root / trunk / phpBB / includes / session.php
History | View | Annotate | Download (72.2 kB)
| 1 | 2661 | psotfx | <?php
|
|---|---|---|---|
| 2 | 7736 | acydburn | /**
|
| 3 | 5114 | acydburn | * |
| 4 | 5114 | acydburn | * @package phpBB3 |
| 5 | 7736 | acydburn | * @copyright (c) 2005 phpBB Group |
| 6 | 11653 | git-gate | * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 |
| 7 | 5114 | acydburn | * |
| 8 | 5114 | acydburn | */ |
| 9 | 2661 | psotfx | |
| 10 | 5114 | acydburn | /**
|
| 11 | 8131 | acydburn | * @ignore |
| 12 | 8131 | acydburn | */ |
| 13 | 8131 | acydburn | if (!defined('IN_PHPBB')) |
| 14 | 8131 | acydburn | {
|
| 15 | 8131 | acydburn | exit;
|
| 16 | 8131 | acydburn | } |
| 17 | 8131 | acydburn | |
| 18 | 8131 | acydburn | /**
|
| 19 | 6058 | acydburn | * Session class |
| 20 | 5237 | acydburn | * @package phpBB3 |
| 21 | 5114 | acydburn | */ |
| 22 | 2958 | psotfx | class session |
| 23 | 2958 | psotfx | {
|
| 24 | 5175 | psotfx | var $cookie_data = array(); |
| 25 | 6048 | acydburn | var $page = array(); |
| 26 | 6048 | acydburn | var $data = array(); |
| 27 | 2923 | psotfx | var $browser = ''; |
| 28 | 6740 | naderman | var $forwarded_for = ''; |
| 29 | 5859 | acydburn | var $host = ''; |
| 30 | 6048 | acydburn | var $session_id = ''; |
| 31 | 2962 | psotfx | var $ip = ''; |
| 32 | 6048 | acydburn | var $load = 0; |
| 33 | 5175 | psotfx | var $time_now = 0; |
| 34 | 6048 | acydburn | var $update_session_page = true; |
| 35 | 2661 | psotfx | |
| 36 | 5175 | psotfx | /**
|
| 37 | 5595 | acydburn | * Extract current session page |
| 38 | 6048 | acydburn | * |
| 39 | 6048 | acydburn | * @param string $root_path current root path (phpbb_root_path) |
| 40 | 5595 | acydburn | */ |
| 41 | 10560 | git-gate | static function extract_current_page($root_path) |
| 42 | 5595 | acydburn | {
|
| 43 | 11368 | git-gate | global $request; |
| 44 | 11368 | git-gate | |
| 45 | 5595 | acydburn | $page_array = array(); |
| 46 | 5595 | acydburn | |
| 47 | 5595 | acydburn | // First of all, get the request uri...
|
| 48 | 11368 | git-gate | $script_name = htmlspecialchars_decode($request->server('PHP_SELF')); |
| 49 | 11368 | git-gate | $args = explode('&', htmlspecialchars_decode($request->server('QUERY_STRING'))); |
| 50 | 5595 | acydburn | |
| 51 | 5595 | acydburn | // If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
|
| 52 | 5595 | acydburn | if (!$script_name) |
| 53 | 5595 | acydburn | {
|
| 54 | 11368 | git-gate | $script_name = htmlspecialchars_decode($request->server('REQUEST_URI')); |
| 55 | 7910 | davidmj | $script_name = (($pos = strpos($script_name, '?')) !== false) ? substr($script_name, 0, $pos) : $script_name; |
| 56 | 6048 | acydburn | $page_array['failover'] = 1; |
| 57 | 5595 | acydburn | } |
| 58 | 5595 | acydburn | |
| 59 | 5595 | acydburn | // Replace backslashes and doubled slashes (could happen on some proxy setups)
|
| 60 | 5595 | acydburn | $script_name = str_replace(array('\\', '//'), '/', $script_name); |
| 61 | 5595 | acydburn | |
| 62 | 5595 | acydburn | // Now, remove the sid and let us get a clean query string...
|
| 63 | 8098 | acydburn | $use_args = array(); |
| 64 | 8098 | acydburn | |
| 65 | 8098 | acydburn | // Since some browser do not encode correctly we need to do this with some "special" characters...
|
| 66 | 8098 | acydburn | // " -> %22, ' => %27, < -> %3C, > -> %3E
|
| 67 | 8098 | acydburn | $find = array('"', "'", '<', '>'); |
| 68 | 8098 | acydburn | $replace = array('%22', '%27', '%3C', '%3E'); |
| 69 | 8098 | acydburn | |
| 70 | 5595 | acydburn | foreach ($args as $key => $argument) |
| 71 | 5595 | acydburn | {
|
| 72 | 8544 | acydburn | if (strpos($argument, 'sid=') === 0) |
| 73 | 5595 | acydburn | {
|
| 74 | 8098 | acydburn | continue;
|
| 75 | 5595 | acydburn | } |
| 76 | 8098 | acydburn | |
| 77 | 8824 | toonarmy | $use_args[] = str_replace($find, $replace, $argument); |
| 78 | 5595 | acydburn | } |
| 79 | 8098 | acydburn | unset($args); |
| 80 | 5595 | acydburn | |
| 81 | 5995 | acydburn | // The following examples given are for an request uri of {path to the phpbb directory}/adm/index.php?i=10&b=2
|
| 82 | 5995 | acydburn | |
| 83 | 5595 | acydburn | // The current query string
|
| 84 | 8098 | acydburn | $query_string = trim(implode('&', $use_args)); |
| 85 | 5595 | acydburn | |
| 86 | 5595 | acydburn | // basenamed page name (for example: index.php)
|
| 87 | 10625 | git-gate | $page_name = (substr($script_name, -1, 1) == '/') ? '' : basename($script_name); |
| 88 | 6487 | acydburn | $page_name = urlencode(htmlspecialchars($page_name)); |
| 89 | 5595 | acydburn | |
| 90 | 5595 | acydburn | // current directory within the phpBB root (for example: adm)
|
| 91 | 6122 | acydburn | $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path))); |
| 92 | 6122 | acydburn | $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./'))); |
| 93 | 5995 | acydburn | $intersection = array_intersect_assoc($root_dirs, $page_dirs); |
| 94 | 5595 | acydburn | |
| 95 | 5995 | acydburn | $root_dirs = array_diff_assoc($root_dirs, $intersection); |
| 96 | 5995 | acydburn | $page_dirs = array_diff_assoc($page_dirs, $intersection); |
| 97 | 5995 | acydburn | |
| 98 | 5995 | acydburn | $page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); |
| 99 | 5995 | acydburn | |
| 100 | 6015 | acydburn | if ($page_dir && substr($page_dir, -1, 1) == '/') |
| 101 | 5995 | acydburn | {
|
| 102 | 5995 | acydburn | $page_dir = substr($page_dir, 0, -1); |
| 103 | 5995 | acydburn | } |
| 104 | 5995 | acydburn | |
| 105 | 5995 | acydburn | // Current page from phpBB root (for example: adm/index.php?i=10&b=2)
|
| 106 | 6114 | acydburn | $page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : ''); |
| 107 | 5595 | acydburn | |
| 108 | 7456 | acydburn | // The script path from the webroot to the current directory (for example: /phpBB3/adm/) : always prefixed with / and ends in /
|
| 109 | 5595 | acydburn | $script_path = trim(str_replace('\\', '/', dirname($script_name))); |
| 110 | 5595 | acydburn | |
| 111 | 7456 | acydburn | // The script path from the webroot to the phpBB root (for example: /phpBB3/)
|
| 112 | 5995 | acydburn | $script_dirs = explode('/', $script_path); |
| 113 | 5995 | acydburn | array_splice($script_dirs, -sizeof($page_dirs)); |
| 114 | 6930 | acydburn | $root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : ''); |
| 115 | 5595 | acydburn | |
| 116 | 5595 | acydburn | // We are on the base level (phpBB root == webroot), lets adjust the variables a bit...
|
| 117 | 5595 | acydburn | if (!$root_script_path) |
| 118 | 5595 | acydburn | {
|
| 119 | 5977 | acydburn | $root_script_path = ($page_dir) ? str_replace($page_dir, '', $script_path) : $script_path; |
| 120 | 5595 | acydburn | } |
| 121 | 5595 | acydburn | |
| 122 | 6015 | acydburn | $script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/'; |
| 123 | 6015 | acydburn | $root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/'; |
| 124 | 6015 | acydburn | |
| 125 | 5595 | acydburn | $page_array += array( |
| 126 | 6114 | acydburn | 'page_name' => $page_name, |
| 127 | 6114 | acydburn | 'page_dir' => $page_dir, |
| 128 | 5595 | acydburn | |
| 129 | 5595 | acydburn | 'query_string' => $query_string, |
| 130 | 6114 | acydburn | 'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path)), |
| 131 | 6114 | acydburn | 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), |
| 132 | 5595 | acydburn | |
| 133 | 8436 | Kellanved | 'page' => $page, |
| 134 | 10801 | git-gate | 'forum' => request_var('f', 0), |
| 135 | 5595 | acydburn | ); |
| 136 | 5595 | acydburn | |
| 137 | 5595 | acydburn | return $page_array; |
| 138 | 5595 | acydburn | } |
| 139 | 5595 | acydburn | |
| 140 | 5595 | acydburn | /**
|
| 141 | 8846 | acydburn | * Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present. |
| 142 | 8846 | acydburn | */ |
| 143 | 8846 | acydburn | function extract_current_hostname() |
| 144 | 8846 | acydburn | {
|
| 145 | 11368 | git-gate | global $config, $request; |
| 146 | 8846 | acydburn | |
| 147 | 8846 | acydburn | // Get hostname
|
| 148 | 11368 | git-gate | $host = htmlspecialchars_decode($request->header('Host', $request->server('SERVER_NAME'))); |
| 149 | 8846 | acydburn | |
| 150 | 8846 | acydburn | // Should be a string and lowered
|
| 151 | 8846 | acydburn | $host = (string) strtolower($host); |
| 152 | 8846 | acydburn | |
| 153 | 8846 | acydburn | // If host is equal the cookie domain or the server name (if config is set), then we assume it is valid
|
| 154 | 8846 | acydburn | if ((isset($config['cookie_domain']) && $host === $config['cookie_domain']) || (isset($config['server_name']) && $host === $config['server_name'])) |
| 155 | 8846 | acydburn | {
|
| 156 | 8846 | acydburn | return $host; |
| 157 | 8846 | acydburn | } |
| 158 | 8846 | acydburn | |
| 159 | 8846 | acydburn | // Is the host actually a IP? If so, we use the IP... (IPv4)
|
| 160 | 8846 | acydburn | if (long2ip(ip2long($host)) === $host) |
| 161 | 8846 | acydburn | {
|
| 162 | 8846 | acydburn | return $host; |
| 163 | 8846 | acydburn | } |
| 164 | 8846 | acydburn | |
| 165 | 8846 | acydburn | // Now return the hostname (this also removes any port definition). The http:// is prepended to construct a valid URL, hosts never have a scheme assigned
|
| 166 | 8846 | acydburn | $host = @parse_url('http://' . $host); |
| 167 | 8846 | acydburn | $host = (!empty($host['host'])) ? $host['host'] : ''; |
| 168 | 8846 | acydburn | |
| 169 | 8846 | acydburn | // Remove any portions not removed by parse_url (#)
|
| 170 | 8846 | acydburn | $host = str_replace('#', '', $host); |
| 171 | 8846 | acydburn | |
| 172 | 8846 | acydburn | // If, by any means, the host is now empty, we will use a "best approach" way to guess one
|
| 173 | 8846 | acydburn | if (empty($host)) |
| 174 | 8846 | acydburn | {
|
| 175 | 8846 | acydburn | if (!empty($config['server_name'])) |
| 176 | 8846 | acydburn | {
|
| 177 | 8846 | acydburn | $host = $config['server_name']; |
| 178 | 8846 | acydburn | } |
| 179 | 8846 | acydburn | else if (!empty($config['cookie_domain'])) |
| 180 | 8846 | acydburn | {
|
| 181 | 8848 | acydburn | $host = (strpos($config['cookie_domain'], '.') === 0) ? substr($config['cookie_domain'], 1) : $config['cookie_domain']; |
| 182 | 8846 | acydburn | } |
| 183 | 8846 | acydburn | else
|
| 184 | 8846 | acydburn | {
|
| 185 | 8846 | acydburn | // Set to OS hostname or localhost
|
| 186 | 10178 | acydburn | $host = (function_exists('php_uname')) ? php_uname('n') : 'localhost'; |
| 187 | 8846 | acydburn | } |
| 188 | 8846 | acydburn | } |
| 189 | 8846 | acydburn | |
| 190 | 8846 | acydburn | // It may be still no valid host, but for sure only a hostname (we may further expand on the cookie domain... if set)
|
| 191 | 8846 | acydburn | return $host; |
| 192 | 8846 | acydburn | } |
| 193 | 8846 | acydburn | |
| 194 | 8846 | acydburn | /**
|
| 195 | 5175 | psotfx | * Start session management |
| 196 | 5175 | psotfx | * |
| 197 | 5175 | psotfx | * This is where all session activity begins. We gather various pieces of |
| 198 | 5175 | psotfx | * information from the client and server. We test to see if a session already |
| 199 | 7890 | naderman | * exists. If it does, fine and dandy. If it doesn't we'll go on to create a |
| 200 | 5175 | psotfx | * new one ... pretty logical heh? We also examine the system load (if we're |
| 201 | 5175 | psotfx | * running on a system which makes such information readily available) and |
| 202 | 5175 | psotfx | * halt if it's above an admin definable limit. |
