2002-07-14 14:32:45 +00:00
|
|
|
|
<?php
|
2003-08-27 22:25:43 +00:00
|
|
|
|
// -------------------------------------------------------------
|
|
|
|
|
|
//
|
|
|
|
|
|
// $Id$
|
|
|
|
|
|
//
|
|
|
|
|
|
// FILENAME : session.php
|
|
|
|
|
|
// STARTED : Sat Dec 16, 2000
|
|
|
|
|
|
// COPYRIGHT : <20> 2001, 2003 phpBB Group
|
|
|
|
|
|
// WWW : http://www.phpbb.com/
|
|
|
|
|
|
// LICENCE : GPL vs2.0 [ see /docs/COPYING ]
|
|
|
|
|
|
//
|
|
|
|
|
|
// -------------------------------------------------------------
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2002-10-20 19:19:07 +00:00
|
|
|
|
class session
|
|
|
|
|
|
{
|
2002-08-06 16:56:14 +00:00
|
|
|
|
var $session_id = '';
|
2002-10-20 19:19:07 +00:00
|
|
|
|
var $data = array();
|
2002-10-04 13:09:10 +00:00
|
|
|
|
var $browser = '';
|
2002-10-21 14:10:45 +00:00
|
|
|
|
var $ip = '';
|
2002-10-04 13:09:10 +00:00
|
|
|
|
var $page = '';
|
2004-05-26 20:29:39 +00:00
|
|
|
|
var $cur_page = '';
|
2002-07-14 14:32:45 +00:00
|
|
|
|
var $load;
|
|
|
|
|
|
|
2002-10-04 13:09:10 +00:00
|
|
|
|
// Called at each page start ... checks for, updates and/or creates a session
|
2003-08-24 18:16:53 +00:00
|
|
|
|
function start()
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2003-02-26 19:18:09 +00:00
|
|
|
|
global $phpEx, $SID, $db, $config;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
|
|
|
|
|
$current_time = time();
|
2002-11-01 12:23:08 +00:00
|
|
|
|
$this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : $_ENV['HTTP_USER_AGENT'];
|
2003-02-26 19:18:09 +00:00
|
|
|
|
$this->page = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : $_ENV['REQUEST_URI'];
|
2004-05-26 20:29:39 +00:00
|
|
|
|
|
|
|
|
|
|
// Generate Valid URL
|
|
|
|
|
|
$this->cur_page = preg_replace('#^.*?([a-z]+?)\.' . $phpEx . '\?sid=[a-z0-9]*?(&.*)?$#i', '\1.' . $phpEx . '?\2', htmlspecialchars($this->page));
|
|
|
|
|
|
|
2003-11-05 18:51:05 +00:00
|
|
|
|
$this->page = preg_replace('#^.*?([a-z]+?)\.' . $phpEx . '\?sid=[a-z0-9]*?(&.*)?$#i', '\1\2', $this->page);
|
2003-05-22 17:03:04 +00:00
|
|
|
|
$this->page .= (isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : '';
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2002-11-01 12:23:08 +00:00
|
|
|
|
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_data']))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2004-05-26 20:29:39 +00:00
|
|
|
|
$sessiondata = (!empty($_COOKIE[$config['cookie_name'] . '_data'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_data'])) : array();
|
2003-10-12 11:59:23 +00:00
|
|
|
|
$this->session_id = request_var($config['cookie_name'] . '_sid', '');
|
2003-01-20 05:12:38 +00:00
|
|
|
|
$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
2004-05-26 20:29:39 +00:00
|
|
|
|
$sessiondata = array();
|
2003-10-12 11:59:23 +00:00
|
|
|
|
$this->session_id = request_var('sid', '');
|
2002-08-06 16:56:14 +00:00
|
|
|
|
$SID = '?sid=' . $this->session_id;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-20 19:19:07 +00:00
|
|
|
|
// Obtain users IP
|
2003-08-24 18:16:53 +00:00
|
|
|
|
$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : getenv('REMOTE_ADDR');
|
2002-10-20 19:19:07 +00:00
|
|
|
|
|
|
|
|
|
|
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
|
|
|
|
|
{
|
2003-07-13 15:13:59 +00:00
|
|
|
|
$private_ip = array('#^0\.#', '#^127\.0\.0\.1#', '#^192\.168\.#', '#^172\.16\.#', '#^10\.#', '#^224\.#', '#^240\.#');
|
|
|
|
|
|
foreach (explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']) as $x_ip)
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2003-07-13 15:13:59 +00:00
|
|
|
|
if (preg_match('#([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)#', $x_ip, $ip_list))
|
|
|
|
|
|
{
|
|
|
|
|
|
if (($this->ip = trim(preg_replace($private_ip, $this->ip, $ip_list[1]))) == trim($ip_list[1]))
|
|
|
|
|
|
{
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-07-14 14:32:45 +00:00
|
|
|
|
// Load limit check (if applicable)
|
2003-08-27 16:31:54 +00:00
|
|
|
|
if (@file_exists('/proc/loadavg'))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2003-10-12 11:59:23 +00:00
|
|
|
|
if ($load = @file('/proc/loadavg'))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
|
|
|
|
|
list($this->load) = explode(' ', $load[0]);
|
|
|
|
|
|
|
2003-10-12 11:59:23 +00:00
|
|
|
|
if ($config['limit_load'] && $this->load > doubleval($config['limit_load']))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2003-02-25 18:19:34 +00:00
|
|
|
|
trigger_error('BOARD_UNAVAILABLE');
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-08-06 16:56:14 +00:00
|
|
|
|
// session_id exists so go ahead and attempt to grab all data in preparation
|
2003-01-20 05:12:38 +00:00
|
|
|
|
if (!empty($this->session_id) && (!defined('NEED_SID') || $this->session_id == $_GET['sid']))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2004-05-26 20:29:39 +00:00
|
|
|
|
$sql = 'SELECT u.*, s.*, g.*
|
|
|
|
|
|
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . ' u, ' . GROUPS_TABLE . " g
|
2003-08-24 18:16:53 +00:00
|
|
|
|
WHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'
|
2004-05-26 20:29:39 +00:00
|
|
|
|
AND u.user_id = s.session_user_id
|
|
|
|
|
|
AND g.group_id = u.group_id";
|
2002-07-14 14:32:45 +00:00
|
|
|
|
$result = $db->sql_query($sql);
|
|
|
|
|
|
|
2002-10-20 19:19:07 +00:00
|
|
|
|
$this->data = $db->sql_fetchrow($result);
|
2002-08-06 16:56:14 +00:00
|
|
|
|
$db->sql_freeresult($result);
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
|
|
|
|
|
// Did the session exist in the DB?
|
2002-11-01 12:23:08 +00:00
|
|
|
|
if (isset($this->data['user_id']))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2002-10-04 13:09:10 +00:00
|
|
|
|
// Validate IP length according to admin ... has no effect on IPv6
|
2002-10-30 00:57:27 +00:00
|
|
|
|
$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
|
|
|
|
|
|
$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
|
2002-10-04 13:09:10 +00:00
|
|
|
|
|
2003-03-24 19:03:32 +00:00
|
|
|
|
$s_browser = ($config['browser_check']) ? $this->data['session_browser'] : '';
|
|
|
|
|
|
$u_browser = ($config['browser_check']) ? $this->browser : '';
|
|
|
|
|
|
|
|
|
|
|
|
if ($u_ip == $s_ip && $s_browser == $u_browser)
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
|
|
|
|
|
// Only update session DB a minute or so after last update or if page changes
|
2003-08-24 18:16:53 +00:00
|
|
|
|
if ($current_time - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page)
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2003-07-13 15:13:59 +00:00
|
|
|
|
$sql = 'UPDATE ' . SESSIONS_TABLE . "
|
2003-04-24 18:40:57 +00:00
|
|
|
|
SET session_time = $current_time, session_page = '" . $db->sql_escape($this->page) . "'
|
2003-08-24 18:16:53 +00:00
|
|
|
|
WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
|
2002-07-14 14:32:45 +00:00
|
|
|
|
$db->sql_query($sql);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-20 19:19:07 +00:00
|
|
|
|
return true;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// If we reach here then no (valid) session exists. So we'll create a new one,
|
|
|
|
|
|
// using the cookie user_id if available to pull basic user prefs.
