Location: PHPKode > projects > phpCAMALEO > Session.php
<?php
/***************************************************************************
 *	Session.php
 *
 *	begin		: December 2005
 *	version		: 25 October 2006
 *	copyright	: (C) 2005,2006 grandolini.net
 *
 *	Initializations
 *
 ***************************************************************************/
if(!function_exists('get_microtime')) { function get_microtime() { list($usec,$sec)=explode(' ',microtime()); return((float)$usec+(float)$sec); } }
$start_pagebuild_time=get_microtime();
session_start(); $_SESSION[id]=session_id();
#
if(!function_exists('check_path')) { function check_path($path,$file)
{
	if(eregi("http://|https://|ftp://|\.\./",$path) || !file_exists($path.'/'.$file))
	{
		#	hacking attempt
		#
		header('Location: http://'.$_SERVER[HTTP_HOST].'/'.$_SESSION[misc][folder].'666.shtml');
		die;
	}
} }
if(!function_exists('check_access')) { function check_access($user,$pw,$min_priv=0)
	{
		global $USER_ID,$USER_PW;
		include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'inc/user_fields.inc');
 		if($user!=$USER_ID || $pw!=$USER_PW) { $err=1; }
		if($err==0)
		{
			$sth=db_query("SELECT * FROM $user_table WHERE id='$user' AND pw='$pw'");
			if($sth[1]==0) { $err=1; } 
			else
			{
				$row=db_fetch($sth[0]); if($row[0][privil]<$min_priv) { $err=1; }
			}
		}
		if($err==1)
		{
			header('Location: 600.php');
			die;
		}
	} }
#
if(substr($_SERVER[HTTP_HOST],0,4)=='www.')
{
	#	www.sitename.com is redirected to sitename.com
	#
	header('Location: http://'.substr($_SERVER[HTTP_HOST],4));
	die;
	#-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
}
#
#=============================================================================
if($skin=='' && (!isset($_SESSION[misc][skin]) || $_SESSION[misc][skin]==''))
{
	#	if the skin is not yet selected
	#
	$skin='phpCAMALEO';
	#
	require('private/Host.inc');
	require('common/db/MySql.php');
	$dbh=db_connect(array($host,$user,$password));
	$dbs=db_select_db(array($db_main));
	$sth=db_query("SELECT * FROM site_settings WHERE site='*default' AND code='site'");
	if($sth[1]>0)
	{
		#	if there is a default skin, load it
		#
		$row=db_fetch($sth[0]); if($row[0][value]!='') { $skin=$row[0][value]; }
	}
	$_SESSION[misc][skin]=$skin;
	header('Location: LoadPage.php?page=welcome&skid='.$skin);
	die;
	#-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
}
#
#=============================================================================
#
#	Site variables initialization
#
require('common/db/Globals.inc');
require('private/Host.inc');
require('common/db/MySql.php');
require('common/includes/siteinit.inc');
if(substr($_SERVER[DOCUMENT_ROOT],-1,1)!='/')
{
	if(substr($_SESSION[misc][folder],0,1)!='/') { $_SESSION[misc][folder]='/'.$_SESSION[misc][folder]; }
}
if(substr($_SESSION[misc][folder],-1,1)!='/') { $_SESSION[misc][folder]=$_SESSION[misc][folder].'/'; }
#
$_SESSION[common]=$_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'common/';
check_path($_SESSION[common],'index.html');
$_SESSION[skinf]=$_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/'.$_SESSION[misc][skin].'/';
check_path($_SESSION[skinf],'Layout.php');
#
#	Handling online table
#
$dbh=db_connect(array($host,$user,$password));
$dbs=db_select_db(array($db_main));
#
#	Remove online users not loading any page since 15 minutes
#
$tmp=time()-(15*60); if($_SESSION[misc][location]=='l') { $tmp=time()-(120*60); /* 2 hours on local server */}
$sth=db_query("DELETE FROM online WHERE time<'".$tmp."'");	# time in seconds
