Probleme phpbb Gestion de l'identifiant de session

P
pasteque
Nouveau WRInaute
Bonjour,

J'ai appliqué le correctif suivant pour modifier la gestion de l'identifiant de session.

https://www.webrankinfo.com/dossiers/webmastering

Le Sid est bien supprimé, le site fonctionne à merveille depuis plusieures heures.

Mais je n'arrive plus à acceder au panneau d'administration !!

C'est à dire que sur la page d'accueil, je m'identifie.
J'ai en bas le lien "panneau d'administration".
Lorsque je clique dessus, j'ai "vous devez vous identifier à nouveau pour acceder au panneau d'administration".
Je m'identifie, et ca me renvoit systematiquement à cette fenetre d'identification, et ce sans le moindre message d'erreur.

Pouvez vous m'aider et m'indiquer la marche à suivre pour essayer de résoudre ce probleme?

Merci
 
P
pasteque
Nouveau WRInaute
Je viens d'essayer, j'ai le meme probleme sous IE.

voici mon /include/session.php (je rappelle que la modif de suppression de sid marche bien, c'est juste l'acces a la zone administration qui ne marche plus):

<?php
/***************************************************************************
* sessions.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: sessions.php,v 1.58.2.16 2005/10/30 15:17:14 acydburn Exp $
*
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

//
// Adds/updates a new session to the database for the given userid.
// Returns the new session ID on success.
//
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0)
{
global $db, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;

$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];

if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
{
$session_id = isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
$sessiondata = isset($HTTP_COOKIE_VARS[$cookiename . '_data']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
$sessionmethod = SESSION_METHOD_COOKIE;
}
else
{
$sessiondata = array();
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}

//
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
$session_id = '';
}

$page_id = (int) $page_id;

$last_visit = 0;
$current_time = time();

//
// Are auto-logins allowed?
// If allow_autologin is not set or is true then they are
// (same behaviour as old 2.0.x session code)
//
if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin'])
{
$enable_autologin = $sessiondata['autologinid'] = false;
}

//
// First off attempt to join with the autologin value if we have one
// If not, just use the user_id value
//
$userdata = array();

if ($user_id != ANONYMOUS)
{
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id)
{
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
WHERE u.user_id = ' . (int) $user_id . "
AND u.user_active = 1
AND k.user_id = u.user_id
AND k.key_id = '" . md5($sessiondata['autologinid']) . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}

$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

$enable_autologin = $login = 1;
}
else if (!$auto_create)
{
$sessiondata['autologinid'] = '';
$sessiondata['userid'] = $user_id;

$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id . '
AND user_active = 1';
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}

$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

$login = 1;
}
}

//
// At this point either $userdata should be populated or
// one of the below is true
// * Key didn't match one in the DB
// * User does not exist
// * User is inactive
//
if (!sizeof($userdata) || !is_array($userdata) || !$userdata)
{
$sessiondata['autologinid'] = '';
$sessiondata['userid'] = $user_id = ANONYMOUS;
$enable_autologin = $login = 0;

$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id;
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}

$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}


//
// Initial ban check against user id, IP and email address
//
preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);

$sql = "SELECT ban_ip, ban_userid, ban_email
FROM " . BANLIST_TABLE . "
WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')
OR ban_userid = $user_id";
if ( $user_id != ANONYMOUS )
{
$sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $userdata['user_email']) . "'
OR ban_email LIKE '" . substr(str_replace("\'", "''", $userdata['user_email']), strpos(str_replace("\'", "''", $userdata['user_email']), "@")) . "'";
}
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
}

if ( $ban_info = $db->sql_fetchrow($result) )
{
if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] )
{
message_die(CRITICAL_MESSAGE, 'You_been_banned');
}
}

//
// Create or update the session
//

$sql_ip = $user_id == ANONYMOUS ? " AND session_ip = '$user_ip'" : '';
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_ip = '$user_ip', session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login
WHERE session_id = '" . $session_id . "' $sql_ip
AND session_user_id = '$user_id'";



if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
list($sec, $usec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
$session_id = md5(uniqid(mt_rand(), true));

$sql = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
}
}

if ( $user_id != ANONYMOUS )
{
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;

if (!$admin)
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit
WHERE user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
}
}

$userdata['user_lastvisit'] = $last_visit;

//
// Regenerate the auto-login key
//
if ($enable_autologin)
{
list($sec, $usec) = explode(' ', microtime());
mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
$auto_login_key = uniqid(mt_rand(), true);

if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '')
{
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($sessiondata['autologinid']) . "'";
}
else
{
$sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login)
VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)";
}

if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}

$sessiondata['autologinid'] = $auto_login_key;
unset($auto_login_key);
}
else
{
$sessiondata['autologinid'] = '';
}

