Авторизация и Кукисы

IIIyT	#1 14.03.2011 14:57
Members	Доброго времени суток. С давних пор пользуюсь Котонтиевским двиглом.И по сути возник трабл с вылетами. При работе на локалке Авторизация спокойно дружит с Куки и помнит столько, сколько требуется. Выгружаю на хостинг(hostlife.net) и авторизация попросту умирает. Такое ощущение что куки попросту невоспрнимается. Вот код из авторизации(users.auth.inc): if ($a=='check') { sed_shield_protect(); /* === Hook for the plugins === / $extp = sed_getextplugins('users.auth.check'); if (is_array($extp)) { foreach($extp as $k => $pl) { include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } } / ===== / $rusername = sed_import('rusername','P','TXT', 100, TRUE); $rpassword = sed_import('rpassword','P','PSW', 16, TRUE); $rcookiettl = sed_import('rcookiettl', 'P', 'INT'); $rremember = sed_import('rremember', 'P', 'BOL'); if(empty($rremember) && $rcookiettl > 0) $rremember = true; $rmdpass = md5($rpassword); $sql = sed_sql_query("SELECT user_id, user_maingrp, user_banexpire, user_skin, user_theme, user_lang, user_unban_group FROM $db_users WHERE user_password='$rmdpass' AND user_name='".sed_sql_prep($rusername)."'"); if ($row = sed_sql_fetcharray($sql)) { if ($row['user_maingrp']==-1) { sed_log("Log in attempt, user inactive : ".$rusername, 'usr'); sed_redirect(sed_url('message', 'msg=152', '', true)); exit; } if ($row['user_maingrp']==2) { sed_log("Log in attempt, user inactive : ".$rusername, 'usr'); sed_redirect(sed_url('message', 'msg=152', '', true)); exit; } elseif ($row['user_maingrp']==3) { if ($sys['now'] > $row['user_banexpire'] && $row['user_banexpire']>0) { $sql = sed_sql_query("UPDATE $db_users SET user_maingrp='".$row['user_unban_group']."' WHERE user_id='".$row['user_id']."'"); } else { sed_log("Log in attempt, user banned : ".$rusername, 'usr'); sed_redirect(sed_url('message', 'msg=153&num='.$row['user_banexpire'], '', true)); exit; } } $ruserid = $row['user_id']; $rdefskin = $row['user_skin']; $rdeftheme = $row['user_theme']; $hashsalt = sed_unique(16); sed_sql_query("UPDATE $db_users SET user_lastip='{$usr['ip']}', user_lastlog = {$sys['now_offset']}, user_logcount = user_logcount + 1, user_hashsalt = '$hashsalt' WHERE user_id={$row['user_id']}"); $passhash = md5($rmdpass.$hashsalt); $u = base64_encode($ruserid.':_:'.$passhash); if($rremember) { sed_setcookie($sys['site_id'], $u, time()+$cfg['cookielifetime'], $cfg['cookiepath'], $cfg['cookiedomain'], $sys['secure'], true); } else { $_SESSION[$sys['site_id']] = $u; } $_SESSION['saltstamp'] = $sys['now_offset']; / === Hook === / $extp = sed_getextplugins('users.auth.check.done'); if (is_array($extp)) { foreach($extp as $k => $pl) { include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } } / ===== / $sql = sed_sql_query("DELETE FROM $db_online WHERE online_userid='-1' AND online_ip='".$usr['ip']."' LIMIT 1"); sed_uriredir_apply($cfg['redirbkonlogin']); sed_uriredir_redirect(empty($redirect) ? sed_url('index') : base64_decode($redirect)); exit; } else { sed_shield_update(7, "Log in"); sed_log("Log in failed, user : ".