IntegraMOD

Hi

I have tried to install this Recommended Mod by CyberAlien for Removing Guest Sessions SID's but I still keep getting the SID's when I'm logged out?

Why isn't it removing the SID like it should?
(If anyone uses any other solution that works I'll be very happy to hear)
This is very important for SEO!

This is the Mod I used:
(You only need to mess with /includes/sessions.php to check it out)

Code: Select all

################################################################# ## MOD Title]http://www.phpbbstyles.com#[/url]# MOD Description: ##       This mod removes session id for guests from url and this way##       guests who don't have cookies like different robots will use##       correct urls. It can be used to allow googlebot and other##       search engines to spider your forum correctly.#### Installation Level:   Easy## Installation Time:    1-2 Minutes## Files To Edit (1): includes/sessions.php############################################################## ## For Security Purposes, Please Check: [url=http://www.phpbb.com/mods/]http://www.phpbb.com/mods/[/url] for the ## latest version of this MOD. Downloading this MOD from other sites could cause malicious code ## to enter into your phpBB Forum. As such, phpBB will not offer support for MOD's not offered ## in our MOD-Database, located at: [url=http://www.phpbb.com/mods/]http://www.phpbb.com/mods/[/url] ############################################################## ## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD ##############################################################  # #-----[ OPEN ]--------------------------------------------- # includes/sessions.php  ##-----[ FIND ]---------------------------------------------# around line 157     $sql = "UPDATE " . SESSIONS_TABLE . "         SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin         WHERE session_id = '" . $session_id . "'             AND session_ip = '$user_ip'";  # #-----[ REPLACE WITH ]---------------------------------------#     $sql_ip = $user_id == ANONYMOUS ? " AND session_ip = '$user_ip'" : '';     $sql = "UPDATE " . SESSIONS_TABLE . "         SET session_ip = '$user_ip', session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin         WHERE session_id = '" . $session_id . "' $sql_ip             AND session_user_id = '$user_id'";  ##-----[ FIND ]---------------------------------------------# around line 210     $SID = 'sid=' . $session_id;  # #-----[ REPLACE WITH ]---------------------------------------#     $SID = $user_id > 0 ? 'sid=' . $session_id : '';  ##-----[ FIND ]---------------------------------------------# around line 288                 $SID = ($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '';  # #-----[ REPLACE WITH ]---------------------------------------#                 $SID = $userdata['user_id'] > 0 ? (($sessionmethod == SESSION_METHOD_GET || defined('IN_ADMIN')) ? 'sid=' . $session_id : '') : '';  ##-----[ FIND ]---------------------------------------------# around line 340     //     // If we reach here then no (valid) session exists. So we'll create a new one,# #-----[ BEFORE, ADD ]---------------------------------------#     elseif(empty($sessiondata))     {         // try to login guest         $sql = "SELECT u.*, s.*             FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u             WHERE s.session_ip = '$user_ip'                 AND s.session_user_id = " . ANONYMOUS . "                 AND u.user_id = s.session_user_id                     LIMIT 0, 1";         if ( !($result = $db->sql_query($sql)) )         {             message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);         }           $userdata = $db->sql_fetchrow($result);           if ( isset($userdata['user_id']) )         {             if ( $current_time - $userdata['session_time'] > 60 )             {                 $sql = "UPDATE " . SESSIONS_TABLE . "                     SET session_time = $current_time, session_start = $current_time, session_page = 0                     WHERE session_id = '" . $userdata['session_id'] . "'";                 if ( !$db->sql_query($sql) )                 {                     message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);                 }             }             return $userdata;         }     }  # #-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ # # EoM  

Hi,

i am getting the exact same problem. Is there any way of removing sessions not just for bots but just guests in general?

Maddocks

I've also tried this MOD as well as making my own code changes and it doesn't seem to have an effect on guest sessions. I'll revisit this in the near future...

Hmmm.. the solution is quite simple really!

All you need to do is go to the ACP -> General Admin -> Qbar

and set phpBB prog: No. on your links. <img>

What does it mean in regards to phpbb security I'm not really sure. yet again don't have a clue but it works!.

Does anyone know the Implications of setting phpBB prog: No ??

hi,

if i do set it to no prog does it just mean that it won't give that linkan sid. Doesn't that mean that there will be problems with in IM tracking login status? we need a script that (if) the user is logged in then display sid's (because that is when they are needed) else display no sid's because they are not needed. We need one of the IM programmers to look though.

Maddocks

You're correct, if you switch "phpBB prog" to "no", then your users may be logged out if they click on the link.

Try this...

Open includes/functions_qbar.php
FIND

Code: Select all

                    // link                     $url = $fdata['url'];                     if ($fdata['internal'])                     {                         $part = explode( '?', $url);                         $url .= ((count($part) > 1) ? '&' ];                         $url = append_sid($url);                     }

REPLACE WITH

Code: Select all

                    // link                     $url = $fdata['url'];                     if ($fdata['internal'] && $userdata['session_logged_in'])                     {                         $part = explode( '?', $url);                         $url .= ((count($part) > 1) ? '&' ];                         $url = append_sid($url);                     }                     elseif ($fdata['internal'] && !$userdata['session_logged_in'])                     {                         $part = explode( '?', $url);                         $url .= ((count($part) > 1) ? '&' : '');                         $url = append_sid($url);                     }

Could have done this much simpler, but I was trying to preserve the security. I don't know if the entire change is necessary, but it works fine.

Oh, you saint!

so, the functions_qbar actually assigns the links the sid. I thank you very, very, very much, everyone was trying to do this and now you have! Thanks Mate!

Maddocks

CyberAliens mod above has some more code yes?

That's it Mike, just the code from the first post and the code for the qbar in my post.

I have installed the mod in 1.4.1 beta and the session is being removed when I log out. I have not added the mods to functions_qbar.php as it appears the session data is still being appended for guests i.e. people who are not logged in...

If I did not know different I would suggest there is a problem in the original session code as every time a guest browses my forums to any given page and returns to the index more sessions are created. It is entirely possible to create a substantial number of session in a single visit... cyberAliens code stops this from happening by including the IP for Anonymous users.

Thoughts?

PS By adding code to remove old sessions for Anonymous users older that 24 hours we could eliminate the session problem...

I just tried it there.

Edited sessions.php and then functions_qbar.php

Works like a charm. Thankyou

this seems to work ok with 141.

how ever with exra portal pages, there is a '&' at the end of the url.

e.g. http://www.irish-paintball.net/forum/portal.php?page=6&

any ideas? will this effect google crawling?

I am not all that familiar with google crawling but I would not think it would have much affect...

To remove the & in additional portal pages use this code


Open includes/functions_qbar.php
FIND

Code: Select all

                    // link                     $url = $fdata['url'];                     if ($fdata['internal'])                     {                         $part = explode( '?', $url);                         $url .= ((count($part) > 1) ? '&' ];                         $url = append_sid($url);                     }

REPLACE WITH

Code: Select all

                    // link                     $url = $fdata['url'];                     if ($fdata['internal'] && $userdata['session_logged_in'])                     {                         $part = explode( '?', $url);                         $url .= ((count($part) > 1) ? '&' ];                         $url = append_sid($url);                     }                     elseif ($fdata['internal'] && !$userdata['session_logged_in'])                     {                         $part = explode( '?', $url);                         $url .= ((count($part) > 1) ? '' : '');                         $url = append_sid($url);                     }