function page_start()
{
global $db, $params, $config;
// start stopwatch
stopwatch('start');
// get configuration
$config = new Config();
// check for cookie
// FIXME german string..
if (!sizeof($_COOKIE)) {
page_error403('Sie müssen 3rd party cookies erlauben.');
}
// start session
session_start();
// get request params
$params = new Params();
// check for valid session
// FIXME german string..
if (!$params->SESSION->player->playerID) {
page_error403(sprintf('Sie waren für %d Minuten oder mehr inaktiv.', date("i", ini_get("session.gc_maxlifetime"))));
}
// connect to database
if (!($db = new Db())) {
page_dberror();
}
// init I18n
$params->SESSION->player->init_i18n();
}
function page_start()
{
global $db;
// start stopwatch
stopwatch('start');
// check for cookie
if (!sizeof($_COOKIE)) {
page_error403('Sie müssen 3rd party cookies erlauben.');
}
// start session
session_start();
// check for valid session
if (!isset($_SESSION['player']) || !$_SESSION['player']->playerID) {
header("Location: " . Config::GAME_END_URL . "?id=inaktiv");
exit;
}
// connect to database
if (!($db = DbConnect())) {
header("Location: " . Config::GAME_END_URL . "?id=db");
exit;
}
// init I18n
$_SESSION['player']->init_i18n();
}
if (!$db) {
page_dberror();
}
//check user from Session-table with id
$query = "SELECT * FROM Session " . "WHERE s_id = '{$params->POST->id}' " . "AND playerID = '{$params->POST->userID}'";
$dbresult = $db->query($query);
if (!$dbresult || $dbresult->isEmpty()) {
page_error403(__FILE__ . ":" . __LINE__ . ": Falsche SessionID.");
}
$session_row = $dbresult->nextRow(MYSQL_ASSOC);
// sessionstart sollte nur einmal augerufen werden können
$query = "UPDATE `Session` SET s_id_used = 1 " . "WHERE s_id = '{$params->POST->id}' " . "AND playerID = '{$params->POST->userID}' " . "AND s_id_used = 0";
$dbresult = $db->query($query);
if (!$dbresult || !$db->affected_rows() == 1) {
page_error403(__FILE__ . ":" . __LINE__ . ": Ungültige SessionID.");
}
// get player by playerID for session
$player = Player::getPlayer($params->POST->userID);
if (!$player) {
page_error403(__FILE__ . ":" . __LINE__ . ": Ungültige SpielerID.");
}
// put user, its session and nogfx flag into session
$_SESSION['player'] = $player;
$_SESSION['nogfx'] = $params->POST->nogfx == 1;
$_SESSION['session'] = $session_row;
$_SESSION['logintime'] = date("YmdHis");
// initiate Session messages
$_SESSION['messages'] = array();
// go to ugastart.php
Header("Location: {$config->GAME_START_URL}");
exit;
$modus = NOT_MY_CAVE;
}
}
///////////////////////////////////////////////////////////////////////////////
// checken, ob session timeout //
// this check FAILS during the two seconds around midnight! //
///////////////////////////////////////////////////////////////////////////////
list($usec, $sec) = explode(" ", microtime());
$microtime = $sec + $usec;
// calculate seconds with 1000s frac
$query = "UPDATE Session SET microtime = '{$microtime}' " . "WHERE playerID = '{$params->SESSION->user['playerID']}' " . "AND `sessionID` = {$_SESSION['session']['sessionID']} " . "AND ((lastAction < (NOW() - INTERVAL 2 SECOND) + 0) " . "OR microtime <= {$microtime} - {$config->WWW_REQUEST_TIMEOUT})";
if (!$db->query($query)) {
page_error403("Ihre Session konnte nicht aktualisiert werden.");
}
if (!$db->affected_rows()) {
page_error403("Ihre Session ist ungültig.");
}
// Not Blocked, request Logging
if ($config->LOG_ALL && in_array($modus, $config->logModusInclude)) {
$query = "INSERT INTO Log_" . date("w") . " (playerID, caveID, ip, request, sessionID)" . " VALUES ('" . $params->SESSION->user['playerID'] . "', '{$caveID}', '{$_SERVER['REMOTE_ADDR']}'," . " '" . addslashes(var_export($params->POST, TRUE)) . "', '" . session_id() . "')";
$db->query($query);
}
///////////////////////////////////////////////////////////////////////////////
// print all Session messages //
///////////////////////////////////////////////////////////////////////////////
if (sizeof($params->SESSION->messages)) {
foreach ($params->SESSION->messages as $sess_mess) {
echo $sess_mess . "<br>";
}
$_SESSION['messages'] = array();
}
require_once "include/page.inc.php";
require_once "include/db.functions.php";
require_once "include/time.inc.php";
require_once "include/basic.lib.php";
require_once "include/vote.html.php";
require_once "modules/Messages/Messages.php";
page_start();
// session expired?
if (page_sessionExpired($params)) {
page_error403("Sie waren für " . (int) (SESSION_MAX_LIFETIME / 60) . " Minuten oder mehr inaktiv. Letzte Aktion um " . date("H:i:s", $params->SESSION->lastAction . " Uhr."));
} else {
$_SESSION['lastAction'] = time();
}
// session valid?
if (!page_sessionValidate($params, $config)) {
page_error403(__FILE__ . ":" . __LINE__ . ": Session ist ungültig.");
}
// get modus
$modus = page_getModus($params, $config);
// get caves
$caveID = $params->SESSION->caveID;
$meineHoehlen = getCaves($params->SESSION->player->playerID);
// no caves left
if (!$meineHoehlen) {
if (!in_array($modus, $config->noCaveModusInclude)) {
$modus = NO_CAVE_LEFT;
}
} else {
// caveID is not sent
if ($caveID == NULL) {
$temp = current($meineHoehlen);
require_once "include/params.inc.php";
require_once "include/Player.php";
// set session id
if (function_exists('posix_getpid')) {
session_id(md5(microtime() . posix_getpid()));
} else {
session_id(md5(microtime() . rand()));
}
// start session
session_start();
// keine Variablen angegeben
$sessionID = Request::getVar('id', '');
$playerID = Request::getVar('userID', 0);
$noGfx = Request::getVar('nogfx', 0);
if (!$sessionID || !$playerID) {
page_error403("Fehlende Loginvariablen.");
}
// connect to database
if (!($db = DbConnect())) {
header("Location: " . Config::GAME_END_URL . "?id=db");
exit;
}
//check user from Session-table with id
$sql = $db->prepare("SELECT *\n FROM " . SESSION_TABLE . "\n WHERE s_id = :s_id\n AND playerID = :playerID");
$sql->bindValue('s_id', $sessionID, PDO::PARAM_STR);
$sql->bindValue('playerID', $playerID, PDO::PARAM_INT);
if (!$sql->execute()) {
header("Location: " . Config::GAME_END_URL . "?id=wrongSessionID");
exit;
}
$sessionRow = $sql->fetch(PDO::FETCH_ASSOC);
