4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: Jan on June 07, 2005, 11:17:51 AM



Title: [1.7 / 1.7.1] Security fix in sessions.php
Post by: Jan on June 07, 2005, 11:17:51 AM
This is an important security fix.

Open includes/sessions.php and find the following line:

1
$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

replace this line with the following code:

1
$user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;


Title: Re: [1.7.1] Security fix in sessions.php
Post by: b.o.fan on June 08, 2005, 10:36:43 AM
ich hab das gefixed. aber wozu is das? bzw. wo war der bug?

was wurde gesichert. interessiert mich mal interessehalber... :)


Title: Re: [1.7.1] Security fix in sessions.php
Post by: Jan on June 08, 2005, 10:58:29 AM
Bitte hab Verständnis dafür, dass ich darauf nicht näher eingehe. Es gibt viele Installationen die diesen Fix nicht haben und wenn ich erkläre wie und wo man das ausnutzt...naja du verstehst ;)

Gruß Jan


Title: Re: [1.7.1] Security fix in sessions.php
Post by: b.o.fan on June 08, 2005, 10:59:57 AM
verstehe. juut.

gut dass ich das installiert hab ;)


Title: Re: [1.7.1] Security fix in sessions.php
Post by: edwin on June 08, 2005, 11:33:53 AM
Jan, in News & Ankündigungen you'll say it's for all versions, but in the headline you write ( [1.7.1] Security fix in sessions.php )

is it only for 1.7.1 or for all versions 4images



Title: Re: [1.7.1] Security fix in sessions.php
Post by: martrix on June 08, 2005, 11:36:48 AM
Edwin:
It is also for 1.7 - so you should also change that!

Jan:
Could you please change the title of this thread, so it says also 1.7?


Title: Re: [1.7.1] Security fix in sessions.php
Post by: mawenzi on June 08, 2005, 01:22:59 PM
Quote from: martrix   [Expand]
Jan:
Could you please change the title of this thread, so it says also 1.7 ?

martrix, you are right ... that seems to me also very important ...  :!:

mawenzi


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: RoadDogg on June 08, 2005, 06:31:23 PM
Ist damit das bekannte Problem mit der Übernahme einer SiD gelöst?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: graficalicus on June 09, 2005, 06:39:55 PM
made this change and the whole gallery went down!

direct image link:  http://digiart.graficalicus.com/details.php?image_id=1203

category link: http://digiart.graficalicus.com/categories.php?cat_id=10

home link:  http://digiart.graficalicus.com/

rss link:  http://digiart.graficalicus.com/rss.php

 :?: :!: :?: :!: :?: :!:  help  :!: :?:


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: RoadDogg on June 09, 2005, 06:42:22 PM
Have you restored your session.php?

which version of 4img do you use?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: graficalicus on June 09, 2005, 06:51:44 PM
restored - using 1.7 - this is the only change I've made in a few days. Dumped my cache, reloaded the page - nothing!

wonder if I've been hacked........


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: graficalicus on June 09, 2005, 06:55:24 PM
every error line is:
1
$site_template->register_vars(array(

ideas?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: graficalicus on June 09, 2005, 07:12:36 PM
fixed - I was editing an old sessions.php   :oops:  now updated   :|

thanks for looking!


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Bugfixed on June 12, 2005, 05:24:40 PM
hello all.

no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on June 12, 2005, 07:38:29 PM
no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix ;)


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: arindra on June 13, 2005, 11:36:24 AM
have done it ... am using integration with Invisionboard .
but can someone explain what this fix does exactly ?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: martrix on June 13, 2005, 04:54:15 PM
Bitte hab Verständnis dafür, dass ich darauf nicht näher eingehe. Es gibt viele Installationen die diesen Fix nicht haben und wenn ich erkläre wie und wo man das ausnutzt...naja du verstehst ;)

Gruß Jan
in other language and other words:

Please understand that I won't give you more information on this fix.
There are many 4images installations out there without this fix installed and when I explain you, how one may misuse that... well...hope you understand ;)

in short:
things you would not like could happen without this fix being implemented...


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Unsichtbar on June 14, 2005, 05:08:33 PM
thanks...  :D


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: TariqAlAli on June 15, 2005, 07:42:50 AM
HI all

I believe this fix stopps anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..

I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.


Regards

Tariq AlAli


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on June 15, 2005, 07:45:33 AM
HI all

I believe this fix stopped anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..

I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.


Regards

Tariq AlAli
what u just discribed seems to be your server issue, and not 4images.


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: TariqAlAli on June 15, 2005, 07:59:29 AM
HI all

I believe this fix stopped anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..

I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.


Regards

Tariq AlAli
what u just discribed seems to be your server issue, and not 4images.

well this happened to me since day one i installed 4images, anyhow as I mentioned "It might be". Since I modified the file the intruder had stopped the penetration to the server.

Also I noticed when I installed 4images a month ago that if i log in with my account and give a photo URL (Session) to a user, he will be login in with my session/ID.

I will be doing several exercises and will update you accordingly.

Thank you again.

Regards


Tariq AlAli


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on June 15, 2005, 08:04:21 AM
Also I noticed when I installed 4images a month ago that if i log in with my account and give a photo URL (Session) to a user, he will be login in with my session/ID.i
that is a perfectly normal behavour.


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: TariqAlAli on June 16, 2005, 09:51:43 AM
HI All

My thoughts going to be 100% correct. The security bug was the reason for hacking my server. It is been 48hrs since i implemented the new fix and the hacker did not login to the server.

I will give it another 72hrs; before I announce that the hack was from that bug and will try to post you how to penerate the servers with that bug.

Thank you all.



Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on June 16, 2005, 02:23:49 PM
I will give it another 72hrs; before I announce that the hack was from that bug and will try to post you how to penerate the servers with that bug.
via PM please, not public.


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: martrix on June 16, 2005, 09:47:21 PM
will try to post you how to penerate the servers with that bug.
Oh my god! Don't even think about giving out this information publicly! PLEASE!
Send it to Jan or V@no via PM, but not in a public thread in this forum - I beg you!


