mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-07 20:08:53 +00:00
Session code updates
git-svn-id: file:///svn/phpbb/trunk@143 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
parent
e63c33bb2c
commit
7791a31260
9 changed files with 236 additions and 93 deletions
|
|
@ -72,11 +72,4 @@ else
|
|||
|
||||
include('language/lang_'.$default_lang.'.'.$phpEx);
|
||||
|
||||
//
|
||||
// Initialise session stuff
|
||||
// See file for more details ...
|
||||
//
|
||||
|
||||
$userdata = session_pagestart($db, $user_ip, $session_length);
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -178,6 +178,101 @@ function theme_select($default, $db)
|
|||
return($theme_select);
|
||||
}
|
||||
|
||||
//
|
||||
// Initialise user settings on page load
|
||||
//
|
||||
function init_userprefs($userdata)
|
||||
{
|
||||
|
||||
global $override_user_theme;
|
||||
global $bgcolor, $table_bgcolor, $textcolor, $category_title, $table_header;
|
||||
global $color1, $color2, $header_image, $newtopic_image;
|
||||
global $reply_locked_image, $reply_image, $linkcolor, $vlinkcolor;
|
||||
global $default_lang, $date_format, $sys_timezone;
|
||||
|
||||
if(!$override_user_theme)
|
||||
{
|
||||
if($userdata['user_id'] != ANONYMOUS || $userdata['user_id'] != DELETED)
|
||||
{
|
||||
$theme = setuptheme($userdata["user_theme"]);
|
||||
}
|
||||
else
|
||||
{
|
||||
$theme = setuptheme($default_theme);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$theme = setuptheme($override_user_theme);
|
||||
}
|
||||
if($theme)
|
||||
{
|
||||
$bgcolor = $theme["bgcolor"];
|
||||
$table_bgcolor = $theme["table_bgcolor"];
|
||||
$textcolor = $theme["textcolor"];
|
||||
$category_title = $theme["category_title"];
|
||||
$table_header = $theme["table_header"];
|
||||
$color1 = $theme["color1"];
|
||||
$color2 = $theme["color2"];
|
||||
$header_image = $theme["header_image"];
|
||||
$newtopic_image = $theme["newtopic_image"];
|
||||
$reply_locked_image = $theme["reply_locked_image"];
|
||||
$reply_image = $theme["reply_image"];
|
||||
$linkcolor = $theme["linkcolor"];
|
||||
$vlinkcolor = $theme["vlinkcolor"];
|
||||
}
|
||||
if($userdata["user_lang"] != "")
|
||||
{
|
||||
$default_lang = $userdata["user_lang"];
|
||||
}
|
||||
if($userdata["user_dateformat"] != "")
|
||||
{
|
||||
$date_format = $userdata["user_dateformat"];
|
||||
}
|
||||
if($userdata["user_timezone"])
|
||||
{
|
||||
$sys_timezone = $userdata["user_timezone"];
|
||||
}
|
||||
|
||||
// Include the appropriate language file ... if it exists.
|
||||
if(!strstr($PHP_SELF, "admin"))
|
||||
{
|
||||
if(file_exists('language/lang_'.$default_lang.'.'.$phpEx))
|
||||
{
|
||||
include('language/lang_'.$default_lang.'.'.$phpEx);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if(strstr($PHP_SELF, "topicadmin"))
|
||||
{
|
||||
include('language/lang_'.$default_lang.'.'.$phpEx);
|
||||
}
|
||||
else
|
||||
{
|
||||
include('../language/lang_'.$default_lang.'.'.$phpEx);
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
|
||||
}
|
||||
function setuptheme($theme)
|
||||
{
|
||||
global $db;
|
||||
|
||||
$sql = "SELECT *
|
||||
FROM ".THEMES_TABLE."
|
||||
WHERE theme_id = '$theme'";
|
||||
if(!$result = $db->sql_query($sql))
|
||||
return(0);
|
||||
|
||||
if(!$myrow = $db->sql_fetchrow($result))
|
||||
return(0);
|
||||
|
||||
return($myrow);
|
||||
}
|
||||
|
||||
function tz_select($default)
|
||||
{
|
||||
global $board_tz;
|
||||
|
|
|
|||
|
|
@ -27,9 +27,10 @@
|
|||
// Adds/updates a new session to the database for the given userid.
|
||||
// Returns the new session ID on success.
|
||||
//
|
||||
function session_begin($db, $user_id, $user_ip, $session_length, $login = 0, $password = "")
|
||||
function session_begin($user_id, $user_ip, $page_id, $session_length, $login = 0, $password = "")
|
||||
{
|
||||
|
||||
global $db;
|
||||
global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife;
|
||||
global $HTTP_COOKIE_VARS;
|
||||
|
||||
|
|
@ -37,52 +38,79 @@ function session_begin($db, $user_id, $user_ip, $session_length, $login = 0, $pa
|
|||
$expiry_time = $current_time - $session_length;
|
||||
$int_ip = encode_ip($user_ip);
|
||||
|
||||
if($user_id == ANONYMOUS)
|
||||
{
|
||||
$login = 0;
|
||||
}
|
||||
|
||||
$sql = "UPDATE ".SESSIONS_TABLE."
|
||||
SET session_user_id = $user_id, session_time = $current_time, session_logged_in = $login
|
||||
WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].")
|
||||
AND (session_ip = $int_ip)";
|
||||
//
|
||||
// Initial ban check against IP and userid
|
||||
//
|
||||
$sql = "SELECT ban_ip, ban_userid
|
||||
FROM ".BANLIST_TABLE."
|
||||
WHERE (ban_ip = '$int_ip' OR ban_userid = '$user_id')
|
||||
AND (ban_start < $current_time AND ban_end > $current_time )";
|
||||
$result = $db->sql_query($sql);
|
||||
if(!$result || !$db->sql_affectedrows())
|
||||
if (!$result)
|
||||
{
|
||||
mt_srand( (double) microtime() * 1000000);
|
||||
$session_id = mt_rand();
|
||||
|
||||
$sql = "INSERT INTO ".SESSIONS_TABLE."
|
||||
(session_id, session_user_id, session_time, session_ip, session_logged_in)
|
||||
VALUES
|
||||
($session_id, $user_id, $current_time, $int_ip, $login)";
|
||||
$result = $db->sql_query($sql);
|
||||
if(!$result)
|
||||
{
|
||||
if(DEBUG)
|
||||
{
|
||||
error_die($db, GENERAL_ERROR, "Error creating new session : session_pagestart");
|
||||
}
|
||||
else
|
||||
{
|
||||
error_die($db, SESSION_CREATE);
|
||||
}
|
||||
}
|
||||
error_die(QUERY_ERROR, "Couldn't obtain ban information.", __LINE__, __FILE__);
|
||||
}
|
||||
$ban_info = $db->sql_fetchrow($result);
|
||||
|
||||
setcookie($cookiename."[sessionid]", $session_id, $session_length, "", "", "");
|
||||
//
|
||||
// Check for user and ip ban ...
|
||||
//
|
||||
if($ban_info['ban_ip'] || $ban_info['ban_userid'])
|
||||
{
|
||||
error_die(AUTH_BANNED);
|
||||
}
|
||||
else
|
||||
{
|
||||
$session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid'];
|
||||
}
|
||||
if($user_id == ANONYMOUS)
|
||||
{
|
||||
$login = 0;
|
||||
}
|
||||
|
||||
$sql = "UPDATE ".SESSIONS_TABLE."
|
||||
SET session_user_id = $user_id, session_time = $current_time, session_page = $page_id, session_logged_in = $login
|
||||
WHERE (session_id = ".$HTTP_COOKIE_VARS[$cookiename]['sessionid'].")
|
||||
AND (session_ip = '$int_ip')";
|
||||
|
||||
$result = $db->sql_query($sql);
|
||||
|
||||
if(!$result || !$db->sql_affectedrows())
|
||||
{
|
||||
mt_srand( (double) microtime() * 1000000);
|
||||
$session_id = mt_rand();
|
||||
|
||||
$sql = "INSERT INTO ".SESSIONS_TABLE."
