//echo "session expired<br>";
//echo $TIME_OUT_TIME."<br>";
//echo $HTTP_SESSION_VARS['sess_user_id'];
# Show session time out warning and exit the script to stop the module
include $root_path . "include/inc_session_timeout_warning.php";
exit;
} else {
# Reset the time-out start time
$HTTP_SESSION_VARS['sess_tos'] = $tnow;
//echo $tnow;
}
}
}
# Decrypt the second level cookie sid and compare to sid
$dec_2level = new Crypt_HCEMD5($key_2level, '');
$clear_2sid = $dec_2level->DecodeMimeSelfRand($HTTP_COOKIE_VARS['ck_2level_sid' . $sid]);
if (!$sid || $sid != $clear_ck_sid || $sid != $clear_2sid || !isset($HTTP_COOKIE_VARS[$local_user . $sid]) || empty($HTTP_COOKIE_VARS[$local_user . $sid])) {
$no_valid = 1;
}
# if(!$sid||($sid!=$clear_ck_sid)||($sid!=$clear_2sid)) $no_valid=1;
} elseif (!$sid || $sid != $clear_ck_sid) {
$no_valid = 1;
} else {
# Reset the time-out start time
$HTTP_SESSION_VARS['sess_tos'] = $tnow;
}
if ($no_valid) {
if (getLang('invalid-access-warning.php')) {
header('Location:' . $root_path . 'language/' . $lang . '/lang_' . $lang . '_invalid-access-warning.php');
} else {
header('Location:' . $root_path . 'language/' . LANG_DEFAULT . '/lang_' . LANG_DEFAULT . '_invalid-access-warning.php');
fputs($file, "\r\n");
fclose($file);
}
}
}
/*if(!isset($db) || !$db || !$dblink_ok) include_once($root_path.'include/inc_db_makelink.php');
if($dblink_ok)
{*/
$sql = 'SELECT name, login_id, password, permission, lockflag FROM care_users WHERE login_id=\'' . addslashes($userid) . '\'';
if ($ergebnis = $db->Execute($sql)) {
$zeile = $ergebnis->FetchRow();
if (isset($checkintern) && $checkintern) {
$dec_login = new Crypt_HCEMD5($key_login, '');
//$keyword = $dec_login->DecodeMimeSelfRand($HTTP_COOKIE_VARS['ck_login_pw'.$sid]);
$keyword = $dec_login->DecodeMimeSelfRand($HTTP_SESSION_VARS['sess_login_pw']);
} else {
$checkintern = false;
}
if ($zeile['password'] == md5($keyword) && $zeile['login_id'] == $userid) {
if (!$zeile['lockflag']) {
if (isset($screenall) && $screenall || validarea($zeile['permission'])) {
if (empty($zeile['name'])) {
$zeile['name'] = ' ';
}
logentry($userid, $zeile['name'], "IP:" . $REMOTE_ADDR . " {$lognote} ", $thisfile, $fileforward);
/**
* Init crypt to use 2nd level key and encrypt the sid.
* Store to cookie the "$ck_2level_sid.$sid"
* There is no need to call another include of the inc_init_crypt.php since it is already included at the start
* of the script that called this script.
include $root_path . "include/inc_session_timeout_warning.php";
exit;
} else {
# Reset the time-out start time
#print_r($_GET);
#echo '<hr />===================================';
if ($_GET['refreshed'] != '') {
$_SESSION['sess_tos'] = $tnow;
}
#echo '<hr />'.$tnow;
}
}
}
# Decrypt the second level cookie sid and compare to sid
$dec_2level = new Crypt_HCEMD5($key_2level, '');
$clear_2sid = $dec_2level->DecodeMimeSelfRand($_COOKIE['ck_2level_sid' . $sid]);
//if(!$sid||($sid!=$clear_ck_sid)||($sid!=$clear_2sid)||!isset($_COOKIE[$local_user.$sid])||empty($_COOKIE[$local_user.$sid])) $no_valid=1;
if (!$sid || $sid != $clear_ck_sid || $sid != $clear_2sid) {
$no_valid = 1;
}
# if(!$sid||($sid!=$clear_ck_sid)||($sid!=$clear_2sid)) $no_valid=1;
} elseif (!$sid || $sid != $clear_ck_sid) {
$no_valid = 1;
} else {
# Reset the time-out start time
$_SESSION['sess_tos'] = $tnow;
#print_r($_GET);
}
if ($no_valid) {
if (getLang('invalid-access-warning.php')) {
header('Location:' . $root_path . 'language/' . $lang . '/lang_' . $lang . '_invalid-access-warning.php');
}
}
/*if(!isset($db) || !$db || !$dblink_ok) include_once($root_path.'include/inc_db_makelink.php');
if($dblink_ok)
{*/
$debug = FALSE;
$debug ? $db->debug = TRUE : ($db->debug = FALSE);
$sql = 'SELECT name, login_id, password, permission, lockflag FROM care_users WHERE login_id=\'' . addslashes($userid) . '\'';
#print $sql.'<hr />';
if ($ergebnis = $db->Execute($sql)) {
$zeile = $ergebnis->FetchRow();
if (isset($checkintern) && $checkintern) {
$dec_login = new Crypt_HCEMD5($key_login, '');
//$keyword = $dec_login->DecodeMimeSelfRand($_COOKIE['ck_login_pw'.$sid]);
$keyword = $dec_login->DecodeMimeSelfRand($_SESSION['sess_login_pw']);
} else {
$checkintern = false;
}
if ($zeile['password'] == md5($keyword) && $zeile['login_id'] == $userid) {
if (!$zeile['lockflag']) {
if (isset($screenall) && $screenall || validarea($zeile['permission'])) {
if (empty($zeile['name'])) {
$zeile['name'] = ' ';
}
logentry($userid, $zeile['name'], "IP:" . $_SERVER['REMOTE_ADDR'] . " {$lognote} ", $thisfile, $fileforward);
/**
* Init crypt to use 2nd level key and encrypt the sid.
* Store to cookie the "$ck_2level_sid.$sid"
* There is no need to call another include of the inc_init_crypt.php since it is already included at the start
* of the script that called this script.
