Modified or moded phpBB sessions.php with SID removal MOD

by Ricky on February 01, 2004, 07:52:12 AM
Pages: [1]
Print
Author  (Read 3752 times)
Ricky
Yoindian Shayar
******

Rau: 8
Offline Offline

Gender: Male
Waqt Bitaya:
4 days, 3 hours and 56 minutes.

Posts: 2455
Member Since: Dec 2003


View Profile
Well.. Here I am posting the premodified sessions.php as requested by many people..

Kindly visit THE SID REMOVAL INFO for more detail
NOTE: The follwoing file only contains the follwoing mode which is the most effective and easiest mode for SID removal..
Code:
#


includes/sessions.php




$SID = 'sid=' . $session_id;




if ( $userdata['session_user_id'] != ANONYMOUS ){
   $SID = 'sid=' . $session_id;
} else {
   $SID = '';
}


Now moded file..
Code:
<?php
/***************************************************************************
 *                                sessions.php
 *                            -------------------
 *   begin                &#58; Saturday, Feb 13, 2001
 *   copyright            &#58; &#40;C&#41; 2001 The phpBB Group
 *   email                &#58; support@phpbb.com
 *
 *   $Id&#58; sessions.php,v 1.58.2.10 2003/04/05 12&#58;04&#58;33 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   &#40;at your option&#41; any later version.
 *
 ***************************************************************************/

//
// Adds/updates a new session to the database for the given userid.
// Returns the new session ID on success.
//
function session_begin&#40;$user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0&#41;
&#123;
global $db$board_config;
global $HTTP_COOKIE_VARS$HTTP_GET_VARS$SID;

$cookiename $board_config['cookie_name'&#93;;
$cookiepath $board_config['cookie_path'&#93;;
$cookiedomain $board_config['cookie_domain'&#93;;
$cookiesecure $board_config['cookie_secure'&#93;;

if &#40; isset&#40;$HTTP_COOKIE_VARS[$cookiename . '_sid'&#93;&#41; || isset&#40;$HTTP_COOKIE_VARS[$cookiename . '_data'&#93;&#41; &#41;
&#123;
$session_id = isset&#40;$HTTP_COOKIE_VARS[$cookiename . '_sid'&#93;&#41; ? $HTTP_COOKIE_VARS[$cookiename . '_sid'&#93; &#58; '';
$sessiondata = isset&#40;$HTTP_COOKIE_VARS[$cookiename . '_data'&#93;&#41; ? unserialize&#40;stripslashes&#40;$HTTP_COOKIE_VARS[$cookiename . '_data'&#93;&#41;&#41; &#58; array&#40;&#41;;
$sessionmethod SESSION_METHOD_COOKIE;
&#125;
else
&#123;
$sessiondata = array&#40;&#41;;
$session_id = &#40; isset&#40;$HTTP_GET_VARS['sid'&#93;&#41; &#41; ? $HTTP_GET_VARS['sid'&#93; &#58; '';
$sessionmethod SESSION_METHOD_GET;
&#125;

$last_visit 0;
$current_time time&#40;&#41;;
$expiry_time $current_time $board_config['session_length'&#93;;

//
// Try and pull the last time stored in a cookie, if it exists
//
$sql "SELECT * 
FROM " 
USERS_TABLE 
WHERE user_id = 
$user_id";
if &#40; !&#40;$result = $db->sql_query&#40;$sql&#41;&#41; &#41;
&#123;
message_die&#40;CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql&#41;;
&#125;

$userdata $db->sql_fetchrow&#40;$result&#41;;

if &#40; $user_id != ANONYMOUS &#41;
&#123;
$auto_login_key $userdata['user_password'&#93;;

if &#40; $auto_create &#41;
&#123;
if &#40; isset&#40;$sessiondata['autologinid'&#93;&#41; && $userdata['user_active'&#93; &#41;
&#123;
// We have to login automagically
if&#40; $sessiondata['autologinid'&#93; == $auto_login_key &#41;
&#123;
// autologinid matches password
$login 1;
$enable_autologin 1;
&#125;
else
&#123;
// No match; don't login, set as anonymous user
$login 0
$enable_autologin 0
$user_id $userdata['user_id'&#93; = ANONYMOUS;
&#125;
&#125;
else
&#123;
// Autologin is not set. Don't login, set as anonymous user
$login 0;
$enable_autologin 0;
$user_id $userdata['user_id'&#93; = ANONYMOUS;
&#125;
&#125;
else
&#123;
$login 1;
&#125;
&#125;
else
&#123;
$login 0;
$enable_autologin 0;
&#125;

