1
Installation, Update & Configuration / Sub Category images
« on: November 02, 2006, 03:28:24 PM »
Want to have images before my sub-category name.
How can I realize this?
How can I realize this?
4images Forum & Community
The forum for all 4images gallery administrators
News:
You're looking for some 4images templates and styles? Then visit this thread to show websites with 4images templates to download.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
Mods & Plugins (Requests & Discussions) / Want to realize a specific Shop
« on: April 28, 2006, 10:01:46 AM »
Hello,
yes I know there ar some 4images-mods, that can do some parts of my 4images shop-idea but not all:
- upload image in high-quality (3000px)
- automatic resize in four different sizes ( 500px, 1000px, 2000px, 3000px) (in different folders)
- different prices
- buy a digital image
- download options of the different sizes after checkoput the shopping cart
- a bill sending to the customer
- two download option for different customergroups: Download the image after pay, Download the image directly
- Users can upload images to this shop
Okay I have seen the mod Beta shop and the resize modification, but can they do this for me?
Or other question: Can anybody do this for me? (I will pay)
yes I know there ar some 4images-mods, that can do some parts of my 4images shop-idea but not all:
- upload image in high-quality (3000px)
- automatic resize in four different sizes ( 500px, 1000px, 2000px, 3000px) (in different folders)
- different prices
- buy a digital image
- download options of the different sizes after checkoput the shopping cart
- a bill sending to the customer
- two download option for different customergroups: Download the image after pay, Download the image directly
- Users can upload images to this shop
Okay I have seen the mod Beta shop and the resize modification, but can they do this for me?
Or other question: Can anybody do this for me? (I will pay)
3
Mods & Plugins (Releases & Support) / Re: Different download options / Verschiedene Download Möglichke
« on: April 26, 2006, 08:22:49 PM »
I read the whole thread. Is there any example in the web to see this mod in action?
Can I do this with the mod?
- upload a high-res picture
- automatic resized in 4 sizes, which are automatic saved in different folders
- can put each in the lightbox
- download the lightbox (cart)
Can I do this with the mod?
- upload a high-res picture
- automatic resized in 4 sizes, which are automatic saved in different folders
- can put each in the lightbox
- download the lightbox (cart)
4
Mods & Plugins (Requests & Discussions) / Re: Shop Modul für 4images
« on: April 22, 2006, 01:54:52 AM »
Wie schaut es aus?
5
Mods & Plugins (Requests & Discussions) / Re: Shop Modul für 4images
« on: March 27, 2006, 12:21:40 AM »
Habe mal den kompletten Thread überflogen und bin begeistert von sovielen Ideen für eine Shop-Umsetzung.
Also ich hätte auch eine um meine Bilder zu vermarkten.
Ich habe schon mit allen möglichen Open-Source Software Programmen wie OsCommerce, Virtuemart oder Zen-Cart einieg Zeit herumgespielt, aber das richtige war das alles nicht. Keine Frage alles tolle Shopsysteme, aber um seine Fotos zu präsentieren und eventuell zu verkaufen muss ein richtige Gallery her. Ich habe neben 4images auch Galler2 und Coppermine laufen, bin aber immer noch (trotz des Forumcrashs vor einem Jahr) ein glühender 4images Anhänger. Was gebe es schöneres als in diese tolle Gallyery einen Shop zu integrieren. Ja es gibt schon einige Skripte, aber keines entspricht leider meinen Ansprüchen:
1. In erster Linie möchte ich alleine meine Bilder einstellen
2. Neben Präsentation ist der Verkauf von Bilder als digitaler Download vorgesehen
3. Bilder sollen in verschiedenen Größen vorliegen (z.B: 4000, 2000, 1000 und 500px)
4. Automatisches verkleinern der Bilder
5. Der Kunde wählt ein Bild (Warenkorbfunktionen, mit AGB´s, Anmeldung etc)
6. Er bezahlt bei den gängigen Online-Zahlungssystemen (Paypal, Firstgate)
7. Das System erfasst automatisch die Bezahlung bei den Zahlungssystemen (die Shopsysteme habe das schon umgesetzt)
8. Erhält automatisch nach der Bezahlung einen Code mit dem er sich das Bild herunterladen kann
Wäre super wenn das jemand umsetzen könnte
Also ich hätte auch eine um meine Bilder zu vermarkten.
Ich habe schon mit allen möglichen Open-Source Software Programmen wie OsCommerce, Virtuemart oder Zen-Cart einieg Zeit herumgespielt, aber das richtige war das alles nicht. Keine Frage alles tolle Shopsysteme, aber um seine Fotos zu präsentieren und eventuell zu verkaufen muss ein richtige Gallery her. Ich habe neben 4images auch Galler2 und Coppermine laufen, bin aber immer noch (trotz des Forumcrashs vor einem Jahr) ein glühender 4images Anhänger. Was gebe es schöneres als in diese tolle Gallyery einen Shop zu integrieren. Ja es gibt schon einige Skripte, aber keines entspricht leider meinen Ansprüchen:
1. In erster Linie möchte ich alleine meine Bilder einstellen
2. Neben Präsentation ist der Verkauf von Bilder als digitaler Download vorgesehen
3. Bilder sollen in verschiedenen Größen vorliegen (z.B: 4000, 2000, 1000 und 500px)
4. Automatisches verkleinern der Bilder
5. Der Kunde wählt ein Bild (Warenkorbfunktionen, mit AGB´s, Anmeldung etc)
6. Er bezahlt bei den gängigen Online-Zahlungssystemen (Paypal, Firstgate)
7. Das System erfasst automatisch die Bezahlung bei den Zahlungssystemen (die Shopsysteme habe das schon umgesetzt)
8. Erhält automatisch nach der Bezahlung einen Code mit dem er sich das Bild herunterladen kann
Wäre super wenn das jemand umsetzen könnte
6
Mods & Plugins (Releases & Support) / Re: [Mod] [Beta] Shop Mod für 4images
« on: March 21, 2006, 04:31:41 PM »
This Script is nice but I searching for a mod that can realize a PhotoStore with this features for me:
- over 50.000 pictures
- user can buy pictures in different sizes
- user can automatic download the pictures after paying over services like Paypal or firstgate
First I want to realize this with an e-commerce script like Oscommerce or Virtuemart.There I have the advantages to sell digital downloads, but not the advantages that a PhotoGallery have (Design, Batch ..)
