From 84b6f6e925f1f63d6db73aa205294914733c515c Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Tue, 11 Jun 2002 02:27:26 +0000
Subject: Various updates ... still preliminary, particularly auth

git-svn-id: file:///svn/phpbb/trunk@2631 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/auth_session.php | 333 +++++++++++++++++++++++++++-------------
 1 file changed, 223 insertions(+), 110 deletions(-)

(limited to 'phpBB')

diff --git a/phpBB/includes/auth_session.php b/phpBB/includes/auth_session.php
index 0a8b3e8768..d7379d08a8 100644
--- a/phpBB/includes/auth_session.php
+++ b/phpBB/includes/auth_session.php
@@ -25,11 +25,15 @@ class session {
 
 	function start($update = true)
 	{
-		global $db, $board_config, $user_ip;
-		global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
+		global $SID, $db, $board_config, $user_ip;
+		global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_GET_VARS;
 
 		$current_time = time();
 		$session_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT'];
+		$this_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF'];
+		$this_query = ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? explode('&', $HTTP_SERVER_VARS['QUERY_STRING']) : explode('&', $HTTP_ENV_VARS['QUERY_STRING']);
+		array_shift($this_query);
+		$this_page = $this_page . '&' . implode('&', $this_query);
 
 		if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) )
 		{
@@ -79,7 +83,7 @@ class session {
 			//
 			// Did the session exist in the DB?
 			//
-			if ( $update && isset($this->userdata['user_id']) )
+			if ( isset($this->userdata['user_id']) )
 			{
 				//
 				// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
@@ -91,19 +95,15 @@ class session {
 
 				if ( $ip_check_s[0].'.'.$ip_check_s[1].'.'.$ip_check_s[2] == $ip_check_u[0].'.'.$ip_check_u[1].'.'.$ip_check_u[2] )
 				{
-					$SID .= '?sid=' . ( ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '' );
+					$SID = '?sid=' . ( ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '' );
 
 					//
 					// Only update session DB a minute or so after last update or if page changes
 					//
-					if ( $current_time - $this->userdata['session_time'] > 60 || $this->userdata['session_page'] != $thispage_id )
+					if ( ( $current_time - $this->userdata['session_time'] > 60 || $this->userdata['session_page'] != $this_page )  && $update )
 					{
-						$this_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF'];
-						$this_query = ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? explode('&', $HTTP_SERVER_VARS['QUERY_STRING']) : explode('&', $HTTP_ENV_VARS['QUERY_STRING']);
-						array_shift($this_query);
-
 						$sql = "UPDATE " . SESSIONS_TABLE . " 
-							SET session_time = $current_time, session_page = '" . $this_page . "#" . implode('#', $this_query) . "' 
+							SET session_time = $current_time, session_page = '$this_page' 
 							WHERE session_id = '" . $this->userdata['session_id'] . "'";
 						if ( !$db->sql_query($sql) )
 						{
@@ -134,42 +134,26 @@ class session {
 		// If we reach here then no (valid) session exists. So we'll create a new one,
 		// using the cookie user_id if available to pull basic user prefs.
 		//
+		$autologin = ( isset($sessiondata['autologinid']) ) ? $sessiondata['autologinid'] : '';
 		$user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS;
-		$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? $password : '';
 
-		if ( !($this->userdata = $this->create($user_id, $autologin)) )
+		//
+		// Limit 5 minute sessions
+		//
+		$sql = "SELECT COUNT(*) AS sessions 
+			FROM " . SESSIONS_TABLE . " 
+			WHERE session_time >= " . ( $current_time - 3600 );
+		if ( !($result = $db->sql_query($sql)) )
 		{
-			message_die(CRITICAL_ERROR, 'Error creating user session', '', __LINE__, __FILE__, $sql);
+			message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
 		}
+		
+		$row = $db->sql_fetchrow[$result];
 
