4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: Jan on June 07, 2005, 11:17:51 AM

Title: [1.7 / 1.7.1] Security fix in sessions.php
Post by: Jan on June 07, 2005, 11:17:51 AM
This is an important security fix.

Open includes/sessions.php and find the following line:

Code: [Select]
$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;
replace this line with the following code:

Code: [Select]
$user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;
Title: Re: [1.7.1] Security fix in sessions.php
Post by: b.o.fan on June 08, 2005, 10:36:43 AM
ich hab das gefixed. aber wozu is das? bzw. wo war der bug?

was wurde gesichert. interessiert mich mal interessehalber... :)
Title: Re: [1.7.1] Security fix in sessions.php
Post by: Jan on June 08, 2005, 10:58:29 AM
Bitte hab Verständnis dafür, dass ich darauf nicht näher eingehe. Es gibt viele Installationen die diesen Fix nicht haben und wenn ich erkläre wie und wo man das ausnutzt...naja du verstehst ;)

Gruß Jan
Title: Re: [1.7.1] Security fix in sessions.php
Post by: b.o.fan on June 08, 2005, 10:59:57 AM
verstehe. juut.

gut dass ich das installiert hab ;)
Title: Re: [1.7.1] Security fix in sessions.php
Post by: edwin on June 08, 2005, 11:33:53 AM
Jan, in News & Ankündigungen you'll say it's for all versions, but in the headline you write ( [1.7.1] Security fix in sessions.php )

is it only for 1.7.1 or for all versions 4images

Title: Re: [1.7.1] Security fix in sessions.php
Post by: martrix on June 08, 2005, 11:36:48 AM
Edwin:
It is also for 1.7 - so you should also change that!

Jan:
Could you please change the title of this thread, so it says also 1.7?
Title: Re: [1.7.1] Security fix in sessions.php
Post by: mawenzi on June 08, 2005, 01:22:59 PM
Quote from: martrix
Jan:
Could you please change the title of this thread, so it says also 1.7 ?

martrix, you are right ... that seems to me also very important ...  :!:

mawenzi
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: RoadDogg on June 08, 2005, 06:31:23 PM
Ist damit das bekannte Problem mit der Übernahme einer SiD gelöst?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: graficalicus on June 09, 2005, 06:39:55 PM
made this change and the whole gallery went down!

direct image link:  http://digiart.graficalicus.com/details.php?image_id=1203

category link: http://digiart.graficalicus.com/categories.php?cat_id=10

home link:  http://digiart.graficalicus.com/

rss link:  http://digiart.graficalicus.com/rss.php

 :?: :!: :?: :!: :?: :!:  help  :!: :?:
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: RoadDogg on June 09, 2005, 06:42:22 PM
Have you restored your session.php?

which version of 4img do you use?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: graficalicus on June 09, 2005, 06:51:44 PM
restored - using 1.7 - this is the only change I've made in a few days. Dumped my cache, reloaded the page - nothing!

wonder if I've been hacked........
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: graficalicus on June 09, 2005, 06:55:24 PM
every error line is:
Code: [Select]
$site_template->register_vars(array(
ideas?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: graficalicus on June 09, 2005, 07:12:36 PM
fixed - I was editing an old sessions.php   :oops:  now updated   :|

thanks for looking!
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Bugfixed on June 12, 2005, 05:24:40 PM
hello all.

no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on June 12, 2005, 07:38:29 PM
no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix ;)
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: arindra on June 13, 2005, 11:36:24 AM
have done it ... am using integration with Invisionboard .
but can someone explain what this fix does exactly ?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: martrix on June 13, 2005, 04:54:15 PM
Bitte hab Verständnis dafür, dass ich darauf nicht näher eingehe. Es gibt viele Installationen die diesen Fix nicht haben und wenn ich erkläre wie und wo man das ausnutzt...naja du verstehst ;)

Gruß Jan
in other language and other words:

Please understand that I won't give you more information on this fix.
There are many 4images installations out there without this fix installed and when I explain you, how one may misuse that... well...hope you understand ;)

in short:
things you would not like could happen without this fix being implemented...
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Unsichtbar on June 14, 2005, 05:08:33 PM
thanks...  :D
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: TariqAlAli on June 15, 2005, 07:42:50 AM
HI all

I believe this fix stopps anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..

I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.


Regards

Tariq AlAli
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on June 15, 2005, 07:45:33 AM
HI all

I believe this fix stopped anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..

I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.


Regards

Tariq AlAli
what u just discribed seems to be your server issue, and not 4images.
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: TariqAlAli on June 15, 2005, 07:59:29 AM
HI all

I believe this fix stopped anonymous from uploading files to your tmp folder via apache where you can even run those files remotely..

I was a victim. an intruder was uploading SPAM Email scripts and running them remotely. I just did the changes and hope this will fix it.. if it works I will update you.


Regards

Tariq AlAli
what u just discribed seems to be your server issue, and not 4images.

well this happened to me since day one i installed 4images, anyhow as I mentioned "It might be". Since I modified the file the intruder had stopped the penetration to the server.

Also I noticed when I installed 4images a month ago that if i log in with my account and give a photo URL (Session) to a user, he will be login in with my session/ID.

I will be doing several exercises and will update you accordingly.

Thank you again.

Regards


Tariq AlAli
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on June 15, 2005, 08:04:21 AM
Also I noticed when I installed 4images a month ago that if i log in with my account and give a photo URL (Session) to a user, he will be login in with my session/ID.i
that is a perfectly normal behavour.
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: TariqAlAli on June 16, 2005, 09:51:43 AM
HI All

My thoughts going to be 100% correct. The security bug was the reason for hacking my server. It is been 48hrs since i implemented the new fix and the hacker did not login to the server.

I will give it another 72hrs; before I announce that the hack was from that bug and will try to post you how to penerate the servers with that bug.

Thank you all.

Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on June 16, 2005, 02:23:49 PM
I will give it another 72hrs; before I announce that the hack was from that bug and will try to post you how to penerate the servers with that bug.
via PM please, not public.
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: martrix on June 16, 2005, 09:47:21 PM
will try to post you how to penerate the servers with that bug.
Oh my god! Don't even think about giving out this information publicly! PLEASE!
Send it to Jan or V@no via PM, but not in a public thread in this forum - I beg you!
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: SonGokuuu on June 17, 2005, 05:07:47 PM
Ich habe das Bugfix nun aufgespielt, allerdings wird nun nicht mehr unten über den Usern, die online sind, der Text Es sind x Benutzer und x Besucher online angezeigt. Wie kann man diesen wiederherstellen und das Sicherheitsloch trotzdem schließen?


Falls ihr nicht wisst was ich meine:  http://www.zetzero.net/Anime-Folio/
(Unten im oberen Teil ein hellgrauer Balken, dort steht die Schrift die sonst drin stand aber nicht mehr, darunter dann die Usernamen, die online sind, allerdings mit oben etwas Platz)
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: RoadDogg on June 18, 2005, 09:34:33 AM
Der Fix hat damit aber nichts zu tun, da musst du noch was anderes geändert haben?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: SonGokuuu on June 18, 2005, 02:55:26 PM
Nein, habe lediglich bei der Datei den oben angegebenen Part ersetzt und dann überspielt, sonst wurden keine Änderungen durchgeführt.
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: nd.h on June 20, 2005, 07:44:35 PM
Gehe ich recht in der Annahme, dass diese Zeile nicht vorhanden ist, wenn ich die Galerie in phpBB integriert habe?
(ich weis leider nicht mehr, welche Zeilen dabei entfernt wurden)
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: RoadDogg on June 20, 2005, 08:18:25 PM
Wenige Beiträge weiter oben steht das:

no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix ;)

Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: nd.h on June 21, 2005, 02:28:46 PM
*hust* ... hab's gelesen und ausgeblendet...
Sorrry  :oops: :oops:

Danke nochmal !!!
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Eppi on June 26, 2005, 11:38:24 PM
Wenn ich die Version 1.7.1 heute heruntergeladen habe, muss ich dan diese Änderung auch vornehmen?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Jan on June 27, 2005, 01:43:09 PM
Nein
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: darkcurves on July 05, 2005, 04:05:24 AM
I cant seem to find that line in version 1.7.1. It's sessions.php right?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on July 05, 2005, 05:24:46 AM
It's sessions.php right?
yes
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: darkcurves on July 06, 2005, 12:45:20 PM
Cant find it. If you dont believe me, please check at http://usa.57host.com/cantfindit/sessions.php .
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: RoadDogg on July 06, 2005, 10:24:59 PM
I can´t download your sessions.php, please save it as sessions.txt
When have you downloaded your 4images software? In currently download version it´s already fixed.
Do you have phpbb integrated 4images?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: kashiftiwana on July 07, 2005, 12:16:21 AM
W :D W , what i say  8) , i was install 4images with postnuke and alwayz wanted that both working in same database, try many things but never got working both , finally i install postnuke module pn4images, now both was working but got only one error, when i add this security fix, error gone  :D
thank you guys, you dont know how much i appreciate your work n time & also this security fix :wink:
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: morningstar on July 08, 2005, 01:19:52 PM
omg im having problems i cant even get on my s4image gallery let alone fix it can anyone help, im getting a error message saying:


Warning: mysql_connect(): Too many connections in /home/sue/public_html/gallery/includes/db_mysql.php on line 39

DB Error: Could not connect to the database server (localhost, sue_imga1).
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Kane on July 08, 2005, 05:52:38 PM
What about for those os us who have integrated the script with vbulletin?

My line says this

$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? $this->read_cookie_data(COOKIE_PREFIX."userid") : GUEST;

What do I change it to?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: ID25 on July 08, 2005, 10:39:37 PM
When i fix this problem - my sessions living about 5-15sec.

Where is problem?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on July 08, 2005, 11:58:52 PM
@morningstar:
I have no idea why u wasted your (and our) time replying to this topic with absolutely unrelated issue!

@kane:
which integration are u talking about? Integration 4images 1.7 / vBulletin 2.x (http://www.4homepages.de/forum/index.php?topic=1659.0)? if so, then its seems to be fixed already.

@ID25:
Unless u did something else wrong, this fix could NOT possible affect anything in the way u've discribed.
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: darkcurves on July 10, 2005, 08:10:39 PM
I can´t download your sessions.php, please save it as sessions.txt
When have you downloaded your 4images software? In currently download version it´s already fixed.
Do you have phpbb integrated 4images?

Yeah, it's integrated with PHPBB. Here is the new link:

http://usa.57host.com/cantfindit/sessions.txt
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on July 10, 2005, 08:52:16 PM
replace
Code: [Select]
  $user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : GUEST;to:
Code: [Select]
  $user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : GUEST;
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: mWelle on July 15, 2005, 08:48:40 AM
Quote
When i fix this problem - my sessions living about 5-15sec.

das gleiche problem, es häufen sich nach einfügen des fixes die beschwerden der user das sie alle naselang rausgeschmissen werden.
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: TariqAlAli on July 16, 2005, 10:08:12 AM
HI All,

it has been a month since my first post about this fix. No more penetration to my server via SESSION  :D :D

no other details will be posted  :lol: :lol: :lol:

My advise, replace ASAP.


Regards

Tariq
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Dan1113 on July 24, 2005, 12:55:44 AM
I see that the vbulletin 2.x integration is ok, but what about the 3.x?

Here's the line in 3.x
$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? $this->read_cookie_data(COOKIE_PREFIX."userid") : GUEST;
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: V@no on July 24, 2005, 05:27:40 AM
Code: [Select]
$user_id = ($this->read_cookie_data(COOKIE_PREFIX."userid")) ? intval($this->read_cookie_data(COOKIE_PREFIX."userid")) : GUEST;
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: pkitty on August 18, 2005, 04:20:30 AM
I have a problem, I did this fix when it first came out, I recently had an influx of members, and I got an email today from one of them with a link in it, and when I clicked on it, I was logged into her account, I checked and double checked...this is the part of the code I changed in includes/sessions.php  am I missing something?