Is there any modification here?
Or can someone program me a script which can do this?
Thanks for your answer
- over 50.000 pictures
- user can buy pictures in different sizes
- user can automatic download the pictures after paying over services like Paypal or firstgate
First I want to realize this with an e-commerce script like Oscommerce or Virtuemart.There I have the advantages to sell digital downloads, but not the advantages that a PhotoGallery have (Design, Batch ..)
Is there any modification here?
Or can someone program me a script which can do this?
Thanks for your answer
7
Mods & Plugins (Releases & Support) / Re: Integration 4images 1.7 / phpBB
« on: January 15, 2006, 11:02:20 AM »
Yes I do this many times, but the connection between 4images Gallery and phpbb Forum is still there.
Is there some code in the database or in the phpbb files?
Is there some code in the database or in the phpbb files?
8
Mods & Plugins (Releases & Support) / Re: Integration 4images 1.7 / phpBB
« on: January 15, 2006, 12:39:48 AM »
Hmm, funny now I get no error message. But I can´t use the old session.php because some mods.
But what can I do to disconnect the forum from my 4images version?
When the user now logged out in the forum they go directly to the Photo-Site. I want that the users stay in the forum.
But what can I do to disconnect the forum from my 4images version?
When the user now logged out in the forum they go directly to the Photo-Site. I want that the users stay in the forum.
9
Mods & Plugins (Releases & Support) / Re: Integration 4images 1.7 / phpBB
« on: January 14, 2006, 09:16:43 PM »
I installed this mod before the forum chrashed and now I want to disconnect my photos site from the Forum.
I changed the session.php and the constant.php with old version but I get only error messages.
When the user now logged out in the forum they go directly to the Photo-Site. I want that the users stay in the forum.
Can anyone help me?
I changed the session.php and the constant.php with old version but I get only error messages.
When the user now logged out in the forum they go directly to the Photo-Site. I want that the users stay in the forum.
Can anyone help me?
10
Bug Fixes & Patches / Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« on: January 14, 2006, 07:13:05 PM »Hmm,
I fixed my code, but now I can´t use the search function. I get no result.
I think that was not your idea with the sexurity fix.
What´s the problem. I use now the old code again.
Attach your search.php to the reply.
Here is my search.php:
Code: [Select]
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: search.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7.1 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) für weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
if (isset($HTTP_POST_VARS['show_result']) || isset($HTTP_GET_VARS['show_result'])) {
$show_result = 1;
}
else {
$show_result = 0;
}
if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : urldecode(trim($HTTP_GET_VARS['search_keywords']));
if ($search_keywords != "") {
$show_result = 1;
}
}
else {
$search_keywords = "";
}
$org_search_keywords = $search_keywords;
if (isset($HTTP_POST_VARS['search_user']) || isset($HTTP_GET_VARS['search_user'])) {
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : urldecode(trim($HTTP_GET_VARS['search_user']));
if ($search_user != "") {
$show_result = 1;
}
}
else {
$search_user = "";
}
$org_search_user = $search_user;
if (isset($HTTP_POST_VARS['search_terms'])) {
$search_terms = (trim($HTTP_POST_VARS['search_terms']) == "all") ? 1 : 0;
}
else {
$search_terms = 0;
}
if (isset($HTTP_POST_VARS['search_fields'])) {
$search_fields = trim($HTTP_POST_VARS['search_fields']);
}
else {
$search_fields = "all";
}
$search_cat = (isset($HTTP_POST_VARS['cat_id']) ) ? intval($HTTP_POST_VARS['cat_id']) : 0;
if (isset($HTTP_POST_VARS['search_new_images']) || isset($HTTP_GET_VARS['search_new_images'])) {
$search_new_images = 1;
$show_result = 1;
}
else {
$search_new_images = 0;
}
$main_template = 'search';
define('GET_CACHES', 1);
define('ROOT_PATH', './');
include(ROOT_PATH.'global.php');
require(ROOT_PATH.'includes/sessions.php');
$user_access = get_permission();
include(ROOT_PATH.'includes/search_utils.php');
$search_id = array();
if ($search_user != "" && $show_result == 1) {
$search_user = str_replace('*', '%', trim($search_user));
$sql = "SELECT ".get_user_table_field("", "user_id")."
FROM ".USERS_TABLE."
WHERE ".get_user_table_field("", "user_name")." LIKE '$search_user'";
$result = $site_db->query($sql);
$search_id['user_ids'] = "";
if ($result) {
while ($row = $site_db->fetch_array($result)) {
$search_id['user_ids'] .= (($search_id['user_ids'] != "") ? ", " : "").$row[$user_table_fields['user_id']];
}
$site_db->free_result($result);
}
}
if ($search_keywords != "" && $show_result == 1) {
$search_keywords = strip_tags(trim($search_keywords));
$search_keywords = convert_special($search_keywords);
$search_keywords = strtolower($search_keywords);
$search_array = array(
"/\s+\+/",
"/\s+\-/",
"/[&|#][a-z0-9]*;/siU",
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
"#[-_'`´]+#s",
"#[\n\t\r^\$&\(\)<>\"\|,@\?%~\+\.\[\]{}:\/=\#;!§\\\\]+#s"
);
$replace_array = array(
" and ",
" not ",
" ",
" ",
" ",
"",
" "
);
$search_keywords = preg_replace($search_array, $replace_array, $search_keywords);
$split_words = preg_split("/\s+/", $search_keywords);
$match_field_sql = ($search_fields != "all" && isset($search_match_fields[$search_fields])) ? "AND m.".$search_match_fields[$search_fields]." = 1" : "";
$stopword_list = get_stopwords();
$search_word_cache = array();
for ($i = 0; $i < sizeof($split_words); $i++) {
if ($split_words[$i] == "and" || $split_words[$i] == "und" || $split_words[$i] == "or" || $split_words[$i] == "oder" || $split_words[$i] == "not") {
$search_word_cache[$i] = ($search_terms) ? "and" : $split_words[$i];
}
elseif ($split_words[$i] != "" && strlen($split_words[$i]) >= MIN_SEARCH_KEYWORD_LENGTH && strlen($split_words[$i]) <= MAX_SEARCH_KEYWORD_LENGTH && !in_array($split_words[$i], $stopword_list)) {
$sql = "SELECT m.image_id
FROM ".WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m
WHERE w.word_text LIKE '".addslashes(str_replace("*", "%", $split_words[$i]))."'
