diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-04-15 14:14:56 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-04-15 14:14:56 +0000 |
| commit | 7791a3126090aef74a00e0b85f3d7779819e75c3 (patch) | |
| tree | 82821f4c3e9b4b7aa72a715a1c971900019cfc90 /phpBB/functions | |
| parent | e63c33bb2c82ad59dcc1e21c08041fc7a7973ef0 (diff) | |
| download | forums-7791a3126090aef74a00e0b85f3d7779819e75c3.tar forums-7791a3126090aef74a00e0b85f3d7779819e75c3.tar.gz forums-7791a3126090aef74a00e0b85f3d7779819e75c3.tar.bz2 forums-7791a3126090aef74a00e0b85f3d7779819e75c3.tar.xz forums-7791a3126090aef74a00e0b85f3d7779819e75c3.zip | |
Session code updates
git-svn-id: file:///svn/phpbb/trunk@143 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/functions')
| -rw-r--r-- | phpBB/functions/functions.php | 95 | ||||
| -rw-r--r-- | phpBB/functions/sessions.php | 157 |
2 files changed, 171 insertions, 81 deletions
diff --git a/phpBB/functions/functions.php b/phpBB/functions/functions.php index cc387ecde0..6345630813 100644 --- a/phpBB/functions/functions.php +++ b/phpBB/functions/functions.php @@ -178,6 +178,101 @@ function theme_select($default, $db) return($theme_select); } +// +// Initialise user settings on page load +// +function init_userprefs($userdata) +{ + + global $override_user_theme; + global $bgcolor, $table_bgcolor, $textcolor, $category_title, $table_header; + global $color1, $color2, $header_image, $newtopic_image; + global $reply_locked_image, $reply_image, $linkcolor, $vlinkcolor; + global $default_lang, $date_format, $sys_timezone; + + if(!$override_user_theme) + { + if($userdata['user_id'] != ANONYMOUS || $userdata['user_id'] != DELETED) + { + $theme = setuptheme($userdata["user_theme"]); + } + else + { + $theme = setuptheme($default_theme); + } + } + else + { + $theme = setuptheme($override_user_theme); + } + if($theme) + { + $bgcolor = $theme["bgcolor"]; + $table_bgcolor = $theme["table_bgcolor"]; + $textcolor = $theme["textcolor"]; + $category_title = $theme["category_title"]; + $table_header = $theme["table_header"]; + $color1 = $theme["color1"]; + $color2 = $theme["color2"]; + $header_image = $theme["header_image"]; + $newtopic_image = $theme["newtopic_image"]; + $reply_locked_image = $theme["reply_locked_image"]; + $reply_image = $theme["reply_image"]; + $linkcolor = $theme["linkcolor"]; + $vlinkcolor = $theme["vlinkcolor"]; + } + if($userdata["user_lang"] != "") + { + $default_lang = $userdata["user_lang"]; + } + if($userdata["user_dateformat"] != "") + { + $date_format = $userdata["user_dateformat"]; + } + if($userdata["user_timezone"]) + { + $sys_timezone = $userdata["user_timezone"]; + } + + // Include the appropriate language file ... if it exists. + if(!strstr($PHP_SELF, "admin")) + { + if(file_exists('language/lang_'.$default_lang.'.'.$phpEx)) + { + include('language/lang_'.$default_lang.'.'.$phpEx); + } + } + else + { + if(strstr($PHP_SELF, "topicadmin")) + { + include('language/lang_'.$default_lang.'.'.$phpEx); + } + else + { + include('../language/lang_'.$default_lang.'.'.$phpEx); + } + } + + return; + +} +function setuptheme($theme) +{ + global $db; + + $sql = "SELECT * + FROM ".THEMES_TABLE." + WHERE theme_id = '$theme'"; + if(!$result = $db->sql_query($sql)) + return(0); + + if(!