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: SonGokuuu on June 17, 2005, 05:07:47 PM
Ich habe das Bugfix nun aufgespielt, allerdings wird nun nicht mehr unten über den Usern, die online sind, der Text Es sind x Benutzer und x Besucher online angezeigt. Wie kann man diesen wiederherstellen und das Sicherheitsloch trotzdem schließen?


Falls ihr nicht wisst was ich meine:  http://www.zetzero.net/Anime-Folio/
(Unten im oberen Teil ein hellgrauer Balken, dort steht die Schrift die sonst drin stand aber nicht mehr, darunter dann die Usernamen, die online sind, allerdings mit oben etwas Platz)


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: RoadDogg on June 18, 2005, 09:34:33 AM
Der Fix hat damit aber nichts zu tun, da musst du noch was anderes geändert haben?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: SonGokuuu on June 18, 2005, 02:55:26 PM
Nein, habe lediglich bei der Datei den oben angegebenen Part ersetzt und dann überspielt, sonst wurden keine Änderungen durchgeführt.


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: nd.h on June 20, 2005, 07:44:35 PM
Gehe ich recht in der Annahme, dass diese Zeile nicht vorhanden ist, wenn ich die Galerie in phpBB integriert habe?
(ich weis leider nicht mehr, welche Zeilen dabei entfernt wurden)


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: RoadDogg on June 20, 2005, 08:18:25 PM
Wenige Beiträge weiter oben steht das:

no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix ;)



Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: nd.h on June 21, 2005, 02:28:46 PM
*hust* ... hab's gelesen und ausgeblendet...
Sorrry  :oops: :oops:

Danke nochmal !!!


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Eppi on June 26, 2005, 11:38:24 PM
Wenn ich die Version 1.7.1 heute heruntergeladen habe, muss ich dan diese Änderung auch vornehmen?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Jan on June 27, 2005, 01:43:09 PM
Nein


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: darkcurves on July 05, 2005, 04:05:24 AM
I cant seem to find that line in version 1.7.1. It's sessions.php right?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on July 05, 2005, 05:24:46 AM
yes


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: darkcurves on July 06, 2005, 12:45:20 PM
Cant find it. If you dont believe me, please check at http://usa.57host.com/cantfindit/sessions.php .


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: RoadDogg on July 06, 2005, 10:24:59 PM
I can´t download your sessions.php, please save it as sessions.txt
When have you downloaded your 4images software? In currently download version it´s already fixed.
Do you have phpbb integrated 4images?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: kashiftiwana on July 07, 2005, 12:16:21 AM
W :D W , what i say  8) , i was install 4images with postnuke and alwayz wanted that both working in same database, try many things but never got working both , finally i install postnuke module pn4images, now both was working but got only one error, when i add this security fix, error gone  :D
thank you guys, you dont know how much i appreciate your work n time & also this security fix :wink:


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: morningstar on July 08, 2005, 01:19:52 PM
omg im having problems i cant even get on my s4image gallery let alone fix it can anyone help, im getting a error message saying:


Warning: mysql_connect(): Too many connections in /home/sue/public_html/gallery/includes/db_mysql.php on line 39

DB Error: Could not connect to the database server (localhost, sue_imga1).


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Kane on July 08, 2005, 05:52:38 PM
What about for those os us who have integrated the script with vbulletin?

My line says this

$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? $this->read_cookie_data(COOKIE_PREFIX."userid") : GUEST;

What do I change it to?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: ID25 on July 08, 2005, 10:39:37 PM
When i fix this problem - my sessions living about 5-15sec.

Where is problem?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on July 08, 2005, 11:58:52 PM
@morningstar:
I have no idea why u wasted your (and our) time replying to this topic with absolutely unrelated issue!

@kane:
which integration are u talking about? Integration 4images 1.7 / vBulletin 2.x (http://www.4homepages.de/forum/index.php?topic=1659.0)? if so, then its seems to be fixed already.

@ID25:
Unless u did something else wrong, this fix could NOT possible affect anything in the way u've discribed.


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: darkcurves on July 10, 2005, 08:10:39 PM
I can´t download your sessions.php, please save it as sessions.txt
When have you downloaded your 4images software? In currently download version it´s already fixed.
Do you have phpbb integrated 4images?

Yeah, it's integrated with PHPBB. Here is the new link:

http://usa.57host.com/cantfindit/sessions.txt


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on July 10, 2005, 08:52:16 PM
replace
1
  $user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : GUEST;
to:
1
  $user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : GUEST;


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: mWelle on July 15, 2005, 08:48:40 AM
Quote  [Expand]
When i fix this problem - my sessions living about 5-15sec.

das gleiche problem, es häufen sich nach einfügen des fixes die beschwerden der user das sie alle naselang rausgeschmissen werden.


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: TariqAlAli on July 16, 2005, 10:08:12 AM
HI All,

it has been a month since my first post about this fix. No more penetration to my server via SESSION  :D :D

no other details will be posted  :lol: :lol: :lol:

My advise, replace ASAP.


Regards

Tariq


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Dan1113 on July 24, 2005, 12:55:44 AM
I see that the vbulletin 2.x integration is ok, but what about the 3.x?

