this was discovered and fixed by monty and me
the error is in the file-include-sessions.php
copy this text and paste it into the session.php file from the patch !upload and owerwrite on the server and all goes perfectly!normaly the error can be fix if you turn off from 4images cpanel who`s online block and you will not receive the error and if you owerwrite the file sessions.php with this:
//+-----------------------------------------------
//- Project: 4images module
//- Compatility XOOPS: 2.x version
//- Made by: Koudanshi
//- Download: bbpixel.com
//- Email:
Koudanshi@gmx.net//- Last Update: 20-Feb-2005
//+-----------------------------------------------
/**************************************************************************
* *
* 4images - A Web Based Image Gallery Management System *
* ---------------------------------------------------------------- *
* *
* File: sessions.php *
* Copyright: (C) 2002 Jan Sorgalla *
* Email:
jan@4homepages.de *
* Web:
http://www.4homepages.de *
* Scriptversion: 1.7.1 *
* *
* Never released without support from: Nicky (
http://www.nicky.net) *
* *
**************************************************************************
* *
* Dieses Script ist KEINE Freeware. Bitte lesen Sie die Lizenz- *
* bedingungen (Lizenz.txt) f�r weitere Informationen. *
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
if (!defined('ROOT_PATH')) {
die("Security violation");
}
// Kou
// Set here the URL to your IBF forum. WITH trailing slash!
$base_url = XOOPS_URL;
// Set here different URL's to your Invisionboard forum.
// Normally no need to change.
$url_register = $base_url."/register.php";
$url_lost_password = $base_url."/user.php#lost.php";
$url_control_panel = $base_url."/edituser.php";
//$url_mailform = "ROOT_PATH.'/../../ipboard/index.php?act=Mail&CODE=00&MID={user_id}";
$url_show_profile = $base_url."/userinfo.php?uid={user_id}";
//$url_login = $base_url."/user.php";
$url_logout = $base_url."/user.php?op=logout";
//-----------------------------------------------------
//--- Start Configuration -----------------------------
//-----------------------------------------------------
define('SESSION_NAME', 'sessionid');
//Kou
$user_table_fields = array(
"user_id" => "uid",
"user_level" => "level",
"user_name" => "uname",
"user_password" => "pass",
"user_email" => "email",
"user_showemail" => "user_viewemail",
"user_allowemails" => "user_mailok",
"user_invisible" => "",
"user_joindate" => "user_regdate",
"user_activationkey" => "actkey",
"user_lastaction" => "",
"user_location" => "user_location",
"user_lastvisit" => "last_login",
"user_comments" => "posts",
"user_homepage" => "url",
"user_icq" => "user_icq"
);
//-----------------------------------------------------
//--- End Configuration -------------------------------
//-----------------------------------------------------
function get_user_table_field($add, $user_field) {
global $user_table_fields;
return (!empty($user_table_fields[$user_field])) ? $add.$user_table_fields[$user_field] : "";
}
class Session {
var $session_id;
var $user_ip;
var $user_location;
var $current_time;
var $session_timeout;
var $mode = "get";
var $session_info = array();
var $user_info = array();
function Session() {
global $config;
$this->session_timeout = $config['session_timeout'] * 60;
$this->user_ip = $this->get_user_ip();
$this->user_location = $this->get_user_location();
$this->current_time = time();
// Stop adding SID to URLs
