From 8b423ba3084fbe29ce83aef2a5f6ac5380ee006e Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Thu, 3 Jan 2008 14:04:12 +0000 Subject: #16865 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8293 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 6149063dea..9411ec1ae6 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1477,6 +1477,7 @@ class user extends session $sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width FROM ' . STYLES_IMAGESET_DATA_TABLE . ' WHERE imageset_id = ' . $this->theme['imageset_id'] . " + AND image_filename <> '' AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')"; $result = $db->sql_query($sql, 3600); @@ -1886,7 +1887,7 @@ class user extends session default: $use_width = ($width === false) ? $img_data['width'] : $width; - + return '' . $alt . ''; break; } -- cgit v1.2.1 From 12a9e001837da139a9ea07b8dd52019ee071d9bd Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 6 Jan 2008 17:00:09 +0000 Subject: - Do not split topic list for topics being promoted to announcements after been moved to another forum (Bug #18635) - Allow editing usernames within database_update on username cleanup (Bug #18415) - Fixing wrong sync() calls if moving all posts by a member in ACP (Bug #18385) - Check entered imagemagick path for trailing slash (Bug #18205) - Use proper title on index for new/unread posts (Bug #13101) - patch provided by Pyramide - Allow calls to $user->set_cookie() define no cookie time for setting session cookies (Bug #18025) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8310 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 9411ec1ae6..afc9e810e3 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -872,7 +872,11 @@ class session /** * Sets a cookie * - * Sets a cookie of the given name with the specified data for the given length of time. + * Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set. + * + * @param string $name Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then. + * @param string $cookiedata The data to hold within the cookie + * @param int $cookietime The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set. */ function set_cookie($name, $cookiedata, $cookietime) { @@ -882,7 +886,7 @@ class session $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']; - header('Set-Cookie: ' . $name_data . '; expires=' . $expire . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false); + header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false); } /** -- cgit v1.2.1 From 79b02d160a496a2441d62f8beabfc5ca95499863 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Mon, 28 Jan 2008 13:00:10 +0000 Subject: 20255 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8337 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index afc9e810e3..70ffd4ee08 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -653,7 +653,7 @@ class session $sql = 'SELECT COUNT(session_id) AS sessions FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . (int) $this->data['user_id'] . ' - AND session_time >= ' . ($this->time_now - $config['form_token_lifetime']); + AND session_time >= ' . (int)($this->time_now - (max($config['session_length'], $config['form_token_lifetime']))); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); -- cgit v1.2.1 From 98e394987f04fad65ecf3c743e4af4c92b23e932 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Mon, 28 Jan 2008 15:20:47 +0000 Subject: nit rightfully picked git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8340 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 70ffd4ee08..17f6759cb8 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -653,7 +653,7 @@ class session $sql = 'SELECT COUNT(session_id) AS sessions FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . (int) $this->data['user_id'] . ' - AND session_time >= ' . (int)($this->time_now - (max($config['session_length'], $config['form_token_lifetime']))); + AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime']))); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); -- cgit v1.2.1 From 5efd4f2c00c8d3f12a881d4fce54bc92986902c5 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 29 Jan 2008 14:23:02 +0000 Subject: #20135 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8343 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 17f6759cb8..738cbfa74d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -256,8 +256,8 @@ class session $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); } - $s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : ''; - $u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : ''; + $s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : ''; + $u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : ''; $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; @@ -526,8 +526,8 @@ class session $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); } - $s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : ''; - $u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : ''; + $s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : ''; + $u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : ''; $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; @@ -579,7 +579,7 @@ class session 'session_start' => (int) $this->time_now, 'session_last_visit' => (int) $this->data['session_last_visit'], 'session_time' => (int) $this->time_now, - 'session_browser' => (string) substr($this->browser, 0, 149), + 'session_browser' => (string) trim(substr($this->browser, 0, 149)), 'session_forwarded_for' => (string) $this->forwarded_for, 'session_ip' => (string) $this->ip, 'session_autologin' => ($session_autologin) ? 1 : 0, -- cgit v1.2.1 From c7821700dd36899a53b8afe9f859d7a40a23e7b4 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 29 Jan 2008 15:49:15 +0000 Subject: #19955 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8348 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 738cbfa74d..0a80f32933 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -158,7 +158,7 @@ class session $this->update_session_page = $update_session_page; $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; - $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost'; + $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $this->page = $this->extract_current_page($phpbb_root_path); // if the forwarded for header shall be checked we have to validate its contents @@ -649,7 +649,7 @@ class session $this->set_cookie('sid', $this->session_id, $cookie_expire); unset($cookie_expire); - + $sql = 'SELECT COUNT(session_id) AS sessions FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . (int) $this->data['user_id'] . ' @@ -777,7 +777,7 @@ class session global $db, $config; $batch_size = 10; - + if (!$this->time_now) { $this->time_now = time(); @@ -825,7 +825,7 @@ class session // Less than 10 users, update gc timer ... else we want gc // called again to delete other sessions set_config('session_last_gc', $this->time_now, true); - + if ($config['max_autologin_time']) { $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' @@ -834,14 +834,14 @@ class session } $this->confirm_gc(); } - + return; } - + function confirm_gc($type = 0) { global $db, $config; - + $sql = 'SELECT DISTINCT c.session_id FROM ' . CONFIRM_TABLE . ' c LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id) @@ -867,8 +867,8 @@ class session } $db->sql_freeresult($result); } - - + + /** * Sets a cookie * @@ -1481,7 +1481,7 @@ class user extends session $sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width FROM ' . STYLES_IMAGESET_DATA_TABLE . ' WHERE imageset_id = ' . $this->theme['imageset_id'] . " - AND image_filename <> '' + AND image_filename <> '' AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')"; $result = $db->sql_query($sql, 3600); @@ -1891,7 +1891,7 @@ class user extends session default: $use_width = ($width === false) ? $img_data['width'] : $width; - + return '' . $alt . ''; break; } -- cgit v1.2.1 From bd31cb634d545edb0cf17e58962004d6830f3537 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Mon, 4 Feb 2008 12:10:25 +0000 Subject: Minor stuff: #20925, #20815 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8375 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 0a80f32933..affd447787 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -179,6 +179,10 @@ class session } } } + else + { + $this->forwarded_for = ''; + } // Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number $this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : ''; -- cgit v1.2.1 From b7ef95ed091580df66da23fc1bca403758645fc3 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Mon, 17 Mar 2008 16:25:07 +0000 Subject: This should get rid of the filesorts and temp tables on index (with topic read tracking as exception). Updater still needs testing. Not yet merged to 3.1 #22715 - thanks HoL git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8436 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index affd447787..91b412b075 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -129,7 +129,8 @@ class session 'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path)), 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), - 'page' => $page + 'page' => $page, + 'forum' => (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0, ); return $page_array; @@ -186,6 +187,8 @@ class session // Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number $this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : ''; + + if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) { @@ -310,6 +313,7 @@ class session if ($this->update_session_page) { $sql_ary['session_page'] = substr($this->page['page'], 0, 199); + $sql_ary['session_forum_id'] = $this->page['forum']; } $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " @@ -550,6 +554,7 @@ class session if ($this->update_session_page) { $sql_ary['session_page'] = substr($this->page['page'], 0, 199); + $sql_ary['session_forum_id'] = $this->page['forum']; } $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " @@ -594,6 +599,7 @@ class session if ($this->update_session_page) { $sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199); + $sql_ary['session_forum_id'] = $this->page['forum']; } $db->sql_return_on_error(true); @@ -627,6 +633,7 @@ class session $sql_ary['session_id'] = (string) $this->session_id; $sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199); + $sql_ary['session_forum_id'] = $this->page['forum']; $sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); -- cgit v1.2.1 From 221001a6dc86c7cd9246b6614adb24c1d88c0067 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 18 Mar 2008 10:14:37 +0000 Subject: - some changes to the recent session change - display errors on inserting sessions - fix database updater git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8438 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 91b412b075..9aee53531c 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -130,7 +130,7 @@ class session 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), 'page' => $page, - 'forum' => (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0, + 'forum' => (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0, ); return $page_array; @@ -185,11 +185,6 @@ class session $this->forwarded_for = ''; } - // Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number - $this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : ''; - - - if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) { $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true); @@ -614,6 +609,8 @@ class session // Limit new sessions in 1 minute period (if required) if (empty($this->data['session_time']) && $config['active_sessions']) { + $db->sql_return_on_error(false); + $sql = 'SELECT COUNT(session_id) AS sessions FROM ' . SESSIONS_TABLE . ' WHERE session_time >= ' . ($this->time_now - 60); @@ -629,6 +626,9 @@ class session } } + // Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors. + $db->sql_return_on_error(false); + $this->session_id = $this->data['session_id'] = md5(unique_id()); $sql_ary['session_id'] = (string) $this->session_id; @@ -638,8 +638,6 @@ class session $sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); - $db->sql_return_on_error(false); - // Regenerate autologin/persistent login key if ($session_autologin) { -- cgit v1.2.1 From 5a1d2a94a3af00cee33e0add91a1c5a75c09c250 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 18 Mar 2008 11:11:16 +0000 Subject: do not conflict with updates git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8441 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 9aee53531c..382f76aca3 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -609,7 +609,7 @@ class session // Limit new sessions in 1 minute period (if required) if (empty($this->data['session_time']) && $config['active_sessions']) { - $db->sql_return_on_error(false); +// $db->sql_return_on_error(false); $sql = 'SELECT COUNT(session_id) AS sessions FROM ' . SESSIONS_TABLE . ' @@ -627,7 +627,8 @@ class session } // Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors. - $db->sql_return_on_error(false); + // Commented out because it will not allow forums to update correctly +// $db->sql_return_on_error(false); $this->session_id = $this->data['session_id'] = md5(unique_id()); @@ -638,6 +639,8 @@ class session $sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); + $db->sql_return_on_error(false); + // Regenerate autologin/persistent login key if ($session_autologin) { -- cgit v1.2.1 From b2521b83b1a5c35c4c5df9c90515eb3d90cdab4d Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 27 Mar 2008 16:17:54 +0000 Subject: some corrections to let the update work flawlessly. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8475 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 382f76aca3..da54a6c512 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -311,9 +311,24 @@ class session $sql_ary['session_forum_id'] = $this->page['forum']; } + $db->sql_return_on_error(true); + $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; - $db->sql_query($sql); + $result = $db->sql_query($sql); + + $db->sql_return_on_error(false); + + // If the database is not yet updated, there will be an error due to the session_forum_id + // @todo REMOVE for 3.0.2 + if ($result === false) + { + unset($sql_ary['session_forum_id']); + + $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " + WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; + $db->sql_query($sql); + } } $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; -- cgit v1.2.1 From 3613ddf523f6e555e8095f1d0f995fa44a99da6f Mon Sep 17 00:00:00 2001 From: David M Date: Sun, 20 Apr 2008 05:13:34 +0000 Subject: #21255 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8509 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index da54a6c512..08f6512424 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -217,9 +217,9 @@ class session // Load limit check (if applicable) if ($config['limit_load'] || $config['limit_search_load']) { - if ($load = @file_get_contents('/proc/loadavg')) + if ((function_exists('sys_getloadavg') && $load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg')))) { - $this->load = array_slice(explode(' ', $load), 0, 1); + $this->load = array_slice($load, 0, 1); $this->load = floatval($this->load[0]); } else -- cgit v1.2.1 From d3c685c652646eafa050106eff945b3039439d91 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 4 May 2008 14:44:48 +0000 Subject: it is indeed no longer required git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8544 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 08f6512424..8239921ba8 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -68,7 +68,7 @@ class session foreach ($args as $key => $argument) { - if (strpos($argument, 'sid=') === 0 || strpos($argument, '_f_=') === 0) + if (strpos($argument, 'sid=') === 0) { continue; } -- cgit v1.2.1 From 9413af5e1a59a9bfc01fb5d3896a2fb5d34055f4 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Thu, 15 May 2008 13:29:14 +0000 Subject: So, tighten things up a little further. QA Team, please check this. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8554 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 50 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8239921ba8..33fce6731b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -158,6 +158,7 @@ class session $this->cookie_data = array('u' => 0, 'k' => ''); $this->update_session_page = $update_session_page; $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; + $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $this->page = $this->extract_current_page($phpbb_root_path); @@ -263,8 +264,17 @@ class session $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; + + // referer checks + $check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH; + $referer_valid = true; + if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') + { + $referer_valid = $this->validate_referer($check_referer_path); + } + - if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for) + if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid) { $session_expired = false; @@ -343,7 +353,14 @@ class session // Added logging temporarly to help debug bugs... if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS) { - add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); + if ($referer_valid) + { + add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); + } + else + { + add_log('critical', 'LOG_REFERER_INVALID', $this->referer); + } } } } @@ -1279,6 +1296,35 @@ class session $this->set_login_key($user_id); } } + + + /** + * Check if the request originated from the same page. + * @param bool $check_script_path If true, the path will be checked as well + */ + function validate_referer($check_script_path = false) + { + // no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason) + if (empty($this->referer) || empty($this->host) ) + { + return true; + } + $host = htmlspecialchars($this->host); + $ref = substr($this->referer, strpos($this->referer, '://') + 3); + if (!(stripos($ref , $host) === 0)) + { + return false; + } + else if ($check_script_path && !empty(rtrim($this->page['root_script_path'], '/'))) + { + $ref = substr($ref, strlen($host)); + if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) + { + return false; + } + } + return true; + } } -- cgit v1.2.1 From c5ba29e1faf708dc890fcc2acddf36ca25c321ab Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Thu, 15 May 2008 14:17:17 +0000 Subject: 27375 - keep it up git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8556 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 33fce6731b..66554f1ab5 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1315,7 +1315,7 @@ class session { return false; } - else if ($check_script_path && !empty(rtrim($this->page['root_script_path'], '/'))) + else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '' ) { $ref = substr($ref, strlen($host)); if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) -- cgit v1.2.1 From 5ea735d3adad4c70aef347dbccb5c533c2ef15d7 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Fri, 16 May 2008 12:34:39 +0000 Subject: explanation git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8557 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 66554f1ab5..e216b3e36a 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -268,6 +268,7 @@ class session // referer checks $check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH; $referer_valid = true; + // we assume HEAD and TRACE to be foul play and thus only whitelist GET if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') { $referer_valid = $this->validate_referer($check_referer_path); -- cgit v1.2.1 From 2f5297751a4643fae1917e63c620a793d9711ff3 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Sat, 17 May 2008 12:57:20 +0000 Subject: Hmmm. Tawny port and stilton git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8558 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index e216b3e36a..43d3b1ea2b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1319,6 +1319,11 @@ class session else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '' ) { $ref = substr($ref, strlen($host)); + $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + if ($server_port !== 80 && $server_port !== 443 && stripos($ref , ":$server_port") === 0) + { + $ref = substr($ref, strlen(":$server_port")); + } if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) { return false; -- cgit v1.2.1 From 2c9ab1ac686c11b3bcc3bbad4e4a8c2446ee4bf5 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Sat, 17 May 2008 14:34:32 +0000 Subject: ... git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8559 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 43d3b1ea2b..661d87357f 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1316,14 +1316,14 @@ class session { return false; } - else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '' ) + else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '') { $ref = substr($ref, strlen($host)); - $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); - if ($server_port !== 80 && $server_port !== 443 && stripos($ref , ":$server_port") === 0) - { - $ref = substr($ref, strlen(":$server_port")); - } + $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + if ($server_port !== 80 && $server_port !== 443 && stripos($ref , ":$server_port") === 0) + { + $ref = substr($ref, strlen(":$server_port")); + } if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) { return false; -- cgit v1.2.1 From ae060e8aefb7d0bbb276518cb4a78e1e130d1580 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Sat, 17 May 2008 14:35:23 +0000 Subject: ... git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8560 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 661d87357f..2eafdc7e80 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1320,7 +1320,7 @@ class session { $ref = substr($ref, strlen($host)); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); - if ($server_port !== 80 && $server_port !== 443 && stripos($ref , ":$server_port") === 0) + if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) { $ref = substr($ref, strlen(":$server_port")); } -- cgit v1.2.1 From c41388ce8ab2268cd97c1c7d2d2791faddf23ea3 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 18 May 2008 20:06:15 +0000 Subject: some adjustements (changes to sessions code need to be backwards-compatible) - henry, do not forget to include this into your merge to 3.2.x too. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8565 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 2eafdc7e80..435618f7ff 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -264,16 +264,17 @@ class session $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; - + // referer checks - $check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH; + // The @ before $config['referer_validation'] suppresses notices present while running the updater + $check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH); $referer_valid = true; + // we assume HEAD and TRACE to be foul play and thus only whitelist GET - if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') + if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') { $referer_valid = $this->validate_referer($check_referer_path); } - if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid) { @@ -1119,7 +1120,7 @@ class session trigger_error($message); } - return ($banned) ? true : false; + return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned; } /** @@ -1297,10 +1298,10 @@ class session $this->set_login_key($user_id); } } - - + + /** - * Check if the request originated from the same page. + * Check if the request originated from the same page. * @param bool $check_script_path If true, the path will be checked as well */ function validate_referer($check_script_path = false) -- cgit v1.2.1 From 8039c37b5126742c4170a8b17a645021f940f26a Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Mon, 2 Jun 2008 17:10:21 +0000 Subject: ACP logout git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8580 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 435618f7ff..828739115f 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1332,6 +1332,16 @@ class session } return true; } + + + function unset_admin() + { + global $db; + $sql = 'UPDATE ' . SESSIONS_TABLE . ' + SET session_admin = 0 + WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\''; + $db->sql_query($sql); + } } -- cgit v1.2.1 From 406895a1ad75167829740deac3f08779104838fb Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 9 Jun 2008 17:05:52 +0000 Subject: #27395 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8636 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 828739115f..8a3a16727e 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -161,6 +161,13 @@ class session $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + + // Since HTTP_HOST may carry a port definition, we need to remove it here... + if (strpos($this->host, ':') !== false) + { + $this->host = substr($this->host, 0, strpos($this->host, ':')); + } + $this->page = $this->extract_current_page($phpbb_root_path); // if the forwarded for header shall be checked we have to validate its contents @@ -1311,8 +1318,10 @@ class session { return true; } + $host = htmlspecialchars($this->host); $ref = substr($this->referer, strpos($this->referer, '://') + 3); + if (!(stripos($ref , $host) === 0)) { return false; @@ -1321,15 +1330,18 @@ class session { $ref = substr($ref, strlen($host)); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) { $ref = substr($ref, strlen(":$server_port")); } + if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) { return false; } } + return true; } -- cgit v1.2.1 From 8e494d75991394d10412870d42e1874f8fe8e754 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 21 Jun 2008 14:30:34 +0000 Subject: #s29325 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8661 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8a3a16727e..734fbaa070 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1124,6 +1124,14 @@ class session // To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again $this->session_kill(false); + // A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page + if (defined('IN_CRON')) + { + garbage_collection(); + exit_handler(); + exit; + } + trigger_error($message); } -- cgit v1.2.1 From f8890cbb81bb6c9164e43641044adc3057820ae4 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 23 Jun 2008 14:07:24 +0000 Subject: urlencode image filenames used in img(). This is not needed, but better for XHTML compatibility. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8670 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 734fbaa070..958833ece7 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1603,6 +1603,7 @@ class user extends session $localised_images = true; } + $row['image_filename'] = rawurlencode($row['image_filename']); $this->img_array[$row['image_name']] = $row; } $db->sql_freeresult($result); -- cgit v1.2.1 From 8904d95d59d14d00fd3cfaf93a357ad68d608586 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 28 Jul 2008 13:26:20 +0000 Subject: tiny alterations/bugfixes git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8691 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 958833ece7..b2a9bd2559 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1854,7 +1854,7 @@ class user extends session if ((@include $language_filename) === false) { - trigger_error('Language file ' . basename($language_filename) . ' couldn\'t be opened.', E_USER_ERROR); + trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR); } } else if ($use_db) -- cgit v1.2.1 From eda1d40861fb5a2b74e7e5ade618cc9fa83cafd1 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Mon, 28 Jul 2008 14:24:37 +0000 Subject: Okay. Frozen, we never said anything about it being permafrost. Also, this is not 100% tested, expect troubel with store_db (I'm waiting for the bug reports) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8697 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index b2a9bd2559..30101c7411 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1480,7 +1480,7 @@ class user extends session $style = ($style) ? $style : ((!$config['override_user_style']) ? $this->data['user_style'] : $config['default_style']); } - $sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name + $sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, t.template_inherits_id, t.template_inherit_path, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . " i WHERE s.style_id = $style AND t.template_id = s.template_id -- cgit v1.2.1 From d7fa3f83ceb0f05a6295ea4d21ef9a81bfb378f1 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 23 Aug 2008 17:20:55 +0000 Subject: The same way we allow defining a custom template/style path we now allow this for languages too. This will allow applications to define their own language folder for certain parts for example. Callable by $user->set_custom_lang_path({new_path}) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8782 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 54 +++++++++++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 17 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 30101c7411..93e0211e33 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1382,7 +1382,7 @@ class user extends session var $timezone; var $dst; - var $lang_name; + var $lang_name = false; var $lang_id = false; var $lang_path; var $img_lang; @@ -1392,6 +1392,32 @@ class user extends session var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10); var $keyvalues = array(); + /** + * Constructor to set the lang path + */ + function user() + { + global $phpbb_root_path; + + $this->lang_path = $phpbb_root_path . 'language/'; + } + + /** + * Function to set custom language path (able to use directory outside of phpBB) + * + * @param string $lang_path New language path used. + * @access public + */ + function set_custom_lang_path($lang_path) + { + $this->lang_path = $lang_path; + + if (substr($this->lang_path, -1) != '/') + { + $this->lang_path .= '/'; + } + } + /** * Setup basic user-specific items (style, language, ...) */ @@ -1401,8 +1427,7 @@ class user extends session if ($this->data['user_id'] != ANONYMOUS) { - $this->lang_name = (file_exists($phpbb_root_path . 'language/' . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']); - $this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/'; + $this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']); $this->date_format = $this->data['user_dateformat']; $this->timezone = $this->data['user_timezone'] * 3600; @@ -1411,7 +1436,6 @@ class user extends session else { $this->lang_name = basename($config['default_lang']); - $this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/'; $this->date_format = $config['default_dateformat']; $this->timezone = $config['board_timezone'] * 3600; $this->dst = $config['board_dst'] * 3600; @@ -1431,10 +1455,9 @@ class user extends session $accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2)); $accept_lang = basename($accept_lang); - if (file_exists($phpbb_root_path . 'language/' . $accept_lang . "/common.$phpEx")) + if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx")) { $this->lang_name = $config['default_lang'] = $accept_lang; - $this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/'; break; } else @@ -1443,10 +1466,9 @@ class user extends session $accept_lang = substr($accept_lang, 0, 2); $accept_lang = basename($accept_lang); - if (file_exists($phpbb_root_path . 'language/' . $accept_lang . "/common.$phpEx")) + if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx")) { $this->lang_name = $config['default_lang'] = $accept_lang; - $this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/'; break; } } @@ -1458,9 +1480,9 @@ class user extends session // We include common language file here to not load it every time a custom language file is included $lang = &$this->lang; - if ((@include $this->lang_path . "common.$phpEx") === false) + if ((@include $this->lang_path . $this->lang_name . "/common.$phpEx") === false) { - die('Language file ' . $this->lang_name . "/common.$phpEx" . " couldn't be opened."); + die('Language file ' . $this->lang_path . $this->lang_name . "/common.$phpEx" . " couldn't be opened."); } $this->add_lang($lang_set); @@ -1830,12 +1852,10 @@ class user extends session { global $phpEx; - // Make sure the language path is set (if the user setup did not happen it is not set) - if (!$this->lang_path) + // Make sure the language name is set (if the user setup did not happen it is not set) + if (!$this->lang_name) { - global $phpbb_root_path, $config; - - $this->lang_path = $phpbb_root_path . 'language/' . basename($config['default_lang']) . '/'; + $this->lang_name = basename($config['default_lang']); } // $lang == $this->lang @@ -1845,11 +1865,11 @@ class user extends session { if ($use_help && strpos($lang_file, '/') !== false) { - $language_filename = $this->lang_path . substr($lang_file, 0, stripos($lang_file, '/') + 1) . 'help_' . substr($lang_file, stripos($lang_file, '/') + 1) . '.' . $phpEx; + $language_filename = $this->lang_path . $this->lang_name . '/' . substr($lang_file, 0, stripos($lang_file, '/') + 1) . 'help_' . substr($lang_file, stripos($lang_file, '/') + 1) . '.' . $phpEx; } else { - $language_filename = $this->lang_path . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx; + $language_filename = $this->lang_path . $this->lang_name . '/' . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx; } if ((@include $language_filename) === false) -- cgit v1.2.1 From 44148941cc18e694e8395f87b03b7fc7b4727adb Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 23 Aug 2008 17:39:31 +0000 Subject: a tiny fix to the language code. ;) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8785 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 93e0211e33..f7a734abda 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1855,6 +1855,7 @@ class user extends session // Make sure the language name is set (if the user setup did not happen it is not set) if (!