diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-04-28 17:54:22 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-04-28 17:54:22 +0000 |
| commit | ec21217a2ae82225e3cdfede7d36a414c2cf136e (patch) | |
| tree | 2c68992b276c7150a9b6be8a7226d64e817cd22c | |
| parent | 9a155b4870cafa98ce56266a3880756a7dbdd35f (diff) | |
| download | forums-ec21217a2ae82225e3cdfede7d36a414c2cf136e.tar forums-ec21217a2ae82225e3cdfede7d36a414c2cf136e.tar.gz forums-ec21217a2ae82225e3cdfede7d36a414c2cf136e.tar.bz2 forums-ec21217a2ae82225e3cdfede7d36a414c2cf136e.tar.xz forums-ec21217a2ae82225e3cdfede7d36a414c2cf136e.zip | |
Overhauled session code ... in a big way
git-svn-id: file:///svn/phpbb/trunk@208 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/db/mysql_basic.sql | 8 | ||||
| -rw-r--r-- | phpBB/db/mysql_schema.sql | 11 | ||||
| -rw-r--r-- | phpBB/includes/page_header.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/sessions.php | 276 | ||||
| -rwxr-xr-x | phpBB/language/lang_english.php | 2 | ||||
| -rw-r--r-- | phpBB/login.php | 6 | ||||
| -rw-r--r-- | phpBB/templates/Default/overall_header.tpl | 2 |
7 files changed, 172 insertions, 139 deletions
diff --git a/phpBB/db/mysql_basic.sql b/phpBB/db/mysql_basic.sql index b5adbb8316..c2f152b3f6 100644 --- a/phpBB/db/mysql_basic.sql +++ b/phpBB/db/mysql_basic.sql @@ -16,9 +16,9 @@ INSERT INTO phpbb_forums VALUES (1,'Test Forum 1','This is just a test forum, no INSERT INTO phpbb_forum_mods VALUES (1,1,0); # -- Users -INSERT INTO phpbb_users VALUES (1,'admin',NOW(),'21232f297a57a5a743894a0e4a801fc3','admin@yourdomain.com','','','','','','This is just a stupid sig',1,1,'','','',0,1,0,0,0,0,'',4,'','','',0,'-8',1, ''); -INSERT INTO phpbb_users VALUES (-1,'Anonymous',NOW(),'','','','','','','','',0,0,'','','',0,0,0,0,0,0,'',0,'','','',0,'-8',1,'Default'); +INSERT INTO phpbb_users VALUES (1,'admin',NOW(),'21232f297a57a5a743894a0e4a801fc3','admin@yourdomain.com','','','','','','','This is just a stupid sig',1,1,'','','',0,1,0,0,0,0,'',4,'','','',0,'-8',1, ''); +INSERT INTO phpbb_users VALUES (-1,'Anonymous',NOW(),'','','','','','','','','',0,0,'','','',0,0,0,0,0,0,'',0,'','','',0,'-8',1,'Default'); # -- Themes -INSERT INTO phpbb_themes VALUES ( '1', 'Default', '', 'FFFFFF', '000000', '', '', '', '', '', '', '', '495FA8', '', '', '000000', 'CCCCCC', 'DDDDDD', 'sans-serif', '', '', '2', '0', '0', 'FFFFFF', '000000', '', '', '', '', ''); -INSERT INTO phpbb_themes_name VALUES ( '1', '', '', '', 'Table Header', '', '', 'Table background', 'Row Color 1', 'Row Color 2', '', '', '', 'Titles', '', '', 'Titles', 'General Text', '', '', '', '', ''); +INSERT INTO phpbb_themes VALUES ( '1', 'Default', '', '', 'FFFFFF', '000000', '', '', '', '', '', '', '', '495FA8', '', '', '000000', 'CCCCCC', 'DDDDDD', 'sans-serif', '', '', '2', '0', '0', 'FFFFFF', '000000', '', '', '', '', ''); +INSERT INTO phpbb_themes_name VALUES ( '1', '', '', '', '', 'Table Header', '', '', 'Table background', 'Row Color 1', 'Row Color 2', '', '', '', 'Titles', '', '', 'Titles', 'General Text', '', '', '', '', ''); diff --git a/phpBB/db/mysql_schema.sql b/phpBB/db/mysql_schema.sql index e3f56e0614..82519c2ed3 100644 --- a/phpBB/db/mysql_schema.sql +++ b/phpBB/db/mysql_schema.sql @@ -200,13 +200,16 @@ CREATE TABLE phpbb_ranks ( # CREATE TABLE phpbb_session ( - session_id int(11) unsigned NOT NULL, + session_id int(11) NOT NULL, session_user_id int(11) NOT NULL, - session_time int(11) unsigned NOT NULL, + session_start int(11) NOT NULL, + session_time int(11) NOT NULL, session_ip char(8) NOT NULL, session_page int(11), session_logged_in tinyint(1) NOT NULL, - PRIMARY KEY (session_id) + PRIMARY KEY (session_id), + KEY session_ip (session_ip), + KEY session_user_id (session_user_id) ); @@ -232,6 +235,7 @@ CREATE TABLE phpbb_smilies ( CREATE TABLE phpbb_themes ( themes_id int(11) NOT NULL auto_increment, themes_name varchar(30), + head_stylesheet