Code: [Select]
  function demand_session() {
    $this->get_session_id();
    if (!$this->load_session_info()) {
      $this->delete_old_sessions();
    $user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;
    $this->start_session($user_id);
    }
    else {
      $this->user_info = $this->load_user_info($this->session_info['session_user_id']);
      $update_cutoff = ($this->user_info['user_id'] != GUEST) ? $this->current_time - $this->user_info['user_lastaction'] : $this->current_time - $this->session_info['session_lastaction'];
      if ($update_cutoff > 60) {
        $this->update_session();
        $this->delete_old_sessions();
      }
    }
  }

  function start_session($user_id = GUEST, $login_process = 0) {
    global $site_db;

    $this->user_info = $this->load_user_info($user_id);
    if ($this->user_info['user_id'] != GUEST && !$login_process) {
      if ($this->read_cookie_data("userpass") === $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
        $this->set_cookie_data("userpass", $this->user_info['user_password']);
      }
      else {
        $this->set_cookie_data("userpass", "", 0);
        $this->user_info = $this->load_user_info(GUEST);
      }
    }

       
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Jan on August 19, 2005, 01:53:20 PM
Seems to be that problem: http://www.4homepages.de/forum/index.php?topic=8895.0
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: pkitty on August 20, 2005, 07:46:54 PM
I already have that in my includes/sessions.php.... see down below, so that cant be the problem unless I should have that in there...this is so confusing.

Code: [Select]
  if (!isset($this->session_info['session_user_id'])) {
        return false;
    }

if (!isset($this->session_info['session_ip']) || (isset($this->session_info['session_ip']) && $this->session_info['session_ip'] != $this->user_ip))
    {
      session_regenerate_id();
      $this->session_id = session_id();
      return false;
    }

    return $this->session_info;
  }

Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: hyde101 on August 23, 2005, 06:47:30 PM
I have 1.7 and I already have this modificition, (didn't need to change in sessions.php)
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: pkitty on August 24, 2005, 03:39:42 AM
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed.  I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong?  Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Xyu BAM on August 24, 2005, 05:19:18 AM
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed. I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong? Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?
your problem is not related to this topic...
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: hyde101 on August 24, 2005, 06:04:56 AM
But as I said, I have 1.7 and I didn't need to change this as it was already there..
Probably some other mod changed it? I don't remember, really. But it's there (new format)
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: pkitty on August 24, 2005, 04:49:03 PM
I too have 1.7...have you had a member send you an email with a link in it to see if the fix worked, or did you just add it and assume like I did it was fixed. I cannot have people being able to log into others accounts, or have my host be at risk....is there no solution to this or was the code looked at to see if I did something wrong? Its been almost 5 days.....I dont want to have to delete my photo album from my server because of this...does anybody know what it is?
your problem is not related to this topic...

Well then what topic IS it related to? 
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: xico on September 12, 2005, 12:51:40 AM
I made that change few months ago and today i was hacked... do you have another recent security fix?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: Xyu BAM on September 12, 2005, 08:13:17 AM
I made that change few months ago and today i was hacked... do you have another recent security fix?
and what is your evidence that your've been hacked THROUGH 4images ?
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: hyde101 on September 12, 2005, 03:32:26 PM
That's terrible..

Xico, what else do you have public on your server? any php forums such as phpbb or invision board?
please list the versions of any other php script you have on your server..

What kind of "hack" was it? Was it "deface" (changing of INDEX)
Title: Re: [1.7,1.7.1] Security fix in sessions.php
Post by: TheOracle on September 13, 2005, 03:15:37 AM
Quote

please list the versions of any other php script you have on your server..


@Xico:

If you intend to list your Global Server Information on the forum, please install this MOD first if you haven't do so. It will facilitate your task. ;)

http://www.4homepages.de/forum/index.php?topic=9289.msg43918#msg43918

Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: fotograf74 on December 24, 2005, 09:24:36 PM
Can´t find the line:
$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

in my session.php
Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: TheOracle on December 25, 2005, 01:48:10 PM
In your includes/sessions.php file,

find :

Quote

$this->delete_old_sessions();


and the line right below is the one you're looking for - which should be

this one :

Quote

$user_id = ($this->read_cookie_data("userid")) ? ...


replace that entire line

with this one :

Code: [Select]

$user_id = ($this->read_cookie_data("userid")) ? intval($this->read_cookie_data("userid")) : GUEST;


Merry Christmas.
Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: fotograf74 on January 08, 2006, 01:25:31 PM
Sorry in my sesions.php I can´t finde this line

Code: [Select]
<?php
/**************************************************************************
 *                                                                        *
 *    4images - A Web Based Image Gallery Management System               *
 *    ----------------------------------------------------------------    *
 *                                                                        *
 *             File: sessions.php                                         *
 *        Copyright: (C) 2002 Jan Sorgalla                                *
 *            Email: jan@4homepages.de                                    *
 *              Web: http://www.4homepages.de                             *
 *    Scriptversion: 1.7                                                  *
 *                                                                        *
 *    Never released without support from: Nicky (http://www.nicky.net)   *
 *                                                                        *
 **************************************************************************
 *                                                                        *
 *    Main part is adapted from of phpBB, (C) 2001 The phpBB Group        *
 *    phpBB is released under the GNU General Public License              *
 *                                                                        *
 *************************************************************************/
if (!defined('ROOT_PATH')) {
  die(
"Security violation");
}

//-----------------------------------------------------
//--- Start Configuration -----------------------------
//-----------------------------------------------------

// Define here the name of the session. Default of phpBB is "sid".
define('SESSION_NAME''sid');

// Define here the name of the banlist and config database tables.
// Maybe you only need to change the table prefix if you another
// than the phpBB default "phpbb_".
define('PHPBB_BANLIST_TABLE''phpbb_banlist');
define('PHPBB_CONFIG_TABLE''phpbb_config');

// Set her the corresponding database fields of the user table.
// If there is no corresponding field in the new user table,
// leave the value blank. Normally no need to change.
$user_table_fields = array(
  
