diff options
| author | Nils Adermann <naderman@naderman.de> | 2010-03-02 01:05:38 +0100 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2010-03-02 01:05:38 +0100 |
| commit | 0434ccf303e1313e0b157012da9fb8ded26e886b (patch) | |
| tree | 6e3947fd759cc8cfce52a7d70dba5367e270affc /phpBB/includes/session.php | |
| parent | 2ba97da524f73f3a7244cd68b7f3daee7a1933a6 (diff) | |
| parent | 21ce0215193d34a5f689209c80f6db3ef7cb84c5 (diff) | |
| download | forums-0434ccf303e1313e0b157012da9fb8ded26e886b.tar forums-0434ccf303e1313e0b157012da9fb8ded26e886b.tar.gz forums-0434ccf303e1313e0b157012da9fb8ded26e886b.tar.bz2 forums-0434ccf303e1313e0b157012da9fb8ded26e886b.tar.xz forums-0434ccf303e1313e0b157012da9fb8ded26e886b.zip | |
Merge commit 'release-3.0.1-RC1'
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 59 |
1 files changed, 38 insertions, 21 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 6149063dea..382f76aca3 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -129,7 +129,8 @@ class session 'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path)), 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), - 'page' => $page + 'page' => $page, + 'forum' => (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0, ); return $page_array; @@ -158,7 +159,7 @@ class session $this->update_session_page = $update_session_page; $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; - $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost'; + $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $this->page = $this->extract_current_page($phpbb_root_path); // if the forwarded for header shall be checked we have to validate its contents @@ -179,9 +180,10 @@ class session } } } - - // Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number - $this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : ''; + else + { + $this->forwarded_for = ''; + } if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) { @@ -256,8 +258,8 @@ class session $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); } - $s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : ''; - $u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : ''; + $s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : ''; + $u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : ''; $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; @@ -306,6 +308,7 @@ class session if ($this->update_session_page) { $sql_ary['session_page'] = substr($this->page['page'], 0, 199); + $sql_ary['session_forum_id'] = $this->page['forum']; } $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " @@ -526,8 +529,8 @@ class session $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); } - $s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : ''; - $u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : ''; + $s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : ''; + $u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : ''; $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; @@ -546,6 +549,7 @@ class session if ($this->update_session_page) { $sql_ary['session_page'] = substr($this->page['page'], 0, 199); + $sql_ary['session_forum_id'] = $this->page['forum']; } $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " @@ -579,7 +583,7 @@ class session 'session_start' => (int) $this->time_now, 'session_last_visit' => (int) $this->data['session_last_visit'], 'session_time' => (int) $this->time_now, - 'session_browser' => (string) substr($this->browser, 0, 149), + 'session_browser' => (string) trim(substr($this->browser, 0, 149)), 'session_forwarded_for' => (string) $this->forwarded_for, 'session_ip' => (string) $this->ip, 'session_autologin' => ($session_autologin) ? 1 : 0, @@ -590,6 +594,7 @@ class session if ($this->update_session_page) { $sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199); + $sql_ary['session_forum_id'] = $this->page['forum']; } $db->sql_return_on_error(true); @@ -604,6 +609,8 @@ class session // Limit new sessions in 1 minute period (if required) if (empty($this->data['session_time']) && $config['active_sessions']) { +// $db->sql_return_on_error(false); + $sql = 'SELECT COUNT(session_id) AS sessions FROM ' . SESSIONS_TABLE . ' WHERE session_time >= ' . ($this->time_now - 60); @@ -619,10 +626,15 @@ class session } } + // Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors. + // Commented out because it will not allow forums to update correctly +// $db->sql_return_on_error(false); + $this->session_id = $this->data['session_id'] = md5(unique_id()); $sql_ary['session_id'] = (string) $this->session_id; $sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199); + $sql_ary['session_forum_id'] = $this->page['forum']; $sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); @@ -649,11 +661,11 @@ class session $this->set_cookie('sid', $this->session_id, $cookie_expire); unset($cookie_expire); - + $sql = 'SELECT COUNT(session_id) AS sessions FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . (int) $this->data['user_id'] . ' - AND session_time >= ' . ($this->time_now - $config['form_token_lifetime']); + AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime']))); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -777,7 +789,7 @@ class session global $db, $config; $batch_size = 10; - + if (!$this->time_now) { $this->time_now = time(); @@ -825,7 +837,7 @@ class session // Less than 10 users, update gc timer ... else we want gc // called again to delete other sessions set_config('session_last_gc', $this->time_now, true); - + if ($config['max_autologin_time']) { $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' @@ -834,14 +846,14 @@ class session } $this->confirm_gc(); } - + return; } - + function confirm_gc($type = 0) { global $db, $config; - + $sql = 'SELECT DISTINCT c.session_id FROM ' . CONFIRM_TABLE . ' c LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id) @@ -867,12 +879,16 @@ class session } $db->sql_freeresult($result); } - - + + /** * Sets a cookie * - * Sets a cookie of the given name with the specified data for the given length of time. + * Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set. + * + * @param string $name Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then. + * @param string $cookiedata The data to hold within the cookie + * @param int $cookietime The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set. */ function set_cookie($name, $cookiedata, $cookietime) { @@ -882,7 +898,7 @@ class session $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']; - header('Set-Cookie: ' . $name_data . '; expires=' . $expire . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false); + header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false); } /** @@ -1477,6 +1493,7 @@ class user extends session $sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width FROM ' . STYLES_IMAGESET_DATA_TABLE . ' WHERE imageset_id = ' . $this->theme['imageset_id'] . " + AND image_filename <> '' AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')"; $result = $db->sql_query($sql, 3600); |