[HTML] pobierz, plaintext 
  1. <?php
  2. 	define('COOKIE_NAME', 'tuibgidf'); // losowe
  3. 	define('COOKIE_EXPIRE', 3600); // 1 godzina
  4. 	$time = time();
  5. 	//laczenie baza danych
  6. 	$mysql_host = 'localhost';
  7. 	$mysql_login = 'login';
  8. 	$mysql_haslo = 'password';
  9. 	$mysql_baza = 'baza';
  10. 	$polaczenie = mysql_connect($mysql_host, $mysql_login, $mysql_haslo) or die(mysql_error());
  11.  
  12. 	mysql_select_db($mysql_baza) or die('Błąd: nie udało się wybrać schematu bazy danych.');
  13. 	//end laczenie baza danych
  14.  
  15. 	//IP, browser, sesje
  16. 	$ip = $_SERVER['REMOTE_ADDR'];
  17. 	$browser = $_SERVER['HTTP_USER_AGENT'];
  18. 	$newId = sha1(uniqid(time().$ip));
  19. 	$wynik = mysql_query("SELECT * FROM sessions WHERE session_ip = '$ip' AND session_browser = '$browser' AND session_time > ".($time - COOKIE_EXPIRE)) or die(mysql_error());
  20. 	$count = mysql_num_rows($wynik);
  21. 	if($count > 0)
  22. 	{
  23. 		$row = mysql_fetch_row( $wynik );
  24. 		if($_COOKIE[COOKIE_NAME] == $row[0] && strlen($_COOKIE[COOKIE_NAME]) == 40 && isset($_COOKIE[COOKIE_NAME]))
  25. 		{
  26. 			if($_SESSION['session_user'] == $row[1] && $_SESSION['session_user'] != 0)
  27. 			{
  28. 				$session_user = $row[1];
  29. 				$old = $row[0];
  30. 				$result = mysql_query("UPDATE sessions SET session_id='$old', session_browser ='$browser', session_time = '$time', session_user = '$session_user' WHERE session_ip = '$ip' AND session_browser = '$browser'") or die(mysql_error());
  31. 				setcookie(COOKIE_NAME, $old, time() + COOKIE_EXPIRE);
  32. 				$result = mysql_query("SELECT * FROM users WHERE user_id = '$session_user'") or die(mysql_error()); 
  33. 				$user = mysql_fetch_array( $result );
  34. 			}
  35. 			else
  36. 			{
  37. 				$old = $row[0];
  38. 				$result = mysql_query("UPDATE sessions SET session_id='$old', session_browser ='$browser', session_time = '$time', session_user = '0' WHERE session_ip = '$ip' AND session_browser = '$browser'") or die(mysql_error());
  39. 				setcookie(COOKIE_NAME, $old, time() + COOKIE_EXPIRE);
  40. 			}
  41. 		}
  42. 		else
  43. 		{
  44. 			$_SESSION['session_user'] = '0';
  45. 			setcookie(COOKIE_NAME, $newId, time() + COOKIE_EXPIRE);
  46. 			$result = mysql_query("UPDATE sessions SET session_id='$newId', session_browser ='$browser', session_time = '$time', session_user = '0' WHERE session_ip = '$ip' AND session_browser = '$browser'") or die(mysql_error());
  47. 		}
  48. 	}
  49. 	else
  50. 	{
  51. 		$_SESSION['session_user'] = '0';
  52. 		setcookie(COOKIE_NAME, $newId, time() + COOKIE_EXPIRE);
  53. 		mysql_query("INSERT INTO sessions (session_id, session_user, session_ip, session_browser, session_time) VALUES('$newId', '0', '$ip', '$browser', '$time' ) ") or die(mysql_error()); 
  54. 	}
  55. 	?>
[HTML] pobierz, plaintext 


[SQL] pobierz, plaintext 
  1. CREATE TABLE IF NOT EXISTS `sessions` (
  2.   `session_id` varchar(40) NOT NULL,
  3.   `session_user` int(8) NOT NULL DEFAULT '0',
  4.   `session_ip` varchar(15) NOT NULL DEFAULT '',
  5.   `session_browser` varchar(255) NOT NULL DEFAULT '',
  6.   `session_time` int(11) NOT NULL DEFAULT '0',
  7.   PRIMARY KEY (`session_id`)
  8. ) ENGINE=MEMORY DEFAULT CHARSET=latin2;
  9.  
  10. CREATE TABLE IF NOT EXISTS `users` (
  11.   `user_id` int(10) NOT NULL AUTO_INCREMENT,
  12.   `user_login` varchar(30) NOT NULL,
  13.   `user_password` varchar(40) NOT NULL,
  14.   `user_email` varchar(100) NOT NULL,
  15.   `user_group` int(1) NOT NULL,
  16.   `user_lastvisit` int(8) NOT NULL,
  17.   `user_register` int(20) NOT NULL,
  18.   `user_banned` int(1) NOT NULL,
  19.   `user_reason_ban` varchar(255) NOT NULL,
  20.   `user_time_limit` int(20) NOT NULL,
  21.   `user_active` int(1) NOT NULL,
  22.   `user_key` varchar(13) NOT NULL,
  23.   PRIMARY KEY (`user_id`)
  24. ) ENGINE=MyISAM  DEFAULT CHARSET=latin2 AUTO_INCREMENT=1 ;
[SQL] pobierz, plaintext


Witam! Panowie pomozecie w zabezpieczeniu skryptu ? I czy poprawnie go napisalem ? Moze jakies poprawki wedlug Was ?
Pozdrawiam!