varchar(100), body_background varchar(100), body_bgcolor varchar(6), body_text varchar(6), @@ -331,6 +335,7 @@ CREATE TABLE phpbb_users ( username varchar(40) NOT NULL, user_regdate varchar(20) NOT NULL, user_password varchar(32) NOT NULL, + user_autologin_key varchar(32), user_hint varchar(25) NOT NULL, user_email varchar(255), user_icq varchar(15), diff --git a/phpBB/includes/page_header.php b/phpBB/includes/page_header.php index 0d333df535..433df3a948 100644 --- a/phpBB/includes/page_header.php +++ b/phpBB/includes/page_header.php @@ -67,6 +67,7 @@ $template->assign_vars(array( "L_USERNAME" => $l_username, "L_PASSWORD" => $l_password, + "L_LOG_ME_IN" => $l_log_me_in, "L_WELCOMETO" => $l_welcometo, "L_REGISTER" => $l_register, "L_PROFILE" => $l_profile, @@ -97,6 +98,7 @@ $template->assign_vars(array( "S_TOPICS_URL" => POST_TOPIC_URL, "S_USERS_URL" => POST_USERS_URL, + "T_HEAD_STYLESHEET" => $theme['head_stylesheet'], "T_BODY_BACKGROUND" => $theme['body_background'], "T_BODY_BGCOLOR" => "#".$theme['body_bgcolor'], "T_BODY_TEXT" => "#".$theme['body_text'], @@ -114,8 +116,8 @@ $template->assign_vars(array( "T_TD_COLOR2" => "#".$theme['td_color2'], "T_TD_COLOR3" => "#".$theme['td_color3'], "T_FONTFACE1" => $theme['fontface1'], - "T_FONTFACE2" => $theme['fontface1'], - "T_FONTFACE3" => $theme['fontface1'], + "T_FONTFACE2" => $theme['fontface2'], + "T_FONTFACE3" => $theme['fontface3'], "T_FONTSIZE1" => $theme['fontsize1'], "T_FONTSIZE2" => $theme['fontsize2'], "T_FONTSIZE3" => $theme['fontsize3'], diff --git a/phpBB/includes/sessions.php b/phpBB/includes/sessions.php index 578047c73e..f80245b44e 100644 --- a/phpBB/includes/sessions.php +++ b/phpBB/includes/sessions.php @@ -27,13 +27,14 @@ // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // -function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0, $password = "") +function session_begin($user_id, $user_ip, $page_id, $session_length, $login = FALSE, $autologin = FALSE) { global $db; global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; global $HTTP_COOKIE_VARS; + $cookiedata = unserialize($HTTP_COOKIE_VARS[$cookiename]); $current_time = time(); $expiry_time = $current_time - $session_length; $int_ip = encode_ip($user_ip); @@ -67,8 +68,8 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0 } $sql_update = "UPDATE ".SESSIONS_TABLE." - SET session_user_id = $user_id, session_time = $current_time, session_page = $page_id, session_logged_in = $login - WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].") + SET session_user_id = '$user_id', session_start = '$current_time', session_time = '$current_time', session_page = '$page_id', session_logged_in = '$login' + WHERE (session_id = '".$cookiedata['sessionid']."') AND (session_ip = '$int_ip')"; $result = $db->sql_query($sql_update); @@ -79,9 +80,9 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0 $session_id = mt_rand(); $sql_insert = "INSERT INTO ".SESSIONS_TABLE." - (session_id, session_user_id, session_time, session_ip, session_page, session_logged_in) - VALUES - ($session_id, $user_id, $current_time, '$int_ip', $page_id, $login)"; + (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in) + VALUES + ('$session_id', '$user_id', '$current_time', '$current_time', '$int_ip', '$page_id', '$login')"; $result = $db->sql_query($sql_insert); if(!$result) { @@ -95,23 +96,41 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0 } } - setcookie($cookiename."[sessionid]", $session_id, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + $cookiedata['sessionid'] = $session_id; } else { - $session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid']; + $session_id = $cookiedata['sessionid']; } - if(!empty($password) && AUTOLOGON) + if($autologin) { - setcookie($cookiename."