// $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];
$sessiondata['userid'] = $user_id;
}

$userdata['session_id'] = $session_id;
$userdata['session_ip'] = $user_ip;
$userdata['session_user_id'] = $user_id;
$userdata['session_logged_in'] = $login;
$userdata['session_page'] = $page_id;
$userdata['session_start'] = $current_time;
$userdata['session_time'] = $current_time;
$userdata['session_admin'] = $admin;
$userdata['session_key'] = $sessiondata['autologinid'];

setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);

$SID = $user_id > 0 ? 'sid=' . $session_id : '';

return $userdata;
}

//
// Checks for a given user session, tidies session table and updates user
// sessions at each page refresh
//
function session_pagestart($user_ip, $thispage_id)
{
global $db, $lang, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;

$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];

$current_time = time();
unset($userdata);

if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
{
$sessiondata = isset( $HTTP_COOKIE_VARS[$cookiename . '_data'] ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookiename . '_data'])) : array();
$session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
$sessionmethod = SESSION_METHOD_COOKIE;
}
else
{
$sessiondata = array();
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}

//
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
$session_id = '';
}

$thispage_id = (int) $thispage_id;

//
// Does a session exist?
//
if ( !empty($session_id) )
{
//
// session_id exists so go ahead and attempt to grab all
// data in preparation
//
$sql = "SELECT u.*, s.*
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
WHERE s.session_id = '$session_id'
AND u.user_id = s.session_user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}

$userdata = $db->sql_fetchrow($result);

//
// Did the session exist in the DB?
//
if ( isset($userdata['user_id']) )
{
//
// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
// bits ... I've been told (by vHiker) this should alleviate problems with
// load balanced et al proxies while retaining some reliance on IP security.
//
$ip_check_s = substr($userdata['session_ip'], 0, 6);
$ip_check_u = substr($user_ip, 0, 6);

if ($ip_check_s == $ip_check_u)
{
$SID = $userdata['user_id'] > 0 ? (($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '') : '';

//
// Only update session DB a minute or so after last update
//
if ( $current_time - $userdata['session_time'] > 60 )
{
// A little trick to reset session_admin on session re-usage
$update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : '';

$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id$update_admin
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}

if ( $userdata['user_id'] != ANONYMOUS )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $current_time, user_session_page = $thispage_id
WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
}

session_clean($userdata['session_id']);

setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
}

return $userdata;
}
}
}
elseif(empty($sessiondata))
{
// try to login guest
$sql = "SELECT u.*, s.*
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
WHERE s.session_ip = '$user_ip'
AND s.session_user_id = " . ANONYMOUS . "
AND u.user_id = s.session_user_id
LIMIT 0, 1";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}

$userdata = $db->sql_fetchrow($result);

if ( isset($userdata['user_id']) )
{
if ( $current_time - $userdata['session_time'] > 60 )
{
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_start = $current_time, session_page = 0
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
}
return $userdata;
}
}

//
// If we reach here then no (valid) session exists. So we'll create a new one,
// using the cookie user_id if available to pull basic user prefs.
//
$user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS;

if ( !($userdata = session_begin($user_id, $user_ip, $thispage_id, TRUE)) )
{
message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql);
}

return $userdata;

}

/**
* Terminates the specified session
* It will delete the entry in the sessions table for this session,
* remove the corresponding auto-login key and reset the cookies
*/
function session_end($session_id, $user_id)
{
global $db, $lang, $board_config, $userdata;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;

$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];

$current_time = time();

if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
return;
}

//
// Delete existing session
//
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE session_id = '$session_id'
AND session_user_id = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
}

//
// Remove this auto-login entry (if applicable)
//
if ( isset($userdata['session_key']) && $userdata['session_key'] != '' )
{
$autologin_key = md5($userdata['session_key']);
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user_id . "
AND key_id = '$autologin_key'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing auto-login key', '', __LINE__, __FILE__, $sql);
}
}

//
// We expect that message_die will be called after this function,
// but just in case it isn't, reset $userdata to the details for a guest
//
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . ANONYMOUS;
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql);
}
if ( !($userdata = $db->sql_fetchrow($result)) )
{
message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql);
}
$db->sql_freeresult($result);


setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);

return true;
}

/**
* Removes expired sessions and auto-login keys from the database
*/
function session_clean($session_id)
{
global $board_config, $db;

//
// Delete expired sessions
//
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
WHERE session_time < ' . (time() - (int) $board_config['session_length']) . "
AND session_id <> '$session_id'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
}

//
// Delete expired auto-login keys
// If max_autologin_time is not set then keys will never be deleted
// (same behaviour as old 2.0.x session code)
//
if (!empty($board_config['max_autologin_time']) && $board_config['max_autologin_time'] > 0)
{
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE last_login < ' . (time() - (86400 * (int) $board_config['max_autologin_time']));
$db->sql_query($sql);
}

return true;
}

//
// Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper
// around every single URL and form action. If you replace the session
// code you must include this routine, even if it's empty.
//
function append_sid($url, $non_html_amp = false)
{
global $SID;

if ( !empty($SID) && !preg_match('#sid=#', $url) )
{
$url .= ( ( strpos($url, '?') !== false ) ? ( ( $non_html_amp ) ? '&' : '&amp;' ) : '?' ) . $SID;
}

return $url;
}

?>
Cliquez pour agrandir...
 