$this->lang_name) { + global $config; $this->lang_name = basename($config['default_lang']); } -- cgit v1.2.1 From 54af1cb64a83b1ed41cac22b248428431ecfe523 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 31 Aug 2008 21:47:26 +0000 Subject: nullar/singular/plural substitution support. At the moment only the added language entry supports this... we may change other language entries later to support this new "approach". Idea from SHS` and Ashe originally. More to come... (yes, 3.0.x branch, no mistake) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8800 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 66 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index f7a734abda..4e96e10ede 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1791,6 +1791,72 @@ class user extends session return; } + /** + * More advanced language substitution + * Function to mimic sprintf() with the possibility of using phpBB's language system to substitute nullar/singular/plural forms. + * Params are the language key and the parameters to be substituted. + * This function/functionality is inspired by SHS` and Ashe. + * + * Example call: $user->lang('NUM_POSTS_IN_QUEUE', 1); + */ + function lang() + { + $args = func_get_args(); + $key = $args[0]; + + // Return if language string does not exist + if (!isset($this->lang[$key]) || (!is_string($this->lang[$key]) && !is_array($this->lang[$key]))) + { + return $key; + } + + // If the language entry is a string, we simply mimic sprintf() behaviour + if (is_string($this->lang[$key])) + { + if (sizeof($args) == 1) + { + return $this->lang[$key]; + } + + // Replace key with language entry and simply pass along... + $args[0] = $this->lang[$key]; + return call_user_func_array('sprintf', $args); + } + + // It is an array... now handle different nullar/singular/plural forms + $key_found = false; + + // We now get the first number passed and will select the key based upon this number + for ($i = 1, $num_args = sizeof($args); $i < $num_args; $i++) + { + if (is_int($args[$i])) + { + $numbers = array_keys($this->lang[$key]); + + foreach ($numbers as $num) + { + if ($num > $args[$i]) + { + break; + } + + $key_found = $num; + } + } + } + + // Ok, let's check if the key was found, else use the last entry (because it is mostly the plural form) + if ($key_found === false) + { + $numbers = array_keys($this->lang[$key]); + $key_found = end($numbers); + } + + // Use the language string we determined and pass it to sprintf() + $args[0] = $this->lang[$key][$key_found]; + return call_user_func_array('sprintf', $args); + } + /** * Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion) * -- cgit v1.2.1 From 439cb0eafb0b8629b164e7a61011c58daa381d3c Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 5 Sep 2008 12:46:58 +0000 Subject: Remove a pointless str_replace() git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8824 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 4e96e10ede..ac6c33658d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -73,7 +73,7 @@ class session continue; } - $use_args[str_replace($find, $replace, $key)] = str_replace($find, $replace, $argument); + $use_args[] = str_replace($find, $replace, $argument); } unset($args); -- cgit v1.2.1 From bca5a953de32e29e7af6966fc928df043cad6bcd Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 15 Sep 2008 18:41:27 +0000 Subject: more in-depth hostname validation. Not used in install files... there the code is fine. There are ways to improve this, either a whitelist or "more guessing" git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8846 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 66 +++++++++++++++++++++++++++++++++++++++------- 1 file changed, 57 insertions(+), 9 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index ac6c33658d..3ce68f36cf 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -136,6 +136,60 @@ class session return $page_array; } + /** + * Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present. + */ + function extract_current_hostname() + { + global $config; + + // Get hostname + $host = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + + // Should be a string and lowered + $host = (string) strtolower($host); + + // If host is equal the cookie domain or the server name (if config is set), then we assume it is valid + if ((isset($config['cookie_domain']) && $host === $config['cookie_domain']) || (isset($config['server_name']) && $host === $config['server_name'])) + { + return $host; + } + + // Is the host actually a IP? If so, we use the IP... (IPv4) + if (long2ip(ip2long($host)) === $host) + { + return $host; + } + + // Now return the hostname (this also removes any port definition). The http:// is prepended to construct a valid URL, hosts never have a scheme assigned + $host = @parse_url('http://' . $host); + $host = (!empty($host['host'])) ? $host['host'] : ''; + + // Remove any portions not removed by parse_url (#) + $host = str_replace('#', '', $host); + + // If, by any means, the host is now empty, we will use a "best approach" way to guess one + if (empty($host)) + { + if (!empty($config['server_name'])) + { + $host = $config['server_name']; + } + else if (!empty($config['cookie_domain'])) + { + $host = (strpos($config['cookie_domain']) === 0) ? substr($config['cookie_domain'], 1) : $config['cookie_domain']; + } + else + { + // Set to OS hostname or localhost + $host = (function_exists('php_uname')) ? php_uname('n') : 'localhost'; + } + } + + // It may be still no valid host, but for sure only a hostname (we may further expand on the cookie domain... if set) + return $host; + } + /** * Start session management * @@ -160,14 +214,8 @@ class session $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; - $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); - - // Since HTTP_HOST may carry a port definition, we need to remove it here... - if (strpos($this->host, ':') !== false) - { - $this->host = substr($this->host, 0, strpos($this->host, ':')); - } + $this->host = $this->extract_current_hostname(); $this->page = $this->extract_current_page($phpbb_root_path); // if the forwarded for header shall be checked we have to validate its contents @@ -1322,7 +1370,7 @@ class session function validate_referer($check_script_path = false) { // no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason) - if (empty($this->referer) || empty($this->host) ) + if (empty($this->referer) || empty($this->host)) { return true; } @@ -1330,7 +1378,7 @@ class session $host = htmlspecialchars($this->host); $ref = substr($this->referer, strpos($this->referer, '://') + 3); - if (!(stripos($ref , $host) === 0)) + if (!(stripos($ref, $host) === 0)) { return false; } -- cgit v1.2.1 From 619be99cf48c0486464589a482d6fec2b40ede83 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 16 Sep 2008 11:41:00 +0000 Subject: add missing dot. :) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8848 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 3ce68f36cf..ab86ad11ce 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -177,7 +177,7 @@ class session } else if (!empty($config['cookie_domain'])) { - $host = (strpos($config['cookie_domain']) === 0) ? substr($config['cookie_domain'], 1) : $config['cookie_domain']; + $host = (strpos($config['cookie_domain'], '.') === 0) ? substr($config['cookie_domain'], 1) : $config['cookie_domain']; } else { @@ -214,8 +214,15 @@ class session $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; +<<<<<<< .mine + $this->host = $this->get_validated_hostname(); +======= +>>>>>>> .r8847 +<<<<<<< .mine +======= $this->host = $this->extract_current_hostname(); +>>>>>>> .r8847 $this->page = $this->extract_current_page($phpbb_root_path); // if the forwarded for header shall be checked we have to validate its contents -- cgit v1.2.1 From da402759abce838f891961a296ab719e5a5516a9 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 16 Sep 2008 12:09:37 +0000 Subject: gah, thanks chris. :) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8850 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 7 ------- 1 file changed, 7 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index ab86ad11ce..780c6b9e14 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -214,15 +214,8 @@ class session $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; -<<<<<<< .mine - $this->host = $this->get_validated_hostname(); -======= ->>>>>>> .r8847 -<<<<<<< .mine -======= $this->host = $this->extract_current_hostname(); ->>>>>>> .r8847 $this->page = $this->extract_current_page($phpbb_root_path); // if the forwarded for header shall be checked we have to validate its contents -- cgit v1.2.1 From cac0a2255a25eac04cd6586536bdffcc49b05088 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 16 Sep 2008 15:06:19 +0000 Subject: make topic icon image width/height available to viewforum and search templates (Bug #15934) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8857 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 780c6b9e14..a88408f02e 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2097,6 +2097,7 @@ class user extends session /** * Specify/Get image + * $suffix is no longer used - we know it. ;) It is there for backward compatibility. */ function img($img, $alt = '', $width = false, $suffix = '', $type = 'full_tag') { -- cgit v1.2.1 From b0c88525682f22624239792dfeb9f5d37f61d001 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 26 Oct 2008 10:52:43 +0000 Subject: dsbl.org is no longer actively maintained. Sorry language pack authors. ;) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9037 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 1 - 1 file changed, 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index a88408f02e..2e697f6359 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1204,7 +1204,6 @@ class session } $dnsbl_check = array( - 'list.dsbl.org' => 'http://dsbl.org/listing?', 'sbl-xbl.spamhaus.org' => 'http://www.spamhaus.org/query/bl?ip=', ); -- cgit v1.2.1 From a752a424de3d250c2bc79f7b680c936fc9ea987f Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 30 Nov 2008 14:36:59 +0000 Subject: =?UTF-8?q?[Change]=20Performance=20increase=20for=20format=5Fdate?= =?UTF-8?q?()=20(Bug=20#37575=20-=20Patch=20by=20BartVB)=20[Change]=20Chan?= =?UTF-8?q?ged=20prosilver=20date=20separator=20from=20'on'=20to=20'=C2=BB?= =?UTF-8?q?'=20[Feature]=20Added=20'AGO'=20setting=20to=20relative=20date?= =?UTF-8?q?=20strings.=20For=20example:=20posted=2014=20minutes=20ago.=20(?= =?UTF-8?q?Patch=20by=20BartVB)=20[Fix]=20Extend=20vertical=20line=20for?= =?UTF-8?q?=20last=20post=20column=20if=20no=20posts=20in=20forum=20(Bug?= =?UTF-8?q?=20#37125)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9136 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 103 +++++++++++++++++++++++++++++++-------------- 1 file changed, 71 insertions(+), 32 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 2e697f6359..c1741de0fd 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1851,22 +1851,36 @@ class user extends session $args = func_get_args(); $key = $args[0]; + if (is_array($key)) + { + $lang = &$this->lang[array_shift($key)]; + + foreach ($key as $_key) + { + $lang = &$lang[$_key]; + } + } + else + { + $lang = &$this->lang[$key]; + } + // Return if language string does not exist - if (!isset($this->lang[$key]) || (!is_string($this->lang[$key]) && !is_array($this->lang[$key]))) + if (!isset($lang) || (!is_string($lang) && !is_array($lang))) { return $key; } // If the language entry is a string, we simply mimic sprintf() behaviour - if (is_string($this->lang[$key])) + if (is_string($lang)) { if (sizeof($args) == 1) { - return $this->lang[$key]; + return $lang; } // Replace key with language entry and simply pass along... - $args[0] = $this->lang[$key]; + $args[0] = $lang; return call_user_func_array('sprintf', $args); } @@ -1878,7 +1892,7 @@ class user extends session { if (is_int($args[$i])) { - $numbers = array_keys($this->lang[$key]); + $numbers = array_keys($lang); foreach ($numbers as $num) { @@ -1895,12 +1909,12 @@ class user extends session // Ok, let's check if the key was found, else use the last entry (because it is mostly the plural form) if ($key_found === false) { - $numbers = array_keys($this->lang[$key]); + $numbers = array_keys($lang); $key_found = end($numbers); } // Use the language string we determined and pass it to sprintf() - $args[0] = $this->lang[$key][$key_found]; + $args[0] = $lang[$key_found]; return call_user_func_array('sprintf', $args); } @@ -2001,50 +2015,75 @@ class user extends session /** * Format user date + * + * @param int $gmepoch unix timestamp + * @param string $format date format in date() notation. | used to indicate relative dates, for example |d m Y|, h:i is translated to Today, h:i. + * @param bool $forcedate force non-relative date format. + * + * @return mixed translated date */ function format_date($gmepoch, $format = false, $forcedate = false) { static $midnight; + static $date_cache; - $lang_dates = $this->lang['datetime']; $format = (!