[useridref]", $password, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + $autologin_key = md5(uniqid(mt_rand())); + + $sql_update = "UPDATE ".USERS_TABLE." + SET user_autologin_key = '$autologin_key' + WHERE user_id = '$user_id'"; + $result = $db->sql_query($sql_update); + if(!$result) + { + if(DEBUG) + { + error_die(GENERAL_ERROR, "Couldn't update users autologin key : session_begin", __LINE__, __FILE__); + } + else + { + error_die(SQL_QUERY, "Error creating new session", __LINE__ , __FILE__); + } + } + $cookiedata['autologinid'] = $autologin_key; } - setcookie($cookiename."[userid]", $user_id, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); - setcookie($cookiename."[sessionstart]", $current_time, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); - setcookie($cookiename."[sessiontime]", $current_time, $session_length, $cookiepath, $cookiedomain, $cookiesecure); -// echo $sql_update."<BR><BR>".$sql_insert."<BR><BR>"; + $cookiedata['userid'] = $user_id; + $cookiedata['sessionstart'] = $current_time; + $cookiedata['sessiontime'] = $current_time; + $serialised_cookiedata = serialize($cookiedata); + setcookie($cookiename, $serialised_cookiedata, $session_length, $cookiepath, $cookiedomain, $cookiesecure); } return $session_id; @@ -129,9 +148,10 @@ function session_pagestart($user_ip, $thispage_id, $session_length) global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; global $HTTP_COOKIE_VARS; - unset($userdata); + $cookiedata = unserialize($HTTP_COOKIE_VARS[$cookiename]); $current_time = time(); $int_ip = encode_ip($user_ip); + unset($userdata); // // Delete expired sessions @@ -152,19 +172,23 @@ function session_pagestart($user_ip, $thispage_id, $session_length) } } - if(isset($HTTP_COOKIE_VARS[$cookiename]['userid'])) + // + // Does a session exist? + // + if(isset($cookiedata['sessionid']) && isset($cookiedata['userid'])) { // - // userid exists so go ahead and grab all - // data in preparation + // session_id & and userid exist so go ahead and attempt + // to grab all data in preparation // - $userid = $HTTP_COOKIE_VARS[$cookiename]['userid']; - $sql = "SELECT u.*, s.session_id, s.session_time, s.session_logged_in, b.ban_ip, b.ban_userid - FROM ".USERS_TABLE." u + $sql = "SELECT u.*, s.*, b.ban_ip, b.ban_userid + FROM ".SESSIONS_TABLE." s LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = '$int_ip' OR b.ban_userid = u.user_id) AND ( b.ban_start < $current_time AND b.ban_end > $current_time ) ) - LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id AND s.session_ip = '$int_ip' ) - WHERE u.user_id = $userid"; + LEFT JOIN ".USERS_TABLE." u ON ( u.user_id = s.session_user_id) + WHERE s.session_id = '".$cookiedata['sessionid']."' + AND s.session_user_id = '".$cookiedata['userid']."' + AND s.session_ip = '$int_ip'"; $result = $db->sql_query($sql); if (!$result) { @@ -178,143 +202,123 @@ function session_pagestart($user_ip, $thispage_id, $session_length) } } $userdata = $db->sql_fetchrow($result); - } - if($userdata['user_id'] != ''){ // The ID in the cookie was really in the DB. - // - // Check for user and ip ban ... - // if($userdata['ban_ip'] || $userdata['ban_userid']) { error_die(BANNED); } - - // - // Now, check to see if a session exists. - // If it does then update it, if it doesn't - // then create one. // - if(isset($HTTP_COOKIE_VARS[$cookiename]['sessionid'])) + // Did the session exist in the DB? + // + if(isset($userdata['user_id'])) { - // - // Is the id the same as that in the cookie? - // If it is then we see if it needs updating + // Only update session DB a minute or so after last update // - if($HTTP_COOKIE_VARS[$cookiename]['sessionid'] == $userdata['session_id']) + if($current_time - $userdata['session_time'] > 60) { - - // - // Only update session DB a minute or so after last update - // - if($current_time - $userdata['session_time'] > 60) + $sql = "UPDATE ".SESSIONS_TABLE." + SET session_time = '$current_time', session_page = '$thispage_id' + WHERE (session_id = ".