/** * Check if user session exists. Adapted from Joomla original code */ function shLookupSession() { global $mainframe; return false; // does not work in 1.5. Not needed anyway, as long as multilingual 303 redirect is not solved $database =& JFactory::getDBO(); // initailize session variables $session = new mosSession($database); $option = strval(strtolower(JRequest::getVar('option'))); $mainframe = new mosMainFrame($database, $option, '.'); // purge expired sessions $session->purge('core'); // can't purge as $mainframe is not initialized yet // Session Cookie `name` // WARNING : I am using the Hack from $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = strval(JRequest::getVar($sessionCookieName, null, 'COOKIE')); // Session ID / `value` $sessionValueCheck = mosMainFrame::sessionCookieValue($sessioncookie); // Check if existing session exists in db corresponding to Session cookie `value` // extra check added in 1.0.8 to test sessioncookie value is of correct length $ret = false; if ($sessioncookie && strlen($sessioncookie) == 32 && $sessioncookie != '-' && $session->load($sessionValueCheck)) { $ret = true; } unset($mainframe); return $ret; }
function &getCurrent() { static $currentSession; if (!is_object($currentSession)) { $currentSession = new mosSession(); mosSession::purge(); $sessionCookieName = md5('site' . mamboCore::get('mosConfig_live_site')); $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null); $usercookie = mosGetParam($_COOKIE, 'usercookie', null); if ($currentSession->load(md5($sessioncookie . $_SERVER['REMOTE_ADDR']))) { // Session cookie exists, update time in session table $currentSession->time = time(); $currentSession->update(); } else { $currentSession->generateId(); if (!$currentSession->insert()) { die($currentSession->getError()); } setcookie($sessionCookieName, $currentSession->getCookie(), time() + 43200, '/'); //$_COOKIE["sessioncookie"] = $session->getCookie(); if ($usercookie) { // Remember me cookie exists. Login with usercookie info. require_once mamboCore::get('mosConfig_absolute_path') . '/includes/authenticator.php'; $authenticator =& mamboAuthenticator::getInstance(); $authenticator->authenticateUser($message, $usercookie['username'], $usercookie['password'], null, $currentSession); } } } return $currentSession; }
$sessionid = vmGet($_GET, "sessionid"); $cookievals = base64_decode($sessionid); $orderID = substr($cookievals, 0, 8); $order_id = intval($orderID); $virtuemartcookie = substr($cookievals, 8, 32); $sessioncookie = substr($cookievals, 40, 32); $md5_check = substr($cookievals, 72, 32); // Check Validity of the Page Load using the MD5 Check $submitted_hashbase = $orderID . $virtuemartcookie . $sessioncookie; // OK! VALID... if ($md5_check === md5($submitted_hashbase . $mosConfig_secret . ENCODE_KEY)) { session_id($virtuemartcookie); session_name('virtuemart'); @session_start(); $session = new mosSession($database); if ($session->load($sessioncookie)) { // Session cookie exists, update time in session table $session->time = time(); $session->update(); $mainframe->_session = $session; $my = $mainframe->getUser(); } /** Retrieve Order & Payment Info **/ $db = new ps_DB(); $q = "SELECT order_id,order_total FROM #__{vm}_orders "; $q .= "WHERE #__{vm}_orders.user_id='" . $my->id . "' "; $q .= "AND #__{vm}_orders.order_id='{$order_id}' "; $db->query($q); if ($db->next_record()) { switch ($_SESSION['vendor_currency']) { case "DKK":
/** * Initialises the user session * * Old sessions are flushed based on the configuration value for the cookie * lifetime. If an existing session, then the last access time is updated. * If a new session, a session id is generated and a record is created in * the jos_sessions table. */ function initSession() { // initailize session variables $session =& $this->_session; $session = new mosSession($this->_db); // purge expired sessions $session->purge('core'); // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = strval(mosGetParam($_COOKIE, $sessionCookieName, null)); // Session ID / `value` $sessionValueCheck = mosMainFrame::sessionCookieValue($sessioncookie); // Check if existing session exists in db corresponding to Session cookie `value` // extra check added in 1.0.8 to test sessioncookie value is of correct length if ($sessioncookie && strlen($sessioncookie) == 32 && $sessioncookie != '-' && $session->load($sessionValueCheck)) { // update time in session table $session->time = time(); $session->update(); } else { // Remember Me Cookie `name` $remCookieName = mosMainFrame::remCookieName_User(); // test if cookie found $cookie_found = false; if (isset($_COOKIE[$sessionCookieName]) || isset($_COOKIE[$remCookieName]) || isset($_POST['force_session'])) { $cookie_found = true; } // check if neither remembermecookie or sessioncookie found if (!$cookie_found) { // create sessioncookie and set it to a test value set to expire on session end setcookie($sessionCookieName, '-', false, '/'); } else { // otherwise, sessioncookie was found, but set to test val or the session expired, prepare for session registration and register the session $url = strval(mosGetParam($_SERVER, 'REQUEST_URI', null)); // stop sessions being created for requests to syndicated feeds if (strpos($url, 'option=com_rss') === false && strpos($url, 'feed=') === false) { $session->guest = 1; $session->username = ''; $session->time = time(); $session->gid = 0; // Generate Session Cookie `value` $session->generateId(); if (!$session->insert()) { die($session->getError()); } // create Session Tracking Cookie set to expire on session end setcookie($sessionCookieName, $session->getCookie(), false, '/'); } } // Cookie used by Remember me functionality $remCookieValue = strval(mosGetParam($_COOKIE, $remCookieName, null)); // test if cookie is correct length if (strlen($remCookieValue) > 64) { // Separate Values from Remember Me Cookie $remUser = substr($remCookieValue, 0, 32); $remPass = substr($remCookieValue, 32, 32); $remID = intval(substr($remCookieValue, 64)); // check if Remember me cookie exists. Login with usercookie info. if (strlen($remUser) == 32 && strlen($remPass) == 32) { $this->login($remUser, $remPass, 1, $remID); } } } }