#
##	include($_SESSION[common].'fun2inc/get_port.inc'); $IP=get_port('ip');
#
$timestamp=time();
$IP=$_SERVER[REMOTE_ADDR];
$sth=db_query("SELECT * FROM online WHERE ip='$IP'");
if($sth[1]==0)
{
	$sth=db_query("INSERT INTO online SET skin='".$_SESSION[misc][skin]."',page='".$_SESSION[PageNr]."',time='$timestamp',ip='$IP'");
	#
	#	Update the total users online table
	#
	$sth=db_query("SELECT * FROM g_stat_misc WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*tot_online'");
	if($sth[1]>0)
	{
		$row=db_fetch($sth[0]); $TOT_ONLINE=$row[0][stat_misc_val]+1;
		$sth=db_query("UPDATE g_stat_misc SET stat_misc_val='$TOT_ONLINE',stat_misc_date='$timestamp' WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*tot_online'"); 
	}
	else
	{
		$TOT_ONLINE=1;
		$sth=db_query("INSERT INTO g_stat_misc SET stat_misc_skin='".$_SESSION[misc][skin]."', stat_misc_key='*tot_online',stat_misc_val='$TOT_ONLINE',stat_misc_date='$timestamp'"); 
	}
}
else
{
	#	Set user variables
	#
	$row=db_fetch($sth[0]);
	$USER_ID	=$row[0][user];
	$USER_PW	=$row[0][pw];
	$USER_PRIV	=$row[0][privil];
	$USER_RRN	=$row[0][userRRN];
	$USER_TEAM	=$row[0][team];
	#
	$sth=db_query("UPDATE online SET skin='".$_SESSION[misc][skin]."',page='".$_SESSION[PageNr]."',time='$timestamp' WHERE ip='$IP' LIMIT 1");
	#
	#	Get total users online
	#
	$sth=db_query("SELECT * FROM g_stat_misc WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*tot_online'");
	if($sth[1]>0)
	{
		$row=db_fetch($sth[0]); $TOT_ONLINE=$row[0][stat_misc_val]+1;
	}
	else
	{
		$TOT_ONLINE=1;
	}
}
#
#	Count users online
#
$sth=db_query("SELECT ip FROM online WHERE skin='".$_SESSION[misc][skin]."'");
$NOW_ONLINE=$sth[1];
#
#	Update the max users online table if necessary
#
$MAX_ONLINE=0;
$sth=db_query("SELECT * FROM g_stat_misc WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*max_online'");
if($sth[1]>0) { $row=db_fetch($sth[0]); $MAX_ONLINE=$row[0][stat_misc_val]; }
if($NOW_ONLINE>$MAX_ONLINE)
{
	if($sth[1]==0)	{ $sth=db_query("INSERT INTO g_stat_misc SET stat_misc_skin='".$_SESSION[misc][skin]."',stat_misc_key='*max_online',stat_misc_val='$NOW_ONLINE',stat_misc_date='$timestamp'"); } 
	else			{ $sth=db_query("UPDATE g_stat_misc SET stat_misc_val='$NOW_ONLINE',stat_misc_date='$timestamp' WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*max_online'"); }
}
#=============================================================================
#
#	Site maintenance in progress + not admin => halt the user
#
if($_SESSION[misc][wipfile]!='')
{
	if(file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].$_SESSION[misc][wipfile]))
		if($USER_PRIV<90)
		{
			include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'_/index.php');
			die;
		}
		else
		{
			#	Remove WIP link
			#
			?><div style="position:absolute;top:10;left:10;z-index:9999;background:#ff0000;padding:6px;border:2px solid #ffe900;">
			<input class="button" type="button" value="remove wip" onclick="javascript:document.location='_/WIP_remove.php';">
			</div><?php
		}
}
#
#	Set Country variables
#
#$_SESSION[sitelanguage]=''; # debug
if(!isset($_SESSION[sitelanguage]) || $_SESSION[sitelanguage]=='')
{
	if(file_exists('plugins/get_country.inc') && file_exists($_SESSION[skinf].'def/getcountryKEY.inc'))
	{
		require('plugins/get_country.inc');
		if($getcountryKEY!='')
		{
			$tmp=get_country($country_server,$country_serverf.'getcountry.php?req='.$_SERVER[HTTP_HOST].'&cid='.$getcountryKEY.'&inquiry='.$_SERVER[REMOTE_ADDR]);
			list($_SESSION[country_name],$_SESSION[country_code],$_SESSION[country_code3],$_SESSION[country_language])=explode("\t",$tmp);
