diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-04-19 13:18:57 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-04-19 13:18:57 +0000 |
| commit | 175d4a049fb71b7e3cc56d467411bcac5aa2f3d1 (patch) | |
| tree | b1eb00bc68084208983ae64b388f872d9b77fc5e /phpBB/includes/sessions.php | |
| parent | 6c17dca2469dc4683fb35dbf659a249f2272a151 (diff) | |
| download | forums-175d4a049fb71b7e3cc56d467411bcac5aa2f3d1.tar forums-175d4a049fb71b7e3cc56d467411bcac5aa2f3d1.tar.gz forums-175d4a049fb71b7e3cc56d467411bcac5aa2f3d1.tar.bz2 forums-175d4a049fb71b7e3cc56d467411bcac5aa2f3d1.tar.xz forums-175d4a049fb71b7e3cc56d467411bcac5aa2f3d1.zip | |
Moved all included files to includes
git-svn-id: file:///svn/phpbb/trunk@182 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/sessions.php')
| -rw-r--r-- | phpBB/includes/sessions.php | 357 |
1 files changed, 357 insertions, 0 deletions
diff --git a/phpBB/includes/sessions.php b/phpBB/includes/sessions.php new file mode 100644 index 0000000000..158e2d5976 --- /dev/null +++ b/phpBB/includes/sessions.php @@ -0,0 +1,357 @@ +<?php +/*************************************************************************** + * sessions.php + * ------------------- + * begin : Saturday, Feb 13, 2001 + * copyright : (C) 2001 The phpBB Group + * email : support@phpbb.com + * + * $Id$ + * + * + ***************************************************************************/ + +/*************************************************************************** + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * + ***************************************************************************/ + +// +// session_begin() +// +// Adds/updates a new session to the database for the given userid. +// Returns the new session ID on success. +// +function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0, $password = "") +{ + + global $db; + global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; + global $HTTP_COOKIE_VARS; + + $current_time = time(); + $expiry_time = $current_time - $session_length; + $int_ip = encode_ip($user_ip); + + // + // Initial ban check against IP and userid + // + $sql = "SELECT ban_ip, ban_userid + FROM ".BANLIST_TABLE." + WHERE (ban_ip = '$int_ip' OR ban_userid = '$user_id') + AND (ban_start < $current_time AND ban_end > $current_time )"; + $result = $db->sql_query($sql); + if (!$result) + { + error_die(SQL_QUERY, "Couldn't obtain ban information.", __LINE__, __FILE__); + } + $ban_info = $db->sql_fetchrow($result); + + // + // Check for user and ip ban ... + // + if($ban_info['ban_ip'] || $ban_info['ban_userid']) + { + error_die(AUTH_BANNED); + } + else + { + if($user_id == ANONYMOUS) + { + $login = 0; + } + + $sql_update = "UPDATE ".SESSIONS_TABLE." + SET session_user_id = $user_id, session_time = $current_time, session_page = $page_id, session_logged_in = $login + WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].") + AND (session_ip = '$int_ip')"; + + $result = $db->sql_query($sql_update); + + if(!$result || !$db->sql_affectedrows()) + { + mt_srand( (double) microtime() * 1000000); + $session_id = mt_rand(); + + $sql_insert = "INSERT INTO ".SESSIONS_TABLE." + (session_id, session_user_id, session_time, session_ip, session_page, session_logged_in) + VALUES + ($session_id, $user_id, $current_time, '$int_ip', $page_id, $login)"; + $result = $db->sql_query($sql_insert); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error creating new session : session_begin", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + setcookie($cookiename."[sessionid]", $session_id, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + } + else + { + $session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid']; + } + + if(!empty($password) && AUTOLOGON) + { + setcookie($cookiename."[useridref]", $password, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + } + setcookie($cookiename."[userid]", $user_id, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + setcookie($cookiename."[sessionstart]", $current_time, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + setcookie($cookiename."[sessiontime]", $current_time, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + +// echo $sql_update."<BR><BR>".$sql_insert."<BR><BR>"; + + } + + return $session_id; + +} // session_begin + + +// +// Checks for a given user session, tidies session +// table and updates user sessions at each page refresh +// +function session_pagestart($user_ip, $thispage_id, $session_length) +{ + global $db; + global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; + global $HTTP_COOKIE_VARS; + + unset($userdata); + $current_time = time(); + $int_ip = encode_ip($user_ip); + + // + // Delete expired sessions + // + $expiry_time = $current_time - $session_length; + $sql = "DELETE FROM ".SESSIONS_TABLE." + WHERE session_time < $expiry_time"; + $result = $db->sql_query($sql); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error clearing sessions table : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + if(isset($HTTP_COOKIE_VARS[$cookiename]['userid'])) + { + // + // userid exists so go ahead and grab all + // data in preparation + // + $userid = $HTTP_COOKIE_VARS[$cookiename]['userid']; + $sql = "SELECT u.