makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-09 04:48:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

A couple of minor changes

Browse source 
git-svn-id: file:///svn/phpbb/trunk@602 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-07-07 14:52:08 +00:00
parent 7cf7b689a4
commit 3497f2adab
1 changed files with 33 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
phpBB/includes/sessions.php
View file

@ -76,18 +76,16 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0
$login = 0; $login = 0;
$autologin = 0; $autologin = 0;
} }
// //
// Remove duplicate user_id from session table // Remove duplicate user_id from session table
// if IP is different ... stops same user // if IP is different ...
// logging in from different PC's at same time
// Do we want this ???
// //
if( ( $login || $autologin ) && $user_id != ANONYMOUS && $user_id != DELETED ) if( ( $login || $autologin ) && $user_id != ANONYMOUS )
{ {
$sql_delete_same_user = "DELETE FROM " . SESSIONS_TABLE . " $sql_delete_same_user = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_ip <> '$user_ip' WHERE session_ip <> '$user_ip'
AND session_user_id = $user_id AND session_user_id = $user_id";
AND session_logged_in = 1";
$result = $db->sql_query($sql_delete_same_user); $result = $db->sql_query($sql_delete_same_user);
} }
@ -106,8 +104,7 @@ function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0
if(!$result || !$db->sql_affectedrows()) if(!$result || !$db->sql_affectedrows())
{ {
mt_srand( (double) microtime() * 1000000); mt_srand( (double) microtime() * 1000000);
$session_id = md5(mt_rand()); // This is a superior but more intensive creation method $session_id = md5(mt_rand());
// $session_id = mt_rand();
$sql_insert = "INSERT INTO " . SESSIONS_TABLE . " $sql_insert = "INSERT INTO " . SESSIONS_TABLE . "
(session_id, session_user_id, session_start, session_time, session_last_visit, session_ip, session_page, session_logged_in) (session_id, session_user_id, session_start, session_time, session_last_visit, session_ip, session_page, session_logged_in)
@ -193,19 +190,11 @@ function session_pagestart($user_ip, $thispage_id, $session_length)
// //
// Does a session exist? // Does a session exist?
// //
// Redo without initial user_id check?
// ie. check sessionid, then pull from DB
// based on sessionid and sessionip only?
// is this secure enough? probably, since
// the DB is cleared every 'sessiontime' mins
// (or when a user visits, whichever sooner)
// and a user is logged out
//
if(isset($sessiondata['sessionid'])) if(isset($sessiondata['sessionid']))
{ {
// //
// session_id exists so go ahead and attempt // session_id exists so go ahead and attempt to grab all
// to grab all data in preparation // data in preparation
// //
$sql = "SELECT u.*, s.* $sql = "SELECT u.*, s.*
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
@ -225,7 +214,6 @@ function session_pagestart($user_ip, $thispage_id, $session_length)
// //
if(isset($userdata['user_id'])) if(isset($userdata['user_id']))
{ {
$SID = ($sessionmethod == SESSION_METHOD_GET) ? "sid=" . $sessiondata['sessionid'] : ""; $SID = ($sessionmethod == SESSION_METHOD_GET) ? "sid=" . $sessiondata['sessionid'] : "";
// //
@ -267,10 +255,8 @@ function session_pagestart($user_ip, $thispage_id, $session_length)
} }
} }
// //
// If we reach here then no (valid) session // If we reach here then no (valid) session exists. So we'll create a new one,
// exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs.
// using the cookie user_id if available to
// pull basic user prefs.
// //
$login = 0; $login = 0;
@ -344,7 +330,6 @@ function session_pagestart($user_ip, $thispage_id, $session_length)
// //
function session_end($session_id, $user_id) function session_end($session_id, $user_id)
{ {
global $db, $lang; global $db, $lang;
global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife; global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife;
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
@ -396,13 +381,10 @@ function session_end($session_id, $user_id)
} // session_end() } // session_end()
// //
// Append $SID to a url // Append $SID to a url. Borrowed from phplib and modified. This is an
// Borrowed from phplib and modified. This is an // extra routine utilised by the session code above and acts as a wrapper
// extra routine utilised by the session // around every single URL and form action. If you replace the session
// code above and acts as a wrapper // code you must include this routine, even if it's empty.
// around every single URL and form action. If
// you replace the session code you must
// include this routine, even if it's empty.
// //
function append_sid($url) function append_sid($url)
{ {
@ -415,7 +397,6 @@ function append_sid($url)
} }
return($url); return($url);
} }
?> ?>