Here's the line in 3.x
$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? $this->read_cookie_data(COOKIE_PREFIX."userid") : GUEST;


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on July 24, 2005, 05:27:40 AM
1
$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? intval($this->read_cookie_data(COOKIE_PREFIX."userid")) : GUEST;


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: pkitty on August 18, 2005, 04:20:30 AM
I have a problem, I did this fix when it first came out, I recently had an influx of members, and I got an email today from one of them with a link in it, and when I clicked on it, I was logged into her account, I checked and double checked...this is the part of the code I changed in includes/sessions.php  am I missing something?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
  function demand_session() {
    $this->get_session_id();
    if (!$this->load_session_info()) {
      $this->delete_old_sessions();
    $user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;
    $this->start_session($user_id);
    }
    else {
      $this->user_info = $this->load_user_info($this->session_info['session_user_id']);
      $update_cutoff = ($this->user_info['user_id'] != GUEST) ? $this->current_time - $this->user_info['user_lastaction'] : $this->current_time - $this->session_info['session_lastaction'];
      if ($update_cutoff > 60) {
        $this->update_session();
        $this->delete_old_sessions();
      }
    }
  }

  function start_session($user_id = GUEST, $login_process = 0) {
    global $site_db;

    $this->user_info = $this->load_user_info($user_id);
    if ($this->user_info['user_id'] != GUEST && !$login_process) {
      if ($this->read_cookie_data("userpass") === $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
        $this->set_cookie_data("userpass", $this->user_info['user_password']);
      }
      else {
        $this->set_cookie_data("userpass", "", 0);
        $this->user_info = $this->load_user_info(GUEST);
      }
    }

       


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Jan on August 19, 2005, 01:53:20 PM
Seems to be that problem: http://www.4homepages.de/forum/index.php?topic=8895.0


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: pkitty on August 20, 2005, 07:46:54 PM
I already have that in my includes/sessions.php.... see down below, so that cant be the problem unless I should have that in there...this is so confusing.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
  if (!isset($this->session_info['session_user_id'])) {
        return false;
    }

if (!isset($this->session_info['session_ip']) || (isset($this->session_info['session_ip']) && $this->session_info['session_ip'] != $this->user_ip))
    {
      session_regenerate_id();
      $this->session_id = session_id();
      return false;
    }

    return $this->session_info;
  }



Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: hyde101 on August 23, 2005, 06:47:30 PM
I have 1.7 and I already have this modificition, (didn't need to change in sessions.php)


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: pkitty on August 24, 2005, 03:39:42 AM
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed.  I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong?  Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Xyu BAM on August 24, 2005, 05:19:18 AM
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed. I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong? Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?
your problem is not related to this topic...


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: hyde101 on August 24, 2005, 06:04:56 AM
But as I said, I have 1.7 and I didn't need to change this as it was already there..
Probably some other mod changed it? I don't remember, really. But it's there (new format)


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: pkitty on August 24, 2005, 04:49:03 PM
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed. I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong? Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?
your problem is not related to this topic...

Well then what topic IS it related to? 


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: xico on September 12, 2005, 12:51:40 AM
I made that change few months ago and today i was hacked... do you have another recent security fix?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Xyu BAM on September 12, 2005, 08:13:17 AM
I made that change few months ago and today i was hacked... do you have another recent security fix?
and what is your evidence that your've been hacked THROUGH 4images ?


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: hyde101 on September 12, 2005, 03:32:26 PM
That's terrible..

Xico, what else do you have public on your server? any php forums such as phpbb or invision board?
please list the versions of any other php script you have on your server..

What kind of "hack" was it? Was it "deface" (changing of INDEX)


Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: TheOracle on September 13, 2005, 03:15:37 AM
Quote  [Expand]

please list the versions of any other php script you have on your server..


@Xico:

If you intend to list your Global Server Information on the forum, please install this MOD first if you haven't do so. It will facilitate your task. ;)

http://www.4homepages.de/forum/index.php?topic=9289.msg43918#msg43918



Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: fotograf74 on December 24, 2005, 09:24:36 PM
Can´t find the line:
$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

in my session.php


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: TheOracle on December 25, 2005, 01:48:10 PM
In your includes/sessions.php file,

find :

Quote  [Expand]

$this->delete_old_sessions();


and the line right below is the one you're looking for - which should be

this one :

Quote  [Expand]

$user_id = ($this->read_cookie_data("userid")) ? ...


replace that entire line

with this one :

1
2
3

$user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;


Merry Christmas.


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: fotograf74 on January 08, 2006, 01:25:31 PM
Sorry in my sesions.php I can´t finde this line

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
<?php
/**************************************************************************
 *                                                                        *
 *    4images - A Web Based Image Gallery Management System               *
 *    ----------------------------------------------------------------    *
 *                                                                        *
 *             File: sessions.php                                         *
 *        Copyright: (C) 2002 Jan Sorgalla                                *
 *            Email: jan@4homepages.de                                    *
 *              Web: http://www.4homepages.de                             *
 *    Scriptversion: 1.7                                                  *
 *                                                                        *
 *    Never released without support from: Nicky (http://www.nicky.net)   *
 *                                                                        *
 **************************************************************************
 *                                                                        *
 *    Main part is adapted from of phpBB, (C) 2001 The phpBB Group        *
 *    phpBB is released under the GNU General Public License              *
 *                                                                        *
 *************************************************************************/
if (!defined('ROOT_PATH')) {
  die(
"Security violation");
}

//-----------------------------------------------------
//--- Start Configuration -----------------------------
//-----------------------------------------------------

// Define here the name of the session. Default of phpBB is "sid".
define('SESSION_NAME''sid');

// Define here the name of the banlist and config database tables.
// Maybe you only need to change the table prefix if you another
// than the phpBB default "phpbb_".
define('PHPBB_BANLIST_TABLE''phpbb_banlist');
define('PHPBB_CONFIG_TABLE''phpbb_config');

// Set her the corresponding database fields of the user table.
// If there is no corresponding field in the new user table,
// leave the value blank. Normally no need to change.
$user_table_fields = array(
  
"user_id" => "user_id",
  
"user_level" => "user_level",
  
"user_name" => "username",
  
"user_password" => "user_password",
  
"user_email" => "user_email",
  
"user_showemail" => "user_viewemail",
  
"user_allowemails" => "",
  
"user_invisible" => "user_allow_viewonline",
  
"user_joindate" => "user_regdate",
  
"user_activationkey" => "user_actkey",
  
"user_lastaction" => "user_session_time",
  
"user_location" => "user_session_page",
  
"user_lastvisit" => "user_lastvisit",
  
"user_comments" => "",
  
"user_homepage" => "user_website",
  
"user_icq" => "user_icq"
);

