$db->sql_query($sql) )
		{
			message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
		}
	}

	//if ( $user_id != ANONYMOUS )
	//{// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : ( 
		$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; 

		$sql = "UPDATE " . USERS_TABLE . " 
			SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit, user_lastlogon = " . time() .  ", user_totallogon=user_totallogon+1
			WHERE user_id = $user_id";
		if ( !$db->sql_query($sql) )
		{
			message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
		}

		$userdata['user_lastvisit'] = $last_visit;

		$sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '';
		$sessiondata['userid'] = $user_id;
	//}

	$userdata['session_id'] = $session_id;
	$userdata['session_ip'] = $user_ip;
	$userdata['session_user_id'] = $user_id;
	$userdata['session_logged_in'] = $login;
	$userdata['session_page'] = $page_id;
	$userdata['session_start'] = $current_time;
	$userdata['session_time'] = $current_time;

	setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
	setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);

	if ( $userdata['session_user_id'] != ANONYMOUS ){
   $SID = 'sid=' . $session_id;
} else {
   $SID = '';
}

	return $userdata;
}

//
// Checks for a given user session, tidies session table and updates user
// sessions at each page refresh
//
function session_pagestart($user_ip, $thispage_id)
{
	global $db, $lang, $board_config;
	global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;

	$cookiename = $board_config['cookie_name'];
	$cookiepath = $board_config['cookie_path'];
	$cookiedomain = $board_config['cookie_domain'];
	$cookiesecure = $board_config['cookie_secure'];

	$current_time = time();
	unset($userdata);

	if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
	{
		$sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
		$session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
		$sessionmethod = SESSION_METHOD_COOKIE;
	}
	else
	{
		$sessiondata = array();
		$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
		$sessionmethod = SESSION_METHOD_GET;
	}

	//
	if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
	{
		$session_id = '';
	}

	//
	// Does a session exist?
	//
	if ( !empty($session_id) )
	{

// Start add - Last visit MOD
$expiry_time = $current_time - $board_config['session_length'] ;
// End add - Last visit MOD

		//
		// session_id exists so go ahead and attempt to grab all
		// data in preparation
		//
		$sql = "SELECT u.*, s.*
			FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
			WHERE s.session_id = '$session_id'
				AND u.user_id = s.session_user_id AND session_time > $expiry_time";
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
		}

		$userdata = $db->sql_fetchrow($result);

		//
		// Did the session exist in the DB?
		//
		if ( isset($userdata['user_id']) )
		{
			//
			// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
			// bits ... I've been told (by vHiker) this should alleviate problems with 
			// load balanced et al proxies while retaining some reliance on IP security.
			//
			$ip_check_s = substr($userdata['session_ip'], 0, 6);
			$ip_check_u = substr($user_ip, 0, 6);

			if ($ip_check_s == $ip_check_u)
			{
				$SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '';

				//
				// Only update session DB a minute or so after last update
				//
				if ( $current_time - $userdata['session_time'] > 60 )
				{
					$sql = "UPDATE " . SESSIONS_TABLE . " 
						SET session_time = $current_time, session_page = $thispage_id 
						WHERE session_id = '" . $userdata['session_id'] . "'";
					if ( !$db->sql_query($sql) )
					{
						message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
					}

					//if ( $userdata['user_id'] != ANONYMOUS )
					//{
						$sql = "UPDATE " . USERS_TABLE . " 
							SET user_session_time = $current_time, user_session_page = $thispage_id, user_totalpages = user_totalpages+1, user_totaltime = user_totaltime+($current_time-".$userdata['session_time'].") 
							WHERE user_id = " . $userdata['user_id'];
						if ( !$db->sql_query($sql) )
						{
							message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
						}
					//}

					//
					// Delete expired sessions
					//
					$expiry_time = $current_time - $board_config['session_length'];
					$sql = "DELETE FROM " . SESSIONS_TABLE . " 
						WHERE UNIX_TIMESTAMP() - session_time >=172800 
							AND session_id <> '$session_id'";
					if ( !$db->sql_query($sql) )
					{
						message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
					}

					setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
					setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
				}

				return $userdata;
			}
		}
	}

	//
	// If we reach here then no (valid) session exists. So we'll create a new one,
	// using the cookie user_id if available to pull basic user prefs.
	//
	$user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS;

	if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) )
	{
		message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql);
	}

	return $userdata;

}

//
// session_end closes out a session
// deleting the corresponding entry
// in the sessions table
//
function session_end($session_id, $user_id)
{
	global $db, $lang, $board_config;
	global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;

	$cookiename = $board_config['cookie_name'];
	$cookiepath = $board_config['cookie_path'];
	$cookiedomain = $board_config['cookie_domain'];
	$cookiesecure = $board_config['cookie_secure'];

	$current_time = time();

	//
	// Pull cookiedata or grab the URI propagated sid
	//
	if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) )
	{
		$session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
		$sessionmethod = SESSION_METHOD_COOKIE;
	}
	else
	{
		$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
		$sessionmethod = SESSION_METHOD_GET;
	}

	if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
	{
		return;
	}
	
	//
	// Delete existing session
	//
	$sql = "DELETE FROM " . SESSIONS_TABLE . " 
		WHERE session_id = '$session_id' 
			AND session_user_id = $user_id";
	if ( !$db->sql_query($sql) )
	{
		message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
	}

	setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
	setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);

	return true;
}

//
// Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper
// around every single URL and form action. If you replace the session
// code you must include this routine, even if it's empty.
//
function append_sid($url, $non_html_amp = false)
{
	global $SID;
if (areyouabot2($_SERVER["HTTP_USER_AGENT"], TRUE) != 1) {
	if ( !empty($SID) && !preg_match('#sid=#', $url) )
	{
		$url .= ( ( strpos($url, '?') != false ) ?  ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID;
	}
}
	return $url;
}

?>

[DaBus]

aber das wars es auch nicht. Habe erst die Dateien verglichen, wobei es wirklich zu Unterschieden kommt. Habe aber deine session.php hochgeladen, aber da ist genau das gleiche Problem, also kann es ja diese Datei nicht sein.