@ini_set('session.use_trans_sid', 0);
session_name(urlencode(SESSION_NAME));
session_start();
$this->demand_session();
}
function set_cookie_data($name, $value, $permanent = 1) {
$cookie_expire = ($permanent) ? $this->current_time + 60 * 60 * 24 * 365 : 0;
$cookie_name = COOKIE_NAME.$name;
setcookie($cookie_name, $value, $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
}
function read_cookie_data($name) {
global $HTTP_COOKIE_VARS;
$cookie_name = COOKIE_NAME.$name;
return (isset($HTTP_COOKIE_VARS[$cookie_name])) ? $HTTP_COOKIE_VARS[$cookie_name] : false;
}
function get_session_id() {
global $sid_bb; //Kou
/*
if ($this->session_id = $this->read_cookie_data("sid")) {
$this->mode = "cookie";
}
else {
*/
//Kou
if ($sid_bb) {
$this->session_id = $sid_bb;
}
else {
if (isset($_GET[SESSION_NAME])) {
$this->session_id = $_GET[SESSION_NAME];
}
elseif (isset($_POST[SESSION_NAME])) {
$this->session_id = $_POST[SESSION_NAME];
}
else {
$this->session_id = false;
}
}
}
function demand_session() {
global $uid_bb;//Kou
$this->get_session_id();
$this->load_session_info();
$this->user_info = $this->load_user_info($uid_bb);
}
function start_session($user_id = GUEST, $login_process = 0) {
global $site_db;
$this->user_info = $this->load_user_info($user_id);
if ($this->user_info['user_id'] != GUEST && !$login_process) {
if ($this->read_cookie_data("userpass") == $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", $this->user_info['user_password']);
}
else {
$this->set_cookie_data("userpass", "", 0);
$this->user_info = $this->load_user_info(GUEST);
}
}
//if (!$login_process) {
$sql = "REPLACE INTO ".SESSIONS_TABLE."
(sess_id, member_id, sess_updated, location, sess_ip)
VALUES
('$this->session_id', ".$this->user_info['user_id'].", $this->current_time, '$this->user_location', '$this->user_ip')";
$site_db->query($sql);
//}
$this->session_info['session_user_id'] = $this->user_info['user_id'];
$this->session_info['session_lastaction'] = $this->current_time;
$this->session_info['session_location'] = $this->user_location;
$this->session_info['session_ip'] = $this->user_ip;
if ($this->user_info['user_id'] != GUEST) {
$this->user_info['user_lastvisit'] = (!empty($this->user_info['user_lastaction'])) ? $this->user_info['user_lastaction'] : $this->current_time;
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_lastaction")." = $this->current_time, ".get_user_table_field("", "user_location")." = '$this->user_location', ".get_user_table_field("", "user_lastvisit")." = ".$this->user_info['user_lastvisit']."
WHERE ".get_user_table_field("", "user_id")." = ".$this->user_info['user_id'];
$site_db->query($sql);
}
$this->set_cookie_data("lastvisit", $this->user_info['user_lastvisit']);
$this->set_cookie_data("userid", $this->user_info['user_id']);
return true;
}
//Kou
function isadmin(){
global $uid_bb, $site_db;
$sql = $site_db->query("SELECT * FROM ".XOOPS_DB_PREFIX."_groups_users_link WHERE uid=".$uid_bb." AND groupid='1'");
$row = $site_db->fetch_array($sql);
if ($row['groupid']==1 && !empty($row['groupid'])){
return 1;
}
return 0;
}
function login($user_name = "", $user_password = "", $auto_login = 0, $set_auto_login = 1) {
global $site_db, $user_table_fields;
global $xoopsConfig, $user_theme, $ibforums; // Kou
if (empty($user_name) || empty($user_password)) {
return false;
}
$sql = "SELECT ".get_user_table_field("", "user_id").get_user_table_field(", ", "user_password")."
FROM ".USERS_TABLE."
