From e168cd2793e975e12e9f13d916d99816571359bb Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 10 Oct 2006 13:59:02 +0000 Subject: [PATCH] ok, i do not why the db is setting the type for user id to string - but with this change bots should no longer "spawn" sessions. ;) git-svn-id: file:///svn/phpbb/trunk@6475 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 0489bdba38..09a52feb1f 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -430,6 +430,9 @@ class session $this->data['session_last_visit'] = $this->time_now; } + // Force user id to be integer... + $this->data['user_id'] = (int) $this->data['user_id']; + // At this stage we should have a filled data array, defined cookie u and k data. // data array should contain recent session info if we're a real user and a recent // session exists in which case session_id will also be set @@ -445,7 +448,7 @@ class session $this->data['is_bot'] = ($bot) ? true : false; // If our friend is a bot, we re-assign a previously assigned session - if ($this->data['is_bot'] && $bot === $this->data['user_id'] && $this->data['session_id']) + if ($this->data['is_bot'] && $bot == $this->data['user_id'] && $this->data['session_id']) { // Only assign the current session if the ip and browser match... $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));