AND m.word_id = w.word_id
$match_field_sql";
$result = $site_db->query($sql);
$search_word_cache[$i] = array();
while ($row = $site_db->fetch_array($result)) {
$search_word_cache[$i][$row['image_id']] = 1;
}
$site_db->free_result();
}
}
$is_first_word = 1;
$operator = "or";
$image_id_list = array();
for ($i = 0; $i < sizeof($search_word_cache); $i++) {
if ($search_word_cache[$i] == "and" || $search_word_cache[$i] == "und" || $search_word_cache[$i] == "or" || $search_word_cache[$i] == "oder" || $search_word_cache[$i] == "not") {
if (!$is_first_word) {
$operator = $search_word_cache[$i];
}
}
elseif (is_array($search_word_cache[$i])) {
if ($search_terms) {
$operator = "and";
}
foreach ($search_word_cache[$i] as $key => $val) {
if ($is_first_word || $operator == "or" || $operator == "oder") {
$image_id_list[$key] = 1;
}
elseif ($operator == "not") {
unset($image_id_list[$key]);
}
}
if (($operator == "and" || $operator == "und") && !$is_first_word) {
foreach ($image_id_list as $key => $val) {
if (!isset($search_word_cache[$i][$key])) {
unset($image_id_list[$key]);
}
}
}
}
$is_first_word = 0;
}
$search_id['image_ids'] = "";
foreach ($image_id_list as $key => $val) {
$search_id['image_ids'] .= (($search_id['image_ids'] != "") ? ", " : "").$key;
}
unset($image_id_list);
}
if ($search_new_images && $show_result == 1) {
$search_id['search_new_images'] = 1;
}
if ($search_cat && $show_result == 1) {
$search_id['search_cat'] = $search_cat;
}
if (!empty($search_id)) {
$site_sess->set_session_var("search_id", serialize($search_id));
$session_info['search_id'] = $search_id;
}
include(ROOT_PATH.'includes/page_header.php');
$num_rows_all = 0;
if ($show_result == 1) {
if (!isset($session_info['searchid']) || empty($session_info['searchid'])) {
$session_info['search_id'] = $site_sess->get_session_var("search_id");
}
if (!empty($session_info['search_id'])) {
$search_id = unserialize($session_info['search_id']);
}
$sql_where_query = "";
if (!empty($search_id['image_ids'])) {
$sql_where_query .= "AND i.image_id IN (".$search_id['image_ids'].") ";
}
if (!empty($search_id['user_ids'])) {
$sql_where_query .= "AND i.user_id IN (".$search_id['user_ids'].") ";
}
if (!empty($search_id['search_new_images']) && $search_id['search_new_images'] == 1) {
$new_cutoff = time() - 60 * 60 * 24 * $config['new_cutoff'];
$sql_where_query .= "AND i.image_date >= $new_cutoff ";
}
if (!empty($search_id['search_cat']) && $search_id['search_cat'] != 0) {
$cat_id_sql = 0;
$sub_cat_ids = get_subcat_ids($search_id['search_cat'], $search_id['search_cat'], $cat_parent_cache);
if (check_permission("auth_viewcat", $search_id['search_cat'])) {
$cat_id_sql .= ", ".$search_id['search_cat'];
if (!empty($sub_cat_ids[$search_id['search_cat']])) {
foreach ($sub_cat_ids[$search_id['search_cat']] as $val) {
if (check_permission("auth_viewcat", $val)) {
$cat_id_sql .= ", ".$val;
}
}
}
}
}
else {
$cat_id_sql = get_auth_cat_sql("auth_viewcat");
}
if (!empty($sql_where_query)) {
$sql = "SELECT COUNT(*) AS num_rows_all
FROM ".IMAGES_TABLE." i
WHERE i.image_active = 1 $sql_where_query
AND i.cat_id IN ($cat_id_sql)";
$row = $site_db->query_firstrow($sql);
$num_rows_all = $row['num_rows_all'];
}
}
if (!$num_rows_all && $show_result == 1) {
$msg = preg_replace("/".$site_template->start."search_keywords".$site_template->end."/", $search_keywords, $lang['search_no_results']);
}
//-----------------------------------------------------
//--- Show Search Results -----------------------------
//-----------------------------------------------------
if ($num_rows_all && $show_result == 1) {
$link_arg = $site_sess->url(ROOT_PATH."search.php?show_result=1");
include(ROOT_PATH.'includes/paging.php');
$getpaging = new Paging($page, $perpage, $num_rows_all, $link_arg);
$offset = $getpaging->get_offset();
$site_template->register_vars(array(
"paging" => $getpaging->get_paging(),
"paging_stats" => $getpaging->get_paging_stats()
));
$imgtable_width = ceil((intval($config['image_table_width'])) / $config['image_cells']);
if ((substr($config['image_table_width'], -1)) == "%") {
$imgtable_width .= "%";
}
$additional_sql = "";
if (!empty($additional_image_fields)) {
foreach ($additional_image_fields as $key => $val) {
$additional_sql .= ", i.".$key;
}
}
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits".$additional_sql.", c.cat_name".get_user_table_field(", u.", "user_name")."
FROM ".IMAGES_TABLE." i, ".CATEGORIES_TABLE." c
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
WHERE i.image_active = 1
$sql_where_query
AND c.cat_id = i.cat_id AND i.cat_id IN ($cat_id_sql)
ORDER BY ".$config['image_order']." ".$config['image_sort']."