WHERE ".get_user_table_field("", "user_name")." = '$user_name' AND ".get_user_table_field("", "user_level")." <> ".USER_AWAITING;
$row = $site_db->query_firstrow($sql);
$user_id = (isset($row[$user_table_fields['user_id']])) ? $row[$user_table_fields['user_id']] : GUEST;
$user_password = md5($user_password);
if ($user_id != GUEST) {
// XOOPS redirect login
$member_handler =& xoops_gethandler('member');
$myts =& MyTextsanitizer::getInstance();
$user =& $member_handler->loginUserMd5(addslashes($myts->stripSlashesGPC($user_name)), addslashes($myts->stripSlashesGPC($user_password)));
$user->setVar('last_login', time());
$_SESSION = array();
$_SESSION['xoopsUserId'] = $user->getVar('uid');
$_SESSION['xoopsUserGroups'] = $user->getGroups();
$expire = (60*$xoopsConfig['session_expire'] > $ibforums->vars['session_expiration']) ? 60*$xoopsConfig['session_expire'] : $ibforums->vars['session_expiration'];
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], $session_id, time()+$expire, '/', COOKIE_DOMAIN, 0);
}
$user_theme = $user->getVar('theme');
if (in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
$_SESSION['xoopsUserTheme'] = $user_theme;
}
// RMV-NOTIFY
// Perform some maintenance of notification records
$notification_handler =& xoops_gethandler('notification');
$notification_handler->doLoginMaintenance($user->getVar('uid'));
redirect_header($url, 1, sprintf("Thank you for logged in", $user->getVar('uname')));
//
}
return false;
}
function logout($user_id) {
global $site_db;
global $base_url;//Kou
$sql = "DELETE FROM ".SESSIONS_TABLE."
WHERE sess_id = '$this->session_id' OR member_id = $user_id";
$site_db->query($sql);
$this->set_cookie_data("userpass", "", 0);
$this->set_cookie_data("userid", GUEST);
$this->session_info = array();
//XOOPS logout redirect
Header ("Location: ".$base_url."/user.php?op=logout'");
//
return true;
}
function delete_old_sessions() {
global $site_db;
$expiry_time = $this->current_time - $this->session_timeout;
$sql = "DELETE FROM ".SESSIONS_TABLE."
WHERE sess_updated < $expiry_time";
$site_db->query($sql);
return true;
}
function update_session() {
global $site_db;
$sql = "UPDATE ".SESSIONS_TABLE."
SET sess_updated = $this->current_time, session_location = '$this->user_location'
WHERE sess_id = '$this->session_id'";
$site_db->query($sql);
$this->session_info['sess_updated'] = $this->current_time;
$this->session_info['location'] = $this->user_location;
$this->session_info['sess_ip'] = $this->user_ip;
if ($this->user_info['user_id'] != GUEST) {
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_updated")." = $this->current_time, ".get_user_table_field("", "location")." = '$this->user_location'
WHERE ".get_user_table_field("", "user_id")." = ".$this->user_info['user_id'];
$site_db->query($sql);
}
return;
}
function generate_session_id() {
return session_id();
}
function return_session_info() {
return $this->session_info;
}
function return_user_info() {
return $this->user_info;
}
function freeze() {
return;
}
function load_session_info() {
if (@ini_get('register_globals')) {
session_register('__session');
if (!isset($GLOBALS['__session'])) {
$GLOBALS['__session'] = array();
}
$this->session_info = &$GLOBALS['__session'];
} else {
if (isset($_SESSION)) {
if (!isset($_SESSION['__session'])) {
$_SESSION['__session'] = array();
}
$this->session_info = &$_SESSION['__session'];
} else {
if (!isset($GLOBALS['HTTP_SESSION_VARS']['__session'])) {
$GLOBALS['HTTP_SESSION_VARS']['__session'] = array();
}
$this->session_info = &$GLOBALS['HTTP_SESSION_VARS']['__session'];
}
}
if (!isset($this->session_info['member_id'])) {
return false;
}
return $this->session_info;
}
function load_user_info($user_id = GUEST) {
global $site_db, $user_table_fields;
if ($user_id != GUEST) {
$sql = "SELECT u.*, l.*
FROM ".USERS_TABLE." u, ".LIGHTBOXES_TABLE." l
WHERE ".get_user_table_field("u.", "user_id")." = $user_id AND l.user_id = ".get_user_table_field("u.", "user_id");
$user_info = $site_db->query_firstrow($sql);
if (!$user_info) {
$sql = "SELECT *
FROM ".USERS_TABLE."
