И так начнем:
В Heder.php
PHP:
if( $session->getState() == 'expired' )
поменять на:
PHP:
if( $session->getState() == 'expired' || $session->getState() == 'error' )
В include/class_user.php
после:
PHP:
// Check if user exists
$user_id = $session_object->get('user_id');
$user_email = $session_object->get('user_email');
$user_pass = $session_object->get('user_pass');
Добавить:
PHP:
// Check for auth token
if( !$user_id )
{
$this->user_auth_token_check();
}
Найти:
PHP:
// Set cookie parameters
$cookie_lifetime = ( $persistent ? (60 * 60 * 24 * 31 * 6) : 0 );
if( $cookie_lifetime )
{
session_set_cookie_params($cookie_lifetime);
// Need to restart session for cookie parameters to take effect
$session_object->copy();
}
// Set user login info
$session_object->set('user_id', $user_id);
$session_object->set('user_email', $user_email);
$session_object->set('user_pass', $user_password);
$session_object->set('user_persist', (bool) $persistent);
$session_object->set('user_lastactive', time() - 3600);
// Create resume key if logged in
if( $user_id /* if persistent? && $persistent */ )
$session_object->makeResumeKey();
}
// END user_setcookies() METHOD
Заменить на:
PHP:
// Мы не должны делать это больше из-за авторизации tokens
// Set cookie parameters
//$cookie_lifetime = ( $persistent ? (60 * 60 * 24 * 31 * 6) : 0 );
//if( $cookie_lifetime )
//{
// session_set_cookie_params(10);//$cookie_lifetime);
//}
// Get new id for security
$session_object->copy();
// Set user login info
$session_object->set('user_id', $user_id);
$session_object->set('user_email', $user_email);
$session_object->set('user_pass', $user_password);
$session_object->set('user_persist', (bool) $persistent);
$session_object->set('user_lastactive', time() - 3600);
// Create new key if logging in, delete old key if logging out
if( $user_id )
{
$this->user_auth_token_create((bool)$persistent);
}
else
{
$this->user_auth_token_delete();
}
}
// END user_setcookies() METHOD
Найти:
PHP:
$session_object =& SESession::getInstance();
Ниже добавить:
PHP:
// REMOVE AUTH TOKEN
$this->user_auth_token_delete();
Найти:
PHP:
function user_friend_list($start, $limit, $direction = 0, $friend_status = 1, $sort_by = "se_users.user_dateupdated DESC", $where = "", $friend_details = 0)
{
global $database, $setting;
Заменить:
PHP:
function user_friend_list($start, $limit, $direction = 0, $friend_status = 1, $sort_by = "se_users.user_dateupdated DESC", $where = "", $friend_details = 0, $other_user_id = 0)
{
global $database, $setting, $user;
if( !$other_user_id && $user->user_info['user_id'] != $this->user_info['user_id'] )
{
$other_user_id = $user->user_info['user_id'];
}
Найти:
PHP:
// BEGIN FRIEND QUERY
$friend_query = "
SELECT
se_friends.friend_id,
se_users.user_id,
se_users.user_username,
se_users.user_fname,
se_users.user_lname,
se_users.user_photo,
se_users.user_lastlogindate,
se_users.user_dateupdated,
Заменить:
PHP:
// BEGIN FRIEND QUERY
$friend_query = "
SELECT
se_friends.friend_id,
se_users.user_id,
se_users.user_username,
se_users.user_fname,
se_users.user_lname,
se_users.user_photo,
se_users.user_lastlogindate,
se_users.user_dateupdated
";
if( $other_user_id )
{
$friend_query .= ",
CASE
WHEN (SELECT TRUE FROM se_friends WHERE friend_user_id1='{$other_user_id}' AND friend_user_id2=se_users.user_id AND friend_status='1' LIMIT 1)
THEN 2
WHEN (SELECT TRUE FROM se_friends WHERE friend_user_id1='{$other_user_id}' AND friend_user_id2=se_users.user_id AND friend_status='0' LIMIT 1)
THEN 1
ELSE 0
END
AS is_viewers_friend
";
}
$friend_query .= ",
После
PHP:
// END user_message_view() METHOD
добавить:
PHP:
function user_auth_token_create($persistent = false)
{
if( !$this->user_exists )
{
return false;
}
$db =& SEDatabase::getInstance();
$id = false;
while( !$id )
{
$id = sha1(uniqid(mt_rand(), true));
$resource = $db->database_query("SELECT NULL FROM se_session_auth WHERE session_auth_key='{$id}' LIMIT 1");
if( $db->database_num_rows($resource) >= 1 )
{
$id = false;
}
}
$persistent = (bool) $persistent;
$ua = md5($_SERVER['HTTP_USER_AGENT']);
$ip = ip2long($_SERVER['REMOTE_ADDR']);
$now = time();
$sql = "
INSERT INTO se_session_auth
(session_auth_key, session_auth_user_id, session_auth_ua, session_auth_ip, session_auth_type, session_auth_time)
VALUES
('{$id}', '{$this->user_info['user_id']}', '{$ua}', '{$ip}', '{$persistent}', '{$now}')
";
$resource = $db->database_query($sql);
// Success, set token
if( $resource )
{
// Delete old token if necessary
$this->user_auth_token_delete(null, false);
// Set new token
$cookie_lifetime = ( $persistent ? time() + (60 * 60 * 24 * 30 * 6) : 0 );
$host = get_simple_cookie_domain();
setcookie('se_auth_token', $id, $cookie_lifetime, '/', $host);
return $id;
}
else
{
// Delete existing auth token on failure
$this->user_auth_token_delete(null, true);
return false;
}
}
function user_auth_token_delete($id = null, $delete_cookie = true)
{
if( !$id )
{
$id = $_COOKIE['se_auth_token'];
if( !$id )
{
return;
}
}
// Remove cookie
if( $delete_cookie )
{
$host = get_simple_cookie_domain();
setcookie('se_auth_token', null, (int) time() / 2, '/', $host);
}
// Remove from db
$db =& SEDatabase::getInstance();
$db->database_query("DELETE FROM se_session_auth WHERE session_auth_key='{$id}' LIMIT 1");
// Cleanup? ~6 months
$mintime = time() - (60 * 60 * 24 * 30 * 6);
$db->database_query("DELETE FROM se_session_auth WHERE session_auth_time<'{$mintime}'");
}
function user_auth_token_check()
{
// We are already logged in? Why are we checking this?