LIMIT $offset, $perpage";
$result = $site_db->query($sql);
$thumbnails = "<table width=\"".$config['image_table_width']."\" border=\"0\" cellpadding=\"".$config['image_table_cellpadding']."\" cellspacing=\"".$config['image_table_cellspacing']."\">\n";
$count = 0;
$bgcounter = 0;
while ($image_row = $site_db->fetch_array($result)) {
if ($count == 0) {
$row_bg_number = ($bgcounter++ % 2 == 0) ? 1 : 2;
$thumbnails .= "<tr class=\"imagerow".$row_bg_number."\">\n";
}
$thumbnails .= "<td width=\"".$imgtable_width."\" valign=\"top\">\n";
show_image($image_row, "search");
$thumbnails .= $site_template->parse_template("thumbnail_bit");
$thumbnails .= "\n</td>\n";
$count++;
if ($count == $config['image_cells']) {
$thumbnails .= "</tr>\n";
$count = 0;
}
} // end while
if ($count > 0) {
$leftover = ($config['image_cells'] - $count);
if ($leftover >= 1) {
for ($i = 0; $i < $leftover; $i++) {
$thumbnails .= "<td width=\"".$imgtable_width."\">\n \n</td>\n";
}
$thumbnails .= "</tr>\n";
}
}
$thumbnails .= "</table>\n";
$content = $thumbnails;
unset($thumbnails);
} // end if
else {
$site_template->register_vars(array(
"search_keywords" => htmlspecialchars(stripslashes($org_search_keywords)),
"search_user" => htmlspecialchars(stripslashes($org_search_user)),
"lang_search_by_keyword" => $lang['search_by_keyword'],
"lang_search_by_username" => $lang['search_by_username'],
"lang_new_images_only" => $lang['new_images_only'],
"lang_search_terms" => $lang['search_terms'],
"lang_or" => $lang['or'],
"lang_and" => $lang['and'],
"lang_category" => $lang['category'],
"lang_search_fields" => $lang['search_fields'],
"lang_all_fields" => $lang['all_fields'],
"lang_name_only" => $lang['name_only'],
"lang_description_only" => $lang['description_only'],
"lang_keywords_only" => $lang['keywords_only'],
"category_dropdown" => get_category_dropdown($cat_id)
));
if (!empty($additional_image_fields)) {
$additional_field_array = array();
foreach ($additional_image_fields as $key => $val) {
if (isset($lang[$key.'_only'])) {
$additional_field_array['lang_'.$key.'_only'] = $lang[$key.'_only'];
}
}
if (!empty($additional_field_array)) {
$site_template->register_vars($additional_field_array);
}
}
$content = $site_template->parse_template("search_form");
}
//-----------------------------------------------------
//--- Clickstream -------------------------------------
//-----------------------------------------------------
// $clickstream = "<span class=\"clickstream\"><a href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].$lang['search']."</span>"; // Original code
// MOD: Dynamic page title BLOCK BEGIN
if (!empty($search_id['search_new_images'])) {
if( $search_id['search_new_images'] == 1 )
$txt_clickstream = $lang['new_images'];
else
$txt_clickstream = $lang['new_images_since'];
}
else {
$txt_clickstream = $lang['search'];
}
$clickstream = "<span class=\"clickstream\"><a title=\"".$lang['home']."\" href=\"".$site_sess->url(ROOT_PATH."index.php")."\" class=\"clickstream\">".$lang['home']."</a>".$config['category_separator'].(($search_keywords) ? "<a href=\"".$site_sess->url(ROOT_PATH."search.php")."\" class=\"clickstream\">".$lang['search']."</a>".$config['category_separator'].$search_keywords : $txt_clickstream)."</span>"; // Show search keywords
$page_title = $config['category_separator'].$txt_clickstream;
// MOD: Dynamic page title BLOCK END
//-----------------------------------------------------
//--- Print Out ---------------------------------------
//-----------------------------------------------------
$site_template->register_vars(array(
"content" => $content,
"msg" => $msg,
"clickstream" => $clickstream,
"page_title" => $page_title, // MOD: Dynamic page title
"lang_search" => $lang['search']
));
// MOD: Dynamic page title BLOCK BEGIN
//-----------------------------------------------------
//--- Parse Header & Footer ---------------------------
//-----------------------------------------------------
if (isset($main_template) && $main_template) {
$header = $site_template->parse_template("header");
$footer = $site_template->parse_template("footer");
$site_template->register_vars(array(
"header" => $header,
"footer" => $footer
));
unset($header);
unset($footer);
}
// MOD: Dynamic page title BLOCK END
$site_template->print_template($site_template->parse_template($main_template));
include(ROOT_PATH.'includes/page_footer.php');
?>11
Bug Fixes & Patches / Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« on: January 08, 2006, 05:06:23 PM »
Habe natürlich einige Modifikationen eingebaut
12
Bug Fixes & Patches / Re: [1.7 / 1.7.1] Security fix in search.php and register.php
« on: January 08, 2006, 02:27:49 PM »
Hmm,
I fixed my code, but now I can´t use the search function. I get no result.
I think that was not your idea with the sexurity fix.
What´s the problem. I use now the old code again.
I fixed my code, but now I can´t use the search function. I get no result.
I think that was not your idea with the sexurity fix.
What´s the problem. I use now the old code again.
13
Bug Fixes & Patches / Re: [1.7 / 1.7.1] Security fix in sessions.php
« on: January 08, 2006, 01:25:31 PM »
Sorry in my sesions.php I can´t finde this line
Code: [Select]
<?php
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: sessions.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email: jan@4homepages.de *
* Web: http://www.4homepages.de *
* Scriptversion: 1.7 *
* *
* Never released without support from: Nicky (http://www.nicky.net) *
* *
**************************************************************************
* *
* Main part is adapted from of phpBB, (C) 2001 The phpBB Group *
* phpBB is released under the GNU General Public License *
* *
*************************************************************************/
if (!defined('ROOT_PATH')) {
die("Security violation");
}
//-----------------------------------------------------
//--- Start Configuration -----------------------------
//-----------------------------------------------------
// Define here the name of the session. Default of phpBB is "sid".
define('SESSION_NAME', 'sid');
// Define here the name of the banlist and config database tables.