//
// Initial ban check against user id, IP and email address
//
preg_match&#40;'/&#40;..&#41;&#40;..&#41;&#40;..&#41;&#40;..&#41;/', $user_ip, $user_ip_parts&#41;;

$sql "SELECT ban_ip, ban_userid, ban_email 
FROM " 
BANLIST_TABLE 
WHERE ban_ip IN &#40;'" 
$user_ip_parts[1&#93; . $user_ip_parts[2&#93; . $user_ip_parts[3&#93; . $user_ip_parts[4&#93; . "', '" . $user_ip_parts[1&#93; . $user_ip_parts[2&#93; . $user_ip_parts[3&#93; . "ff', '" . $user_ip_parts[1&#93; . $user_ip_parts[2&#93; . "ffff', '" . $user_ip_parts[1&#93; . "ffffff'&#41;
OR ban_userid $user_id";
if &#40; 
$user_id != ANONYMOUS &#41;
&#123;
$sql .= " OR ban_email LIKE '" . str_replace&#40;"\'", "''", $userdata['user_email'&#93;&#41; . "' 
OR ban_email LIKE '" . substr&#40;str_replace&#40;"\'", "''", $userdata['user_email'&#93;&#41;, strpos&#40;str_replace&#40;"\'", "''", $userdata['user_email'&#93;&#41;, "@"&#41;&#41; . "'";
&#125;
if &#40; !&#40;
$result = $db->sql_query&#40;$sql&#41;&#41; &#41;
&#123;
message_die&#40;CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, 
$sql&#41;;
&#125;

if &#40; 
$ban_info = $db->sql_fetchrow&#40;$result&#41; &#41;
&#123;
if &#40; 
$ban_info['ban_ip'&#93; || $ban_info['ban_userid'&#93; || $ban_info['ban_email'&#93; &#41;
&#123;
message_die&#40;CRITICAL_MESSAGE, 'You_been_banned'&#41;;
&#125;
&#125;

//
// Create or update the session
//
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_user_id $user_idsession_start $current_timesession_time $current_timesession_page $page_idsession_logged_in $login
WHERE session_id '" . $session_id . "' 
AND session_ip '$user_ip'";
if &#40; !
$db->sql_query&#40;$sql&#41; || !$db->sql_affectedrows&#40;&#41; &#41;
&#123;
$session_id = md5&#40;uniqid&#40;$user_ip&#41;&#41;;

$sql = "INSERT INTO " . SESSIONS_TABLE . "
&#40;session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in&#41;
VALUES &#40;'$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login&#41;";
if &#40; !$db->sql_query&#40;$sql&#41; &#41;
&#123;
message_die&#40;CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql&#41;;
&#125;
&#125;

if &#40; $user_id != ANONYMOUS &#41;
&#123;// &#40; $userdata['user_session_time'&#93; > $expiry_time && $auto_create &#41; ? $userdata['user_lastvisit'&#93; &#58; &#40; 
$last_visit = &#40; $userdata['user_session_time'&#93; > 0 &#41; ? $userdata['user_session_time'&#93; &#58; $current_time; 

$sql "UPDATE " USERS_TABLE 
SET user_session_time = 
$current_time, user_session_page = $page_id, user_lastvisit = $last_visit
WHERE user_id = 
$user_id";
if &#40; !$db->sql_query&#40;$sql&#41; &#41;
&#123;
message_die&#40;CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql&#41;;
&#125;

$userdata['user_lastvisit'&#93; = $last_visit;

$sessiondata['autologinid'&#93; = &#40; $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE &#41; ? $auto_login_key &#58; '';
$sessiondata['userid'&#93; = $user_id;
&#125;

$userdata['session_id'&#93; = $session_id;
$userdata['session_ip'&#93; = $user_ip;
$userdata['session_user_id'&#93; = $user_id;
$userdata['session_logged_in'&#93; = $login;
$userdata['session_page'&#93; = $page_id;
$userdata['session_start'&#93; = $current_time;
$userdata['session_time'&#93; = $current_time;

setcookie&#40;$cookiename . '_data', serialize&#40;$sessiondata&#41;, $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure&#41;;
setcookie&#40;$cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure&#41;;

if &#40; $userdata['session_user_id'&#93; != ANONYMOUS &#41;&#123; 
   
$SID 'sid=' $session_id
&
#125; else &#123; 
   
$SID ''
&
#125; 

return $userdata;
&
#125;

//
// Checks for a given user session, tidies session table and updates user
// sessions at each page refresh
//
function session_pagestart&#40;$user_ip, $thispage_id&#41;
&#123;
global $db$lang$board_config;
global $HTTP_COOKIE_VARS$HTTP_GET_VARS$SID;

$cookiename $board_config['cookie_name'&#93;;
$cookiepath $board_config['cookie_path'&#93;;
$cookiedomain $board_config['cookie_domain'&#93;;
$cookiesecure $board_config['cookie_secure'&#93;;

$current_time time&#40;&#41;;
unset&#40;$userdata&#41;;

if &#40; isset&#40;$HTTP_COOKIE_VARS[$cookiename . '_sid'&#93;&#41; || isset&#40;$HTTP_COOKIE_VARS[$cookiename . '_data'&#93;&#41; &#41;
&#123;
$sessiondata = isset&#40; $HTTP_COOKIE_VARS[$cookiename . '_data'&#93; &#41; ? unserialize&#40;stripslashes&#40;$HTTP_COOKIE_VARS[$cookiename . '_data'&#93;&#41;&#41; &#58; array&#40;&#41;;
$session_id = isset&#40; $HTTP_COOKIE_VARS[$cookiename . '_sid'&#93; &#41; ? $HTTP_COOKIE_VARS[$cookiename . '_sid'&#93; &#58; '';
$sessionmethod SESSION_METHOD_COOKIE;
&#125;
else
&#123;
$sessiondata = array&#40;&#41;;
$session_id = &#40; isset&#40;$HTTP_GET_VARS['sid'&#93;&#41; &#41; ? $HTTP_GET_VARS['sid'&#93; &#58; '';
$sessionmethod SESSION_METHOD_GET;
&#125;
  
$user_id = &#40; isset&#40;$sessiondata['userid'&#93;&#41; &#41; ? intval&#40;$sessiondata['userid'&#93;&#41; &#58; ANONYMOUS; 

    
if&#40;$user_id != ANONYMOUS&#41; 
    
&#123; 

//
// Does a session exist?
//
if &#40; !empty&#40;$session_id&#41; &#41;
&#123;
//
// session_id exists so go ahead and attempt to grab all
// data in preparation
//
$sql "SELECT u.*, s.*
FROM " 
SESSIONS_TABLE " s, " USERS_TABLE " u
WHERE s.session_id = '
$session_id'
AND u.user_id = s.session_user_id"
;
if &#40; !&#40;$result = $db->sql_query&#40;$sql&#41;&#41; &#41;
&#123;
message_die&#40;CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql&#41;;
&#125;

$userdata $db->sql_fetchrow&#40;$result&#41;;

//
// Did the session exist in the DB?
//
if &#40; isset&#40;$userdata['user_id'&#93;&#41; &#41;
&#123;
//
// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
// bits ... I've been told &#40;by vHiker&#41; this should alleviate problems with 
// load balanced et al proxies while retaining some reliance on IP security.
//
$ip_check_s substr&#40;$userdata['session_ip'&#93;, 0, 6&#41;;
$ip_check_u substr&#40;$user_ip, 0, 6&#41;;

if &#40;$ip_check_s == $ip_check_u&#41;
&#123;
$SID = &#40;$sessionmethod == SESSION_METHOD_GET || defined&#40;'IN_ADMIN'&#41;&#41; ? 'sid=' . $session_id &#58; '';

//
// Only update session DB a minute or so after last update
//
if &#40; $current_time - $userdata['session_time'&#93; > 60 &#41;
&#123;
$sql "UPDATE " SESSIONS_TABLE 
SET session_time = 
$current_time, session_page = $thispage_id 
WHERE session_id = '" 
$userdata['session_id'&#93; . "'";
if &#40; !$db->sql_query&#40;$sql&#41; &#41;
&#123;
message_die&#40;CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql&#41;;
&#125;

if &#40; $userdata['user_id'&#93; != ANONYMOUS &#41;
&#123;
$sql "UPDATE " USERS_TABLE 
SET user_session_time = 
$current_time, user_session_page = $thispage_id 
WHERE user_id = " 
$userdata['user_id'&#93;;
if &#40; !$db->sql_query&#40;$sql&#41; &#41;
&#123;
message_die&#40;CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql&#41;;
&#125;
&#125;

//
// Delete expired sessions
//
$expiry_time $current_time $board_config['session_length'&#93;;
$sql "DELETE FROM " SESSIONS_TABLE 
WHERE session_time < 
$expiry_time 
AND session_id <> '
$session_id'";
if &#40; !$db->sql_query&#40;$sql&#41; &#41;
&#123;
message_die&#40;CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql&#41;;
&#125;

setcookie&#40;$cookiename . '_data', serialize&#40;$sessiondata&#41;, $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure&#41;;
setcookie&#40;$cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure&#41;;
&#125;

return $userdata;
  &
#125; 
    
else 
    &
#123; 
       
$userdata['session_id'&#93; = ''; 
       
$userdata['session_ip'&#93; = ''; 
       
$userdata['session_user_id'&#93; = $user_id; 
       
$userdata['session_logged_in'&#93; = 0; 
       
$userdata['session_page'&#93; = ''; 
       
$userdata['session_start'&#93; = ''; 
       
$userdata['session_time'&#93; = ''; 

    
&#125; 
&#125;
&#125;
&#125;

//
// If we reach here then no &#40;valid&#41; session exists. So we'll create a new one,
// using the cookie user_id if available to pull basic user prefs.
//


if &#40; !&#40;$userdata = session_begin&#40;$user_id, $user_ip, $thispage_id, TRUE&#41;&#41; &#41;
&#123;
message_die&#40;CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql&#41;;
&#125;

return $userdata;

&
#125;

//
// session_end closes out a session
// deleting the corresponding entry
// in the sessions table
//
function session_end&#40;$session_id, $user_id&#41;
&#123;
global $db$lang$board_config;
global $HTTP_COOKIE_VARS$HTTP_GET_VARS$SID;

$cookiename $board_config['cookie_name'&#93;;
$cookiepath $board_config['cookie_path'&#93;;
$cookiedomain $board_config['cookie_domain'&#93;;
$cookiesecure $board_config['cookie_secure'&#93;;

$current_time time&#40;&#41;;

//
// Pull cookiedata or grab the URI propagated sid
//
if &#40; isset&#40;$HTTP_COOKIE_VARS[$cookiename . '_sid'&#93;&#41; &#41;
&#123;
$session_id = isset&#40; $HTTP_COOKIE_VARS[$cookiename . '_sid'&#93; &#41; ? $HTTP_COOKIE_VARS[$cookiename . '_sid'&#93; &#58; '';
$sessionmethod SESSION_METHOD_COOKIE;
&#125;
else
&#123;
$session_id = &#40; isset&#40;$HTTP_GET_VARS['sid'&#93;&#41; &#41; ? $HTTP_GET_VARS['sid'&#93; &#58; '';
$sessionmethod SESSION_METHOD_GET;
&#125;
  
if&#40;isset&#40;$session_id&#41;&#41; 
    
&#123; 

//
// Delete existing session
//
$sql "DELETE FROM " SESSIONS_TABLE 
WHERE session_id = '
$session_id
AND session_user_id = 
$user_id";
if &#40; !$db->sql_query&#40;$sql&#41; &#41;
&#123;
message_die&#40;CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql&#41;;
&#125;

setcookie&#40;$cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure&#41;;
setcookie&#40;$cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure&#41;;
        
&#125;
return true;
&
#125;

//
// Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper
// around every single URL and form action. If you replace the session
// code you must include this routine, even if it's empty.
//
function append_sid&#40;$url, $non_html_amp = false&#41;
&#123;
global $SID;

if &#40; !empty&#40;$SID&#41; && !preg_match&#40;'#sid=#', $url&#41; &#41;
&#123;
$url .= &#40; &#40; strpos&#40;$url, '?'&#41; != false &#41; ?  &#40; &#40; $non_html_amp &#41; ? '&' &#58; '&amp;' &#41; &#58; '?' &#41; . $SID;
&#125;

return $url;
&
#125;

?>

Just replace this with your existing includes/sessions.php and you are fine..
Logged
christuser
Guest
«Reply #1 on: April 18, 2004, 11:25:52 AM »
Thanks for the Mod (the sessions.php) bit i have a problem, after i added this mod, the last visit (in the memberlists.php output) is empty. (There is the word "never", but i need a date).

Any Idea?

Kind Regards Adrian
Logged
Ricky
Yoindian Shayar
******

Rau: 8
Offline Offline

Gender: Male
Waqt Bitaya:
4 days, 3 hours and 56 minutes.

Posts: 2455
Member Since: Dec 2003


View Profile
«Reply #2 on: April 19, 2004, 06:54:39 AM »
Well. may be you are using a mod.. ie. last visit is not over here in this forum in the member list..
Logged
christuser
Guest
«Reply #3 on: April 19, 2004, 07:35:26 AM »
Yes, i found the error, it was really a mod... and the bad thing was: Google indexed all what i want, but the users with IE partially didn't see the site.
Know it works!
Thanks for the great mod
Logged
SeanIM
Guest
«Reply #4 on: May 25, 2005, 06:27:35 PM »
Hi there, I've done the sessions mod, and the mod_rewrite mod, everything looks good, with ONE exception sad5

I can't log into my admin panel now, it lets me type in admin/pass over and over, and I know it's right as I had it reset and send me a new pass, but I still cant' get in sad5

Any suggestions or help in fixing this would be greatly appreciated. Usual Smile

.
Logged
SeanIM
Guest
«Reply #5 on: June 07, 2005, 07:58:19 AM »
Quote from: "SeanIM"
Hi there, I've done the sessions mod, and the mod_rewrite mod, everything looks good, with ONE exception sad5

I can't log into my admin panel now, it lets me type in admin/pass over and over, and I know it's right as I had it reset and send me a new pass, but I still cant' get in sad5

Any suggestions or help in fixing this would be greatly appreciated. Usual Smile

.


anyone?Huh??
Logged
Pages: [1]
Print
Jump to:  


Get Yoindia Updates in Email.

Enter your email address:

Ask any question to expert on eTI community..
Welcome, Guest. Please login or register.
Did you miss your activation email?
December 24, 2024, 02:55:46 AM

Login with username, password and session length
Recent Replies
by mkv
[December 22, 2024, 05:36:15 PM]

[December 19, 2024, 08:27:42 AM]

[December 17, 2024, 08:39:55 AM]

[December 15, 2024, 06:04:49 AM]

[December 13, 2024, 06:54:09 AM]

[December 10, 2024, 08:23:12 AM]

[December 10, 2024, 08:22:15 AM]

by Arif Uddin
[December 03, 2024, 07:06:48 PM]

[November 26, 2024, 08:47:05 AM]

[November 21, 2024, 09:01:29 AM]
Yoindia Shayariadab Copyright © MGCyber Group All Rights Reserved
Terms of Use| Privacy Policy Powered by PHP MySQL SMF© Simple Machines LLC
Page created in 0.133 seconds with 25 queries.
[x] Join now community of 8509 Real Poets and poetry admirer