<?php
define('COOKIE_NAME', 'tuibgidf'); // losowe
define('COOKIE_EXPIRE', 3600); // 1 godzina
$time = time();
//laczenie baza danych
$mysql_host = 'localhost';
$mysql_login = 'login';
$mysql_haslo = 'password';
$mysql_baza = 'baza';
$polaczenie = mysql_connect($mysql_host, $mysql_login, $mysql_haslo) or die(mysql_error());
mysql_select_db($mysql_baza) or die('Błąd: nie udało się wybrać schematu bazy danych.');
//end laczenie baza danych
//IP, browser, sesje
$ip = $_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$newId = sha1(uniqid(time().$ip));
$wynik = mysql_query("SELECT * FROM sessions WHERE session_ip = '$ip' AND session_browser = '$browser' AND session_time > ".($time - COOKIE_EXPIRE)) or die(mysql_error());
$count = mysql_num_rows($wynik);
if($count > 0)
{
$row = mysql_fetch_row( $wynik );
if($_COOKIE[COOKIE_NAME] == $row[0] && strlen($_COOKIE[COOKIE_NAME]) == 40 && isset($_COOKIE[COOKIE_NAME]))
{
if($_SESSION['session_user'] == $row[1] && $_SESSION['session_user'] != 0)
{
$session_user = $row[1];
$old = $row[0];
$result = mysql_query("UPDATE sessions SET session_id='$old', session_browser ='$browser', session_time = '$time', session_user = '$session_user' WHERE session_ip = '$ip' AND session_browser = '$browser'") or die(mysql_error());
setcookie(COOKIE_NAME, $old, time() + COOKIE_EXPIRE);
$result = mysql_query("SELECT * FROM users WHERE user_id = '$session_user'") or die(mysql_error());
$user = mysql_fetch_array( $result );
}
else
{
$old = $row[0];
$result = mysql_query("UPDATE sessions SET session_id='$old', session_browser ='$browser', session_time = '$time', session_user = '0' WHERE session_ip = '$ip' AND session_browser = '$browser'") or die(mysql_error());
setcookie(COOKIE_NAME, $old, time() + COOKIE_EXPIRE);
}
}
else
{
$_SESSION['session_user'] = '0';
setcookie(COOKIE_NAME, $newId, time() + COOKIE_EXPIRE);
$result = mysql_query("UPDATE sessions SET session_id='$newId', session_browser ='$browser', session_time = '$time', session_user = '0' WHERE session_ip = '$ip' AND session_browser = '$browser'") or die(mysql_error());
}
}
else
{
$_SESSION['session_user'] = '0';
setcookie(COOKIE_NAME, $newId, time() + COOKIE_EXPIRE);
mysql_query("INSERT INTO sessions (session_id, session_user, session_ip, session_browser, session_time) VALUES('$newId', '0', '$ip', '$browser', '$time' ) ") or die(mysql_error());
}
?>
CREATE TABLE IF NOT EXISTS `sessions` (
`session_id` varchar(40) NOT NULL,
`session_user` int(8) NOT NULL DEFAULT '0',
`session_ip` varchar(15) NOT NULL DEFAULT '',
`session_browser` varchar(255) NOT NULL DEFAULT '',
`session_time` int(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`session_id`)
) ENGINE=MEMORY DEFAULT CHARSET=latin2;
CREATE TABLE IF NOT EXISTS `users` (
`user_id` int(10) NOT NULL AUTO_INCREMENT,
`user_login` varchar(30) NOT NULL,
`user_password` varchar(40) NOT NULL,
`user_email` varchar(100) NOT NULL,
`user_group` int(1) NOT NULL,
`user_lastvisit` int(8) NOT NULL,
`user_register` int(20) NOT NULL,
`user_banned` int(1) NOT NULL,
`user_reason_ban` varchar(255) NOT NULL,
`user_time_limit` int(20) NOT NULL,
`user_active` int(1) NOT NULL,
`user_key` varchar(13) NOT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin2 AUTO_INCREMENT=1 ;
Witam! Panowie pomozecie w zabezpieczeniu skryptu ? I czy poprawnie go napisalem ? Moze jakies poprawki wedlug Was ?
Pozdrawiam!
[MySQL][PHP]System Sesji
