Yes, of course, I must apologize... here i the code I created myself, you can adapt it on your own system:
Code:
$vb_login_username = $username1;
$vb_login_password = $pw;
$tempo = time();
#Define $scriptpath
if ($_ENV['REQUEST_URI'] OR $_SERVER['REQUEST_URI'])
{
$scriptpath = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : $_ENV['REQUEST_URI'];
}
else
{
if ($_ENV['PATH_INFO'] OR $_SERVER['PATH_INFO'])
{
$scriptpath = $_SERVER['PATH_INFO'] ? $_SERVER['PATH_INFO']: $_ENV['PATH_INFO'];
}
else if ($_ENV['REDIRECT_URL'] OR $_SERVER['REDIRECT_URL'])
{
$scriptpath = $_SERVER['REDIRECT_URL'] ? $_SERVER['REDIRECT_URL']: $_ENV['REDIRECT_URL'];
}
else
{
$scriptpath = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
}
if ($_ENV['QUERY_STRING'] OR $_SERVER['QUERY_STRING'])
{
$scriptpath .= '?' . ($_SERVER['QUERY_STRING'] ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
}
}
$scriptpath = preg_replace('/(s|sessionhash)=[a-z0-9]{32}?&?/', '', $scriptpath);
$find = array('"', '<', '>');
$replace = array('"', '<', '>');
$scriptpath = preg_replace('/javascript/i', 'java script', $scriptpath);
$scriptpath = str_replace($find, $replace, $var);
#Define ALT_IP
if ($_SERVER['HTTP_CLIENT_IP'])
{
define('ALT_IP', $_SERVER['HTTP_CLIENT_IP']);
}
else if ($_SERVER['HTTP_X_FORWARDED_FOR'] AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
{
// make sure we dont pick up an internal IP defined by RFC1918
foreach ($matches[0] AS $ip)
{
if (!preg_match("#^(10|172\.16|192\.168)\.#", $ip))
{
define('ALT_IP', $ip);
break;
}
}
}
else if ($_SERVER['HTTP_FROM'])
{
define('ALT_IP', $_SERVER['HTTP_FROM']);
}
else
{
define('ALT_IP', $_SERVER['REMOTE_ADDR']);
}
#Define SESSION_IDHASH e altri...
define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . ALT_IP ));
define('IPADDRESS', $_SERVER['REMOTE_ADDR']);
define('SESSION_HOST', substr(IPADDRESS, 0, 15));
function vbrandFABRI($min, $max, $seed = -1)
{
if (!defined('RAND_SEEDED'))
{
if ($seed == -1)
{
$seed = (double) microtime() * 1000000;
}
mt_srand($seed);
define('RAND_SEEDED', true);
}
return mt_rand($min, $max);
}
function iifFABRI($expression, $returntrue, $returnfalse = '')
{
return ($expression ? $returntrue : $returnfalse);
}
// can the user login?
$username = &$vb_login_username;
$password = &$vb_login_password;
$md5password = &$vb_login_md5password;
$md5password_utf = &$vb_login_md5password_utf;
$sessionFABRI = array(
'sessionhash' => md5($tempo.$scriptpath.SESSION_IDHASH.SESSION_HOST.vbrandFABRI(1, 1000000)),
'userid' => intval($userid),
'host' => SESSION_HOST,
'idhash' => SESSION_IDHASH,
'lastactivity' => $tempo,
'location' => $scriptpath,
'styleid' => 0,
'useragent' => $_SERVER['HTTP_USER_AGENT'],
'loggedin' => 0
);
$sessionFABRI['dbsessionhash'] = $sessionFABRI['sessionhash'];
#Main procedure...
$queryZZ1 = "DELETE FROM vb3_session WHERE sessionhash = '" . addslashes($sessionFABRI['dbsessionhash']) . "'";
$resultZZ1 = @mysql_query($queryZZ1);
$sessionFABRI['sessionhash'] = md5($tempo.$scriptpath.SESSION_IDHASH.SESSION_HOST.vbrandFABRI(1, 1000000));
$sessionFABRI['dbsessionhash'] = $sessionFABRI['sessionhash'];
$queryZZ2 = "INSERT INTO vb3_session
(sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent)
VALUES
('" . addslashes($sessionFABRI['sessionhash']) . "', " . intval($userid) . ", '" . addslashes(SESSION_HOST) . "', '" . addslashes(SESSION_IDHASH) . "', " . $tempo . ", $sessionFABRI[styleid], 1, " . iifFABRI ($logintype === 'cplogin', 1, 0) . ", '" . addslashes($_SERVER['HTTP_USER_AGENT']) . "')";
$resultZZ2 = @mysql_query($queryZZ2);
setcookie('bbsessionhash', $sessionFABRI['sessionhash'], 0,'/');
#Set cookies
setcookie('bbuserid', $userid, time()+60*60*24*365,'/');
setcookie('bbpassword', md5($password1 . 'L489612f'), time()+60*60*24*365,'/');
More Information