From 8b423ba3084fbe29ce83aef2a5f6ac5380ee006e Mon Sep 17 00:00:00 2001
From: Henry Sudhof <kellanved@phpbb.com>
Date: Thu, 3 Jan 2008 14:04:12 +0000
Subject: #16865

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8293 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 6149063dea..9411ec1ae6 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -1477,6 +1477,7 @@ class user extends session
 		$sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width
 			FROM ' . STYLES_IMAGESET_DATA_TABLE . '
 			WHERE imageset_id = ' . $this->theme['imageset_id'] . "
+			AND image_filename <> '' 
 			AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')";
 		$result = $db->sql_query($sql, 3600);
 
@@ -1886,7 +1887,7 @@ class user extends session
 
 			default:
 				$use_width = ($width === false) ? $img_data['width'] : $width;
-
+				
 				return '<img src="' . $img_data['src'] . '"' . (($use_width) ? ' width="' . $use_width . '"' : '') . (($img_data['height']) ? ' height="' . $img_data['height'] . '"' : '') . ' alt="' . $alt . '" title="' . $alt . '" />';
 			break;
 		}
-- 
cgit v1.2.1


From 12a9e001837da139a9ea07b8dd52019ee071d9bd Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Sun, 6 Jan 2008 17:00:09 +0000
Subject: - Do not split topic list for topics being promoted to announcements
 after been moved to another forum (Bug #18635) - Allow editing usernames
 within database_update on username cleanup (Bug #18415) - Fixing wrong sync()
 calls if moving all posts by a member in ACP (Bug #18385) - Check entered
 imagemagick path for trailing slash (Bug #18205) - Use proper title on index
 for new/unread posts (Bug #13101) - patch provided by Pyramide - Allow calls
 to $user->set_cookie() define no cookie time for setting session cookies (Bug
 #18025)

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8310 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 9411ec1ae6..afc9e810e3 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -872,7 +872,11 @@ class session
 	/**
 	* Sets a cookie
 	*
-	* Sets a cookie of the given name with the specified data for the given length of time.
+	* Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set.
+	*
+	* @param string $name		Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then.
+	* @param string $cookiedata	The data to hold within the cookie
+	* @param int $cookietime	The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set.
 	*/
 	function set_cookie($name, $cookiedata, $cookietime)
 	{
@@ -882,7 +886,7 @@ class session
 		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
 		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
 
-		header('Set-Cookie: ' . $name_data . '; expires=' . $expire . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
+		header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
 	}
 
 	/**
-- 
cgit v1.2.1


From 79b02d160a496a2441d62f8beabfc5ca95499863 Mon Sep 17 00:00:00 2001
From: Henry Sudhof <kellanved@phpbb.com>
Date: Mon, 28 Jan 2008 13:00:10 +0000
Subject: 20255

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8337 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index afc9e810e3..70ffd4ee08 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -653,7 +653,7 @@ class session
 			$sql = 'SELECT COUNT(session_id) AS sessions
 					FROM ' . SESSIONS_TABLE . '
 					WHERE session_user_id = ' . (int) $this->data['user_id'] . '
-					AND session_time >= ' . ($this->time_now - $config['form_token_lifetime']);
+					AND session_time >= ' . (int)($this->time_now - (max($config['session_length'], $config['form_token_lifetime'])));
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
-- 
cgit v1.2.1


From 98e394987f04fad65ecf3c743e4af4c92b23e932 Mon Sep 17 00:00:00 2001
From: Henry Sudhof <kellanved@phpbb.com>
Date: Mon, 28 Jan 2008 15:20:47 +0000
Subject: nit rightfully picked

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8340 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 70ffd4ee08..17f6759cb8 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -653,7 +653,7 @@ class session
 			$sql = 'SELECT COUNT(session_id) AS sessions
 					FROM ' . SESSIONS_TABLE . '
 					WHERE session_user_id = ' . (int) $this->data['user_id'] . '
-					AND session_time >= ' . (int)($this->time_now - (max($config['session_length'], $config['form_token_lifetime'])));
+					AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime'])));
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
-- 
cgit v1.2.1


From 5efd4f2c00c8d3f12a881d4fce54bc92986902c5 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Tue, 29 Jan 2008 14:23:02 +0000
Subject: #20135

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8343 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 17f6759cb8..738cbfa74d 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -256,8 +256,8 @@ class session
 					$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
 				}
 
-				$s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
-				$u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
+				$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : '';
+				$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : '';
 
 				$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
 				$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
@@ -526,8 +526,8 @@ class session
 				$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
 			}
 
