mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-06 16:56:44 +02:00
phpBB 2 is started
git-svn-id: file:///svn/phpbb/trunk@13 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
James Atkinson
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/***************************************************************************
|
||||
*
|
||||
* auth.php
|
||||
* -------------------
|
||||
* begin : Saturday, Feb 13, 2001
|
||||
* copyright : (C) 2001 The phpBB Group
|
||||
@@ -22,6 +22,124 @@
|
||||
*
|
||||
***************************************************************************/
|
||||
|
||||
/* Notes:
|
||||
* auth() is going to become a very complex function and can take in a LARGE number of arguments.
|
||||
* The currently included argements should be enough to handle any situation, however, if you need access to another
|
||||
* the best option would be to create a global variable and access it that way if you can.
|
||||
*
|
||||
* auth() returns:
|
||||
* TRUE if the user authorized
|
||||
* FALSE if the user is not
|
||||
*/
|
||||
function auth($type,
|
||||
$db,
|
||||
$user_id = "",
|
||||
$user_name = "",
|
||||
$user_pass = "",
|
||||
$user_level = "",
|
||||
$session_id = "",
|
||||
$user_ip = "",
|
||||
$forum_id = "",
|
||||
$topic_id = "",
|
||||
$post_id = "")
|
||||
{
|
||||
switch($type)
|
||||
{
|
||||
case 'ip ban':
|
||||
$sql = "DELETE FROM banlist
|
||||
WHERE (ban_end < ". mktime(date("H"), date("i"), date("s"), date("m"), date("d"), date("Y")).")
|
||||
AND (ban_end > 0)";
|
||||
$db->sql_query($sql);
|
||||
$sql = "SELECT ban_ip FROM banlist";
|
||||
if($result = $db->sql_query($sql))
|
||||
{
|
||||
if($totalrows = $db->sql_numrows())
|
||||
{
|
||||
$iprow = $db->sql_fetchrowset($result);
|
||||
for($x = 0; $x < $totalrows; $x++)
|
||||
{
|
||||
$ip = $iprow[$x]["ban_ip"];
|
||||
if($ip[strlen($ip) - 1] == ".")
|
||||
{
|
||||
$db_ip = explode(".", $ip);
|
||||
$this_ip = explode(".", $user_ip);
|
||||
|
||||
for($x = 0; $x < count($db_ip) - 1; $x++)
|
||||
{
|
||||
$my_ip .= $this_ip[$x] . ".";
|
||||
}
|
||||
|
||||
if($my_ip == $ip)
|
||||
{
|
||||
return(FALSE);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if($ipuser == $ip)
|
||||
{
|
||||
return(FALSE);
|
||||
}
|
||||
}
|
||||
}
|
||||
return(TRUE);
|
||||
}
|
||||
else
|
||||
{
|
||||
return(TRUE);
|
||||
}
|
||||
}
|
||||
return(TRUE);
|
||||
break;
|
||||
case 'username ban':
|
||||
$sql = "DELETE FROM banlist
|
||||
WHERE (ban_end < ". mktime(date("H"), date("i"), date("s"), date("m"), date("d"), date("Y")).")
|
||||
AND (ban_end > 0)";
|
||||
$db->sql_query($sql);
|
||||
$sql = "SELECT ban_userid FROM banlist WHERE ban_userid = '$user_id'";
|
||||
if($result = $db->sql_query($sql))
|
||||
{
|
||||
if($db->sql_numrows())
|
||||
{
|
||||
return(FALSE);
|
||||
}
|
||||
else
|
||||
{
|
||||
return(TRUE);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
return(TRUE);
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* The following functions are used for getting user information. They are not related directly to auth()
|
||||
*/
|
||||
|
||||
function get_userdata_from_id($userid, $db)
|
||||
{
|
||||
|
||||
$sql = "SELECT * FROM users WHERE user_id = $userid";
|
||||
if(!$result = $db->sql_query($sql))
|
||||
{
|
||||
$userdata = array("error" => "1");
|
||||
return ($userdata);
|
||||
}
|
||||
if($db->sql_numrows())
|
||||
{
|
||||
$myrow = $db->sql_fetchrowset($result);
|
||||
return($myrow[0]);
|
||||
}
|
||||
else
|
||||
{
|
||||
$userdata = array("error" => "1");
|
||||
return ($userdata);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/***************************************************************************
|
||||
*
|
||||
* sessions.php
|
||||
* -------------------
|
||||
* begin : Saturday, Feb 13, 2001
|
||||
* copyright : (C) 2001 The phpBB Group
|
||||
@@ -23,5 +23,118 @@
|
||||
***************************************************************************/
|
||||
|
||||
|
||||
/**
|
||||
* new_session()
|
||||
* Adds a new session to the database for the given userid.