-		$this->config();
-
-		return $this->userdata;
-	}
-
-	function create($user_id, $user_password)
-	{
-		global $db, $board_config, $user_ip;
-		global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
-
-		if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) )
-		{
-			$sessiondata = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data']) ) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_data'])) : '';
-			$session_id = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : '';
-			$sessionmethod = SESSION_METHOD_COOKIE;
-		}
-		else
+		if ( intval($board_config['active_sessions']) && $row['sessions'] >= $board_config['active_sessions'] )
 		{
-			$session_data = '';
-			$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
-			$sessionmethod = SESSION_METHOD_GET;
+			message_die(GENERAL_MESSAGE, 'Board_unavailable', 'Information');
 		}
-		
-		$current_time = time();
-		$session_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT'];
-		$this_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF'];
-		$this_query = ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? explode('&', $HTTP_SERVER_VARS['QUERY_STRING']) : explode('&', $HTTP_ENV_VARS['QUERY_STRING']);
-		array_shift($this_query);
 
 		$sql = "SELECT * 
 			FROM " . USERS_TABLE . " 
@@ -181,6 +165,15 @@ class session {
 
 		$this->userdata = $db->sql_fetchrow($result);
 
+		//
+		// Check autologin request, is it valid?
+		//
+		if ( $this->userdata['user_password'] != $autologin || !$this->userdata['user_active'] || $user_id == ANONYMOUS )
+		{
+			$autologin = '';
+			$this->userdata['user_id'] = $user_id = ANONYMOUS; 
+		}
+
 		$user_ip_parts = explode('.', $user_ip);
 
 		$sql = "SELECT ban_ip, ban_userid, ban_email 
@@ -209,46 +202,28 @@ class session {
 			}
 		}
 
-		//
-		// Limit 5 minute sessions
-		//
-		$sql = "SELECT COUNT(*) AS sessions 
-			FROM " . SESSIONS_TABLE . " 
-			WHERE session_time >= " . ( $current_time - 3600 );
-		if ( !($result = $db->sql_query($sql)) )
-		{
-			message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
-		}
-		
-		$row = $db->sql_fetchrow[$result];
-
-		if ( $row['sessions'] >= $board_config['active_sessions'] )
-		{
-			message_die(GENERAL_MESSAGE, 'Board_unavailable', 'Information');
-		}
-
 		//
 		// Create or update the session
 		//
 		$sql = "UPDATE " . SESSIONS_TABLE . "
-			SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_browser = '$session_browser', session_page = '" . $this_page . "#" . implode('#', $this_query) . "'
-			WHERE session_id = '" . $session_id . "'";
+			SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_browser = '$session_browser', session_page = '$this_page'
+			WHERE session_id = '$session_id'";
 		if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
 		{
 			$session_id = md5(uniqid($user_ip));
 
 			$sql = "INSERT INTO " . SESSIONS_TABLE . "
 				(session_id, session_user_id, session_start, session_time, session_ip, session_browser, session_page)
-				VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', '$session_browser', '" . $this_page . "#" . implode('#', $this_query) . "')";
+				VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', '$session_browser', '$this_page')";
 			if ( !$db->sql_query($sql) )
 			{
 				message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
 			}
 		}
 
-		$SID .= '?sid=' . ( ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '' );
+		$SID = '?sid=' . ( ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '' );
 
-		$sessiondata['autologinid'] = ( $user_password && $sessionmethod == SESSION_METHOD_COOKIE ) ? $user_password : '';
+		$sessiondata['autologinid'] = ( $autologin && $user_id != ANONYMOUS ) ? $autologin : '';
 		$sessiondata['userid'] = $user_id;
 
 		setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
@@ -256,9 +231,52 @@ class session {
 
 		$this->userdata['session_id'] = $session_id;
 
