aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
authorPaul S. Owen <psotfx@users.sourceforge.net>2002-05-09 14:07:33 +0000
committerPaul S. Owen <psotfx@users.sourceforge.net>2002-05-09 14:07:33 +0000
commit8043f50781f84390aea612e0f2e0e516f64decde (patch)
tree4982dbd7e39ab54630de5291a73c1d72a4985f42 /phpBB/includes
parent2d7bfa5c61dd98300b8e57d73e46c7df0470d48e (diff)
downloadforums-8043f50781f84390aea612e0f2e0e516f64decde.tar
forums-8043f50781f84390aea612e0f2e0e516f64decde.tar.gz
forums-8043f50781f84390aea612e0f2e0e516f64decde.tar.bz2
forums-8043f50781f84390aea612e0f2e0e516f64decde.tar.xz
forums-8043f50781f84390aea612e0f2e0e516f64decde.zip
IP related updates + fixed gc in sessions
git-svn-id: file:///svn/phpbb/trunk@2558 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/functions.php12
-rw-r--r--phpBB/includes/sessions.php148
-rw-r--r--phpBB/includes/usercp_email.php2
3 files changed, 82 insertions, 80 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index f43ba358c0..56ce116417 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -297,18 +297,6 @@ function setup_style($style)
return $row;
}
-function encode_ip($dotquad_ip)
-{
- $ip_sep = explode('.', $dotquad_ip);
- return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
-}
-
-function decode_ip($int_ip)
-{
- $hexipbang = explode('.', chunk_split($int_ip, 2, '.'));
- return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
-}
-
//
// Create date/time from format and timezone
//
diff --git a/phpBB/includes/sessions.php b/phpBB/includes/sessions.php
index d174f9e388..977b5d8052 100644
--- a/phpBB/includes/sessions.php
+++ b/phpBB/includes/sessions.php
@@ -20,10 +20,12 @@
*
***************************************************************************/
-//
-// Adds/updates a new session to the database for the given userid.
-// Returns the new session ID on success.
-//
+if ( !defined('IN_PHPBB') )
+{
+ die('Hacking attempt');
+ exit;
+}
+
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0)
{
global $db, $board_config;
@@ -33,6 +35,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
+ $SID = '?sid=';
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
{
@@ -109,11 +112,11 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
//
// Initial ban check against user id, IP and email address
//
- preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);
+ $user_ip_parts = explode('.', $user_ip);
$sql = "SELECT ban_ip, ban_userid, ban_email
FROM " . BANLIST_TABLE . "
- WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')
+ WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . ".256', '" . $user_ip_parts[1] . $user_ip_parts[2] . ".256.256', '" . $user_ip_parts[1] . "256.256.256')
OR ban_userid = $user_id";
if ( $user_id != ANONYMOUS )
{
@@ -133,13 +136,14 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
}
}
+ $login = 1;
+
//
// Create or update the session
//
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login
- WHERE session_id = '" . $session_id . "'
- AND session_ip = '$user_ip'";
+ WHERE session_id = '" . $session_id . "'";
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
$session_id = md5(uniqid($user_ip));
@@ -154,7 +158,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
}
if ( $user_id != ANONYMOUS )
- {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : (
+ {
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
$sql = "UPDATE " . USERS_TABLE . "
@@ -182,7 +186,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
- $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
+ $SID .= ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '';
return $userdata;
}
@@ -196,13 +200,14 @@ function session_pagestart($user_ip, $thispage_id)
global $db, $lang, $board_config;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
+ unset($userdata);
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
+ $SID = '?sid=';
$current_time = time();
- unset($userdata);
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
{
@@ -229,8 +234,7 @@ function session_pagestart($user_ip, $thispage_id)
$sql = "SELECT u.*, s.*
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
WHERE s.session_id = '$session_id'
- AND u.user_id = s.session_user_id
- AND s.session_ip = '$user_ip'";
+ AND u.user_id = s.session_user_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
@@ -243,7 +247,7 @@ function session_pagestart($user_ip, $thispage_id)
//
if ( isset($userdata['user_id']) )
{
- $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
+ $SID .= ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '';
//
// Only update session DB a minute or so after last update
@@ -252,8 +256,7 @@ function session_pagestart($user_ip, $thispage_id)
{
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id
- WHERE session_id = '" . $userdata['session_id'] . "'