|
||||
(session_id, session_user_id, session_time, session_ip, session_page, session_logged_in)
|
||||
VALUES
|
||||
($session_id, $user_id, $current_time, '$int_ip', $page_id, $login)";
|
||||
$result = $db->sql_query($sql);
|
||||
if(!$result)
|
||||
{
|
||||
if(DEBUG)
|
||||
{
|
||||
error_die($db, GENERAL_ERROR, "Error creating new session : session_begin");
|
||||
}
|
||||
else
|
||||
{
|
||||
error_die($db, SESSION_CREATE);
|
||||
}
|
||||
}
|
||||
|
||||
setcookie($cookiename."[sessionid]", $session_id, $session_length);
|
||||
}
|
||||
else
|
||||
{
|
||||
$session_id = $HTTP_COOKIE_VARS[$cookiename]['sessionid'];
|
||||
}
|
||||
|
||||
if(!empty($password) && AUTOLOGON)
|
||||
{
|
||||
setcookie($cookiename."[useridref]", $password, $cookielife);
|
||||
}
|
||||
setcookie($cookiename."[userid]", $user_id, $cookielife);
|
||||
setcookie($cookiename."[sessionstart]", $current_time, $cookielife);
|
||||
setcookie($cookiename."[sessiontime]", $current_time, $session_length);
|
||||
|
||||
if(!empty($password) && AUTOLOGON)
|
||||
{
|
||||
setcookie($cookiename."[useridref]", $password, $cookielife, "", "", "");
|
||||
}
|
||||
setcookie($cookiename."[userid]", $user_id, $cookielife, "", "", "");
|
||||
setcookie($cookiename."[sessionstart]", $current_time, $cookielife, "", "", "");
|
||||
setcookie($cookiename."[sessiontime]", $current_time, $session_length, "", "", "");
|
||||
|
||||
return $session_id;
|
||||
|
||||
|
|
@ -93,14 +121,13 @@ function session_begin($db, $user_id, $user_ip, $session_length, $login = 0, $pa
|
|||
// Checks for a given user session, tidies session
|
||||
// table and updates user sessions at each page refresh
|
||||
//
|
||||
function session_pagestart($db, $user_ip, $session_length)
|
||||
function session_pagestart($user_ip, $thispage_id, $session_length)
|
||||
{
|
||||
|
||||
global $db;
|
||||
global $cookiename, $cookiedomain, $cookiepath, $cookiesecure, $cookielife;
|
||||
global $HTTP_COOKIE_VARS;
|
||||
|
||||
unset($userdata);
|
||||
|
||||
$current_time = time();
|
||||
$int_ip = encode_ip($user_ip);
|
||||
|
||||
|
|
@ -132,9 +159,9 @@ function session_pagestart($db, $user_ip, $session_length)
|
|||
$userid = $HTTP_COOKIE_VARS[$cookiename]['userid'];
|
||||
$sql = "SELECT u.*, s.session_id, s.session_time, s.session_logged_in, b.ban_ip, b.ban_userid
|
||||
FROM ".USERS_TABLE." u
|
||||
LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = $int_ip OR b.ban_userid = u.user_id)
|
||||
LEFT JOIN ".BANLIST_TABLE." b ON ( (b.ban_ip = '$int_ip' OR b.ban_userid = u.user_id)
|
||||
AND ( b.ban_start < $current_time AND b.ban_end > $current_time ) )
|
||||
LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id AND s.session_ip = $int_ip )
|
||||
LEFT JOIN ".SESSIONS_TABLE." s ON ( u.user_id = s.session_user_id AND s.session_ip = '$int_ip' )
|
||||
WHERE u.user_id = $userid";
|
||||
$result = $db->sql_query($sql);
|
||||
if (!$result)
|
||||
|
|
@ -180,9 +207,9 @@ function session_pagestart($db, $user_ip, $session_length)
|
|||
{
|
||||
|
||||
$sql = "UPDATE ".SESSIONS_TABLE."
|
||||
SET session_time = '$current_time'
|
||||
SET session_time = '$current_time', session_page = '$thispage_id'
|
||||
WHERE (session_id = ".$userdata['session_id'].")