// Maybe you only need to change the table prefix if you another
// than the phpBB default "phpbb_".
define('PHPBB_BANLIST_TABLE', 'phpbb_banlist');
define('PHPBB_CONFIG_TABLE', 'phpbb_config');
// Set her the corresponding database fields of the user table.
// If there is no corresponding field in the new user table,
// leave the value blank. Normally no need to change.
$user_table_fields = array(
"user_id" => "user_id",
"user_level" => "user_level",
"user_name" => "username",
"user_password" => "user_password",
"user_email" => "user_email",
"user_showemail" => "user_viewemail",
"user_allowemails" => "",
"user_invisible" => "user_allow_viewonline",
"user_joindate" => "user_regdate",
"user_activationkey" => "user_actkey",
"user_lastaction" => "user_session_time",
"user_location" => "user_session_page",
"user_lastvisit" => "user_lastvisit",
"user_comments" => "",
"user_homepage" => "user_website",
"user_icq" => "user_icq"
);
// Set here the URL to your phpBB forum. WITH trailing slash!
$url_app = "http://www.myforum.de";
// Set here different URL's to your phpBB forum.
// Normally no need to change.
$url_register = $url_app."profile.php?mode=register";
$url_lost_password = $url_app."profile.php?mode=sendpassword";
$url_control_panel = $url_app."profile.php?mode=editprofile";
$url_mailform = $url_app."profile.php?mode=email&u={user_id}";
$url_show_profile = $url_app."profile.php?mode=viewprofile&u={user_id}";
$url_login = $url_app."login.php";
$url_logout = $url_app."login.php?logout=true";
//-----------------------------------------------------
//--- End Configuration -------------------------------
//-----------------------------------------------------
define('USER_INTEGRATION', 'PHPBB');
function get_user_table_field($add, $user_field) {
global $user_table_fields;
return (!empty($user_table_fields[$user_field])) ? $add.$user_table_fields[$user_field] : "";
}
class Session {
var $session_id;
var $user_ip;
var $user_location;
var $current_time;
var $session_timeout;
var $mode = "get";
var $session_info = array();
var $user_info = array();
function Session() {
global $config, $board_config;
$this->session_timeout = $board_config['session_length'];
$this->user_ip = $this->get_user_ip();
$this->user_location = 1;
$this->current_time = time();
$this->session_pagestart($this->user_ip, 0);
}
function session_pagestart($user_ip, $thispage_id) {
global $site_db, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
{
$this->session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
if (!is_array($sessiondata)) {
$sessiondata = array();
}
$this->mode = "cookie";
}
else
{
$sessiondata = array();
if (isset($HTTP_GET_VARS[SESSION_NAME])) {
$this->session_id = $HTTP_GET_VARS[SESSION_NAME];
}
elseif (isset($HTTP_POST_VARS[SESSION_NAME])) {
$this->session_id = $HTTP_POST_VARS[SESSION_NAME];
}
else {
$this->session_id = false;
}
}
//
// Does a session exist?
//
if ( !empty($this->session_id) )
{
$valid_session = 1;
if (!$this->load_session_info()) {
$this->session_info['session_user_id'] = GUEST;
$valid_session = 0;
}
$this->user_info = $this->load_user_info($this->session_info['session_user_id']);
if ( $valid_session )
{
$SID = ( $this->mode == "get" ) ? SESSION_NAME.'=' . $this->session_id : '';
if ( $this->current_time - $this->session_info['session_time'] > 60 )
{
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $this->current_time, session_page = $thispage_id
WHERE session_id = '$this->session_id'
AND session_ip = '$user_ip'";
$site_db->query($sql);
if ( $this->user_info['user_id'] != GUEST )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $this->current_time, user_session_page = $thispage_id
WHERE user_id = " . $this->user_info['user_id'];
$site_db->query($sql);
}
$this->delete_old_sessions();
setcookie($cookiename . '_data', serialize($sessiondata), $this->current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $this->session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
}
return $this->user_info;
}
}
$user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : GUEST;
$this->user_info = $this->session_begin($user_id, $user_ip, $thispage_id, TRUE);
return $this->user_info;
}
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0) {
global $site_db, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
{
$this->session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
$this->mode = "cookie";
}
else
{
$sessiondata = array();
if (isset($HTTP_GET_VARS[SESSION_NAME])) {
$this->session_id = $HTTP_GET_VARS[SESSION_NAME];
}
elseif (isset($HTTP_POST_VARS[SESSION_NAME])) {
$this->session_id = $HTTP_POST_VARS[SESSION_NAME];
}
else {
$this->session_id = false;
}
}
$last_visit = 0;
$expiry_time = $this->current_time - $board_config['session_length'];
$this->user_info = $this->load_user_info($user_id);
$user_id = $this->user_info['user_id'];
if ( $user_id != GUEST )
{
$auto_login_key = $this->user_info['user_password'];
if ( $auto_create )
{
if ( isset($sessiondata['autologinid']) && $this->user_info['user_active'] )
{
// We have to login automagically
if( $sessiondata['autologinid'] == $auto_login_key )
{
// autologinid matches password
$login = 1;
$enable_autologin = 1;
}
else
{
// No match; don't login, set as anonymous user
$login = 0;
$enable_autologin = 0;
$user_id = GUEST;
}
}
else
{
// Autologin is not set. Don't login, set as anonymous user
$login = 0;
$enable_autologin = 0;
$user_id = GUEST;
}
}
else
{
$login = 1;
}
}
else
{
$login = 0;
$enable_autologin = 0;
$user_id = GUEST;
}
//
// Initial ban check against user id, IP and email address
//
preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);
$sql = "SELECT ban_ip, ban_userid, ban_email
FROM " . PHPBB_BANLIST_TABLE . "
WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')
