PHP Web Host - Quality Web Hosting For All PHP Applications Just Great Software
  Login or Register
 • Home • Downloads • Your Account • Forums • 
Site Navigation

Home:
 
Donate o Meter
Help Keep Our Servers Online AND Our Services Free!
Make donations with PayPal!
Donations
Anonymous May-24
Doulos May-15
Webservant May-11
AndyB May-5
Hotdog May-3
 
Please Link To Me!
 
Quality Web Hosting For All PHP Applications
Quality PHP Web Host!

Great Reviews!
Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?
Need help customizing or designing scripts?
Please contact us via the Contact Us option for further details and pricing.
Link to Me

RavenPHPScripts

RavenPHPScripts

There are more Link To Me icons here.
 
Site Info v2.2.2 ©
Your IP: 38.107.179.230

Welcome, Anonymous
Nickname
Password
Security Code:
Security Code
Type Security Code:

· Register
· Lost Password
Server Date/Time
24 May 2012 22:03:00 EDT (GMT -4)
 
How to eliminate session checks
PHP-Nuke: Management and Programming
Prev Chapter 10. Session management Next

10.2. How to eliminate session checks

"Okay, fine but what can we do about it now?!" I hear you say. Well, you can remove or reduce validation as noted above (being aware of what you are doing), you could add the Mod noted above (you'll find it presently in another Invalid session topic ... no doubt it will be moved to one of the Mod forums in time) or finally you could remove the piece of code (from all affected pages) that looks like or similar to this:

// session id check
if ($sid == " || $sid != $userdata['session_id'])
{
   message_die(GENERAL_ERROR, 'Invalid_session');
}

This removes the added security of validation so if you do this we aren't interested in any security related problems that may arise. I highly recommend that you do not remove the added security from the admin control panel. Let's clarify a little the modifications that are needed:

You can either edit line 294 in the includes/session.php:

$ip_check_s = substr($userdata['session_ip'], 0, 6);
$ip_check_u = substr($user_ip, 0, 6);

and change the 6 to a 4, or, as a last resort (not endorsed by the phpBB staff and quite unsafe for the above reasons), you can delete all occurences of the code

// session id check
if ($sid == " || $sid != $userdata['session_id'])
{
message_die(GENERAL_ERROR, 'Invalid_session');
}

in all files. There are 9 occurences in 6 files:

includes/usercp_email.php
includes/usercp_sendpasswd.php
modules/Forums/groupcp.php
modules/Forums/login.php
modules/Forums/modcp.php
modules/Forums/posting.php on line 188

But most of the time, just changing the cookie, as described in Section 3.9.15, will solve the "invalid session" problem.

Prev Home Next
How sessions work in the forums Up Editing PHP (-Nuke) files

Help us make a better PHP-Nuke HOWTO!

Want to contribute to this HOWTO? Have a suggestion or a solution to a problem that was not treated here? Post your comments on my PHP-Nuke Forum!

Chris Karakas, Maintainer PHP-Nuke HOWTO
Karakas Online
Spaghettibrain
 

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file xml

CSE HTML Validator Helped Clean up This Page! [Valid RSS] valid RSS 2.0 Valid robots.txt Stop Spam Harvesters, Join Project Honey Pot

Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Modified by the RavenNuke™ Team ::

:: W3C CSS Compliance Validation :: W3C HTML 4.01 Transitional Compliance Validation ::

zerosum