Noch irgendwelche anderen Ideen?

mfg DaBus

[DaBus]

Ich weiß schonmal das es auf keinen Fall an dieser session.php liegt.

Möchte jetzt gerne mal von jemanden wissen, wie man die Var $SID an den link anhängen kann, denn wenn ich in der Datenbank direkt schreibe:

index.php?sid="$SID dann schreibt er es auch ganz genau so als link ohne es in eine Zahl umzuwandeln. Der Quelltext wo er die links aus der DB liest steht anbei. irgendwo da müsste man jetzt die $SID anfügen. Nur wo, damit sich nicht überall steht, sondern nur hinter der index.php??

Code: Alles auswählen

// SWITCH NAVIGATION START
if( $introportalmod_config['navigation_active'] == "1" )
{
$sql_level = ($userdata['user_id']==ANONYMOUS) ? ANONYMOUS : (($userdata['user_level']==ADMIN) ? MOD : (($userdata['user_level']==MOD) ? ADMIN : $userdata['user_level']));
$sql = "SELECT * FROM " . $table_prefix . "introportalmodnav
		WHERE link_active
		AND (IF(link_level_type,IF(link_level_type=1,'$sql_level'<=link_level,IF(link_level_type=2,'$sql_level'>=link_level,'$sql_level'<>link_level)),link_level='$sql_level') OR link_id=0)
		ORDER BY link_cat , link_sub, link_id";
if ( !($result = $db->sql_query($sql)) )
{
	message_die(GENERAL_ERROR, 'Could not get navigation information', '', __LINE__, __FILE__, $sql);
}
$links = $db->sql_fetchrowset($result);

$i=0;
if (!empty($links))
{
while (list ($id,$link) = each($links))
{
	eval('$link_name = ' . $link['link_name'] . ';');
	if ($link['link_id']==0)
	{
		if ($link['link_sub']==0)
		{
			// new cat
			// only show if, link pressent in this cat
			$s=1;
			$found = FALSE;
			while ($links[$id+$s][link_cat]==$link[link_cat] && $s<sizeof($links))
			{
				$found = ($links[$id+$s++][link_id]!=0) ? TRUE : $found;
			}
			if ($found)
			{
				if ($i==0)
				{
					$i=3;
					$template->assign_block_vars('row', array());
				} else
				{
					$i--;
				}
				$template->assign_block_vars('row.cat', array(
					'CAT_NAME' => $link_name));
			}
		} else
		{
			// only show if, LINK pressent in this SUB
			$s=1;
			$found = FALSE;
			while ($links[$id+$s][link_sub]==$link[link_sub] && $s<sizeof($links))
			{
				$found = ($links[$id+$s++][link_id]!=0) ? TRUE : $found;
			}
			if ($found)
			{
				$template->assign_block_vars('row.cat.sub', array(
					'SUB_NAME' => $link_name));
			}
		}
	} else
	{
		$row_color = $theme['td_color1'];
		$row_class = $theme['td_class1'];
		$template->assign_block_vars('row.cat.sub.link', array(
				'LINK_NAME' => $link_name,
				'LINK_URL' => $link['link_url'],
				'ROW_COLOR' => '#' . $row_color,
				'ROW_CLASS' => $row_class));
	}
}
} else
{
	$template->assign_block_vars('row', array());
	$template->assign_block_vars('row.cat', array(
		'CAT_NAME' => $lang['No_links']));
}
if (!($template->_tpldata['row.'][0]))
{
	$template->assign_block_vars('row', array());
	$template->assign_block_vars('row.cat', array('CAT_NAME' => $lang['No_links']));
}
$template->assign_block_vars('switch_navigation_active', array());
}
// SWITCH NAVIGATION END

Danke

[vascoW]

öhm das Problem habe ich auch gerade, ich möchte den Admin-Einlogg-link in das Menue reinbasteln. Aber der Link braucht eine übergebene SID, sonst funktioniert das nicht. Aber das Menue vom Portal sieht nicht vor das SID zu übergeben.

Wo muss ich genau was ergänzen? Der Quellcode ist mir leider noch nicht ganz ins Blut übergegangen

edit:
Ha, ich hab es:

#öffne:
portal.php
#finde:
$template->assign_block_vars('row.cat.sub.link', array(
'LINK_NAME' => $link_name,
'LINK_URL' => $link['link_url'],
'ROW_COLOR' => '#' . $row_color,
'ROW_CLASS' => $row_class));
#ersetze mit
$extension=strpos($link['link_url'],'?') ? "&" : "?";
$extension.="sid=".$userdata['session_id'];
$row_color = $theme['td_color1'];
$row_class = $theme['td_class1'];
$template->assign_block_vars('row.cat.sub.link', array(
'LINK_NAME' => $link_name,
'LINK_URL' => $link['link_url'].$extension,
'ROW_COLOR' => '#' . $row_color,
'ROW_CLASS' => $row_class));

Bisher hab ich keine Lücke gefunden...