OR ban_userid = $user_id";
if ( $user_id != GUEST )
{
$sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $this->user_info['user_email']) . "'
OR ban_email LIKE '" . substr(str_replace("\'", "''", $this->user_info['user_email']), strpos(str_replace("\'", "''", $this->user_info['user_email']), "@")) . "'";
}
$result = $site_db->query($sql);
if ( $ban_info = $site_db->fetch_array($result) )
{
if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] )
{
header("Location: $url_login");
exit;
}
}
//
// Create or update the session
//
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_user_id = $user_id, session_start = $this->current_time, session_time = $this->current_time, session_page = $page_id, session_logged_in = $login
WHERE session_id = '" . $this->session_id . "'
AND session_ip = '$user_ip'";
if ( !$site_db->query($sql) || !$site_db->affected_rows() )
{
$this->session_id = md5(uniqid($user_ip));
$sql = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)
VALUES ('$this->session_id', $user_id, $this->current_time, $this->current_time, '$user_ip', $page_id, $login)";
$site_db->query($sql);
}
if ( $user_id != GUEST )
{
$last_visit = ( $this->user_info['user_session_time'] > 0 ) ? $this->user_info['user_session_time'] : $this->current_time;
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $this->current_time, user_session_page = $page_id, user_lastvisit = $last_visit
WHERE user_id = $user_id";
$site_db->query($sql);
$this->user_info['user_lastvisit'] = $last_visit;
$sessiondata['autologinid'] = ( $enable_autologin && $this->mode == "cookie" ) ? $auto_login_key : '';
$sessiondata['userid'] = $user_id;
}
$this->user_info['user_id'] = $user_id;
$this->session_info['session_id'] = $this->session_id;
$this->session_info['session_ip'] = $user_ip;
$this->session_info['session_user_id'] = $user_id;
$this->session_info['session_logged_in'] = $login;
$this->session_info['session_page'] = $page_id;
$this->session_info['session_start'] = $this->current_time;
$this->session_info['session_time'] = $this->current_time;
setcookie($cookiename . '_data', serialize($sessiondata), $this->current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $this->session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
$SID = ( $this->mode == "get" ) ? SESSION_NAME.'=' . $this->session_id : '';
return $this->user_info;
}
function login($user_name = "", $user_password = "", $auto_login = 0, $set_auto_login = 1) {
global $url_login;
header("Location: $url_login");
}
function logout($user_id = GUEST) {
global $url_logout;
header("Location: $url_logout");
}
function delete_old_sessions() {
global $site_db, $board_config;
$expiry_time = $this->current_time - $board_config['session_length'];
$sql = "DELETE FROM ".SESSIONS_TABLE."
WHERE session_time < $expiry_time";
$site_db->query($sql);
$sql = "SELECT session_id
FROM ".SESSIONS_TABLE;
$result = $site_db->query($sql);
if ($result) {
$session_ids_sql = "";
while ($row = $site_db->fetch_array($result)) {
$session_ids_sql .= (($session_ids_sql != "") ? ", " : "") . "'".$row['session_id']."'";
}
}
if (!empty($session_ids_sql)) {
$sql = "DELETE FROM ".SESSIONVARS_TABLE."
WHERE session_id NOT IN ($session_ids_sql)";
$site_db->query($sql);
}
return true;
}
function return_session_info() {
return $this->session_info;
}
function return_user_info() {
return $this->user_info;
}
function freeze() {
return;
}
function load_session_info() {
global $site_db;
if (empty($this->session_id)) {
return false;
}
$ip_sql = ($this->mode == "get") ? " AND session_ip = '$this->user_ip'" : "";
$this->session_info = array();
$sql = "SELECT *
FROM ".SESSIONS_TABLE."
WHERE session_id = '$this->session_id'
$ip_sql";
$this->session_info = $site_db->query_firstrow($sql);
if (empty($this->session_info['session_user_id'])) {
return false;
}
else {
$sql = "SELECT sessionvars_name, sessionvars_value
FROM ".SESSIONVARS_TABLE."
WHERE session_id = '$this->session_id'";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
$this->session_info[$row['sessionvars_name']] = $row['sessionvars_value'];
}
return $this->session_info;
}
}
function load_user_info($user_id = GUEST) {
global $site_db, $user_table_fields;
if ($user_id != GUEST) {
$sql = "SELECT u.*, l.*
FROM ".USERS_TABLE." u, ".LIGHTBOXES_TABLE." l
WHERE ".get_user_table_field("u.", "user_id")." = $user_id AND l.user_id = ".get_user_table_field("u.", "user_id");
$user_info = $site_db->query_firstrow($sql);
if (!$user_info) {
$sql = "SELECT *
FROM ".USERS_TABLE."
WHERE ".get_user_table_field("", "user_id")." = $user_id";
$user_info = $site_db->query_firstrow($sql);
if ($user_info) {
$lightbox_id = get_random_key(LIGHTBOXES_TABLE, "lightbox_id");
$sql = "INSERT INTO ".LIGHTBOXES_TABLE."
(lightbox_id, user_id, lightbox_lastaction, lightbox_image_ids)
VALUES
('$lightbox_id', ".$user_info[$user_table_fields['user_id']].", $this->current_time, '')";
$site_db->query($sql);
$user_info['lightbox_lastaction'] = $this->current_time;
$user_info['lightbox_image_ids'] = "";
}
}
}
if (empty($user_info[$user_table_fields['user_id']])) {
$user_info = array();
$user_info['user_id'] = GUEST;
$user_info['user_level'] = GUEST;
$user_info['user_lastaction'] = $this->current_time;
}
foreach ($user_table_fields as $key => $val) {
if (isset($user_info[$val])) {
if ($val == "user_allow_viewonline") {
$user_info[$key] = ($user_info[$val] == 1) ? 0 : 1;
}
else {
$user_info[$key] = $user_info[$val];
}
}
elseif (!isset($user_info[$key])) {
$user_info[$key] = "";
}
}
if (isset($user_info['user_active']) && $user_info['user_active'] == 0) {
$user_info['user_level'] = USER_AWAITING;
}
return $user_info;
}
function set_session_var($var_name, $value) {
global $site_db;
$sql = "SELECT session_id
FROM ".SESSIONVARS_TABLE."