|
2002-11-01 12:23:08 +00:00
|
|
|
|
$autologin = (isset($sessiondata['autologinid'])) ? $sessiondata['autologinid'] : '';
|
|
|
|
|
|
$user_id = (isset($sessiondata['userid'])) ? intval($sessiondata['userid']) : ANONYMOUS;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2002-10-04 13:09:10 +00:00
|
|
|
|
return $this->create($user_id, $autologin);
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2002-08-06 16:56:14 +00:00
|
|
|
|
// Create a new session
|
2003-03-09 16:11:08 +00:00
|
|
|
|
function create(&$user_id, &$autologin, $set_autologin = false, $viewonline = 1)
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2002-10-30 00:57:27 +00:00
|
|
|
|
global $SID, $db, $config;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
|
|
|
|
|
$sessiondata = array();
|
|
|
|
|
|
$current_time = time();
|
2003-10-15 17:43:07 +00:00
|
|
|
|
$bot = false;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-10-15 17:43:07 +00:00
|
|
|
|
// Pull bot information from DB and loop through it
|
|
|
|
|
|
$sql = 'SELECT user_id, bot_agent, bot_ip
|
2004-02-18 01:46:39 +00:00
|
|
|
|
FROM ' . BOTS_TABLE . '
|
2003-10-15 17:43:07 +00:00
|
|
|
|
WHERE bot_active = 1';
|
|
|
|
|
|
$result = $db->sql_query($sql);
|
2002-08-07 00:02:08 +00:00
|
|
|
|
|
2003-10-15 17:43:07 +00:00
|
|
|
|
while ($row = $db->sql_fetchrow($result))
|
|
|
|
|
|
{
|
2003-11-20 12:49:42 +00:00
|
|
|
|
if ($row['bot_agent'] && preg_match('#' . preg_quote($row['bot_agent'], '#') . '#i', $this->browser))
|
2003-10-15 17:43:07 +00:00
|
|
|
|
{
|
|
|
|
|
|
$bot = $row['user_id'];
|
|
|
|
|
|
}
|
|
|
|
|
|
if ($row['bot_ip'] && (!$row['bot_agent'] || $bot))
|
|
|
|
|
|
{
|
|
|
|
|
|
foreach (explode(',', $row['bot_ip']) as $bot_ip)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (strpos($this->ip, $bot_ip) === 0)
|
|
|
|
|
|
{
|
|
|
|
|
|
$bot = $row['user_id'];
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-10-15 17:43:07 +00:00
|
|
|
|
if ($bot)
|
2002-10-17 02:50:50 +00:00
|
|
|
|
{
|
2003-10-15 17:43:07 +00:00
|
|
|
|
$user_id = $bot;
|
|
|
|
|
|
break;
|
2002-10-17 02:50:50 +00:00
|
|
|
|
}
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
2003-10-15 17:43:07 +00:00
|
|
|
|
$db->sql_freeresult($result);
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2002-10-04 13:09:10 +00:00
|
|
|
|
// Garbage collection ... remove old sessions updating user information
|
2002-11-01 12:23:08 +00:00
|
|
|
|
// if necessary. It means (potentially) 11 queries but only infrequently
|
2004-01-30 12:14:48 +00:00
|
|
|
|
if ($current_time > $config['session_last_gc'] + $config['session_gc'])
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
|
|
|
|
|
$this->gc($current_time);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-04 23:37:07 +00:00
|
|
|
|
// Grab user data ... join on session if it exists for session time
|
2004-05-26 20:29:39 +00:00
|
|
|
|
$sql = 'SELECT u.*, s.session_time, s.session_id, g.*
|
|
|
|
|
|
FROM (' . USERS_TABLE . ' u, ' . GROUPS_TABLE . ' g
|
2003-07-13 15:13:59 +00:00
|
|
|
|
LEFT JOIN ' . SESSIONS_TABLE . " s ON s.session_user_id = u.user_id)
|
2002-10-04 23:37:07 +00:00
|
|
|
|
WHERE u.user_id = $user_id
|
2004-05-26 20:29:39 +00:00
|
|
|
|
AND u.group_id = g.group_id
|
2002-10-04 23:37:07 +00:00
|
|
|
|
ORDER BY s.session_time DESC";
|
2004-05-26 20:29:39 +00:00
|
|
|
|
|
|
|
|
|
|
/* $sql = 'SELECT u.*, s.session_time, s.session_id
|
|
|
|
|
|
FROM (' . USERS_TABLE . ' u
|
|
|
|
|
|
LEFT JOIN ' . SESSIONS_TABLE . " s ON s.session_user_id = u.user_id)
|
|
|
|
|
|
WHERE u.user_id = $user_id
|
|
|
|
|
|
ORDER BY s.session_time DESC";*/
|
|
|
|
|
|
$result = $db->sql_query_limit($sql, 1);
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2002-10-20 19:19:07 +00:00
|
|
|
|
$this->data = $db->sql_fetchrow($result);
|
2002-08-06 16:56:14 +00:00
|
|
|
|
$db->sql_freeresult($result);
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
|
|
|
|
|
// Check autologin request, is it valid?
|
2003-10-15 17:43:07 +00:00
|
|
|
|
if (empty($this->data) || ($this->data['user_password'] != $autologin && !$set_autologin) || ($this->data['user_type'] == USER_INACTIVE && !$bot))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
|
|
|
|
|
$autologin = '';
|
2002-10-20 19:19:07 +00:00
|
|
|
|
$this->data['user_id'] = $user_id = ANONYMOUS;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
2003-04-09 22:17:55 +00:00
|
|
|
|
|
2003-10-15 17:43:07 +00:00
|
|
|
|
// If we're a bot then we'll re-use an existing id if available
|
|
|
|
|
|
if ($bot && $this->data['session_id'])
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->session_id = $this->data['session_id'];
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (!$this->data['session_time'] && $config['active_sessions'])
|
|
|
|
|
|
{
|
|
|
|
|
|
// Limit sessions in 1 minute period
|
|
|
|
|
|
$sql = 'SELECT COUNT(*) AS sessions
|
|
|
|
|
|
FROM ' . SESSIONS_TABLE . '
|
|
|
|
|
|
WHERE session_time >= ' . ($current_time - 60);
|
|
|
|
|
|
$result = $db->sql_query($sql);
|
|
|
|
|
|
|
|
|
|
|
|
$row = $db->sql_fetchrow($result);
|
|
|
|
|
|
$db->sql_freeresult($result);
|
|
|
|
|
|
|
|
|
|
|
|
if (intval($row['sessions']) > intval($config['active_sessions']))
|
|
|
|
|
|
{
|
|
|
|
|
|
trigger_error('BOARD_UNAVAILABLE');
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2003-04-09 22:17:55 +00:00
|
|
|
|
// Is user banned? Are they excluded?
|
2004-02-10 01:16:48 +00:00
|
|
|
|
if ($this->data['user_type'] != USER_FOUNDER && !$bot)
|
2003-01-07 18:58:36 +00:00
|
|
|
|
{
|
|
|
|
|
|
$banned = false;
|
2003-01-07 18:39:24 +00:00
|
|
|
|
|
2003-04-09 22:41:25 +00:00
|
|
|
|
$sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end
|
|
|
|
|
|
FROM ' . BANLIST_TABLE . '
|
|
|
|
|
|
WHERE ban_end >= ' . time() . '
|
|
|
|
|
|
OR ban_end = 0';
|
2003-01-07 18:58:36 +00:00
|
|
|
|
$result = $db->sql_query($sql);
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-01-07 18:58:36 +00:00
|
|
|
|
if ($row = $db->sql_fetchrow($result))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2003-01-07 18:58:36 +00:00
|
|
|
|
do
|
2003-01-07 18:39:24 +00:00
|
|
|
|
{
|
2003-01-29 18:36:26 +00:00
|
|
|
|
if ((!empty($row['ban_userid']) && intval($row['ban_userid']) == $this->data['user_id']) ||
|
|
|
|
|
|
(!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $this->ip)) ||
|
|
|
|
|
|
(!empty($row['ban_email']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $this->data['user_email'])))
|
2003-01-07 18:58:36 +00:00
|
|
|
|
{
|
|
|
|
|
|
if (!empty($row['ban_exclude']))
|
|
|
|
|
|
{
|
|
|
|
|
|
$banned = false;
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
$banned = true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2003-01-07 18:39:24 +00:00
|
|
|
|
}
|
2003-01-07 18:58:36 +00:00
|
|
|
|
while ($row = $db->sql_fetchrow($result));
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
2003-01-07 18:58:36 +00:00
|
|
|
|
$db->sql_freeresult($result);
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-01-07 18:58:36 +00:00
|
|
|
|
if ($banned)
|
|
|
|
|
|
