+ * auth.php

+/* Notes:

+ * auth() is going to become a very complex function and can take in a LARGE number of arguments.

+ * The currently included argements should be enough to handle any situation, however, if you need access to another

+ * the best option would be to create a global variable and access it that way if you can.

+ *

+ * auth() returns:

+ * TRUE if the user authorized

+ * FALSE if the user is not

+ */

+function auth($type,

+ $db,

+ $user_id = "",

+ $user_name = "",

+ $user_pass = "",

+ $user_level = "",

+ $session_id = "",

+ $user_ip = "",

+ $forum_id = "",

+ $topic_id = "",

+ $post_id = "")

+{

+ switch($type)

+ {

+ case 'ip ban':

+ $sql = "DELETE FROM banlist

+ WHERE (ban_end < ". mktime(date("H"), date("i"), date("s"), date("m"), date("d"), date("Y")).")

+ AND (ban_end > 0)";

+ $db->sql_query($sql);

+ $sql = "SELECT ban_ip FROM banlist";

+ if($result = $db->sql_query($sql))

+ {

+ if($totalrows = $db->sql_numrows())

+ {

+ $iprow = $db->sql_fetchrowset($result);

+ for($x = 0; $x < $totalrows; $x++)

+ {

+ $ip = $iprow[$x]["ban_ip"];

+ if($ip[strlen($ip) - 1] == ".")

+ {

+ $db_ip = explode(".", $ip);

+ $this_ip = explode(".", $user_ip);

+

+ for($x = 0; $x < count($db_ip) - 1; $x++)

+ {

+ $my_ip .= $this_ip[$x] . ".";

+ }

+

+ if($my_ip == $ip)

+ {

+ return(FALSE);

+ }

+ }

+ else

+ {

+ if($ipuser == $ip)

+ {

+ return(FALSE);

+ }

+ }

+ }

+ return(TRUE);

+ }

+ else

+ {

+ return(TRUE);

+ }

+ }

+ return(TRUE);

+ break;

+ case 'username ban':

+ $sql = "DELETE FROM banlist

+ WHERE (ban_end < ". mktime(date("H"), date("i"), date("s"), date("m"), date("d"), date("Y")).")

+ AND (ban_end > 0)";

+ $db->sql_query($sql);

+ $sql = "SELECT ban_userid FROM banlist WHERE ban_userid = '$user_id'";

+ if($result = $db->sql_query($sql))

+ {

+ if($db->sql_numrows())

+ {

+ return(FALSE);

+ }

+ else

+ {

+ return(TRUE);

+ }

+ }

+ else

+ {

+ return(TRUE);

+ }

+ break;

+ }

+}

+

+

+/*

+ * The following functions are used for getting user information. They are not related directly to auth()

+ */

+function get_userdata_from_id($userid, $db)

+{

+

+ $sql = "SELECT * FROM users WHERE user_id = $userid";

+ if(!$result = $db->sql_query($sql))

+ {

+ $userdata = array("error" => "1");

+ return ($userdata);

+ }

+ if($db->sql_numrows())

+ {

+ $myrow = $db->sql_fetchrowset($result);

+ return($myrow[0]);

+ }

+ else

+ {

+ $userdata = array("error" => "1");

+ return ($userdata);

+ }

+}

+ * sessions.php

+/**

+ * new_session()

+ * Adds a new session to the database for the given userid.

+ * Returns the new session ID.

+ * Also deletes all expired sessions from the database, based on the given session lifespan.

+ */

+function new_session($userid, $remote_ip, $lifespan, $db)

+{

+

+ mt_srand( (double) microtime() * 1000000);

+ $sessid = mt_rand();

+

+ $currtime = (string) (time());

+ $expirytime = (string) (time() - $lifespan);

+

+ $deleteSQL = "DELETE FROM sessions WHERE (start_time < $expirytime)";

+ $delresult = $db->sql_query($deleteSQL);

+

+ if (!$delresult)

+ {

+ error_die($db, SESSION_CREATE);

+ }

+

+ $sql = "INSERT INTO sessions (sess_id, user_id, start_time, remote_ip) VALUES ($sessid, $userid, $currtime, '$remote_ip')";

+

+ $result = $db->sql_query($sql);

+

+ if ($result)

+ {

+ return $sessid;

+ }

+ else

+ {

+ error_die($db, SESSION_CREATE);

+ } // if/else

+

+} // new_session()

+

+/*

+ * Sets the sessID cookie for the given session ID. the $cookietime parameter

+ * is no longer used, but just hasn't been removed yet. It'll break all the modules

+ * (just login) that call this code when it gets removed.

+ * Sets a cookie with no specified expiry time. This makes the cookie last until the

+ * user's browser is closed. (at last that's the case in IE5 and NS4.7.. Haven't tried

+ * it with anything else.)

+ */

+function set_session_cookie($sessid, $cookietime, $cookiename, $cookiepath, $cookiedomain, $cookiesecure)

+{

+ // This sets a cookie that will persist until the user closes their browser window.

+ // since session expiry is handled on the server-side, cookie expiry time isn't a big deal.

+ setcookie($cookiename, $sessid, '', $cookiepath, $cookiedomain, $cookiesecure);

+

+} // set_session_cookie()

+

+/*

+ * Returns the userID associated with the given session, based on

+ * the given session lifespan $cookietime and the given remote IP

+ * address. If no match found, returns 0.

+ */

+function get_userid_from_session($sessid, $cookietime, $remote_ip, $db)

+{

+ $mintime = time() - $cookietime;

+ $sql = "SELECT user_id

+ FROM sessions

+ WHERE (sess_id = $sessid)

+ AND (start_time > $mintime)

+ AND (remote_ip = '$remote_ip')";

+ $result = $db->sql_query($sql);

+ if (!$result)

+ {

+ error_die($db, "Error doing DB query in get_userid_from_session()");

+ }

+ $rowset = $db->sql_fetchrowset();

+ $num_rows = $db->sql_numrows();

+ if ($num_rows == 0)

+ {

+ return 0;

+ }

+ else

+ {

+ return $rowset[0]["user_id"];

+ }

+

+} // get_userid_from_session()

+

+

+function update_session_time($sessid, $db)

+{

+

+ $newtime = (string) time();

+ $sql = "UPDATE sessions SET start_time=$newtime WHERE (sess_id = $sessid)";

+ $result = $db->sql_query($sql);

+ if (!$result)

+ {

+ $db_error = $db->sql_error();

+ error_die($db, "Error doing DB update in update_session_time(). Reason: " . $db_error["message"]);

+ }

+ return 1;

+

+} // update_session_time()

+

+function end_user_session($userid, $db)

+{

+ $sql = "DELETE FROM sessions WHERE (user_id = $userid)";

+ $result = $db->sql_query($sql, $db);

+ if (!$result)

+ {

+ $db_error = $db->sql_error();

+ error_die($db, "Delete failed in end_user_session(). Reason: " . $db_error["message"]);

+ }

+ return 1;

+

+} // end_session()