-			$s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
-			$u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
+			$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : '';
+			$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : '';
 
 			$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
 			$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
@@ -579,7 +579,7 @@ class session
 			'session_start'			=> (int) $this->time_now,
 			'session_last_visit'	=> (int) $this->data['session_last_visit'],
 			'session_time'			=> (int) $this->time_now,
-			'session_browser'		=> (string) substr($this->browser, 0, 149),
+			'session_browser'		=> (string) trim(substr($this->browser, 0, 149)),
 			'session_forwarded_for'	=> (string) $this->forwarded_for,
 			'session_ip'			=> (string) $this->ip,
 			'session_autologin'		=> ($session_autologin) ? 1 : 0,
-- 
cgit v1.2.1


From c7821700dd36899a53b8afe9f859d7a40a23e7b4 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Tue, 29 Jan 2008 15:49:15 +0000
Subject: #19955

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8348 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 738cbfa74d..0a80f32933 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -158,7 +158,7 @@ class session
 		$this->update_session_page	= $update_session_page;
 		$this->browser				= (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
 		$this->forwarded_for		= (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
-		$this->host					= (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost';
+		$this->host					= (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 		$this->page					= $this->extract_current_page($phpbb_root_path);
 
 		// if the forwarded for header shall be checked we have to validate its contents
@@ -649,7 +649,7 @@ class session
 			$this->set_cookie('sid', $this->session_id, $cookie_expire);
 
 			unset($cookie_expire);
-			
+
 			$sql = 'SELECT COUNT(session_id) AS sessions
 					FROM ' . SESSIONS_TABLE . '
 					WHERE session_user_id = ' . (int) $this->data['user_id'] . '
@@ -777,7 +777,7 @@ class session
 		global $db, $config;
 
 		$batch_size = 10;
-		
+
 		if (!$this->time_now)
 		{
 			$this->time_now = time();
@@ -825,7 +825,7 @@ class session
 			// Less than 10 users, update gc timer ... else we want gc
 			// called again to delete other sessions
 			set_config('session_last_gc', $this->time_now, true);
-			
+
 			if ($config['max_autologin_time'])
 			{
 				$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
@@ -834,14 +834,14 @@ class session
 			}
 			$this->confirm_gc();
 		}
-		
+
 		return;
 	}
-	
+
 	function confirm_gc($type = 0)
 	{
 		global $db, $config;
-		
+
 		$sql = 'SELECT DISTINCT c.session_id
 				FROM ' . CONFIRM_TABLE . ' c
 				LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id)
@@ -867,8 +867,8 @@ class session
 		}
 		$db->sql_freeresult($result);
 	}
-	
-	
+
+
 	/**
 	* Sets a cookie
 	*
@@ -1481,7 +1481,7 @@ class user extends session
 		$sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width
 			FROM ' . STYLES_IMAGESET_DATA_TABLE . '
 			WHERE imageset_id = ' . $this->theme['imageset_id'] . "
-			AND image_filename <> '' 
+			AND image_filename <> ''
 			AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')";
 		$result = $db->sql_query($sql, 3600);
 
@@ -1891,7 +1891,7 @@ class user extends session
 
 			default:
 				$use_width = ($width === false) ? $img_data['width'] : $width;
-				
+
 				return '<img src="' . $img_data['src'] . '"' . (($use_width) ? ' width="' . $use_width . '"' : '') . (($img_data['height']) ? ' height="' . $img_data['height'] . '"' : '') . ' alt="' . $alt . '" title="' . $alt . '" />';
 			break;
 		}
-- 
cgit v1.2.1


From bd31cb634d545edb0cf17e58962004d6830f3537 Mon Sep 17 00:00:00 2001
From: Henry Sudhof <kellanved@phpbb.com>
Date: Mon, 4 Feb 2008 12:10:25 +0000
Subject: Minor stuff: #20925, #20815

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8375 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 0a80f32933..affd447787 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -179,6 +179,10 @@ class session
 				}
 			}
 		}
+		else
+		{
+			$this->forwarded_for = '';
+		}
 
 		// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
 		$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
-- 
cgit v1.2.1


From b7ef95ed091580df66da23fc1bca403758645fc3 Mon Sep 17 00:00:00 2001
From: Henry Sudhof <kellanved@phpbb.com>
Date: Mon, 17 Mar 2008 16:25:07 +0000
Subject: This should get rid of the filesorts and temp tables on index (with
 topic read tracking as exception). Updater still needs testing. Not yet
 merged to 3.1 #22715 - thanks HoL