{
|
2003-04-09 22:41:25 +00:00
|
|
|
|
// Initiate environment ... since it won't be set at this stage
|
|
|
|
|
|
$this->setup();
|
|
|
|
|
|
|
|
|
|
|
|
// Determine which message to output
|
|
|
|
|
|
$till_date = (!empty($row['ban_end'])) ? $this->format_date($row['ban_end']) : '';
|
|
|
|
|
|
$message = (!empty($row['ban_end'])) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM';
|
|
|
|
|
|
|
|
|
|
|
|
$message = sprintf($this->lang[$message], $till_date, '<a href="mailto:' . $config['board_contact'] . '">', '</a>');
|
|
|
|
|
|
// More internal HTML ... :D
|
|
|
|
|
|
$message .= (!empty($row['ban_show_reason'])) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $row['ban_show_reason']) : '';
|
|
|
|
|
|
trigger_error($message);
|
2003-01-07 18:58:36 +00:00
|
|
|
|
}
|
2003-01-07 18:39:24 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-04 23:37:07 +00:00
|
|
|
|
// Is there an existing session? If so, grab last visit time from that
|
2002-11-01 12:23:08 +00:00
|
|
|
|
$this->data['session_last_visit'] = ($this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time());
|
2002-10-04 23:37:07 +00:00
|
|
|
|
|
2002-07-14 14:32:45 +00:00
|
|
|
|
// Create or update the session
|
|
|
|
|
|
$db->sql_return_on_error(true);
|
|
|
|
|
|
|
2003-07-13 15:13:59 +00:00
|
|
|
|
$sql = 'UPDATE ' . SESSIONS_TABLE . "
|
2003-07-23 15:39:38 +00:00
|
|
|
|
SET session_user_id = $user_id, session_last_visit = " . $this->data['session_last_visit'] . ", session_start = $current_time, session_time = $current_time, session_browser = '" . $db->sql_escape($this->browser) . "', session_page = '" . $db->sql_escape($this->page) . "', session_allow_viewonline = $viewonline
|
2003-08-24 18:16:53 +00:00
|
|
|
|
WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
|
2003-03-20 00:33:25 +00:00
|
|
|
|
if ($this->session_id == '' || !$db->sql_query($sql) || !$db->sql_affectedrows())
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
|
|
|
|
|
$db->sql_return_on_error(false);
|
2003-04-24 18:23:35 +00:00
|
|
|
|
$this->session_id = md5(uniqid($this->ip));
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-10-12 00:00:03 +00:00
|
|
|
|
$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
|
2003-08-24 18:16:53 +00:00
|
|
|
|
'session_id' => (string) $this->session_id,
|
|
|
|
|
|
'session_user_id' => (int) $user_id,
|
2003-09-07 13:46:51 +00:00
|
|
|
|
'session_start' => (int) $current_time,
|
|
|
|
|
|
'session_last_visit' => (int) $this->data['session_last_visit'],
|
2003-08-24 18:16:53 +00:00
|
|
|
|
'session_time' => (int) $current_time,
|
|
|
|
|
|
'session_ip' => (string) $this->ip,
|
|
|
|
|
|
'session_browser' => (string) $this->browser,
|
|
|
|
|
|
'session_page' => (string) $this->page,
|
|
|
|
|
|
'session_allow_viewonline' => (int) $viewonline
|
2003-10-12 00:00:03 +00:00
|
|
|
|
));
|
2002-07-14 14:32:45 +00:00
|
|
|
|
$db->sql_query($sql);
|
|
|
|
|
|
}
|
|
|
|
|
|
$db->sql_return_on_error(false);
|
|
|
|
|
|
|
2003-10-15 17:43:07 +00:00
|
|
|
|
if (!$bot)
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->data['session_id'] = $this->session_id;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-10-15 17:43:07 +00:00
|
|
|
|
$sessiondata['autologinid'] = ($autologin && $user_id != ANONYMOUS) ? $autologin : '';
|
|
|
|
|
|
$sessiondata['userid'] = $user_id;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-10-15 17:43:07 +00:00
|
|
|
|
$this->set_cookie('data', serialize($sessiondata), $current_time + 31536000);
|
|
|
|
|
|
$this->set_cookie('sid', $this->session_id, 0);
|
|
|
|
|
|
$SID = '?sid=' . $this->session_id;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-10-15 17:43:07 +00:00
|
|
|
|
if ($this->data['user_id'] != ANONYMOUS)
|
|
|
|
|
|
{
|
|
|
|
|
|
// Trigger EVT_NEW_SESSION
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
2003-10-15 17:43:07 +00:00
|
|
|
|
$SID = '?sid=';
|
2002-10-04 13:09:10 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-20 19:19:07 +00:00
|
|
|
|
return true;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2002-08-06 16:56:14 +00:00
|
|
|
|
// Destroy a session
|
2002-10-20 19:19:07 +00:00
|
|
|
|
function destroy()
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2002-10-30 00:57:27 +00:00
|
|
|
|
global $SID, $db, $config;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
|
|
|
|
|
$current_time = time();
|
|
|
|
|
|
|
2002-10-04 13:09:10 +00:00
|
|
|
|
$this->set_cookie('data', '', $current_time - 31536000);
|
|
|
|
|
|
$this->set_cookie('sid', '', $current_time - 31536000);
|
|
|
|
|
|
$SID = '?sid=';
|
2002-08-06 16:56:14 +00:00
|
|
|
|
|
2002-07-14 14:32:45 +00:00
|
|
|
|
// Delete existing session, update last visit info first!
|
2003-05-08 01:14:14 +00:00
|
|
|
|
$sql = 'UPDATE ' . USERS_TABLE . '
|
|
|
|
|
|
SET user_lastvisit = ' . $this->data['session_time'] . '
|
|
|
|
|
|
WHERE user_id = ' . $this->data['user_id'];
|
2002-07-14 14:32:45 +00:00
|
|
|
|
$db->sql_query($sql);
|
|
|
|
|
|
|
2003-05-08 01:14:14 +00:00
|
|
|
|
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
|
2003-08-24 18:16:53 +00:00
|
|
|
|
WHERE session_id = '" . $db->sql_escape($this->session_id) . "'
|
2002-10-20 19:19:07 +00:00
|
|
|
|
AND session_user_id = " . $this->data['user_id'];
|
2002-07-14 14:32:45 +00:00
|
|
|
|
$db->sql_query($sql);
|
|
|
|
|
|
|
2002-08-06 16:56:14 +00:00
|
|
|
|
$this->session_id = '';
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-09-07 13:46:51 +00:00
|
|
|
|
if ($this->data['user_id'] != ANONYMOUS)
|
|
|
|
|
|
{
|
2003-10-12 11:59:23 +00:00
|
|
|
|
// Trigger EVENT_END_SESSION
|
2003-09-07 13:46:51 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2002-07-14 14:32:45 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-08-06 16:56:14 +00:00
|
|
|
|
// Garbage collection
|
2002-07-14 14:32:45 +00:00
|
|
|
|
function gc(&$current_time)
|
|
|
|
|
|
{
|
2002-10-30 00:57:27 +00:00
|
|
|
|
global $db, $config;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-11-16 23:16:02 +00:00
|
|
|
|
switch (SQL_LAYER)
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2003-11-16 23:16:02 +00:00
|
|
|
|
case 'mysql4':
|
|
|
|
|
|
// Firstly, delete guest sessions
|
|
|
|
|
|
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
|
|
|
|
|
|
WHERE session_user_id = ' . ANONYMOUS . '
|
|
|
|
|
|
AND session_time < ' . ($current_time - $config['session_length']);
|
|
|
|
|
|
$db->sql_query($sql);
|
|
|
|
|
|
|
|
|
|
|
|
// Keep only the most recent session for each user
|
|
|
|
|
|
// Note: if the user is currently browsing the board, his
|
|
|
|
|
|
// last_visit field won't be updated, which I believe should be
|
|
|
|
|
|
// the normal behavior anyway
|
|
|
|
|
|
$db->sql_return_on_error(TRUE);
|
2004-01-30 12:14:48 +00:00
|
|
|
|
|
2003-11-16 23:16:02 +00:00
|
|
|
|
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
|
|
|
|
|
|
USING ' . SESSIONS_TABLE . ' s1, ' . SESSIONS_TABLE . ' s2
|
|
|
|
|
|
WHERE s1.session_user_id = s2.session_user_id
|
|
|
|
|
|
AND s1.session_time < s2.session_time';
|
|
|
|
|
|
$db->sql_query($sql);