"user_id" => "user_id",
  
"user_level" => "user_level",
  
"user_name" => "username",
  
"user_password" => "user_password",
  
"user_email" => "user_email",
  
"user_showemail" => "user_viewemail",
  
"user_allowemails" => "",
  
"user_invisible" => "user_allow_viewonline",
  
"user_joindate" => "user_regdate",
  
"user_activationkey" => "user_actkey",
  
"user_lastaction" => "user_session_time",
  
"user_location" => "user_session_page",
  
"user_lastvisit" => "user_lastvisit",
  
"user_comments" => "",
  
"user_homepage" => "user_website",
  
"user_icq" => "user_icq"
);

// Set here the URL to your phpBB forum. WITH trailing slash!
$url_app           "http://www.myforum.de";

// Set here different URL's to your phpBB forum.
// Normally no need to change.
$url_register      $url_app."profile.php?mode=register";
$url_lost_password $url_app."profile.php?mode=sendpassword";
$url_control_panel $url_app."profile.php?mode=editprofile";
$url_mailform      $url_app."profile.php?mode=email&u={user_id}";
$url_show_profile  $url_app."profile.php?mode=viewprofile&u={user_id}";
$url_login         $url_app."login.php";
$url_logout        $url_app."login.php?logout=true";

//-----------------------------------------------------
//--- End Configuration -------------------------------
//-----------------------------------------------------

define('USER_INTEGRATION''PHPBB');

function 
get_user_table_field($add$user_field) {
  global 
$user_table_fields;
  return (!empty(
$user_table_fields[$user_field])) ? $add.$user_table_fields[$user_field] : "";
}

class 
Session {

  var 
$session_id;
  var 
$user_ip;
  var 
$user_location;
  var 
$current_time;
  var 
$session_timeout;
  var 
$mode "get";
  var 
$session_info = array();
  var 
$user_info = array();

  function 
Session() {
    global 
$config$board_config;
    
$this->session_timeout $board_config['session_length'];
    
$this->user_ip $this->get_user_ip();
    
$this->user_location 1;
    
$this->current_time time();
    
$this->session_pagestart($this->user_ip0);
  }

  function 
session_pagestart($user_ip$thispage_id) {
    global 
$site_db$board_config;
  global $HTTP_COOKIE_VARS$HTTP_GET_VARS$HTTP_POST_VARS$SID;

    
$cookiename $board_config['cookie_name'];
  $cookiepath $board_config['cookie_path'];
  $cookiedomain $board_config['cookie_domain'];
  $cookiesecure $board_config['cookie_secure'];

  if ( isset($HTTP_COOKIE_VARS[$cookiename '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename '_data']) )
  {
  $this->session_id = isset($HTTP_COOKIE_VARS[$cookiename '_sid']) ? $HTTP_COOKIE_VARS[$cookiename '_sid'] : '';
  $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename '_data'])) : array();
  if (!is_array($sessiondata)) {
    $sessiondata = array();
  }
  $this->mode "cookie";
  }
  else
  {
  $sessiondata = array();
  if (isset($HTTP_GET_VARS[SESSION_NAME])) {
        
$this->session_id $HTTP_GET_VARS[SESSION_NAME];
      }
      elseif (isset(
$HTTP_POST_VARS[SESSION_NAME])) {
        
$this->session_id $HTTP_POST_VARS[SESSION_NAME];
      }
      else {
        
$this->session_id false;
      }
  }

  
//
  
// Does a session exist?
  
//
  
if ( !empty($this->session_id) )
  
{
  
$valid_session 1;
  
if (!$this->load_session_info()) {
      
$this->session_info['session_user_id'] = GUEST;
      
$valid_session 0;
      }
      
$this->user_info $this->load_user_info($this->session_info['session_user_id']);

  
if ( $valid_session )
  
{
  
$SID = ( $this->mode == "get" ) ? SESSION_NAME.'=' $this->session_id '';

  
if ( $this->current_time $this->session_info['session_time'] > 60 )
  
{
  
$sql "UPDATE " SESSIONS_TABLE "
   SET session_time = 
$this->current_time, session_page = $thispage_id
   WHERE session_id = '
$this->session_id'
   AND session_ip = '
$user_ip'";
  
$site_db->query($sql);

  
if ( $this->user_info['user_id'] != GUEST )
  
{
  
$sql "UPDATE " USERS_TABLE "
   SET user_session_time = 
$this->current_time, user_session_page = $thispage_id
   WHERE user_id = " 
$this->user_info['user_id'];
  
$site_db->query($sql);
  
}
   $this->delete_old_sessions();
    setcookie($cookiename '_data'serialize($sessiondata), $this->current_time 31536000$cookiepath$cookiedomain$cookiesecure);
   setcookie($cookiename '_sid'$this->session_id0$cookiepath$cookiedomain$cookiesecure);
     }
   return $this->user_info;
  }
  }

  $user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : GUEST;
  $this->user_info $this->session_begin($user_id$user_ip$thispage_idTRUE);
  return $this->user_info;

  }

  function 
session_begin($user_id$user_ip$page_id$auto_create 0$enable_autologin 0) {
    global 
$site_db$board_config;
  global $HTTP_COOKIE_VARS$HTTP_GET_VARS$HTTP_POST_VARS$SID;

    
$cookiename $board_config['cookie_name'];
  $cookiepath $board_config['cookie_path'];
  $cookiedomain $board_config['cookie_domain'];
  $cookiesecure $board_config['cookie_secure'];

  if ( isset($HTTP_COOKIE_VARS[$cookiename '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename '_data']) )
  {
  $this->session_id = isset($HTTP_COOKIE_VARS[$cookiename '_sid']) ? $HTTP_COOKIE_VARS[$cookiename '_sid'] : '';
  $sessiondata = isset($HTTP_COOKIE_VARS[$cookiename '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename '_data'])) : array();
  $this->mode "cookie";
  }
  else
  {
  $sessiondata = array();
  if (isset($HTTP_GET_VARS[SESSION_NAME])) {
        
