beenull/EngineGP
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Changed the use of cookies in the session

Browse source 
Task:
https://bugs.enginegp.com/view.php?id=32
This commit is contained in:
Sergei Solovev 2024-03-20 04:13:41 +03:00
parent 390cb600f4
commit 67b23adb28
6 changed files with 36 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
system/acp/distributor.php
View file

@ -29,30 +29,25 @@ $go = array_key_exists('go', $url);
$page = array_key_exists('page', $url) ? sys::int($url['page']) : 1;
$route = $route == '' ? 'index' : $route;
session_start();
$auth = false;
// Проверка cookie на авторизацию
$aAuth = array();
// Проверка сессии на авторизацию
if (isset($_SESSION['user_id'])) {
$userId = $_SESSION['user_id'];
$aAuth['login'] = isset($_COOKIE['egp_login']) ? $_COOKIE['egp_login'] : '';
$aAuth['passwd'] = isset($_COOKIE['egp_passwd']) ? $_COOKIE['egp_passwd'] : '';
$aAuth['authkeycheck'] = isset($_COOKIE['egp_authkeycheck']) ? $_COOKIE['egp_authkeycheck'] : '';
$sql->query('SELECT `id`, `login`, `balance`, `group`, `level`, `time` FROM `users` WHERE `id`="' . $userId . '" LIMIT 1');
if ($sql->num()) {
$user = $sql->get();
$authkey = md5($aAuth['login'] . $uip . $aAuth['passwd']);
if (!in_array('', $aAuth) and $authkey == $aAuth['authkeycheck']) {
if ((!sys::valid($aAuth['login'], 'other', $aValid['login'])) and !sys::valid($aAuth['passwd'], 'md5')) {
$sql->query('SELECT `id` FROM `users` WHERE `login`="' . $aAuth['login'] . '" AND `passwd`="' . $aAuth['passwd'] . '" AND `group`="admin" LIMIT 1');
if ($sql->num()) {
$sql->query('SELECT `id`, `login`, `balance`, `group`, `time` FROM `users` WHERE `login`="' . $aAuth['login'] . '" AND `passwd`="' . $aAuth['passwd'] . '" LIMIT 1');
$user = $sql->get();
// Обновление активности
if ($user['time'] + 10 < $start_point)
$sql->query('UPDATE `users` set `time`="' . $start_point . '" WHERE `id`="' . $user['id'] . '" LIMIT 1');
// Обновление активности
if ($user['time'] + 10 < $start_point)
$sql->query('UPDATE `users` set `time`="' . $start_point . '" WHERE `id`="' . $user['id'] . '" LIMIT 1');
// Проверка принадлежности к группе admin
if ($user['group'] === "admin")
$auth = true;
}
}
}

56
system/distributor.php
View file

@ -27,52 +27,27 @@ $go = array_key_exists('go', $url);
$page = array_key_exists('page', $url) ? sys::int($url['page']) : 1;
$route = $route == '' ? 'index' : $route;
session_start();
// Реферал
if (isset($_GET['account']))
sys::cookie('part', sys::int($_GET['account']), 10);
$_SESSION['referrer'] = sys::int($_GET['account']);
$auth = false;
// Проверка cookie на авторизацию
$aAuth = array();
// Проверка сессии на авторизацию
if (isset($_SESSION['user_id'])) {
$userId = $_SESSION['user_id'];
$aAuth['login'] = isset($_COOKIE['egp_login']) ? $_COOKIE['egp_login'] : '';
$aAuth['passwd'] = isset($_COOKIE['egp_passwd']) ? $_COOKIE['egp_passwd'] : '';
$aAuth['authkeycheck'] = isset($_COOKIE['egp_authkeycheck']) ? $_COOKIE['egp_authkeycheck'] : '';
$sql->query('SELECT `id`, `login`, `balance`, `group`, `level`, `time` FROM `users` WHERE `id`="' . $userId . '" LIMIT 1');
if ($sql->num()) {
$user = $sql->get();
$authkey = md5($aAuth['login'] . $uip . $aAuth['passwd']);
$userkey = md5($aAuth['login'] . $authkey . $aAuth['passwd']);
// Обновление активности
if ($user['time'] + 10 < $start_point)
$sql->query('UPDATE `users` set `time`="' . $start_point . '" WHERE `id`="' . $user['id'] . '" LIMIT 1');
if (!in_array('', $aAuth) && $authkey == $aAuth['authkeycheck']) {
$users = $mcache->get('users_auth');
$user = isset($users[$userkey]) ? $users[$userkey] : 0;
if (!$user) {
if ((!sys::valid($aAuth['login'], 'other', $aValid['login'])) && !sys::valid($aAuth['passwd'], 'md5')) {
$sql->query('SELECT `id` FROM `users` WHERE `login`="' . $aAuth['login'] . '" AND `passwd`="' . $aAuth['passwd'] . '" LIMIT 1');
if ($sql->num()) {
$sql->query('SELECT `id`, `login`, `passwd`, `balance`, `group`, `level`, `time` FROM `users` WHERE `login`="' . $aAuth['login'] . '" AND `passwd`="' . $aAuth['passwd'] . '" LIMIT 1');
$user = array_merge(array('authkey' => $authkey), $sql->get());
$auth = 1;
sys::users($users, $user, $authkey);
}
}
if (!$auth) {
sys::cookie('egp_login', 'quit', -1);
sys::cookie('egp_passwd', 'quit', -1);
sys::cookie('egp_authkeycheck', 'quit', -1);
}
} else {
$sql->query('SELECT `balance`, `time` FROM `users` WHERE `id`="' . $user['id'] . '" LIMIT 1');
$user = array_merge($user, $sql->get());
sys::user($user);
$auth = 1;
$auth = true;
}
}
@ -136,11 +111,14 @@ $html->set('cur', $cfg['currency']);
// Если авторизован
if ($auth) {
// Здесь вы можете использовать информацию о пользователе, например, $user['balance']
$html->set('login', $user['login']);
$html->set('balance', round($user['balance'], 2));
$html->set('other_menu', isset($html->arr['vmenu']) ? $html->arr['vmenu'] : '');
} else
} else {
// Если пользователь не авторизован, выполните необходимые действия
$html->set('other_menu', '');
}
$html->set('nav', isset($html->arr['nav']) ? $html->arr['nav'] : '', true);
$html->set('main', isset($html->arr['main']) ? $html->arr['main'] : '', true);