|
2004-01-30 12:14:48 +00:00
|
|
|
|
|
2003-11-16 23:16:02 +00:00
|
|
|
|
$db->sql_return_on_error(FALSE);
|
|
|
|
|
|
|
|
|
|
|
|
// Update last visit time
|
|
|
|
|
|
$sql = 'UPDATE ' . USERS_TABLE. ' u, ' . SESSIONS_TABLE . ' s
|
|
|
|
|
|
SET u.user_lastvisit = s.session_time, u.user_lastpage = s.session_page
|
|
|
|
|
|
WHERE s.session_time < ' . ($current_time - $config['session_length']) . '
|
|
|
|
|
|
AND u.user_id = s.session_user_id';
|
|
|
|
|
|
$db->sql_query($sql);
|
|
|
|
|
|
|
|
|
|
|
|
// Delete everything else now
|
|
|
|
|
|
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
|
|
|
|
|
|
WHERE session_time < ' . ($current_time - $config['session_length']);
|
|
|
|
|
|
$db->sql_query($sql);
|
|
|
|
|
|
|
|
|
|
|
|
set_config('session_last_gc', $current_time);
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
2004-01-30 12:14:48 +00:00
|
|
|
|
default:
|
2003-11-16 23:16:02 +00:00
|
|
|
|
|
2004-01-30 12:14:48 +00:00
|
|
|
|
// Get expired sessions, only most recent for each user
|
|
|
|
|
|
$sql = 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time
|
|
|
|
|
|
FROM ' . SESSIONS_TABLE . '
|
|
|
|
|
|
WHERE session_time < ' . ($current_time - $config['session_length']) . '
|
|
|
|
|
|
GROUP BY session_user_id, session_page';
|
|
|
|
|
|
$result = $db->sql_query_limit($sql, 5);
|
|
|
|
|
|
|
|
|
|
|
|
$del_user_id = '';
|
|
|
|
|
|
$del_sessions = 0;
|
|
|
|
|
|
if ($row = $db->sql_fetchrow($result))
|
2003-01-21 14:37:56 +00:00
|
|
|
|
{
|
2004-01-30 12:14:48 +00:00
|
|
|
|
do
|
2003-11-16 23:16:02 +00:00
|
|
|
|
{
|
2004-01-30 12:14:48 +00:00
|
|
|
|
if ($row['session_user_id'] != ANONYMOUS)
|
|
|
|
|
|
{
|
|
|
|
|
|
$sql = 'UPDATE ' . USERS_TABLE . '
|
|
|
|
|
|
SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
|
|
|
|
|
|
WHERE user_id = " . $row['session_user_id'];
|
|
|
|
|
|
$db->sql_query($sql);
|
|
|
|
|
|
}
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2004-01-30 12:14:48 +00:00
|
|
|
|
$del_user_id .= (($del_user_id != '') ? ', ' : '') . $row['session_user_id'];
|
|
|
|
|
|
$del_sessions++;
|
|
|
|
|
|
}
|
|
|
|
|
|
while ($row = $db->sql_fetchrow($result));
|
2003-11-16 23:16:02 +00:00
|
|
|
|
}
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2004-01-30 12:14:48 +00:00
|
|
|
|
if ($del_user_id != '')
|
|
|
|
|
|
{
|
|
|
|
|
|
// Delete expired sessions
|
|
|
|
|
|
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
|
|
|
|
|
|
WHERE session_user_id IN ($del_user_id)
|
|
|
|
|
|
AND session_time < " . ($current_time - $config['session_length']);
|
|
|
|
|
|
$db->sql_query($sql);
|
|
|
|
|
|
}
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2004-01-30 12:14:48 +00:00
|
|
|
|
if ($del_sessions < 5)
|
|
|
|
|
|
{
|
|
|
|
|
|
// Less than 5 sessions, update gc timer ... else we want gc
|
|
|
|
|
|
// called again to delete other sessions
|
|
|
|
|
|
set_config('session_last_gc', $current_time);
|
|
|
|
|
|
}
|
|
|
|
|
|
break;
|
2002-08-22 17:55:55 +00:00
|
|
|
|
}
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-05 11:38:10 +00:00
|
|
|
|
// Set a cookie
|
|
|
|
|
|
function set_cookie($name, $cookiedata, $cookietime)
|
|
|
|
|
|
{
|
2002-10-30 00:57:27 +00:00
|
|
|
|
global $config;
|
2002-10-05 11:38:10 +00:00
|
|
|
|
|
2002-10-30 00:57:27 +00:00
|
|
|
|
setcookie($config['cookie_name'] . '_' . $name, $cookiedata, $cookietime, $config['cookie_path'], $config['cookie_domain'], $config['cookie_secure']);
|
2002-10-05 11:38:10 +00:00
|
|
|
|
}
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-04 13:09:10 +00:00
|
|
|
|
// Contains (at present) basic user methods such as configuration
|
|
|
|
|
|
// creating date/time ... keep this?
|
2002-10-20 19:19:07 +00:00
|
|
|
|
class user extends session
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
2002-10-20 19:19:07 +00:00
|
|
|
|
var $lang = array();
|
2004-02-28 21:16:15 +00:00
|
|
|
|
var $help = array();
|
2002-10-20 19:19:07 +00:00
|
|
|
|
var $theme = array();
|
2002-10-04 13:09:10 +00:00
|
|
|
|
var $date_format;
|
|
|
|
|
|
var $timezone;
|
|
|
|
|
|
var $dst;
|
|
|
|
|
|
|
2002-10-20 19:19:07 +00:00
|
|
|
|
var $lang_name;
|
|
|
|
|
|
var $lang_path;
|
|
|
|
|
|
var $img_lang;
|
|
|
|
|
|
|
2003-10-12 00:00:03 +00:00
|
|
|
|
var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'html' => 7, 'bbcode' => 8, 'smile' => 9, 'popuppm' => 10);
|
2003-08-27 22:25:43 +00:00
|
|
|
|
var $keyvalues = array();
|
2003-08-27 16:31:54 +00:00
|
|
|
|
|
2002-10-20 19:19:07 +00:00
|
|
|
|
function setup($lang_set = false, $style = false)
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
2004-02-28 21:24:52 +00:00
|
|
|
|
global $db, $template, $config, $auth, $phpEx, $phpbb_root_path;
|
2002-10-04 13:09:10 +00:00
|
|
|
|
|
2002-11-01 12:23:08 +00:00
|
|
|
|
if ($this->data['user_id'] != ANONYMOUS)
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
2004-05-26 20:29:39 +00:00
|
|
|
|
$this->lang_name = (file_exists($phpbb_root_path . 'language/' . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : $config['default_lang'];
|
2002-10-08 20:06:55 +00:00
|
|
|
|
$this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/';
|
2002-10-04 13:09:10 +00:00
|
|
|
|
|
2002-10-20 19:19:07 +00:00
|
|
|
|
$this->date_format = $this->data['user_dateformat'];
|
|
|
|
|
|
$this->timezone = $this->data['user_timezone'] * 3600;
|
|
|
|
|
|
$this->dst = $this->data['user_dst'] * 3600;
|
2002-10-04 13:09:10 +00:00
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
else
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
2002-10-30 00:57:27 +00:00
|
|
|
|
$this->lang_name = $config['default_lang'];
|
2002-10-08 20:06:55 +00:00
|
|
|
|
$this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/';
|
2002-10-30 00:57:27 +00:00
|
|
|
|
$this->date_format = $config['default_dateformat'];
|
|
|
|
|
|
$this->timezone = $config['board_timezone'] * 3600;
|
2003-04-09 22:41:25 +00:00
|
|
|
|
$this->dst = $config['board_dst'] * 3600;
|
2002-10-08 20:06:55 +00:00
|
|
|
|
|
2002-11-01 12:23:08 +00:00
|
|
|
|
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
2002-10-20 19:19:07 +00:00
|
|
|
|
$accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
|
2002-11-01 12:23:08 +00:00
|
|
|
|
foreach ($accept_lang_ary as $accept_lang)
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
2002-10-20 19:19:07 +00:00
|
|
|
|
// Set correct format ... guess full xx_YY form
|
|
|
|
|
|
$accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2));
|
2004-05-26 20:29:39 +00:00
|
|
|
|
if (file_exists($phpbb_root_path . 'language/' . $accept_lang . "/common.$phpEx"))
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
|
|
|
|
|
$this->lang_name = $accept_lang;
|
2002-10-08 20:06:55 +00:00
|
|
|
|
$this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/';
|
2002-10-04 13:09:10 +00:00
|
|
|
|
break;
|
|
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
// No match on xx_YY so try xx
|
|
|
|
|
|
$accept_lang = substr($accept_lang, 0, 2);
|
2004-05-26 20:29:39 +00:00
|
|
|
|
if (file_exists($phpbb_root_path . 'language/' . $accept_lang . "/common.$phpEx"))