$this->session_id $HTTP_GET_VARS[SESSION_NAME];
      }
      elseif (isset(
$HTTP_POST_VARS[SESSION_NAME])) {
        
$this->session_id $HTTP_POST_VARS[SESSION_NAME];
      }
      else {
        
$this->session_id false;
      }
  }

  $last_visit 0;
  $expiry_time $this->current_time $board_config['session_length'];

  $this->user_info $this->load_user_info($user_id);
  $user_id $this->user_info['user_id'];

    if ( 
$user_id != GUEST )
  {
  $auto_login_key $this->user_info['user_password'];

  if ( $auto_create )
  {
  
if ( isset($sessiondata['autologinid']) && $this->user_info['user_active'] )
   {
   // We have to login automagically
   if( $sessiondata['autologinid'] == $auto_login_key )
  {
  
// autologinid matches password
   $login 1;
   $enable_autologin 1;
   }
  else
  
{
   // No match; don't login, set as anonymous user
   $login 0;
   $enable_autologin 0;
   $user_id GUEST;
  
}
   }
   else
  {
  // Autologin is not set. Don't login, set as anonymous user
  
$login 0;
   $enable_autologin 0;
   $user_id GUEST;
  }
  
}
   else
  {
   $login 1;
  
}
  }
    else
  {
  $login 0;
  
$enable_autologin 0;
  
$user_id GUEST;
  }

  //
  // Initial ban check against user id, IP and email address
  
//
  preg_match('/(..)(..)(..)(..)/'$user_ip$user_ip_parts);

  $sql "SELECT ban_ip, ban_userid, ban_email
   FROM " 
PHPBB_BANLIST_TABLE "
   WHERE ban_ip IN ('" 
$user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" $user_ip_parts[1] . "ffffff')
   OR ban_userid = 
$user_id";
  
if ( $user_id != GUEST )
  
{
  
$sql .= " OR ban_email LIKE '" str_replace("\'""''"$this->user_info['user_email']) . "'
   OR ban_email LIKE '" 
substr(str_replace("\'""''"$this->user_info['user_email']), strpos(str_replace("\'""''"$this->user_info['user_email']), "@")) . "'";
  
}
  
$result $site_db->query($sql);

  
if ( $ban_info $site_db->fetch_array($result) )
  
{
  
if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] )
  
{
  
header("Location: $url_login");
        exit;
  
}
  
}

  
//
  
// Create or update the session
  
//
  
$sql "UPDATE " SESSIONS_TABLE "
   SET session_user_id = 
$user_id, session_start = $this->current_time, session_time = $this->current_time, session_page = $page_id, session_logged_in = $login
   WHERE session_id = '" 
$this->session_id "'
   AND session_ip = '
$user_ip'";
  
if ( !$site_db->query($sql) || !$site_db->affected_rows() )
  
{
  
$this->session_id md5(uniqid($user_ip));

  
$sql "INSERT INTO " SESSIONS_TABLE "
   (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)
   VALUES ('
$this->session_id', $user_id$this->current_time$this->current_time, '$user_ip', $page_id$login)";
  
$site_db->query($sql);
  
}

  
if ( $user_id != GUEST )
  
{
  
$last_visit = ( $this->user_info['user_session_time'] > ) ? $this->user_info['user_session_time'] : $this->current_time;

  
$sql "UPDATE " USERS_TABLE "
   SET user_session_time = 
$this->current_time, user_session_page = $page_id, user_lastvisit = $last_visit
   WHERE user_id = 
$user_id";
  
$site_db->query($sql);

  
$this->user_info['user_lastvisit'] = $last_visit;

  
$sessiondata['autologinid'] = ( $enable_autologin && $this->mode == "cookie" ) ? $auto_login_key '';
  
$sessiondata['userid'] = $user_id;
  
}

  
$this->user_info['user_id'] = $user_id;
  
$this->session_info['session_id'] = $this->session_id;
  
$this->session_info['session_ip'] = $user_ip;
  
$this->session_info['session_user_id'] = $user_id;
  
$this->session_info['session_logged_in'] = $login;
  
$this->session_info['session_page'] = $page_id;
  
$this->session_info['session_start'] = $this->current_time;
  
$this->session_info['session_time'] = $this->current_time;

  
setcookie($cookiename '_data'serialize($sessiondata), $this->current_time 31536000$cookiepath$cookiedomain$cookiesecure);
  
setcookie($cookiename '_sid'$this->session_id0$cookiepath$cookiedomain$cookiesecure);

  
$SID = ( $this->mode == "get" ) ? SESSION_NAME.'=' $this->session_id '';

  
return $this->user_info;
  }

  function 
login($user_name ""$user_password ""$auto_login 0$set_auto_login 1) {
    global 
$url_login;
    
header("Location: $url_login");
  }

  function 
logout($user_id GUEST) {
    global 
$url_logout;
    
header("Location: $url_logout");
  }

  function 
delete_old_sessions() {
    global 
$site_db$board_config;
    
$expiry_time $this->current_time $board_config['session_length'];
    
$sql "DELETE FROM ".SESSIONS_TABLE."
            WHERE session_time < 
$expiry_time";
    
$site_db->query($sql);

    
$sql "SELECT session_id
            FROM "
.SESSIONS_TABLE;
    
$result $site_db->query($sql);
    if (
$result) {
      
$session_ids_sql "";
      while (
$row $site_db->fetch_array($result)) {
        
$session_ids_sql .= (($session_ids_sql != "") ? ", " "") . "'".$row['session_id']."'";
      }
    }
    if (!empty(
$session_ids_sql)) {
      
$sql "DELETE FROM ".SESSIONVARS_TABLE."
              WHERE session_id NOT IN (
$session_ids_sql)";
      
$site_db->query($sql);
    }
    return 
true;
  }

  function 
return_session_info() {
    return 
$this->session_info;
  }

  function 
return_user_info() {
    return 
$this->user_info;
  }

  function 
freeze() {
    return;
  }

  function 
load_session_info() {
    global 
$site_db;
    if (empty(
$this->session_id)) {
      return 
false;
    }
    
$ip_sql = ($this->mode == "get") ? " AND session_ip = '$this->user_ip'" "";
    
