function start($user_id, $password, $level, $session_script, $session_script_get, $session_script_title, $autoconnect = false, $already_hashed = false)
{
global $CONFIG, $Sql;
$pwd = $password;
if (!$already_hashed) {
$password = strhash($password);
}
$error = '';
$session_script = addslashes($session_script);
$session_script_title = addslashes($session_script_title);
$session_script_get = preg_replace('`&token=[^&]+`', '', QUERY_STRING);
########Insertion dans le compteur si l'ip est inconnue.########
$check_ip = $Sql->query("SELECT COUNT(*) FROM " . DB_TABLE_VISIT_COUNTER . " WHERE ip = '" . USER_IP . "'", __LINE__, __FILE__);
$_include_once = empty($check_ip) && Session::_check_bot(USER_IP) === false;
if ($_include_once) {
//Récupération forcée de la valeur du total de visites, car problème de CAST avec postgresql.
$Sql->query_inject("UPDATE " . LOW_PRIORITY . " " . DB_TABLE_VISIT_COUNTER . " SET ip = ip + 1, time = '" . gmdate_format('Y-m-d', time(), TIMEZONE_SYSTEM) . "', total = total + 1 WHERE id = 1", __LINE__, __FILE__);
$Sql->query_inject("INSERT " . LOW_PRIORITY . " INTO " . DB_TABLE_VISIT_COUNTER . " (ip, time, total) VALUES('" . USER_IP . "', '" . gmdate_format('Y-m-d', time(), TIMEZONE_SYSTEM) . "', 0)", __LINE__, __FILE__);
//Mise à jour du last_connect, pour un membre qui vient d'arriver sur le site.
if ($user_id !== '-1') {
$Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET last_connect = '" . time() . "' WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__);
}
}
import('core/stats_saver');
StatsSaver::compute_referer();
if ($_include_once) {
StatsSaver::compute_users();
}
########Génération d'un ID de session unique########
$session_uniq_id = strhash(uniqid(mt_rand(), true));
//On génère un numéro de session aléatoire.
$this->data['user_id'] = $user_id;
$this->data['session_id'] = $session_uniq_id;
$this->data['token'] = strhash(uniqid(mt_rand(), true), false);
########Session existe t-elle?#########
Session::garbage_collector();
//On nettoie avant les sessions périmées.
if ($user_id !== '-1') {
//Suppression de la session visiteur générée avant l'enregistrement!
$Sql->query_inject("DELETE FROM " . DB_TABLE_SESSIONS . " WHERE session_ip = '" . USER_IP . "' AND user_id = -1", __LINE__, __FILE__);
if (isset($_COOKIE[$CONFIG['site_cookie'] . '_data'])) {
setcookie($CONFIG['site_cookie'] . '_data', '', time() - 31536000, '/');
}
$Sql->query_inject("DELETE FROM " . DB_TABLE_SESSIONS . " WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__);
$password_m = $Sql->query("SELECT password FROM " . DB_TABLE_MEMBER . " WHERE user_id = '" . $user_id . "' AND user_warning < 100 AND '" . time() . "' - user_ban >= 0", __LINE__, __FILE__);
if (!empty($password) && ($password === $password_m || md5($pwd) === $password_m)) {
if (md5($pwd) === $password_m) {
$Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET password = '******' WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__);
}
$Sql->query_inject("INSERT INTO " . DB_TABLE_SESSIONS . " VALUES('" . $session_uniq_id . "', '" . $user_id . "', '" . $level . "', '" . USER_IP . "', '" . time() . "', '" . $session_script . "', '" . $session_script_get . "', '" . $session_script_title . "', '0', '', '', '', '" . $this->data['token'] . "')", __LINE__, __FILE__);
} else {
$Sql->query_inject("INSERT INTO " . DB_TABLE_SESSIONS . " VALUES('" . $session_uniq_id . "', -1, -1, '" . USER_IP . "', '" . time() . "', '" . $session_script . "', '" . $session_script_get . "', '" . $session_script_title . "', '0', '', '', '', '" . $this->data['token'] . "')", __LINE__, __FILE__);
$delay_ban = $Sql->query("SELECT user_ban FROM " . DB_TABLE_MEMBER . " WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__);
if (time() - $delay_ban >= 0) {
$error = 'echec';
} else {
$error = $delay_ban;
}
}
} else {
$Sql->query_inject("INSERT INTO " . DB_TABLE_SESSIONS . " VALUES('" . $session_uniq_id . "', -1, -1, '" . USER_IP . "', '" . time() . "', '" . $session_script . "', '" . $session_script_get . "', '" . $session_script_title . "', '0', '', '', '', '" . $this->data['token'] . "')", __LINE__, __FILE__);
}
########Génération du cookie de session########
$data = array();
$data['user_id'] = isset($user_id) ? numeric($user_id) : -1;
$data['session_id'] = $session_uniq_id;
setcookie($CONFIG['site_cookie'] . '_data', serialize($data), time() + 31536000, '/');
########Génération du cookie d'autoconnection########
if ($autoconnect === true) {
$session_autoconnect['user_id'] = $user_id;
$session_autoconnect['pwd'] = $password;
setcookie($CONFIG['site_cookie'] . '_autoconnect', serialize($session_autoconnect), time() + 31536000, '/');
}
unset($pwd);
return $error;
}