// Set here the URL to your phpBB forum. WITH trailing slash!
$url_app           "http://www.myforum.de";

// Set here different URL's to your phpBB forum.
// Normally no need to change.
$url_register      $url_app."profile.php?mode=register";
$url_lost_password $url_app."profile.php?mode=sendpassword";
$url_control_panel $url_app."profile.php?mode=editprofile";
$url_mailform      $url_app."profile.php?mode=email&u={user_id}";
$url_show_profile  $url_app."profile.php?mode=viewprofile&u={user_id}";
$url_login         $url_app."login.php";
$url_logout        $url_app."login.php?logout=true";

//-----------------------------------------------------
//--- End Configuration -------------------------------
//-----------------------------------------------------

define('USER_INTEGRATION''PHPBB');

function 
get_user_table_field($add$user_field) {
  global 
$user_table_fields;
  return (!empty(
$user_table_fields[$user_field])) ? $add.$user_table_fields[$user_field] : "";
}

class 
Session {

  var 
$session_id;
  var 
$user_ip;
  var 
$user_location;
  var 
$current_time;
  var 
$session_timeout;
  var 
$mode "get";
  var 
$session_info = array();
  var 
$user_info = array();

  function 
Session() {
    global 
$config$board_config;
    
$this->session_timeout $board_config['session_length'];
    
$this->user_ip $this->get_user_ip();
    
$this->user_location 1;
    
$this->current_time time();
    
$this->session_pagestart($this->user_ip0);
  }

  function 
session_pagestart($user_ip$thispage_id) {
    global 
$site_db$board_config;
  global $HTTP_COOKIE_VARS$HTTP_GET_VARS$HTTP_POST_VARS$SID;

    
$cookiename $board_config['cookie_name'];
  $cookiepath $board_config['cookie_path'];
  $cookiedomain $board_config['cookie_domain'];
  $cookiesecure $board_config['cookie_secure'];

  if ( isset($HTTP_COOKIE_VARS[$cookiename '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename '_data']) )
  {
  $this->session_id = isset($HTTP_COOKIE_VARS[$cookiename '_sid']) ? $HTTP_COOKIE_VARS[$cookiename '_sid'] : '';
  $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename '_data'])) : array();
  if (!is_array($sessiondata)) {
    $sessiondata = array();
  }
  $this->mode "cookie";
  }
  else
  {
  $sessiondata = array();
  if (isset($HTTP_GET_VARS[SESSION_NAME])) {
        
$this->session_id $HTTP_GET_VARS[SESSION_NAME];
      }
      elseif (isset(
$HTTP_POST_VARS[SESSION_NAME])) {
        
$this->session_id $HTTP_POST_VARS[SESSION_NAME];
      }
      else {
        
$this->session_id false;
      }
  }

  
//
  
// Does a session exist?
  
//
  
if ( !empty($this->session_id) )
  
{
  
$valid_session 1;
  
if (!$this->load_session_info()) {
      
$this->session_info['session_user_id'] = GUEST;
      
$valid_session 0;
      }
      
$this->user_info $this->load_user_info($this->session_info['session_user_id']);

  
if ( $valid_session )
  
{
  
$SID = ( $this->mode == "get" ) ? SESSION_NAME.'=' $this->session_id '';

  
if ( $this->current_time $this->session_info['session_time'] > 60 )
  
{
  
$sql "UPDATE " SESSIONS_TABLE "
   SET session_time = 
$this->current_time, session_page = $thispage_id
   WHERE session_id = '
$this->session_id'
   AND session_ip = '
$user_ip'";
  
$site_db->query($sql);

  
if ( $this->user_info['user_id'] != GUEST )
  
{
  
$sql "UPDATE " USERS_TABLE "
   SET user_session_time = 
$this->current_time, user_session_page = $thispage_id
   WHERE user_id = " 
$this->user_info['user_id'];
  
$site_db->query($sql);
  
}
   $this->delete_old_sessions();
    setcookie($cookiename '_data'serialize($sessiondata), $this->current_time 31536000$cookiepath$cookiedomain$cookiesecure);
   setcookie($cookiename '_sid'$this->session_id0$cookiepath$cookiedomain$cookiesecure);
     }
   return $this->user_info;
  }
  }

  $user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : GUEST;
  $this->user_info $this->session_begin($user_id$user_ip$thispage_idTRUE);
  return $this->user_info;

  }

  function 
session_begin($user_id$user_ip$page_id$auto_create 0$enable_autologin 0) {
    global 
$site_db$board_config;
  global $HTTP_COOKIE_VARS$HTTP_GET_VARS$HTTP_POST_VARS$SID;

    
$cookiename $board_config['cookie_name'];
  $cookiepath $board_config['cookie_path'];
  $cookiedomain $board_config['cookie_domain'];
  $cookiesecure $board_config['cookie_secure'];

  if ( isset($HTTP_COOKIE_VARS[$cookiename '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename '_data']) )
  {
  $this->session_id = isset($HTTP_COOKIE_VARS[$cookiename '_sid']) ? $HTTP_COOKIE_VARS[$cookiename '_sid'] : '';
  $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename '_data'])) : array();
  $this->mode "cookie";
  }
  else
  {
  $sessiondata = array();
  if (isset($HTTP_GET_VARS[SESSION_NAME])) {
        
$this->session_id $HTTP_GET_VARS[SESSION_NAME];
      }
      elseif (isset(
$HTTP_POST_VARS[SESSION_NAME])) {
        
$this->session_id $HTTP_POST_VARS[SESSION_NAME];
      }
      else {
        
$this->session_id false;
      }
  }

  $last_visit 0;
  $expiry_time $this->current_time $board_config['session_length'];