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
|
|
|
|
|
$this->lang_name = $accept_lang;
|
|
|
|
|
|
$this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/';
|
|
|
|
|
|
break;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2002-10-04 13:09:10 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2004-02-28 21:16:15 +00:00
|
|
|
|
$this->add_lang($lang_set);
|
|
|
|
|
|
unset($lang_set);
|
2003-01-07 14:37:19 +00:00
|
|
|
|
|
2003-07-13 21:40:03 +00:00
|
|
|
|
if (!empty($_GET['style']) && $auth->acl_get('a_styles'))
|
|
|
|
|
|
{
|
|
|
|
|
|
global $SID;
|
2003-09-07 13:46:51 +00:00
|
|
|
|
|
2004-02-29 12:51:18 +00:00
|
|
|
|
$SID .= '&style=' . request_var('style', 0);
|
2003-07-13 21:40:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
// Set up style
|
|
|
|
|
|
$style = ($style) ? $style : ((!$config['override_user_style'] && $this->data['user_id'] != ANONYMOUS) ? $this->data['user_style'] : $config['default_style']);
|
|
|
|
|
|
}
|
2002-10-04 13:09:10 +00:00
|
|
|
|
|
2003-07-13 15:13:59 +00:00
|
|
|
|
$sql = 'SELECT DISTINCT s.style_id, t.*, c.*, i.*
|
|
|
|
|
|
FROM ' . STYLES_TABLE . ' s, ' . STYLES_TPL_TABLE . ' t, ' . STYLES_CSS_TABLE . ' c, ' . STYLES_IMAGE_TABLE . " i
|
|
|
|
|
|
WHERE s.style_id IN ($style, " . $config['default_style'] . ')
|
2002-10-04 13:09:10 +00:00
|
|
|
|
AND t.template_id = s.template_id
|
2003-07-13 15:13:59 +00:00
|
|
|
|
AND c.theme_id = s.theme_id
|
|
|
|
|
|
AND i.imageset_id = s.imageset_id';
|
2003-09-07 13:46:51 +00:00
|
|
|
|
$result = $db->sql_query($sql, 3600);
|
2002-10-04 13:09:10 +00:00
|
|
|
|
|
2003-07-13 15:13:59 +00:00
|
|
|
|
if (!($row = $db->sql_fetchrow($result)))
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
2003-01-20 05:12:38 +00:00
|
|
|
|
trigger_error('Could not get style data');
|
2002-10-04 13:09:10 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2003-07-13 15:13:59 +00:00
|
|
|
|
$this->theme = ($row2 = $db->sql_fetchrow($result)) ? array(
|
|
|
|
|
|
($style == $row['style_id']) ? 'primary' : 'secondary' => $row,
|
|
|
|
|
|
($style == $row2['style_id']) ? 'primary' : 'secondary' => $row2) : array('primary' => $row);
|
|
|
|
|
|
|
|
|
|
|
|
$db->sql_freeresult($result);
|
|
|
|
|
|
unset($row);
|
|
|
|
|
|
unset($row2);
|
2002-10-04 13:09:10 +00:00
|
|
|
|
|
2004-05-26 20:29:39 +00:00
|
|
|
|
// Set theme info
|
|
|
|
|
|
$theme_info = array();
|
|
|
|
|
|
$default_theme_info = array(
|
|
|
|
|
|
'pagination_sep' => ', ',
|
|
|
|
|
|
'pagination_goto_page' => true,
|
|
|
|
|
|
'avatar_img_class' => ''
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
foreach ($this->theme as $style_priority => $row)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (file_exists($phpbb_root_path . 'styles/' . $row['theme_path'] . '/theme/theme_info.' . $phpEx))
|
|
|
|
|
|
{
|
|
|
|
|
|
$theme_info = array();
|
|
|
|
|
|
include($phpbb_root_path . 'styles/' . $row['theme_path'] . '/theme/theme_info.' . $phpEx);
|
|
|
|
|
|
if (sizeof($theme_info))
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->theme[$style_priority] = array_merge($this->theme[$style_priority], $theme_info);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
foreach ($default_theme_info as $key => $value)
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!isset($this->theme[$style_priority][$key]))
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->theme[$style_priority][$key] = $value;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
unset($theme_info, $default_theme_info);
|
|
|
|
|
|
|
2003-07-13 15:13:59 +00:00
|
|
|
|
$template->set_template();
|
|
|
|
|
|
|
2004-01-08 12:49:05 +00:00
|
|
|
|
$this->img_lang = (file_exists($phpbb_root_path . 'styles/' . $this->theme['primary']['imageset_path'] . '/imageset/' . $this->lang_name)) ? $this->lang_name : $config['default_lang'];
|
2002-10-04 13:09:10 +00:00
|
|
|
|
|
2004-02-05 13:38:57 +00:00
|
|
|
|
// Does the user need to change their password? If so, redirect to the
|
|
|
|
|
|
// ucp profile reg_details page ... of course do not redirect if we're
|
|
|
|
|
|
// already in the ucp
|
|
|
|
|
|
if (!defined('IN_ADMIN') && $config['chg_passforce'] && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400))
|
|
|
|
|
|
{
|
|
|
|
|
|
global $SID;
|
|
|
|
|
|
|
|
|
|
|
|
if (!preg_match('#' . preg_quote("ucp.$phpEx$SID") . '&i\=[a-z0-9]+?&mode\=reg_details#', $_SERVER['REQUEST_URI']))
|
|
|
|
|
|
{
|
|
|
|
|
|
redirect("ucp.$phpEx$SID&i=profile&mode=reg_details");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-04 13:09:10 +00:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2004-02-28 21:16:15 +00:00
|
|
|
|
// Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion)
|
|
|
|
|
|
//
|
|
|
|
|
|
// $lang_set = array('posting', 'help' => 'faq');
|
|
|
|
|
|
// $lang_set = array('posting', 'viewtopic', 'help' => array('bbcode', 'faq'))
|
|
|
|
|
|
// $lang_set = array(array('posting', 'viewtopic'), 'help' => array('bbcode', 'faq'))
|
|
|
|
|
|
// $lang_set = 'posting'
|
|
|
|
|
|
// $lang_set = array('help' => 'faq', 'db' => array('help:faq', 'posting'))
|
|
|
|
|
|
function add_lang($lang_set, $use_db = false, $use_help = false)
|
|
|
|
|
|
{
|
|
|
|
|
|
global $lang, $help, $phpEx;
|
|
|
|
|
|
|
2004-02-29 12:51:18 +00:00
|
|
|
|
$lang = array();
|
|
|
|
|
|
|
|
|
|
|
|
require($this->lang_path . "common.$phpEx");
|
|
|
|
|
|
|
2004-02-28 21:16:15 +00:00
|
|
|
|
if (is_array($lang_set))
|
|
|
|
|
|
{
|
|
|
|
|
|
foreach ($lang_set as $key => $lang_file)
|
|
|
|
|
|
{
|
2004-03-06 16:58:34 +00:00
|
|
|
|
// Please do not delete this line.
|
|
|
|
|
|
// We have to force the type here, else [array] language inclusion will not work
|
|
|
|
|
|
$key = (string) $key;
|
|
|
|
|
|
|
2004-02-28 21:16:15 +00:00
|
|
|
|
if ($key == 'db')
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->add_lang($lang_file, true, $use_help);
|
|
|
|
|
|
}
|
|
|
|
|
|
else if ($key == 'help')
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->add_lang($lang_file, $use_db, true);
|
|
|
|
|
|
}
|
|
|
|
|
|
else if (!is_array($lang_file))
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->set_lang($lang_file, $use_db, $use_help);
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->add_lang($lang_file, $use_db, $use_help);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
unset($lang_set);
|
|
|
|
|
|
}
|
|
|
|
|
|
else if ($lang_set)
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->set_lang($lang_set, $use_db, $use_help);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ($use_help || sizeof($help))
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->help += $help;
|
|
|
|
|
|
unset($help);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (sizeof($lang))
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->lang += $lang;
|
|
|
|
|
|
// Yes, we unset $lang here, this variable is in use elsewhere
|
|
|
|
|
|
unset($lang);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2004-02-29 12:51:18 +00:00
|
|
|
|
function set_lang($lang_file, $use_db = false, $use_help = false)
