// Error codes define('ERR_GENERAL', '1'); define('ERR_CRITICAL', '2'); define('ERR_UNKNOWN', '3'); // Session modes define('SESSION_MODE_COOKIE', '1'); define('SESSION_MODE_GET', '2'); define('ANONYMOUS', '1'); define('SETTING', 'SETTING_'); ?> if ( !defined('IN_SITE') ) { die("Hacking attempt"); } function showMenu($int_parent = 0, $int_depth = 0) { global $g_db, $int_menu_depth, $row_parent, $str_url, $str_l; $int_active_id = $row_parent['menu_id']; $str_item = ""; $qry = "SELECT * FROM menu WHERE menu_status = 1 AND menu_parent = ". $int_parent ." ORDER BY menu_followorder"; $res = $g_db->sql_query($qry); $int_count = $g_db->sql_numrows($res); if ($int_count > 0) { while ($row = $g_db->sql_fetchrow($res)) { //$str_item .= "
'; print_r($aOptions); echo ''; // Preset Allowed Characters $alphanum = '[a-zA-Z0-9]'; // Alpha Numeric $unreserved = '[a-zA-Z0-9_.!~*' . '\'' . '()-]'; $escaped = '(%[0-9a-fA-F]{2})'; // Escape sequence - In Hex - %6d would be a 'm' $reserved = '[;/?:@&=+$,]'; // Special characters in the URI // Beginning Regular Expression // Scheme - Allows for 'http://', 'https://', 'mailto:', or 'ftp://' $scheme = '('; if ($aOptions['H'] === '') { $scheme .= 'http://'; } elseif ($aOptions['S'] === '') { $scheme .= 'https://'; } elseif ($aOptions['E'] === '') { $scheme .= 'mailto:'; } elseif ($aOptions['F'] === '') { $scheme .= 'ftp://'; } else { if ($aOptions['H'] === '?') { $scheme .= '|(http://)'; } if ($aOptions['S'] === '?') { $scheme .= '|(https://)'; } if ($aOptions['E'] === '?') { $scheme .= '|(mailto:)'; } if ($aOptions['F'] === '?') { $scheme .= '|(ftp://)'; } $scheme = str_replace('(|', '(', $scheme); // fix first pipe } $scheme .= ')' . $aOptions['s']; // End setting scheme // User Info - Allows for 'username@' or 'username:password@'. Note: contrary to rfc, I removed ':' from username section, allowing it only in password. // /---------------- Username -----------------------\ /-------------------------------- Password ------------------------------\ $userinfo = '((' . $unreserved . '|' . $escaped . '|[;&=+$,]' . ')+(:(' . $unreserved . '|' . $escaped . '|[;:&=+$,]' . ')+)' . $aOptions['P'] . '@)' . $aOptions['u']; // IP ADDRESS - Allows 0.0.0.0 to 255.255.255.255 $ipaddress = '((((2(([0-4][0-9])|(5[0-5])))|([01]?[0-9]?[0-9]))\.){3}((2(([0-4][0-9])|(5[0-5])))|([01]?[0-9]?[0-9])))'; // Tertiary Domain(s) - Optional - Multi - Although some sites may use other characters, the RFC says tertiary domains have the same naming restrictions as second level domains $domain_tertiary = '(' . $alphanum . '(([a-zA-Z0-9-]{0,62})' . $alphanum . ')?\.)*'; // Second Level Domain - Required - First and last characters must be Alpha-numeric. Hyphens are allowed inside. $domain_secondary = '(' . $alphanum . '(([a-zA-Z0-9-]{0,62})' . $alphanum . ')?\.)'; /* // This regex is disabled on purpose in favour of the more exact version below // Top Level Domain - First character must be Alpha. Last character must be AlphaNumeric. Hyphens are allowed inside. $domain_toplevel = '([a-zA-Z](([a-zA-Z0-9-]*)[a-zA-Z0-9])?)'; */ // Top Level Domain - Required - Domain List Current As Of December 2004. Use above escaped line to be forgiving of possible future TLD's $domain_toplevel = '(aero|biz|com|coop|edu|gov|info|int|jobs|mil|mobi|museum|name|net|org|post|pro|travel|ac|ad|ae|af|ag|ai|al|am|an|ao|aq|ar|as|at|au|aw|az|ax|ba|bb|bd|be|bf|bg|bh|bi|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)'; // Address can be IP address or Domain if ($aOptions['I'] === '{0}') { // IP Address Not Allowed $address = '(' . $domain_tertiary . $domain_secondary . $domain_toplevel . ')'; } elseif ($aOptions['I'] === '') { // IP Address Required $address = '(' . $ipaddress . ')'; } else { // IP Address Optional $address = '((' . $ipaddress . ')|(' . $domain_tertiary . $domain_secondary . $domain_toplevel . '))'; } $address = $address . $aOptions['a']; // Port Number - :80 or :8080 or :65534 Allows range of :0 to :65535 // (0-59999) |(60000-64999) |(65000-65499) |(65500-65529) |(65530-65535) $port_number = '(:(([0-5]?