diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2017-06-25 17:27:42 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-06-25 17:27:42 +0200 |
| commit | 71f9c6ebe53648b4d9883e725bde3d836de8303d (patch) | |
| tree | a091c20bf283746cd576ec7de5758ea2d9124607 /phpBB/phpbb/session.php | |
| parent | 8938a0ce98c5f490abdd6c4149055c2f214ad04c (diff) | |
| parent | cc556122f36ec8f5723aa4cd70b7848c9b897c41 (diff) | |
| download | forums-71f9c6ebe53648b4d9883e725bde3d836de8303d.tar forums-71f9c6ebe53648b4d9883e725bde3d836de8303d.tar.gz forums-71f9c6ebe53648b4d9883e725bde3d836de8303d.tar.bz2 forums-71f9c6ebe53648b4d9883e725bde3d836de8303d.tar.xz forums-71f9c6ebe53648b4d9883e725bde3d836de8303d.zip | |
Merge pull request #4860 from marc1706/ticket/14982
[ticket/14982] Always do a ban check except on contact me form
Diffstat (limited to 'phpBB/phpbb/session.php')
| -rw-r--r-- | phpBB/phpbb/session.php | 47 |
1 files changed, 30 insertions, 17 deletions
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index eb5543b50b..45e82df591 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -460,6 +460,9 @@ class session $this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false; $this->data['user_lang'] = basename($this->data['user_lang']); + // Is user banned? Are they excluded? Won't return on ban, exists within method + $this->check_ban_for_current_session($config); + return true; } } @@ -666,19 +669,7 @@ class session // session exists in which case session_id will also be set // Is user banned? Are they excluded? Won't return on ban, exists within method - if ($this->data['user_type'] != USER_FOUNDER) - { - if (!$config['forwarded_for_check']) - { - $this->check_ban($this->data['user_id'], $this->ip); - } - else - { - $ips = explode(' ', $this->forwarded_for); - $ips[] = $this->ip; - $this->check_ban($this->data['user_id'], $ips); - } - } + $this->check_ban_for_current_session($config); $this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; $this->data['is_bot'] = ($bot) ? true : false; @@ -1268,9 +1259,6 @@ class session $message .= ($ban_row['ban_give_reason']) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : ''; $message .= '<br /><br /><em>' . $this->lang['BAN_TRIGGERED_BY_' . strtoupper($ban_triggered_by)] . '</em>'; - // To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again - $this->session_kill(false); - // A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page if (defined('IN_CRON')) { @@ -1279,6 +1267,9 @@ class session exit; } + // To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again + $this->session_kill(false); + trigger_error($message); } @@ -1286,6 +1277,28 @@ class session } /** + * Check the current session for bans + * + * @return true if session user is banned. + */ + protected function check_ban_for_current_session($config) + { + if (!defined('SKIP_CHECK_BAN') && $this->data['user_type'] != USER_FOUNDER) + { + if (!$config['forwarded_for_check']) + { + $this->check_ban($this->data['user_id'], $this->ip); + } + else + { + $ips = explode(' ', $this->forwarded_for); + $ips[] = $this->ip; + $this->check_ban($this->data['user_id'], $ips); + } + } + } + + /** * Check if ip is blacklisted * This should be called only where absolutely necessary * @@ -1576,7 +1589,7 @@ class session } // Only update session DB a minute or so after last update or if page changes - if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) + if ($this->time_now - ((isset($this->data['session_time'])) ? $this->data['session_time'] : 0) > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) { $sql_ary = array('session_time' => $this->time_now); |