WHERE ".get_user_table_field("", "user_id")." = $user_id";
$user_info = $site_db->query_firstrow($sql);
if ($user_info) {
$lightbox_id = get_random_key(LIGHTBOXES_TABLE, "lightbox_id");
$sql = "INSERT INTO ".LIGHTBOXES_TABLE."
(lightbox_id, user_id, lightbox_lastaction, lightbox_image_ids)
VALUES
('$lightbox_id', ".$user_info[$user_table_fields['user_id']].", $this->current_time, '')";
$site_db->query($sql);
$user_info['lightbox_lastaction'] = $this->current_time;
$user_info['lightbox_image_ids'] = "";
}
}
}
if (empty($user_info[$user_table_fields['user_id']])) {
$user_info = array();
$user_info['user_id'] = GUEST;
$user_info['user_level'] = GUEST;
$user_info['user_lastaction'] = $this->current_time;
$user_info['user_lastvisit'] = ($this->read_cookie_data("lastvisit")) ? $this->read_cookie_data("lastvisit") : $this->current_time;
}
foreach ($user_table_fields as $key => $val) {
if (isset($user_info[$val])) {
$user_info[$key] = $user_info[$val];
}
elseif (!isset($user_info[$key])) {
$user_info[$key] = "";
}
}
return $user_info;
}
function set_session_var($var_name, $value) {
$this->session_info[$var_name] = $value;
return true;
}
function get_session_var($var_name) {
if (isset($this->session_info[$var_name])) {
return $this->session_info[$var_name];
}
return '';
}
function drop_session_var($var_name) {
unset($this->session_info[$var_name]);
}
function get_user_ip() {
global $HTTP_SERVER_VARS, $HTTP_ENV_VARS;
$ip = (!empty($HTTP_SERVER_VARS['REMOTE_ADDR'])) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ((!empty($HTTP_ENV_VARS['REMOTE_ADDR'])) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv("REMOTE_ADDR"));
$ip = preg_replace("/[^\.0-9]+/", "", $ip);
return substr($ip, 0, 50);
}
function get_user_location() {
global $self_url;
return (defined("IN_CP")) ? "Control Panel" : preg_replace(array("/([?|&])action=[^?|&]*/", "/([?|&])mode=[^?|&]*/", "/([?|&])phpinfo=[^?|&]*/", "/([?|&])printstats=[^?|&]*/", "/[?|&]".URL_ID."=[^?|&]*/", "/[?|&]l=[^?|&]*/", "/[&?]+$/"), array("", "", "", "", "", "", ""), addslashes($self_url));
}
function url($url, $amp = "&") {
global $l;
$dummy_array = explode("#", $url);
$url = $dummy_array[0];
if ($this->mode == "get" && strpos($url, $this->session_id) === false) {
$url .= strpos($url, '?') !== false ? $amp : "?";
$url .= SESSION_NAME."=".$this->session_id;
}
if (!empty($l)) {
$url .= strpos($url, '?') !== false ? $amp : "?";
$url .= "l=".$l;
}
$url .= (isset($dummy_array[1])) ? "#".$dummy_array[1] : "";
return $url;
}
} //end of class
//-----------------------------------------------------
//--- Start Session -----------------------------------
//-----------------------------------------------------
define('COOKIE_NAME', '4images_');
define('COOKIE_PATH', '/');
define('COOKIE_DOMAIN', '');
define('COOKIE_SECURE', '0');
$site_sess = new Session();
// Get Userinfo
$session_info = $site_sess->return_session_info();
$user_info = $site_sess->return_user_info();
//-----------------------------------------------------
//--- Get User Caches ---------------------------------
//-----------------------------------------------------
$num_total_online = 0;
$num_visible_online = 0;
$num_invisible_online = 0;
$num_registered_online = 0;
$num_guests_online = 0;
$user_online_list = "";
$prev_user_ids = array();
$prev_session_ips = array();
if (defined("GET_USER_ONLINE") && ($config['display_whosonline'] == 1 || $user_info['user_level'] == ADMIN)) {
$time_out = time() - 300;
$sql = "SELECT s.member_id, s.sess_updated, s.sess_ip".get_user_table_field(", u.", "user_id").get_user_table_field(", u.", "user_level").get_user_table_field(", u.", "user_name").get_user_table_field(", u.", "user_invisible")."