+		$this->config();
+
 		return $this->userdata;
 	}
 
+	function destroy($userdata)
+	{
+		global $SID, $db, $board_config, $user_ip;
+		global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_GET_VARS;
+
+		if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) )
+		{
+			$session_id = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : '';
+		}
+		else
+		{
+			$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
+		}
+
+		//
+		// Delete existing session, update last visit info first!
+		//
+		$sql = "UPDATE " . USERS_TABLE . " 
+			SET user_lastvisit = " . $userdata['session_time'] . ", user_session_page = '" . $userdata['session_page'] . "' 
+			WHERE user_id = " . $userdata['user_id'];
+		if ( !$db->sql_query($sql) )
+		{
+			message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql);
+		}
+
+		$sql = "DELETE FROM " . SESSIONS_TABLE . " 
+			WHERE session_id = '" . $userdata['session_id'] . "' 
+				AND session_user_id = " . $userdata['user_id'];
+		if ( !$db->sql_query($sql) )
+		{
+			message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
+		}
+
+		$SID = '?sid=';
+
+		setcookie($board_config['cookie_name'] . '_data', '', $current_time - 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
+		setcookie($board_config['cookie_name'] . '_sid', '', $current_time - 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
+
+		return true;
+	}
+
 	function gc($current_time)
 	{
 		global $db, $board_config, $user_ip;
@@ -277,7 +295,7 @@ class session {
 			if ( $row['session_logged_in'] )
 			{
 				$sql = "UPDATE " . USERS_TABLE . " 
-					SET user_lastvisit = " . $row['session_time'] . ", user_session_page = " . $row['session_page'] . " 
+					SET user_lastvisit = " . $row['session_time'] . ", user_session_page = '" . $row['session_page'] . "' 
 					WHERE user_id = " . $row['session_user_id'];
 				if ( !$db->sql_query($sql) )
 				{
@@ -312,47 +330,6 @@ class session {
 		return;
 	}
 
-	function destroy($userdata)
-	{
-		global $db, $board_config, $user_ip;
-		global $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
-
-		if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) )
-		{
-			$session_id = ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : '';
-		}
-		else
-		{
-			$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
-		}
-
-		//
-		// Delete existing session, update last visit info first!
-		//
-		$sql = "UPDATE " . USERS_TABLE . " 
-			SET user_lastvisit = " . $userdata['session_time'] . ", user_session_page = " . $userdata['session_page'] . " 
-			WHERE user_id = " . $userdata['user_id'];
-		if ( !$db->sql_query($sql) )
-		{
-			message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql);
-		}
-
-		$sql = "DELETE FROM " . SESSIONS_TABLE . " 
-			WHERE session_id = '" . $userdata['session_id'] . "' 
-				AND session_user_id = " . $userdata['user_id'];
-		if ( !$db->sql_query($sql) )
-		{
-			message_die(CRITICAL_ERROR, 'Error removing user session', '', __LINE__, __FILE__, $sql);
-		}
-
-		$SID .= '?sid=';
-
-		setcookie($board_config['cookie_name'] . '_data', '', $current_time - 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
-		setcookie($board_config['cookie_name'] . '_sid', '', $current_time - 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
-
-		return true;
-	}
-
 	function config()
 	{
 		global $db, $template, $lang, $board_config, $theme, $images;
@@ -442,7 +419,10 @@ class session {
 }
 
 //
-// Note this doesn't use the prefetch at present
+// Note this doesn't use the prefetch at present and is very
+// incomplete ... purely for testing ... will be keeping my
+// eye of 'other products' to ensure these things don't
+// mysteriously appear elsewhere, think up your own solutions!
 //
 class auth {
 
@@ -500,7 +480,43 @@ class auth {
 	{
 		if ( !$forum_id )
 		{
-			return $this->acl;
+			if ( !$auth_type && is_array($this->acl) )
+			{
+				@reset($this->acl);
+				while ( list(, $value1) = @each($this->acl) )
+				{
+					while ( list(, $value2) = @each($value1) )
+					{
+						while ( list(, $value3) = @each($value2) )
+						{
+							if ( $value3 )
+							{
+								return true;
+							}
+						}
+					}
+				}
+				return false;
+			}
+			else if ( !$auth_main && is_array($this->acl) )
+			{
+				@reset($this->acl);
+				while ( list(, $value1) = each($this->acl) )
+				{
+					while ( list(, $value2) = each($value1) )
+					{
+						if ( $value2[$auth_type] )
+						{
+							return true;
+						}
+					}
+				}
+				return false;
+			}
+			else
+			{
+				return $this->acl;
+			}
 		}
 		else if ( $auth_main && $auth_type )
 		{
@@ -548,11 +564,108 @@ class auth {
 }
 
