function login() { if (!isset($_SESSION['user'])) { if (!new_session()) { trigger_error("User could not be created."); } } // now the user dir should exist, move to it if (!chdir($_SESSION['user']['dir'])) { trigger_error("User directory ({$_SESSION["user"]["dir"]}) unavailable."); } }
$msg .= "Der Angegebene Benutzername existiert nicht.<br>"; } $user = mysql_fetch_array($r_user); if ($user['userpassword'] != md5($login_password)) { $msg .= "Das Passwort ist leider falsch.<br>"; possible_flood(FLOOD_LOGIN); } if ($user['useractivate']) { $msg .= "Sie haben ihren Account noch nicht aktiviert."; } if (isset($msg) && strlen($msg) > 0) { message("Fehler", "Es sind leider Fehler aufgetreten:<font color='{$style['color_err']}'><br><br>{$msg}</font>"); } global $g_user, $s; $g_user = array(); $g_user['userisadmin'] = false; $g_user['userid'] = $user['userid']; $g_user['have_cookie'] = $login_cookie; $s = new_session(); $g_user['have_cookie'] = false; if ($login_cookie) { setcookie("thwb_cookie", md5($login_password) . $user['userid'], time() + 60 * 60 * 24 * 365); } if (empty($source)) { $source = 'index.php'; } else { $source = urldecode($source); } // $source xss vuln fix by tendor $source = str_replace(array('"', '<', '>'), array('%22', '%3c', '%3e'), $source); message_redirect('Sie wurden erfolgreich eingeloggt, bitte warten ...', $source);
function update_session() { global $_db_table_config, $badgerDb, $_session_timeout, $logger; $sess = $_COOKIE['badger_sess']; $sql = "select logout, UNIX_TIMESTAMP(last) last from {$_db_table_config} where sid = '{$sess}'"; $res = query($sql); //modified by badger //$row = mysql_fetch_array($res); $row = array(); $res->fetchInto($row, DB_FETCHMODE_ASSOC); $logger->log('SESSION MANAGEMENT: last: ' . $row['last'] . ' time: ' . time() . ' diff: ' . (time() - $row['last'])); if ($row['last'] + $_session_timeout * 60 < time()) { $GLOBALS['sessionTimeout'] = true; return new_session(); } else { if ($row['logout'] != 1) { $sql = "update {$_db_table_config} set last = NOW() where sid = '{$sess}'"; query($sql); if ($badgerDb->affectedRows() < 0) { return new_session(); } else { return $sess; } } else { return new_session(); } } }
/** * verifies session data * * returns `guest' in case of authentication failure; * otherwise a thwb_cookie style string is returned **/ function verify_session() { global $s, $pref, $config, $g_user, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS; $have_cookie = !empty($HTTP_COOKIE_VARS['thwb_cookie']); $have_sid_cookie = !empty($HTTP_COOKIE_VARS['thwb_session']); $have_session = !empty($s); $g_user['have_cookie'] = false; if (!$have_cookie && !$have_session) { return "guest"; } if ($have_cookie && defined('THWB_NOSESSION_PAGE')) { // check for existing session id if (!$have_sid_cookie) { $r_session = thwb_query("SELECT sessionid FROM " . $pref . "online WHERE userid = '" . addslashes(substr($HTTP_COOKIE_VARS['thwb_cookie'], 32)) . "' AND onlinetime >= '" . (time() - $config['session_timeout'] . "' ORDER BY onlinetime DESC LIMIT 1")); if (mysql_num_rows($r_session)) { // got a session id, use it. $a_session = mysql_fetch_array($r_session); $s = $a_session['sessionid']; } else { // we don't have a session id // we must make sure that userid exists for new_session() relies on it. if (empty($g_user['userid'])) { $g_user['userid'] = substr($HTTP_COOKIE_VARS['thwb_cookie'], 32); } // user is using cookies, therefore we store the session id into a cookie, too. $g_user['have_cookie'] = true; $s = new_session(); } } else { $s = $HTTP_COOKIE_VARS['thwb_session']; $g_user['have_cookie'] = true; } return $HTTP_COOKIE_VARS['thwb_cookie']; } else { if ($have_session || $have_sid_cookie) { if ($have_sid_cookie) { $s = $HTTP_COOKIE_VARS['thwb_session']; } $r_session = thwb_query("SELECT o.userid, o.onlineip, o.onlinetime, u.userpassword FROM " . $pref . "online AS o LEFT OUTER JOIN " . $pref . "user AS u ON o.userid = u.userid WHERE o.sessionid='" . addslashes($s) . "' ORDER BY o.onlinetime DESC LIMIT 1"); if (!mysql_num_rows($r_session)) { // mismatching session id return "guest"; } $a_session = mysql_fetch_array($r_session); if ($have_cookie) { if (substr($HTTP_COOKIE_VARS['thwb_cookie'], 32) != $a_session['userid']) { // session userid doest not match cookie user id return "guest"; } else { if (substr($HTTP_COOKIE_VARS['thwb_cookie'], 0, 32) != $a_session['userpassword']) { // session password does not match cookie password return "guest"; } } } if (!$have_sid_cookie) { // check first 24 bytes of ip (to avoid problems with aol and other proxies) if (substr(dechex(ip2long($a_session['onlineip'])), 0, 6) != substr(dechex(ip2long($HTTP_SERVER_VARS['REMOTE_ADDR'])), 0, 6)) { message("IP Mismatch", "Diese Session-ID ist an eine andere IP gebunden.<br>Klicken Sie <a href=\"" . build_link("login.php?source=" . $path) . "\">hier</a> um sich einzuloggen."); } // check session timeout if ($a_session['onlinetime'] < time() - $config['session_timeout']) { // timed out thwb_query("DELETE FROM " . $pref . "online WHERE sessionid='" . addslashes($s) . "'"); message("Timeout", "Sie wurden automatisch ausgeloggt, weil Ihre Session-ID abgelaufen ist. <br>Bitte <a href=\"" . build_link("login.php?source=" . $path) . "\">loggen</a> Sie sich neu ein."); } } // everything is ok $g_user['have_cookie'] = $have_sid_cookie; return $a_session['userpassword'] . $a_session['userid']; } else { // fall through return "guest"; } } }
function update_session() { global $_db_table_config, $badgerDb; $sess = $_COOKIE['badger_sess']; $sql = "select logout from {$_db_table_config} where sid = '{$sess}'"; $res = query($sql); //modified by badger //$row = mysql_fetch_array($res); $res->fetchInto($row, DB_FETCHMODE_ASSOC); if ($row['logout'] != 1) { $sql = "update {$_db_table_config} set last = NOW() where sid = '{$sess}'"; query($sql); if ($badgerDb->affectedRows() < 0) { return new_session(); } else { return $sess; } } else { return new_session(); } }
<?php include "connect.php"; include "private/create_session.php"; //Starting a session, if session is set, so redirect user session_start(); if (isset($_SESSION['username']) && isset($_SESSION['mysession']) && isset($_SESSION['is_admin'])) { header("Location: welcome.php"); //redirect to login page to secure the welcome page without login access. } // take the variables if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) { // $username = strip_tags( trim( $_POST['username'] ) ); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $email = mysql_real_escape_string($_POST['email']); $mysession = new_session($username, $password); $sql = "INSERT INTO users " . "(email, username, password, mysession, is_admin) " . "VALUES " . "('{$email}', '{$username}', '{$password}', '{$mysession}', '0')"; if (@mysql_query($sql)) { $_SESSION['username'] = $username; $_SESSION['mysession'] = $mysession; $_SESSION['password'] = $password; $_SESSION['is_admin'] = $is_admin; setcookie("CTF_Session", $row['mysession'], time() + 86400 * 30, '/', null, null, true); header('Location: welcome.php'); } else { echo 'username or email exist... sorry!'; foreach ($_COOKIE as $key => $value) { setcookie($key, $value, $past, '/'); } } }