This is the session.inc.php page i have now
Code: Select all
<?php
if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) || eregi(".inc.php",$_SERVER['PHP_SELF'])) {
echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
exit;
}
if(($config['offLine']==1 && isset($_SESSION['ccAdmin']) && $config['offLineAllowAdmin']==0) || ($config['offLine']==1 && !isset($_SESSION['ccAdmin']))) {
header("Location: offLine.php");
exit;
}
$sessData["location"] = $db->mySQLSafe(currentPage());
$lkParsed = "PC9ib2R5Pg==PC9odG1sPg==";
if( !isset($_SESSION['ccUser']) && (isset($_COOKIE['ccUser']) || isset($_GET['ccUser'])) ){
if(isset($_COOKIE['ccUser'])){
$_COOKIE['ccUser'] = treatGet($_COOKIE['ccUser']);
$sessId = base64_decode($_COOKIE['ccUser']);
} elseif(isset($_GET['ccUser'])){
$_GET['ccUser'] = treatGet($_GET['ccUser']);
$sessId = $_GET['ccUser'];
}
// see if session is still in db
$query = "SELECT sessId FROM ".$glob['dbprefix']."_sessions WHERE sessId=".$db->mySQLSafe($sessId);
$results = $db->select($query);
if($results == TRUE){
$sessData["timeLast"] = $db->mySQLSafe(time());
if(!isset($_COOKIE['ccRemember'])) { $sessData["customer_id"] = 0; }
$update = $db->update($glob['dbprefix']._sessions", $sessData,"sessId=".$db->mySQLSafe($results[0]['sessId']));
$_SESSION['ccUser'] = $results[0]['sessId'];
// set cookie to extend expire time meaning if the visitor visits regularly they stay logged in
setcookie("ccUser", base64_encode($sessId),time()+$config['sqlSessionExpiry'], $sessionDomain);
}
}
if(!isset($_SESSION['ccUser']) && $results == FALSE) {
$sessId = makeSessId();
$_SESSION['ccUser'] = $sessId;
// insert sessionId into db
$sessData["sessId"] = $db->mySQLSafe($_SESSION['ccUser']);
$timeNow = $db->mySQLSafe(time());
$sessData["timeStart"] = $timeNow;
$sessData["timeLast"] = $timeNow;
$sessData["customer_id"] = 0;
$insert = $db->insert($glob['dbprefix']."_sessions", $sessData);
// set cookie
setcookie("ccUser", base64_encode($sessId),time()+$config['sqlSessionExpiry'], $sessionDomain);
// delete sessions older than time set in config file
$expiredSessTime = time() - $config['sqlSessionExpiry'];
$delete = $db->delete($glob['dbprefix']."_sessions", "timeLast<".$expiredSessTime);
} else {
$sessData["timeLast"] = $db->mySQLSafe(time());
$update = $db->update($glob['dbprefix']."_sessions", $sessData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));
}
$uniKey = "PGRpdiBjbGFzcz0ndHh0Q29weXJpZ2h0Jz5Qb3dlcmVkIGJ5IDxhIGhyZWY9J2h0dHA6Ly93d3cuY3ViZWNhcnQuY29tJyBjbGFzcz0ndHh0Q29weXJpZ2h0JyB0YXJnZXQ9J19ibGFuayc+Q3ViZUNhcnQ8L2E+JnRyYWRlOzxiciAvPkNvcHlyaWdodCA8YSBocmVmPSdodHRwOi8vd3d3LmRldmVsbGlvbi5jb20nIGNsYXNzPSd0eHRDb3B5cmlnaHQnIHRhcmdldD0nX2JsYW5rJz5EZXZlbGxpb24gTGltaXRlZDwvYT4gMjAwNi4gQWxsIHJpZ2h0cyByZXNlcnZlZC48L2Rpdj48L2JvZHk+";
$uniKey2 = "TG9jYXRpb246IGh0dHA6Ly93d3cuY3ViZWNhcnQuY29tL3NpdGUvcHVyY2hhc2Uv";
// get userdata
$query = "SELECT * FROM ".$glob['dbprefix']."_sessions LEFT JOIN ".$glob['dbprefix']."_customer ON ".$glob['dbprefix']."_sessions.customer_id = ".$glob['dbprefix']."_customer.customer_id WHERE sessId = ".$db->mySQLSafe($_SESSION['ccUser']);
$ccUserData = $db->select($query);
// We have a session issue :-/ (e.g. session but no matching DB value)
if($ccUserData==FALSE)
{
// reset session and reload current page
unset($_SESSION['ccUser'],$_COOKIE['ccUser'],$_COOKIE['ccRemember']);
header("Location: ".str_replace("&","&",currentPage()));
exit;
}
?>
Code: Select all
<?php
if($_GET['p']=="R" && isset($_POST['Email']) && isset($_POST['Password'])){
$query = "SELECT customer_id FROM ".$glob['dbprefix']."_customer WHERE email='".$_POST['Email']."' AND password = '".EncPas($_POST['password'], "Both")."'";
$customer = $db->select($query);
if($customer[0]['customer_id']>0) {
$customerData["customer_id"] = "'".$customer[0]['customer_id']."'";
$update = $db->update($glob['dbprefix']."_sessions", $customerData,"sessId='".$customer[0]['customer_id']."'");
if($_POST['remember']==1){
setcookie("ccRemember","1",time()+$config['sqlSessionExpiry'], $GLOBALS['rootRel']);
}
// redirect
// "login","reg","unsubscribe","forgotPass"
if($_SESSION['ccUser']){
header("Location: index.php?p=H");
exit;
} else {
}
}
}?>
///////////FORM
<form action="" method="post" enctype="multipart/form-data" class="login">
<table width="98.5%" style="float:left;">
<tr>
<td><strong>E-Mail:</strong></td>
</tr>
<tr>
<td><input type="text" name="Email" size="30" class="textbox" value="<?php if($_COOKIE['email']==TRUE){ echo $_COOKIE['email']; } ?>" /></td>
</tr>
<tr>
<td>
<strong>Password:</strong>
</td>
</tr>
<tr>
<td><input type="password" name="Password" size="15" class="textbox" value="" /></td>
</tr>
<tr>
<td> <strong style="font-size:10px">Remember Me </strong>
<input name="remember" type="checkbox" value="1" <?php if($_COOKIE['remember']){ echo "checked"; } ?> /><br />
<center><input name="submit" type="submit" value="Login" class="submit" /> -Or- <a href="index.php?p=L&m=Fl" class="txtSession">Forgot Login?</a></center></td>
</tr>
<tr>
<td>
</td>
</tr>
</table>
</form>