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8436 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index affd447787..91b412b075 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -129,7 +129,8 @@ class session
 			'script_path'		=> str_replace(' ', '%20', htmlspecialchars($script_path)),
 			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
 
-			'page'				=> $page
+			'page'				=> $page,
+			'forum'				=> (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ?  (int) $_REQUEST['f'] : 0,
 		);
 
 		return $page_array;
@@ -186,6 +187,8 @@ class session
 
 		// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
 		$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
+		
+
 
 		if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
 		{
@@ -310,6 +313,7 @@ class session
 							if ($this->update_session_page)
 							{
 								$sql_ary['session_page'] = substr($this->page['page'], 0, 199);
+								$sql_ary['session_forum_id'] = $this->page['forum'];
 							}
 
 							$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
@@ -550,6 +554,7 @@ class session
 					if ($this->update_session_page)
 					{
 						$sql_ary['session_page'] = substr($this->page['page'], 0, 199);
+						$sql_ary['session_forum_id'] = $this->page['forum'];
 					}
 
 					$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
@@ -594,6 +599,7 @@ class session
 		if ($this->update_session_page)
 		{
 			$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
+			$sql_ary['session_forum_id'] = $this->page['forum'];
 		}
 
 		$db->sql_return_on_error(true);
@@ -627,6 +633,7 @@ class session
 
 		$sql_ary['session_id'] = (string) $this->session_id;
 		$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
+		$sql_ary['session_forum_id'] = $this->page['forum'];
 
 		$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 		$db->sql_query($sql);
-- 
cgit v1.2.1


From 221001a6dc86c7cd9246b6614adb24c1d88c0067 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Tue, 18 Mar 2008 10:14:37 +0000
Subject: - some changes to the recent session change - display errors on
 inserting sessions - fix database updater

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8438 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 91b412b075..9aee53531c 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -130,7 +130,7 @@ class session
 			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
 
 			'page'				=> $page,
-			'forum'				=> (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ?  (int) $_REQUEST['f'] : 0,
+			'forum'				=> (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0,
 		);
 
 		return $page_array;
@@ -185,11 +185,6 @@ class session
 			$this->forwarded_for = '';
 		}
 
-		// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
-		$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
-		
-
-
 		if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
 		{
 			$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
@@ -614,6 +609,8 @@ class session
 			// Limit new sessions in 1 minute period (if required)
 			if (empty($this->data['session_time']) && $config['active_sessions'])
 			{
+				$db->sql_return_on_error(false);
+
 				$sql = 'SELECT COUNT(session_id) AS sessions
 					FROM ' . SESSIONS_TABLE . '
 					WHERE session_time >= ' . ($this->time_now - 60);
@@ -629,6 +626,9 @@ class session
 			}
 		}
 
+		// Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors.
+		$db->sql_return_on_error(false);
+
 		$this->session_id = $this->data['session_id'] = md5(unique_id());
 
 		$sql_ary['session_id'] = (string) $this->session_id;
@@ -638,8 +638,6 @@ class session
 		$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 		$db->sql_query($sql);
 
-		$db->sql_return_on_error(false);
-
 		// Regenerate autologin/persistent login key
 		if ($session_autologin)
 		{
-- 
cgit v1.2.1


From 5a1d2a94a3af00cee33e0add91a1c5a75c09c250 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Tue, 18 Mar 2008 11:11:16 +0000
Subject: do not conflict with updates

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8441 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'phpBB/includes/session.php')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 9aee53531c..382f76aca3 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -609,7 +609,7 @@ class session
 			// Limit new sessions in 1 minute period (if required)
 			if (empty($this->data['session_time']) && $config['active_sessions'])
 			{
-				$db->sql_return_on_error(false);
+//				$db->sql_return_on_error(false);
 
 				$sql = 'SELECT COUNT(session_id) AS sessions
 					FROM ' . SESSIONS_TABLE . '
@@ -627,7 +627,8 @@ class session
 		}
 
 		// Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors.
-		$db->sql_return_on_error(false);
+		// Commented out because it will not allow forums to update correctly
+//		$db->sql_return_on_error(false);
 
 		$this->session_id = $this->data['session_id'] = md5(unique_id());
 
@@ -638,6 +639,8 @@ class session
 		$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
 		$db->sql_query($sql);
 
+		$db->sql_return_on_error(false);
+
 		// Regenerate autologin/persistent login key
 		if ($session_autologin)
 		{
-- 
cgit v1.2.1