10
system/sections/user/auth.php
View file

@ -5,10 +5,6 @@ if (!DEFINED('EGP'))
// Проверка на авторизацию
sys::auth();
sys::cookie('egp_login', 'quit', -1);
sys::cookie('egp_passwd', 'quit', -1);
sys::cookie('egp_authkeycheck', 'quit', -1);
// Генерация новой капчи
if (isset($url['captcha']))
sys::captcha('auth', $uip);
@ -107,10 +103,8 @@ if ($go) {
// Логирование ip
$sql->query('INSERT INTO `auth` set `user`="' . $user['id'] . '", `ip`="' . $uip . '", `date`="' . $start_point . '", `browser`="' . sys::hb64($_SERVER['HTTP_USER_AGENT']) . '"');
// Запись cookie пользователю
sys::cookie('egp_login', $user['login'], 14);
sys::cookie('egp_passwd', $aData['passwd'], 14);
sys::cookie('egp_authkeycheck', md5($user['login'] . $uip . $aData['passwd']), 14);
// Запись сессии пользователя
$_SESSION['user_id'] = $user['id'];
// Выхлоп удачной авторизации
sys::outjs(array('s' => 'ok'), $nmch);

7
system/sections/user/lk/action.php
View file

@ -45,11 +45,6 @@ if ($go) {
// Обновление пароля в базе, если он не совпадает с текущим
if ($auth_data['passwd'] != $passwd) {
$sql->query('UPDATE `users` set `passwd`="' . $passwd . '" WHERE `id`="' . $user['id'] . '" LIMIT 1');
// Обновление cookie
sys::cookie('login', $user['login'], 14);
sys::cookie('passwd', $passwd, 14);
sys::cookie('authkeycheck', md5($user['login'] . $_SERVER['REMOTE_ADDR'] . $passwd), 14);
}
// Выхлоп удачного выполнения операции
@ -166,7 +161,7 @@ if ($go) {
$wmr = isset($_POST['wmr']) ? $_POST['wmr'] : '';
// Проверка наличия указанного кошелька
if (isset($user['wmr']{0}) and in_array($user['wmr']{0}, array('R', 'Z', 'U')))
if (isset($user['wmr'][0]) and in_array($user['wmr'][0], array('R', 'Z', 'U')))
sys::outjs(array('e' => sys::text('input', 'wmr_confirm')), $name_mcache);
if (sys::valid($wmr, 'wm'))

5
system/sections/user/quit.php
View file

@ -5,12 +5,9 @@ if (!DEFINED('EGP'))
// Проверка на авторизацию
sys::noauth($auth, $go);
sys::cookie('egp_login', 'quit', -1);
sys::cookie('egp_passwd', 'quit', -1);
sys::cookie('egp_authkeycheck', 'quit', -1);
session_unset();
// Обновление активности
$sql->query('UPDATE `users` set `time`="' . ($start_point - 10) . '" WHERE `id`="' . $user['id'] . '" LIMIT 1');
sys::users($users, $user, $authkey, true);
sys::back($cfg['http']);

4
system/sections/user/signup.php
View file

@ -144,8 +144,8 @@ if (isset($url['confirm']) && !sys::valid($url['confirm'], 'md5')) {
$aNData['passwd'] = sys::passwd(10);
// Реферал
if (isset($_COOKIE['part']))
$part = ', `part`="' . sys::int($_COOKIE['part']) . '"';
if (isset($_SESSION['referrer']))
$part = ', `part`="' . sys::int($_SESSION['referrer']) . '"';
// Запись данных в базу
$sql->query('INSERT INTO `users` set '