|
|
|
|
|
|
{
|
|
|
|
|
|
global $lang, $help, $phpEx;
|
|
|
|
|
|
|
|
|
|
|
|
if (!$use_db)
|
|
|
|
|
|
{
|
2004-05-26 20:29:39 +00:00
|
|
|
|
require ($this->lang_path . (($use_help) ? 'help_' : '') . "$lang_file.$phpEx");
|
2004-02-29 12:51:18 +00:00
|
|
|
|
}
|
|
|
|
|
|
else if ($use_db)
|
|
|
|
|
|
{
|
|
|
|
|
|
// Get Database Language Strings
|
|
|
|
|
|
// Put them into $lang if nothing is prefixed, put them into $help if help: is prefixed
|
|
|
|
|
|
// For example: help:faq, posting
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-08 20:06:55 +00:00
|
|
|
|
function format_date($gmepoch, $format = false)
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
|
|
|
|
|
static $lang_dates;
|
|
|
|
|
|
|
2002-11-01 12:23:08 +00:00
|
|
|
|
if (empty($lang_dates))
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
2002-11-01 12:23:08 +00:00
|
|
|
|
foreach ($this->lang['datetime'] as $match => $replace)
|
2002-10-04 13:09:10 +00:00
|
|
|
|
{
|
|
|
|
|
|
$lang_dates[$match] = $replace;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2004-01-11 00:46:46 +00:00
|
|
|
|
|
2002-11-01 12:23:08 +00:00
|
|
|
|
$format = (!$format) ? $this->date_format : $format;
|
2004-01-11 00:46:46 +00:00
|
|
|
|
|
2002-10-08 20:06:55 +00:00
|
|
|
|
return strtr(@gmdate($format, $gmepoch + $this->timezone + $this->dst), $lang_dates);
|
2002-10-04 13:09:10 +00:00
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
|
2004-01-10 12:23:24 +00:00
|
|
|
|
function get_iso_lang_id()
|
|
|
|
|
|
{
|
|
|
|
|
|
global $config, $db;
|
|
|
|
|
|
|
2004-05-26 20:29:39 +00:00
|
|
|
|
if (isset($this->lang_id))
|
2004-01-10 12:23:24 +00:00
|
|
|
|
{
|
|
|
|
|
|
return $this->lang_id;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2004-01-11 00:46:46 +00:00
|
|
|
|
if (!$this->lang_name)
|
2004-01-10 12:23:24 +00:00
|
|
|
|
{
|
|
|
|
|
|
$this->lang_name = $config['default_lang'];
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2004-02-21 12:47:35 +00:00
|
|
|
|
$sql = 'SELECT lang_id
|
|
|
|
|
|
FROM ' . LANG_TABLE . "
|
|
|
|
|
|
WHERE lang_iso = '{$this->lang_name}'";
|
2004-01-11 00:46:46 +00:00
|
|
|
|
$result = $db->sql_query($sql);
|
|
|
|
|
|
|
2004-01-10 12:23:24 +00:00
|
|
|
|
return (int) $db->sql_fetchfield('lang_id', 0, $result);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Get profile fields for user
|
|
|
|
|
|
function get_profile_fields($user_id)
|
|
|
|
|
|
{
|
|
|
|
|
|
global $user, $db;
|
|
|
|
|
|
|
|
|
|
|
|
if (isset($user->profile_fields))
|
|
|
|
|
|
{
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2004-02-21 12:47:35 +00:00
|
|
|
|
$sql = 'SELECT * FROM ' . CUSTOM_PROFILE_DATA . "
|
|
|
|
|
|
WHERE user_id = $user_id";
|
2004-01-10 12:23:24 +00:00
|
|
|
|
$result = $db->sql_query_limit($sql, 1);
|
|
|
|
|
|
|
|
|
|
|
|
$user->profile_fields = (!($row = $db->sql_fetchrow($result))) ? array() : $row;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2004-01-11 00:46:46 +00:00
|
|
|
|
function img($img, $alt = '', $width = false, $suffix = '')
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2004-05-26 20:29:39 +00:00
|
|
|
|
static $imgs, $phpbb_root_path;
|
2002-10-20 19:19:07 +00:00
|
|
|
|
|
2004-01-11 00:46:46 +00:00
|
|
|
|
if (empty($imgs[$img . $suffix]) || $width)
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2004-05-26 20:29:39 +00:00
|
|
|
|
if (!$this->theme['primary'][$img])
|
|
|
|
|
|
{
|
|
|
|
|
|
$imgs[$img . $suffix] = $alt; //'{{IMG:' . $img . '}}';
|
|
|
|
|
|
return $imgs[$img . $suffix];
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2004-01-08 12:49:05 +00:00
|
|
|
|
if (!$width)
|
|
|
|
|
|
{
|
|
|
|
|
|
list($imgsrc, $height, $width) = explode('*', $this->theme['primary'][$img]);
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
list($imgsrc, $height) = explode('*', $this->theme['primary'][$img]);
|
|
|
|
|
|
}
|
2003-02-17 06:20:41 +00:00
|
|
|
|
|
2004-01-11 00:46:46 +00:00
|
|
|
|
if ($suffix !== '')
|
|
|
|
|
|
{
|
|
|
|
|
|
$imgsrc = str_replace('{SUFFIX}', $suffix, $imgsrc);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2004-01-08 12:49:05 +00:00
|
|
|
|
$imgsrc = '"' . $phpbb_root_path . 'styles/' . $this->theme['primary']['imageset_path'] . '/imageset/' . str_replace('{LANG}', $this->img_lang, $imgsrc) . '"';
|
|
|
|
|
|
$width = ($width) ? ' width="' . $width . '"' : '';
|
|
|
|
|
|
$height = ($height) ? ' height="' . $height . '"' : '';
|
|
|
|
|
|
$alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt;
|
2003-07-13 15:13:59 +00:00
|
|
|
|
|
2004-05-26 20:29:39 +00:00
|
|
|
|
$imgs[$img . $suffix] = '<img src=' . $imgsrc . $width . $height . ' alt="' . $alt . '" title="' . $alt . '" name="' . $img . '" />';
|
2002-10-20 19:19:07 +00:00
|
|
|
|
}
|
2004-01-08 12:49:05 +00:00
|
|
|
|
|
2004-01-11 00:46:46 +00:00
|
|
|
|
return $imgs[$img . $suffix];
|
2002-10-20 19:19:07 +00:00
|
|
|
|
}
|
2003-08-27 16:31:54 +00:00
|
|
|
|
|
|
|
|
|
|
// Start code for checking/setting option bit field for user table (if we go that way)
|
2004-02-10 01:16:48 +00:00
|
|
|
|
function optionget($key, $data = false)
|
2003-08-27 16:31:54 +00:00
|
|
|
|
{
|
2003-08-27 22:25:43 +00:00
|
|
|
|
if (!isset($this->keyvalues[$key]))
|
2003-08-27 16:31:54 +00:00
|
|
|
|
{
|
2004-02-10 01:16:48 +00:00
|
|
|
|
$var = ($data) ? $data : $this->data['user_options'];
|
|
|
|
|
|
$this->keyvalues[$key] = ($var & 1 << $this->keyoptions[$key]) ? true : false;
|
2003-08-27 16:31:54 +00:00
|
|
|
|
}
|
2003-08-27 22:25:43 +00:00
|
|
|
|
return $this->keyvalues[$key];
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2004-02-10 01:16:48 +00:00
|
|
|
|
function optionset($key, $value, $data = false)
|
2003-08-27 22:25:43 +00:00
|
|
|
|
{
|
2004-02-10 01:16:48 +00:00
|
|
|
|
$var = ($data) ? $data : $this->data['user_options'];
|
|
|
|
|
|
|
|
|
|
|
|
if ($value && !($var & 1 << $this->keyoptions[$key]))
|
2003-10-12 00:00:03 +00:00
|
|
|
|
{
|
2004-02-10 01:16:48 +00:00
|
|
|
|
$var += 1 << $this->keyoptions[$key];
|
2003-10-12 00:00:03 +00:00
|
|
|
|
}
|
2004-02-10 01:16:48 +00:00
|
|
|
|
else if (!$value && ($var & 1 << $this->keyoptions[$key]))
|
2003-10-12 00:00:03 +00:00
|
|
|
|
{
|
2004-02-10 01:16:48 +00:00
|
|
|
|
$var -= 1 << $this->keyoptions[$key];
|
2003-10-12 00:00:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
2004-02-10 01:16:48 +00:00
|
|
|
|
return ($data) ? $var : false;
|
2003-10-12 00:00:03 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2004-02-10 01:16:48 +00:00
|
|
|
|
if (!$data)
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->data['user_options'] = $var;
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
else
|
|
|
|
|
|
{
|
|
|
|
|
|
return $var;
|
|
|
|
|
|
}
|
2003-08-27 16:31:54 +00:00
|
|
|
|
}
|
2002-10-04 13:09:10 +00:00
|
|
|
|
}
|
2002-08-22 17:55:55 +00:00
|
|
|
|
|
2002-08-13 16:34:17 +00:00
|
|
|
|
// Will be keeping my eye of 'other products' to ensure these things don't
|
2002-07-14 14:32:45 +00:00
|
|
|
|
// mysteriously appear elsewhere, think up your own solutions!