WHERE sessionvars_name = '$var_name' AND session_id = '$this->session_id'";
if ($site_db->is_empty($sql)) {
$sql = "INSERT INTO ".SESSIONVARS_TABLE."
(session_id, sessionvars_name, sessionvars_value)
VALUES
('$this->session_id', '$var_name', '$value')";
$site_db->query($sql);
}
else {
$sql = "UPDATE ".SESSIONVARS_TABLE."
SET sessionvars_value = '$value'
WHERE sessionvars_name = '$var_name' AND session_id = '$this->session_id'";
$site_db->query($sql);
}
$this->session_info[$var_name] = $value;
return true;
}
function get_session_var($var_name) {
global $site_db;
if (isset($this->session_info[$var_name])) {
return $this->session_info[$var_name];
}
else {
$sql = "SELECT sessionvars_value
FROM ".SESSIONVARS_TABLE."
WHERE sessionvars_name = '$var_name' AND session_id = '$this->session_id'";
$value = $site_db->query_firstrow($sql);
if ($value) {
$this->session_info[$var_name] = $value['sessionvars_value'];
return $value['sessionvars_value'];
}
else {
return "";
}
}
}
function drop_session_var($var_name) {
global $site_db;
$sql = "DELETE FROM ".SESSIONVARS_TABLE."
WHERE sessionvars_name = '$var_name' AND session_id = '$this->session_id'";
return ($site_db->query($sql)) ? 1 : 0;
}
function get_user_ip() {
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $REMOTE_ADDR;
if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
{
$private_ip = array('/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
}
}
else
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
}
$ip_sep = explode('.', $client_ip);
return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
}
function get_user_location() {
global $self_url;
return (defined("IN_CP")) ? "Control Panel" : preg_replace(array("/([?|&])action=[^?|&]*/", "/([?|&])mode=[^?|&]*/", "/([?|&])phpinfo=[^?|&]*/", "/([?|&])printstats=[^?|&]*/", "/[?|&]".URL_ID."=[^?|&]*/", "/[?|&]l=[^?|&]*/", "/[&?]+$/"), array("", "", "", "", "", "", ""), addslashes($self_url));
}
/* ORIGINAL CODE
function url($url, $amp = "&") {
global $l;
$dummy_array = explode("#", $url);
$url = $dummy_array[0];
if ($this->mode == "get" && !preg_match("/".SESSION_NAME."=/i", $url)) {
$url .= preg_match("/\?/", $url) ? "$amp" : "?";
$url .= SESSION_NAME."=".$this->session_id;
}
if (!empty($l)) {
$url .= preg_match("/\?/", $url) ? "$amp" : "?";
$url .= "l=".$l;
}
$url .= (isset($dummy_array[1])) ? "#".$dummy_array[1] : "";
return $url;
}
*/
function url($url, $amp = "&") {
global $l, $user_info;
$dummy_array = explode("#", $url);
$url = $dummy_array[0];
$url = str_replace('&', '&', $url);
if (!defined('IN_CP')) {
if (strstr($url, 'index.php')) {
$url = str_replace('index.php', '', $url);
}
elseif (strstr($url, 'search.php')) {
if (strstr($url, 'page=')) {
preg_match('#page=([0-9]+)&?#', $url, $matches);
if (isset($matches[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('search.php', 'search.'.$matches[1].'.htm', $url);
$query = str_replace('page='.$matches[1].'&', '', $query);
$query = str_replace('&page='.$matches[1], '', $query);
$query = str_replace('page='.$matches[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
else {
$url = str_replace('search.php', 'search.htm', $url);
}
}
elseif (strstr($url, 'lightbox.php')) {
if (strstr($url, 'page=')) {
preg_match('#page=([0-9]+)&?#', $url, $matches);
if (isset($matches[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('lightbox.php', 'lightbox.'.$matches[1].'.htm', $url);
$query = str_replace('page='.$matches[1].'&', '', $query);
$query = str_replace('&page='.$matches[1], '', $query);
$query = str_replace('page='.$matches[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
else {
$url = str_replace('lightbox.php', 'lightbox.htm', $url);
}
}
elseif (strstr($url, 'categories.php')) {
if (strstr($url, 'cat_id=') && strstr($url, 'page=')) {
preg_match('#cat_id=([0-9]+)&?#', $url, $matches1);
preg_match('#page=([0-9]+)&?#', $url, $matches2);
if (isset($matches1[1]) && isset($matches2[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('categories.php', 'cat'.$matches1[1].'.'.$matches2[1].'.htm', $url);
$query = str_replace('cat_id='.$matches1[1].'&', '', $query);
$query = str_replace('&cat_id='.$matches1[1], '', $query);
$query = str_replace('cat_id='.$matches1[1], '', $query);
$query = str_replace('page='.$matches2[1].'&', '', $query);
$query = str_replace('&page='.$matches2[1], '', $query);
$query = str_replace('page='.$matches2[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
elseif (strstr($url, 'cat_id=')) {
preg_match('#cat_id=([0-9]+)&?#', $url, $matches);
if (isset($matches[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('categories.php', 'cat'.$matches[1].'.htm', $url);
$query = str_replace('cat_id='.$matches[1].'&', '', $query);
$query = str_replace('&cat_id='.$matches[1], '', $query);
$query = str_replace('cat_id='.$matches[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
else {
$url = str_replace('categories.php', 'cat.htm', $url);
}
}
elseif (strstr($url, 'details.php?image_id=')) {
if (strstr($url, 'image_id=') && strstr($url, 'mode=')) {
preg_match('#image_id=([0-9]+)&?#', $url, $matches1);
preg_match('#mode=([a-zA-Z0-9]+)&?#', $url, $matches2);
if (isset($matches1[1]) && isset($matches2[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('details.php', 'img'.$matches1[1].'.'.$matches2[1].'.htm', $url);
$query = str_replace('image_id='.$matches1[1].'&', '', $query);
$query = str_replace('&image_id='.$matches1[1], '', $query);
$query = str_replace('image_id='.$matches1[1], '', $query);
$query = str_replace('mode='.$matches2[1].'&', '', $query);
$query = str_replace('&mode='.$matches2[1], '', $query);