FROM ".SESSIONS_TABLE." s
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = s.member_id)
WHERE s.sess_updated >= $time_out
ORDER BY ".get_user_table_field("u.", "user_id")." ASC, s.sess_ip ASC";
$result = $site_db->query($sql);
while ($row = $site_db->fetch_array($result)) {
if ($row['member_id'] != GUEST && (isset($row['user_id']) && $row['user_id'] != GUEST)) {
if (!isset($prev_user_ids[$row['member_id']])) {
$is_invisible = (isset($row[$user_table_fields['user_invisible']]) && $row[$user_table_fields['user_invisible']] == 1) ? 1 : 0;
$invisibleuser = ($is_invisible) ? "*" : "";
$username = (isset($row[$user_table_fields['user_level']]) && $row[$user_table_fields['user_level']] == ADMIN && $config['highlight_admin'] == 1) ? sprintf("
%s", $row[$user_table_fields['user_name']]) : $row[$user_table_fields['user_name']];
if (!$is_invisible || $user_info['user_level'] == ADMIN) {
$user_online_list .= ($user_online_list != "") ? ", " : "";
$user_profile_link = (!empty($url_show_profile)) ? preg_replace("/{user_id}/", $row['member_id'], $url_show_profile) : ROOT_PATH."member.php?action=showprofile&".URL_USER_ID."=".$row['member_id'];
$user_online_list .= "
url($user_profile_link)."\">".$username."".$invisibleuser;
}
(!$is_invisible) ? $num_visible_online++ : $num_invisible_online++;
$num_registered_online++;
}
$prev_user_ids[$row['member_id']] = 1;
}
else {
if (!isset($prev_session_ips[$row['sess_ip']])) {
$num_guests_online++;
}
}
$prev_session_ips[$row['sess_ip']] = 1;
}
$num_total_online = $num_registered_online + $num_guests_online;
//$num_invisible_online = $num_registered_online - $num_visible_online;
$site_template->register_vars(array(
"num_total_online" => $num_total_online,
"num_invisible_online" => $num_invisible_online,
"num_registered_online" => $num_registered_online,
"num_guests_online" => $num_guests_online,
"user_online_list" => $user_online_list,
"lang_user_online" => str_replace('{num_total_online}', $num_total_online, $lang['user_online']),
"lang_user_online_detail" => str_replace(array('{num_registered_online}','{num_invisible_online}','{num_guests_online}'), array($num_registered_online,$num_invisible_online,$num_guests_online), $lang['user_online_detail']),
));
$whos_online = $site_template->parse_template("whos_online");
$site_template->register_vars("whos_online", $whos_online);
unset($whos_online);
unset($prev_user_ids);
unset($prev_session_ips);
}
//Kou
if ($xoopsUser) {
$user_level = $xoopsUser->getvar('level');
} else {
$user_level = 0;
}
if ($user_level == 5){
define('ADMIN', 5);
}else if ($site_sess->isadmin()) {
define('ADMIN', 1);
}else {
define('ADMIN', 99);
}
?>
will have no errors and you can turn on from 4images cpanel who`s online and really works!
Best regards to monty who helped me fix out this problem!
maybe someone else will need this ,that`s why i posted!
Free open source code for everyone!Enjoy!