|
||||
AND (session_ip = $int_ip)
|
||||
AND (session_ip = '$int_ip')
|
||||
AND (session_user_id = ".$userdata['user_id'].")";
|
||||
$result = $db->sql_query($sql);
|
||||
if(!$result)
|
||||
|
|
@ -202,7 +229,7 @@ function session_pagestart($db, $user_ip, $session_length)
|
|||
// Update was success, send current time to cookie
|
||||
// and return userdata
|
||||
//
|
||||
setcookie($cookiename."[sessiontime]", $current_time, $session_length, "", "", "");
|
||||
setcookie($cookiename."[sessiontime]", $current_time, $session_length);
|
||||
|
||||
return $userdata;
|
||||
} // if (affectedrows)
|
||||
|
|
@ -247,7 +274,7 @@ function session_pagestart($db, $user_ip, $session_length)
|
|||
$password = "";
|
||||
$userdata['session_logged_in'] = 0;
|
||||
}
|
||||
$result = session_begin($db, $userdata['user_id'], $user_ip, $session_length, $autologon, $password);
|
||||
$result = session_begin($userdata['user_id'], $user_ip, $thispage_id, $session_length, $autologon, $password);
|
||||
if(!$result)
|
||||
{
|
||||
if(DEBUG)
|
||||
|
|
@ -266,53 +293,21 @@ function session_pagestart($db, $user_ip, $session_length)
|
|||
|
||||
//
|
||||
// No userid cookie exists so we'll
|
||||
// check for an IP ban and set up
|
||||
// a new anonymous session
|
||||
// set up a new anonymous session
|
||||
//
|
||||
$int_ip = encode_ip($user_ip);
|
||||
$sql = "SELECT ban_ip
|
||||
FROM ".BANLIST_TABLE."
|
||||
WHERE ban_ip = $int_ip";
|
||||
$result = $db->sql_query($sql);
|
||||
if (!$result)
|
||||
$result = session_begin(ANONYMOUS, $user_ip, $thispage_id, $session_length, 0);
|
||||
if(!$result)
|
||||
{
|
||||
if(DEBUG)
|
||||
{
|
||||
error_die($db, GENERAL_ERROR, "Error doing DB query non-userid ban_ip row fetch : session_pagestart");
|
||||
error_die($db, GENERAL_ERROR, "Error creating anonymous session : session_pagestart");
|
||||
}
|
||||
else
|
||||
{
|
||||
error_die($db, SESSION_CREATE);
|
||||
}
|
||||
}
|
||||
$banned_ip = $db->sql_fetchrow($result);
|
||||
|
||||
//
|
||||
// Check for user and ip ban ...
|
||||
//
|
||||
if($banned_ip['ban_ip'])
|
||||
{
|
||||
error_die($db, BANNED);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
$result = session_begin($db, ANONYMOUS, $user_ip, $session_length);
|
||||
if(!$result)
|
||||
{
|
||||
if(DEBUG)
|
||||
{
|
||||
error_die($db, GENERAL_ERROR, "Error creating anonymous session : session_pagestart");
|
||||
}
|
||||
else
|
||||
{
|
||||
error_die($db, SESSION_CREATE);
|
||||
}
|
||||
}
|
||||
$userdata['session_logged_in'] = 0;
|
||||
|
||||
}
|
||||
|
||||
$userdata['session_logged_in'] = 0;
|
||||
}
|
||||
|
||||
return $userdata;
|
||||
|
|
|
|||
|
|
@ -72,6 +72,16 @@ define(POST_USERS_URL, 'u');
|
|||
// Session parameters
|
||||
define(AUTOLOGON, 0);
|
||||
|
||||
// Page numbers for session handling
|
||||
define(PAGE_INDEX, 0);
|
||||
define(PAGE_LOGIN, -1);
|
||||
define(PAGE_SEARCH, -2);
|
||||
define(PAGE_REGISTER, -3);
|
||||
define(PAGE_PROFILE, -4);
|
||||
define(PAGE_VIEWONLINE, -6);
|
||||
define(PAGE_VIEWMEMBERS, -7);
|
||||
define(PAGE_FAQ, -8);
|
||||
|
||||
define('BANLIST_TABLE', $table_prefix.'banlist');
|
||||
define('CATEGORIES_TABLE', $table_prefix.'categories');