|
||||
* Returns the new session ID.
|
||||
* Also deletes all expired sessions from the database, based on the given session lifespan.
|
||||
*/
|
||||
function new_session($userid, $remote_ip, $lifespan, $db)
|
||||
{
|
||||
|
||||
mt_srand( (double) microtime() * 1000000);
|
||||
$sessid = mt_rand();
|
||||
|
||||
$currtime = (string) (time());
|
||||
$expirytime = (string) (time() - $lifespan);
|
||||
|
||||
$deleteSQL = "DELETE FROM sessions WHERE (start_time < $expirytime)";
|
||||
$delresult = $db->sql_query($deleteSQL);
|
||||
|
||||
if (!$delresult)
|
||||
{
|
||||
error_die($db, SESSION_CREATE);
|
||||
}
|
||||
|
||||
$sql = "INSERT INTO sessions (sess_id, user_id, start_time, remote_ip) VALUES ($sessid, $userid, $currtime, '$remote_ip')";
|
||||
|
||||
$result = $db->sql_query($sql);
|
||||
|
||||
if ($result)
|
||||
{
|
||||
return $sessid;
|
||||
}
|
||||
else
|
||||
{
|
||||
error_die($db, SESSION_CREATE);
|
||||
} // if/else
|
||||
|
||||
} // new_session()
|
||||
|
||||
/*
|
||||
* Sets the sessID cookie for the given session ID. the $cookietime parameter
|
||||
* is no longer used, but just hasn't been removed yet. It'll break all the modules
|
||||
* (just login) that call this code when it gets removed.
|
||||
* Sets a cookie with no specified expiry time. This makes the cookie last until the
|
||||
* user's browser is closed. (at last that's the case in IE5 and NS4.7.. Haven't tried
|
||||
* it with anything else.)
|
||||
*/
|
||||
function set_session_cookie($sessid, $cookietime, $cookiename, $cookiepath, $cookiedomain, $cookiesecure)
|
||||
{
|
||||
// This sets a cookie that will persist until the user closes their browser window.
|
||||
// since session expiry is handled on the server-side, cookie expiry time isn't a big deal.
|
||||
setcookie($cookiename, $sessid, '', $cookiepath, $cookiedomain, $cookiesecure);
|
||||
|
||||
} // set_session_cookie()
|
||||
|
||||
/*
|
||||
* Returns the userID associated with the given session, based on
|
||||
* the given session lifespan $cookietime and the given remote IP
|
||||
* address. If no match found, returns 0.
|
||||
*/
|
||||
function get_userid_from_session($sessid, $cookietime, $remote_ip, $db)
|
||||
{
|
||||
$mintime = time() - $cookietime;
|
||||
$sql = "SELECT user_id
|
||||
FROM sessions
|
||||
WHERE (sess_id = $sessid)
|
||||
AND (start_time > $mintime)
|
||||
AND (remote_ip = '$remote_ip')";
|
||||
$result = $db->sql_query($sql);
|
||||
if (!$result)
|
||||
{
|
||||
error_die($db, "Error doing DB query in get_userid_from_session()");
|
||||
}
|
||||
$rowset = $db->sql_fetchrowset();
|
||||
$num_rows = $db->sql_numrows();
|
||||
if ($num_rows == 0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
return $rowset[0]["user_id"];
|
||||
}
|
||||
|
||||
} // get_userid_from_session()
|
||||
|
||||
|
||||
function update_session_time($sessid, $db)
|
||||
{
|
||||
|
||||
$newtime = (string) time();
|
||||
$sql = "UPDATE sessions SET start_time=$newtime WHERE (sess_id = $sessid)";
|
||||
$result = $db->sql_query($sql);
|
||||
if (!$result)
|
||||
{
|
||||
$db_error = $db->sql_error();
|
||||
error_die($db, "Error doing DB update in update_session_time(). Reason: " . $db_error["message"]);
|
||||
}
|
||||
return 1;
|
||||
|
||||
} // update_session_time()
|
||||
|
||||
function end_user_session($userid, $db)
|
||||
{
|
||||
$sql = "DELETE FROM sessions WHERE (user_id = $userid)";
|
||||
$result = $db->sql_query($sql, $db);
|
||||
if (!$result)
|
||||
{
|
||||
$db_error = $db->sql_error();
|
||||
error_die($db, "Delete failed in end_user_session(). Reason: " . $db_error["message"]);
|
||||
}
|
||||
return 1;
|
||||
|
||||
} // end_session()
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user