mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-01 03:54:56 +02:00
Code Issues Releases Wiki Activity
php-phpbb/phpBB/functions/sessions.php
Paul S. Owen 61b3ee1520 New session code ... lotsa changes 
git-svn-id: file:///svn/phpbb/trunk@120 89ea8834-ac86-4346-8a33-228a782c2dd0
2001-03-21 23:18:39 +00:00

360 lines
8.8 KiB
PHP
Raw Blame History

<?php
/***************************************************************************
* sessions.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id$
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*
***************************************************************************/
//
// session_begin()
//
// Adds/updates a new session to the database for the given userid.
// Returns the new session ID on success.
//
function session_begin($db, $user_id, $user_ip, $session_length, $login = 0, $password = "")
{
global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife;
global $HTTP_COOKIE_VARS;
$current_time = time();
$expiry_time = $current_time - $session_length;
$int_ip = encode_ip($user_ip);
if($user_id == ANONYMOUS)
{
$login = 0;
}
$sql = "UPDATE ".SESSIONS_TABLE."
SET session_user_id = $user_id, session_time = $current_time, session_logged_in = $login
WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].")
AND (session_ip = $int_ip)";
$result = $db->sql_query($sql);
if(!$result || !$db->sql_affectedrows())
{
mt_srand( (double) microtime() * 1000000);
$session_id = mt_rand();
$sql = "INSERT INTO ".SESSIONS_TABLE."
(session_id, session_user_id, session_time, session_ip, session_logged_in)
VALUES
($session_id, $user_id, $current_time, $int_ip, $login)";
$result = $db->sql_query($sql);
if(!$result)
{
if(DEBUG)
{
error_die($db, GENERAL_ERROR, "Error creating new session : session_pagestart");
}
else
{
error_die($db, SESSION_CREATE);
}
}
setcookie($cookiename."[sessionid]", $session_id, $session_length);
}
else
{
$session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid'];
}
if(!empty($password) && AUTOLOGON)
{
setcookie($cookiename."[useridref]", $password, $cookielife);
}
setcookie($cookiename."[userid]", $user_id, $cookielife);
setcookie($cookiename."[sessionstart]", $current_time, $cookielife);
setcookie($cookiename."[sessiontime]", $current_time, $session_length);
return $session_id;
} // session_begin
//
// Checks for a given user session, tidies session
// table and updates user sessions at each page refresh
//
function session_pagestart($db, $user_ip, $session_length)
{
global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife;
global $HTTP_COOKIE_VARS;
unset($userdata);
$current_time = time();
//
// Delete expired sessions
//
$expiry_time = $current_time - $session_length;
$sql = "DELETE FROM ".SESSIONS_TABLE."
WHERE session_time < $expiry_time";
$result = $db->sql_query($sql);
if(!$result)
{
if(DEBUG)
{
error_die($db, GENERAL_ERROR, "Error clearing sessions table : session_pagestart");
}
else
{
error_die($db, SESSION_CREATE);
}
}
if(isset($HTTP_COOKIE_VARS[$cookiename]['userid']))
{
//
// userid exists so go ahead and grab all
// data in preparation
//
$userid = $HTTP_COOKIE_VARS[$cookiename]['userid'];
$int_ip = encode_ip($user_ip);
$sql = "SELECT u.*, s.session_id, s.session_time, s.session_logged_in, b.ban_ip, b.ban_userid
FROM ".USERS_TABLE." u
LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = $int_ip OR b.ban_userid = u.user_id)
AND ( b.ban_start < $current_time AND b.ban_end > $current_time ) )
LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id AND s.session_ip = $int_ip )
WHERE u.user_id = $userid";
$result = $db->sql_query($sql);
if (!$result)
{
if(DEBUG)
{
error_die($db, GENERAL_ERROR, "Error doing DB query userdata row fetch : session_pagestart");
}
else
{
error_die($db, SESSION_CREATE);
}
}
$userdata = $db->sql_fetchrow($result);
//
// Check for user and ip ban ...
//
if($userdata['ban_ip'] || $userdata['ban_userid'])
{
error_die($db, BANNED);
}
//
// Now, check to see if a session exists.
// If it does then update it, if it doesn't
// then create one.