$query = str_replace('mode='.$matches2[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
else {
preg_match('#image_id=([0-9]+)&?#', $url, $matches);
if (isset($matches[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('details.php', 'img'.$matches[1].'.htm', $url);
$query = str_replace('image_id='.$matches[1].'&', '', $query);
$query = str_replace('&image_id='.$matches[1], '', $query);
$query = str_replace('image_id='.$matches[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
}
elseif (strstr($url, 'postcards.php?image_id=')) {
preg_match('#image_id=([0-9]+)&?#', $url, $matches);
if (isset($matches[1])) {
$split = explode('?', $url);
$url = $split[0];
$query = @$split[1];
$url = str_replace('postcards.php', 'postcard.img'.$matches[1].'.htm', $url);
$query = str_replace('image_id='.$matches[1].'&', '', $query);
$query = str_replace('&image_id='.$matches[1], '', $query);
$query = str_replace('image_id='.$matches[1], '', $query);
if (!empty($query)) {
$url .= '?' . $query;
}
}
}
}
if ($this->mode == "get" && strstr($url, $this->session_id)) {
$url .= strpos($url, '?') !== false ? '&' : '?';
$url .= SESSION_NAME."=".$this->session_id;
}
if (!empty($l)) {
$url .= strpos($url, '?') ? '&' : '?';
$url .= "l=".$l;
}
$url = str_replace('&', $amp, $url);
$url .= isset($dummy_array[1]) ? "#".$dummy_array[1] : "";
return $url;
}
} //end of class
//-----------------------------------------------------
//--- Start Session -----------------------------------
//-----------------------------------------------------
$board_config = array();
$sql = "SELECT * FROM " . PHPBB_CONFIG_TABLE;
$result = $site_db->query($sql);
while($row = $site_db->fetch_array($result)) {
$board_config[$row['config_name']] = $row['config_value'];
}
//Start Session
$site_sess = new Session();
// Get Userinfo
$session_info = $site_sess->return_session_info();
$user_info = $site_sess->return_user_info();
//-----------------------------------------------------
//--- Get User Caches ---------------------------------
//-----------------------------------------------------
$num_total_online = 0;
$num_visible_online = 0;
$num_invisible_online = 0;
$num_registered_online = 0;
$num_guests_online = 0;
$user_online_list = "";
$prev_user_ids = array();
$prev_session_ips = array();
if (defined("GET_USER_ONLINE") && ($config['display_whosonline'] == 1 || $user_info['user_level'] == ADMIN)) {
$time_out = time() - 300;
$sql = "SELECT ".get_user_table_field("u.", "user_id").get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_invisible").", s.session_user_id, s.session_time, s.session_ip
FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s
WHERE ".get_user_table_field("u.", "user_id")." = s.session_user_id AND (s.session_time >= $time_out OR ".get_user_table_field("u.", "user_lastaction")." >= $time_out)
ORDER BY ".get_user_table_field("u.", "user_id")." ASC, s.session_ip ASC";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
if ($row['session_user_id'] != GUEST) {
if (!isset($prev_user_ids[$row['session_user_id']])) {
$is_invisible = (isset($row[$user_table_fields['user_invisible']]) && $row[$user_table_fields['user_invisible']] == 0) ? 1 : 0;
$invisibleuser = ($is_invisible) ? "*" : "";
$username = (isset($row[$user_table_fields['user_level']]) && $row[$user_table_fields['user_level']] == ADMIN && $config['highlight_admin'] == 1) ? sprintf("<b>%s</b>", $row[$user_table_fields['user_name']]) : $row[$user_table_fields['user_name']];
if (!$is_invisible || $user_info['user_level'] == ADMIN) {
$user_online_list .= ($user_online_list != "") ? ", " : "";
$user_profile_link = (!empty($url_show_profile)) ? preg_replace("/{user_id}/", $row['session_user_id'], $url_show_profile) : ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$row['session_user_id'];
$user_online_list .= "<a href=\"".$site_sess->url($user_profile_link)."\">".$username."</a>".$invisibleuser;
}
(!$is_invisible) ? $num_visible_online++ : $num_invisible_online++;
$num_registered_online++;
}
$prev_user_ids[$row['session_user_id']] = 1;
}
else {
if (!isset($prev_session_ips[$row['session_ip']])) {
$num_guests_online++;
}
}
$prev_session_ips[$row['session_ip']] = 1;
}
$num_total_online = $num_registered_online + $num_guests_online;
$site_template->register_vars(array(
"num_total_online" => $num_total_online,
"num_invisible_online" => $num_invisible_online,
"num_registered_online" => $num_registered_online,
"num_guests_online" => $num_guests_online,
"user_online_list" => $user_online_list,
"lang_user_online" => str_replace('{num_total_online}', $num_total_online, $lang['user_online']),
"lang_user_online_detail" => str_replace(array('{num_registered_online}','{num_invisible_online}','{num_guests_online}'), array($num_registered_online,$num_invisible_online,$num_guests_online), $lang['user_online_detail']),
));
$whos_online = $site_template->parse_template("whos_online");
$site_template->register_vars("whos_online", $whos_online);
unset($whos_online);
unset($prev_user_ids);
unset($prev_session_ips);
}
?>
14
Bug Fixes & Patches / Re: [1.7 / 1.7.1] Security fix in sessions.php
« on: December 24, 2005, 09:24:36 PM »
Can´t find the line:
$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;
in my session.php
$user_id = ($this->read_cookie_data("userid")) ? $this->read_cookie_data("userid") : GUEST;
in my session.php
15
Chit Chat / Re: [MOD] SimplyAddGallery - Spam? Phishing or what?
« on: September 06, 2005, 11:00:12 PM »
I get yesterday and today a PM from this spammer.
Please block this Phishing Spammer or should we send him our new "Phishing Bank Mails" ?
Please block this Phishing Spammer or should we send him our new "Phishing Bank Mails" ?
Pages: [1] 2