$format) ? $this->date_format : $format; + $delta = time() - $gmepoch; - // Short representation of month in format - if ((strpos($format, '\M') === false && strpos($format, 'M') !== false) || (strpos($format, '\r') === false && strpos($format, 'r') !== false)) + if (!isset($date_cache[$format])) { - $lang_dates['May'] = $lang_dates['May_short']; - } - - unset($lang_dates['May_short']); + // Is the user requesting a friendly date format (i.e. 'Today 12:42')? + $date_cache[$format] = array( + 'is_short' => strpos($format, '|'), + 'zone_offset' => $this->timezone + $this->dst, + 'format_short' => substr($format, 0, strpos($format, '|')) . '||' . substr(strrchr($format, '|'), 1), + 'format_long' => str_replace('|', '', $format), + 'lang' => $this->lang['datetime'], + ); - if (!$midnight) - { - list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $this->timezone + $this->dst)); - $midnight = gmmktime(0, 0, 0, $m, $d, $y) - $this->timezone - $this->dst; + // Short representation of month in format? Some languages use different terms for the long and short format of May + if ((strpos($format, '\M') === false && strpos($format, 'M') !== false) || (strpos($format, '\r') === false && strpos($format, 'r') !== false)) + { + $date_cache[$format]['lang']['May'] = $this->lang['datetime']['May_short']; + } } - if (strpos($format, '|') === false || ($gmepoch < $midnight - 86400 && !$forcedate) || ($gmepoch > $midnight + 172800 && !$forcedate)) + // Show date < 1 hour ago as 'xx min ago' + if ($delta <= 3600 && $delta && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) { - return strtr(@gmdate(str_replace('|', '', $format), $gmepoch + $this->timezone + $this->dst), $lang_dates); + return $this->lang(array('datetime', 'AGO'), (int) floor($delta / 60)); } - if ($gmepoch > $midnight + 86400 && !$forcedate) - { - $format = substr($format, 0, strpos($format, '|')) . '||' . substr(strrchr($format, '|'), 1); - return str_replace('||', $this->lang['datetime']['TOMORROW'], strtr(@gmdate($format, $gmepoch + $this->timezone + $this->dst), $lang_dates)); - } - else if ($gmepoch > $midnight && !$forcedate) + if (!$midnight) { - $format = substr($format, 0, strpos($format, '|')) . '||' . substr(strrchr($format, '|'), 1); - return str_replace('||', $this->lang['datetime']['TODAY'], strtr(@gmdate($format, $gmepoch + $this->timezone + $this->dst), $lang_dates)); + list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $date_cache[$format]['zone_offset'])); + $midnight = gmmktime(0, 0, 0, $m, $d, $y) - $date_cache[$format]['zone_offset']; } - else if ($gmepoch > $midnight - 86400 && !$forcedate) + + if ($date_cache[$format]['is_short'] !== false && !$forcedate) { - $format = substr($format, 0, strpos($format, '|')) . '||' . substr(strrchr($format, '|'), 1); - return str_replace('||', $this->lang['datetime']['YESTERDAY'], strtr(@gmdate($format, $gmepoch + $this->timezone + $this->dst), $lang_dates)); + $day = false; + + if ($gmepoch > $midnight + 86400) + { + $day = 'TOMORROW'; + } + else if ($gmepoch > $midnight) + { + $day = 'TODAY'; + } + else if ($gmepoch > $midnight - 86400) + { + $day = 'YESTERDAY'; + } + + if ($day !== false) + { + return str_replace('||', $this->lang['datetime'][$day], strtr(@gmdate($date_cache[$format]['format_short'], $gmepoch + $date_cache[$format]['zone_offset']), $date_cache[$format]['lang'])); + } } - return strtr(@gmdate(str_replace('|', '', $format), $gmepoch + $this->timezone + $this->dst), $lang_dates); + return strtr(@gmdate($date_cache[$format]['format_long'], $gmepoch + $date_cache[$format]['zone_offset']), $date_cache[$format]['lang']); } /** -- cgit v1.2.1 From 23d9700f0737fdd547bda3e7d910300be4127120 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Thu, 4 Dec 2008 12:56:12 +0000 Subject: Give a small tolerence to timestamps in the future when displaying times as 'minutes ago' git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9170 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index c1741de0fd..c7d287181b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2028,7 +2028,8 @@ class user extends session static $date_cache; $format = (!$format) ? $this->date_format : $format; - $delta = time() - $gmepoch; + $now = time(); + $delta = $now - $gmepoch; if (!isset($date_cache[$format])) { @@ -2048,10 +2049,11 @@ class user extends session } } - // Show date < 1 hour ago as 'xx min ago' - if ($delta <= 3600 && $delta && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) + // Show date <= 1 hour ago as 'xx min ago' + // A small tolerence is given for times in the future and times in the future but in the same minute are displayed as '< than a minute ago' + if ($delta <= 3600 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) { - return $this->lang(array('datetime', 'AGO'), (int) floor($delta / 60)); + return $this->lang(array('datetime', 'AGO'), max(0, (int) floor($delta / 60))); } if (!$midnight) -- cgit v1.2.1 From f0092cd1f2ae97a655434cae6b8c69b202314720 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Fri, 23 Jan 2009 12:11:45 +0000 Subject: Correctly display future dates (Bug #38755) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9298 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index c7d287181b..f1285c0203 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2050,7 +2050,7 @@ class user extends session } // Show date <= 1 hour ago as 'xx min ago' - // A small tolerence is given for times in the future and times in the future but in the same minute are displayed as '< than a minute ago' + // A small tolerence is given for times in the future but in the same minute are displayed as '< than a minute ago' if ($delta <= 3600 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) { return $this->lang(array('datetime', 'AGO'), max(0, (int) floor($delta / 60))); @@ -2062,7 +2062,7 @@ class user extends session $midnight = gmmktime(0, 0, 0, $m, $d, $y) - $date_cache[$format]['zone_offset']; } - if ($date_cache[$format]['is_short'] !== false && !$forcedate) + if ($date_cache[$format]['is_short'] !== false && !$forcedate && !($gmepoch < $midnight - 86400 || $gmepoch > $midnight + 172800)) { $day = false; -- cgit v1.2.1 From 0fc07b96cef4c9c5ba2d6fe0299333201d5cfba8 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Fri, 23 Jan 2009 12:22:51 +0000 Subject: let us change the time zone and dst setting correctly (related to Bug #38775) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9301 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index f1285c0203..5c9bcc4f88 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2036,7 +2036,6 @@ class user extends session // Is the user requesting a friendly date format (i.e. 'Today 12:42')? $date_cache[$format] = array( 'is_short' => strpos($format, '|'), - 'zone_offset' => $this->timezone + $this->dst, 'format_short' => substr($format, 0, strpos($format, '|')) . '||' . substr(strrchr($format, '|'), 1), 'format_long' => str_replace('|', '', $format), 'lang' => $this->lang['datetime'], @@ -2049,6 +2048,9 @@ class user extends session } } + // Zone offset + $zone_offset = $this->timezone + $this->dst; + // Show date <= 1 hour ago as 'xx min ago' // A small tolerence is given for times in the future but in the same minute are displayed as '< than a minute ago' if ($delta <= 3600 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) @@ -2058,8 +2060,8 @@ class user extends session if (!$midnight) { - list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $date_cache[$format]['zone_offset'])); - $midnight = gmmktime(0, 0, 0, $m, $d, $y) - $date_cache[$format]['zone_offset']; + list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $zone_offset)); + $midnight = gmmktime(0, 0, 0, $m, $d, $y) - $zone_offset; } if ($date_cache[$format]['is_short'] !== false && !$forcedate && !($gmepoch < $midnight - 86400 || $gmepoch > $midnight + 172800)) @@ -2081,11 +2083,11 @@ class user extends session if ($day !== false) { - return str_replace('||', $this->lang['datetime'][$day], strtr(@gmdate($date_cache[$format]['format_short'], $gmepoch + $date_cache[$format]['zone_offset']), $date_cache[$format]['lang'])); + return str_replace('||', $this->lang['datetime'][$day], strtr(@gmdate($date_cache[$format]['format_short'], $gmepoch + $zone_offset), $date_cache[$format]['lang'])); } } - return strtr(@gmdate($date_cache[$format]['format_long'], $gmepoch + $date_cache[$format]['zone_offset']), $date_cache[$format]['lang']); + return strtr(@gmdate($date_cache[$format]['format_long'], $gmepoch + $zone_offset), $date_cache[$format]['lang']); } /** -- cgit v1.2.1 From 43540f441d6ec6624812c2d2397552ae084b8001 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Wed, 11 Mar 2009 17:47:31 +0000 Subject: for using the same cached file we need to have exact queries. :P git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9366 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 5c9bcc4f88..6112decf09 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1657,7 +1657,8 @@ class user extends session $this->img_lang = (file_exists($phpbb_root_path . 'styles/' . $this->theme['imageset_path'] . '/imageset/' . $this->lang_name)) ? $this->lang_name : $config['default_lang']; - $sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width + // Same query in style.php + $sql = 'SELECT * FROM ' . STYLES_IMAGESET_DATA_TABLE . ' WHERE imageset_id = ' . $this->theme['imageset_id'] . " AND image_filename <> '' -- cgit v1.2.1 From 3c5b06f8aa65161334ecc00e3e7ec2f9b6e4565d Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 16 Mar 2009 16:34:16 +0000 Subject: Fix wrong bot ip check if bot ip was wrongly entered by admin. (Bug #42485) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9374 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 6112decf09..a349eb7e14 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -480,6 +480,13 @@ class session foreach (explode(',', $row['bot_ip']) as $bot_ip) { + $bot_ip = trim($bot_ip); + + if (!$bot_ip) + { + continue; + } + if (strpos($this->ip, $bot_ip) === 0) { $bot = (int) $row['user_id']; -- cgit v1.2.1 From 8dfc457858943734f33fd2fb51b492c07b41a4fd Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 17 Mar 2009 12:02:48 +0000 Subject: Do not suppress PHP notices/errors in language packs if DEBUG_EXTRA mode enabled. (Bug #41485) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9383 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index a349eb7e14..49f97f6050 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1534,7 +1534,10 @@ class user extends session // We include common language file here to not load it every time a custom language file is included $lang = &$this->lang; - if ((@include $this->lang_path . $this->lang_name . "/common.$phpEx") === false) + // Do not suppress error if in DEBUG_EXTRA mode + $include_result = (defined('DEBUG_EXTRA')) ? (include $this->lang_path . $this->lang_name . "/common.$phpEx") : (@include $this->lang_path . $this->lang_name . "/common.$phpEx"); + + if ($include_result === false) { die('Language file ' . $this->lang_path . $this->lang_name . "/common.$phpEx" . " couldn't be opened."); } @@ -2008,7 +2011,10 @@ class user extends session $language_filename = $this->lang_path . $this->lang_name . '/' . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx; } - if ((@include $language_filename) === false) + // Do not suppress error if in DEBUG_EXTRA mode + $include_result = (defined('DEBUG_EXTRA')) ? (include $language_filename) : (@include $language_filename); + + if ($include_result === false) { trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR); } -- cgit v1.2.1 From a80f7a5ea10b039ec1549d391ecd8431240c640e Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 17 Mar 2009 15:23:57 +0000 Subject: Use FQDN for SMTP EHLO/HELO command. (Bug #41025) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9387 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 49f97f6050..b01d0b2281 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -182,7 +182,7 @@ class session else { // Set to OS hostname or localhost - $host = (function_exists('php_uname')) ? php_uname('n') : 'localhost'; + $host = (function_exists('php_uname')) ? gethostbyaddr(gethostbyname(php_uname('n'))) : 'localhost'; } } -- cgit v1.2.1 From e6ed42ed4dde41812b88b47c6e5bb5c41402f14c Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 28 Mar 2009 18:34:09 +0000 Subject: - Add indicator to be used in code if session was created (user visits the site for the first time) - Correctly count topic views for guests visiting the website the first time by entering the topic directly (Bug #43445) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9411 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index b01d0b2281..9cf19e4302 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -726,6 +726,15 @@ class session // Commented out because it will not allow forums to update correctly // $db->sql_return_on_error(false); + // Something quite important: session_page always holds the *last* page visited, except for the *first* visit. + // We are not able to simply have an empty session_page btw, therefore we need to tell phpBB how to detect this special case. + // If the session id is empty, we have a completely new one and will set an "identifier" here. This identifier is able to be checked later. + if (empty($this->data['session_id'])) + { + // This is a temporary variable, only set for the very first visit + $this->data['session_created'] = true; + } + $this->session_id = $this->data['session_id'] = md5(unique_id()); $sql_ary['session_id'] = (string) $this->session_id; -- cgit v1.2.1 From 77e21fc054abb722522e4694813149770980249a Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Fri, 17 Apr 2009 15:58:31 +0000 Subject: encode imageset path in user->img (may not fix any other issues regarding style names with spaces) - #28885 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9465 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 9cf19e4302..6980277041 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2180,7 +2180,7 @@ class user extends session return $img_data; } - $img_data['src'] = $phpbb_root_path . 'styles/' . $this->theme['imageset_path'] . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename']; + $img_data['src'] = $phpbb_root_path . 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename']; $img_data['width'] = $this->img_array[$img]['image_width']; $img_data['height'] = $this->img_array[$img]['image_height']; } -- cgit v1.2.1 From d3f6ce4b4ba04c6041ab20e6860a9082bce50252 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Wed, 22 Apr 2009 12:54:33 +0000 Subject: #41575 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9477 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 47 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 6980277041..2de20bc364 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -396,6 +396,11 @@ class session WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; $db->sql_query($sql); } + + if ($this->data['user_id'] != ANONYMOUS && $config['new_member_limit'] && $this->data['user_new'] && $config['new_member_limit'] <= $this->data['user_posts']) + { + $this->leave_newly_registered(); + } } $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; @@ -1392,8 +1397,8 @@ class session $host = htmlspecialchars($this->host); $ref = substr($this->referer, strpos($this->referer, '://') + 3); - - if (!(stripos($ref, $host) === 0)) + + if (!(stripos($ref, $host) === 0) && (!$config['force_server'] || !(stripos($ref, $config['server_name']) === 0))) { return false; } @@ -2253,6 +2258,44 @@ class user extends session return $var; } } + + /** + * Funtion to make the user leave the NEWLY_REGISTERED system group. + * @access public + */ + function leave_newly_registered() + { + global $db; + + $sql = 'SELECT group_id + FROM ' . GROUPS_TABLE . " + WHERE group_name = 'NEWLY_REGISTERED' + AND group_type = " . GROUP_SPECIAL; + $result = $db->sql_query_limit($sql, 1, 0, 7200); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + $group_id = (int) $row['group_id']; + $sql = 'DELETE FROM ' . USER_GROUP_TABLE . " + WHERE group_id = $group_id + AND user_id = {$this->data['user_id']}"; + $db->sql_query($sql); + + // Clear permissions cache of relevant users + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_permissions = '', + user_new = 0, + WHERE user_perm_from = 0 + AND user_id = {$this->data['user_id']}"; + $db->sql_query($sql); + $this->data['user_permissions'] = ''; + + if ($this->data['group_id'] == $group_id) + { + // BLAST! Somebody made the group default + + } + } + } ?> \ No newline at end of file -- cgit v1.2.1 From cc71622def918bce2f3e0dab20f7d9e9b0df5c73 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Wed, 22 Apr 2009 13:09:41 +0000 Subject: rollback git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9479 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 47 ++-------------------------------------------- 1 file changed, 2 insertions(+), 45 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 2de20bc364..6980277041 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -396,11 +396,6 @@ class session WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; $db->sql_query($sql); } - - if ($this->data['user_id'] != ANONYMOUS && $config['new_member_limit'] && $this->data['user_new'] && $config['new_member_limit'] <= $this->data['user_posts']) - { - $this->leave_newly_registered(); - } } $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; @@ -1397,8 +1392,8 @@ class session $host = htmlspecialchars($this->host); $ref = substr($this->referer, strpos($this->referer, '://') + 3); - - if (!(stripos($ref, $host) === 0) && (!$config['force_server'] || !(stripos($ref, $config['server_name']) === 0))) + + if (!(stripos($ref, $host) === 0)) { return false; } @@ -2258,44 +2253,6 @@ class user extends session return $var; } } - - /** - * Funtion to make the user leave the NEWLY_REGISTERED system group. - * @access public - */ - function leave_newly_registered() - { - global $db; - - $sql = 'SELECT group_id - FROM ' . GROUPS_TABLE . " - WHERE group_name = 'NEWLY_REGISTERED' - AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query_limit($sql, 1, 0, 7200); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - $group_id = (int) $row['group_id']; - $sql = 'DELETE FROM ' . USER_GROUP_TABLE . " - WHERE group_id = $group_id - AND user_id = {$this->data['user_id']}"; - $db->sql_query($sql); - - // Clear permissions cache of relevant users - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_permissions = '', - user_new = 0, - WHERE user_perm_from = 0 - AND user_id = {$this->data['user_id']}"; - $db->sql_query($sql); - $this->data['user_permissions'] = ''; - - if ($this->data['group_id'] == $group_id) - { - // BLAST! Somebody made the group default - - } - } - } ?> \ No newline at end of file -- cgit v1.2.1 From 696aff3169f105d6c5adf2583d27cd58f955e993 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Wed, 22 Apr 2009 13:11:13 +0000 Subject: #41575 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9480 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 6980277041..84e74a67fb 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1393,7 +1393,7 @@ class session $host = htmlspecialchars($this->host); $ref = substr($this->referer, strpos($this->referer, '://') + 3); - if (!(stripos($ref, $host) === 0)) + if (!(stripos($ref, $host) === 0) && (!$config['force_server'] || !(stripos($ref, $config['server_name']) === 0))) { return false; } -- cgit v1.2.1 From 6816cf292feb5b2b922efeba697b7b3f46dd25e2 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 25 Apr 2009 08:52:11 +0000 Subject: do not use spamhaus XBL list - it has too much false positives due to the dynamic IPs git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9484 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 84e74a67fb..9fbe8fc85b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1220,7 +1220,7 @@ class session } $dnsbl_check = array( - 'sbl-xbl.spamhaus.org' => 'http://www.spamhaus.org/query/bl?ip=', + 'sbl.spamhaus.org' => 'http://www.spamhaus.org/query/bl?ip=', ); if ($mode == 'register') -- cgit v1.2.1 From 7c418dee552c9d6e59a209e807a61aa26723fea9 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 28 Apr 2009 08:34:30 +0000 Subject: #44485 - we only send a 503 header if it is a search engine. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9490 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 9fbe8fc85b..043a637584 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1793,7 +1793,10 @@ class user extends session // Is board disabled and user not an admin or moderator? if ($config['board_disable'] && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { - header('HTTP/1.1 503 Service Unavailable'); + if ($this->data['is_bot']) + { + header('HTTP/1.1 503 Service Unavailable'); + } $message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE'; trigger_error($message); @@ -1809,7 +1812,10 @@ class user extends session if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { - header('HTTP/1.1 503 Service Unavailable'); + if ($this->data['is_bot']) + { + header('HTTP/1.1 503 Service Unavailable'); + } trigger_error('BOARD_UNAVAILABLE'); } } -- cgit v1.2.1 From b776d02682492077a4fafd8835d7c4a17e50762d Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Tue, 2 Jun 2009 14:12:23 +0000 Subject: Okay, a first ci of the new captcha plugins. We'll add dynamic template includes later, as well as documentation on how to use this. I'm prepared to get yelled at for bugs (oh, I know that there are plenty); but please blame spammers for broken styles and MODs. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9524 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 40 ++++++++-------------------------------- 1 file changed, 8 insertions(+), 32 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 043a637584..e039fce6e1 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -891,7 +891,7 @@ class session */ function session_gc() { - global $db, $config; + global $db, $config, $phpbb_root_path, $phpEx; $batch_size = 10; @@ -949,40 +949,16 @@ class session WHERE last_login < ' . (time() - (86400 * (int) $config['max_autologin_time'])); $db->sql_query($sql); } - $this->confirm_gc(); - } - - return; - } - - function confirm_gc($type = 0) - { - global $db, $config; - - $sql = 'SELECT DISTINCT c.session_id - FROM ' . CONFIRM_TABLE . ' c - LEFT JOIN ' . SESSIONS_TABLE . ' s ON (c.session_id = s.session_id) - WHERE s.session_id IS NULL' . - ((empty($type)) ? '' : ' AND c.confirm_type = ' . (int) $type); - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - $sql_in = array(); - do - { - $sql_in[] = (string) $row['session_id']; - } - while ($row = $db->sql_fetchrow($result)); - - if (sizeof($sql_in)) + + // only called from CRON; should be a safe workaround until the infrastructure gets going + if (!class_exists('captcha_factory')) { - $sql = 'DELETE FROM ' . CONFIRM_TABLE . ' - WHERE ' . $db->sql_in_set('session_id', $sql_in); - $db->sql_query($sql); + include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx); } + captcha_factory::garbage_collect($config['captcha_plugin']); } - $db->sql_freeresult($result); + + return; } -- cgit v1.2.1 From a539fca62b10f53a5f5dadf07f9ab07340fdabf9 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 7 Jun 2009 11:34:01 +0000 Subject: some corrections, only very minor things. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9554 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index e039fce6e1..8c6606d680 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -949,7 +949,7 @@ class session WHERE last_login < ' . (time() - (86400 * (int) $config['max_autologin_time'])); $db->sql_query($sql); } - + // only called from CRON; should be a safe workaround until the infrastructure gets going if (!class_exists('captcha_factory')) { @@ -961,7 +961,6 @@ class session return; } - /** * Sets a cookie * -- cgit v1.2.1 From be81ae9e46a5f79742b8f1bbf04ee86927eeff77 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Fri, 19 Jun 2009 12:38:08 +0000 Subject: should fix garbage collection git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9627 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8c6606d680..b04a73be41 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -955,7 +955,7 @@ class session { include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx); } - captcha_factory::garbage_collect($config['captcha_plugin']); + phpbb_captcha_factory::garbage_collect($config['captcha_plugin']); } return; -- cgit v1.2.1 From 433de350c0fa2e1e09c23e6f5f29f118222d2df8 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 20 Jun 2009 18:45:16 +0000 Subject: - [Feature] New "Newly Registered Users" group for assigning permissions to newly registered users. They will be removed from this group once they reach a defineable amount of posts. - [Feature] Ability to define if the "Newly Registered Users" group will be assigned as the default group to newly registered users. As a coincidence also Bug #46535 got fixed. Additionally the error message displayed with trigger_error() if accessing the private message tab in the ucp is now displayed inline in addition to a slightly different message for newly registered users to let them know that access permissions may be lifted over time. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9636 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 61 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index b04a73be41..6b87bcc866 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -396,6 +396,11 @@ class session WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; $db->sql_query($sql); } + + if ($this->data['user_id'] != ANONYMOUS && !empty($config['new_member_post_limit']) && $this->data['user_new'] && $config['new_member_post_limit'] <= $this->data['user_posts']) + { + $this->leave_newly_registered(); + } } $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; @@ -2234,6 +2239,62 @@ class user extends session return $var; } } + + /** + * Funtion to make the user leave the NEWLY_REGISTERED system group. + * @access public + */ + function leave_newly_registered() + { + global $db; + + if (!function_exists('group_user_del')) + { + global $phpbb_root_path, $phpEx; + + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } + + $sql = 'SELECT group_id + FROM ' . GROUPS_TABLE . " + WHERE group_name = 'NEWLY_REGISTERED' + AND group_type = " . GROUP_SPECIAL; + $result = $db->sql_query($sql); + $group_id = (int) $db->sql_fetchfield('group_id'); + $db->sql_freeresult($result); + + if (!$group_id) + { + return false; + } + + // We need to call group_user_del here, because this function makes sure everything is correctly changed. + // A downside for a call within the session handler is that the language is not set up yet - so no log entry + group_user_del($group_id, $this->data['user_id']); + + // Set user_new to 0 to let this not be triggered again + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_new = 0 + WHERE user_id = ' . $this->data['user_id']; + $db->sql_query($sql); + + $this->data['user_permissions'] = ''; + $this->data['user_new'] = 0; + + // The new users group was the users default group? + if ($this->data['group_id'] == $group_id) + { + // Which group is now the users default one? + $sql = 'SELECT group_id + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . $this->data['user_id']; + $result = $db->sql_query($sql); + $this->data['group_id'] = $db->sql_fetchfield('group_id'); + $db->sql_freeresult($result); + } + + return true; + } } ?> \ No newline at end of file -- cgit v1.2.1 From afc0ef93c51f659247f4942a3691405d95947383 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 21 Jun 2009 11:13:20 +0000 Subject: add check to newly registered function to not execute this more than once git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9644 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 6b87bcc866..4dc6933236 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2248,6 +2248,11 @@ class user extends session { global $db; + if (empty($this->data['user_new'])) + { + return false; + } + if (!function_exists('group_user_del')) { global $phpbb_root_path, $phpEx; -- cgit v1.2.1 From 794e122cfa01539e912786455da59e25d459a56f Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Sun, 21 Jun 2009 14:31:00 +0000 Subject: add quicktool to remove users from the newly registered special group. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9646 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 41 +++++------------------------------------ 1 file changed, 5 insertions(+), 36 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 4dc6933236..f74a7c5acc 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2253,51 +2253,20 @@ class user extends session return false; } - if (!function_exists('group_user_del')) + if (!function_exists('remove_newly_registered')) { global $phpbb_root_path, $phpEx; include($phpbb_root_path . 'includes/functions_user.' . $phpEx); } - - $sql = 'SELECT group_id - FROM ' . GROUPS_TABLE . " - WHERE group_name = 'NEWLY_REGISTERED' - AND group_type = " . GROUP_SPECIAL; - $result = $db->sql_query($sql); - $group_id = (int) $db->sql_fetchfield('group_id'); - $db->sql_freeresult($result); - - if (!$group_id) + if ($group = remove_newly_registered($this->data['user_id'], $this->data)) { - return false; + $this->data['group_id'] = $group; + } - - // We need to call group_user_del here, because this function makes sure everything is correctly changed. - // A downside for a call within the session handler is that the language is not set up yet - so no log entry - group_user_del($group_id, $this->data['user_id']); - - // Set user_new to 0 to let this not be triggered again - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_new = 0 - WHERE user_id = ' . $this->data['user_id']; - $db->sql_query($sql); - $this->data['user_permissions'] = ''; $this->data['user_new'] = 0; - - // The new users group was the users default group? - if ($this->data['group_id'] == $group_id) - { - // Which group is now the users default one? - $sql = 'SELECT group_id - FROM ' . USERS_TABLE . ' - WHERE user_id = ' . $this->data['user_id']; - $result = $db->sql_query($sql); - $this->data['group_id'] = $db->sql_fetchfield('group_id'); - $db->sql_freeresult($result); - } - + return true; } } -- cgit v1.2.1 From b1584a8d5c709c4c909826e23286ca6aa438cf41 Mon Sep 17 00:00:00 2001 From: Ruslan Uzdenov Date: Mon, 22 Jun 2009 16:16:04 +0000 Subject: Fix bug #46965 - File named install in php directory Authorised by: acydburn git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9654 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index f74a7c5acc..509e11e524 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1756,7 +1756,7 @@ class user extends session // Disable board if the install/ directory is still present // For the brave development army we do not care about this, else we need to comment out this everytime we develop locally - if (!defined('DEBUG_EXTRA') && !defined('ADMIN_START') && !defined('IN_INSTALL') && !defined('IN_LOGIN') && file_exists($phpbb_root_path . 'install')) + if (!defined('DEBUG_EXTRA') && !defined('ADMIN_START') && !defined('IN_INSTALL') && !defined('IN_LOGIN') && file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install')) { // Adjust the message slightly according to the permissions if ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) -- cgit v1.2.1 From 19e2dcd5db7f2a910409b82ce315265608ae8266 Mon Sep 17 00:00:00 2001 From: Gabriel Vazquez Date: Wed, 24 Jun 2009 02:56:05 +0000 Subject: Fixed Bug #47145 - [Fix] Correctly check banned users when force password change Authorised by: AcydBurn git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9665 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 509e11e524..c1bc4b3f31 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1833,7 +1833,7 @@ class user extends session // Does the user need to change their password? If so, redirect to the // ucp profile reg_details page ... of course do not redirect if we're already in the ucp - if (!defined('IN_ADMIN') && !defined('ADMIN_START') && $config['chg_passforce'] && $this->data['is_registered'] && $auth->acl_get('u_chgpasswd') && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) + if (!defined('IN_ADMIN') && !defined('ADMIN_START') && $config['chg_passforce'] && !empty($this->data['is_registered']) && $auth->acl_get('u_chgpasswd') && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) { if (strpos($this->page['query_string'], 'mode=reg_details') === false && $this->page['page_name'] != "ucp.$phpEx") { -- cgit v1.2.1 From adaeec1ec9f7cd55522a5c4d0bf0538dbc0c6f99 Mon Sep 17 00:00:00 2001 From: Ruslan Uzdenov Date: Sat, 27 Jun 2009 08:36:40 +0000 Subject: Fixed Bug #45115 - Signature parsing flags are not stored in DB Authorised by: AcydBurn git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9696 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index c1bc4b3f31..9ae5a7c793 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1431,8 +1431,8 @@ class user extends session var $img_lang; var $img_array = array(); - // Able to add new option (id 7) - var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10); + // Able to add new options (up to id 31) + var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10, 'sig_bbcode' => 15, 'sig_smilies' => 16, 'sig_links' => 17); var $keyvalues = array(); /** -- cgit v1.2.1 From f84cbee47c06dd9df3b2cf7085a3b37ab9095d09 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 24 Jul 2009 08:52:56 +0000 Subject: Fix bug #18005 - Do not add style-parameter to URL again, after admin re-authentification - Patch by leviatan21 Authorised by: AcydBurn git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9841 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 9ae5a7c793..c8617057c4 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1534,7 +1534,7 @@ class user extends session $this->add_lang($lang_set); unset($lang_set); - if (!empty($_GET['style']) && $auth->acl_get('a_styles')) + if (!empty($_GET['style']) && $auth->acl_get('a_styles') && !defined('ADMIN_START')) { global $SID, $_EXTRA_URL; -- cgit v1.2.1 From 3461eaf828848bd27d4777cfd796319dd55c53ce Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 1 Aug 2009 11:01:18 +0000 Subject: Fallback options for missing language files. (Bug #38575 - Patch by EXreaction) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9901 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index c8617057c4..a49716a8db 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2006,6 +2006,34 @@ class user extends session $language_filename = $this->lang_path . $this->lang_name . '/' . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx; } + if (!file_exists($language_filename)) + { + global $config; + + if ($this->lang_name == 'en') + { + // The user's selected language is missing the file, the board default's language is missing the file, and the file doesn't exist in /en. + $language_filename = str_replace($this->lang_path . 