  $this->user_info $this->load_user_info($user_id);
  $user_id $this->user_info['user_id'];

    if ( 
$user_id != GUEST )
  {
  $auto_login_key $this->user_info['user_password'];

  if ( $auto_create )
  {
  
if ( isset($sessiondata['autologinid']) && $this->user_info['user_active'] )
   {
   // We have to login automagically
   if( $sessiondata['autologinid'] == $auto_login_key )
  {
  
// autologinid matches password
   $login 1;
   $enable_autologin 1;
   }
  else
  
{
   // No match; don't login, set as anonymous user
   $login 0;
   $enable_autologin 0;
   $user_id GUEST;
  
}
   }
   else
  {
  // Autologin is not set. Don't login, set as anonymous user
  
$login 0;
   $enable_autologin 0;
   $user_id GUEST;
  }
  
}
   else
  {
   $login 1;
  
}
  }
    else
  {
  $login 0;
  
$enable_autologin 0;
  
$user_id GUEST;
  }

  //
  // Initial ban check against user id, IP and email address
  
//
  preg_match('/(..)(..)(..)(..)/'$user_ip$user_ip_parts);

  $sql "SELECT ban_ip, ban_userid, ban_email
   FROM " 
PHPBB_BANLIST_TABLE "
   WHERE ban_ip IN ('" 
$user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" $user_ip_parts[1] . "ffffff')
   OR ban_userid = 
$user_id";
  
if ( $user_id != GUEST )
  
{
  
$sql .= " OR ban_email LIKE '" str_replace("\'""''"$this->user_info['user_email']) . "'
   OR ban_email LIKE '" 
substr(str_replace("\'""''"$this->user_info['user_email']), strpos(str_replace("\'""''"$this->user_info['user_email']), "@")) . "'";
  
}
  
$result $site_db->query($sql);

  
if ( $ban_info $site_db->fetch_array($result) )
  
{
  
if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] )
  
{
  
header("Location: $url_login");
        exit;
  
}
  
}

  
//
  
// Create or update the session
  
//
  
$sql "UPDATE " SESSIONS_TABLE "
   SET session_user_id = 
$user_id, session_start = $this->current_time, session_time = $this->current_time, session_page = $page_id, session_logged_in = $login
   WHERE session_id = '" 
$this->session_id "'
   AND session_ip = '
$user_ip'";
  
if ( !$site_db->query($sql) || !$site_db->affected_rows() )
  
{
  
$this->session_id md5(uniqid($user_ip));

  
$sql "INSERT INTO " SESSIONS_TABLE "
   (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)
   VALUES ('
$this->session_id', $user_id$this->current_time$this->current_time, '$user_ip', $page_id$login)";
  
$site_db->query($sql);
  
}

  
if ( $user_id != GUEST )
  
{
  
$last_visit = ( $this->user_info['user_session_time'] > ) ? $this->user_info['user_session_time'] : $this->current_time;

  
$sql "UPDATE " USERS_TABLE "
   SET user_session_time = 
$this->current_time, user_session_page = $page_id, user_lastvisit = $last_visit
   WHERE user_id = 
$user_id";
  
$site_db->query($sql);

  
$this->user_info['user_lastvisit'] = $last_visit;

  
$sessiondata['autologinid'] = ( $enable_autologin && $this->mode == "cookie" ) ? $auto_login_key '';
  
$sessiondata['userid'] = $user_id;
  
}

  
$this->user_info['user_id'] = $user_id;
  
$this->session_info['session_id'] = $this->session_id;
  
$this->session_info['session_ip'] = $user_ip;
  
$this->session_info['session_user_id'] = $user_id;
  
$this->session_info['session_logged_in'] = $login;
  
$this->session_info['session_page'] = $page_id;
  
$this->session_info['session_start'] = $this->current_time;
  
$this->session_info['session_time'] = $this->current_time;

  
setcookie($cookiename '_data'serialize($sessiondata), $this->current_time 31536000$cookiepath$cookiedomain$cookiesecure);
  
setcookie($cookiename '_sid'$this->session_id0$cookiepath$cookiedomain$cookiesecure);

  
$SID = ( $this->mode == "get" ) ? SESSION_NAME.'=' $this->session_id '';

  
return $this->user_info;
  }

  function 
login($user_name ""$user_password ""$auto_login 0$set_auto_login 1) {
    global 
$url_login;
    
header("Location: $url_login");
  }

  function 
logout($user_id GUEST) {
    global 
$url_logout;
    
header("Location: $url_logout");
  }

  function 
delete_old_sessions() {
    global 
$site_db$board_config;
    
$expiry_time $this->current_time $board_config['session_length'];
    
$sql "DELETE FROM ".SESSIONS_TABLE."
            WHERE session_time < 
$expiry_time";
    
$site_db->query($sql);

    
$sql "SELECT session_id
            FROM "
.SESSIONS_TABLE;
    
$result $site_db->query($sql);
    if (
$result) {
      
$session_ids_sql "";
      while (
$row $site_db->fetch_array($result)) {
        
$session_ids_sql .= (($session_ids_sql != "") ? ", " "") . "'".$row['session_id']."'";
      }
    }
    if (!empty(
$session_ids_sql)) {
      
$sql "DELETE FROM ".SESSIONVARS_TABLE."
              WHERE session_id NOT IN (
$session_ids_sql)";
      
$site_db->query($sql);
    }
    return 
true;
  }

  function 
return_session_info() {
    return 
$this->session_info;
  }

  function 
return_user_info() {
    return 
$this->user_info;
  }

  function 
freeze() {
    return;
  }

  function 
load_session_info() {
    global 
$site_db;
    if (empty(
$this->session_id)) {
      return 
false;
    }
    
$ip_sql = ($this->mode == "get") ? " AND session_ip = '$this->user_ip'" "";
    
$this->session_info = array();
    
$sql "SELECT *
            FROM "
.SESSIONS_TABLE."
            WHERE session_id = '
$this->session_id'
            
$ip_sql";
    
$this->session_info $site_db->query_firstrow($sql);
    if (empty(
$this->session_info['session_user_id'])) {
      return 
false;
    }
    else {
      