|
||||
define('CONFIG_TABLE', $table_prefix.'config');
|
||||
|
|
|
|||
|
|
@ -27,6 +27,15 @@ include('common.'.$phpEx);
|
|||
$pagetype = "index";
|
||||
$page_title = "Forum Index";
|
||||
|
||||
//
|
||||
// Start session management
|
||||
//
|
||||
$userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length);
|
||||
init_userprefs($userdata);
|
||||
//
|
||||
// End session management
|
||||
//
|
||||
|
||||
$total_posts = get_db_stat($db, 'postcount');
|
||||
$total_users = get_db_stat($db, 'usercount');
|
||||
$newest_userdata = get_db_stat($db, 'newestuser');
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ if(isset($HTTP_POST_VARS['submit']) || isset($HTTP_GET_VARS['submit']))
|
|||
{
|
||||
if(md5($password) == $rowresult["user_password"])
|
||||
{
|
||||
$session_id = session_begin($db, $rowresult["user_id"], $user_ip, $session_length, 1, $rowresult["user_password"]);
|
||||
$session_id = session_begin($rowresult["user_id"], $user_ip, PAGE_INDEX, $session_length, 1, $rowresult["user_password"]);
|
||||
if($session_id)
|
||||
{
|
||||
header("Location: index.$phpEx");
|
||||
|
|
|
|||
|
|
@ -25,6 +25,15 @@
|
|||
include('extension.inc');
|
||||
include('common.'.$phpEx);
|
||||
|
||||
//
|
||||
// Start session management
|
||||
//
|
||||
$userdata = session_pagestart($user_ip, PAGE_PROFILE, $session_length);
|
||||
init_userprefs($userdata);
|
||||
//
|
||||
// End session management
|
||||
//
|
||||
|
||||
switch($mode)
|
||||
{
|
||||
case 'viewprofile':
|
||||
|
|
|
|||
|
|
@ -23,9 +23,31 @@
|
|||
include('extension.inc');
|
||||
include('common.'.$phpEx);
|
||||
|
||||
//
|
||||
// Obtain which forum id is required
|
||||
//
|
||||
if(!isset($HTTP_GET_VARS['forum']) && !isset($HTTP_POST_VARS['forum'])) // For backward compatibility
|
||||
{
|
||||
$forum_id = ($HTTP_GET_VARS[POST_FORUM_URL]) ? $HTTP_GET_VARS[POST_FORUM_URL] : $HTTP_POST_VARS[POST_FORUM_URL];
|
||||
}
|
||||
else
|
||||
{
|
||||
$forum_id = ($HTTP_GET_VARS['forum']) ? $HTTP_GET_VARS['forum'] : $HTTP_POST_VARS['forum'];
|
||||
}
|
||||
|
||||
$pagetype = "viewforum";
|
||||
$page_title = "View Forum - $forum_name";
|
||||
|
||||
//
|
||||
// Start session management
|
||||
//
|
||||
$userdata = session_pagestart($user_ip, $forum_id, $session_length);
|
||||
init_userprefs($userdata);
|
||||
//
|
||||
// End session management
|
||||
//
|
||||
|
||||
|
||||
// Check if the user has acutally sent a forum ID with his/her request
|
||||
// If not give them a nice error page.
|
||||
if(isset($forum_id))
|
||||
|
|
|
|||
|
|
@ -60,6 +60,16 @@ $forum_row = $db->sql_fetchrowset($result);
|
|||
$topic_title = $forum_row[0]["topic_title"];
|
||||
$forum_id = $forum_row[0]["forum_id"];
|
||||
$forum_name = stripslashes($forum_row[0]["forum_name"]);
|
||||
|
||||
//
|
||||
// Start session management
|
||||
//
|
||||
$userdata = session_pagestart($user_ip, $forum_id, $session_length);
|
||||
init_userprefs($userdata);
|
||||
//
|
||||
// End session management
|
||||
//
|
||||
|
||||
for($x = 0; $x < $total_rows; $x++)
|
||||
{
|
||||
$moderators[] = array("user_id" => $forum_row[$x]["user_id"],
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue