Changeset 45 for trunk/include/user.inc.php
- Timestamp:
- Jul 27, 2003, 10:24:10 AM (21 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/user.inc.php
r26 r45 33 33 $query_done = false; 34 34 $user['is_the_guest'] = false; 35 if ( isset( $_GET['id'] ) 36 && ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $_GET['id'] ) ) 35 36 // cookie deletion if administrator don't authorize them anymore 37 if ( !$conf['authorize_cookies'] and isset( $_COOKIE['id'] ) ) 37 38 { 38 $page['session_id'] = $_GET['id']; 39 setcookie( 'id', '', 0, cookie_path() ); 40 $url = 'category.php'; 41 header( 'Request-URI: '.$url ); 42 header( 'Content-Location: '.$url ); 43 header( 'Location: '.$url ); 44 exit(); 45 } 46 47 $user['has_cookie'] = false; 48 if ( isset( $_GET['id'] ) ) $session_id = $_GET['id']; 49 elseif ( isset( $_COOKIE['id'] ) ) 50 { 51 $session_id = $_COOKIE['id']; 52 $user['has_cookie'] = true; 53 } 54 55 if ( isset( $session_id ) 56 and ereg( "^[0-9a-zA-Z]{".$conf['session_id_size']."}$", $session_id ) ) 57 { 58 $page['session_id'] = $session_id; 39 59 $query = 'SELECT user_id,expiration,ip'; 40 60 $query.= ' FROM '.PREFIX_TABLE.'sessions'; 41 $query.= " WHERE id = '".$ _GET['id']."'";61 $query.= " WHERE id = '".$page['session_id']."'"; 42 62 $query.= ';'; 43 63 $result = mysql_query( $query ); … … 45 65 { 46 66 $row = mysql_fetch_array( $result ); 47 if ( $row['expiration'] < time())67 if ( !$user['has_cookie'] ) 48 68 { 49 // deletion of the session from the database,50 // because it is out-of-date51 $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions';52 $delete_query.= " WHERE id = '".$page['session_id']."'";53 $delete_query.= ';';54 mysql_query( $delete_query );55 }56 else57 {69 if ( $row['expiration'] < time() ) 70 { 71 // deletion of the session from the database, 72 // because it is out-of-date 73 $delete_query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; 74 $delete_query.= " WHERE id = '".$page['session_id']."'"; 75 $delete_query.= ';'; 76 mysql_query( $delete_query ); 77 } 58 78 if ( $_SERVER['REMOTE_ADDR'] == $row['ip'] ) 59 79 { … … 61 81 $query_done = true; 62 82 } 83 } 84 else 85 { 86 $query_user .= ' WHERE id = '.$row['user_id']; 87 $query_done = true; 63 88 } 64 89 }
Note: See TracChangeset
for help on using the changeset viewer.