$sql "SELECT sessionvars_name, sessionvars_value
              FROM "
.SESSIONVARS_TABLE."
              WHERE session_id = '
$this->session_id'";
      
$result $site_db->query($sql);
      while (
$row $site_db->fetch_array($result)) {
        
$this->session_info[$row['sessionvars_name']] = $row['sessionvars_value'];
      }
      return 
$this->session_info;
    }
  }

  function 
load_user_info($user_id GUEST) {
    global 
$site_db$user_table_fields;

    if (
$user_id != GUEST) {
      
$sql "SELECT u.*, l.*
              FROM "
.USERS_TABLE." u, ".LIGHTBOXES_TABLE." l
              WHERE "
.get_user_table_field("u.""user_id")." = $user_id AND l.user_id = ".get_user_table_field("u.""user_id");
      
$user_info $site_db->query_firstrow($sql);
      if (!
$user_info) {
        
$sql "SELECT *
                FROM "
.USERS_TABLE."
                WHERE "
.get_user_table_field("""user_id")." = $user_id";
        
$user_info $site_db->query_firstrow($sql);
        if (
$user_info) {
          
$lightbox_id get_random_key(LIGHTBOXES_TABLE"lightbox_id");
          
$sql "INSERT INTO ".LIGHTBOXES_TABLE."
                  (lightbox_id, user_id, lightbox_lastaction, lightbox_image_ids)
                  VALUES
                  ('
$lightbox_id', ".$user_info[$user_table_fields['user_id']].", $this->current_time, '')";
          
$site_db->query($sql);
          
$user_info['lightbox_lastaction'] = $this->current_time;
          
$user_info['lightbox_image_ids'] = "";
        }
      }
    }
    if (empty(
$user_info[$user_table_fields['user_id']])) {
      
$user_info = array();
      
$user_info['user_id'] = GUEST;
      
$user_info['user_level'] = GUEST;
      
$user_info['user_lastaction'] = $this->current_time;
    }

    foreach (
$user_table_fields as $key => $val) {
      if (isset(
$user_info[$val])) {
        if (
$val == "user_allow_viewonline") {
          
$user_info[$key] = ($user_info[$val] == 1) ? 1;
        }
        else {
          
$user_info[$key] = $user_info[$val];
        }
      }
      elseif (!isset(
$user_info[$key])) {
        
$user_info[$key] = "";
      }
    }
    if (isset(
$user_info['user_active']) && $user_info['user_active'] == 0) {
      
$user_info['user_level'] = USER_AWAITING;
    }
    return 
$user_info;
  }

  function 
set_session_var($var_name$value) {
    global 
$site_db;
    
$sql "SELECT session_id
            FROM "
.SESSIONVARS_TABLE."
            WHERE sessionvars_name = '
$var_name' AND session_id = '$this->session_id'";
    if (
$site_db->is_empty($sql)) {
      
$sql "INSERT INTO ".SESSIONVARS_TABLE."
              (session_id, sessionvars_name, sessionvars_value)
              VALUES
              ('
$this->session_id', '$var_name', '$value')";
      
$site_db->query($sql);
    }
    else {
      
$sql "UPDATE ".SESSIONVARS_TABLE."
              SET sessionvars_value = '
$value'
              WHERE sessionvars_name = '
$var_name' AND session_id = '$this->session_id'";
      
$site_db->query($sql);
    }
    
$this->session_info[$var_name] = $value;
    return 
true;
  }

  function 
get_session_var($var_name) {
    global 
$site_db;
    if (isset(
$this->session_info[$var_name])) {
      return 
$this->session_info[$var_name];
    }
    else {
      
$sql "SELECT sessionvars_value
              FROM "
.SESSIONVARS_TABLE."
              WHERE sessionvars_name = '
$var_name' AND session_id = '$this->session_id'";
      
$value $site_db->query_firstrow($sql);
      if (
$value) {
        
$this->session_info[$var_name] = $value['sessionvars_value'];
        return 
$value['sessionvars_value'];
      }
      else {
        return 
"";
      }
    }
  }

  function 
drop_session_var($var_name) {
    global 
$site_db;
    
$sql "DELETE FROM ".SESSIONVARS_TABLE."
            WHERE sessionvars_name = '
$var_name' AND session_id = '$this->session_id'";
    return (
$site_db->query($sql)) ? 0;
  }

  function 
get_user_ip() {
    global 
$HTTP_SERVER_VARS$HTTP_ENV_VARS$REMOTE_ADDR;

    if( 
getenv('HTTP_X_FORWARDED_FOR') != '' )
    {
    $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );

    if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/"getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
    {
    $private_ip = array('/^127\.0\.0\.1/''/^192\.168\..*/''/^172\.16\..*/''/^10..*/''/^224..*/''/^240..*/');
    $client_ip preg_replace($private_ip$client_ip$ip_list[1]);
    }
    }
    else
    {
    $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
    }

    
$ip_sep explode('.'$client_ip);
  return sprintf('%02x%02x%02x%02x'$ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
  }

  function 
get_user_location() {
    global 
$self_url;
    return (
defined("IN_CP")) ? "Control Panel" preg_replace(array("/([?|&])action=[^?|&]*/""/([?|&])mode=[^?|&]*/""/([?|&])phpinfo=[^?|&]*/""/([?|&])printstats=[^?|&]*/""/[?|&]".URL_ID."=[^?|&]*/""/[?|&]l=[^?|&]*/""/[&?]+$/"), array(""""""""""""""), addslashes($self_url));
  }

  
/* ORIGINAL CODE
  function url($url, $amp = "&amp;") {
    global $l;
    $dummy_array = explode("#", $url);
    $url = $dummy_array[0];

    if ($this->mode == "get" && !preg_match("/".SESSION_NAME."=/i", $url)) {
      $url .= preg_match("/\?/", $url) ? "$amp" : "?";
      $url .= SESSION_NAME."=".$this->session_id;
    }

    if (!empty($l)) {
      $url .= preg_match("/\?/", $url) ? "$amp" : "?";
      $url .= "l=".$l;
    }

