1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00

2.0.18 changes

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5283 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2005-10-30 15:17:14 +00:00
parent 37f67fdea9
commit 9b9618f2dd
30 changed files with 503 additions and 178 deletions

View File

@@ -57,73 +57,90 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
$last_visit = 0;
$current_time = time();
$expiry_time = $current_time - $board_config['session_length'];
//
// Try and pull the last time stored in a cookie, if it exists
// Are auto-logins allowed?
// If allow_autologin is not set or is true then they are
// (same behaviour as old 2.0.x session code)
//
$sql = "SELECT *
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if ( !($result = $db->sql_query($sql)) )
if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin'])
{
message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql);
$enable_autologin = $sessiondata['autologinid'] = false;
}
$userdata = $db->sql_fetchrow($result);
//
// First off attempt to join with the autologin value if we have one
// If not, just use the user_id value
//
$userdata = array();
if ( $user_id != ANONYMOUS )
if ($user_id != ANONYMOUS)
{
$auto_login_key = $userdata['user_password'];
if ( $auto_create )
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id)
{
if ( isset($sessiondata['autologinid']) && $userdata['user_active'] )
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
WHERE u.user_id = ' . (int) $user_id . "
AND u.user_active = 1
AND k.user_id = u.user_id
AND k.key_id = '" . md5($sessiondata['autologinid']) . "'";
if (!($result = $db->sql_query($sql)))
{
// We have to login automagically
if( $sessiondata['autologinid'] === $auto_login_key )
{
// autologinid matches password
$login = 1;
$enable_autologin = 1;
}
else
{
// No match; don't login, set as anonymous user
$login = 0;
$enable_autologin = 0;
$user_id = $userdata['user_id'] = ANONYMOUS;
$sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS;
$result = $db->sql_query($sql);
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
else
{
// Autologin is not set. Don't login, set as anonymous user
$login = 0;
$enable_autologin = 0;
$user_id = $userdata['user_id'] = ANONYMOUS;
$sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS;
$result = $db->sql_query($sql);
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$enable_autologin = $login = 1;
}
else
else if (!$auto_create)
{
$sessiondata['autologinid'] = '';
$sessiondata['userid'] = $user_id;
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id . '
AND user_active = 1';
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$login = 1;
}
}
else
//
// At this point either $userdata should be populated or
// one of the below is true
// * Key didn't match one in the DB
// * User does not exist
// * User is inactive
//
if (!sizeof($userdata) || !is_array($userdata) || !$userdata)
{
$login = 0;
$enable_autologin = 0;
$sessiondata['autologinid'] = '';
$sessiondata['userid'] = $user_id = ANONYMOUS;
$enable_autologin = $login = 0;
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id;
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
//
// Initial ban check against user id, IP and email address
//
@@ -174,7 +191,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
}
if ( $user_id != ANONYMOUS )
{// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : (
{
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
if (!$admin)
@@ -190,7 +207,41 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
$userdata['user_lastvisit'] = $last_visit;
$sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];
//
// Regenerate the auto-login key
//
if ($enable_autologin)
{
list($sec, $usec) = explode(' ', microtime());
mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
$auto_login_key = uniqid(mt_rand(), true);
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '')
{
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($sessiondata['autologinid']) . "'";
}
else
{
$sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login)
VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)";
}
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
$sessiondata['autologinid'] = $auto_login_key;
unset($auto_login_key);
}
else
{
$sessiondata['autologinid'] = '';
}
// $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];
$sessiondata['userid'] = $user_id;
}
@@ -202,6 +253,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
$userdata['session_start'] = $current_time;
$userdata['session_time'] = $current_time;
$userdata['session_admin'] = $admin;
$userdata['session_key'] = $sessiondata['autologinid'];
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
@@ -313,18 +365,7 @@ function session_pagestart($user_ip, $thispage_id)
}
}
//
// Delete expired sessions
//
$expiry_time = $current_time - $board_config['session_length'];
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_time < $expiry_time
AND session_id <> '$session_id'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
}
session_clean($userdata['session_id']);
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
@@ -350,14 +391,14 @@ function session_pagestart($user_ip, $thispage_id)
}
//
// session_end closes out a session
// deleting the corresponding entry
// in the sessions table
//
/**
* Terminates the specified session
* It will delete the entry in the sessions table for this session,
* remove the corresponding auto-login key and reset the cookies
*/
function session_end($session_id, $user_id)
{
global $db, $lang, $board_config;
global $db, $lang, $board_config, $userdata;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
$cookiename = $board_config['cookie_name'];
@@ -367,20 +408,6 @@ function session_end($session_id, $user_id)
$current_time = time();
//
// Pull cookiedata or grab the URI propagated sid
//
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) )
{
$session_id = isset( $HTTP_COOKIE_VARS[$cookiename . '_sid'] ) ? $HTTP_COOKIE_VARS[$cookiename . '_sid'] : '';
$sessionmethod = SESSION_METHOD_COOKIE;
}
else
{
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
return;
@@ -389,7 +416,7 @@ function session_end($session_id, $user_id)
//
// Delete existing session
//
$sql = "DELETE FROM " . SESSIONS_TABLE . "
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE session_id = '$session_id'
AND session_user_id = $user_id";
if ( !$db->sql_query($sql) )
@@ -397,12 +424,78 @@ function session_end($session_id, $user_id)
message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
}
//
// Remove this auto-login entry (if applicable)
//
if ( isset($userdata['session_key']) && $userdata['session_key'] != '' )
{
$autologin_key = md5($userdata['session_key']);
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user_id . "
AND key_id = '$autologin_key'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing auto-login key', '', __LINE__, __FILE__, $sql);
}
}
//
// We expect that message_die will be called after this function,
// but just in case it isn't, reset $userdata to the details for a guest
//
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . ANONYMOUS;
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql);
}
if ( !($userdata = $db->sql_fetchrow($result)) )
{
message_die(CRITICAL_ERROR, 'Error obtaining user details', '', __LINE__, __FILE__, $sql);
}
$db->sql_freeresult($result);
setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
return true;
}
/**
* Removes expired sessions and auto-login keys from the database
*/
function session_clean($session_id)
{
global $board_config, $db;
//
// Delete expired sessions
//
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
WHERE session_time < ' . (time() - (int) $board_config['session_length']) . "
AND session_id <> '$session_id'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
}
//
// Delete expired auto-login keys
// If max_autologin_time is not set then keys will never be deleted
// (same behaviour as old 2.0.x session code)
//
if (!empty($board_config['max_autologin_time']) && $board_config['max_autologin_time'] > 0)
{
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE last_login < ' . (time() - (86400 * (int) $board_config['max_autologin_time']));
$db->sql_query($sql);
}
return true;
}
//
// Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper