Login bug fix for Mambo portal 13-06-2002 Copyright (C) 2002 Emir Sakic Distributed under the terms of the GNU General Public License This information may be used without warranty provided. This source is available at http://www.superbosna.com/mambo_hacks Mambo is Copyright (C) 2000-2001 Miro Construct Pty Ltd Source is available at http://sourceforge.net/projects/mambo Site Name: Mambo Open Source Edition Version 3.0.7 Date: 13/06/2002 Version #: 1.0.0 Comments: Send your comments and suggestions to: saka@hotmail.com Problem: The Login in Mambo Open Source portal is cookie driven. If your browser blocks cookies Mambo will fail to set a session cookie variable, but a session entry will still be made in session mySQL table. Later on this will leave an empty time field and the script will fail to ever delete such an entry. Meaning that user with disabled cookies trying to login will stay forever inside the session table. Mambo will display him like online user forever. Solution: Before making the entry in the session table we will check if cookies are enabled. We can do it by trying to retrieve the cookie value called "sessioncookie" which has just been set. If script fails to read it that means that the cookies are blocked and we should make no entry in mySQL session table. Hack: 1) Open the file usermenu.php 2) Search for code: if ($existSessionID==1){ $query="INSERT into session set session_id='$cryptSessionID', guest='', userid='$uid', usertype='$usertype', username='$username'"; $database->openConnectionNoReturn($query); setcookie("sessioncookie", "$sessionID"); $sessioncookie=$sessionID; } 3) Replace it with following code: if ($existSessionID==1){ setcookie("sessioncookie", "$sessionID"); // set cookie if ($HTTP_COOKIE_VARS["sessioncookie"]!="") { // try to retrieve it $query="INSERT into session set session_id='$cryptSessionID', guest='', userid='$uid', usertype='$usertype', username='$username'"; $database->openConnectionNoReturn($query); } $sessioncookie=$sessionID; } 4) Done