| 203 | 5175 | psotfx | * |
| 204 | 6048 | acydburn | * @param bool $update_session_page if true the session page gets updated. |
| 205 | 6048 | acydburn | * This can be set to circumvent certain scripts to update the users last visited page. |
| 206 | 5175 | psotfx | */ |
| 207 | 6271 | acydburn | function session_begin($update_session_page = true) |
| 208 | 2661 | psotfx | {
|
| 209 | 7860 | acydburn | global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path; |
| 210 | 10892 | git-gate | global $request; |
| 211 | 2661 | psotfx | |
| 212 | 6650 | acydburn | // Give us some basic information
|
| 213 | 6048 | acydburn | $this->time_now = time(); |
| 214 | 6048 | acydburn | $this->cookie_data = array('u' => 0, 'k' => ''); |
| 215 | 6048 | acydburn | $this->update_session_page = $update_session_page; |
| 216 | 11368 | git-gate | $this->browser = $request->header('User-Agent'); |
| 217 | 11368 | git-gate | $this->referer = $request->header('Referer'); |
| 218 | 11368 | git-gate | $this->forwarded_for = $request->header('X-Forwarded-For'); |
| 219 | 8636 | acydburn | |
| 220 | 8846 | acydburn | $this->host = $this->extract_current_hostname(); |
| 221 | 6048 | acydburn | $this->page = $this->extract_current_page($phpbb_root_path); |
| 222 | 5237 | acydburn | |
| 223 | 6740 | naderman | // if the forwarded for header shall be checked we have to validate its contents
|
| 224 | 6740 | naderman | if ($config['forwarded_for_check']) |
| 225 | 6740 | naderman | {
|
| 226 | 11201 | git-gate | $this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for)); |
| 227 | 6740 | naderman | |
| 228 | 6740 | naderman | // split the list of IPs
|
| 229 | 10019 | acydburn | $ips = explode(' ', $this->forwarded_for); |
| 230 | 6740 | naderman | foreach ($ips as $ip) |
| 231 | 6740 | naderman | {
|
| 232 | 6740 | naderman | // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
|
| 233 | 8094 | acydburn | if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) |
| 234 | 6740 | naderman | {
|
| 235 | 7076 | naderman | // contains invalid data, don't use the forwarded for header
|
| 236 | 7076 | naderman | $this->forwarded_for = ''; |
| 237 | 7076 | naderman | break;
|
| 238 | 6740 | naderman | } |
| 239 | 6740 | naderman | } |
| 240 | 6740 | naderman | } |
| 241 | 8375 | Kellanved | else
|
| 242 | 8375 | Kellanved | {
|
| 243 | 8375 | Kellanved | $this->forwarded_for = ''; |
| 244 | 8375 | Kellanved | } |
| 245 | 6740 | naderman | |
| 246 | 10892 | git-gate | if ($request->is_set($config['cookie_name'] . '_sid', phpbb_request_interface::COOKIE) || $request->is_set($config['cookie_name'] . '_u', phpbb_request_interface::COOKIE)) |
| 247 | 2661 | psotfx | {
|
| 248 | 6423 | grahamje | $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true); |
| 249 | 6423 | grahamje | $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true); |
| 250 | 6423 | grahamje | $this->session_id = request_var($config['cookie_name'] . '_sid', '', false, true); |
| 251 | 6015 | acydburn | |
| 252 | 3338 | ludovic_arnaud | $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; |
| 253 | 6015 | acydburn | $_SID = (defined('NEED_SID')) ? $this->session_id : ''; |
| 254 | 6248 | acydburn | |
| 255 | 6248 | acydburn | if (empty($this->session_id)) |
| 256 | 6248 | acydburn | {
|
| 257 | 6248 | acydburn | $this->session_id = $_SID = request_var('sid', ''); |
| 258 | 6248 | acydburn | $SID = '?sid=' . $this->session_id; |
| 259 | 6248 | acydburn | $this->cookie_data = array('u' => 0, 'k' => ''); |
| 260 | 6248 | acydburn | } |
| 261 | 2661 | psotfx | } |
| 262 | 2661 | psotfx | else
|
| 263 | 2661 | psotfx | {
|
| 264 | 6015 | acydburn | $this->session_id = $_SID = request_var('sid', ''); |
| 265 | 2828 | psotfx | $SID = '?sid=' . $this->session_id; |
| 266 | 2661 | psotfx | } |
| 267 | 6048 | acydburn | |
| 268 | 7860 | acydburn | $_EXTRA_URL = array(); |
| 269 | 7860 | acydburn | |
| 270 | 5182 | psotfx | // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
|
| 271 | 5182 | psotfx | // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
|
| 272 | 11368 | git-gate | $this->ip = htmlspecialchars_decode($request->server('REMOTE_ADDR')); |
| 273 | 11201 | git-gate | $this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip)); |
| 274 | 10020 | acydburn | |
| 275 | 10020 | acydburn | // split the list of IPs
|
| 276 | 11201 | git-gate | $ips = explode(' ', trim($this->ip)); |
| 277 | 10020 | acydburn | |
| 278 | 10020 | acydburn | // Default IP if REMOTE_ADDR is invalid
|
| 279 | 10020 | acydburn | $this->ip = '127.0.0.1'; |
| 280 | 10020 | acydburn | |
| 281 | 10020 | acydburn | foreach ($ips as $ip) |
| 282 | 10020 | acydburn | {
|
| 283 | 10905 | git-gate | if (function_exists('phpbb_ip_normalise')) |
| 284 | 10905 | git-gate | {
|
| 285 | 10905 | git-gate | // Normalise IP address
|
| 286 | 10905 | git-gate | $ip = phpbb_ip_normalise($ip); |
| 287 | 10905 | git-gate | |
| 288 | 10905 | git-gate | if (empty($ip)) |
| 289 | 10905 | git-gate | {
|
| 290 | 10905 | git-gate | // IP address is invalid.
|
| 291 | 10905 | git-gate | break;
|
| 292 | 10905 | git-gate | } |
| 293 | 10905 | git-gate | |
| 294 | 10905 | git-gate | // IP address is valid.
|
| 295 | 10905 | git-gate | $this->ip = $ip; |
| 296 | 10905 | git-gate | |
| 297 | 10905 | git-gate | // Skip legacy code.
|
| 298 | 10905 | git-gate | continue;
|
| 299 | 10905 | git-gate | } |
| 300 | 10905 | git-gate | |
| 301 | 11201 | git-gate | if (preg_match(get_preg_expression('ipv4'), $ip)) |
| 302 | 10020 | acydburn | {
|
| 303 | 11201 | git-gate | $this->ip = $ip; |
| 304 | 10020 | acydburn | } |
| 305 | 11201 | git-gate | else if (preg_match(get_preg_expression('ipv6'), $ip)) |
| 306 | 10794 | git-gate | {
|
| 307 | 11201 | git-gate | // Quick check for IPv4-mapped address in IPv6
|
| 308 | 11201 | git-gate | if (stripos($ip, '::ffff:') === 0) |
| 309 | 11201 | git-gate | {
|
| 310 | 11201 | git-gate | $ipv4 = substr($ip, 7); |
| 311 | 10794 | git-gate | |
| 312 | 11201 | git-gate | if (preg_match(get_preg_expression('ipv4'), $ipv4)) |
| 313 | 11201 | git-gate | {
|
| 314 | 11201 | git-gate | $ip = $ipv4; |
| 315 | 11201 | git-gate | } |
| 316 | 10794 | git-gate | } |
| 317 | 11201 | git-gate | |
| 318 | 11201 | git-gate | $this->ip = $ip; |
| 319 | 10794 | git-gate | } |
| 320 | 11201 | git-gate | else
|
| 321 | 11201 | git-gate | {
|
| 322 | 11201 | git-gate | // We want to use the last valid address in the chain
|
| 323 | 11201 | git-gate | // Leave foreach loop when address is invalid
|
| 324 | 11201 | git-gate | break;
|
| 325 | 11201 | git-gate | } |
| 326 | 10020 | acydburn | } |
| 327 | 10020 | acydburn | |
| 328 | 5902 | acydburn | $this->load = false; |
| 329 | 5902 | acydburn | |
| 330 | 2661 | psotfx | // Load limit check (if applicable)
|
| 331 | 7451 | acydburn | if ($config['limit_load'] || $config['limit_search_load']) |
| 332 | 2661 | psotfx | {
|
| 333 | 8509 | davidmj | if ((function_exists('sys_getloadavg') && $load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg')))) |
| 334 | 2661 | psotfx | {
|
| 335 | 8509 | davidmj | $this->load = array_slice($load, 0, 1); |
| 336 | 6228 | acydburn | $this->load = floatval($this->load[0]); |
| 337 | 2661 | psotfx | } |
| 338 | 5858 | acydburn | else
|
| 339 | 5858 | acydburn | {
|
| 340 | 5858 | acydburn | set_config('limit_load', '0'); |
| 341 | 7451 | acydburn | set_config('limit_search_load', '0'); |
| 342 | 5858 | acydburn | } |
| 343 | 2661 | psotfx | } |
| 344 | 5815 | naderman | |
| 345 | 5175 | psotfx | // Is session_id is set or session_id is set and matches the url param if required
|
| 346 | 10801 | git-gate | if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === request_var('sid', '')))) |
| 347 | 2661 | psotfx | {
|
| 348 | 5064 | acydburn | $sql = 'SELECT u.*, s.* |
| 349 | 5064 | acydburn | FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u |
| 350 | 4429 | psotfx | WHERE s.session_id = '" . $db->sql_escape($this->session_id) . "' |
| 351 | 5064 | acydburn | AND u.user_id = s.session_user_id";
|
| 352 | 2661 | psotfx | $result = $db->sql_query($sql); |
| 353 | 2958 | psotfx | $this->data = $db->sql_fetchrow($result); |
| 354 | 2828 | psotfx | $db->sql_freeresult($result); |
| 355 | 2661 | psotfx | |
| 356 | 2661 | psotfx | // Did the session exist in the DB?
|
| 357 | 2997 | psotfx | if (isset($this->data['user_id'])) |
| 358 | 2661 | psotfx | {
|
| 359 | 5175 | psotfx | // Validate IP length according to admin ... enforces an IP
|
| 360 | 5175 | psotfx | // check on bots if admin requires this
|
| 361 | 5237 | acydburn | // $quadcheck = ($config['ip_check_bot'] && $this->data['user_type'] & USER_BOT) ? 4 : $config['ip_check'];
|
| 362 | 2661 | psotfx | |
| 363 | 7559 | naderman | if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false) |
| 364 | 7559 | naderman | {
|
| 365 | 7559 | naderman | $s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']); |
| 366 | 7559 | naderman | $u_ip = short_ipv6($this->ip, $config['ip_check']); |
| 367 | 7559 | naderman | } |
| 368 | 7559 | naderman | else
|
| 369 | 7559 | naderman | {
|
| 370 | 7559 | naderman | $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check'])); |
| 371 | 7559 | naderman | $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); |
| 372 | 7559 | naderman | } |
| 373 | 7559 | naderman | |
| 374 | 8343 | acydburn | $s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : ''; |
| 375 | 8343 | acydburn | $u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : ''; |
| 376 | 3710 | psotfx | |
| 377 | 6744 | naderman | $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; |
| 378 | 6740 | naderman | $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; |
| 379 | 8565 | acydburn | |
| 380 | 8554 | Kellanved | // referer checks
|
| 381 | 8565 | acydburn | // The @ before $config['referer_validation'] suppresses notices present while running the updater
|
| 382 | 8565 | acydburn | $check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH); |
| 383 | 8554 | Kellanved | $referer_valid = true; |
| 384 | 8565 | acydburn | |
| 385 | 8557 | Kellanved | // we assume HEAD and TRACE to be foul play and thus only whitelist GET
|
| 386 | 11368 | git-gate | if (@$config['referer_validation'] && strtolower($request->server('REQUEST_METHOD')) !== 'get') |
| 387 | 8554 | Kellanved | {
|
| 388 | 8554 | Kellanved | $referer_valid = $this->validate_referer($check_referer_path); |
| 389 | 8554 | Kellanved | } |
| 390 | 6740 | naderman | |
| 391 | 8554 | Kellanved | if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid) |
| 392 | 2923 | psotfx | {
|
| 393 | 5765 | acydburn | $session_expired = false; |
| 394 | 5815 | naderman | |
| 395 | 5815 | naderman | // Check whether the session is still valid if we have one
|
| 396 | 6048 | acydburn | $method = basename(trim($config['auth_method'])); |
| 397 | 6228 | acydburn | include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); |
| 398 | 5815 | naderman | |
| 399 | 6228 | acydburn | $method = 'validate_session_' . $method; |
| 400 | 6228 | acydburn | if (function_exists($method)) |
| 401 | 2661 | psotfx | {
|
| 402 | 6228 | acydburn | if (!$method($this->data)) |
| 403 | 5765 | acydburn | {
|
| 404 | 6228 | acydburn | $session_expired = true; |
| 405 | 5765 | acydburn | } |
| 406 | 2661 | psotfx | } |
| 407 | 5815 | naderman | |
| 408 | 5815 | naderman | if (!$session_expired) |
| 409 | 5765 | acydburn | {
|
| 410 | 5815 | naderman | // Check the session length timeframe if autologin is not enabled.
|
| 411 | 5815 | naderman | // Else check the autologin length... and also removing those having autologin enabled but no longer allowed board-wide.
|
| 412 | 5815 | naderman | if (!$this->data['session_autologin']) |
| 413 | 5815 | naderman | {
|
| 414 | 5815 | naderman | if ($this->data['session_time'] < $this->time_now - ($config['session_length'] + 60)) |
| 415 | 5815 | naderman | {
|
| 416 | 5815 | naderman | $session_expired = true; |
| 417 | 5815 | naderman | } |
| 418 | 5815 | naderman | } |
| 419 | 5815 | naderman | else if (!$config['allow_autologin'] || ($config['max_autologin_time'] && $this->data['session_time'] < $this->time_now - (86400 * (int) $config['max_autologin_time']) + 60)) |
| 420 | 5815 | naderman | {
|
| 421 | 5815 | naderman | $session_expired = true; |
| 422 | 5815 | naderman | } |
| 423 | 5765 | acydburn | } |
| 424 | 5765 | acydburn | |
| 425 | 5765 | acydburn | if (!$session_expired) |
| 426 | 5765 | acydburn | {
|
| 427 | 5765 | acydburn | // Only update session DB a minute or so after last update or if page changes
|
| 428 | 6048 | acydburn | if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) |
| 429 | 5765 | acydburn | {
|
| 430 | 6048 | acydburn | $sql_ary = array('session_time' => $this->time_now); |
| 431 | 6048 | acydburn | |
| 432 | 6048 | acydburn | if ($this->update_session_page) |
| 433 | 6048 | acydburn | {
|
| 434 | 6048 | acydburn | $sql_ary['session_page'] = substr($this->page['page'], 0, 199); |
| 435 | 8436 | Kellanved | $sql_ary['session_forum_id'] = $this->page['forum']; |
| 436 | 6048 | acydburn | } |
| 437 | 6048 | acydburn | |
| 438 | 8475 | acydburn | $db->sql_return_on_error(true); |
| 439 | 8475 | acydburn | |
| 440 | 10899 | git-gate | $this->update_session($sql_ary); |
| 441 | 8475 | acydburn | |
| 442 | 8475 | acydburn | $db->sql_return_on_error(false); |
| 443 | 8475 | acydburn | |
| 444 | 8475 | acydburn | // If the database is not yet updated, there will be an error due to the session_forum_id
|
| 445 | 8475 | acydburn | // @todo REMOVE for 3.0.2
|
| 446 | 8475 | acydburn | if ($result === false) |
| 447 | 8475 | acydburn | {
|
| 448 | 8475 | acydburn | unset($sql_ary['session_forum_id']); |
| 449 | 8475 | acydburn | |
| 450 | 10899 | git-gate | $this->update_session($sql_ary); |
| 451 | 8475 | acydburn | } |
| 452 | 9636 | acydburn | |
| 453 | 9636 | acydburn | if ($this->data['user_id'] != ANONYMOUS && !empty($config['new_member_post_limit']) && $this->data['user_new'] && $config['new_member_post_limit'] <= $this->data['user_posts']) |
| 454 | 9636 | acydburn | {
|
| 455 | 9636 | acydburn | $this->leave_newly_registered();
|
| 456 | 9636 | acydburn | } |
| 457 | 5765 | acydburn | } |
| 458 | 5765 | acydburn | |
| 459 | 5765 | acydburn | $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; |
| 460 | 5765 | acydburn | $this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false; |
| 461 | 7879 | kellanved | $this->data['user_lang'] = basename($this->data['user_lang']); |
| 462 | 7890 | naderman | |
| 463 | 5765 | acydburn | return true; |
| 464 | 5765 | acydburn | } |
| 465 | 2661 | psotfx | } |
| 466 | 5765 | acydburn | else
|
| 467 | 5765 | acydburn | {
|
| 468 | 5765 | acydburn | // Added logging temporarly to help debug bugs...
|
| 469 | 7946 | acydburn | if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS) |
| 470 | 6436 | acydburn | {
|
| 471 | 8554 | Kellanved | if ($referer_valid) |
| 472 | 8554 | Kellanved | {
|
| 473 | 8554 | Kellanved | add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); |
| 474 | 8554 | Kellanved | } |
| 475 | 8554 | Kellanved | else
|
| 476 | 8554 | Kellanved | {
|
| 477 | 8554 | Kellanved | add_log('critical', 'LOG_REFERER_INVALID', $this->referer); |
| 478 | 8554 | Kellanved | } |
| 479 | 6436 | acydburn | } |
| 480 | 5765 | acydburn | } |
| 481 | 2661 | psotfx | } |
| 482 | 2661 | psotfx | } |
| 483 | 2661 | psotfx | |
| 484 | 5175 | psotfx | // If we reach here then no (valid) session exists. So we'll create a new one
|
| 485 | 5175 | psotfx | return $this->session_create(); |
| 486 | 2661 | psotfx | } |
| 487 | 7890 | naderman | |
| 488 | 5175 | psotfx | /**
|
| 489 | 5175 | psotfx | * Create a new session |
| 490 | 5175 | psotfx | * |
| 491 | 5175 | psotfx | * If upon trying to start a session we discover there is nothing existing we |
| 492 | 5175 | psotfx | * jump here. Additionally this method is called directly during login to regenerate |
| 493 | 5175 | psotfx | * the session for the specific user. In this method we carry out a number of tasks; |
| 494 | 5175 | psotfx | * garbage collection, (search)bot checking, banned user comparison. Basically |
| 495 | 5175 | psotfx | * though this method will result in a new session for a specific user. |
| 496 | 5175 | psotfx | */ |
| 497 | 5175 | psotfx | function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true) |
| 498 | 2661 | psotfx | {
|
| 499 | 6015 | acydburn | global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx; |
| 500 | 2661 | psotfx | |
| 501 | 5175 | psotfx | $this->data = array(); |
| 502 | 6048 | acydburn | |
| 503 | 5929 | acydburn | /* Garbage collection ... remove old sessions updating user information
|
| 504 | 5175 | psotfx | // if necessary. It means (potentially) 11 queries but only infrequently |
| 505 | 5175 | psotfx | if ($this->time_now > $config['session_last_gc'] + $config['session_gc']) |
| 506 | 5175 | psotfx | {
|
| 507 | 5175 | psotfx | $this->session_gc(); |
| 508 | 5929 | acydburn | }*/ |
| 509 | 6048 | acydburn | |
| 510 | 5175 | psotfx | // Do we allow autologin on this board? No? Then override anything
|
| 511 | 5175 | psotfx | // that may be requested here
|
| 512 | 5175 | psotfx | if (!$config['allow_autologin']) |
| 513 | 5175 | psotfx | {
|
| 514 | 5175 | psotfx | $this->cookie_data['k'] = $persist_login = false; |
| 515 | 5175 | psotfx | } |
| 516 | 5175 | psotfx | |
| 517 | 5175 | psotfx | /**
|
| 518 | 5175 | psotfx | * Here we do a bot check, oh er saucy! No, not that kind of bot |
| 519 | 5175 | psotfx | * check. We loop through the list of bots defined by the admin and |
| 520 | 5175 | psotfx | * see if we have any useragent and/or IP matches. If we do, this is a |
| 521 | 5175 | psotfx | * bot, act accordingly |
| 522 | 7890 | naderman | */ |
| 523 | 4603 | psotfx | $bot = false; |
| 524 | 6572 | acydburn | $active_bots = $cache->obtain_bots(); |
| 525 | 5237 | acydburn | |
| 526 | 5140 | acydburn | foreach ($active_bots as $row) |
| 527 | 2954 | ludovic_arnaud | {
|
| 528 | 8131 | acydburn | if ($row['bot_agent'] && preg_match('#' . str_replace('\*', '.*?', preg_quote($row['bot_agent'], '#')) . '#i', $this->browser)) |
| 529 | 4603 | psotfx | {
|
| 530 | 4603 | psotfx | $bot = $row['user_id']; |
| 531 | 4603 | psotfx | } |
| 532 | 6048 | acydburn | |
| 533 | 5710 | acydburn | // If ip is supplied, we will make sure the ip is matching too...
|
| 534 | 5710 | acydburn | if ($row['bot_ip'] && ($bot || !$row['bot_agent'])) |
| 535 | 4603 | psotfx | {
|
| 536 | 5710 | acydburn | // Set bot to false, then we only have to set it to true if it is matching
|
| 537 | 5710 | acydburn | $bot = false; |
| 538 | 5710 | acydburn | |
| 539 | 4603 | psotfx | foreach (explode(',', $row['bot_ip']) as $bot_ip) |
| 540 | 4603 | psotfx | {
|
| 541 | 9374 | acydburn | $bot_ip = trim($bot_ip); |
| 542 | 9374 | acydburn | |
| 543 | 9374 | acydburn | if (!$bot_ip) |
| 544 | 9374 | acydburn | {
|
| 545 | 9374 | acydburn | continue;
|
| 546 | 9374 | acydburn | } |
| 547 | 9374 | acydburn | |
| 548 | 4603 | psotfx | if (strpos($this->ip, $bot_ip) === 0) |
| 549 | 4603 | psotfx | {
|
| 550 | 5175 | psotfx | $bot = (int) $row['user_id']; |
| 551 | 4603 | psotfx | break;
|
| 552 | 4603 | psotfx | } |
| 553 | 4603 | psotfx | } |
| 554 | 4603 | psotfx | } |
| 555 | 2833 | psotfx | |
| 556 | 4603 | psotfx | if ($bot) |
| 557 | 2954 | ludovic_arnaud | {
|
| 558 | 4603 | psotfx | break;
|
| 559 | 2954 | ludovic_arnaud | } |
| 560 | 2661 | psotfx | } |
| 561 | 5815 | naderman | |
| 562 | 6048 | acydburn | $method = basename(trim($config['auth_method'])); |
| 563 | 6228 | acydburn | include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); |
| 564 | 5815 | naderman | |
| 565 | 6228 | acydburn | $method = 'autologin_' . $method; |
| 566 | 6228 | acydburn | if (function_exists($method)) |
| 567 | 5815 | naderman | {
|
| 568 | 6228 | acydburn | $this->data = $method(); |
| 569 | 5815 | naderman | |
| 570 | 6228 | acydburn | if (sizeof($this->data)) |
| 571 | 5815 | naderman | {
|
| 572 | 6228 | acydburn | $this->cookie_data['k'] = ''; |
| 573 | 6228 | acydburn | $this->cookie_data['u'] = $this->data['user_id']; |
| 574 | 5815 | naderman | } |
| 575 | 5815 | naderman | } |
| 576 | 5815 | naderman | |
| 577 | 5175 | psotfx | // If we're presented with an autologin key we'll join against it.
|
| 578 | 5175 | psotfx | // Else if we've been passed a user_id we'll grab data based on that
|
| 579 | 5815 | naderman | if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) |
| 580 | 5175 | psotfx | {
|
| 581 | 7890 | naderman | $sql = 'SELECT u.* |
| 582 | 5175 | psotfx | FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k |
| 583 | 5182 | psotfx | WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' |
| 584 | 6436 | acydburn | AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") |
| 585 | 5175 | psotfx | AND k.user_id = u.user_id |
| 586 | 5288 | grahamje | AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; |
| 587 | 5175 | psotfx | $result = $db->sql_query($sql); |
| 588 | 5175 | psotfx | $this->data = $db->sql_fetchrow($result); |
| 589 | 5175 | psotfx | $db->sql_freeresult($result); |
| 590 | 7785 | kellanved | $bot = false; |
| 591 | 2923 | psotfx | } |
| 592 | 5815 | naderman | else if ($user_id !== false && !sizeof($this->data)) |
| 593 | 2661 | psotfx | {
|
| 594 | 5175 | psotfx | $this->cookie_data['k'] = ''; |
| 595 | 5175 | psotfx | $this->cookie_data['u'] = $user_id; |
| 596 | 5038 | acydburn | |
| 597 | 5064 | acydburn | $sql = 'SELECT * |
| 598 | 5064 | acydburn | FROM ' . USERS_TABLE . ' |
| 599 | 5182 | psotfx | WHERE user_id = ' . (int) $this->cookie_data['u'] . ' |
| 600 | 6436 | acydburn | AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; |
| 601 | 5038 | acydburn | $result = $db->sql_query($sql); |
| 602 | 5038 | acydburn | $this->data = $db->sql_fetchrow($result); |
| 603 | 5038 | acydburn | $db->sql_freeresult($result); |
| 604 | 7785 | kellanved | $bot = false; |
| 605 | 2661 | psotfx | } |
| 606 | 7890 | naderman | |
| 607 | 10997 | git-gate | // Bot user, if they have a SID in the Request URI we need to get rid of it
|
| 608 | 10997 | git-gate | // otherwise they'll index this page with the SID, duplicate content oh my!