$rusername,'usr'); sed_redirect(sed_url('message', 'msg=151', '', true)); exit; } } а вот из common: $site_id = 'ct'.substr(md5(empty($cfg['site_id']) ? $cfg['mainurl'] : $cfg['site_id']), 0, 16); $sys['site_id'] = $site_id; session_start(); if(!empty($_COOKIE[$site_id]) \|\| !empty($_SESSION[$site_id])) { $u = empty($_SESSION[$site_id]) ? base64_decode($_COOKIE[$site_id]) : base64_decode($_SESSION[$site_id]); $u = explode(':_:', $u); $u_id = (int) sed_import($u[0], 'D', 'INT'); $u_passhash = sed_import($u[1], 'D', 'ALP'); if($u_id > 0) { $sql = sed_sql_query("SELECT FROM $db_users WHERE user_id = $u_id"); if($row = sed_sql_fetcharray($sql)) { $passhash = md5($row['user_password'].$row['user_hashsalt']); if(($u_passhash == $passhash \|\| ($sys['now_offset'] - $_SESSION['saltstamp'] < 60 && $u_passhash == $_SESSION['oldhash'])) && $row['user_maingrp'] > 3 && ($cfg['ipcheck']==FALSE \|\| $row['user_lastip'] == $usr['ip'])) { $usr['id'] = (int) $row['user_id']; $usr['pmnotif'] = $row['user_pmnotif']; $usr['name'] = $row['user_name']; $usr['maingrp'] = $row['user_maingrp']; $usr['lastvisit'] = $row['user_lastvisit']; $usr['lastlog'] = $row['user_lastlog']; $usr['timezone'] = $row['user_timezone']; $usr['skin'] = ($cfg['forcedefaultskin']) ? $cfg['defaultskin'] : $row['user_skin']; $usr['theme'] = $row['user_theme']; $usr['lang'] = ($cfg['forcedefaultlang']) ? $cfg['defaultlang'] : $row['user_lang']; $usr['newpm'] = $row['user_newpm']; $usr['auth'] = unserialize($row['user_auth']); $usr['level'] = $sed_groups[$usr['maingrp']]['level']; $usr['profile'] = $row; if ($usr['lastlog'] + $cfg['timedout'] < $sys['now_offset']) { $sys['comingback']= TRUE; if ($usr['lastlog'] > $usr['lastvisit']) { $usr['lastvisit'] = $usr['lastlog']; $update_lastvisit = ", user_lastvisit = " . $usr['lastvisit']; } } if ($usr['lastlog']+$cfg['timedout'] < $sys['now_offset']) { $sys['comingback']= TRUE; $usr['lastvisit'] = $usr['lastlog']; $sys['sql_update_lastvisit'] = ", user_lastvisit='".$usr['lastvisit']."'"; } if(empty($_SESSION['saltstamp']) \|\| $sys['now_offset'] - $_SESSION['saltstamp'] > 60) { $usr['auth'] = sed_auth_build($usr['id'], $usr['maingrp']); $sys['sql_update_auth'] = ", user_auth='".serialize($usr['auth'])."'"; } if(empty($_COOKIE['sourcekey'])) { $sys['xk'] = mb_strtoupper(sed_unique(8)); $update_sid = ", user_sid = '{$sys['xk']}'"; sed_setcookie('sourcekey', $sys['xk'], time()+$cfg['cookielifetime'], $cfg['cookiepath'], $cfg['cookiedomain'], $sys['secure'], true); } else { $sys['xk'] = $_COOKIE['sourcekey']; $update_sid = ''; } sed_sql_query("UPDATE $db_users SET user_lastlog = {$sys['now_offset']} $update_lastvisit $update_sid $update_hashsalt $update_auth WHERE user_id='{$usr['id']}'"); unset($u, $passhash, $update_auth, $update_hashsalt, $update_lastvisit, $update_sid); } } } else { $usr['skin'] = sed_import($u[0], 'D', 'ALP'); $usr['theme'] = sed_import($u[1], 'D', 'ALP'); $usr['lang'] = sed_import($u[2], 'D', 'ALP'); } } if($usr['id']==0) { $usr['auth'] = sed_auth_build(0); $usr['skin'] = empty($usr['skin']) ? $cfg['defaultskin'] : $usr['skin']; $usr['theme'] = empty($usr['theme']) ? $cfg['defaulttheme'] : $usr['theme']; $usr['lang'] = empty($usr['lang']) ? $cfg['defaultlang'] : $usr['lang']; $sys['xk'] = mb_strtoupper(dechex(crc32($sys['abs_url']))); // Site related key for guests } Заранее благодарен за любую ценную информацию З.Ы, где на тулбаре кнопка Спойлера или Кода я ненашёл...