|
2002-10-04 13:09:10 +00:00
|
|
|
|
class auth
|
2002-08-13 16:34:17 +00:00
|
|
|
|
{
|
2002-08-15 15:45:22 +00:00
|
|
|
|
var $founder = false;
|
2003-07-04 17:17:37 +00:00
|
|
|
|
var $acl = array();
|
2003-01-29 16:12:21 +00:00
|
|
|
|
var $option = array();
|
2003-03-29 18:25:41 +00:00
|
|
|
|
var $acl_options = array();
|
2002-08-15 15:45:22 +00:00
|
|
|
|
|
2002-11-01 12:23:08 +00:00
|
|
|
|
function acl(&$userdata)
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2003-03-29 18:25:41 +00:00
|
|
|
|
global $db, $cache;
|
2002-10-20 19:19:07 +00:00
|
|
|
|
|
2003-03-29 18:25:41 +00:00
|
|
|
|
if (!($this->acl_options = $cache->get('acl_options')))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2003-10-12 00:00:03 +00:00
|
|
|
|
$sql = 'SELECT auth_option, is_global, is_local
|
|
|
|
|
|
FROM ' . ACL_OPTIONS_TABLE . '
|
2003-07-04 17:17:37 +00:00
|
|
|
|
ORDER BY auth_option_id';
|
2003-03-29 18:25:41 +00:00
|
|
|
|
$result = $db->sql_query($sql);
|
|
|
|
|
|
|
|
|
|
|
|
$global = $local = 0;
|
|
|
|
|
|
while ($row = $db->sql_fetchrow($result))
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2003-03-29 18:25:41 +00:00
|
|
|
|
if (!empty($row['is_global']))
|
|
|
|
|
|
{
|
2003-04-12 20:01:57 +00:00
|
|
|
|
$this->acl_options['global'][$row['auth_option']] = $global++;
|
2003-03-29 18:25:41 +00:00
|
|
|
|
}
|
|
|
|
|
|
if (!empty($row['is_local']))
|
|
|
|
|
|
{
|
2003-04-12 20:01:57 +00:00
|
|
|
|
$this->acl_options['local'][$row['auth_option']] = $local++;
|
2003-03-29 18:25:41 +00:00
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
}
|
2003-03-29 18:25:41 +00:00
|
|
|
|
$db->sql_freeresult($result);
|
2002-10-20 19:19:07 +00:00
|
|
|
|
|
2003-03-29 18:25:41 +00:00
|
|
|
|
$cache->put('acl_options', $this->acl_options);
|
2003-03-30 14:22:34 +00:00
|
|
|
|
$this->acl_clear_prefetch();
|
2003-03-29 18:25:41 +00:00
|
|
|
|
$this->acl_cache($userdata);
|
|
|
|
|
|
}
|
2003-07-04 17:17:37 +00:00
|
|
|
|
else if (!$userdata['user_permissions'])
|
2003-03-29 18:25:41 +00:00
|
|
|
|
{
|
|
|
|
|
|
$this->acl_cache($userdata);
|
|
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
|
2003-07-04 17:17:37 +00:00
|
|
|
|
foreach (explode("\n", $userdata['user_permissions']) as $f => $seq)
|
2003-03-29 18:25:41 +00:00
|
|
|
|
{
|
2003-07-04 17:17:37 +00:00
|
|
|
|
if ($seq)
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$i = 0;
|
|
|
|
|
|
while ($subseq = substr($seq, $i, 6))
|
|
|
|
|
|
{
|
2004-05-26 20:29:39 +00:00
|
|
|
|
if (!isset($this->acl[$f]))
|
|
|
|
|
|
{
|
|
|
|
|
|
$this->acl[$f] = '';
|
|
|
|
|
|
}
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT);
|
|
|
|
|
|
$i += 6;
|
|
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
}
|
2003-01-29 16:12:21 +00:00
|
|
|
|
}
|
2002-10-06 11:57:45 +00:00
|
|
|
|
return;
|
|
|
|
|
|
}
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2002-10-06 11:57:45 +00:00
|
|
|
|
// Look up an option
|
2003-01-29 16:12:21 +00:00
|
|
|
|
function acl_get($opt, $f = 0)
|
2002-10-06 11:57:45 +00:00
|
|
|
|
{
|
2003-01-29 16:12:21 +00:00
|
|
|
|
static $cache;
|
2002-10-26 12:34:39 +00:00
|
|
|
|
|
2003-03-29 18:25:41 +00:00
|
|
|
|
if (!isset($cache[$f][$opt]))
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$cache[$f][$opt] = false;
|
2003-03-29 18:25:41 +00:00
|
|
|
|
if (isset($this->acl_options['global'][$opt]))
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2004-05-26 20:29:39 +00:00
|
|
|
|
if (isset($this->acl[0]))
|
|
|
|
|
|
{
|
|
|
|
|
|
$cache[$f][$opt] = $this->acl[0]{$this->acl_options['global'][$opt]};
|
|
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
}
|
2003-03-29 18:25:41 +00:00
|
|
|
|
if (isset($this->acl_options['local'][$opt]))
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2004-05-26 20:29:39 +00:00
|
|
|
|
if (isset($this->acl[$f]))
|
|
|
|
|
|
{
|
|
|
|
|
|
$cache[$f][$opt] |= $this->acl[$f]{$this->acl_options['local'][$opt]};
|
|
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2003-01-29 18:36:26 +00:00
|
|
|
|
|
2003-06-19 13:19:39 +00:00
|
|
|
|
// Needs to change ... check founder status when updating cache?
|
2003-07-04 17:17:37 +00:00
|
|
|
|
return $cache[$f][$opt];
|
2002-11-01 12:23:08 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2003-06-19 13:19:39 +00:00
|
|
|
|
function acl_getf($opt)
|
|
|
|
|
|
{
|
|
|
|
|
|
static $cache;
|
|
|
|
|
|
|
|
|
|
|
|
if (isset($this->acl_options['local'][$opt]))
|
|
|
|
|
|
{
|
2003-10-12 00:00:03 +00:00
|
|
|
|
foreach ($this->acl as $f => $bitstring)
|
2003-06-19 13:19:39 +00:00
|
|
|
|
{
|
2003-10-12 00:00:03 +00:00
|
|
|
|
if (!isset($cache[$f][$opt]))
|
2003-06-19 13:19:39 +00:00
|
|
|
|
{
|
2003-10-12 00:00:03 +00:00
|
|
|
|
$cache[$f][$opt] = false;
|
2003-06-19 13:19:39 +00:00
|
|
|
|
|
2003-10-12 00:00:03 +00:00
|
|
|
|
$cache[$f][$opt] = $bitstring{$this->acl_options['local'][$opt]};
|
2003-06-19 13:19:39 +00:00
|
|
|
|
if (isset($this->acl_options['global'][$opt]))
|
|
|
|
|
|
{
|
2003-10-12 00:00:03 +00:00
|
|
|
|
$cache[$f][$opt] |= $this->acl[0]{$this->acl_options['global'][$opt]};
|
2003-06-19 13:19:39 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2003-10-12 00:00:03 +00:00
|
|
|
|
return $cache;
|
2003-06-19 13:19:39 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2002-11-01 12:23:08 +00:00
|
|
|
|
function acl_gets()
|
|
|
|
|
|
{
|
2003-01-29 16:12:21 +00:00
|
|
|
|
$args = func_get_args();
|
|
|
|
|
|
$f = array_pop($args);
|
2002-11-01 12:23:08 +00:00
|
|
|
|
|
2003-02-27 16:14:25 +00:00
|
|
|
|
if (!is_numeric($f))
|
2002-11-01 12:23:08 +00:00
|
|
|
|
{
|
2003-01-29 16:12:21 +00:00
|
|
|
|
$args[] = $f;
|
|
|
|
|
|
$f = 0;
|
2002-11-01 12:23:08 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2003-02-27 03:22:27 +00:00
|
|
|
|
// alternate syntax: acl_gets(array('m_', 'a_'), $forum_id)
|
|
|
|
|
|
if (is_array($args[0]))
|
|
|
|
|
|
{
|
|
|
|
|
|
$args = $args[0];
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-11-01 12:23:08 +00:00
|
|
|
|
$acl = 0;
|
2003-01-29 16:12:21 +00:00
|
|
|
|
foreach ($args as $opt)
|
2002-11-01 12:23:08 +00:00
|
|
|
|
{
|
2003-01-29 16:12:21 +00:00
|
|
|
|
$acl |= $this->acl_get($opt, $f);
|
2002-11-01 12:23:08 +00:00
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
|
2002-11-01 12:23:08 +00:00
|
|
|
|
return $acl;
|
2002-10-06 11:57:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2003-11-17 23:36:43 +00:00
|
|
|
|
function acl_get_list($user_id = false, $opts = false, $forum_id = false)
|
2002-10-06 11:57:45 +00:00
|
|
|
|
{
|
2003-11-17 23:36:43 +00:00
|
|
|
|
$hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id);
|
2002-08-17 22:08:34 +00:00
|
|
|
|
|
2003-11-17 23:36:43 +00:00
|
|
|
|
$auth_ary = array();
|
|
|
|
|
|
foreach ($hold_ary as $user_id => $forum_ary)
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2003-11-17 23:36:43 +00:00
|
|
|
|
foreach ($forum_ary as $forum_id => $auth_option_ary)
|
2003-04-15 17:33:35 +00:00
|
|
|
|
{
|
2003-11-17 23:36:43 +00:00
|
|
|
|
foreach ($auth_option_ary as $auth_option => $auth_setting)
|
|
|
|
|
|
{
|
|
|
|
|
|
if ($auth_setting == ACL_YES)
|
|
|
|
|
|
{
|
|
|
|
|
|
$auth_ary[$forum_id][$auth_option][] = $user_id;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2003-04-15 17:33:35 +00:00
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2003-11-17 23:36:43 +00:00
|
|
|
|
return $auth_ary;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Cache data
|
|
|
|
|
|
function acl_cache(&$userdata)
|
|
|
|
|
|
{
|
|
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
|
|
|
|
$hold_ary = $this->acl_raw_data($userdata['user_id'], false, false);
|
|
|
|
|
|
$hold_ary = $hold_ary[$userdata['user_id']];
|
|
|
|
|
|
|
2003-07-04 17:17:37 +00:00
|
|
|
|
// If this user is founder we're going to force fill the admin options ...