$this->session_info = array();
    
$sql "SELECT *
            FROM "
.SESSIONS_TABLE."
            WHERE session_id = '
$this->session_id'
            
$ip_sql";
    
$this->session_info $site_db->query_firstrow($sql);
    if (empty(
$this->session_info['session_user_id'])) {
      return 
false;
    }
    else {
      
$sql "SELECT sessionvars_name, sessionvars_value
              FROM "
.SESSIONVARS_TABLE."
              WHERE session_id = '
$this->session_id'";
      
$result $site_db->query($sql);
      while (
$row $site_db->fetch_array($result)) {
        
$this->session_info[$row['sessionvars_name']] = $row['sessionvars_value'];
      }
      return 
$this->session_info;
    }
  }

  function 
load_user_info($user_id GUEST) {
    global 
$site_db$user_table_fields;

    if (
$user_id != GUEST) {
      
$sql "SELECT u.*, l.*
              FROM "
.USERS_TABLE." u, ".LIGHTBOXES_TABLE." l
              WHERE "
.get_user_table_field("u.""user_id")." = $user_id AND l.user_id = ".get_user_table_field("u.""user_id");
      
$user_info $site_db->query_firstrow($sql);
      if (!
$user_info) {
        
$sql "SELECT *
                FROM "
.USERS_TABLE."
                WHERE "
.get_user_table_field("""user_id")." = $user_id";
        
$user_info $site_db->query_firstrow($sql);
        if (
$user_info) {
          
$lightbox_id get_random_key(LIGHTBOXES_TABLE"lightbox_id");
          
$sql "INSERT INTO ".LIGHTBOXES_TABLE."
                  (lightbox_id, user_id, lightbox_lastaction, lightbox_image_ids)
                  VALUES
                  ('
$lightbox_id', ".$user_info[$user_table_fields['user_id']].", $this->current_time, '')";
          
$site_db->query($sql);
          
$user_info['lightbox_lastaction'] = $this->current_time;
          
$user_info['lightbox_image_ids'] = "";
        }
      }
    }
    if (empty(
$user_info[$user_table_fields['user_id']])) {
      
$user_info = array();
      
$user_info['user_id'] = GUEST;
      
$user_info['user_level'] = GUEST;
      
$user_info['user_lastaction'] = $this->current_time;
    }

    foreach (
$user_table_fields as $key => $val) {
      if (isset(
$user_info[$val])) {
        if (
$val == "user_allow_viewonline") {
          
$user_info[$key] = ($user_info[$val] == 1) ? 1;
        }
        else {
          
$user_info[$key] = $user_info[$val];
        }
      }
      elseif (!isset(
$user_info[$key])) {
        
$user_info[$key] = "";
      }
    }
    if (isset(
$user_info['user_active']) && $user_info['user_active'] == 0) {
      
$user_info['user_level'] = USER_AWAITING;
    }
    return 
$user_info;
  }

  function 
set_session_var($var_name$value) {
    global 
$site_db;
    
$sql "SELECT session_id
            FROM "
.SESSIONVARS_TABLE."
            WHERE sessionvars_name = '
$var_name' AND session_id = '$this->session_id'";
    if (
$site_db->is_empty($sql)) {
      
$sql "INSERT INTO ".SESSIONVARS_TABLE."
              (session_id, sessionvars_name, sessionvars_value)
              VALUES
              ('
$this->session_id', '$var_name', '$value')";
      
$site_db->query($sql);
    }
    else {
      
$sql "UPDATE ".SESSIONVARS_TABLE."
              SET sessionvars_value = '
$value'
              WHERE sessionvars_name = '
$var_name' AND session_id = '$this->session_id'";
      
$site_db->query($sql);
    }
    
$this->session_info[$var_name] = $value;
    return 
true;
  }

  function 
get_session_var($var_name) {
    global 
$site_db;
    if (isset(
$this->session_info[$var_name])) {
      return 
$this->session_info[$var_name];
    }
    else {
      
$sql "SELECT sessionvars_value
              FROM "
.SESSIONVARS_TABLE."
              WHERE sessionvars_name = '
$var_name' AND session_id = '$this->session_id'";
      
$value $site_db->query_firstrow($sql);
      if (
$value) {
        
$this->session_info[$var_name] = $value['sessionvars_value'];
        return 
$value['sessionvars_value'];
      }
      else {
        return 
"";
      }
    }
  }

  function 
drop_session_var($var_name) {
    global 
$site_db;
    
$sql "DELETE FROM ".SESSIONVARS_TABLE."
            WHERE sessionvars_name = '
$var_name' AND session_id = '$this->session_id'";
    return (
$site_db->query($sql)) ? 0;
  }

  function 
get_user_ip() {
    global 
$HTTP_SERVER_VARS$HTTP_ENV_VARS$REMOTE_ADDR;

    if( 
getenv('HTTP_X_FORWARDED_FOR') != '' )
    {
    $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );

    if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/"getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
    {
    $private_ip = array('/^127\.0\.0\.1/''/^192\.168\..*/''/^172\.16\..*/''/^10..*/''/^224..*/''/^240..*/');
    $client_ip preg_replace($private_ip$client_ip$ip_list[1]);
    }
    }
    else
    {
    $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
    }

    
$ip_sep explode('.'$client_ip);
  return sprintf('%02x%02x%02x%02x'$ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
  }

  function 
get_user_location() {
    global 
$self_url;
    return (
defined("IN_CP")) ? "Control Panel" preg_replace(array("/([?|&])action=[^?|&]*/""/([?|&])mode=[^?|&]*/""/([?|&])phpinfo=[^?|&]*/""/([?|&])printstats=[^?|&]*/""/[?|&]".URL_ID."=[^?|&]*/""/[?|&]l=[^?|&]*/""/[&?]+$/"), array(""""""""""""""), addslashes($self_url));
  }