IIIyT

#1 14.03.2011 14:57

Доброго времени суток.

С давних пор пользуюсь Котонтиевским двиглом.И по сути возник трабл с вылетами. При работе на локалке Авторизация спокойно дружит с Куки и помнит столько, сколько требуется. Выгружаю на хостинг(hostlife.net) и авторизация попросту умирает. Такое ощущение что куки попросту невоспрнимается.

Вот код из авторизации(users.auth.inc):

if ($a=='check')
{
sed_shield_protect();

/* === Hook for the plugins === */
$extp = sed_getextplugins('users.auth.check');
if (is_array($extp))
{ foreach($extp as $k => $pl) { include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
/* ===== */

$rusername = sed_import('rusername','P','TXT', 100, TRUE);
$rpassword = sed_import('rpassword','P','PSW', 16, TRUE);
$rcookiettl = sed_import('rcookiettl', 'P', 'INT');
$rremember = sed_import('rremember', 'P', 'BOL');
if(empty($rremember) && $rcookiettl > 0) $rremember = true;
$rmdpass = md5($rpassword);

$sql = sed_sql_query("SELECT user_id, user_maingrp, user_banexpire, user_skin, user_theme, user_lang, user_unban_group FROM $db_users WHERE user_password='$rmdpass' AND user_name='".sed_sql_prep($rusername)."'");

if ($row = sed_sql_fetcharray($sql))
{
if ($row['user_maingrp']==-1)
{
sed_log("Log in attempt, user inactive : ".$rusername, 'usr');
sed_redirect(sed_url('message', 'msg=152', '', true));
exit;
}
if ($row['user_maingrp']==2)
{
sed_log("Log in attempt, user inactive : ".$rusername, 'usr');
sed_redirect(sed_url('message', 'msg=152', '', true));
exit;
}
elseif ($row['user_maingrp']==3)
{
if ($sys['now'] > $row['user_banexpire'] && $row['user_banexpire']>0)
{

$sql = sed_sql_query("UPDATE $db_users SET user_maingrp='".$row['user_unban_group']."' WHERE user_id='".$row['user_id']."'");
}
else
{
sed_log("Log in attempt, user banned : ".$rusername, 'usr');
sed_redirect(sed_url('message', 'msg=153&num='.$row['user_banexpire'], '', true));
exit;
}
}

$ruserid = $row['user_id'];
$rdefskin = $row['user_skin'];
$rdeftheme = $row['user_theme'];

$hashsalt = sed_unique(16);

sed_sql_query("UPDATE $db_users SET user_lastip='{$usr['ip']}', user_lastlog = {$sys['now_offset']}, user_logcount = user_logcount + 1, user_hashsalt = '$hashsalt' WHERE user_id={$row['user_id']}");

$passhash = md5($rmdpass.$hashsalt);
$u = base64_encode($ruserid.':_:'.$passhash);

if($rremember)
{
sed_setcookie($sys['site_id'], $u, time()+$cfg['cookielifetime'], $cfg['cookiepath'], $cfg['cookiedomain'], $sys['secure'], true);
}
else
{
$_SESSION[$sys['site_id']] = $u;
}

$_SESSION['saltstamp'] = $sys['now_offset'];

/* === Hook === */
$extp = sed_getextplugins('users.auth.check.done');
if (is_array($extp))
{ foreach($extp as $k => $pl) { include_once($cfg['plugins_dir'].'/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
/* ===== */

$sql = sed_sql_query("DELETE FROM $db_online WHERE online_userid='-1' AND online_ip='".$usr['ip']."' LIMIT 1");
sed_uriredir_apply($cfg['redirbkonlogin']);
sed_uriredir_redirect(empty($redirect) ? sed_url('index') : base64_decode($redirect));
exit;
}
else
{
sed_shield_update(7, "Log in");
sed_log("Log in failed, user : ".$rusername,'usr');
sed_redirect(sed_url('message', 'msg=151', '', true));
exit;
}
}

а вот из common:

$site_id = 'ct'.substr(md5(empty($cfg['site_id']) ? $cfg['mainurl'] : $cfg['site_id']), 0, 16);
$sys['site_id'] = $site_id;

session_start();

if(!empty($_COOKIE[$site_id]) || !empty($_SESSION[$site_id]))
{
$u = empty($_SESSION[$site_id]) ? base64_decode($_COOKIE[$site_id]) : base64_decode($_SESSION[$site_id]);
$u = explode(':_:', $u);
$u_id = (int) sed_import($u[0], 'D', 'INT');
$u_passhash = sed_import($u[1], 'D', 'ALP');
if($u_id > 0)
{
$sql = sed_sql_query("SELECT * FROM $db_users WHERE user_id = $u_id");

