So where to start?
As i understood, 4images 1.71 uses a new session system,
and the sessions table is not needed anymore to identify users,
cause sessionids are stored in users cookie or per sessionid in url.
But unfortunatly some functions like the who is online list needs the sessionstable,
to show up, whos online and on which location.
But after reporting from some users,
that they have some problems i discovered it too.
It happens if for example:
User opens browser -> has set cookie for automatic login -> new session entry in db is made
user doing for 20 minutes nothing, but leaves his browser open
so the 4image session system deletes the users session from db (because of the timeout)
user visit the gallery again
cause he has his old sessionid stored in cookie or url the 4 images gallery now try to update in db the users session entry,
but the sessionentry is already deleted, and the is no check, if the users session entry exists.
To fix this problem i have to solutions,
both are working and are secure,
but i would like to hear from vano or the other admins,
which way is faster.
German:
Kurze Übersetzung auf deutsch.
4images nutzt soweit ich weiss, seit Version 1.71 ein neues Session System,
und deswegen ist die Verifizierung von Usern über das Sessionsystem der DB nicht mehr vonnöten.
Allerdings nutzen einige Funktionen wie z.b. die Wer ist online Liste noch diese DB Eintrge.
Da die Session IDs per Cookie oder per URL an den User gegeben werden.
Leider ist es so, dass wenn z.B.
ein User auf die Seite kommt auf die Seite -> er bekommt eine Session ID zugewiesen
User macht 20 minuten nix
4images löscht die session id aus der DB (wegen User Timeout)
User kommt wieder auf die Seite zurück ohne das Browserfenster geschlossen zu haben
4images versucht in der DB den Eintrag des Users upzudaten.
Leider ist der DB Eintrag schon gelöscht worden, und es findet auch kein Check statt,
ob der Eintrag noch vorhanden ist.
File to edit:
includes/session.php
Way 1
Find
function update_session() {
global $site_db;
$sql = "UPDATE ".SESSIONS_TABLE."
SET session_lastaction = $this->current_time, session_location = '$this->user_location'
WHERE session_id = '$this->session_id'";
$site_db->query($sql);
And insert below
/** Session Update Fix **/
$foo = $site_db->affected_rows();
if ($foo == 0) { // old sesssion entry is already deleted
$sql = "INSERT INTO ".SESSIONS_TABLE."
(session_id, session_user_id, session_lastaction, session_location, session_ip)
VALUES
('$this->session_id', ".$this->user_info['user_id'].", $this->current_time, '$this->user_location', '$this->user_ip')";
$site_db->query($sql);
}
/** Session Update Fix **/
Way 2
Search for
function update_session() {
global $site_db;
$sql = "UPDATE ".SESSIONS_TABLE."
SET session_lastaction = $this->current_time, session_location = '$this->user_location'
WHERE session_id = '$this->session_id'";
$site_db->query($sql);
and replace it with
function update_session() {
global $site_db;
$sql = "REPLACE INTO ".SESSIONS_TABLE."
(session_id, session_user_id, session_lastaction, session_location, session_ip)
VALUES
('$this->session_id', ".$this->user_info['user_id'].", $this->current_time, '$this->user_location', '$this->user_ip')";
$site_db->query($sql);
I think the first way would be a little bit faster,
cause the second way performs always 2 querys.
Hope that helps.