//
if(isset($HTTP_COOKIE_VARS[$cookiename]['sessionid']))
{
//
// Is the id the same as that in the cookie?
// If it is then we see if it needs updating
//
if($HTTP_COOKIE_VARS[$cookiename]['sessionid'] == $userdata['session_id'])
{
//
// Only update session DB a minute or so after last update
//
if($current_time - $userdata['session_time'] > 60)
{
$ip = encode_ip($user_ip);
$sql = "UPDATE ".SESSIONS_TABLE."
SET session_time = '$current_time'
WHERE (session_id = ".$userdata['session_id'].")
AND (session_ip = $ip)
AND (session_user_id = ".$userdata['user_id'].")";
$result = $db->sql_query($sql);
if(!$result)
{
if(DEBUG)
{
error_die($db, GENERAL_ERROR, "Error updating sessions table : session_pagestart");
}
else
{
error_die($db, SESSION_CREATE);
}
}
else
{
//
// Update was success, send current time to cookie
// and return userdata
//
setcookie($cookiename."[sessiontime]", $current_time, $session_length);
return $userdata;
} // if (affectedrows)
} // if (current_time)
//
// We didn't need to update session
// so just return userdata
//
return $userdata;
} // if (cookie session_id = DB session id)
} // if session_id cookie set
//
// If we reach here then we have a valid
// user_id set in the cookie but no
// active session. So, try and create
// new session (uses AUTOLOGON to determine
// if user should be logged back on automatically)
//
if(AUTOLOGON && isset($HTTP_COOKIE_VARS[$cookiename]['useridref']))
{
if($HTTP_COOKIE_VARS[$cookiename]['useridref'] == $userdata['user_password'])
{
$autologon = 1;
$password = $userdata['user_password'];
$userdata['session_logged_in'] = 1;
}
else
{
$autologon = 0;
$password = "";
$userdata['session_logged_in'] = 0;
}
}
else
{
$autologon = 0;
$password = "";
$userdata['session_logged_in'] = 0;
}
$result = session_begin($db, $userdata['user_id'], $user_ip, $session_length, $autologon, $password);
if(!$result)
{
if(DEBUG)
{
error_die($db, GENERAL_ERROR, "Error creating ".$userdata['user_id']." session : session_pagestart");
}
else
{
error_die($db, SESSION_CREATE);
}
}
}
else
{
//
// No userid cookie exists so we'll
// check for an IP ban and set up
// a new anonymous session
//
$int_ip = encode_ip($user_ip);
$sql = "SELECT ban_ip
FROM ".BANLIST_TABLE."
WHERE ban_ip = $int_ip";
$result = $db->sql_query($sql);
if (!$result)
{
if(DEBUG)
{
error_die($db, GENERAL_ERROR, "Error doing DB query non-userid ban_ip row fetch : session_pagestart");
}
else
{
error_die($db, SESSION_CREATE);
}
}
$banned_ip = $db->sql_fetchrow($result);
//
// Check for user and ip ban ...
//
if($banned_ip['ban_ip'])
{
error_die($db, BANNED);
}
else
{
$result = session_begin($db, ANONYMOUS, $user_ip, $session_length);
if(!$result)
{
if(DEBUG)
{
error_die($db, GENERAL_ERROR, "Error creating anonymous session : session_pagestart");
}
else
{
error_die($db, SESSION_CREATE);
}
}
$userdata['session_logged_in'] = 0;
}
}
return $userdata;
} // session_check()
//
// session_end closes out a session
// deleting the corresponding entry
// in the sessions table
//
function session_end($db, $session_id, $user_id)
{
global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife;
$current_time = time();
$sql = "DELETE FROM ".SESSIONS_TABLE."
WHERE (session_user_id = $user_id)
AND (session_id = $session_id)";
$result = $db->sql_query($sql, $db);
if (!$result)
{
if(DEBUG)
{
$db_error = $db->sql_error();
error_die($db, "Delete failed in end_user_session(). Reason: " . $db_error["message"]);
}
else
{
error_die($db, SESSION_CREATE);
}
}
setcookie($cookiename."[sessionid]", "");
setcookie($cookiename."[sessionend]", $current_time, $cookielife);
return true;
} // session_end()
?>
Reference in New Issue View Git Blame Copy Permalink