changes for new server

Had to bypass file dates as now too new.
Made session folder path generic.
Also disabled tracking of visits.

Author: cjakeman

download/program/index.php

@@ -30,7 +30,9 @@
             </p>
           </a>
           <p style="text-align: center;">
-            <?php echo date('d F Y', filemtime("$file_path/$download_stable")) . ', ' . round(filesize("$file_path/$download_stable") / 1024 / 1024) . 'MB'; ?>
+            <!-- Cannot set modification date to correct value so write it literally -->
+            <!-- <?php echo date('d F Y', filemtime("$file_path/$download_stable")) . ', ' . round(filesize("$file_path/$download_stable") / 1024 / 1024) . 'MB'; ?> -->
+            <?php echo '08 December 2018, ' . round(filesize("$file_path/$download_stable") / 1024 / 1024) . 'MB'; ?>
           </p>
           <!--<p class="alert alert-info">
             We're working hard on producing the next stable version. Please check back soon.

index.php

@@ -43,7 +43,7 @@
             <!-- Button to trigger modal -->
             <a href="#modal1" role="button" class='btn download_button' data-toggle="modal">
               <span class='glyphicon glyphicon-download'></span>&nbsp; Download the installer
-              <?php echo '(' . date('d F Y', filemtime("$file_path/$download_stable")) . ', ' . round(filesize("$file_path/$download_stable") / 1024 / 1024) . 'MB)'; ?>
+              <?php echo '08 December 2018, ' . round(filesize("$file_path/$download_stable") / 1024 / 1024) . 'MB)'; ?>
 			</a>
           </div>
         </div>

shared/head.php

@@ -1,4 +1,5 @@
 <?php 
+
 // Better to move this section above track_visits.php
 // As it is, someone with cookies disallowed gets new visitor attributes for every page visited, not just on every visit.
 require_once('set_session_save_path.php');  // To avoid error 500 on this system

shared/mysql/track_visits.php

@@ -56,7 +56,13 @@
 $made_to = str_replace('//', '/', $made_to); // home page is just '/', but other pages begin with '//' which must become single.
 
 // In a timestamp field, NULL is replaced by current time automatically.
-$sql = "INSERT INTO tVisit (made_by, made_to, visited_on) VALUES('$id', '$made_to', NULL)"; 
-#echo "<br>$sql<br>";
+//$sql = "INSERT INTO tVisit (made_by, made_to, visited_on) VALUES('$id', '$made_to', NULL)";
+// But not on this server, so ask PHP for the date and time.
+$now = date("Y-m-d H:i:s"); 
+
+/* DISABLED as leading to a 500 Server Error
+$sql = "INSERT INTO tVisit (made_by, made_to, visited_on) VALUES('$id', '$made_to', '$now')"; 
+echo "<br>$sql<br>";
 if (!mysqli_query($dbc, $sql)) { die('Error: ' . mysqli_error($dbc)); }
+*/
 ?>

shared/set_session_save_path.php

@@ -1,10 +1,11 @@
 <?php
 // Extra statement needed as session.save_path is null on this system.
 
-if(ini_get('session.save_path') == '') {
+if(ini_get('session.save_path') == '' || ini_get('session.save_path') == 'E:\PHPSave') {
   // Cannot use recommended temp directory - leads to error 500
   //ini_set('session.save_path', 'C:\Temp');
-  ini_set('session.save_path', 'D:\web\openrails\web\sessions');
+  $root = getenv("DOCUMENT_ROOT");
+  ini_set('session.save_path', "$root\sessions");
 }
-//echo "'" . ini_get('session.save_path') . "'";
+echo "'" . ini_get('session.save_path') . "'";
 ?>

