diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-10-04 13:09:10 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-10-04 13:09:10 +0000 |
| commit | 30aeac65dccceab18e19318e5981118f150c0647 (patch) | |
| tree | 409e1a742796ff1c988593c43f19a9533c258742 /phpBB/includes/session.php | |
| parent | b5bbc005a51658c7496abdcad9b23e978fb7db68 (diff) | |
| download | forums-30aeac65dccceab18e19318e5981118f150c0647.tar forums-30aeac65dccceab18e19318e5981118f150c0647.tar.gz forums-30aeac65dccceab18e19318e5981118f150c0647.tar.bz2 forums-30aeac65dccceab18e19318e5981118f150c0647.tar.xz forums-30aeac65dccceab18e19318e5981118f150c0647.zip | |
Well, here are all my changes ... don't blame me if things break :D
git-svn-id: file:///svn/phpbb/trunk@2923 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 279 |
1 files changed, 181 insertions, 98 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 3d69043e61..779244a32d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -22,34 +22,34 @@ class session { var $session_id = ''; + var $browser = ''; + var $page = ''; var $load; + // Called at each page start ... checks for, updates and/or creates a session function start($update = true) { global $SID, $db, $board_config, $user_ip; - global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_GET_VARS; - $user_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT']; - $user_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF']; - $user_page .= '&' . ( ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : $HTTP_ENV_VARS['QUERY_STRING'] ); $current_time = time(); + $this->browser = ( !empty($_SERVER['HTTP_USER_AGENT']) ) ? $_SERVER['HTTP_USER_AGENT'] : $_ENV['HTTP_USER_AGENT']; + $this->page = ( !empty($_SERVER['PHP_SELF']) ) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF']; + $this->page .= '&' . ( ( !empty($_SERVER['QUERY_STRING']) ) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING'] ); - if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) + if ( isset($_COOKIE[$board_config['cookie_name'] . '_sid']) || isset($_COOKIE[$board_config['cookie_name'] . '_data']) ) { - $sessiondata = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) : ''; - $this->session_id = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : ''; + $sessiondata = ( isset($_COOKIE[$board_config['cookie_name'] . '_data']) ) ? unserialize(stripslashes($_COOKIE[$board_config['cookie_name'] . '_data'])) : ''; + $this->session_id = ( isset($_COOKIE[$board_config['cookie_name'] . '_sid']) ) ? $_COOKIE[$board_config['cookie_name'] . '_sid'] : ''; $SID = '?sid='; } else { $sessiondata = ''; - $this->session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : ''; + $this->session_id = ( isset($_GET['sid']) ) ? $_GET['sid'] : ''; $SID = '?sid=' . $this->session_id; } - // // Load limit check (if applicable) - // if ( !empty($board_config['limit_load']) && file_exists('/proc/loadavg') ) { if ( $load = @file('/proc/loadavg') ) @@ -63,18 +63,7 @@ class session { } } - // - // Garbage collection ... remove old sessions updating user information - // if necessary. It means (potentially) lots of queries but only infrequently - // - if ( $current_time - $board_config['session_gc'] > $board_config['session_last_gc'] ) - { - $this->gc($current_time); - } - - // // session_id exists so go ahead and attempt to grab all data in preparation - // if ( !empty($this->session_id) ) { $sql = "SELECT u.*, s.* @@ -86,28 +75,27 @@ class session { $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); - // // Did the session exist in the DB? - // if ( isset($userdata['user_id']) ) { - // - // Do not check IP assuming equivalence, if IPv4 we'll check only first 24 - // bits ... I've been told (by vHiker) this should alleviate problems with - // load balanced et al proxies while retaining some reliance on IP security. - // + // Validate IP length according to admin ... has no effect on IPv6 $ip_check_s = explode('.', $userdata['session_ip']); $ip_check_u = explode('.', $user_ip); - if ( $ip_check_s[0].'.'.$ip_check_s[1].'.'.$ip_check_s[2] == $ip_check_u[0].'.'.$ip_check_u[1].'.'.$ip_check_u[2] ) + $u_ip = $s_ip = ''; + for($i = 0; $i < $board_config['ip_check']; $i++) + { + $u_ip .= $ip_check_u[$i] . '.'; + $s_ip .