if($row = sed_sql_fetcharray($sql))
{
$passhash = md5($row['user_password'].$row['user_hashsalt']);
if(($u_passhash == $passhash
|| ($sys['now_offset'] - $_SESSION['saltstamp'] < 60
&& $u_passhash == $_SESSION['oldhash']))
&& $row['user_maingrp'] > 3
&& ($cfg['ipcheck']==FALSE || $row['user_lastip'] == $usr['ip']))
{
$usr['id'] = (int) $row['user_id'];
$usr['pmnotif'] = $row['user_pmnotif'];
$usr['name'] = $row['user_name'];
$usr['maingrp'] = $row['user_maingrp'];
$usr['lastvisit'] = $row['user_lastvisit'];
$usr['lastlog'] = $row['user_lastlog'];
$usr['timezone'] = $row['user_timezone'];
$usr['skin'] = ($cfg['forcedefaultskin']) ? $cfg['defaultskin'] : $row['user_skin'];
$usr['theme'] = $row['user_theme'];
$usr['lang'] = ($cfg['forcedefaultlang']) ? $cfg['defaultlang'] : $row['user_lang'];
$usr['newpm'] = $row['user_newpm'];
$usr['auth'] = unserialize($row['user_auth']);
$usr['level'] = $sed_groups[$usr['maingrp']]['level'];
$usr['profile'] = $row;

if ($usr['lastlog'] + $cfg['timedout'] < $sys['now_offset'])
{
$sys['comingback']= TRUE;
if ($usr['lastlog'] > $usr['lastvisit'])
{
$usr['lastvisit'] = $usr['lastlog'];
$update_lastvisit = ", user_lastvisit = " . $usr['lastvisit'];
}
}

if ($usr['lastlog']+$cfg['timedout'] < $sys['now_offset'])
{
$sys['comingback']= TRUE;
$usr['lastvisit'] = $usr['lastlog'];
$sys['sql_update_lastvisit'] = ", user_lastvisit='".$usr['lastvisit']."'";
}

if(empty($_SESSION['saltstamp']) || $sys['now_offset'] - $_SESSION['saltstamp'] > 60)
{
$usr['auth'] = sed_auth_build($usr['id'], $usr['maingrp']);
$sys['sql_update_auth'] = ", user_auth='".serialize($usr['auth'])."'";
}

if(empty($_COOKIE['sourcekey']))
{
$sys['xk'] = mb_strtoupper(sed_unique(8));
$update_sid = ", user_sid = '{$sys['xk']}'";
sed_setcookie('sourcekey', $sys['xk'], time()+$cfg['cookielifetime'], $cfg['cookiepath'],
$cfg['cookiedomain'], $sys['secure'], true);
}
else
{
$sys['xk'] = $_COOKIE['sourcekey'];
$update_sid = '';
}

sed_sql_query("UPDATE $db_users
SET user_lastlog = {$sys['now_offset']} $update_lastvisit $update_sid $update_hashsalt $update_auth
WHERE user_id='{$usr['id']}'");

unset($u, $passhash, $update_auth, $update_hashsalt, $update_lastvisit, $update_sid);
}
}
}
else
{
$usr['skin'] = sed_import($u[0], 'D', 'ALP');
$usr['theme'] = sed_import($u[1], 'D', 'ALP');
$usr['lang'] = sed_import($u[2], 'D', 'ALP');
}
}

if($usr['id']==0)
{
$usr['auth'] = sed_auth_build(0);
$usr['skin'] = empty($usr['skin']) ? $cfg['defaultskin'] : $usr['skin'];
$usr['theme'] = empty($usr['theme']) ? $cfg['defaulttheme'] : $usr['theme'];
$usr['lang'] = empty($usr['lang']) ? $cfg['defaultlang'] : $usr['lang'];
$sys['xk'] = mb_strtoupper(dechex(crc32($sys['abs_url']))); // Site related key for guests
}

Заранее благодарен за любую ценную информацию

З.Ы, где на тулбаре кнопка Спойлера или Кода я ненашёл...

Trustmaster	#2 14.03.2011 18:22
Administrators Thanked: 265 раз	А если в datas/config.php поменять: `$cfg['ipcheck'] = FALSE;` May the Source be with you!

IIIyT	#3 14.03.2011 20:33
Members	Спасибо.Попробую