|
2003-10-15 17:43:07 +00:00
|
|
|
|
if ($userdata['user_type'] == USER_FOUNDER)
|
2002-10-06 11:57:45 +00:00
|
|
|
|
{
|
2003-07-04 17:17:37 +00:00
|
|
|
|
foreach ($this->acl_options['global'] as $opt => $id)
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2003-07-04 17:17:37 +00:00
|
|
|
|
if (strstr($opt, 'a_'))
|
2003-04-24 18:23:35 +00:00
|
|
|
|
{
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$hold_ary[0][$opt] = 1;
|
2003-04-24 18:23:35 +00:00
|
|
|
|
}
|
2003-07-04 17:17:37 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2003-04-24 18:23:35 +00:00
|
|
|
|
|
2003-11-17 23:36:43 +00:00
|
|
|
|
$hold_str = $userdata['user_permissions'];
|
2003-07-04 17:17:37 +00:00
|
|
|
|
if (is_array($hold_ary))
|
|
|
|
|
|
{
|
|
|
|
|
|
ksort($hold_ary);
|
2002-10-20 19:19:07 +00:00
|
|
|
|
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$last_f = 0;
|
|
|
|
|
|
foreach ($hold_ary as $f => $auth_ary)
|
|
|
|
|
|
{
|
|
|
|
|
|
$ary_key = (!$f) ? 'global' : 'local';
|
2003-04-24 18:23:35 +00:00
|
|
|
|
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$bitstring = array();
|
2003-03-29 18:25:41 +00:00
|
|
|
|
foreach ($this->acl_options[$ary_key] as $opt => $id)
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2003-01-29 16:12:21 +00:00
|
|
|
|
if (!empty($auth_ary[$opt]))
|
2002-10-20 19:19:07 +00:00
|
|
|
|
{
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$bitstring[$id] = 1;
|
2002-10-26 12:34:39 +00:00
|
|
|
|
|
2003-01-29 16:12:21 +00:00
|
|
|
|
$option_key = substr($opt, 0, strpos($opt, '_') + 1);
|
2003-03-29 18:25:41 +00:00
|
|
|
|
if (empty($holding[$this->acl_options[$ary_key][$option_key]]))
|
2002-10-26 12:34:39 +00:00
|
|
|
|
{
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$bitstring[$this->acl_options[$ary_key][$option_key]] = 1;
|
2002-10-26 12:34:39 +00:00
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
}
|
2003-01-29 16:12:21 +00:00
|
|
|
|
else
|
|
|
|
|
|
{
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$bitstring[$id] = 0;
|
2003-01-29 16:12:21 +00:00
|
|
|
|
}
|
2002-10-20 19:19:07 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$bitstring = implode('', $bitstring);
|
2003-03-29 18:25:41 +00:00
|
|
|
|
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$hold_str .= str_repeat("\n", $f - $last_f);
|
2002-08-15 15:45:22 +00:00
|
|
|
|
|
2003-07-04 17:17:37 +00:00
|
|
|
|
for ($i = 0; $i < strlen($bitstring); $i += 31)
|
2003-01-29 18:36:26 +00:00
|
|
|
|
{
|
2003-08-24 18:16:53 +00:00
|
|
|
|
$hold_str .= str_pad(base_convert(str_pad(substr($bitstring, $i, 31), 31, 0, STR_PAD_RIGHT), 2, 36), 6, 0, STR_PAD_LEFT);
|
2003-01-29 18:36:26 +00:00
|
|
|
|
}
|
2003-07-04 17:17:37 +00:00
|
|
|
|
|
|
|
|
|
|
$last_f = $f;
|
2003-01-29 18:36:26 +00:00
|
|
|
|
}
|
2003-07-04 17:17:37 +00:00
|
|
|
|
unset($bitstring);
|
2003-01-29 18:36:26 +00:00
|
|
|
|
|
2003-11-17 23:36:43 +00:00
|
|
|
|
$userdata['user_permissions'] = rtrim($hold_str);
|
2002-10-20 19:19:07 +00:00
|
|
|
|
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$sql = 'UPDATE ' . USERS_TABLE . "
|
2003-11-17 23:36:43 +00:00
|
|
|
|
SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "'
|
2002-10-09 20:53:42 +00:00
|
|
|
|
WHERE user_id = " . $userdata['user_id'];
|
|
|
|
|
|
$db->sql_query($sql);
|
2002-08-18 17:36:01 +00:00
|
|
|
|
}
|
2003-07-04 17:17:37 +00:00
|
|
|
|
unset($hold_ary);
|
2002-08-15 15:45:22 +00:00
|
|
|
|
|
2002-10-08 20:06:55 +00:00
|
|
|
|
return;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2003-11-17 23:36:43 +00:00
|
|
|
|
function acl_raw_data($user_id = false, $opts = false, $forum_id = false)
|
2003-11-10 15:03:47 +00:00
|
|
|
|
{
|
|
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
|
|
|
|
$sql_user = ($user_id) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
|
|
|
|
|
|
$sql_forum = ($forum_id) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
|
2003-11-15 22:20:40 +00:00
|
|
|
|
$sql_opts = ($opts) ? ((!is_array($opts)) ? "AND ao.auth_option = '$opts'" : 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')') : '';
|
2003-11-10 15:03:47 +00:00
|
|
|
|
|
|
|
|
|
|
$hold_ary = array();
|
|
|
|
|
|
// First grab user settings ... each user has only one setting for each
|
|
|
|
|
|
// option ... so we shouldn't need any ACL_NO checks ... he says ...
|
|
|
|
|
|
$sql = 'SELECT ao.auth_option, a.user_id, a.forum_id, a.auth_setting
|
|
|
|
|
|
FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a
|
|
|
|
|
|
WHERE ao.auth_option_id = a.auth_option_id
|
|
|
|
|
|
' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
|
|
|
|
|
|
$sql_forum
|
|
|
|
|
|
$sql_opts
|
|
|
|
|
|
ORDER BY a.forum_id, ao.auth_option";
|
|
|
|
|
|
$result = $db->sql_query($sql);
|
|
|
|
|
|
|
|
|
|
|
|
while ($row = $db->sql_fetchrow($result))
|
|
|
|
|
|
{
|
|
|
|
|
|
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
|
|
|
|
|
|
}
|
|
|
|
|
|
$db->sql_freeresult($result);
|
|
|
|
|
|
|
|
|
|
|
|
// Now grab group settings ... ACL_NO overrides ACL_YES so act appropriatley
|
|
|
|
|
|
$sql = 'SELECT ug.user_id, ao.auth_option, a.forum_id, a.auth_setting
|
|
|
|
|
|
FROM ' . USER_GROUP_TABLE . ' ug, ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a
|
|
|
|
|
|
WHERE ao.auth_option_id = a.auth_option_id
|
|
|
|
|
|
AND a.group_id = ug.group_id
|
|
|
|
|
|
' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
|
|
|
|
|
|
$sql_forum
|
|
|
|
|
|
$sql_opts
|
|
|
|
|
|
ORDER BY a.forum_id, ao.auth_option";
|
|
|
|
|
|
$result = $db->sql_query($sql);
|
|
|
|
|
|
|
|
|
|
|
|
while ($row = $db->sql_fetchrow($result))
|
|
|
|
|
|
{
|
|
|
|
|
|
if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NO))
|
|
|
|
|
|
{
|
|
|
|
|
|
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
$db->sql_freeresult($result);
|
|
|
|
|
|
|
2003-11-17 23:36:43 +00:00
|
|
|
|
return $hold_ary;
|
2003-11-10 15:03:47 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2003-01-21 14:37:56 +00:00
|
|
|
|
// Clear one or all users cached permission settings
|
|
|
|
|
|
function acl_clear_prefetch($user_id = false)
|
|
|
|
|
|
{
|
|
|
|
|
|
global $db;
|
|
|
|
|
|
|
2004-01-30 12:14:48 +00:00
|
|
|
|
$where_sql = ($user_id) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : '';
|
2003-01-21 14:37:56 +00:00
|
|
|
|
|
2003-07-04 17:17:37 +00:00
|
|
|
|
$sql = 'UPDATE ' . USERS_TABLE . "
|
2003-01-21 14:37:56 +00:00
|
|
|
|
SET user_permissions = ''
|
|
|
|
|
|
$where_sql";
|
|
|
|
|
|
$db->sql_query($sql);
|
|
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-04 13:09:10 +00:00
|
|
|
|
// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
|
2003-03-09 16:11:08 +00:00
|
|
|
|
function login($username, $password, $autologin = false, $viewonline = 1)
|
2002-08-06 16:56:14 +00:00
|
|
|
|
{
|
2003-01-31 02:14:48 +00:00
|
|
|
|
global $config, $user, $phpbb_root_path, $phpEx;
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2002-10-30 00:57:27 +00:00
|
|
|
|
$method = trim($config['auth_method']);
|
2002-07-14 14:32:45 +00:00
|
|
|
|
|
2003-01-31 02:14:48 +00:00
|
|
|
|
if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2003-01-31 02:14:48 +00:00
|
|
|
|
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
|
2002-08-06 16:56:14 +00:00
|
|
|
|
|
|
|
|
|
|
$method = 'login_' . $method;
|
2002-11-01 12:23:08 +00:00
|
|
|
|
if (function_exists($method))
|
2002-07-14 14:32:45 +00:00
|
|
|
|
{
|
2003-03-09 16:11:08 +00:00
|
|
|
|
$login = $method($username, $password);
|
|
|
|
|
|
|
|
|
|
|
|
// If login returned anything other than an array there was an error
|
|
|
|
|
|
if (!is_array($login))
|
2002-08-06 16:56:14 +00:00
|
|
|
|
{
|
2003-03-09 16:11:08 +00:00
|
|
|
|
return $login;
|
2002-08-06 16:56:14 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
2002-11-02 21:44:36 +00:00
|
|
|
|
$autologin = (!empty($autologin)) ? md5($password) : '';
|
2003-07-04 17:17:37 +00:00
|
|
|
|
|
2003-10-15 17:43:07 +00:00
|
|
|
|
// Trigger EVENT_LOGIN
|
|
|
|
|
|
return $user->create($login['user_id'], $autologin, true, $viewonline);
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2002-10-20 19:19:07 +00:00
|
|
|
|
trigger_error('Authentication method not found', E_USER_ERROR);
|
2002-08-06 16:56:14 +00:00
|
|
|
|
}
|
2002-07-14 14:32:45 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
?>
|