			$_SESSION[country_desc]=$_SESSION[country_code].', '.$_SESSION[country_code3].', '.$_SESSION[country_language];
		}
		else { $_SESSION[country_desc]='For info about this flag, check: http://getcountry.grandolini.com'; }
	}
	if(file_exists($_SESSION[skinf].'lang/'.$_SESSION[country_language].'/welcome.txt')) 
	{
		#	the language returned by getcountry is supported
		#
		$_SESSION[sitelanguage]=$_SESSION[country_language];
	}
	#
	if($_SESSION[sitelanguage]=='')		{ $_SESSION[sitelanguage]=$_SESSION[misc][langdef]; }	# Default language
	if($_SESSION[misc][langforce]!='')  { $_SESSION[sitelanguage]=$_SESSION[misc][langforce]; }	# Force language
}
#
#	Set the display language chosen by the user
#
if($_GET[lang]!='' && $_SESSION[misc][langforce]=='')
{
	$_SESSION[sitelanguage]=$_GET[lang];
	if(!file_exists($_SESSION[skinf].'def/'.$_SESSION[sitelanguage]))
	{
		#	Language not supported: use site default language
		#
		$_SESSION[sitelanguage]=$_SESSION[misc][langdef];
	}
}
#==================
#	Definitions
#==================
define(_CR_,"\r\n"); define(_TAB_, "\t");
#
#	skins definitions to be used before the page is build (layout.php)
#
if(file_exists($_SESSION[skinf].'def/'.$_SESSION[sitelanguage].'/'.$defs.'_defs.php')) { include_once($_SESSION[skinf].'def/'.$_SESSION[sitelanguage].'/'.$defs.'_defs.php'); }
else { if(file_exists($_SESSION[skinf].'def/'.$_SESSION[misc][langdef].'/'.$defs.'_defs.php')) { include_once($_SESSION[skinf].'def/'.$_SESSION[misc][langdef].'/'.$defs.'_defs.php'); } }
#
#	phpCAMALEO definitions to be used before the page is build (layout.php)
#
if(file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[sitelanguage].'/'.$defs.'_defs.php')) { include_once($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[sitelanguage].'/'.$defs.'_defs.php'); }
else { if(file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[misc][langdef].'/'.$defs.'_defs.php')) { include_once($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[misc][langdef].'/'.$defs.'_defs.php'); } }
#
#	skins own defs override phpCAMALEO defs, else get the default language version 
#
if(file_exists($_SESSION[skinf].'def/'.$_SESSION[sitelanguage].'/common_defs.php')) { include_once($_SESSION[skinf].'def/'.$_SESSION[sitelanguage].'/common_defs.php'); }
else { if(file_exists($_SESSION[skinf].'def/'.$_SESSION[misc][langdef].'/common_defs.php')) { include_once($_SESSION[skinf].'def/'.$_SESSION[misc][langdef].'/common_defs.php'); } }
#
#	phpCAMALEO common defs
#
if(file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[sitelanguage].'/common_defs.php')) { include_once($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[sitelanguage].'/common_defs.php'); }
else { if(file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[misc][langdef].'/common_defs.php')) { include_once($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[misc][langdef].'/common_defs.php'); } }
#
include('common/fun2inc/time_format.inc');
if($USER_PRIV==90 || $_SESSION[misc][location]=='l')
{
	#	Stuff for the admin
	#
	include($_SESSION[common].'fun2inc/showtable.inc');
	include($_SESSION[common].'fun2inc/echo_r.inc');
}
if(!file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'tmp/last_update_'.$_SESSION[misc][skin].'.inc'))
{
	include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'common/fun2inc/bld_last_update.inc');
	bld_last_update(date('j F Y'),$_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'Session.php');
}
include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'tmp/last_update_'.$_SESSION[misc][skin].'.inc');
$_SESSION[go]=1;
?>
Return current item: phpCAMALEO