= $ip_check_s[$i] . '.'; + } + + if ( $u_ip == $s_ip ) { - // // Only update session DB a minute or so after last update or if page changes - // if ( ( $current_time - $userdata['session_time'] > 60 || $userdata['session_page'] != $user_page ) && $update ) { $sql = "UPDATE " . SESSIONS_TABLE . " - SET session_time = $current_time, session_page = '$user_page' + SET session_time = $current_time, session_page = '$this->page' WHERE session_id = '" . $this->session_id . "'"; $db->sql_query($sql); } @@ -117,29 +105,23 @@ class session { } } - // // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. - // $autologin = ( isset($sessiondata['autologinid']) ) ? $sessiondata['autologinid'] : ''; $user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS; - return $this->create($user_id, $autologin, $user_page, $user_browser); + return $this->create($user_id, $autologin); } - // // Create a new session - // - function create(&$user_id, &$autologin, &$user_page, &$user_browser) + function create(&$user_id, &$autologin) { global $SID, $db, $board_config, $user_ip; $sessiondata = array(); $current_time = time(); - // // Limit sessions in 1 minute period - // $sql = "SELECT COUNT(*) AS sessions FROM " . SESSIONS_TABLE . " WHERE session_time >= " . ( $current_time - 60 ); @@ -153,9 +135,14 @@ class session { message_die(MESSAGE, 'Board_unavailable'); } - // + // Garbage collection ... remove old sessions updating user information + // if necessary. It means (potentially) 22 queries but only infrequently + if ( $current_time - $board_config['session_gc'] > $board_config['session_last_gc'] ) + { + $this->gc($current_time); + } + // Grab user data - // $sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = $user_id"; @@ -164,9 +151,7 @@ class session { $userdata = $db->sql_fetchrow($result); $db->sql_freeresult($result); - // // Check autologin request, is it valid? - // if ( $userdata['user_password'] != $autologin || !$userdata['user_active'] || $user_id == ANONYMOUS ) { $autologin = ''; @@ -195,13 +180,11 @@ class session { } $db->sql_freeresult($result); - // // Create or update the session - // $db->sql_return_on_error(true); $sql = "UPDATE " . SESSIONS_TABLE . " - SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_browser = '$user_browser', session_page = '$user_page' + SET session_user_id = $user_id, session_last_visit = " . $userdata['user_lastvisit'] . ", session_start = $current_time, session_time = $current_time, session_browser = '$this->browser', session_page = '$this->page' WHERE session_id = '" . $this->session_id . "'"; if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() ) { @@ -209,8 +192,8 @@ class session { $this->session_id = md5(uniqid($user_ip)); $sql = "INSERT INTO " . SESSIONS_TABLE . " - (session_id, session_user_id, session_start, session_time, session_ip, session_browser, session_page) - VALUES ('" . $this->session_id . "', $user_id, $current_time, $current_time, '$user_ip', '$user_browser', '$user_page')"; + (session_id, session_user_id, session_last_visit, session_start, session_time, session_ip, session_browser, session_page) + VALUES ('" . $this->session_id . "', $user_id, " . $userdata['user_lastvisit'] . ", $current_time, $current_time, '$user_ip', '$this->browser', '$this->page')"; $db->sql_query($sql); } $db->sql_return_on_error(false); @@ -220,29 +203,31 @@ class session { $sessiondata['autologinid'] = ( $autologin && $user_id != ANONYMOUS ) ? $autologin : ''; $sessiondata['userid'] = $user_id; - setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - setcookie($board_config['cookie_name'] . '_sid', $this->session_id, 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); + $this->set_cookie('data', serialize($sessiondata), $current_time + 31536000); + $this->set_cookie('sid', $this->session_id, 0); $SID = '?sid=' . $this->session_id; + // Events ... + if ( $userdata['user_id'] ) + { +// do_events(); + } + return $userdata; } - // // Destroy a session - // function destroy(&$userdata) { global $SID, $db, $board_config; - global $HTTP_COOKIE_VARS, $HTTP_GET_VARS; $current_time = time(); - setcookie($board_config['cookie_name'] . '_data', '', $current_time - 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); - setcookie($board_config['cookie_name'] . '_sid', '', $current_time - 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); + $this->set_cookie('data', '', $current_time - 31536000); + $this->set_cookie('sid', '', $current_time - 31536000); + $SID = '?sid='; - // // Delete existing session, update last visit info first! - // $sql = "UPDATE " . USERS_TABLE . " SET user_lastvisit = " . $userdata['session_time'] . ", user_session_page = '" . $userdata['session_page'] . "' WHERE user_id = " . $userdata['user_id']; @@ -253,15 +238,34 @@ class session { AND session_user_id = " . $userdata['user_id']; $db->sql_query($sql); - $SID = '?sid='; $this->session_id = ''; return true; } + // Set a cookie + function set_cookie($name, $cookiedata, $cookietime) + { + global $board_config; + + setcookie($board_config['cookie_name'] . '_' . $name, $cookiedata, $cookietime, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); + } + + // This just won't work correctly as it stands ... if a user has more than one session in + // the DB and gc subsequently runs, updating their user_lastvisit time it will screw up + // marking of forums, etc. since it will be reflected immediately in the users current session // + // One way around this would be to store the last visit time within each session and use + // that rather than user_lastvisit in the relevant places. However, the 'problem' still + // persists of a user creating a new session (after leaving the board) before gc has run + // and not having their "true" last visit time be used (i.e. their user_lastvisit won't + // have yet been updated). This behaviour seems to be that of vB and our users seemed to + // dislike this approach when a similar issue arose during 2.0.0 development ... could + // possibly check sessions table before creating new session to see if user is already + // listed ... if they are then use the last session_time from there ... adds another + // query during create though + // Garbage collection - // function gc(&$current_time) { global $db, $board_config, $user_ip; @@ -269,6 +273,7 @@ class session { $sql = "SELECT * FROM " . SESSIONS_TABLE . " WHERE session_time < " . ( $current_time - $board_config['session_length'] ) . " + ORDER BY session_user_id, session_time LIMIT 10"; $result = $db->sql_query($sql); @@ -290,9 +295,7 @@ class session { if ( $del_session_id != '' ) { - // // Delete expired sessions - // $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_id IN ($del_session_id)"; $db->sql_query($sql); @@ -300,10 +303,8 @@ class session { if ( $del_sessions < 10 ) { - // // Less than 10 sessions, update gc timer ... else we want gc // called again to delete other sessions - // $sql = "UPDATE " . CONFIG_TABLE . " SET config_value = '$current_time' WHERE config_name = 'session_last_gc'"; @@ -313,9 +314,7 @@ class session { return; } - // - // - // + // Taken over by user class ... for now at least function configure($userdata, $lang_set = false) { global $db, $template, $lang, $board_config, $theme, $images; @@ -323,25 +322,14 @@ class session { if ( $userdata['user_id'] ) { - $board_config['default_lang'] = $userdata['user_lang']; + $board_config['default_lang'] = ( file_exists($phpbb_root_path . 'language/lang_' . $userdata['user_lang']) ) ? $userdata['user_lang'] : $board_config['default_lang']; $board_config['default_dateformat'] = $userdata['user_dateformat']; $board_config['board_timezone'] = $userdata['user_timezone']; } - if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx) ) - { - $board_config['default_lang'] = 'english'; - } - include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); - if ( defined('IN_ADMIN') ) { - if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx) ) - { - $board_config['default_lang'] = 'english'; - } - include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.' . $phpEx); } @@ -369,22 +357,128 @@ class session { $i10n = array('post_new', 'post_locked', 'post_pm', 'reply_new', 'reply_pm', 'reply_locked', 'icon_quote', 'icon_edit', 'icon_search', 'icon_profile', 'icon_pm', 'icon_email', 'icon_www', 'icon_icq', 'icon_aim', 'icon_yim', 'icon_msnm', 'icon_delete', 'icon_ip', 'icon_no_email', 'icon_no_www', 'icon_no_icq', 'icon_no_aim', 'icon_no_yim', 'icon_no_msnm'); - for($i = 0; $i < sizeof($i10n); $i++) + foreach ( $i10n as $icon ) { - $theme[$i10n[$i]] = str_replace('{LANG}', 'lang_' . $img_lang, $theme[$i10n[$i]]); + $theme[$icon] = str_replace('{LANG}', 'lang_' . $img_lang, $theme[$icon]); } return; } } +// Contains (at present) basic user methods such as configuration +// creating date/time ... keep this? +class user +{ + var $lang_name; + var $lang_path; + + var $date_format; + var $timezone; + var $dst; + + function user(&$userdata, $lang_set = false, $style = false) + { + global $db, $template, $lang, $board_config, $theme, $images; + global $phpEx, $phpbb_root_path; + + if ( $userdata['user_id'] ) + { + $this->lang_name = ( file_exists($phpbb_root_path . 