|
| 609 | 10997 | git-gate | if ($bot && isset($_GET['sid'])) |
| 610 | 10997 | git-gate | {
|
| 611 | 11208 | git-gate | send_status_line(301, 'Moved Permanently'); |
| 612 | 10997 | git-gate | redirect(build_url(array('sid'))); |
| 613 | 10997 | git-gate | } |
| 614 | 10997 | git-gate | |
| 615 | 6915 | acydburn | // If no data was returned one or more of the following occurred:
|
| 616 | 5175 | psotfx | // Key didn't match one in the DB
|
| 617 | 5175 | psotfx | // User does not exist
|
| 618 | 5175 | psotfx | // User is inactive
|
| 619 | 5175 | psotfx | // User is bot
|
| 620 | 5188 | psotfx | if (!sizeof($this->data) || !is_array($this->data)) |
| 621 | 4603 | psotfx | {
|
| 622 | 5175 | psotfx | $this->cookie_data['k'] = ''; |
| 623 | 5175 | psotfx | $this->cookie_data['u'] = ($bot) ? $bot : ANONYMOUS; |
| 624 | 4603 | psotfx | |
| 625 | 6364 | acydburn | if (!$bot) |
| 626 | 6364 | acydburn | {
|
| 627 | 6364 | acydburn | $sql = 'SELECT * |
| 628 | 6364 | acydburn | FROM ' . USERS_TABLE . ' |
| 629 | 6364 | acydburn | WHERE user_id = ' . (int) $this->cookie_data['u']; |
| 630 | 6364 | acydburn | } |
| 631 | 6364 | acydburn | else
|
| 632 | 6364 | acydburn | {
|
| 633 | 6364 | acydburn | // We give bots always the same session if it is not yet expired.
|
| 634 | 6364 | acydburn | $sql = 'SELECT u.*, s.* |
| 635 | 6364 | acydburn | FROM ' . USERS_TABLE . ' u |
| 636 | 6364 | acydburn | LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) |
| 637 | 6364 | acydburn | WHERE u.user_id = ' . (int) $bot; |
| 638 | 6364 | acydburn | } |
| 639 | 6364 | acydburn | |
| 640 | 4603 | psotfx | $result = $db->sql_query($sql); |
| 641 | 5175 | psotfx | $this->data = $db->sql_fetchrow($result); |
| 642 | 4603 | psotfx | $db->sql_freeresult($result); |
| 643 | 4603 | psotfx | } |
| 644 | 4603 | psotfx | |
| 645 | 6149 | acydburn | if ($this->data['user_id'] != ANONYMOUS && !$bot) |
| 646 | 3269 | psotfx | {
|
| 647 | 5197 | acydburn | $this->data['session_last_visit'] = (isset($this->data['session_time']) && $this->data['session_time']) ? $this->data['session_time'] : (($this->data['user_lastvisit']) ? $this->data['user_lastvisit'] : time()); |
| 648 | 5175 | psotfx | } |
| 649 | 5175 | psotfx | else
|
| 650 | 5175 | psotfx | {
|
| 651 | 5765 | acydburn | $this->data['session_last_visit'] = $this->time_now; |
| 652 | 5643 | acydburn | } |
| 653 | 3802 | psotfx | |
| 654 | 6475 | acydburn | // Force user id to be integer...
|
| 655 | 6475 | acydburn | $this->data['user_id'] = (int) $this->data['user_id']; |
| 656 | 6475 | acydburn | |
| 657 | 5175 | psotfx | // At this stage we should have a filled data array, defined cookie u and k data.
|
| 658 | 5175 | psotfx | // data array should contain recent session info if we're a real user and a recent
|
| 659 | 5175 | psotfx | // session exists in which case session_id will also be set
|
| 660 | 4950 | psotfx | |
| 661 | 5175 | psotfx | // Is user banned? Are they excluded? Won't return on ban, exists within method
|
| 662 | 5175 | psotfx | if ($this->data['user_type'] != USER_FOUNDER) |
| 663 | 5175 | psotfx | {
|
| 664 | 6740 | naderman | if (!$config['forwarded_for_check']) |
| 665 | 6740 | naderman | {
|
| 666 | 6740 | naderman | $this->check_ban($this->data['user_id'], $this->ip); |
| 667 | 6740 | naderman | } |
| 668 | 6740 | naderman | else
|
| 669 | 6740 | naderman | {
|
| 670 | 10019 | acydburn | $ips = explode(' ', $this->forwarded_for); |
| 671 | 6740 | naderman | $ips[] = $this->ip; |
| 672 | 6740 | naderman | $this->check_ban($this->data['user_id'], $ips); |
| 673 | 6740 | naderman | } |
| 674 | 3267 | psotfx | } |
| 675 | 6048 | acydburn | |
| 676 | 6436 | acydburn | $this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; |
| 677 | 5117 | acydburn | $this->data['is_bot'] = ($bot) ? true : false; |
| 678 | 5765 | acydburn | |
| 679 | 6364 | acydburn | // If our friend is a bot, we re-assign a previously assigned session
|
| 680 | 6475 | acydburn | if ($this->data['is_bot'] && $bot == $this->data['user_id'] && $this->data['session_id']) |
| 681 | 6364 | acydburn | {
|
| 682 | 6740 | naderman | // Only assign the current session if the ip, browser and forwarded_for match...
|
| 683 | 7559 | naderman | if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false) |
| 684 | 7559 | naderman | {
|
| 685 | 7559 | naderman | $s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']); |
| 686 | 7559 | naderman | $u_ip = short_ipv6($this->ip, $config['ip_check']); |
| 687 | 7559 | naderman | } |
| 688 | 7559 | naderman | else
|
| 689 | 7559 | naderman | {
|
| 690 | 7559 | naderman | $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check'])); |
| 691 | 7559 | naderman | $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); |
| 692 | 7559 | naderman | } |
| 693 | 6364 | acydburn | |
| 694 | 8343 | acydburn | $s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : ''; |
| 695 | 8343 | acydburn | $u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : ''; |
| 696 | 6364 | acydburn | |
| 697 | 6740 | naderman | $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; |
| 698 | 6740 | naderman | $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; |
| 699 | 6740 | naderman | |
| 700 | 6740 | naderman | if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for) |
| 701 | 6364 | acydburn | {
|
| 702 | 6364 | acydburn | $this->session_id = $this->data['session_id']; |
| 703 | 6364 | acydburn | |
| 704 | 6364 | acydburn | // Only update session DB a minute or so after last update or if page changes
|
| 705 | 6364 | acydburn | if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) |
| 706 | 6364 | acydburn | {
|
| 707 | 6584 | acydburn | $this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now; |
| 708 | 6584 | acydburn | |
| 709 | 6364 | acydburn | $sql_ary = array('session_time' => $this->time_now, 'session_last_visit' => $this->time_now, 'session_admin' => 0); |
| 710 | 6364 | acydburn | |
| 711 | 6364 | acydburn | if ($this->update_session_page) |
| 712 | 6364 | acydburn | {
|
| 713 | 6364 | acydburn | $sql_ary['session_page'] = substr($this->page['page'], 0, 199); |
| 714 | 8436 | Kellanved | $sql_ary['session_forum_id'] = $this->page['forum']; |
| 715 | 6364 | acydburn | } |
| 716 | 6364 | acydburn | |
| 717 | 10899 | git-gate | $this->update_session($sql_ary); |
| 718 | 6584 | acydburn | |
| 719 | 6584 | acydburn | // Update the last visit time
|
| 720 | 6584 | acydburn | $sql = 'UPDATE ' . USERS_TABLE . ' |
| 721 | 6584 | acydburn | SET user_lastvisit = ' . (int) $this->data['session_time'] . ' |
| 722 | 6584 | acydburn | WHERE user_id = ' . (int) $this->data['user_id']; |
| 723 | 6584 | acydburn | $db->sql_query($sql); |
| 724 | 6364 | acydburn | } |
| 725 | 6364 | acydburn | |
| 726 | 6364 | acydburn | $SID = '?sid='; |
| 727 | 6364 | acydburn | $_SID = ''; |
| 728 | 6364 | acydburn | return true; |
| 729 | 6364 | acydburn | } |
| 730 | 6364 | acydburn | else
|
| 731 | 6364 | acydburn | {
|
| 732 | 6364 | acydburn | // If the ip and browser does not match make sure we only have one bot assigned to one session
|
| 733 | 6364 | acydburn | $db->sql_query('DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . $this->data['user_id']); |
| 734 | 6364 | acydburn | } |
| 735 | 6364 | acydburn | } |
| 736 | 6364 | acydburn | |
| 737 | 5765 | acydburn | $session_autologin = (($this->cookie_data['k'] || $persist_login) && $this->data['is_registered']) ? true : false; |
| 738 | 6436 | acydburn | $set_admin = ($set_admin && $this->data['is_registered']) ? true : false; |
| 739 | 5765 | acydburn | |
| 740 | 2661 | psotfx | // Create or update the session
|
| 741 | 4970 | psotfx | $sql_ary = array( |
| 742 | 5175 | psotfx | 'session_user_id' => (int) $this->data['user_id'], |
| 743 | 5175 | psotfx | 'session_start' => (int) $this->time_now, |
| 744 | 4970 | psotfx | 'session_last_visit' => (int) $this->data['session_last_visit'], |
| 745 | 5175 | psotfx | 'session_time' => (int) $this->time_now, |
| 746 | 8343 | acydburn | 'session_browser' => (string) trim(substr($this->browser, 0, 149)), |
| 747 | 6740 | naderman | 'session_forwarded_for' => (string) $this->forwarded_for, |
| 748 | 4977 | psotfx | 'session_ip' => (string) $this->ip, |
| 749 | 5765 | acydburn | 'session_autologin' => ($session_autologin) ? 1 : 0, |
| 750 | 5197 | acydburn | 'session_admin' => ($set_admin) ? 1 : 0, |
| 751 | 5197 | acydburn | 'session_viewonline' => ($viewonline) ? 1 : 0, |
| 752 | 4970 | psotfx | ); |
| 753 | 4970 | psotfx | |
| 754 | 6048 | acydburn | if ($this->update_session_page) |
| 755 | 6048 | acydburn | {
|
| 756 | 6048 | acydburn | $sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199); |
| 757 | 8436 | Kellanved | $sql_ary['session_forum_id'] = $this->page['forum']; |
| 758 | 6048 | acydburn | } |
| 759 | 6048 | acydburn | |
| 760 | 5175 | psotfx | $db->sql_return_on_error(true); |
| 761 | 5175 | psotfx | |
| 762 | 6257 | naderman | $sql = 'DELETE |
| 763 | 6257 | naderman | FROM ' . SESSIONS_TABLE . ' |
| 764 | 6257 | naderman | WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\' |
| 765 | 6257 | naderman | AND session_user_id = ' . ANONYMOUS; |
| 766 | 5388 | acydburn | |
| 767 | 7102 | acydburn | if (!defined('IN_ERROR_HANDLER') && (!$this->session_id || !$db->sql_query($sql) || !$db->sql_affectedrows())) |
| 768 | 2661 | psotfx | {
|
| 769 | 5175 | psotfx | // Limit new sessions in 1 minute period (if required)
|
| 770 | 7966 | acydburn | if (empty($this->data['session_time']) && $config['active_sessions']) |
| 771 | 5175 | psotfx | {
|
| 772 | 8441 | acydburn | // $db->sql_return_on_error(false);
|
| 773 | 8438 | acydburn | |
| 774 | 6048 | acydburn | $sql = 'SELECT COUNT(session_id) AS sessions |
| 775 | 5175 | psotfx | FROM ' . SESSIONS_TABLE . ' |
| 776 | 5175 | psotfx | WHERE session_time >= ' . ($this->time_now - 60); |
| 777 | 5175 | psotfx | $result = $db->sql_query($sql); |
| 778 | 5175 | psotfx | $row = $db->sql_fetchrow($result); |
| 779 | 5175 | psotfx | $db->sql_freeresult($result); |
| 780 | 6048 | acydburn | |
| 781 | 5175 | psotfx | if ((int) $row['sessions'] > (int) $config['active_sessions']) |
| 782 | 5175 | psotfx | {
|
| 783 | 10787 | git-gate | send_status_line(503, 'Service Unavailable'); |
| 784 | 5175 | psotfx | trigger_error('BOARD_UNAVAILABLE'); |
| 785 | 5175 | psotfx | } |
| 786 | 5175 | psotfx | } |
| 787 | 6257 | naderman | } |
| 788 | 6048 | acydburn | |
| 789 | 8438 | acydburn | // Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors.
|
| 790 | 8441 | acydburn | // Commented out because it will not allow forums to update correctly
|
| 791 | 8441 | acydburn | // $db->sql_return_on_error(false);
|
| 792 | 8438 | acydburn | |
| 793 | 9411 | acydburn | // Something quite important: session_page always holds the *last* page visited, except for the *first* visit.
|
| 794 | 9411 | acydburn | // We are not able to simply have an empty session_page btw, therefore we need to tell phpBB how to detect this special case.
|
| 795 | 9411 | acydburn | // If the session id is empty, we have a completely new one and will set an "identifier" here. This identifier is able to be checked later.