P
pasteque
Nouveau WRInaute
zimounet a dit:
sinon utilise le support de phpbb-fr
Cliquez pour agrandir...

J'ai posé la question sur phpbb-fr mais pas de réponse :(

Hier j'ai refais la manip (je suis parti du session.php d'origine, j'ai appliqué les instructions indiquée), au cas où j'ai fais une erreur...
 
E
[--Eric--]
WRInaute occasionnel
Classique... C'est soit tu gardes les sid soit tu as l'accès à admin ;-)
Enfin à l'époque où je m'était enquiquiné à enlevé les sid c'était comme ça.
L'astuce c'était de réinstaller un second phpBB (attention à modifier le nom des tables sql !!!) dans un autre répertoire que seul toi connait (une fois installé modifier la config à la main pour faire pointer sur la même base sql que le vrai forum) où là tu laissais les sid pour pouvoir accéder à l'admin.

Maintenant je laisse les sid et je ne m'en porte pas plus mal en terme de référencement. J'ai même viré l'url rewriting.
 
P
pasteque
Nouveau WRInaute
Deja rassurant qu'une autre personne ait eu le meme probleme que moi...

"Maintenant je laisse les sid et je ne m'en porte pas plus mal en terme de référencement. J'ai même viré l'url rewriting"
Cliquez pour agrandir...

Ah bon? Alors pourquoi tant d'articles sur ces modifs si ca ne pose pas de probleme ???
 
G
gainsdejeux
WRInaute discret
J'ai eu exactement le même problème, c'était également au choix : ou les identifiants de session ou l'accès au panneau d'administration ... J'ai choix l'accès au panneau d'administration.
 
P
pasteque
Nouveau WRInaute
Si le SID ne pose pas de probleme de référence, la présence du SID ne me gene pas.. Mais à ce qui est dit dans les articles, Google bouderait de telles pages ?...
 
Vous devez vous connecter ou vous inscrire pour répondre ici.
1.fr
Discussions similaires
P
Probleme forum phpbb seo
Réponses
4
Affichages
2K
spout
spout
J
[Resolu]Probleme installation forum PHPBB
Réponses
16
Affichages
3K
jonathan86
J
M
PHPBB rewrité probleme d'indexation
Réponses
2
Affichages
2K
mims1664
M
H
PHPBB Probleme page d'index avec url rewriting
Réponses
2
Affichages
2K
houssem
H
G
PHPbb probleme de spamming du forum
Réponses
6
Affichages
2K
lothar
L
K
Probleme URL Rewriting et .htaccess chez 1and1 et phpbb
Réponses
12
Affichages
5K
symbolyk
S
J
Phpbb & probleme de base de données
Réponses
3
Affichages
2K
jf_evreux
J
B
Probleme de referencement phpbb rewrité
Réponses
5
Affichages
3K
oli004
oli004
F
Probleme apres ajout champs phpbb
Réponses
7
Affichages
3K
Foxus
F
P
Probleme PHPBB page suivante, page 2,3,4. etc
Réponses
17
Affichages
3K
Freedolphin
Freedolphin
F
Referencer forum phpbb --> probleme avec htaccess
Réponses
8
Affichages
4K
totoro
T
M
Probleme avec le /api de prestashop
Réponses
1
Affichages
1K
spout
spout
Sawen93
Probleme acces admin WP apres installation de local vers serveur
Réponses
3
Affichages
843
Sawen93
Sawen93
grimbd
Probleme plus de mail
Réponses
2
Affichages
1K
grimbd
grimbd
F
probleme avec une image sur PageSpeed Insights
Réponses
7
Affichages
1K
flexi2202
F
F
probleme pour eliminez les ressources qui bloquent le rendu
Réponses
7
Affichages
1K
flexi2202
F
L
Probleme page d acccueil de mon site wordpress
Réponses
1
Affichages
1K
Madrileño
Madrileño
A
probleme avec PHPMailer
Réponses
9
Affichages
2K
azzimanialae
A
O
Probleme conversion tracking
Réponses
0
Affichages
2K
Oli_digital
O
F
PROBLEME INDEXATION DE MON SITE
Réponses
9
Affichages
2K
flexi2202
F
Haut