function page_start() { global $db, $params, $config; // start stopwatch stopwatch('start'); // get configuration $config = new Config(); // check for cookie // FIXME german string.. if (!sizeof($_COOKIE)) { page_error403('Sie müssen 3rd party cookies erlauben.'); } // start session session_start(); // get request params $params = new Params(); // check for valid session // FIXME german string.. if (!$params->SESSION->player->playerID) { page_error403(sprintf('Sie waren für %d Minuten oder mehr inaktiv.', date("i", ini_get("session.gc_maxlifetime")))); } // connect to database if (!($db = new Db())) { page_dberror(); } // init I18n $params->SESSION->player->init_i18n(); }
function page_start() { global $db; // start stopwatch stopwatch('start'); // check for cookie if (!sizeof($_COOKIE)) { page_error403('Sie müssen 3rd party cookies erlauben.'); } // start session session_start(); // check for valid session if (!isset($_SESSION['player']) || !$_SESSION['player']->playerID) { header("Location: " . Config::GAME_END_URL . "?id=inaktiv"); exit; } // connect to database if (!($db = DbConnect())) { header("Location: " . Config::GAME_END_URL . "?id=db"); exit; } // init I18n $_SESSION['player']->init_i18n(); }
if (!$db) { page_dberror(); } //check user from Session-table with id $query = "SELECT * FROM Session " . "WHERE s_id = '{$params->POST->id}' " . "AND playerID = '{$params->POST->userID}'"; $dbresult = $db->query($query); if (!$dbresult || $dbresult->isEmpty()) { page_error403(__FILE__ . ":" . __LINE__ . ": Falsche SessionID."); } $session_row = $dbresult->nextRow(MYSQL_ASSOC); // sessionstart sollte nur einmal augerufen werden können $query = "UPDATE `Session` SET s_id_used = 1 " . "WHERE s_id = '{$params->POST->id}' " . "AND playerID = '{$params->POST->userID}' " . "AND s_id_used = 0"; $dbresult = $db->query($query); if (!$dbresult || !$db->affected_rows() == 1) { page_error403(__FILE__ . ":" . __LINE__ . ": Ungültige SessionID."); } // get player by playerID for session $player = Player::getPlayer($params->POST->userID); if (!$player) { page_error403(__FILE__ . ":" . __LINE__ . ": Ungültige SpielerID."); } // put user, its session and nogfx flag into session $_SESSION['player'] = $player; $_SESSION['nogfx'] = $params->POST->nogfx == 1; $_SESSION['session'] = $session_row; $_SESSION['logintime'] = date("YmdHis"); // initiate Session messages $_SESSION['messages'] = array(); // go to ugastart.php Header("Location: {$config->GAME_START_URL}"); exit;
$modus = NOT_MY_CAVE; } } /////////////////////////////////////////////////////////////////////////////// // checken, ob session timeout // // this check FAILS during the two seconds around midnight! // /////////////////////////////////////////////////////////////////////////////// list($usec, $sec) = explode(" ", microtime()); $microtime = $sec + $usec; // calculate seconds with 1000s frac $query = "UPDATE Session SET microtime = '{$microtime}' " . "WHERE playerID = '{$params->SESSION->user['playerID']}' " . "AND `sessionID` = {$_SESSION['session']['sessionID']} " . "AND ((lastAction < (NOW() - INTERVAL 2 SECOND) + 0) " . "OR microtime <= {$microtime} - {$config->WWW_REQUEST_TIMEOUT})"; if (!$db->query($query)) { page_error403("Ihre Session konnte nicht aktualisiert werden."); } if (!$db->affected_rows()) { page_error403("Ihre Session ist ungültig."); } // Not Blocked, request Logging if ($config->LOG_ALL && in_array($modus, $config->logModusInclude)) { $query = "INSERT INTO Log_" . date("w") . " (playerID, caveID, ip, request, sessionID)" . " VALUES ('" . $params->SESSION->user['playerID'] . "', '{$caveID}', '{$_SERVER['REMOTE_ADDR']}'," . " '" . addslashes(var_export($params->POST, TRUE)) . "', '" . session_id() . "')"; $db->query($query); } /////////////////////////////////////////////////////////////////////////////// // print all Session messages // /////////////////////////////////////////////////////////////////////////////// if (sizeof($params->SESSION->messages)) { foreach ($params->SESSION->messages as $sess_mess) { echo $sess_mess . "<br>"; } $_SESSION['messages'] = array(); }
require_once "include/page.inc.php"; require_once "include/db.functions.php"; require_once "include/time.inc.php"; require_once "include/basic.lib.php"; require_once "include/vote.html.php"; require_once "modules/Messages/Messages.php"; page_start(); // session expired? if (page_sessionExpired($params)) { page_error403("Sie waren für " . (int) (SESSION_MAX_LIFETIME / 60) . " Minuten oder mehr inaktiv. Letzte Aktion um " . date("H:i:s", $params->SESSION->lastAction . " Uhr.")); } else { $_SESSION['lastAction'] = time(); } // session valid? if (!page_sessionValidate($params, $config)) { page_error403(__FILE__ . ":" . __LINE__ . ": Session ist ungültig."); } // get modus $modus = page_getModus($params, $config); // get caves $caveID = $params->SESSION->caveID; $meineHoehlen = getCaves($params->SESSION->player->playerID); // no caves left if (!$meineHoehlen) { if (!in_array($modus, $config->noCaveModusInclude)) { $modus = NO_CAVE_LEFT; } } else { // caveID is not sent if ($caveID == NULL) { $temp = current($meineHoehlen);
require_once "include/params.inc.php"; require_once "include/Player.php"; // set session id if (function_exists('posix_getpid')) { session_id(md5(microtime() . posix_getpid())); } else { session_id(md5(microtime() . rand())); } // start session session_start(); // keine Variablen angegeben $sessionID = Request::getVar('id', ''); $playerID = Request::getVar('userID', 0); $noGfx = Request::getVar('nogfx', 0); if (!$sessionID || !$playerID) { page_error403("Fehlende Loginvariablen."); } // connect to database if (!($db = DbConnect())) { header("Location: " . Config::GAME_END_URL . "?id=db"); exit; } //check user from Session-table with id $sql = $db->prepare("SELECT *\n FROM " . SESSION_TABLE . "\n WHERE s_id = :s_id\n AND playerID = :playerID"); $sql->bindValue('s_id', $sessionID, PDO::PARAM_STR); $sql->bindValue('playerID', $playerID, PDO::PARAM_INT); if (!$sql->execute()) { header("Location: " . Config::GAME_END_URL . "?id=wrongSessionID"); exit; } $sessionRow = $sql->fetch(PDO::FETCH_ASSOC);