'en', $this->lang_path . $this->data['user_lang'], $language_filename); + trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR); + } + else if ($this->lang_name == basename($config['default_lang'])) + { + // Fall back to the English Language + $this->lang_name = 'en'; + $this->set_lang($lang, $help, $lang_file, $use_db, $use_help); + } + else if ($this->lang_name == $this->data['user_lang']) + { + // Fall back to the board default language + $this->lang_name = basename($config['default_lang']); + $this->set_lang($lang, $help, $lang_file, $use_db, $use_help); + } + + // Reset the lang name + $this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']); + return; + } + // Do not suppress error if in DEBUG_EXTRA mode $include_result = (defined('DEBUG_EXTRA')) ? (include $language_filename) : (@include $language_filename); @@ -2262,11 +2290,11 @@ class user extends session if ($group = remove_newly_registered($this->data['user_id'], $this->data)) { $this->data['group_id'] = $group; - + } $this->data['user_permissions'] = ''; $this->data['user_new'] = 0; - + return true; } } -- cgit v1.2.1 From c8daec7c8239fab1cc45eb94829a1a99fd646d46 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 4 Aug 2009 10:04:54 +0000 Subject: Fix Bug #49035 - Fix general error while registration, through undefined variable $config in validate_referer (Patch by wjvriend) Authorised by: bantu git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9917 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index a49716a8db..b4d817daf9 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1364,6 +1364,8 @@ class session */ function validate_referer($check_script_path = false) { + global $config; + // no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason) if (empty($this->referer) || empty($this->host)) { @@ -1373,7 +1375,7 @@ class session $host = htmlspecialchars($this->host); $ref = substr($this->referer, strpos($this->referer, '://') + 3); - if (!(stripos($ref, $host) === 0) && (!$config['force_server'] || !(stripos($ref, $config['server_name']) === 0))) + if (!(stripos($ref, $host) === 0) && (!$config['force_server_vars'] || !(stripos($ref, $config['server_name']) === 0))) { return false; } -- cgit v1.2.1 From f7009291e20969421f90ab81eed1347a4d977501 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 17 Aug 2009 14:45:14 +0000 Subject: Ability to define constant PHPBB_USE_BOARD_URL_PATH to use board url for images/avatars/ranks/imageset... This feature does not change anything for those not using the constant and this feature is also quite in-flux. We need to test this with some applications and bridges and there may be other locations able to benefit from it. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10008 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index b4d817daf9..d0b4c8c285 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2196,7 +2196,10 @@ class user extends session return $img_data; } - $img_data['src'] = $phpbb_root_path . 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename']; + // Use URL if told so + $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path; + + $img_data['src'] = $root_path . 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename']; $img_data['width'] = $this->img_array[$img]['image_width']; $img_data['height'] = $this->img_array[$img]['image_height']; } -- cgit v1.2.1 From bec4b11b64fa8372d430add94f0eee30ee9d0762 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 20 Aug 2009 08:37:06 +0000 Subject: Because we store forwarded_for if the check is activated we need a better check git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10019 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index d0b4c8c285..8d41616123 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -213,7 +213,7 @@ class session $this->update_session_page = $update_session_page; $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; - $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; + $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? htmlspecialchars((string) $_SERVER['HTTP_X_FORWARDED_FOR']) : ''; $this->host = $this->extract_current_hostname(); $this->page = $this->extract_current_page($phpbb_root_path); @@ -221,10 +221,10 @@ class session // if the forwarded for header shall be checked we have to validate its contents if ($config['forwarded_for_check']) { - $this->forwarded_for = preg_replace('#, +#', ', ', $this->forwarded_for); + $this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->forwarded_for)); // split the list of IPs - $ips = explode(', ', $this->forwarded_for); + $ips = explode(' ', $this->forwarded_for); foreach ($ips as $ip) { // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly @@ -267,7 +267,7 @@ class session // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. - $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : ''; + $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; $this->load = false; // Load limit check (if applicable) @@ -606,7 +606,7 @@ class session } else { - $ips = explode(', ', $this->forwarded_for); + $ips = explode(' ', $this->forwarded_for); $ips[] = $this->ip; $this->check_ban($this->data['user_id'], $ips); } -- cgit v1.2.1 From d8a76b14428d9a5cc955dd0341f032e43f53c7d9 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 20 Aug 2009 08:43:10 +0000 Subject: Add some very basic checks to the users ip - related to bug #48995 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10020 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8d41616123..112cf4e2fd 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -268,6 +268,27 @@ class session // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; + $this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip)); + + // split the list of IPs + $ips = explode(' ', $this->ip); + + // Default IP if REMOTE_ADDR is invalid + $this->ip = '127.0.0.1'; + + foreach ($ips as $ip) + { + // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly + if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) + { + // Just break + break; + } + + // Use the last in chain + $this->ip = $ip; + } + $this->load = false; // Load limit check (if applicable) -- cgit v1.2.1 From 295fb5373ae0a37bfbc36a4461dc3ed2c3cbf9cb Mon Sep 17 00:00:00 2001 From: Jim Wigginton Date: Fri, 4 Sep 2009 14:53:35 +0000 Subject: - fixed bug #44975 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10103 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 112cf4e2fd..dcfde14159 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1361,6 +1361,20 @@ class session WHERE user_id = ' . (int) $user_id; $db->sql_query($sql); + // Update last visit info first before deleting sessions + $sql = 'SELECT session_time, session_page + FROM ' . SESSIONS_TABLE . ' + WHERE session_user_id = ' . (int) $user_id . ' + ORDER BY session_time DESC'; + $result = $db->sql_query_limit($sql, 1); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_lastvisit = ' . (int) $row['session_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' + WHERE user_id = " . (int) $user_id; + $db->sql_query($sql); + // Let's also clear any current sessions for the specified user_id // If it's the current user then we'll leave this session intact $sql_where = 'session_user_id = ' . (int) $user_id; -- cgit v1.2.1 From 223b9ed0d69ab9482dbf0125afb73ef6c569aa16 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 17 Sep 2009 13:39:50 +0000 Subject: extend r9387 - check for existance of all functions we use... git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10158 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index dcfde14159..d8362d5089 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -182,7 +182,7 @@ class session else { // Set to OS hostname or localhost - $host = (function_exists('php_uname')) ? gethostbyaddr(gethostbyname(php_uname('n'))) : 'localhost'; + $host = (function_exists('php_uname') && function_exists('gethostbyaddr') && function_exists('gethostbyname')) ? gethostbyaddr(gethostbyname(php_uname('n'))) : 'localhost'; } } -- cgit v1.2.1 From 782d680b540b3aebb65d50b4063d1b10a9c76365 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 22 Sep 2009 15:09:09 +0000 Subject: Fix getting host for situations where the name/IP is not resolvable. Related to Bug #41025 Related revisions: r9387 and r10158 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10178 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index d8362d5089..bf41fea7de 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -182,7 +182,7 @@ class session else { // Set to OS hostname or localhost - $host = (function_exists('php_uname') && function_exists('gethostbyaddr') && function_exists('gethostbyname')) ? gethostbyaddr(gethostbyname(php_uname('n'))) : 'localhost'; + $host = (function_exists('php_uname')) ? php_uname('n') : 'localhost'; } } -- cgit v1.2.1 From c80f98ea107ab74432fcfadffe13389442874993 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 19 Nov 2009 09:54:38 +0000 Subject: Fix Bug #54125 - Correctly reset login keys if passed value is the current user. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10279 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index bf41fea7de..933bd47347 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1355,7 +1355,7 @@ class session { global $config, $db; - $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; + $user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id; $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user_id; @@ -1378,7 +1378,7 @@ class session // Let's also clear any current sessions for the specified user_id // If it's the current user then we'll leave this session intact $sql_where = 'session_user_id = ' . (int) $user_id; - $sql_where .= ($user_id === $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; + $sql_where .= ($user_id === (int) $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE $sql_where"; @@ -1386,7 +1386,7 @@ class session // We're changing the password of the current user and they have a key // Lets regenerate it to be safe - if ($user_id === $this->data['user_id'] && $this->cookie_data['k']) + if ($user_id === (int) $this->data['user_id'] && $this->cookie_data['k']) { $this->set_login_key($user_id); } -- cgit v1.2.1 From fe98d43bb5c74d9939a60a2b7c9202b19b410d21 Mon Sep 17 00:00:00 2001 From: Cullen Walsh Date: Mon, 25 Jan 2010 18:19:18 +0000 Subject: [Fix] Don't send activation email when user tries to change email without permission (fix by nrohler). (Bug #56335) Authorised by: naderman git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10443 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 933bd47347..11f1896332 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1361,7 +1361,7 @@ class session WHERE user_id = ' . (int) $user_id; $db->sql_query($sql); - // Update last visit info first before deleting sessions + // If the user is logged in, update last visit info first before deleting sessions $sql = 'SELECT session_time, session_page FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . (int) $user_id . ' @@ -1370,10 +1370,13 @@ class session $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_lastvisit = ' . (int) $row['session_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' - WHERE user_id = " . (int) $user_id; - $db->sql_query($sql); + if ($row) + { + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_lastvisit = ' . (int) $row['session_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' + WHERE user_id = " . (int) $user_id; + $db->sql_query($sql); + } // Let's also clear any current sessions for the specified user_id // If it's the current user then we'll leave this session intact -- cgit v1.2.1