[0-9]{1,4})|(6[0-4][0-9]{3})|(65[0-4][0-9]{2})|(655[0-2][0-9])|(6553[0-5])))' . $aOptions['p']; // Path - Can be as simple as '/' or have multiple folders and filenames $path = '(/((;)?(' . $unreserved . '|' . $escaped . '|' . '[:@&=+$,]' . ')+(/)?)*)' . $aOptions['f']; // Query Section - Accepts ?var1=value1&var2=value2 or ?2393,1221 and much more $querystring = '(\?(' . $reserved . '|' . $unreserved . '|' . $escaped . ')*)' . $aOptions['q']; // Fragment Section - Accepts anchors such as #top $fragment = '(#(' . $reserved . '|' . $unreserved . '|' . $escaped . ')*)' . $aOptions['r']; // Building Regular Expression $regexp = '^' . $scheme . $userinfo . $address . $port_number . $path . $querystring . $fragment . '$'; // DEBUGGING - Uncomment Line Below To Display The Regular Expression Built // echo '
' . htmlentities(wordwrap($regexp,70,"\n",1)) . ''; // Running the regular expression if (eregi( $regexp, $urladdr )) { return true; // The domain passed } else { return false; // The domain didn't pass the expression } } // END Function validateUrlSyntax() /* About ValidateEmailSyntax(): This function uses the ValidateUrlSyntax() function to easily check the syntax of an email address. It accepts the same options as ValidateURLSyntax but defaults them for email addresses. Usage: validateEmailSyntax( url_to_check[, options]) url_to_check - string - The url to check options - string - A optional string of options to set which parts of the url are required, optional, or not allowed. Each option must be followed by a "+" for required, "?" for optional, or "-" for not allowed. See ValidateUrlSyntax() docs for option list. The default options are changed to: s-H-S-E+F-u+P-a+I-p-f-q-r- This only allows an address of "name@domain". Examples: validateEmailSyntax('george@fakemail.com') validateEmailSyntax('mailto:george@fakemail.com', 's+') validateEmailSyntax('george@fakemail.com?subject=Hi%20George', 'q?') validateEmailSyntax('george@212.198.33.12', 'I?') Author(s): Rod Apeldoorn - rod(at)canowhoopass(dot)com Homepage: http://www.canowhoopass.com/ License: Copyright 2004 - Rod Apeldoorn Released under same license as validateUrlSyntax(). For details, contact me. */ function validateEmailSyntax( $emailaddr, $options="" ){ // Check Options Parameter if (!ereg( '^([sHSEFuPaIpfqr][+?-])*$', $options )) { trigger_error("Options attribute malformed", E_USER_ERROR); } // Set Options Array, set defaults if options are not specified // Scheme if (strpos( $options, 's') === false) $aOptions['s'] = '-'; else $aOptions['s'] = substr( $options, strpos( $options, 's') + 1, 1); // http:// if (strpos( $options, 'H') === false) $aOptions['H'] = '-'; else $aOptions['H'] = substr( $options, strpos( $options, 'H') + 1, 1); // https:// (SSL) if (strpos( $options, 'S') === false) $aOptions['S'] = '-'; else $aOptions['S'] = substr( $options, strpos( $options, 'S') + 1, 1); // mailto: (email) if (strpos( $options, 'E') === false) $aOptions['E'] = '?'; else $aOptions['E'] = substr( $options, strpos( $options, 'E') + 1, 1); // ftp:// if (strpos( $options, 'F') === false) $aOptions['F'] = '-'; else $aOptions['F'] = substr( $options, strpos( $options, 'F') + 1, 1); // User section if (strpos( $options, 'u') === false) $aOptions['u'] = '+'; else $aOptions['u'] = substr( $options, strpos( $options, 'u') + 1, 1); // Password in user section if (strpos( $options, 'P') === false) $aOptions['P'] = '-'; else $aOptions['P'] = substr( $options, strpos( $options, 'P') + 1, 1); // Address Section if (strpos( $options, 'a') === false) $aOptions['a'] = '+'; else $aOptions['a'] = substr( $options, strpos( $options, 'a') + 1, 1); // IP Address in address section if (strpos( $options, 'I') === false) $aOptions['I'] = '-'; else $aOptions['I'] = substr( $options, strpos( $options, 'I') + 1, 1); // Port number if (strpos( $options, 'p') === false) $aOptions['p'] = '-'; else $aOptions['p'] = substr( $options, strpos( $options, 'p') + 1, 1); // File Path if (strpos( $options, 'f') === false) $aOptions['f'] = '-'; else $aOptions['f'] = substr( $options, strpos( $options, 'f') + 1, 1); // Query Section if (strpos( $options, 'q') === false) $aOptions['q'] = '-'; else $aOptions['q'] = substr( $options, strpos( $options, 'q') + 1, 1); // Fragment (Anchor) if (strpos( $options, 'r') === false) $aOptions['r'] = '-'; else $aOptions['r'] = substr( $options, strpos( $options, 'r') + 1, 1); // Generate options $newoptions = ''; foreach($aOptions as $key => $value) { $newoptions .= $key . $value; } // DEBUGGING - Uncomment line below to display generated options // echo '
' . $newoptions . ''; // Send to validateUrlSyntax() and return result return validateUrlSyntax( $emailaddr, $newoptions); } // END Function validateEmailSyntax() /* About ValidateFtpSyntax(): This function uses the ValidateUrlSyntax() function to easily check the syntax of an FTP address. It accepts the same options as ValidateURLSyntax but defaults them for FTP addresses. Usage: validateFtpSyntax( url_to_check[, options]) url_to_check - string - The url to check options - string - A optional string of options to set which parts of the url are required, optional, or not allowed. Each option must be followed by a "+" for required, "?" for optional, or "-" for not allowed. See ValidateUrlSyntax() docs for option list. The default options are changed to: s?H-S-E-F+u?P?a+I?p?f?q-r- Examples: validateFtpSyntax('ftp://netscape.com') validateFtpSyntax('moz:iesucks@netscape.com') validateFtpSyntax('ftp://netscape.com:2121/browsers/ns7/', 'u-') Author(s): Rod Apeldoorn - rod(at)canowhoopass(dot)com Homepage: http://www.canowhoopass.com/ License: Copyright 2004 - Rod Apeldoorn Released under same license as validateUrlSyntax(). For details, contact me. */ function validateFtpSyntax( $ftpaddr, $options="" ){ // Check Options Parameter if (!ereg( '^([sHSEFuPaIpfqr][+?-])*$', $options )) { trigger_error("Options attribute malformed", E_USER_ERROR); } // Set Options Array, set defaults if options are not specified // Scheme if (strpos( $options, 's') === false) $aOptions['s'] = '?'; else $aOptions['s'] = substr( $options, strpos( $options, 's') + 1, 1); // http:// if (strpos( $options, 'H') === false) $aOptions['H'] = '-'; else $aOptions['H'] = substr( $options, strpos( $options, 'H') + 1, 1); // https:// (SSL) if (strpos( $options, 'S') === false) $aOptions['S'] = '-'; else $aOptions['S'] = substr( $options, strpos( $options, 'S') + 1, 1); // mailto: (email) if (strpos( $options, 'E') === false) $aOptions['E'] = '-'; else $aOptions['E'] = substr( $options, strpos( $options, 'E') + 1, 1); // ftp:// if (strpos( $options, 'F') === false) $aOptions['F'] = '+'; else $aOptions['F'] = substr( $options, strpos( $options, 'F') + 1, 1); // User section if (strpos( $options, 'u') === false) $aOptions['u'] = '?'; else $aOptions['u'] = substr( $options, strpos( $options, 