|
| 796 | 9411 | acydburn | if (empty($this->data['session_id'])) |
| 797 | 9411 | acydburn | {
|
| 798 | 9411 | acydburn | // This is a temporary variable, only set for the very first visit
|
| 799 | 9411 | acydburn | $this->data['session_created'] = true; |
| 800 | 9411 | acydburn | } |
| 801 | 9411 | acydburn | |
| 802 | 6257 | naderman | $this->session_id = $this->data['session_id'] = md5(unique_id()); |
| 803 | 2661 | psotfx | |
| 804 | 6257 | naderman | $sql_ary['session_id'] = (string) $this->session_id; |
| 805 | 6257 | naderman | $sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199); |
| 806 | 8436 | Kellanved | $sql_ary['session_forum_id'] = $this->page['forum']; |
| 807 | 4970 | psotfx | |
| 808 | 6257 | naderman | $sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); |
| 809 | 6257 | naderman | $db->sql_query($sql); |
| 810 | 6257 | naderman | |
| 811 | 8441 | acydburn | $db->sql_return_on_error(false); |
| 812 | 8441 | acydburn | |
| 813 | 5175 | psotfx | // Regenerate autologin/persistent login key
|
| 814 | 5765 | acydburn | if ($session_autologin) |
| 815 | 5175 | psotfx | {
|
| 816 | 5175 | psotfx | $this->set_login_key();
|
| 817 | 5175 | psotfx | } |
| 818 | 6048 | acydburn | |
| 819 | 7763 | kellanved | // refresh data
|
| 820 | 6248 | acydburn | $SID = '?sid=' . $this->session_id; |
| 821 | 6248 | acydburn | $_SID = $this->session_id; |
| 822 | 7763 | kellanved | $this->data = array_merge($this->data, $sql_ary); |
| 823 | 6048 | acydburn | |
| 824 | 4603 | psotfx | if (!$bot) |
| 825 | 4603 | psotfx | {
|
| 826 | 5186 | psotfx | $cookie_expire = $this->time_now + (($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000); |
| 827 | 6048 | acydburn | |
| 828 | 5186 | psotfx | $this->set_cookie('u', $this->cookie_data['u'], $cookie_expire); |
| 829 | 5186 | psotfx | $this->set_cookie('k', $this->cookie_data['k'], $cookie_expire); |
| 830 | 5339 | acydburn | $this->set_cookie('sid', $this->session_id, $cookie_expire); |
| 831 | 2661 | psotfx | |
| 832 | 5177 | psotfx | unset($cookie_expire); |
| 833 | 8348 | acydburn | |
| 834 | 8120 | kellanved | $sql = 'SELECT COUNT(session_id) AS sessions |
| 835 | 8120 | kellanved | FROM ' . SESSIONS_TABLE . ' |
| 836 | 8131 | acydburn | WHERE session_user_id = ' . (int) $this->data['user_id'] . ' |
| 837 | 8340 | Kellanved | AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime']))); |
| 838 | 8120 | kellanved | $result = $db->sql_query($sql); |
| 839 | 8120 | kellanved | $row = $db->sql_fetchrow($result); |
| 840 | 8120 | kellanved | $db->sql_freeresult($result); |
| 841 | 8120 | kellanved | |
| 842 | 8120 | kellanved | if ((int) $row['sessions'] <= 1 || empty($this->data['user_form_salt'])) |
| 843 | 8120 | kellanved | {
|
| 844 | 8120 | kellanved | $this->data['user_form_salt'] = unique_id(); |
| 845 | 8120 | kellanved | // Update the form key
|
| 846 | 8120 | kellanved | $sql = 'UPDATE ' . USERS_TABLE . ' |
| 847 | 8120 | kellanved | SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\' |
| 848 | 8120 | kellanved | WHERE user_id = ' . (int) $this->data['user_id']; |
| 849 | 8120 | kellanved | $db->sql_query($sql); |
| 850 | 8120 | kellanved | } |
| 851 | 4603 | psotfx | } |
| 852 | 6364 | acydburn | else
|
| 853 | 6364 | acydburn | {
|
| 854 | 6740 | naderman | $this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now; |
| 855 | 6740 | naderman | |
| 856 | 6740 | naderman | // Update the last visit time
|
| 857 | 6740 | naderman | $sql = 'UPDATE ' . USERS_TABLE . ' |
| 858 | 6740 | naderman | SET user_lastvisit = ' . (int) $this->data['session_time'] . ' |
| 859 | 6740 | naderman | WHERE user_id = ' . (int) $this->data['user_id']; |
| 860 | 6740 | naderman | $db->sql_query($sql); |
| 861 | 6740 | naderman | |
| 862 | 6364 | acydburn | $SID = '?sid='; |
| 863 | 6364 | acydburn | $_SID = ''; |
| 864 | 6364 | acydburn | } |
| 865 | 7890 | naderman | |
| 866 | 2958 | psotfx | return true; |
| 867 | 2661 | psotfx | } |
| 868 | 6048 | acydburn | |
| 869 | 5175 | psotfx | /**
|
| 870 | 5175 | psotfx | * Kills a session |
| 871 | 5175 | psotfx | * |
| 872 | 5175 | psotfx | * This method does what it says on the tin. It will delete a pre-existing session. |
| 873 | 5175 | psotfx | * It resets cookie information (destroying any autologin key within that cookie data) |
| 874 | 5175 | psotfx | * and update the users information from the relevant session data. It will then |
| 875 | 5175 | psotfx | * grab guest user information. |
| 876 | 5175 | psotfx | */ |
| 877 | 6803 | acydburn | function session_kill($new_session = true) |
| 878 | 2661 | psotfx | {
|
| 879 | 6015 | acydburn | global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx; |
| 880 | 2661 | psotfx | |
| 881 | 3989 | psotfx | $sql = 'DELETE FROM ' . SESSIONS_TABLE . " |
| 882 | 5431 | acydburn | WHERE session_id = '" . $db->sql_escape($this->session_id) . "' |
| 883 | 5178 | psotfx | AND session_user_id = " . (int) $this->data['user_id']; |
| 884 | 2661 | psotfx | $db->sql_query($sql); |
| 885 | 2661 | psotfx | |
| 886 | 5815 | naderman | // Allow connecting logout with external auth method logout
|
| 887 | 6048 | acydburn | $method = basename(trim($config['auth_method'])); |
| 888 | 6228 | acydburn | include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); |
| 889 | 5815 | naderman | |
| 890 | 6228 | acydburn | $method = 'logout_' . $method; |
| 891 | 6228 | acydburn | if (function_exists($method)) |
| 892 | 5815 | naderman | {
|
| 893 | 7971 | acydburn | $method($this->data, $new_session); |
| 894 | 5815 | naderman | } |
| 895 | 5815 | naderman | |
| 896 | 5175 | psotfx | if ($this->data['user_id'] != ANONYMOUS) |
| 897 | 5175 | psotfx | {
|
| 898 | 5175 | psotfx | // Delete existing session, update last visit info first!
|
| 899 | 5431 | acydburn | if (!isset($this->data['session_time'])) |
| 900 | 5428 | subblue | {
|
| 901 | 5428 | subblue | $this->data['session_time'] = time(); |
| 902 | 5428 | subblue | } |
| 903 | 6048 | acydburn | |
| 904 | 5175 | psotfx | $sql = 'UPDATE ' . USERS_TABLE . ' |
| 905 | 5431 | acydburn | SET user_lastvisit = ' . (int) $this->data['session_time'] . ' |
| 906 | 5431 | acydburn | WHERE user_id = ' . (int) $this->data['user_id']; |
| 907 | 5175 | psotfx | $db->sql_query($sql); |
| 908 | 2661 | psotfx | |
| 909 | 5339 | acydburn | if ($this->cookie_data['k']) |
| 910 | 5178 | psotfx | {
|
| 911 | 5178 | psotfx | $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' |
| 912 | 5178 | psotfx | WHERE user_id = ' . (int) $this->data['user_id'] . " |
| 913 | 5339 | acydburn | AND key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; |
| 914 | 5178 | psotfx | $db->sql_query($sql); |
| 915 | 5178 | psotfx | } |
| 916 | 6048 | acydburn | |
| 917 | 5175 | psotfx | // Reset the data array
|
| 918 | 6048 | acydburn | $this->data = array(); |
| 919 | 6048 | acydburn | |
| 920 | 5175 | psotfx | $sql = 'SELECT * |
| 921 | 5175 | psotfx | FROM ' . USERS_TABLE . ' |
| 922 | 5175 | psotfx | WHERE user_id = ' . ANONYMOUS; |
| 923 | 5175 | psotfx | $result = $db->sql_query($sql); |
| 924 | 5175 | psotfx | $this->data = $db->sql_fetchrow($result); |
| 925 | 5175 | psotfx | $db->sql_freeresult($result); |
| 926 | 5175 | psotfx | } |
| 927 | 6048 | acydburn | |
| 928 | 5186 | psotfx | $cookie_expire = $this->time_now - 31536000; |
| 929 | 5186 | psotfx | $this->set_cookie('u', '', $cookie_expire); |
| 930 | 5186 | psotfx | $this->set_cookie('k', '', $cookie_expire); |
| 931 | 5186 | psotfx | $this->set_cookie('sid', '', $cookie_expire); |
| 932 | 5186 | psotfx | unset($cookie_expire); |
| 933 | 6048 | acydburn | |
| 934 | 5175 | psotfx | $SID = '?sid='; |
| 935 | 6015 | acydburn | $this->session_id = $_SID = ''; |
| 936 | 5117 | acydburn | |
| 937 | 6312 | acydburn | // To make sure a valid session is created we create one for the anonymous user
|
| 938 | 6803 | acydburn | if ($new_session) |
| 939 | 6803 | acydburn | {
|
| 940 | 6803 | acydburn | $this->session_create(ANONYMOUS); |
| 941 | 6803 | acydburn | } |
| 942 | 6312 | acydburn | |
| 943 | 2661 | psotfx | return true; |
| 944 | 2661 | psotfx | } |
| 945 | 2661 | psotfx | |
| 946 | 5175 | psotfx | /**
|
| 947 | 5175 | psotfx | * Session garbage collection |
| 948 | 5175 | psotfx | * |
| 949 | 5175 | psotfx | * This looks a lot more complex than it really is. Effectively we are |
| 950 | 5175 | psotfx | * deleting any sessions older than an admin definable limit. Due to the |
| 951 | 5175 | psotfx | * way in which we maintain session data we have to ensure we update user |
| 952 | 5175 | psotfx | * data before those sessions are destroyed. In addition this method |
| 953 | 5175 | psotfx | * removes autologin key information that is older than an admin defined |
| 954 | 5175 | psotfx | * limit. |
| 955 | 5175 | psotfx | */ |
| 956 | 5175 | psotfx | function session_gc() |
| 957 | 2661 | psotfx | {
|
| 958 | 9524 | Kellanved | global $db, $config, $phpbb_root_path, $phpEx; |
| 959 | 2661 | psotfx | |
| 960 | 8089 | kellanved | $batch_size = 10; |
| 961 | 8348 | acydburn | |
| 962 | 5272 | acydburn | if (!$this->time_now) |
| 963 | 5272 | acydburn | {
|
| 964 | 5272 | acydburn | $this->time_now = time(); |
| 965 | 5272 | acydburn | } |
| 966 | 6048 | acydburn | |
| 967 | 6407 | acydburn | // Firstly, delete guest sessions
|
| 968 | 6407 | acydburn | $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' |
| 969 | 6407 | acydburn | WHERE session_user_id = ' . ANONYMOUS . ' |
| 970 | 6407 | acydburn | AND session_time < ' . (int) ($this->time_now - $config['session_length']); |
| 971 | 6407 | acydburn | $db->sql_query($sql); |
| 972 | 2661 | psotfx | |
| 973 | 6407 | acydburn | // Get expired sessions, only most recent for each user
|
| 974 | 6407 | acydburn | $sql = 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time |
| 975 | 6407 | acydburn | FROM ' . SESSIONS_TABLE . ' |
| 976 | 6407 | acydburn | WHERE session_time < ' . ($this->time_now - $config['session_length']) . ' |
| 977 | 6407 | acydburn | GROUP BY session_user_id, session_page';
|
| 978 | 8089 | kellanved | $result = $db->sql_query_limit($sql, $batch_size); |
| 979 | 4769 | psotfx | |
| 980 | 6407 | acydburn | $del_user_id = array(); |
| 981 | 6407 | acydburn | $del_sessions = 0; |
| 982 | 4769 | psotfx | |
| 983 | 6527 | acydburn | while ($row = $db->sql_fetchrow($result)) |
| 984 | 6407 | acydburn | {
|
| 985 | 6407 | acydburn | $sql = 'UPDATE ' . USERS_TABLE . ' |
| 986 | 6407 | acydburn | SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' |
| 987 | 6407 | acydburn | WHERE user_id = " . (int) $row['session_user_id']; |
| 988 | 6407 | acydburn | $db->sql_query($sql); |
| 989 | 4672 | ludovic_arnaud | |
| 990 | 6407 | acydburn | $del_user_id[] = (int) $row['session_user_id']; |
| 991 | 6407 | acydburn | $del_sessions++;
|
| 992 | 6407 | acydburn | } |
| 993 | 6407 | acydburn | $db->sql_freeresult($result); |
| 994 | 4672 | ludovic_arnaud | |
| 995 | 6407 | acydburn | if (sizeof($del_user_id)) |
| 996 | 6407 | acydburn | {
|
| 997 | 6407 | acydburn | // Delete expired sessions
|
| 998 | 6407 | acydburn | $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' |
| 999 | 6407 | acydburn | WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . ' |
| 1000 | 6407 | acydburn | AND session_time < ' . ($this->time_now - $config['session_length']); |
| 1001 | 6407 | acydburn | $db->sql_query($sql); |
| 1002 | 6407 | acydburn | } |
| 1003 | 4672 | ludovic_arnaud | |
| 1004 | 8089 | kellanved | if ($del_sessions < $batch_size) |
| 1005 | 6407 | acydburn | {
|
| 1006 | 8089 | kellanved | // Less than 10 users, update gc timer ... else we want gc
|
| 1007 | 6407 | acydburn | // called again to delete other sessions
|
| 1008 | 6407 | acydburn | set_config('session_last_gc', $this->time_now, true); |
| 1009 | 8348 | acydburn | |
| 1010 | 8089 | kellanved | if ($config['max_autologin_time']) |
| 1011 | 8089 | kellanved | {
|
| 1012 | 8089 | kellanved | $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' |
| 1013 | 8089 | kellanved | WHERE last_login < ' . (time() - (86400 * (int) $config['max_autologin_time'])); |
| 1014 | 8089 | kellanved | $db->sql_query($sql); |
| 1015 | 8089 | kellanved | } |
| 1016 | 9554 | acydburn | |
| 1017 | 9524 | Kellanved | // only called from CRON; should be a safe workaround until the infrastructure gets going
|
| 1018 | 10650 | git-gate | if (!class_exists('phpbb_captcha_factory', false)) |
| 1019 | 9524 | Kellanved | {
|
| 1020 | 9524 | Kellanved | include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx); |
| 1021 | 9524 | Kellanved | } |
| 1022 | 9627 | Kellanved | phpbb_captcha_factory::garbage_collect($config['captcha_plugin']); |
| 1023 | 11214 | git-gate | |
| 1024 | 11214 | git-gate | $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' |
| 1025 | 11214 | git-gate | WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']); |
| 1026 | 11214 | git-gate | $db->sql_query($sql); |
| 1027 | 2928 | psotfx | } |
| 1028 | 8348 | acydburn | |
| 1029 | 8089 | kellanved | return;
|
| 1030 | 8089 | kellanved | } |
| 1031 | 8348 | acydburn | |
| 1032 | 5175 | psotfx | /**
|
| 1033 | 5175 | psotfx | * Sets a cookie |
| 1034 | 5175 | psotfx | * |
| 1035 | 8310 | acydburn | * Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set. |
| 1036 | 8310 | acydburn | * |
| 1037 | 8310 | acydburn | * @param string $name Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then. |
| 1038 | 8310 | acydburn | * @param string $cookiedata The data to hold within the cookie |
| 1039 | 8310 | acydburn | * @param int $cookietime The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set. |
| 1040 | 5175 | psotfx | */ |
| 1041 | 2932 | psotfx | function set_cookie($name, $cookiedata, $cookietime) |
| 1042 | 2932 | psotfx | {
|
| 1043 | 2983 | psotfx | global $config; |
| 1044 | 2932 | psotfx | |
| 1045 | 6436 | acydburn | $name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata); |
| 1046 | 6436 | acydburn | $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); |
| 1047 | 6436 | acydburn | $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']; |
| 1048 | 5678 | acydburn | |
| 1049 | 8310 | acydburn | header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false); |
| 1050 | 5175 | psotfx | } |
| 1051 | 5175 | psotfx | |
| 1052 | 5175 | psotfx | /**
|
| 1053 | 5175 | psotfx | * Check for banned user |
| 1054 | 5175 | psotfx | * |
| 1055 | 5175 | psotfx | * Checks whether the supplied user is banned by id, ip or email. If no parameters |
| 1056 | 5633 | acydburn | * are passed to the method pre-existing session data is used. If $return is false |
| 1057 | 7890 | naderman | * this routine does not return on finding a banned user, it outputs a relevant |
| 1058 | 5633 | acydburn | * message and stops execution. |
| 1059 | 6740 | naderman | * |
| 1060 | 6740 | naderman | * @param string|array $user_ips Can contain a string with one IP or an array of multiple IPs |
| 1061 | 5175 | psotfx | */ |
| 1062 | 6740 | naderman | function check_ban($user_id = false, $user_ips = false, $user_email = false, $return = false) |
| 1063 | 5175 | psotfx | {
|
| 1064 | 5175 | psotfx | global $config, $db; |
| 1065 | 6048 | acydburn | |
| 1066 | 6803 | acydburn | if (defined('IN_CHECK_BAN')) |
| 1067 | 6803 | acydburn | {
|
| 1068 | 6803 | acydburn | return;
|
| 1069 | 6803 | acydburn | } |
| 1070 | 6803 | acydburn | |
| 1071 | 5175 | psotfx | $banned = false; |
| 1072 | 8202 | acydburn | $cache_ttl = 3600; |
| 1073 | 8202 | acydburn | $where_sql = array(); |
| 1074 | 5175 | psotfx | |
| 1075 | 5175 | psotfx | $sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end |
| 1076 | 5175 | psotfx | FROM ' . BANLIST_TABLE . ' |
| 1077 | 8202 | acydburn | WHERE ';
|
| 1078 | 6114 | acydburn | |
| 1079 | 6114 | acydburn | // Determine which entries to check, only return those
|
| 1080 | 6114 | acydburn | if ($user_email === false) |
| 1081 | 6114 | acydburn | {
|
| 1082 | 8202 | acydburn | $where_sql[] = "ban_email = ''"; |
| 1083 | 6114 | acydburn | } |
| 1084 | 6114 | acydburn | |
| 1085 | 6740 | naderman | if ($user_ips === false) |
| 1086 | 6114 | acydburn | {
|
| 1087 | 8202 | acydburn | $where_sql[] = "(ban_ip = '' OR ban_exclude = 1)"; |
| 1088 | 6114 | acydburn | } |
| 1089 | 6114 | acydburn | |
| 1090 | 6114 | acydburn | if ($user_id === false) |
| 1091 | 6114 | acydburn | {
|
| 1092 | 8202 | acydburn | $where_sql[] = '(ban_userid = 0 OR ban_exclude = 1)'; |
| 1093 | 6114 | acydburn | } |
| 1094 | 6114 | acydburn | else
|
| 1095 | 6114 | acydburn | {
|
| 1096 | 8202 | acydburn | $cache_ttl = ($user_id == ANONYMOUS) ? 3600 : 0; |
| 1097 | 8202 | acydburn | $_sql = '(ban_userid = ' . $user_id; |
| 1098 | 6114 | acydburn | |
| 1099 | 6114 | acydburn | if ($user_email !== false) |
| 1100 | 6114 | acydburn | {
|
| 1101 | 8202 | acydburn | $_sql .= " OR ban_email <> ''"; |
| 1102 | 6114 | acydburn | } |
| 1103 | 6114 | acydburn | |
| 1104 | 6740 | naderman | if ($user_ips !== false) |
| 1105 | 6114 | acydburn | {
|
| 1106 | 8202 | acydburn | $_sql .= " OR ban_ip <> ''"; |
| 1107 | 6114 | acydburn | } |
| 1108 | 6114 | acydburn | |
| 1109 | 8202 | acydburn | $_sql .= ')'; |
| 1110 | 8202 | acydburn | |
| 1111 | 8202 | acydburn | $where_sql[] = $_sql; |
| 1112 | 6114 | acydburn | } |
| 1113 | 6114 | acydburn | |
| 1114 | 8202 | acydburn | $sql .= (sizeof($where_sql)) ? implode(' AND ', $where_sql) : ''; |
| 1115 | 8202 | acydburn | $result = $db->sql_query($sql, $cache_ttl); |
| 1116 | 5175 | psotfx | |
| 1117 | 6447 | acydburn | $ban_triggered_by = 'user'; |
| 1118 | 5323 | acydburn | while ($row = $db->sql_fetchrow($result)) |
| 1119 | 5038 | acydburn | {
|
| 1120 | 8202 | acydburn | if ($row['ban_end'] && $row['ban_end'] < time()) |
| 1121 | 8202 | acydburn | {
|
| 1122 | 8202 | acydburn | continue;
|
| 1123 | 8202 | acydburn | } |
| 1124 | 8202 | acydburn | |
| 1125 | 6744 | naderman | $ip_banned = false; |
| 1126 | 6744 | naderman | if (!empty($row['ban_ip'])) |
| 1127 | 6744 | naderman | {
|
| 1128 | 6744 | naderman | if (!is_array($user_ips)) |
| 1129 | 6744 | naderman | {
|
| 1130 | 7808 | acydburn | $ip_banned = preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ips); |
| 1131 | 6744 | naderman | } |
| 1132 | 6744 | naderman | else
|
| 1133 | 6744 | naderman | {
|
| 1134 | 6744 | naderman | foreach ($user_ips as $user_ip) |
| 1135 | 6744 | naderman | {
|
| 1136 | 7808 | acydburn | if (preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_ip'], '#')) . '$#i', $user_ip)) |
| 1137 | 6744 | naderman | {
|
| 1138 | 6744 | naderman | $ip_banned = true; |
| 1139 | 6744 | naderman | break;
|
| 1140 | 6744 | naderman | } |
| 1141 | 6744 | naderman | } |
| 1142 | 6744 | naderman | } |
| 1143 | 6744 | naderman | } |
| 1144 | 6744 | naderman | |
| 1145 | 5323 | acydburn | if ((!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) || |
| 1146 | 6744 | naderman | $ip_banned ||
|
| 1147 | 7808 | acydburn | (!empty($row['ban_email']) && preg_match('#^' . str_replace('\*', '.*?', preg_quote($row['ban_email'], '#')) . '$#i', $user_email))) |
| 1148 | 5175 | psotfx | {
|
| 1149 | 5323 | acydburn | if (!empty($row['ban_exclude'])) |
| 1150 | 5175 | psotfx | {
|
| 1151 | 5323 | acydburn | $banned = false; |
| 1152 | 5323 | acydburn | break;
|
| 1153 | 5175 | psotfx | } |
| 1154 | 5323 | acydburn | else
|
| 1155 | 5323 | acydburn | {
|
| 1156 | 5323 | acydburn | $banned = true; |
| 1157 | 5323 | acydburn | $ban_row = $row; |
| 1158 | 6447 | acydburn | |
| 1159 | 6447 | acydburn | if (!empty($row['ban_userid']) && intval($row['ban_userid']) == $user_id) |
| 1160 | 6447 | acydburn | {
|
| 1161 | 6447 | acydburn | $ban_triggered_by = 'user'; |
| 1162 | 6447 | acydburn | } |
| 1163 | 8157 | acydburn | else if ($ip_banned) |
| 1164 | 6447 | acydburn | {
|
| 1165 | 6447 | acydburn | $ban_triggered_by = 'ip'; |
| 1166 | 6447 | acydburn | } |
| 1167 | 6447 | acydburn | else
|
| 1168 | 6447 | acydburn | {
|
| 1169 | 6447 | acydburn | $ban_triggered_by = 'email'; |
| 1170 | 6447 | acydburn | } |
| 1171 | 6447 | acydburn | |
| 1172 | 5323 | acydburn | // Don't break. Check if there is an exclude rule for this user
|
| 1173 | 5323 | acydburn | } |
| 1174 | 5175 | psotfx | } |
| 1175 | 5038 | acydburn | } |
| 1176 | 5175 | psotfx | $db->sql_freeresult($result); |
| 1177 | 5175 | psotfx | |
| 1178 | 5633 | acydburn | if ($banned && !$return) |
| 1179 | 5038 | acydburn | {
|
| 1180 | 7439 | acydburn | global $template; |
| 1181 | 7439 | acydburn | |
| 1182 | 7150 | acydburn | // If the session is empty we need to create a valid one...
|
| 1183 | 7150 | acydburn | if (empty($this->session_id)) |
| 1184 | 7150 | acydburn | {
|
| 1185 | 8224 | acydburn | // This seems to be no longer needed? - #14971
|
| 1186 | 8224 | acydburn | // $this->session_create(ANONYMOUS);
|
| 1187 | 7150 | acydburn | } |
| 1188 | 7150 | acydburn | |
| 1189 | 5175 | psotfx | // Initiate environment ... since it won't be set at this stage
|
| 1190 | 5175 | psotfx | $this->setup();
|
| 1191 | 5175 | psotfx | |
| 1192 | 5219 | bartvb | // Logout the user, banned users are unable to use the normal 'logout' link
|
| 1193 | 5219 | bartvb | if ($this->data['user_id'] != ANONYMOUS) |
| 1194 | 5323 | acydburn | {
|
| 1195 | 5219 | bartvb | $this->session_kill();
|
| 1196 | 5272 | acydburn | } |
| 1197 | 6048 | acydburn | |
| 1198 | 6803 | acydburn | // We show a login box here to allow founders accessing the board if banned by IP
|
| 1199 | 6803 | acydburn | if (defined('IN_LOGIN') && $this->data['user_id'] == ANONYMOUS) |
| 1200 | 6803 | acydburn | {
|
| 1201 | 6803 | acydburn | global $phpEx; |
| 1202 | 6803 | acydburn | |
| 1203 | 7439 | acydburn | $this->setup('ucp'); |
| 1204 | 7439 | acydburn | $this->data['is_registered'] = $this->data['is_bot'] = false; |
| 1205 | 7439 | acydburn | |
| 1206 | 6803 | acydburn | // Set as a precaution to allow login_box() handling this case correctly as well as this function not being executed again.
|
| 1207 | 6803 | acydburn | define('IN_CHECK_BAN', 1); |
| 1208 | 6803 | acydburn | |
| 1209 | 6803 | acydburn | login_box("index.$phpEx");
|
| 1210 | 6803 | acydburn | |
| 1211 | 6803 | acydburn | // The false here is needed, else the user is able to circumvent the ban.
|
| 1212 | 6803 | acydburn | $this->session_kill(false); |
| 1213 | 6803 | acydburn | } |
| 1214 | 6803 | acydburn | |
| 1215 | 7150 | acydburn | // Ok, we catch the case of an empty session id for the anonymous user...
|
| 1216 | 7150 | acydburn | // This can happen if the user is logging in, banned by username and the login_box() being called "again".