- AND session_ip = '$user_ip'";
+ WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
@@ -261,49 +264,7 @@ function session_pagestart($user_ip, $thispage_id)
if ( $current_time - $board_config['session_gc'] > $board_config['session_last_gc'] )
{
- $sql = "SELECT *
- FROM " . SESSIONS_TABLE . "
- WHERE session_time < " . ( $current_time - $board_config['session_length'] ) . "
- AND session_logged_in = 1";
- if ( !($result = $db->sql_query($sql)) )
- {
- message_die(CRITICAL_ERROR, 'Could not obtain expired session list', '', __LINE__, __FILE__, $sql);
- }
-
- $del_session_id = '';
- while ( $row = $db->sql_fetchrow($result) )
- {
- $sql = "UPDATE " . USERS_TABLE . "
- SET user_lastvisit = " . $row['session_time'] . ", user_session_page = " . $row['session_page'] . "
- WHERE user_id = " . $row['session_user_id'];
- if ( !$db->sql_query($sql) )
- {
- message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql);
- }
-
- $del_session_id .= ( ( $del_session_id != '' ) ? ', ' : '' ) . '\'' . $row['session_id'] . '\'';
- }
-
- if ( $del_session_id != '' )
- {
- //
- // Delete expired sessions
- //
- $sql = "DELETE FROM " . SESSIONS_TABLE . "
- WHERE session_id IN ($del_session_id)";
- if ( !$db->sql_query($sql) )
- {
- message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
- }
- }
-
- $sql = "UPDATE " . CONFIG_TABLE . "
- SET config_value = '$current_time'
- WHERE config_name = 'session_last_gc'";
- if ( !$db->sql_query($sql) )
- {
- message_die(CRITICAL_ERROR, 'Could not update session gc time', '', __LINE__, __FILE__, $sql);
- }
+ session_gc($session_id, $current_time);
}
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
@@ -330,8 +291,7 @@ function session_pagestart($user_ip, $thispage_id)
}
//
-// session_end closes out a session
-// deleting the corresponding entry
+// session_end closes out a session deleting the corresponding entry
// in the sessions table
//
function session_end($session_id, $user_id)
@@ -343,6 +303,7 @@ function session_end($session_id, $user_id)
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
+ $SID = '?sid=';
//
// Pull cookiedata or grab the URI propagated sid
@@ -373,19 +334,72 @@ function session_end($session_id, $user_id)
return true;
}
+function session_gc($session_id, $current_time)
+{
+ global $db, $board_config;
+
+ $sql = "SELECT *
+ FROM " . SESSIONS_TABLE . "
+ WHERE session_time < " . ( $current_time - $board_config['session_length'] );
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(CRITICAL_ERROR, 'Could not obtain expired session list', '', __LINE__, __FILE__, $sql);
+ }
+
+ $del_session_id = '';
+ while ( $row = $db->sql_fetchrow($result) )
+ {
+ if ( $row['session_logged_in'] )
+ {
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET user_lastvisit = " . $row['session_time'] . ", user_session_page = " . $row['session_page'] . "
+ WHERE user_id = " . $row['session_user_id'];
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql);
+ }
+ }
+
+ $del_session_id .= ( ( $del_session_id != '' ) ? ', ' : '' ) . '\'' . $row['session_id'] . '\'';
+ }
+
+ if ( $del_session_id != '' )
+ {
+ //
+ // Delete expired sessions
+ //
+ $sql = "DELETE FROM " . SESSIONS_TABLE . "
+ WHERE session_id IN ($del_session_id)";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
+ }
+ }
+
+ $sql = "UPDATE " . CONFIG_TABLE . "
+ SET config_value = '$current_time'
+ WHERE config_name = 'session_last_gc'";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(CRITICAL_ERROR, 'Could not update session gc time', '', __LINE__, __FILE__, $sql);
+ }
+
+ return;
+}
+
+
//
// Append $SID to a url. Borrowed from phplib and modified.
//
+// This routine is doomed I think, instead we just set a URL$SID for
+// appropriate URLs rather than this append stuff. For the time being
+// this change will break URL based session propagation
+//
function append_sid($url, $non_html_amp = false)
{
global $SID;
- if ( !empty($SID) && !eregi('sid=', $url) )
- {
- $url .= ( ( strpos($url, '?') != false ) ? ( ( $non_html_amp ) ? '&' : '&amp;' ) : '?' ) . $SID;
- }
-
- return($url);
+ return $url;
}
?> \ No newline at end of file
diff --git a/phpBB/includes/usercp_email.php b/phpBB/includes/usercp_email.php
index 0878da61ba..17bbd1a93b 100644
--- a/phpBB/includes/usercp_email.php
+++ b/phpBB/includes/usercp_email.php
@@ -103,7 +103,7 @@ if ( $result = $db->sql_query($sql) )
$email_headers .= 'X-AntiAbuse: Board servername - ' . $server_name . "\n";
$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
- $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\r\n";
+ $email_headers .= 'X-AntiAbuse: User IP - ' . $user_ip . "\r\n";
$emailer->use_template('profile_send_email', $user_lang);
$emailer->email_address($user_email);
generated by cgit v1.2.1 (git 2.21.0) at 2025-03-21 23:09:39 +0000