'language/' . $userdata['user_lang']) ) ? $userdata['user_lang'] : $board_config['default_lang']; + $this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name; + + $this->date_format = $userdata['user_dateformat']; + $this->timezone = $userdata['user_timezone']; + $this->dst = $userdata['user_dst'] * 3600; + } + else if ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ) + { + $accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); + foreach ( $accept_lang_ary as $accept_lang ) + { + // Set correct format ... guess full xx_YY form + $accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2)); + if ( file_exists($phpbb_root_path . 'language/' . $accept_lang) ) + { + $this->lang_name = $accept_lang; + $this->lang_path = $phpbb_root_path . 'language/' . $accept_lang; + break; + } + else + { + // No match on xx_YY so try xx + $accept_lang = substr($accept_lang, 0, 2); + if ( file_exists($phpbb_root_path . 'language/' . $accept_lang) ) + { + $this->lang_name = $accept_lang; + $this->lang_path = $phpbb_root_path . 'language/' . $accept_lang; + break; + } + } + } + + $this->date_format = $board_config['default_dateformat']; + $this->timezone = $board_config['board_timezone']; + $this->dst = 0; + } + + include($this->lang_path . '/lang_main.' . $phpEx); + if ( defined('IN_ADMIN') ) + { + include($this->lang_path . '/lang_admin.' . $phpEx); + } + + // Set up style + $style = ( $style ) ? $style : ( ( !$board_config['override_user_style'] && $userdata['user_id'] ) ? $userdata['user_style'] : $board_config['default_style'] ); + + $sql = "SELECT t.template_path, t.poll_length, t.pm_box_length, c.css_data, c.css_external, i.* + FROM " . STYLES_TABLE . " s, " . STYLES_TPL_TABLE . " t, " . STYLES_CSS_TABLE . " c, " . STYLES_IMAGE_TABLE . " i + WHERE s.style_id = $style + AND t.template_id = s.template_id + AND c.theme_id = s.style_id + AND i.imageset_id = s.imageset_id"; + $result = $db->sql_query($sql); + + if ( !($theme = $db->sql_fetchrow($result)) ) + { + message_die(ERROR, 'Could not get style data'); + } + + $template->set_template($theme['template_path']); + + $img_lang = ( file_exists('imageset/' . $theme['imageset_path'] . '/' . $this->lang_name) ) ? $this->lang_name : $board_config['default_lang']; + + $i10n = array('post_new', 'post_locked', 'post_pm', 'reply_new', 'reply_pm', 'reply_locked', 'icon_quote', 'icon_edit', 'icon_search', 'icon_profile', 'icon_pm', 'icon_email', 'icon_www', 'icon_icq', 'icon_aim', 'icon_yim', 'icon_msnm', 'icon_delete', 'icon_ip', 'icon_no_email', 'icon_no_www', 'icon_no_icq', 'icon_no_aim', 'icon_no_yim', 'icon_no_msnm'); + foreach ( $i10n as $icon ) + { + $theme[$icon] = str_replace('{LANG}', $img_lang, $theme[$icon]); + } + + return; + } + + function format_date($gmepoch) + { + global $lang; + static $lang_dates; + + if ( empty($lang_dates) ) + { + foreach ( $lang['datetime'] as $match => $replace ) + { + $lang_dates[$match] = $replace; + } + } + + return strtr(@gmdate($this->date_format, $gmepoch + (3600 * $this->timezone) + $this->dst), $lang_dates); + } + +} -// // Will be keeping my eye of 'other products' to ensure these things don't // mysteriously appear elsewhere, think up your own solutions! -// -class acl +class auth { var $founder = false; var $acl = false; @@ -636,22 +730,11 @@ class acl $auth_sql"; $db->sql_query($sql); } -} -// -// Authentication plug-ins is largely down to -// Sergey Kanareykin, our thanks to him. -// -class login -{ + // Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. function login($username, $password, $autologin = false) { - global $SID, $db, $board_config, $lang, $user_ip, $session; - global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $phpEx; - - $user_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF']; - $user_page .= '&' . ( ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : $HTTP_ENV_VARS['QUERY_STRING'] ); - $this_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT']; + global $board_config, $session, $phpEx; $method = trim($board_config['auth_method']); @@ -669,7 +752,7 @@ class login $autologin = ( isset($autologin) ) ? md5($password) : ''; - return ( $user['user_active'] ) ? $session->create($user['user_id'], $autologin, $user_page, $this_browser) : false; + return ( $user['user_active'] ) ? $session->create($user['user_id'], $autologin) : false; } } |