|
| 1217 | 7439 | acydburn | if (empty($this->session_id) && defined('IN_CHECK_BAN')) |
| 1218 | 7150 | acydburn | {
|
| 1219 | 7150 | acydburn | $this->session_create(ANONYMOUS); |
| 1220 | 7150 | acydburn | } |
| 1221 | 7150 | acydburn | |
| 1222 | 7439 | acydburn | |
| 1223 | 5175 | psotfx | // Determine which message to output
|
| 1224 | 5323 | acydburn | $till_date = ($ban_row['ban_end']) ? $this->format_date($ban_row['ban_end']) : ''; |
| 1225 | 5323 | acydburn | $message = ($ban_row['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; |
| 1226 | 5175 | psotfx | |
| 1227 | 5175 | psotfx | $message = sprintf($this->lang[$message], $till_date, '<a href="mailto:' . $config['board_contact'] . '">', '</a>'); |
| 1228 | 5323 | acydburn | $message .= ($ban_row['ban_give_reason']) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : ''; |
| 1229 | 6551 | davidmj | $message .= '<br /><br /><em>' . $this->lang['BAN_TRIGGERED_BY_' . strtoupper($ban_triggered_by)] . '</em>'; |
| 1230 | 6447 | acydburn | |
| 1231 | 8225 | acydburn | // To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again
|
| 1232 | 8225 | acydburn | $this->session_kill(false); |
| 1233 | 8225 | acydburn | |
| 1234 | 8661 | acydburn | // A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page
|
| 1235 | 8661 | acydburn | if (defined('IN_CRON')) |
| 1236 | 8661 | acydburn | {
|
| 1237 | 8661 | acydburn | garbage_collection(); |
| 1238 | 8661 | acydburn | exit_handler(); |
| 1239 | 8661 | acydburn | exit;
|
| 1240 | 8661 | acydburn | } |
| 1241 | 8661 | acydburn | |
| 1242 | 5175 | psotfx | trigger_error($message); |
| 1243 | 5038 | acydburn | } |
| 1244 | 5633 | acydburn | |
| 1245 | 8565 | acydburn | return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned; |
| 1246 | 2932 | psotfx | } |
| 1247 | 6048 | acydburn | |
| 1248 | 5175 | psotfx | /**
|
| 1249 | 6414 | acydburn | * Check if ip is blacklisted |
| 1250 | 6414 | acydburn | * This should be called only where absolutly necessary |
| 1251 | 6414 | acydburn | * |
| 1252 | 6414 | acydburn | * Only IPv4 (rbldns does not support AAAA records/IPv6 lookups) |
| 1253 | 6414 | acydburn | * |
| 1254 | 6414 | acydburn | * @author satmd (from the php manual) |
| 1255 | 6698 | acydburn | * @param string $mode register/post - spamcop for example is ommitted for posting |
| 1256 | 6414 | acydburn | * @return false if ip is not blacklisted, else an array([checked server], [lookup]) |
| 1257 | 6414 | acydburn | */ |
| 1258 | 6698 | acydburn | function check_dnsbl($mode, $ip = false) |
| 1259 | 6414 | acydburn | {
|
| 1260 | 6414 | acydburn | if ($ip === false) |
| 1261 | 6414 | acydburn | {
|
| 1262 | 6414 | acydburn | $ip = $this->ip; |
| 1263 | 6414 | acydburn | } |
| 1264 | 6414 | acydburn | |
| 1265 | 11168 | git-gate | // Neither Spamhaus nor Spamcop supports IPv6 addresses.
|
| 1266 | 11168 | git-gate | if (strpos($ip, ':') !== false) |
| 1267 | 11168 | git-gate | {
|
| 1268 | 11168 | git-gate | return false; |
| 1269 | 11168 | git-gate | } |
| 1270 | 11168 | git-gate | |
| 1271 | 6414 | acydburn | $dnsbl_check = array( |
| 1272 | 9484 | acydburn | 'sbl.spamhaus.org' => 'http://www.spamhaus.org/query/bl?ip=', |
| 1273 | 6414 | acydburn | ); |
| 1274 | 6414 | acydburn | |
| 1275 | 6698 | acydburn | if ($mode == 'register') |
| 1276 | 6698 | acydburn | {
|
| 1277 | 6698 | acydburn | $dnsbl_check['bl.spamcop.net'] = 'http://spamcop.net/bl.shtml?'; |
| 1278 | 6698 | acydburn | } |
| 1279 | 6698 | acydburn | |
| 1280 | 6414 | acydburn | if ($ip) |
| 1281 | 6414 | acydburn | {
|
| 1282 | 6414 | acydburn | $quads = explode('.', $ip); |
| 1283 | 6414 | acydburn | $reverse_ip = $quads[3] . '.' . $quads[2] . '.' . $quads[1] . '.' . $quads[0]; |
| 1284 | 6414 | acydburn | |
| 1285 | 6719 | acydburn | // Need to be listed on all servers...
|
| 1286 | 6719 | acydburn | $listed = true; |
| 1287 | 6719 | acydburn | $info = array(); |
| 1288 | 6719 | acydburn | |
| 1289 | 6414 | acydburn | foreach ($dnsbl_check as $dnsbl => $lookup) |
| 1290 | 6414 | acydburn | {
|
| 1291 | 6414 | acydburn | if (phpbb_checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true) |
| 1292 | 6414 | acydburn | {
|
| 1293 | 6719 | acydburn | $info = array($dnsbl, $lookup . $ip); |
| 1294 | 6414 | acydburn | } |
| 1295 | 6719 | acydburn | else
|
| 1296 | 6719 | acydburn | {
|
| 1297 | 6719 | acydburn | $listed = false; |
| 1298 | 6719 | acydburn | } |
| 1299 | 6414 | acydburn | } |
| 1300 | 6719 | acydburn | |
| 1301 | 6719 | acydburn | if ($listed) |
| 1302 | 6719 | acydburn | {
|
| 1303 | 6719 | acydburn | return $info; |
| 1304 | 6719 | acydburn | } |
| 1305 | 6414 | acydburn | } |
| 1306 | 6414 | acydburn | |
| 1307 | 6414 | acydburn | return false; |
| 1308 | 6414 | acydburn | } |
| 1309 | 6414 | acydburn | |
| 1310 | 6414 | acydburn | /**
|
| 1311 | 7034 | acydburn | * Check if URI is blacklisted |
| 1312 | 7034 | acydburn | * This should be called only where absolutly necessary, for example on the submitted website field |
| 1313 | 7034 | acydburn | * This function is not in use at the moment and is only included for testing purposes, it may not work at all! |
| 1314 | 7034 | acydburn | * This means it is untested at the moment and therefore commented out |
| 1315 | 7034 | acydburn | * |
| 1316 | 7034 | acydburn | * @param string $uri URI to check |
| 1317 | 7034 | acydburn | * @return true if uri is on blacklist, else false. Only blacklist is checked (~zero FP), no grey lists |
| 1318 | 7034 | acydburn | function check_uribl($uri) |
| 1319 | 7034 | acydburn | {
|
| 1320 | 7034 | acydburn | // Normally parse_url() is not intended to parse uris |
| 1321 | 7034 | acydburn | // We need to get the top-level domain name anyway... change. |
| 1322 | 7034 | acydburn | $uri = parse_url($uri); |
| 1323 | 7034 | acydburn | |
| 1324 | 7034 | acydburn | if ($uri === false || empty($uri['host'])) |
| 1325 | 7034 | acydburn | {
|
| 1326 | 7034 | acydburn | return false; |
| 1327 | 7034 | acydburn | } |
| 1328 | 7034 | acydburn | |
| 1329 | 7034 | acydburn | $uri = trim($uri['host']); |
| 1330 | 7034 | acydburn | |
| 1331 | 7034 | acydburn | if ($uri) |
| 1332 | 7034 | acydburn | {
|
| 1333 | 7034 | acydburn | // One problem here... the return parameter for the "windows" method is different from what |
| 1334 | 7034 | acydburn | // we expect... this may render this check useless... |
| 1335 | 7034 | acydburn | if (phpbb_checkdnsrr($uri . '.multi.uribl.com.', 'A') === true) |
| 1336 | 7034 | acydburn | {
|
| 1337 | 7034 | acydburn | return true; |
| 1338 | 7034 | acydburn | } |
| 1339 | 7034 | acydburn | } |
| 1340 | 7034 | acydburn | |
| 1341 | 7034 | acydburn | return false; |
| 1342 | 7034 | acydburn | } |
| 1343 | 7034 | acydburn | */ |
| 1344 | 7034 | acydburn | |
| 1345 | 7034 | acydburn | /**
|
| 1346 | 5175 | psotfx | * Set/Update a persistent login key |
| 1347 | 5175 | psotfx | * |
| 1348 | 5175 | psotfx | * This method creates or updates a persistent session key. When a user makes |
| 1349 | 5175 | psotfx | * use of persistent (formerly auto-) logins a key is generated and stored in the |
| 1350 | 5175 | psotfx | * DB. When they revisit with the same key it's automatically updated in both the |
| 1351 | 5175 | psotfx | * DB and cookie. Multiple keys may exist for each user representing different |
| 1352 | 5175 | psotfx | * browsers or locations. As with _any_ non-secure-socket no passphrase login this |
| 1353 | 6048 | acydburn | * remains vulnerable to exploit. |
| 1354 | 5175 | psotfx | */ |
| 1355 | 5175 | psotfx | function set_login_key($user_id = false, $key = false, $user_ip = false) |
| 1356 | 5175 | psotfx | {
|
| 1357 | 5175 | psotfx | global $config, $db; |
| 1358 | 6048 | acydburn | |
| 1359 | 5175 | psotfx | $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; |
| 1360 | 5175 | psotfx | $user_ip = ($user_ip === false) ? $this->ip : $user_ip; |
| 1361 | 5339 | acydburn | $key = ($key === false) ? (($this->cookie_data['k']) ? $this->cookie_data['k'] : false) : $key; |
| 1362 | 6048 | acydburn | |
| 1363 | 5288 | grahamje | $key_id = unique_id(hexdec(substr($this->session_id, 0, 8))); |
| 1364 | 6048 | acydburn | |
| 1365 | 5175 | psotfx | $sql_ary = array( |
| 1366 | 5288 | grahamje | 'key_id' => (string) md5($key_id), |
| 1367 | 5175 | psotfx | 'last_ip' => (string) $this->ip, |
| 1368 | 5175 | psotfx | 'last_login' => (int) time() |
| 1369 | 5175 | psotfx | ); |
| 1370 | 5339 | acydburn | |
| 1371 | 5175 | psotfx | if (!$key) |
| 1372 | 5175 | psotfx | {
|
| 1373 | 5175 | psotfx | $sql_ary += array( |
| 1374 | 5175 | psotfx | 'user_id' => (int) $user_id |
| 1375 | 5175 | psotfx | ); |
| 1376 | 5175 | psotfx | } |
| 1377 | 6048 | acydburn | |
| 1378 | 6048 | acydburn | if ($key) |
| 1379 | 6048 | acydburn | {
|
| 1380 | 6048 | acydburn | $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . ' |
| 1381 | 6048 | acydburn | SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' |
| 1382 | 6048 | acydburn | WHERE user_id = ' . (int) $user_id . " |
| 1383 | 6048 | acydburn | AND key_id = '" . $db->sql_escape(md5($key)) . "'"; |
| 1384 | 6048 | acydburn | } |
| 1385 | 6048 | acydburn | else
|
| 1386 | 6048 | acydburn | {
|
| 1387 | 6048 | acydburn | $sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); |
| 1388 | 6048 | acydburn | } |
| 1389 | 5175 | psotfx | $db->sql_query($sql); |
| 1390 | 6048 | acydburn | |
| 1391 | 5288 | grahamje | $this->cookie_data['k'] = $key_id; |
| 1392 | 6048 | acydburn | |
| 1393 | 5175 | psotfx | return false; |
| 1394 | 5175 | psotfx | } |
| 1395 | 5660 | grahamje | |
| 1396 | 5660 | grahamje | /**
|
| 1397 | 5660 | grahamje | * Reset all login keys for the specified user |
| 1398 | 5660 | grahamje | * |
| 1399 | 5660 | grahamje | * This method removes all current login keys for a specified (or the current) |
| 1400 | 5660 | grahamje | * user. It will be called on password change to render old keys unusable |
| 1401 | 5660 | grahamje | */ |
| 1402 | 5660 | grahamje | function reset_login_keys($user_id = false) |
| 1403 | 5660 | grahamje | {
|
| 1404 | 5660 | grahamje | global $config, $db; |
| 1405 | 5660 | grahamje | |
| 1406 | 10342 | acydburn | $user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id; |
| 1407 | 5660 | grahamje | |
| 1408 | 6048 | acydburn | $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' |
| 1409 | 6048 | acydburn | WHERE user_id = ' . (int) $user_id; |
| 1410 | 5660 | grahamje | $db->sql_query($sql); |
| 1411 | 5660 | grahamje | |
| 1412 | 10558 | git-gate | // If the user is logged in, update last visit info first before deleting sessions
|
| 1413 | 10103 | terrafrost | $sql = 'SELECT session_time, session_page |
| 1414 | 10103 | terrafrost | FROM ' . SESSIONS_TABLE . ' |
| 1415 | 10103 | terrafrost | WHERE session_user_id = ' . (int) $user_id . ' |
| 1416 | 10103 | terrafrost | ORDER BY session_time DESC';
|
| 1417 | 10103 | terrafrost | $result = $db->sql_query_limit($sql, 1); |
| 1418 | 10103 | terrafrost | $row = $db->sql_fetchrow($result); |