$myrow = $db->sql_fetchrow($result)) + return(0); + + return($myrow); +} + function tz_select($default) { global $board_tz; diff --git a/phpBB/functions/sessions.php b/phpBB/functions/sessions.php index 934f3e725f..01b5e8b7be 100644 --- a/phpBB/functions/sessions.php +++ b/phpBB/functions/sessions.php @@ -27,9 +27,10 @@ // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // -function session_begin($db, $user_id, $user_ip, $session_length, $login = 0, $password = "") +function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0, $password = "") { + global $db; global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; global $HTTP_COOKIE_VARS; @@ -37,52 +38,79 @@ function session_begin($db, $user_id, $user_ip, $session_length, $login = 0, $pa $expiry_time = $current_time - $session_length; $int_ip = encode_ip($user_ip); - if($user_id == ANONYMOUS) + // + // Initial ban check against IP and userid + // + $sql = "SELECT ban_ip, ban_userid + FROM ".BANLIST_TABLE." + WHERE (ban_ip = '$int_ip' OR ban_userid = '$user_id') + AND (ban_start < $current_time AND ban_end > $current_time )"; + $result = $db->sql_query($sql); + if (!$result) { - $login = 0; + error_die(QUERY_ERROR, "Couldn't obtain ban information.", __LINE__, __FILE__); } - - $sql = "UPDATE ".SESSIONS_TABLE." - SET session_user_id = $user_id, session_time = $current_time, session_logged_in = $login - WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].") - AND (session_ip = $int_ip)"; - $result = $db->sql_query($sql); - if(!$result || !$db->sql_affectedrows()) + $ban_info = $db->sql_fetchrow($result); + + // + // Check for user and ip ban ... + // + if($ban_info['ban_ip'] || $ban_info['ban_userid']) + { + error_die(AUTH_BANNED); + } + else { - mt_srand( (double) microtime() * 1000000); - $session_id = mt_rand(); + if($user_id == ANONYMOUS) + { + $login = 0; + } + + $sql = "UPDATE ".SESSIONS_TABLE." + SET session_user_id = $user_id, session_time = $current_time, session_page = $page_id, session_logged_in = $login + WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].") + AND (session_ip = '$int_ip')"; - $sql = "INSERT INTO ".SESSIONS_TABLE." - (session_id, session_user_id, session_time, session_ip, session_logged_in) - VALUES - ($session_id, $user_id, $current_time, $int_ip, $login)"; $result = $db->sql_query($sql); - if(!$result) + + if(!$result || !$db->sql_affectedrows()) { - if(DEBUG) - { - error_die($db, GENERAL_ERROR, "Error creating new session : session_pagestart"); - } - else + mt_srand( (double) microtime() * 1000000); + $session_id = mt_rand(); + + $sql = "INSERT INTO ".SESSIONS_TABLE." + (session_id, session_user_id, session_time, session_ip, session_page, session_logged_in) + VALUES + ($session_id, $user_id, $current_time, '$int_ip', $page_id, $login)"; + $result = $db->sql_query($sql); + if(!$result) { - error_die($db, SESSION_CREATE); + if(DEBUG) + { + error_die($db, GENERAL_ERROR, "Error creating new session : session_begin"); + } + else + { + error_die($db, SESSION_CREATE); + } } + + setcookie($cookiename."[sessionid]", $session_id, $session_length); + } + else + { + $session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid']; } - setcookie($cookiename."[sessionid]", $session_id, $session_length, "", "", ""); - } - else - { - $session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid']; - } + if(!empty($password) && AUTOLOGON) + { + setcookie($cookiename."[useridref]", $password, $cookielife); + } + setcookie($cookiename."[userid]", $user_id, $cookielife); + setcookie($cookiename."[sessionstart]", $current_time, $cookielife); + setcookie($cookiename."[sessiontime]", $current_time, $session_length); - if(!empty($password) && AUTOLOGON) - { - setcookie($cookiename."[useridref]", $password, $cookielife, "", "", ""); } - setcookie($cookiename."[userid]", $user_id, $cookielife, "", "", ""); - setcookie($cookiename."[sessionstart]", $current_time, $cookielife, "", "", ""); - setcookie($cookiename."