function start($user_id, $password, $level, $session_script, $session_script_get, $session_script_title, $autoconnect = false, $already_hashed = false) { global $CONFIG, $Sql; $pwd = $password; if (!$already_hashed) { $password = strhash($password); } $error = ''; $session_script = addslashes($session_script); $session_script_title = addslashes($session_script_title); $session_script_get = preg_replace('`&token=[^&]+`', '', QUERY_STRING); ########Insertion dans le compteur si l'ip est inconnue.######## $check_ip = $Sql->query("SELECT COUNT(*) FROM " . DB_TABLE_VISIT_COUNTER . " WHERE ip = '" . USER_IP . "'", __LINE__, __FILE__); $_include_once = empty($check_ip) && Session::_check_bot(USER_IP) === false; if ($_include_once) { //Récupération forcée de la valeur du total de visites, car problème de CAST avec postgresql. $Sql->query_inject("UPDATE " . LOW_PRIORITY . " " . DB_TABLE_VISIT_COUNTER . " SET ip = ip + 1, time = '" . gmdate_format('Y-m-d', time(), TIMEZONE_SYSTEM) . "', total = total + 1 WHERE id = 1", __LINE__, __FILE__); $Sql->query_inject("INSERT " . LOW_PRIORITY . " INTO " . DB_TABLE_VISIT_COUNTER . " (ip, time, total) VALUES('" . USER_IP . "', '" . gmdate_format('Y-m-d', time(), TIMEZONE_SYSTEM) . "', 0)", __LINE__, __FILE__); //Mise à jour du last_connect, pour un membre qui vient d'arriver sur le site. if ($user_id !== '-1') { $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET last_connect = '" . time() . "' WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__); } } import('core/stats_saver'); StatsSaver::compute_referer(); if ($_include_once) { StatsSaver::compute_users(); } ########Génération d'un ID de session unique######## $session_uniq_id = strhash(uniqid(mt_rand(), true)); //On génère un numéro de session aléatoire. $this->data['user_id'] = $user_id; $this->data['session_id'] = $session_uniq_id; $this->data['token'] = strhash(uniqid(mt_rand(), true), false); ########Session existe t-elle?######### Session::garbage_collector(); //On nettoie avant les sessions périmées. if ($user_id !== '-1') { //Suppression de la session visiteur générée avant l'enregistrement! $Sql->query_inject("DELETE FROM " . DB_TABLE_SESSIONS . " WHERE session_ip = '" . USER_IP . "' AND user_id = -1", __LINE__, __FILE__); if (isset($_COOKIE[$CONFIG['site_cookie'] . '_data'])) { setcookie($CONFIG['site_cookie'] . '_data', '', time() - 31536000, '/'); } $Sql->query_inject("DELETE FROM " . DB_TABLE_SESSIONS . " WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__); $password_m = $Sql->query("SELECT password FROM " . DB_TABLE_MEMBER . " WHERE user_id = '" . $user_id . "' AND user_warning < 100 AND '" . time() . "' - user_ban >= 0", __LINE__, __FILE__); if (!empty($password) && ($password === $password_m || md5($pwd) === $password_m)) { if (md5($pwd) === $password_m) { $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET password = '******' WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__); } $Sql->query_inject("INSERT INTO " . DB_TABLE_SESSIONS . " VALUES('" . $session_uniq_id . "', '" . $user_id . "', '" . $level . "', '" . USER_IP . "', '" . time() . "', '" . $session_script . "', '" . $session_script_get . "', '" . $session_script_title . "', '0', '', '', '', '" . $this->data['token'] . "')", __LINE__, __FILE__); } else { $Sql->query_inject("INSERT INTO " . DB_TABLE_SESSIONS . " VALUES('" . $session_uniq_id . "', -1, -1, '" . USER_IP . "', '" . time() . "', '" . $session_script . "', '" . $session_script_get . "', '" . $session_script_title . "', '0', '', '', '', '" . $this->data['token'] . "')", __LINE__, __FILE__); $delay_ban = $Sql->query("SELECT user_ban FROM " . DB_TABLE_MEMBER . " WHERE user_id = '" . $user_id . "'", __LINE__, __FILE__); if (time() - $delay_ban >= 0) { $error = 'echec'; } else { $error = $delay_ban; } } } else { $Sql->query_inject("INSERT INTO " . DB_TABLE_SESSIONS . " VALUES('" . $session_uniq_id . "', -1, -1, '" . USER_IP . "', '" . time() . "', '" . $session_script . "', '" . $session_script_get . "', '" . $session_script_title . "', '0', '', '', '', '" . $this->data['token'] . "')", __LINE__, __FILE__); } ########Génération du cookie de session######## $data = array(); $data['user_id'] = isset($user_id) ? numeric($user_id) : -1; $data['session_id'] = $session_uniq_id; setcookie($CONFIG['site_cookie'] . '_data', serialize($data), time() + 31536000, '/'); ########Génération du cookie d'autoconnection######## if ($autoconnect === true) { $session_autoconnect['user_id'] = $user_id; $session_autoconnect['pwd'] = $password; setcookie($CONFIG['site_cookie'] . '_autoconnect', serialize($session_autoconnect), time() + 31536000, '/'); } unset($pwd); return $error; }
public function on_changepage() { StatsSaver::update_pages_displayed(); StatsSaver::compute_referer(); }