aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/session.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/session.php')
-rw-r--r--phpBB/includes/session.php41
1 files changed, 30 insertions, 11 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index b6390e122b..a96a9fc328 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -56,9 +56,9 @@ class session
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
{
- if (preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/', $_SERVER['HTTP_X_FORWARDED_FOR'], $ip_list))
+ if (preg_match('#^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)#', $_SERVER['HTTP_X_FORWARDED_FOR'], $ip_list))
{
- $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');
+ $private_ip = array('#^0\.#', '#^127\.0\.0\.1#', '#^192\.168\.#', '#^172\.16\.#', '#^10\.#', '#^224\.#', '#^240\.#');
$this->ip = preg_replace($private_ip, $this->ip, $ip_list[1]);
}
}
@@ -307,18 +307,22 @@ class session
$del_user_id = '';
$del_sessions = 0;
- while ($row = $db->sql_fetchrow($result))
+ if ($row = $db->sql_fetchrow($result))
{
- if ($row['session_user_id'])
+ do
{
- $sql = "UPDATE " . USERS_TABLE . "
- SET user_lastvisit = " . $row['recent_time'] . "
- WHERE user_id = " . $row['session_user_id'];
- $db->sql_query($sql);
- }
+ if (intval($row['session_user_id']) != ANONYMOUS)
+ {
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET user_lastvisit = " . $row['recent_time'] . "
+ WHERE user_id = " . $row['session_user_id'];
+ $db->sql_query($sql);
+ }
- $del_user_id .= (($del_user_id != '') ? ', ' : '') . " '" . $row['session_user_id'] . "'";
- $del_sessions++;
+ $del_user_id .= (($del_user_id != '') ? ', ' : '') . " '" . $row['session_user_id'] . "'";
+ $del_sessions++;
+ }
+ while ($row = $db->sql_fetchrow($result));
}
if ($del_user_id != '')
@@ -701,6 +705,21 @@ class auth
return;
}
+ // Clear one or all users cached permission settings
+ function acl_clear_prefetch($user_id = false)
+ {
+ global $db;
+
+ $where_sql = ($user_id) ? "WHERE user_id = $user_id" : '';
+
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET user_permissions = ''
+ $where_sql";
+ $db->sql_query($sql);
+
+ return;
+ }
+
// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
function login($username, $password, $autologin = false)
{
generated by cgit v1.2.1 (git 2.21.0) at 2025-04-10 19:59:35 +0000