aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/session.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb/session.php')
-rw-r--r--phpBB/phpbb/session.php152
1 files changed, 99 insertions, 53 deletions
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 6154f384f3..3f7146c59b 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -447,39 +447,6 @@ class session
if (!$session_expired)
{
- // Only update session DB a minute or so after last update or if page changes
- if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
- {
- $sql_ary = array('session_time' => $this->time_now);
-
- // Do not update the session page for ajax requests, so the view online still works as intended
- if ($this->update_session_page && !$request->is_ajax())
- {
- $sql_ary['session_page'] = substr($this->page['page'], 0, 199);
- $sql_ary['session_forum_id'] = $this->page['forum'];
- }
-
- $db->sql_return_on_error(true);
-
- $this->update_session($sql_ary);
-
- $db->sql_return_on_error(false);
-
- // If the database is not yet updated, there will be an error due to the session_forum_id
- // @todo REMOVE for 3.0.2
- if ($result === false)
- {
- unset($sql_ary['session_forum_id']);
-
- $this->update_session($sql_ary);
- }
-
- if ($this->data['user_id'] != ANONYMOUS && !empty($config['new_member_post_limit']) && $this->data['user_new'] && $config['new_member_post_limit'] <= $this->data['user_posts'])
- {
- $this->leave_newly_registered();
- }
- }
-
$this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
$this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false;
$this->data['user_lang'] = basename($this->data['user_lang']);
@@ -527,7 +494,7 @@ class session
*/
function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true)
{
- global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx, $phpbb_container;
+ global $SID, $_SID, $db, $config, $cache, $phpbb_container, $phpbb_dispatcher;
$this->data = array();
@@ -743,18 +710,6 @@ class session
// Only update session DB a minute or so after last update or if page changes
if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
{
- $this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
-
- $sql_ary = array('session_time' => $this->time_now, 'session_last_visit' => $this->time_now, 'session_admin' => 0);
-
- if ($this->update_session_page)
- {
- $sql_ary['session_page'] = substr($this->page['page'], 0, 199);
- $sql_ary['session_forum_id'] = $this->page['forum'];
- }
-
- $this->update_session($sql_ary);
-
// Update the last visit time
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . (int) $this->data['session_time'] . '
@@ -902,6 +857,19 @@ class session
$_SID = '';
}
+ $session_data = $sql_ary;
+ /**
+ * Event to send new session data to extension
+ * Read-only event
+ *
+ * @event core.session_create_after
+ * @var array session_data Associative array of session keys to be updated
+ * @since 3.1.6-RC1
+ */
+ $vars = array('session_data');
+ extract($phpbb_dispatcher->trigger_event('core.session_create_after', compact($vars)));
+ unset($session_data);
+
return true;
}
@@ -915,13 +883,30 @@ class session
*/
function session_kill($new_session = true)
{
- global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx, $phpbb_container;
+ global $SID, $_SID, $db, $phpbb_container, $phpbb_dispatcher;
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE session_id = '" . $db->sql_escape($this->session_id) . "'
AND session_user_id = " . (int) $this->data['user_id'];
$db->sql_query($sql);
+ $user_id = (int) $this->data['user_id'];
+ $session_id = $this->session_id;
+ /**
+ * Event to send session kill information to extension
+ * Read-only event
+ *
+ * @event core.session_kill_after
+ * @var int user_id user_id of the session user.
+ * @var string session_id current user's session_id
+ * @var bool new_session should we create new session for user
+ * @since 3.1.6-RC1
+ */
+ $vars = array('user_id', 'session_id', 'new_session');
+ extract($phpbb_dispatcher->trigger_event('core.session_kill_after', compact($vars)));
+ unset($user_id);
+ unset($session_id);
+
// Allow connecting logout with external auth method logout
/* @var $provider_collection \phpbb\auth\provider_collection */
$provider_collection = $phpbb_container->get('auth.provider_collection');
@@ -990,7 +975,7 @@ class session
*/
function session_gc()
{
- global $db, $config, $phpbb_root_path, $phpEx, $phpbb_container;
+ global $db, $config, $phpbb_container, $phpbb_dispatcher;
$batch_size = 10;
@@ -1059,6 +1044,14 @@ class session
$db->sql_query($sql);
}
+ /**
+ * Event to trigger extension on session_gc
+ *
+ * @event core.session_gc_after
+ * @since 3.1.6-RC1
+ */
+ $phpbb_dispatcher->dispatch('core.session_gc_after');
+
return;
}
@@ -1076,6 +1069,12 @@ class session
{
global $config;
+ // If headers are already set, we just return
+ if (headers_sent())
+ {
+ return;
+ }
+
$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];
@@ -1227,7 +1226,7 @@ class session
if ($banned && !$return)
{
- global $template, $phpbb_root_path, $phpEx;
+ global $phpbb_root_path, $phpEx;
// If the session is empty we need to create a valid one...
if (empty($this->session_id))
@@ -1404,7 +1403,7 @@ class session
*/
function set_login_key($user_id = false, $key = false, $user_ip = false)
{
- global $config, $db;
+ global $db;
$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
$user_ip = ($user_ip === false) ? $this->ip : $user_ip;
@@ -1414,7 +1413,7 @@ class session
$sql_ary = array(
'key_id' => (string) md5($key_id),
- 'last_ip' => (string) $this->ip,
+ 'last_ip' => (string) $user_ip,
'last_login' => (int) time()
);
@@ -1451,7 +1450,7 @@ class session
*/
function reset_login_keys($user_id = false)
{
- global $config, $db;
+ global $db;
$user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id;
@@ -1552,12 +1551,59 @@ class session
*/
public function update_session($session_data, $session_id = null)
{
- global $db;
+ global $db, $phpbb_dispatcher;
$session_id = ($session_id) ? $session_id : $this->session_id;
$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $session_data) . "
WHERE session_id = '" . $db->sql_escape($session_id) . "'";
$db->sql_query($sql);
+
+ /**
+ * Event to send update session information to extension
+ * Read-only event
+ *
+ * @event core.update_session_after
+ * @var array session_data Associative array of session keys to be updated
+ * @var string session_id current user's session_id
+ * @since 3.1.6-RC1
+ */
+ $vars = array('session_data', 'session_id');
+ extract($phpbb_dispatcher->trigger_event('core.update_session_after', compact($vars)));
+ }
+
+ public function update_session_infos()
+ {
+ global $config, $db, $request;
+
+ // No need to update if it's a new session. Informations are already inserted by session_create()
+ if (isset($this->data['session_created']) && $this->data['session_created'])
+ {
+ return;
+ }
+
+ // Only update session DB a minute or so after last update or if page changes
+ if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
+ {
+ $sql_ary = array('session_time' => $this->time_now);
+
+ // Do not update the session page for ajax requests, so the view online still works as intended
+ if ($this->update_session_page && !$request->is_ajax())
+ {
+ $sql_ary['session_page'] = substr($this->page['page'], 0, 199);
+ $sql_ary['session_forum_id'] = $this->page['forum'];
+ }
+
+ $db->sql_return_on_error(true);
+
+ $this->update_session($sql_ary);
+
+ $db->sql_return_on_error(false);
+
+ if ($this->data['user_id'] != ANONYMOUS && !empty($config['new_member_post_limit']) && $this->data['user_new'] && $config['new_member_post_limit'] <= $this->data['user_posts'])
+ {
+ $this->leave_newly_registered();
+ }
+ }
}
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-01 06:31:07 +0000