//echo "session expired<br>"; //echo $TIME_OUT_TIME."<br>"; //echo $HTTP_SESSION_VARS['sess_user_id']; # Show session time out warning and exit the script to stop the module include $root_path . "include/inc_session_timeout_warning.php"; exit; } else { # Reset the time-out start time $HTTP_SESSION_VARS['sess_tos'] = $tnow; //echo $tnow; } } } # Decrypt the second level cookie sid and compare to sid $dec_2level = new Crypt_HCEMD5($key_2level, ''); $clear_2sid = $dec_2level->DecodeMimeSelfRand($HTTP_COOKIE_VARS['ck_2level_sid' . $sid]); if (!$sid || $sid != $clear_ck_sid || $sid != $clear_2sid || !isset($HTTP_COOKIE_VARS[$local_user . $sid]) || empty($HTTP_COOKIE_VARS[$local_user . $sid])) { $no_valid = 1; } # if(!$sid||($sid!=$clear_ck_sid)||($sid!=$clear_2sid)) $no_valid=1; } elseif (!$sid || $sid != $clear_ck_sid) { $no_valid = 1; } else { # Reset the time-out start time $HTTP_SESSION_VARS['sess_tos'] = $tnow; } if ($no_valid) { if (getLang('invalid-access-warning.php')) { header('Location:' . $root_path . 'language/' . $lang . '/lang_' . $lang . '_invalid-access-warning.php'); } else { header('Location:' . $root_path . 'language/' . LANG_DEFAULT . '/lang_' . LANG_DEFAULT . '_invalid-access-warning.php');
fputs($file, "\r\n"); fclose($file); } } } /*if(!isset($db) || !$db || !$dblink_ok) include_once($root_path.'include/inc_db_makelink.php'); if($dblink_ok) {*/ $sql = 'SELECT name, login_id, password, permission, lockflag FROM care_users WHERE login_id=\'' . addslashes($userid) . '\''; if ($ergebnis = $db->Execute($sql)) { $zeile = $ergebnis->FetchRow(); if (isset($checkintern) && $checkintern) { $dec_login = new Crypt_HCEMD5($key_login, ''); //$keyword = $dec_login->DecodeMimeSelfRand($HTTP_COOKIE_VARS['ck_login_pw'.$sid]); $keyword = $dec_login->DecodeMimeSelfRand($HTTP_SESSION_VARS['sess_login_pw']); } else { $checkintern = false; } if ($zeile['password'] == md5($keyword) && $zeile['login_id'] == $userid) { if (!$zeile['lockflag']) { if (isset($screenall) && $screenall || validarea($zeile['permission'])) { if (empty($zeile['name'])) { $zeile['name'] = ' '; } logentry($userid, $zeile['name'], "IP:" . $REMOTE_ADDR . " {$lognote} ", $thisfile, $fileforward); /** * Init crypt to use 2nd level key and encrypt the sid. * Store to cookie the "$ck_2level_sid.$sid" * There is no need to call another include of the inc_init_crypt.php since it is already included at the start * of the script that called this script.
include $root_path . "include/inc_session_timeout_warning.php"; exit; } else { # Reset the time-out start time #print_r($_GET); #echo '<hr />==================================='; if ($_GET['refreshed'] != '') { $_SESSION['sess_tos'] = $tnow; } #echo '<hr />'.$tnow; } } } # Decrypt the second level cookie sid and compare to sid $dec_2level = new Crypt_HCEMD5($key_2level, ''); $clear_2sid = $dec_2level->DecodeMimeSelfRand($_COOKIE['ck_2level_sid' . $sid]); //if(!$sid||($sid!=$clear_ck_sid)||($sid!=$clear_2sid)||!isset($_COOKIE[$local_user.$sid])||empty($_COOKIE[$local_user.$sid])) $no_valid=1; if (!$sid || $sid != $clear_ck_sid || $sid != $clear_2sid) { $no_valid = 1; } # if(!$sid||($sid!=$clear_ck_sid)||($sid!=$clear_2sid)) $no_valid=1; } elseif (!$sid || $sid != $clear_ck_sid) { $no_valid = 1; } else { # Reset the time-out start time $_SESSION['sess_tos'] = $tnow; #print_r($_GET); } if ($no_valid) { if (getLang('invalid-access-warning.php')) { header('Location:' . $root_path . 'language/' . $lang . '/lang_' . $lang . '_invalid-access-warning.php');
} } /*if(!isset($db) || !$db || !$dblink_ok) include_once($root_path.'include/inc_db_makelink.php'); if($dblink_ok) {*/ $debug = FALSE; $debug ? $db->debug = TRUE : ($db->debug = FALSE); $sql = 'SELECT name, login_id, password, permission, lockflag FROM care_users WHERE login_id=\'' . addslashes($userid) . '\''; #print $sql.'<hr />'; if ($ergebnis = $db->Execute($sql)) { $zeile = $ergebnis->FetchRow(); if (isset($checkintern) && $checkintern) { $dec_login = new Crypt_HCEMD5($key_login, ''); //$keyword = $dec_login->DecodeMimeSelfRand($_COOKIE['ck_login_pw'.$sid]); $keyword = $dec_login->DecodeMimeSelfRand($_SESSION['sess_login_pw']); } else { $checkintern = false; } if ($zeile['password'] == md5($keyword) && $zeile['login_id'] == $userid) { if (!$zeile['lockflag']) { if (isset($screenall) && $screenall || validarea($zeile['permission'])) { if (empty($zeile['name'])) { $zeile['name'] = ' '; } logentry($userid, $zeile['name'], "IP:" . $_SERVER['REMOTE_ADDR'] . " {$lognote} ", $thisfile, $fileforward); /** * Init crypt to use 2nd level key and encrypt the sid. * Store to cookie the "$ck_2level_sid.$sid" * There is no need to call another include of the inc_init_crypt.php since it is already included at the start * of the script that called this script.