*, s.session_id, s.session_time, s.session_logged_in, b.ban_ip, b.ban_userid + FROM ".USERS_TABLE." u + LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = '$int_ip' OR b.ban_userid = u.user_id) + AND ( b.ban_start < $current_time AND b.ban_end > $current_time ) ) + LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id AND s.session_ip = '$int_ip' ) + WHERE u.user_id = $userid"; + $result = $db->sql_query($sql); + if (!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error doing DB query userdata row fetch : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + $userdata = $db->sql_fetchrow($result); + } + + if($userdata['user_id'] != ''){ // The ID in the cookie was really in the DB. + // + // Check for user and ip ban ... + // + if($userdata['ban_ip'] || $userdata['ban_userid']) + { + error_die(BANNED); + } + + // + // Now, check to see if a session exists. + // If it does then update it, if it doesn't + // then create one. + // + if(isset($HTTP_COOKIE_VARS[$cookiename]['sessionid'])) + { + + // + // Is the id the same as that in the cookie? + // If it is then we see if it needs updating + // + if($HTTP_COOKIE_VARS[$cookiename]['sessionid'] == $userdata['session_id']) + { + + // + // Only update session DB a minute or so after last update + // + if($current_time - $userdata['session_time'] > 60) + { + + $sql = "UPDATE ".SESSIONS_TABLE." + SET session_time = '$current_time', session_page = '$thispage_id' + WHERE (session_id = ".$userdata['session_id'].") + AND (session_ip = '$int_ip') + AND (session_user_id = ".$userdata['user_id'].")"; + $result = $db->sql_query($sql); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error updating sessions table : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + else + { + // + // Update was success, send current time to cookie + // and return userdata + // + setcookie($cookiename."[sessiontime]", $current_time, $session_length, $cookiepath, $cookiedomain, $cookiesecure); + + return $userdata; + } // if (affectedrows) + + } // if (current_time) + + // + // We didn't need to update session + // so just return userdata + // + return $userdata; + + } // if (cookie session_id = DB session id) + + } // if session_id cookie set + + // + // If we reach here then we have a valid + // user_id set in the cookie but no + // active session. So, try and create + // new session (uses AUTOLOGON to determine + // if user should be logged back on automatically) + // + if(AUTOLOGON && isset($HTTP_COOKIE_VARS[$cookiename]['useridref'])) + { + if($HTTP_COOKIE_VARS[$cookiename]['useridref'] == $userdata['user_password']) + { + $autologon = 1; + $password = $userdata['user_password']; + $userdata['session_logged_in'] = 1; + } + else + { + $autologon = 0; + $password = ""; + $userdata['session_logged_in'] = 0; + } + } + else + { + $autologon = 0; + $password = ""; + $userdata['session_logged_in'] = 0; + } + $result = session_begin($userdata['user_id'], $user_ip, $thispage_id, $session_length, $autologon, $password); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error creating ".$userdata['user_id']." session : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + } + else + { + + // + // No userid cookie exists so we'll + // set up a new anonymous session + // + $result = session_begin(ANONYMOUS, $user_ip, $thispage_id, $session_length, 0); + if(!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Error creating anonymous session : session_pagestart", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + $userdata['session_logged_in'] = 0; + } + + return $userdata; + +} // session_check() + +// +// session_end closes out a session +// deleting the corresponding entry +// in the sessions table +// +function session_end($session_id, $user_id) +{ + + global $db; + global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; + + $current_time = time(); + + $sql = "DELETE FROM ".SESSIONS_TABLE." + WHERE (session_user_id = $user_id) + AND (session_id = $session_id)"; + $result = $db->sql_query($sql, $db); + if (!$result) + { + if(DEBUG) + { + error_die(SQL_QUERY, "Couldn't delete user session : session_eng()", __LINE__, __FILE__); + } + else + { + error_die(SESSION_CREATE); + } + } + + setcookie($cookiename."[sessionid]", ""); + setcookie($cookiename."[sessionend]", $current_time, $cookielife, $cookiepath, $cookiedomain, $cookiesecure); + + return true; + +} // session_end() + +?> |