$userdata['session_id'].") + AND (session_ip = '$int_ip') + AND (session_user_id = ".$userdata['user_id'].")"; + $result = $db->sql_query($sql); + if(!$result) { - - $sql = "UPDATE ".SESSIONS_TABLE." - SET session_time = '$current_time', session_page = '$thispage_id' - WHERE (session_id = ".$userdata['session_id'].") - AND (session_ip = '$int_ip') - AND (session_user_id = ".$userdata['user_id'].")"; - $result = $db->sql_query($sql); - if(!$result) + if(DEBUG) { - if(DEBUG) - { - error_die(SQL_QUERY, "Error updating sessions table : session_pagestart", __LINE__, __FILE__); - } - else - { - error_die(SESSION_CREATE); - } + error_die(SQL_QUERY, "Error updating sessions table : session_pagestart", __LINE__, __FILE__); } else { - // - // Update was success, send current time to cookie - // and return userdata - // - setcookie($cookiename."[sessiontime]", $current_time, $session_length, $cookiepath, $cookiedomain, $cookiesecure); - - return $userdata; - } // if (affectedrows) - - } // if (current_time) + error_die(SESSION_CREATE); + } + } + else + { + // + // Update was success, send current time to cookie + // and return userdata + // + $cookiedata['sessiontime'] = $current_time; + $serialised_cookiedata = serialize($cookiedata); + setcookie($cookiename, $serialised_cookiedata, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + + return $userdata; + } - // - // We didn't need to update session - // so just return userdata - // - return $userdata; + } + // + // We didn't need to update session + // so just return userdata + // + return $userdata; + } + } + // + // If we reach here then no (valid) session + // exists. So we'll create a new one, + // using the cookie user_id if available to + // pull basic user prefs. + // - } // if (cookie session_id = DB session id) + $login = FALSE; + $autologin = FALSE; + $userdata['session_logged_in'] = 0; - } // if session_id cookie set - - // - // If we reach here then we have a valid - // user_id set in the cookie but no - // active session. So, try and create - // new session (uses AUTOLOGON to determine - // if user should be logged back on automatically) - // - if(AUTOLOGON && isset($HTTP_COOKIE_VARS[$cookiename]['useridref'])) + if(isset($cookiedata['userid'])) + { + $sql = "SELECT u.* + FROM ".USERS_TABLE." u + WHERE u.user_id = '".$cookiedata['userid']."'"; + $result = $db->sql_query($sql); + if (!$result) { - if($HTTP_COOKIE_VARS[$cookiename]['useridref'] == $userdata['user_password']) + if(DEBUG) { - $autologon = 1; - $password = $userdata['user_password']; - $userdata['session_logged_in'] = 1; + error_die(SQL_QUERY, "Error doing DB query userdata row fetch (non-session) : session_pagestart", __LINE__, __FILE__); } else { - $autologon = 0; - $password = ""; - $userdata['session_logged_in'] = 0; + error_die(SESSION_CREATE); } } - else - { - $autologon = 0; - $password = ""; - $userdata['session_logged_in'] = 0; - } - $result = session_begin($userdata['user_id'], $user_ip, $thispage_id, $session_length, $autologon, $password); - if(!$result) + $userdata = $db->sql_fetchrow($result); + + if($userdata['user_autologin_key'] && isset($cookiedata['autologinid'])) { - if(DEBUG) + if($userdata['user_autologin_key'] == $cookiedata['autologinid']) { - error_die(SQL_QUERY, "Error creating ".$userdata['user_id']." session : session_pagestart", __LINE__, __FILE__); - } - else - { - error_die(SESSION_CREATE); + // + // We have a match, and not the kind you light ... + // + $userdata['session_logged_in'] = 1; + $login = TRUE; + $autologin = TRUE; } } - $userdata['session_id'] = $result; - + $userdata['user_id'] = $cookiedata['userid']; } else { + $userdata['user_id'] = ANONYMOUS; + } - // - // No userid cookie exists so we'll - // set up a new anonymous session - // - $result = session_begin(ANONYMOUS, $user_ip, $thispage_id, $session_length, 0); - if(!$result) + + $result = session_begin($userdata['user_id'], $user_ip, $thispage_id, $session_length, $login, $autologin); + if(!