  
/* ORIGINAL CODE
  function url($url, $amp = "&amp;") {
    global $l;
    $dummy_array = explode("#", $url);
    $url = $dummy_array[0];

    if ($this->mode == "get" && !preg_match("/".SESSION_NAME."=/i", $url)) {
      $url .= preg_match("/\?/", $url) ? "$amp" : "?";
      $url .= SESSION_NAME."=".$this->session_id;
    }

    if (!empty($l)) {
      $url .= preg_match("/\?/", $url) ? "$amp" : "?";
      $url .= "l=".$l;
    }

    $url .= (isset($dummy_array[1])) ? "#".$dummy_array[1] : "";
    return $url;
  }
*/
  
function url($url$amp "&amp;") {
    global 
$l$user_info;
    
$dummy_array explode("#"$url);
    
$url $dummy_array[0];
    
$url str_replace('&amp;''&'$url);
    if (!
defined('IN_CP')) {
      if (
strstr($url'index.php')) {
        
$url str_replace('index.php'''$url);
      }
      elseif (
strstr($url'search.php')) {
        if (
strstr($url'page=')) {
          
preg_match('#page=([0-9]+)&?#'$url$matches);
          if (isset(
$matches[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('search.php''search.'.$matches[1].'.htm'$url);
            
$query str_replace('page='.$matches[1].'&'''$query);
            
$query str_replace('&page='.$matches[1], ''$query);
            
$query str_replace('page='.$matches[1], ''$query);
            if (!empty(
$query)) {
              
$url .= '?' $query;
            }
          }
        }
        else {
          
$url str_replace('search.php''search.htm'$url);
        }
      }
      elseif (
strstr($url'lightbox.php')) {
        if (
strstr($url'page=')) {
          
preg_match('#page=([0-9]+)&?#'$url$matches);
          if (isset(
$matches[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('lightbox.php''lightbox.'.$matches[1].'.htm'$url);
            
$query str_replace('page='.$matches[1].'&'''$query);
            
$query str_replace('&page='.$matches[1], ''$query);
            
$query str_replace('page='.$matches[1], ''$query);
            if (!empty(
$query)) {
                
$url .= '?' $query;
            }
          }
        }
        else {
          
$url str_replace('lightbox.php''lightbox.htm'$url);
        }
      }
      elseif (
strstr($url'categories.php')) {
        if (
strstr($url'cat_id=') && strstr($url'page=')) {
          
preg_match('#cat_id=([0-9]+)&?#'$url$matches1);
          
preg_match('#page=([0-9]+)&?#'$url$matches2);
          if (isset(
$matches1[1]) && isset($matches2[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('categories.php''cat'.$matches1[1].'.'.$matches2[1].'.htm'$url);
            
$query str_replace('cat_id='.$matches1[1].'&'''$query);
            
$query str_replace('&cat_id='.$matches1[1], ''$query);
            
$query str_replace('cat_id='.$matches1[1], ''$query);
            
$query str_replace('page='.$matches2[1].'&'''$query);
            
$query str_replace('&page='.$matches2[1], ''$query);
            
$query str_replace('page='.$matches2[1], ''$query);
            if (!empty(
$query)) {
              
$url .= '?' $query;
            }
          }
        }
        elseif (
strstr($url'cat_id=')) {
          
preg_match('#cat_id=([0-9]+)&?#'$url$matches);
          if (isset(
$matches[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('categories.php''cat'.$matches[1].'.htm'$url);
            
$query str_replace('cat_id='.$matches[1].'&'''$query);
            
$query str_replace('&cat_id='.$matches[1], ''$query);
            
$query str_replace('cat_id='.$matches[1], ''$query);
            if (!empty(
$query)) {
              
$url .= '?' $query;
            }
          }
        }
        else {
          
$url str_replace('categories.php''cat.htm'$url);
        }
      }
      elseif (
strstr($url'details.php?image_id=')) {
        if (
strstr($url'image_id=') && strstr($url'mode=')) {
          
preg_match('#image_id=([0-9]+)&?#'$url$matches1);
          
preg_match('#mode=([a-zA-Z0-9]+)&?#'$url$matches2);
          if (isset(
$matches1[1]) && isset($matches2[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('details.php''img'.$matches1[1].'.'.$matches2[1].'.htm'$url);
            
$query str_replace('image_id='.$matches1[1].'&'''$query);
            
$query str_replace('&image_id='.$matches1[1], ''$query);
            
$query str_replace('image_id='.$matches1[1], ''$query);
            
$query str_replace('mode='.$matches2[1].'&'''$query);
            
$query str_replace('&mode='.$matches2[1], ''$query);
            
$query str_replace('mode='.$matches2[1], ''$query);
            if (!empty(
$query)) {
              
$url .= '?' $query;
            }
          }
        }
        else {
          
preg_match('#image_id=([0-9]+)&?#'$url$matches);
          if (isset(
$matches[1])) {
            
$split explode('?'$url);
            
$url $split[0];
            
$query = @$split[1];
            
$url   str_replace('details.php''img'.$matches[1].'.htm'$url);
            
$query str_replace('image_id='.$matches[1].'&'''$query);
            
$query str_replace('&image_id='.$matches[1], ''$query);
            
$query str_replace('image_id='.$matches[1], ''$query);
            if (!empty(
$query)) {
              
$url .= '?' $query;
            }
          }
        }
      }
      elseif (
strstr($url'postcards.php?image_id=')) {
        
preg_match('#image_id=([0-9]+)&?#'$url$matches);
        if (isset(
$matches[1])) {
          
$split explode('?'$url);
          
$url $split[0];
          
$query = @$split[1];
          
$url   str_replace('postcards.php''postcard.img'.$matches[1].'.htm'$url);
          
$query str_replace('image_id='.$matches[1].'&'''$query);
          
$query str_replace('&image_id='.$matches[1], ''$query);
          
$query str_replace('image_id='.$matches[1], ''$query);
          if (!empty(
$query)) {
            
$url .= '?' $query;
          }
        }
      }
    }
    if (
$this->mode == "get" && strstr($url$this->session_id)) {
      
$url .= strpos($url'?') !== false '&' '?';
      
$url .= SESSION_NAME."=".$this->session_id;
    }
    if (!empty(
$l)) {
      
$url .= strpos($url'?') ? '&' '?';
      