 //
-// Append $SID to a url. Borrowed from phplib and modified. 6
+// Centralised login? May stay, may not ... depends if needed
+//
+function login($username, $password)
+{
+	global $SID, $db, $board_config, $lang, $user_ip, $phpEx;
+
+	$result = false;
+
+	$sql = "SELECT user_id, username, user_password, user_email, user_active, user_level 
+		FROM " . USERS_TABLE . "
+		WHERE username = '" . str_replace("\'", "''", $username) . "'";
+	if ( !($result = $db->sql_query($sql)) )
+	{
+		message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
+	}
+
+	if ( $row = $db->sql_fetchrow($result) )
+	{
+		if ( $row['user_level'] != ADMIN && $board_config['board_disable'] )
+		{
+			header($header_location . "index.$phpEx$SID");
+			exit;
+		}
+
+		if ( $board_config['ldap_enable'] && extension_loaded('ldap') )
+		{
+			if ( !($ldap_id = @ldap_connect($board_config['ldap_hostname'])) )
+			{
+				//
+				// FINISH
+				//
+				@ldap_unbind($ldap_id);
+			}
+		}
+		else
+		{
+			if ( md5($password) == $row['user_password'] && $row['user_active'] )
+			{
+				$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? md5($password) : '';
+
+				$user_ip_parts = explode('.', $user_ip);
+
+				$sql = "SELECT ban_ip, ban_userid, ban_email 
+					FROM " . BANLIST_TABLE . " 
+					WHERE ban_ip IN (
+							'" . $user_ip_parts[0] . ".', 
+							'" . $user_ip_parts[0] . "." . $user_ip_parts[1] . ".',
+							'" . $user_ip_parts[0] . "." . $user_ip_parts[1] . "." . $user_ip_parts[2] . ".', 
+							'" . $user_ip_parts[0] . "." . $user_ip_parts[1] . "." . $user_ip_parts[2] . "." . $user_ip_parts[3] . "') 
+						OR ban_userid = " . $row['user_id'];
+				if ( $user_id != ANONYMOUS )
+				{
+					$sql .= " OR ban_email LIKE '" . str_replace('\\\'', '\\\'\\\'', $row['user_email']) . "' 
+						OR ban_email LIKE '" . substr(str_replace('\\\'', '\\\'\\\'', $row['user_email']), strpos(str_replace('\\\'', '\\\'\\\'', $row['user_email']), '@')) . "'";
+				}
+				if ( !($result = $db->sql_query($sql)) )
+				{
+					message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
+				}
+
+				if ( $ban_info = $db->sql_fetchrow($result) )
+				{
+					if ( $ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email'] )
+					{
+						message_die(CRITICAL_MESSAGE, 'You_been_banned');
+					}
+				}
+
+				$session_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT'];
+
+				$current_time = time();
+
+				//
+				// Update the session
+				//
+				$sql = "UPDATE " . SESSIONS_TABLE . "
+					SET session_user_id = " . $row['user_id'] . ", session_start = $current_time, session_time = $current_time, session_browser = '$session_browser', session_page = ''
+					WHERE session_id = '" . $userdata['session_id'] . "'";
+				if ( !$db->sql_query($sql) )
+				{
+					message_die(GENERAL_ERROR, 'Could not update session post-login', '', __LINE__, __FILE__, $sql);
+				}
+
+				$sessiondata['autologinid'] = ( $autologin && $user_id != ANONYMOUS ) ? $autologin : '';
+				$sessiondata['userid'] = $row['user_id'];
+
+				setcookie($board_config['cookie_name'] . '_data', serialize($sessiondata), $current_time + 31536000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
+				setcookie($board_config['cookie_name'] . '_sid', $userdata['session_id'], 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
+
+				$result = true;
+			}
+		}
+	}
+
+	return $result;
+
+}
+
+//
 //
-// This routine is doomed I think, instead we just set a URL$SID for
-// appropriate URLs rather than this append stuff. For the time being
-// this change will break URL based session propagation
+// This routine is dead instead we just set a URL$SID for
+// appropriate URLs rather than this append stuff
 //
 function append_sid($url, $non_html_amp = false)
 {
-- 
cgit v1.2.1