$result) + { + if(DEBUG) { - if(DEBUG) - { - error_die(SQL_QUERY, "Error creating anonymous session : session_pagestart", __LINE__, __FILE__); - } - else - { - error_die(SESSION_CREATE); - } + error_die(SQL_QUERY, "Error creating ".$userdata['user_id']." session : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); } - $userdata['session_id'] = $result; - $userdata['session_logged_in'] = 0; } + $userdata['session_id'] = $result; + $userdata['session_ip'] = $user_ip; return $userdata; @@ -330,10 +334,13 @@ function session_end($session_id, $user_id) global $db; global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; + global $HTTP_COOKIE_VARS; + $cookiedata = unserialize($HTTP_COOKIE_VARS[$cookiename]); $current_time = time(); - $sql = "DELETE FROM ".SESSIONS_TABLE." + $sql = "UPDATE ".SESSIONS_TABLE." + SET session_logged_in = '0' WHERE (session_user_id = $user_id) AND (session_id = $session_id)"; $result = $db->sql_query($sql, $db); @@ -349,8 +356,23 @@ function session_end($session_id, $user_id) } } - setcookie($cookiename."[sessionid]", ""); - setcookie($cookiename."[sessionend]", $current_time, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + if($cookiedata['autologinid']) + { + $sql = "UPDATE ".USERS_TABLE." + SET user_autologin_key = '' + WHERE user_id = '$user_id'"; + $result = $db->sql_query($sql, $db); + if (!$result) + { + die("Couldn't reset autologin info : session_end<br/>". __LINE__ ."<br/>". __FILE__); + } + } + + $cookiedata['sessionend'] = $current_time; + $cookiedata['autologinid'] = ""; + $serialised_cookiedata = serialize($cookiedata); + + setcookie($cookiename, $serialised_cookiedata, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); return true; diff --git a/phpBB/language/lang_english.php b/phpBB/language/lang_english.php index 55da89235f..1eeae5a385 100755 --- a/phpBB/language/lang_english.php +++ b/phpBB/language/lang_english.php @@ -42,6 +42,8 @@ $l_emailaddress = "Email Address"; $l_preferences = "Preferences"; $l_welcometo = "Welcome to"; +$l_log_me_in = "Log me in automatically"; + $l_all_times = "All times are"; $l_hours = "hours"; diff --git a/phpBB/login.php b/phpBB/login.php index 2176ae57d8..97332c9983 100644 --- a/phpBB/login.php +++ b/phpBB/login.php @@ -53,8 +53,10 @@ if(isset($HTTP_POST_VARS['submit']) || isset($HTTP_GET_VARS['submit'])) if(count($rowresult)) { if(md5($password) == $rowresult["user_password"]) - { - $session_id = session_begin($rowresult["user_id"], $user_ip, PAGE_INDEX, $session_length, 1, $rowresult["user_password"]); + { + $autologin = (isset($HTTP_POST_VARS['autologin'])) ? TRUE : FALSE; + + $session_id = session_begin($rowresult["user_id"], $user_ip, PAGE_INDEX, $session_length, TRUE, $autologin); if($session_id) { header("Location: index.$phpEx"); diff --git a/phpBB/templates/Default/overall_header.tpl b/phpBB/templates/Default/overall_header.tpl index 851ff5573e..2e064cf315 100644 --- a/phpBB/templates/Default/overall_header.tpl +++ b/phpBB/templates/Default/overall_header.tpl @@ -45,7 +45,7 @@ A:Hover { <td bgcolor="#CCCCCC"><table width="100%" cellspacing="1" cellpadding="3" border="0"> <tr class="tablebody"><form method="POST" action="login.{PHPEX}"> <td align="left" valign="top"><a href="index.php"><img src="images/title.jpg" height="55" width="450" border="0"></a></td> - <td align="right">{L_USERNAME} : <input type="text" name="username"><br>{L_PASSWORD} : <input type="password" name="password"><br><input type="submit" name="submit" value="Login"></td> + <td align="right">{L_USERNAME} : <input type="text" name="username"><br>{L_PASSWORD} : <input type="password" name="password"><br>{L_LOG_ME_IN}<input type="checkbox" name="autologin"> <input type="submit" name="submit" value="Login"></td> </tr></form> <tr class="tablebody"> <td colspan="2"><table width="100%" cellspacing="0" cellpadding="0" border="0"> |