    $url .= (isset($dummy_array[1])) ? "#".$dummy_array[1] : "";
    return $url;
  }
*/
  
function url($url$amp "&amp;") {
    global 
$l$user_info;
    
$dummy_array explode("#"$url);
    
$url $dummy_array[0];
    
$url str_replace('&amp;''&'$url);
    if (!
defined('IN_CP')) {
      if (
strstr($url'index.php')) {
        
$url str_replace('index.php'''$url);
      }
      elseif (
strstr($url'search.php')) {
        if (
strstr($url'page=')) {
          
preg_match('#page=([0-9]+)&?#'$url$matches);
          if (isset(
$matches[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('search.php''search.'.$matches[1].'.htm'$url);
            
$query str_replace('page='.$matches[1].'&'''$query);
            
$query str_replace('&page='.$matches[1], ''$query);
            
$query str_replace('page='.$matches[1], ''$query);
            if (!empty(
$query)) {
              
$url .= '?' $query;
            }
          }
        }
        else {
          
$url str_replace('search.php''search.htm'$url);
        }
      }
      elseif (
strstr($url'lightbox.php')) {
        if (
strstr($url'page=')) {
          
preg_match('#page=([0-9]+)&?#'$url$matches);
          if (isset(
$matches[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('lightbox.php''lightbox.'.$matches[1].'.htm'$url);
            
$query str_replace('page='.$matches[1].'&'''$query);
            
$query str_replace('&page='.$matches[1], ''$query);
            
$query str_replace('page='.$matches[1], ''$query);
            if (!empty(
$query)) {
                
$url .= '?' $query;
            }
          }
        }
        else {
          
$url str_replace('lightbox.php''lightbox.htm'$url);
        }
      }
      elseif (
strstr($url'categories.php')) {
        if (
strstr($url'cat_id=') && strstr($url'page=')) {
          
preg_match('#cat_id=([0-9]+)&?#'$url$matches1);
          
preg_match('#page=([0-9]+)&?#'$url$matches2);
          if (isset(
$matches1[1]) && isset($matches2[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('categories.php''cat'.$matches1[1].'.'.$matches2[1].'.htm'$url);
            
$query str_replace('cat_id='.$matches1[1].'&'''$query);
            
$query str_replace('&cat_id='.$matches1[1], ''$query);
            
$query str_replace('cat_id='.$matches1[1], ''$query);
            
$query str_replace('page='.$matches2[1].'&'''$query);
            
$query str_replace('&page='.$matches2[1], ''$query);
            
$query str_replace('page='.$matches2[1], ''$query);
            if (!empty(
$query)) {
              
$url .= '?' $query;
            }
          }
        }
        elseif (
strstr($url'cat_id=')) {
          
preg_match('#cat_id=([0-9]+)&?#'$url$matches);
          if (isset(
$matches[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('categories.php''cat'.$matches[1].'.htm'$url);
            
$query str_replace('cat_id='.$matches[1].'&'''$query);
            
$query str_replace('&cat_id='.$matches[1], ''$query);
            
$query str_replace('cat_id='.$matches[1], ''$query);
            if (!empty(
$query)) {
              
$url .= '?' $query;
            }
          }
        }
        else {
          
$url str_replace('categories.php''cat.htm'$url);
        }
      }
      elseif (
strstr($url'details.php?image_id=')) {
        if (
strstr($url'image_id=') && strstr($url'mode=')) {
          
preg_match('#image_id=([0-9]+)&?#'$url$matches1);
          
preg_match('#mode=([a-zA-Z0-9]+)&?#'$url$matches2);
          if (isset(
$matches1[1]) && isset($matches2[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('details.php''img'.$matches1[1].'.'.$matches2[1].'.htm'$url);
            
$query str_replace('image_id='.$matches1[1].'&'''$query);
            
$query str_replace('&image_id='.$matches1[1], ''$query);
            
$query str_replace('image_id='.$matches1[1], ''$query);
            
$query str_replace('mode='.$matches2[1].'&'''$query);
            
$query str_replace('&mode='.$matches2[1], ''$query);
            
$query str_replace('mode='.$matches2[1], ''$query);
            if (!empty(
$query)) {
              
$url .= '?' $query;
            }
          }
        }
        else {
          
preg_match('#image_id=([0-9]+)&?#'$url$matches);
          if (isset(
$matches[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('details.php''img'.$matches[1].'.htm'$url);
            
$query str_replace('image_id='.$matches[1].'&'''$query);
            
$query str_replace('&image_id='.$matches[1], ''$query);
            
$query str_replace('image_id='.$matches[1], ''$query);
            if (!empty(
$query)) {
              
$url .= '?' $query;
            }
          }
        }
      }
      elseif (
strstr($url'postcards.php?image_id=')) {
        
preg_match('#image_id=([0-9]+)&?#'$url$matches);
        if (isset(
$matches[1])) {
          
$split explode('?'$url);
          
$url $split[0];
          
$query = @$split[1];
          
$url   str_replace('postcards.php''postcard.img'.$matches[1].'.htm'$url);
          
$query str_replace('image_id='.$matches[1].'&'''$query);
          
$query str_replace('&image_id='.$matches[1], ''$query);
          
$query str_replace('image_id='.$matches[1], ''$query);
          if (!empty(
$query)) {
            
$url .= '?' $query;
          }
        }
      }
    }
    if (
$this->mode == "get" && strstr($url$this->session_id)) {
      
$url .= strpos($url'?') !== false '&' '?';
      
$url .= SESSION_NAME."=".$this->session_id;
    }
    if (!empty(
$l)) {
      
$url .= strpos($url'?') ? '&' '?';
      
$url .= "l=".$l;
    }
    
$url str_replace('&'$amp$url);
    
$url .= isset($dummy_array[1]) ? "#".$dummy_array[1] : "";
    return 
$url;
  }
//end of class

//-----------------------------------------------------
//--- Start Session -----------------------------------
//-----------------------------------------------------
$board_config = array();
$sql "SELECT * FROM " PHPBB_CONFIG_TABLE;
$result $site_db->query($sql);
while(
$row $site_db->fetch_array($result)) {
  
$board_config[$row['config_name']] = $row['config_value'];
}

//Start Session
$site_sess = new Session();

// Get Userinfo
$session_info $site_sess->return_session_info();
$user_info $site_sess->return_user_info();

//-----------------------------------------------------
//--- Get User Caches ---------------------------------
//-----------------------------------------------------
$num_total_online 0;
$num_visible_online 0;
$num_invisible_online 0;
$num_registered_online 0;
$num_guests_online 0;
$user_online_list "";
$prev_user_ids = array();
$prev_session_ips = array();

if (
defined("GET_USER_ONLINE") && ($config['display_whosonline'] == || $user_info['user_level'] == ADMIN)) {
  
$time_out time() - 300;
  
$sql "SELECT ".get_user_table_field("u.""user_id").get_user_table_field(", u.""user_level").get_user_table_field(", u.""user_name").get_user_table_field(", u.""user_invisible").", s.session_user_id, s.session_time, s.session_ip
  FROM "
.USERS_TABLE." u, ".SESSIONS_TABLE." s
  WHERE "
.get_user_table_field("u.""user_id")." = s.session_user_id AND (s.session_time >= $time_out OR ".get_user_table_field("u.""user_lastaction")." >= $time_out)
  ORDER BY "
.get_user_table_field("u.""user_id")." ASC, s.session_ip ASC";
  
$result $site_db->query($sql);
  while (
$row $site_db->fetch_array($result)) {
    if (
$row['session_user_id'] != GUEST) {
      if (!isset(
$prev_user_ids[$row['session_user_id']])) {
        
$is_invisible = (isset($row[$user_table_fields['user_invisible']]) && $row[$user_table_fields['user_invisible']] == 0) ? 0;
        
$invisibleuser = ($is_invisible) ? "*" "";
        
$username = (isset($row[$user_table_fields['user_level']]) && $row[$user_table_fields['user_level']] == ADMIN && $config['highlight_admin'] == 1) ? sprintf("<b>%s</b>"$row[$user_table_fields['user_name']]) : $row[$user_table_fields['user_name']];
        if (!
$is_invisible || $user_info['user_level'] == ADMIN) {
          
$user_online_list .= ($user_online_list != "") ? ", " "";
          
$user_profile_link = (!empty($url_show_profile)) ? preg_replace("/{user_id}/"$row['session_user_id'], $url_show_profile) : ROOT_PATH."member.php?action=showprofile&amp;".URL_USER_ID."=".$row['session_user_id'];
          
$user_online_list .= "<a href=\"".$site_sess->url($user_profile_link)."\">".$username."</a>".$invisibleuser;
        }
        (!
$is_invisible) ? $num_visible_online++ : $num_invisible_online++;
        
$num_registered_online++;
      }
      
$prev_user_ids[$row['session_user_id']] = 1;
    }
    else {
      if (!isset(
$prev_session_ips[$row['session_ip']])) {
        
$num_guests_online++;
      }
    }
    
$prev_session_ips[$row['session_ip']] = 1;
  }
  
$num_total_online $num_registered_online $num_guests_online;

  
$site_template->register_vars(array(
    
"num_total_online" => $num_total_online,
    
"num_invisible_online" => $num_invisible_online,
    
"num_registered_online" => $num_registered_online,
    
"num_guests_online" => $num_guests_online,
    
"user_online_list" => $user_online_list,
    
"lang_user_online" => str_replace('{num_total_online}'$num_total_online$lang['user_online']),
    
"lang_user_online_detail" => str_replace(array('{num_registered_online}','{num_invisible_online}','{num_guests_online}'), array($num_registered_online,$num_invisible_online,$num_guests_online), $lang['user_online_detail']),
  ));
  
$whos_online $site_template->parse_template("whos_online");
  
$site_template->register_vars("whos_online"$whos_online);
  unset(
$whos_online);
  unset(
$prev_user_ids);
  unset(
$prev_session_ips);
}
?>


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: Ston4Img on January 08, 2006, 03:17:29 PM
The Lini "$this->delete_old_sessions();" was in the current download included with the modification (the Post from "theOracle")


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: V@no on January 08, 2006, 08:27:23 PM
Please read the replys before you complain :P ;)

no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix ;)


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: madace77 on January 18, 2006, 03:59:20 PM
Is this fix already implemented in the version i'm about to get from the Download section?


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: V@no on January 18, 2006, 11:59:25 PM
Unless you are getting version newer then v1.7.1 (which is not out yet) then no, these fixes are not implemented into current version.


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: Morgan on March 15, 2006, 10:25:29 PM
Is this fix important for integrated 4images 1.7 version for Runcms/E-Xoops? I can't find a code to replace in sessions.php, seems that there is no such line - user's login/logout integrated with CMS. I use russian language in 4images 1.7 and Runcms 1.2-)


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: V@no on March 16, 2006, 12:52:03 AM
Perhaps if you would attach your sessions.php (as a .txt file), then I could answer your question ;)


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: Jan on May 03, 2006, 10:18:59 AM
Theres another fix for sessions.php:
http://www.4homepages.de/forum/index.php?topic=12807.0


Title: Re: [1.7.1] Security fix in sessions.php
Post by: AKBARBADALI on February 28, 2017, 02:10:03 PM
verstehe. juut.

gut dass ich das installiert hab ;)
:P :P :P


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: bazm on August 15, 2018, 07:56:09 AM
Find $string = preg_replace('#</(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
and replace with
$string = preg_replace('#</(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*(>|$)#i',"",$string);

bazmineh.com

bitdefendercenter.ir


Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: AKBARBADALI on September 01, 2018, 12:47:31 PM
good