'u') + 1, 1); // Password in user section if (strpos( $options, 'P') === false) $aOptions['P'] = '?'; else $aOptions['P'] = substr( $options, strpos( $options, 'P') + 1, 1); // Address Section if (strpos( $options, 'a') === false) $aOptions['a'] = '+'; else $aOptions['a'] = substr( $options, strpos( $options, 'a') + 1, 1); // IP Address in address section if (strpos( $options, 'I') === false) $aOptions['I'] = '?'; else $aOptions['I'] = substr( $options, strpos( $options, 'I') + 1, 1); // Port number if (strpos( $options, 'p') === false) $aOptions['p'] = '?'; else $aOptions['p'] = substr( $options, strpos( $options, 'p') + 1, 1); // File Path if (strpos( $options, 'f') === false) $aOptions['f'] = '?'; else $aOptions['f'] = substr( $options, strpos( $options, 'f') + 1, 1); // Query Section if (strpos( $options, 'q') === false) $aOptions['q'] = '-'; else $aOptions['q'] = substr( $options, strpos( $options, 'q') + 1, 1); // Fragment (Anchor) if (strpos( $options, 'r') === false) $aOptions['r'] = '-'; else $aOptions['r'] = substr( $options, strpos( $options, 'r') + 1, 1); // Generate options $newoptions = ''; foreach($aOptions as $key => $value) { $newoptions .= $key . $value; } // DEBUGGING - Uncomment line below to display generated options // echo '
' . $newoptions . ''; // Send to validateUrlSyntax() and return result return validateUrlSyntax( $ftpaddr, $newoptions); } // END Function validateFtpSyntax() ?> if ( !defined('IN_SITE') ) { die("Hacking attempt"); } function encode_ip($dotquad_ip) { $ip_sep = explode('.', $dotquad_ip); return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]); } function decode_ip($int_ip) { $hexipbang = explode('.', chunk_split($int_ip, 2, '.')); return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]); } function issetSetting($str_setting) { return (isset($_SESSION[SETTING . $str_setting])); } function getSetting($str_setting, $mxd_default = NULL) { return (isset($_SESSION[SETTING . $str_setting])) ? $_SESSION[SETTING . $str_setting] : (($mxd_default !== NULL) ? $mxd_default : FALSE); } function setSetting($str_setting, $mxd_value) { $_SESSION[SETTING . $str_setting] = $mxd_value; return $mxd_value; } function unsetSetting($str_setting) { if (isset($_SESSION[SETTING . $str_setting])) { unset($_SESSION[SETTING . $str_setting]); } } function getLang($str_item) { return (isset($_SESSION[LANG . $str_item])) ? $_SESSION[LANG . $str_item] : $str_item; } function setLang($str_item, $mxd_value) { $_SESSION[LANG . $str_item] = $mxd_value; return $mxd_value; } function appendSid($url, $non_html_amp = false) { global $g_SID; if ( !empty($g_SID) && !preg_match('#sid=#', $url) ) { $url .= ( ( strpos($url, '?') !== false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $g_SID; } return $url; } ?> if ( !defined('IN_SITE') ) { die("Hacking attempt"); } require_once('class.db.inc.php'); require_once 'config.inc.php'; // Database connection $g_db = new sql_db($g_cfg['dbhost'], $g_cfg['dbuser'], $g_cfg['dbpasswd'], $g_cfg['dbname'], false); if(!$g_db->db_connect_id) { die("Could not connect to the database"); } ?> if ( !defined('IN_SITE') ) { die("Hacking attempt"); } // The following is done to make sure that the session isn't started with an id through the url, or post/get forms // Enable the use of cookies as only way to start the session with a fixed id ini_set('session.use_only_cookies', 1); // Disable the use of cookies for the session ini_set('session.use_cookies', 0); // Pre-fetch required settings: $cookiename = $g_cfg['cookie_name']; $cookiedomain = $g_cfg['cookie_domain']; $cookiepath = $g_cfg['cookie_path']; $cookiesecure = $g_cfg['cookie_secure']; $cookielifetime = $g_cfg['cookie_lifetime']; //31536000; // 1 year // In CMS? if (defined('IN_CMS')) { $cookiename .= '_cms'; $cookiepath .= 'cms/'; } $last_visit = 0; $current_time = time(); $expiry_time = $current_time - $g_cfg['session_length']; function setSessionCookie($cookienameadd, $cookiedata, $cookie_time = 0) { global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielifetime, $current_time; // Set the cookies for the next page visit //$cookielifetime = 120; // 2 minutes if (defined('IN_CMS')) { if (($cookie_time == 0) && ($cookielifetime != 0)) { $cookie_time = $current_time + $cookielifetime; } } else { // session cookie for non-cms-users $cookie_time = 0; } setcookie($cookiename . $cookienameadd, $cookiedata, $cookie_time, $cookiepath, $cookiedomain, $cookiesecure); } function newSession($user_id, $user_ip) { global $g_db, $g_SID, $last_visit, $cookiename, $current_time, $expiry_time; // check for cookie if ( isset($_COOKIE[$cookiename . '_sid']) || isset($_COOKIE[$cookiename . '_data']) ) { $session_id = isset($_COOKIE[$cookiename . '_sid']) ? $_COOKIE[$cookiename . '_sid'] : ''; $session_data = isset($_COOKIE[$cookiename . '_data']) ? unserialize(stripslashes($_COOKIE[$cookiename . '_data'])) : array(); $sessionmethod = SESSION_MODE_COOKIE; } else // or check the get { $session_data = array(); $session_id = (isset($_GET['sid'])) ? $_GET['sid'] : ''; $sessionmethod = SESSION_MODE_GET; } // check for wrong session information // if it's wrong, reset it so a new session will be created if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { $session_id = ''; } if (defined('IN_CMS') && !(isset($session_data['ic']) && ($session_data['ic'] == '1'))) { $session_data = array(); } $query = "SELECT * FROM user WHERE user_id = '". $user_id ."'"; $res = $g_db->sql_query($query); $user_data = $g_db->sql_fetchrow($res); if (!defined('IN_CMS') && !$user_data) { $query = "SELECT * FROM client WHERE client_id = '". $user_id ."'"; $res = $g_db->sql_query($query); $user_data = $g_db->sql_fetchrow($res); if (isset($user_data['client_id'])) { $user_data['user_id'] = $user_data['client_id']; } } if ($user_data && $user_data['user_id'] != ANONYMOUS) { $session_data['user_id'] = $user_id; } $query = "UPDATE sessions SET session_user_id = $user_id, session_start = $current_time, session_lastvisit = $current_time WHERE session_id = '" . $session_id . "' AND session_ip = '". $user_ip ."'"; if (!($g_db->sql_query($query)) || !($g_db->sql_affectedrows())) { // query failed, create new session list($sec, $usec) = explode(' ', microtime()); mt_srand((float) $sec + ((float) $usec * 100000)); $session_id = md5(uniqid(mt_rand(), true)); $query = "INSERT INTO sessions (session_id, session_user_id, session_start, session_lastvisit, session_ip) VALUES ('". $session_id ."', $user_id, $current_time, $current_time, '". $user_ip ."')"; if (!$g_db->sql_query($query)) die_message(ERR_CRITICAL, "Error updating sessions in the database.", 'Sessions - new', __LINE__, __FILE__, $query); } $user_data['session_id'] = $session_id; $user_data['session_ip'] = $user_ip; $user_data['session_user_id'] = $user_id; $user_data['session_start'] = $current_time; $user_data['session_time'] = $current_time; $g_SID = 'sid=' . $session_id; if (defined('IN_CMS')) { $session_data['ic'] = 1; } else { $session_data['ic'] = 0; } setSessionCookie('_data', serialize($session_data)); setSessionCookie('_sid', $session_id); return $user_data; } function checkSession($user_ip) { global $g_db, $g_SID, $cookiename, $last_visit, $current_time, $expiry_time; // check for cookie if ( isset($_COOKIE[$cookiename . '_sid']) || isset($_COOKIE[$cookiename . '_data']) ) { $session_id = isset($_COOKIE[$cookiename . '_sid']) ? $_COOKIE[$cookiename . '_sid'] : ''; $session_data = isset($_COOKIE[$cookiename . '_data']) ? unserialize(stripslashes($_COOKIE[$cookiename . '_data'])) : array(); $sessionmethod = SESSION_MODE_COOKIE; } else // or check the get { $session_data = array(); $session_id = (isset($_GET['sid'])) ? $_GET['sid'] : ''; $sessionmethod = SESSION_MODE_GET; } // check for wrong session information // if it's wrong, reset it so a new session will be created if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { $session_id = ''; } if (defined('IN_CMS') && !(isset($session_data['ic']) && ($session_data['ic'] == '1'))) { $session_data = array(); } $session_ok = false; $session_clear = false; if (!empty($session_id)) { // check session $query = "SELECT u.*, s.* FROM sessions s, user u WHERE s.session_id = '". $session_id ."' AND u.user_id = s.session_user_id"; if (!($res = $g_db->sql_query($query))) { die_message(ERR_CRITICAL, 'Error getting userdata', 'Sessions', __LINE__, __FILE__, $query); } $user_data = $g_db->sql_fetchrow($res); if (isset($user_data['user_id'])) { // Found a user! yay, now check ip's $ip_check_s = substr($user_data['session_ip'], 0, 6); $ip_check_u = substr($user_ip, 0, 6); if ($ip_check_s == $ip_check_u) { $g_SID = ($sessionmethod == SESSION_MODE_GET) ? 'sid=' . $session_id : ''; if ($current_time - $user_data['session_lastvisit'] > 60) { if ($user_data['session_lastvisit'] < $expiry_time) { $session_clear = true; } $query = "UPDATE sessions SET session_lastvisit = ". $current_time ." WHERE session_id = '" . $user_data['session_id'] . "'"; $g_db->sql_query($query); // Delete expired sessions $query = "DELETE FROM sessions WHERE session_lastvisit < ". $expiry_time ." AND session_id <> '". $session_id ."'"; $g_db->sql_query($query); if (defined('IN_CMS')) { $session_data['ic'] = 1; } else { $session_data['ic'] = 0; } setSessionCookie('_data', serialize($session_data)); setSessionCookie('_sid', $session_id); } $session_ok = true; } } } if (!$session_ok) { $user_id = (isset($session_data['user_id'])) ? $session_data['user_id'] : ANONYMOUS; if (!($user_data = newSession($user_id, $user_ip))) { die_message(ERR_CRITICAL, 'Error creating user session', 'Sessions', __LINE__, __FILE__); } } session_id($user_data['session_id']); session_start(); if ($session_clear) { // Clear out the session first session_destroy(); //session_id($user_data['session_id']); session_start(); } return $user_data; } function delSession($session_id, $user_id) { global $g_db, $g_SID, $cookiename, $last_visit, $current_time, $expiry_time; // check for wrong session information // if it's wrong, reset it so a new session will be created if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { return; } $query = "DELETE FROM sessions WHERE session_id = '". $session_id ."' AND session_user_id = '". $user_id ."'"; if (!$g_db->sql_query($query)) die_message(ERR_CRITICAL, "Error updating session in the database.", 'Sessions', __LINE__, __FILE__, $query); setSessionCookie('_data', '', $current_time - 31536000); // last year, so expire immediately setSessionCookie('_sid', '', $current_time - 31536000); session_destroy(); return true; } ?> function initUser(&$user_data) { global $g_db; if (!issetSetting('settings_loaded')) { setSetting('settings_loaded', false); } if (!getSetting('settings_loaded')) { $res = $g_db->sql_query("SELECT * FROM settings"); while ($row = $g_db->sql_fetchrow($res)) { setSetting($row['setting_name'], $row['setting_value']); } setSetting('settings_loaded', true); $g_db->sql_freeresult($res); } } ?>