$url .= "l=".$l;
    }
    
$url str_replace('&'$amp$url);
    
$url .= isset($dummy_array[1]) ? "#".$dummy_array[1] : "";
    return 
$url;
  }
//end of class

//-----------------------------------------------------
//--- Start Session -----------------------------------
//-----------------------------------------------------
$board_config = array();
$sql "SELECT * FROM " PHPBB_CONFIG_TABLE;
$result $site_db->query($sql);
while(
$row $site_db->fetch_array($result)) {
  
$board_config[$row['config_name']] = $row['config_value'];
}

//Start Session
$site_sess = new Session();

// Get Userinfo
$session_info $site_sess->return_session_info();
$user_info $site_sess->return_user_info();

//-----------------------------------------------------
//--- Get User Caches ---------------------------------
//-----------------------------------------------------
$num_total_online 0;
$num_visible_online 0;
$num_invisible_online 0;
$num_registered_online 0;
$num_guests_online 0;
$user_online_list "";
$prev_user_ids = array();
$prev_session_ips = array();

if (
defined("GET_USER_ONLINE") && ($config['display_whosonline'] == || $user_info['user_level'] == ADMIN)) {
  
$time_out time() - 300;
  
$sql "SELECT ".get_user_table_field("u.""user_id").get_user_table_field(", u.""user_level").get_user_table_field(", u.""user_name").get_user_table_field(", u.""user_invisible").", s.session_user_id, s.session_time, s.session_ip
  FROM "
.USERS_TABLE." u, ".SESSIONS_TABLE." s
  WHERE "
.get_user_table_field("u.""user_id")." = s.session_user_id AND (s.session_time >= $time_out OR ".get_user_table_field("u.""user_lastaction")." >= $time_out)
  ORDER BY "
.get_user_table_field("u.""user_id")." ASC, s.session_ip ASC";
  
$result $site_db->query($sql);
  while (
$row $site_db->fetch_array($result)) {
    if (
$row['session_user_id'] != GUEST) {
      if (!isset(
$prev_user_ids[$row['session_user_id']])) {
        
$is_invisible = (isset($row[$user_table_fields['user_invisible']]) && $row[$user_table_fields['user_invisible']] == 0) ? 0;
        
$invisibleuser = ($is_invisible) ? "*" "";
        
$username = (isset($row[$user_table_fields['user_level']]) && $row[$user_table_fields['user_level']] == ADMIN && $config['highlight_admin'] == 1) ? sprintf("<b>%s</b>"$row[$user_table_fields['user_name']]) : $row[$user_table_fields['user_name']];
        if (!
$is_invisible || $user_info['user_level'] == ADMIN) {
          
$user_online_list .= ($user_online_list != "") ? ", " "";
          
$user_profile_link = (!empty($url_show_profile)) ? preg_replace("/{user_id}/"$row['session_user_id'], $url_show_profile) : ROOT_PATH."member.php?action=showprofile&amp;".URL_USER_ID."=".$row['session_user_id'];
          
$user_online_list .= "<a href=\"".$site_sess->url($user_profile_link)."\">".$username."</a>".$invisibleuser;
        }
        (!
$is_invisible) ? $num_visible_online++ : $num_invisible_online++;
        
$num_registered_online++;
      }
      
$prev_user_ids[$row['session_user_id']] = 1;
    }
    else {
      if (!isset(
$prev_session_ips[$row['session_ip']])) {
        
$num_guests_online++;
      }
    }
    
$prev_session_ips[$row['session_ip']] = 1;
  }
  
$num_total_online $num_registered_online $num_guests_online;

  
$site_template->register_vars(array(
    
"num_total_online" => $num_total_online,
    
"num_invisible_online" => $num_invisible_online,
    
"num_registered_online" => $num_registered_online,
    
"num_guests_online" => $num_guests_online,
    
"user_online_list" => $user_online_list,
    
"lang_user_online" => str_replace('{num_total_online}'$num_total_online$lang['user_online']),
    
"lang_user_online_detail" => str_replace(array('{num_registered_online}','{num_invisible_online}','{num_guests_online}'), array($num_registered_online,$num_invisible_online,$num_guests_online), $lang['user_online_detail']),
  ));
  
$whos_online $site_template->parse_template("whos_online");
  
$site_template->register_vars("whos_online"$whos_online);
  unset(
$whos_online);
  unset(
$prev_user_ids);
  unset(
$prev_session_ips);
}
?>
Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: Ston4Img on January 08, 2006, 03:17:29 PM
The Lini "$this->delete_old_sessions();" was in the current download included with the modification (the Post from "theOracle")
Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: V@no on January 08, 2006, 08:27:23 PM
Please read the replys before you complain :P ;)

no this line :$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;

I integrated phpBB 2.0.15 .
that version does not have this hole, dont worry about this fix ;)
Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: madace77 on January 18, 2006, 03:59:20 PM
Is this fix already implemented in the version i'm about to get from the Download section?
Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: V@no on January 18, 2006, 11:59:25 PM
Unless you are getting version newer then v1.7.1 (which is not out yet) then no, these fixes are not implemented into current version.
Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: Morgan on March 15, 2006, 10:25:29 PM
Is this fix important for integrated 4images 1.7 version for Runcms/E-Xoops? I can't find a code to replace in sessions.php, seems that there is no such line - user's login/logout integrated with CMS. I use russian language in 4images 1.7 and Runcms 1.2-)
Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: V@no on March 16, 2006, 12:52:03 AM
Perhaps if you would attach your sessions.php (as a .txt file), then I could answer your question ;)
Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: Jan on May 03, 2006, 10:18:59 AM
Theres another fix for sessions.php:
http://www.4homepages.de/forum/index.php?topic=12807.0
Title: Re: [1.7 / 1.7.1] Security fix in sessions.php
Post by: bazm on August 15, 2018, 07:56:09 AM
Find $string = preg_replace('#</(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
and replace with
$string = preg_replace('#</(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*(>|$)#i',"",$string);

bazmineh.com

bitdefendercenter.ir