shared/track_visits.php

@@ -0,0 +1,68 @@
+<?php
+require_once('db_connect.php');
+
+# Find site's root folder, e.g. D:/web/openrails/web
+$root = getenv("DOCUMENT_ROOT");
+$path = strtr($root, '\\', '/');
+
+if (!isset($_SESSION['id']) || strlen($_SESSION['id']) < 10) {
+	// Retrieve id from cookie or create a new one.
+	$cookie_name = 'or_org3';
+	if(isset($_COOKIE[$cookie_name])) {
+		$id = $_COOKIE[$cookie_name];
+	}else{
+		$id = md5(date("Y-m-d H:i:s") . rand()); // Uses the MySQL DATETIME format plus random number
+		setcookie($cookie_name, $id, 2147483647); // max time value to expire far into future (19-Jan-2038)
+		$sql = "INSERT INTO tVisitor (id) VALUES('$id')";
+		if (!mysqli_query($dbc, $sql)) { die('Error: ' . mysqli_error($dbc)); }
+	
+		$ip = $_SERVER['REMOTE_ADDR']; // Always a real IP address but might be a proxy.
+		$sql = "INSERT INTO tVisitor_Attribute (used_by, of_type, of_value) VALUES('$id', 'ip', '$ip')";
+		if (!mysqli_query($dbc, $sql)) { die('Error: ' . mysqli_error($dbc)); }
+	
+		if (isset($_SERVER['HTTP_REFERER'])){
+			$referer = $_SERVER['HTTP_REFERER'];
+		}else{
+			$referer = 'unknown';
+		}
+		$sql = "INSERT INTO tVisitor_Attribute (used_by, of_type, of_value) VALUES('$id', 'referer', '$referer')";
+		if (!mysqli_query($dbc, $sql)) { die('Error: ' . mysqli_error($dbc)); }
+		
+		if (isset($_SERVER['HTTP_USER_AGENT'])){
+			$agent = $_SERVER['HTTP_USER_AGENT'];
+		}else{
+			$agent = 'unknown';
+		}
+		$sql = "INSERT INTO tVisitor_Attribute (used_by, of_type, of_value) VALUES('$id', 'agent', '$agent')";
+		if (!mysqli_query($dbc, $sql)) { die('Error: ' . mysqli_error($dbc)); }
+	}
+	// For visitors with cookies turned off, each visit to a webpage results in a new entry and several in Visit and Visitor_Attribute.
+	// Could change this so each session will be as a different individual.
+	// Not yet implemented.
+	// menu.php must be changed to add 	echo '?', htmlspecialchars(SID); as the first parameter in every relative URL.
+	// Should be detected automatically by the PHP server, but trials show this isn't the case for v5.2.8 as the setting.
+	// ini_get("session.use_only_cookies") returns 1 meaning that the SID parameter is ignored by session_start().
+
+	// Using Session variables can be dangerous.
+	// "Please note that if you have register_globals to On, global variables associated to $_SESSION variables are references,
+	// so this may lead to some weird situations." Re-using $id and changing its value also changes $_SESSION['id']
+	$_SESSION['id'] = $id;
+}
+
+
+// Record visit made to this webpage
+$folder = strtr(getcwd(), '\\', '/');
+$made_to = str_replace($path, '/', $folder); // Remove leading filepath to leave local URL
+$made_to = str_replace('//', '/', $made_to); // home page is just '/', but other pages begin with '//' which must become single.
+
+// In a timestamp field, NULL is replaced by current time automatically.
+//$sql = "INSERT INTO tVisit (made_by, made_to, visited_on) VALUES('$id', '$made_to', NULL)";
+// But not on this server, so ask PHP for the date and time.
+$now = date("Y-m-d H:i:s"); 
+
+/* DISABLED as leading to a 500 Server Error
+$sql = "INSERT INTO tVisit (made_by, made_to, visited_on) VALUES('$id', '$made_to', '$now')"; 
+echo "<br>$sql<br>";
+if (!mysqli_query($dbc, $sql)) { die('Error: ' . mysqli_error($dbc)); }
+*/
+?>

web.config

@@ -2,9 +2,7 @@
 <configuration>
     <system.webServer>
         <handlers>
-            <add name="HTML via FastCGI" path="*.html" verb="*" modules="FastCgiModule" scriptProcessor="D:\php528IIS\php-cgi.exe" resourceType="Unspecified" />
-            <add name="PHP via FastCGI" path="*.php" verb="*" modules="FastCgiModule" scriptProcessor="D:\php528IIS\php-cgi.exe" resourceType="Unspecified" requireAccess="Script" />
-            <add name="ActivePerl5.8" path="*.pl" verb="*" modules="IsapiModule" scriptProcessor="C:\Perl\bin\perl58.dll" resourceType="Unspecified" preCondition="bitness32" />
+            <add name="HTML via FastCGI" path="*.html" verb="*" modules="FastCgiModule" scriptProcessor="D:\php7411-nts\php-cgi.exe" resourceType="Unspecified" />
         </handlers>
         <tracing>
             <traceFailedRequests>