if( $this->user_exists )
{
return true;
}
$id = @$_COOKIE['se_auth_token'];
// No auth token set, fail
if( !$id )
{
return false;
}
$db =& SEDatabase::getInstance();
$ua = md5($_SERVER['HTTP_USER_AGENT']);
$ip = ip2long($_SERVER['REMOTE_ADDR']);
$resource = $db->database_query("SELECT session_auth_user_id, session_auth_type FROM se_session_auth WHERE session_auth_key='{$id}' && session_auth_ip='{$ip}' && session_auth_ua='{$ua}' LIMIT 1");
if( !$db->database_num_rows($resource) )
{
// There was an invalid key, remove it
$this->user_auth_token_delete(null, true);
return false;
}
$info = $db->database_fetch_assoc($resource);
$persistent = (bool) $info['session_auth_type'];
$user_id = $info['session_auth_user_id'];
// Should we populate use data here?
$this->SEUser(array($user_id));
$this->user_setcookies($persistent);
return $user_id;
}
ОТКРЫВАЕМ functions_general
Тут мы добавляем одну функцию: get_simple_cookie_domain()
После
PHP:
// END friends_birthdays() FUNCTION
Добавить:
PHP:
function get_simple_cookie_domain($host = null)
{
// Quick config
if( defined('SE_COOKIE_DOMAIN') )
{
return SE_COOKIE_DOMAIN;
}
if( !$host )
{
$host = $_SERVER["HTTP_HOST"];
}
$host = parse_url($host);
$host = $host['path'];
$parts = explode('.', $host);
switch( TRUE )
{
// Do not use custom for these:
// IP Address
case ( preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $host) ):
// Intranet host
case ( count($parts) === 1 ):
return null;
break;
// Second level ccld
case ( strlen($parts[count($parts)-1]) == 2 && strlen($parts[count($parts)-2]) <= 3 ):
array_splice($parts, 0, count($parts) - 3);
return join('.', $parts);
break;
// tld or first-level ccld
default:
array_splice($parts, 0, count($parts) - 2);
return join('.', $parts);
}
return null;
}
Открыть include/cache/handler/serial.php
Меняем все на:
PHP:
<?php
/* $Id: serial.php 207 2010-08-30 04:34:51Z Afsun $ */
defined('SE_PAGE') or die();
class SECacheHandlerSerial extends SECache
{
function get( $id, $group=null )
{
$data = parent::get($id, $group);
if( is_string($data) )
{
$data = @unserialize($data);
}
if( $data === null || $data === false )
{
return null;
}
return $data;
}
function store($data, $id, $group=NULL)
{
$serial_data = serialize($data);
parent::store($serial_data, $id, $group);
}
}
Дальше открываем include/session/session.php
Комментируем:
PHP:
var $_autoresume = TRUE; и $this->_resume();
Меняем:
PHP:
// set cookie params
//$cookie = session_get_cookie_params();
$cookie = array();
$cookie['lifetime'] = ( isset($options['cookie']['lifetime']) ? $options['cookie']['lifetime'] : 0 );
//$cookie['path'] = ( isset($options['cookie']['path']) ? $options['cookie']['path'] : '/' );
//$cookie['domain'] = ( isset($options['cookie']['domain']) ? $options['cookie']['domain'] : $_SERVER["HTTP_HOST"] );
//$cookie['secure'] = ( isset($options['cookie']['secure']) ? $options['cookie']['secure'] : FALSE );
session_set_cookie_params($cookie['lifetime']);
//session_set_cookie_params($cookie['lifetime'], $cookie['path'], $cookie['domain'], $cookie['secure']);
На:
PHP:
// set cookie params
$lifetime = ( isset($options['lifetime']) ? $options['lifetime'] : 0 );
$host = get_simple_cookie_domain();
// Could not detect, ignore
if( !$host )
{
session_set_cookie_params($lifetime, '/');
}
// Could detect, use
else
{
session_set_cookie_params($lifetime, '/', $host);
}
P/S
Не забываем делать бекап ваших файлов!