[sessiontime]", $current_time, $session_length, "", "", ""); return $session_id; @@ -93,14 +121,13 @@ function session_begin($db, $user_id, $user_ip, $session_length, $login = 0, $pa // Checks for a given user session, tidies session // table and updates user sessions at each page refresh // -function session_pagestart($db, $user_ip, $session_length) +function session_pagestart($user_ip, $thispage_id, $session_length) { - + global $db; global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; global $HTTP_COOKIE_VARS; unset($userdata); - $current_time = time(); $int_ip = encode_ip($user_ip); @@ -132,9 +159,9 @@ function session_pagestart($db, $user_ip, $session_length) $userid = $HTTP_COOKIE_VARS[$cookiename]['userid']; $sql = "SELECT u.*, s.session_id, s.session_time, s.session_logged_in, b.ban_ip, b.ban_userid FROM ".USERS_TABLE." u - LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = $int_ip OR b.ban_userid = u.user_id) + LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = '$int_ip' OR b.ban_userid = u.user_id) AND ( b.ban_start < $current_time AND b.ban_end > $current_time ) ) - LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id AND s.session_ip = $int_ip ) + LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id AND s.session_ip = '$int_ip' ) WHERE u.user_id = $userid"; $result = $db->sql_query($sql); if (!$result) @@ -180,9 +207,9 @@ function session_pagestart($db, $user_ip, $session_length) { $sql = "UPDATE ".SESSIONS_TABLE." - SET session_time = '$current_time' + SET session_time = '$current_time', session_page = '$thispage_id' WHERE (session_id = ".$userdata['session_id'].") - AND (session_ip = $int_ip) + AND (session_ip = '$int_ip') AND (session_user_id = ".$userdata['user_id'].")"; $result = $db->sql_query($sql); if(!$result) @@ -202,7 +229,7 @@ function session_pagestart($db, $user_ip, $session_length) // Update was success, send current time to cookie // and return userdata // - setcookie($cookiename."[sessiontime]", $current_time, $session_length, "", "", ""); + setcookie($cookiename."[sessiontime]", $current_time, $session_length); return $userdata; } // if (affectedrows) @@ -247,7 +274,7 @@ function session_pagestart($db, $user_ip, $session_length) $password = ""; $userdata['session_logged_in'] = 0; } - $result = session_begin($db, $userdata['user_id'], $user_ip, $session_length, $autologon, $password); + $result = session_begin($userdata['user_id'], $user_ip, $thispage_id, $session_length, $autologon, $password); if(!$result) { if(DEBUG) @@ -266,53 +293,21 @@ function session_pagestart($db, $user_ip, $session_length) // // No userid cookie exists so we'll - // check for an IP ban and set up - // a new anonymous session + // set up a new anonymous session // - $int_ip = encode_ip($user_ip); - $sql = "SELECT ban_ip - FROM ".BANLIST_TABLE." - WHERE ban_ip = $int_ip"; - $result = $db->sql_query($sql); - if (!$result) + $result = session_begin(ANONYMOUS, $user_ip, $thispage_id, $session_length, 0); + if(!$result) { if(DEBUG) { - error_die($db, GENERAL_ERROR, "Error doing DB query non-userid ban_ip row fetch : session_pagestart"); + error_die($db, GENERAL_ERROR, "Error creating anonymous session : session_pagestart"); } else { error_die($db, SESSION_CREATE); } } - $banned_ip = $db->sql_fetchrow($result); - - // - // Check for user and ip ban ... - // - if($banned_ip['ban_ip']) - { - error_die($db, BANNED); - } - else - { - - $result = session_begin($db, ANONYMOUS, $user_ip, $session_length); - if(!$result) - { - if(DEBUG) - { - error_die($db, GENERAL_ERROR, "Error creating anonymous session : session_pagestart"); - } - else - { - error_die($db, SESSION_CREATE); - } - } - $userdata['session_logged_in'] = 0; - - } - + $userdata['session_logged_in'] = 0; } return $userdata; |