| 1419 | 10103 | terrafrost | $db->sql_freeresult($result); |
| 1420 | 10103 | terrafrost | |
| 1421 | 10558 | git-gate | if ($row) |
| 1422 | 10558 | git-gate | {
|
| 1423 | 10558 | git-gate | $sql = 'UPDATE ' . USERS_TABLE . ' |
| 1424 | 10558 | git-gate | SET user_lastvisit = ' . (int) $row['session_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' |
| 1425 | 10558 | git-gate | WHERE user_id = " . (int) $user_id; |
| 1426 | 10558 | git-gate | $db->sql_query($sql); |
| 1427 | 10558 | git-gate | } |
| 1428 | 10103 | terrafrost | |
| 1429 | 5663 | grahamje | // Let's also clear any current sessions for the specified user_id
|
| 1430 | 5663 | grahamje | // If it's the current user then we'll leave this session intact
|
| 1431 | 5663 | grahamje | $sql_where = 'session_user_id = ' . (int) $user_id; |
| 1432 | 10342 | acydburn | $sql_where .= ($user_id === (int) $this->data['user_id']) ? " AND session_id <> '" . $db->sql_escape($this->session_id) . "'" : ''; |
| 1433 | 5663 | grahamje | |
| 1434 | 7890 | naderman | $sql = 'DELETE FROM ' . SESSIONS_TABLE . " |
| 1435 | 5663 | grahamje | WHERE $sql_where"; |
| 1436 | 5663 | grahamje | $db->sql_query($sql); |
| 1437 | 5663 | grahamje | |
| 1438 | 5660 | grahamje | // We're changing the password of the current user and they have a key
|
| 1439 | 5660 | grahamje | // Lets regenerate it to be safe
|
| 1440 | 10342 | acydburn | if ($user_id === (int) $this->data['user_id'] && $this->cookie_data['k']) |
| 1441 | 5660 | grahamje | {
|
| 1442 | 5660 | grahamje | $this->set_login_key($user_id); |
| 1443 | 5660 | grahamje | } |
| 1444 | 5660 | grahamje | } |
| 1445 | 8565 | acydburn | |
| 1446 | 8565 | acydburn | |
| 1447 | 8554 | Kellanved | /**
|
| 1448 | 8565 | acydburn | * Check if the request originated from the same page. |
| 1449 | 8554 | Kellanved | * @param bool $check_script_path If true, the path will be checked as well |
| 1450 | 8554 | Kellanved | */ |
| 1451 | 8554 | Kellanved | function validate_referer($check_script_path = false) |
| 1452 | 8554 | Kellanved | {
|
| 1453 | 11368 | git-gate | global $config, $request; |
| 1454 | 9917 | nickvergessen | |
| 1455 | 8554 | Kellanved | // no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason)
|
| 1456 | 8846 | acydburn | if (empty($this->referer) || empty($this->host)) |
| 1457 | 8554 | Kellanved | {
|
| 1458 | 8554 | Kellanved | return true; |
| 1459 | 8554 | Kellanved | } |
| 1460 | 8636 | acydburn | |
| 1461 | 8554 | Kellanved | $host = htmlspecialchars($this->host); |
| 1462 | 8554 | Kellanved | $ref = substr($this->referer, strpos($this->referer, '://') + 3); |
| 1463 | 9479 | Kellanved | |
| 1464 | 9917 | nickvergessen | if (!(stripos($ref, $host) === 0) && (!$config['force_server_vars'] || !(stripos($ref, $config['server_name']) === 0))) |
| 1465 | 8554 | Kellanved | {
|
| 1466 | 8554 | Kellanved | return false; |
| 1467 | 8554 | Kellanved | } |
| 1468 | 8559 | Kellanved | else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '') |
| 1469 | 8554 | Kellanved | {
|
| 1470 | 8554 | Kellanved | $ref = substr($ref, strlen($host)); |
| 1471 | 11368 | git-gate | $server_port = $request->server('SERVER_PORT', 0); |
| 1472 | 8636 | acydburn | |
| 1473 | 8560 | Kellanved | if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) |
| 1474 | 8559 | Kellanved | {
|
| 1475 | 8559 | Kellanved | $ref = substr($ref, strlen(":$server_port")); |
| 1476 | 8559 | Kellanved | } |
| 1477 | 8636 | acydburn | |
| 1478 | 8554 | Kellanved | if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) |
| 1479 | 8554 | Kellanved | {
|
| 1480 | 8554 | Kellanved | return false; |
| 1481 | 8554 | Kellanved | } |
| 1482 | 8554 | Kellanved | } |
| 1483 | 8636 | acydburn | |
| 1484 | 8554 | Kellanved | return true; |
| 1485 | 8554 | Kellanved | } |
| 1486 | 8580 | Kellanved | |
| 1487 | 8580 | Kellanved | |
| 1488 | 8580 | Kellanved | function unset_admin() |
| 1489 | 8580 | Kellanved | {
|
| 1490 | 8580 | Kellanved | global $db; |
| 1491 | 8580 | Kellanved | $sql = 'UPDATE ' . SESSIONS_TABLE . ' |
| 1492 | 8580 | Kellanved | SET session_admin = 0 |
| 1493 | 8580 | Kellanved | WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\''; |
| 1494 | 8580 | Kellanved | $db->sql_query($sql); |
| 1495 | 8580 | Kellanved | } |
| 1496 | 10899 | git-gate | |
| 1497 | 10899 | git-gate | /**
|
| 1498 | 10899 | git-gate | * Update the session data |
| 1499 | 10899 | git-gate | * |
| 1500 | 10899 | git-gate | * @param array $session_data associative array of session keys to be updated |
| 1501 | 10899 | git-gate | * @param string $session_id optional session_id, defaults to current user's session_id |
| 1502 | 10899 | git-gate | */ |
| 1503 | 10899 | git-gate | public function update_session($session_data, $session_id = null) |
| 1504 | 10899 | git-gate | {
|
| 1505 | 10899 | git-gate | global $db; |
| 1506 | 10899 | git-gate | |
| 1507 | 10899 | git-gate | $session_id = ($session_id) ? $session_id : $this->session_id; |
| 1508 | 10899 | git-gate | |
| 1509 | 10899 | git-gate | $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $session_data) . " |
| 1510 | 10899 | git-gate | WHERE session_id = '" . $db->sql_escape($session_id) . "'"; |
| 1511 | 10899 | git-gate | $db->sql_query($sql); |
| 1512 | 10899 | git-gate | } |
| 1513 | 2661 | psotfx | } |
| 1514 | 2661 | psotfx | |
| 1515 | 5177 | psotfx | |
| 1516 | 5114 | acydburn | /**
|
| 1517 | 5175 | psotfx | * Base user class |
| 1518 | 5175 | psotfx | * |
| 1519 | 5175 | psotfx | * This is the overarching class which contains (through session extend) |
| 1520 | 5175 | psotfx | * all methods utilised for user functionality during a session. |
| 1521 | 6058 | acydburn | * |
| 1522 | 6058 | acydburn | * @package phpBB3 |
| 1523 | 5114 | acydburn | */ |
| 1524 | 2958 | psotfx | class user extends session |
| 1525 | 2923 | psotfx | {
|
| 1526 | 2958 | psotfx | var $lang = array(); |
| 1527 | 4844 | acydburn | var $help = array(); |
| 1528 | 2958 | psotfx | var $theme = array(); |
| 1529 | 2923 | psotfx | var $date_format; |
| 1530 | 2923 | psotfx | var $timezone; |
| 1531 | 2923 | psotfx | var $dst; |
| 1532 | 2880 | psotfx | |
| 1533 | 8782 | acydburn | var $lang_name = false; |
| 1534 | 8011 | acydburn | var $lang_id = false; |
| 1535 | 2958 | psotfx | var $lang_path; |
| 1536 | 2958 | psotfx | var $img_lang; |
| 1537 | 7304 | davidmj | var $img_array = array(); |
| 1538 | 2958 | psotfx | |
| 1539 | 9696 | rxu | // Able to add new options (up to id 31)
|
| 1540 | 9696 | rxu | var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10, 'sig_bbcode' => 15, 'sig_smilies' => 16, 'sig_links' => 17); |
| 1541 | 4440 | psotfx | |
| 1542 | 6048 | acydburn | /**
|
| 1543 | 8782 | acydburn | * Constructor to set the lang path |
| 1544 | 8782 | acydburn | */ |
| 1545 | 8782 | acydburn | function user() |
| 1546 | 8782 | acydburn | {
|
| 1547 | 8782 | acydburn | global $phpbb_root_path; |
| 1548 | 8782 | acydburn | |
| 1549 | 8782 | acydburn | $this->lang_path = $phpbb_root_path . 'language/'; |
| 1550 | 8782 | acydburn | } |
| 1551 | 8782 | acydburn | |
| 1552 | 8782 | acydburn | /**
|
| 1553 | 8782 | acydburn | * Function to set custom language path (able to use directory outside of phpBB) |
| 1554 | 8782 | acydburn | * |
| 1555 | 8782 | acydburn | * @param string $lang_path New language path used. |
| 1556 | 8782 | acydburn | * @access public |
| 1557 | 8782 | acydburn | */ |
| 1558 | 8782 | acydburn | function set_custom_lang_path($lang_path) |
| 1559 | 8782 | acydburn | {
|
| 1560 | 8782 | acydburn | $this->lang_path = $lang_path; |
| 1561 | 8782 | acydburn | |
| 1562 | 8782 | acydburn | if (substr($this->lang_path, -1) != '/') |
| 1563 | 8782 | acydburn | {
|
| 1564 | 8782 | acydburn | $this->lang_path .= '/'; |
| 1565 | 8782 | acydburn | } |
| 1566 | 8782 | acydburn | } |
| 1567 | 8782 | acydburn | |
| 1568 | 8782 | acydburn | /**
|
| 1569 | 6048 | acydburn | * Setup basic user-specific items (style, language, ...) |
| 1570 | 6048 | acydburn | */ |
| 1571 | 2958 | psotfx | function setup($lang_set = false, $style = false) |
| 1572 | 2923 | psotfx | {
|
| 1573 | 5372 | acydburn | global $db, $template, $config, $auth, $phpEx, $phpbb_root_path, $cache; |
| 1574 | 2923 | psotfx | |
| 1575 | 2997 | psotfx | if ($this->data['user_id'] != ANONYMOUS) |
| 1576 | 2923 | psotfx | {
|
| 1577 | 8782 | acydburn | $this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']); |
| 1578 | 2923 | psotfx | |
| 1579 | 2958 | psotfx | $this->date_format = $this->data['user_dateformat']; |
| 1580 | 2958 | psotfx | $this->timezone = $this->data['user_timezone'] * 3600; |
| 1581 | 2958 | psotfx | $this->dst = $this->data['user_dst'] * 3600; |
| 1582 | 2923 | psotfx | } |
| 1583 | 2958 | psotfx | else
|
| 1584 | 2923 | psotfx | {
|
| 1585 | 7879 | kellanved | $this->lang_name = basename($config['default_lang']); |
| 1586 | 2983 | psotfx | $this->date_format = $config['default_dateformat']; |
| 1587 | 2983 | psotfx | $this->timezone = $config['board_timezone'] * 3600; |
| 1588 | 3802 | psotfx | $this->dst = $config['board_dst'] * 3600; |
| 1589 | 2942 | psotfx | |
| 1590 | 6436 | acydburn | /**
|
| 1591 | 6436 | acydburn | * If a guest user is surfing, we try to guess his/her language first by obtaining the browser language |
| 1592 | 6614 | acydburn | * If re-enabled we need to make sure only those languages installed are checked |
| 1593 | 6614 | acydburn | * Commented out so we do not loose the code. |
| 1594 | 6048 | acydburn | |
| 1595 | 11368 | git-gate | if ($request->header('Accept-Language'))
|
| 1596 | 2923 | psotfx | {
|
| 1597 | 11368 | git-gate | $accept_lang_ary = explode(',', $request->header('Accept-Language'));
|
| 1598 | 6436 | acydburn | |
| 1599 | 2997 | psotfx | foreach ($accept_lang_ary as $accept_lang) |
| 1600 | 2923 | psotfx | {
|
| 1601 | 2958 | psotfx | // Set correct format ... guess full xx_YY form |
| 1602 | 2958 | psotfx | $accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2)); |
| 1603 | 6436 | acydburn | $accept_lang = basename($accept_lang); |
| 1604 | 6436 | acydburn | |
| 1605 | 8782 | acydburn | if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx")) |
| 1606 | 2923 | psotfx | {
|
| 1607 | 5074 | acydburn | $this->lang_name = $config['default_lang'] = $accept_lang; |
| 1608 | 2923 | psotfx | break; |
| 1609 | 2923 | psotfx | } |
| 1610 | 2958 | psotfx | else |
| 1611 | 2958 | psotfx | {
|
| 1612 | 2958 | psotfx | // No match on xx_YY so try xx |
| 1613 | 2958 | psotfx | $accept_lang = substr($accept_lang, 0, 2); |
| 1614 | 6436 | acydburn | $accept_lang = basename($accept_lang); |
| 1615 | 6436 | acydburn | |
| 1616 | 8782 | acydburn | if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx")) |
| 1617 | 2958 | psotfx | {
|
| 1618 | 5074 | acydburn | $this->lang_name = $config['default_lang'] = $accept_lang; |
| 1619 | 2958 | psotfx | break; |
| 1620 | 2958 | psotfx | } |
| 1621 | 2958 | psotfx | } |
| 1622 | 2923 | psotfx | } |
| 1623 | 2923 | psotfx | } |
| 1624 | 6436 | acydburn | */ |
| 1625 | 2923 | psotfx | } |
| 1626 | 7890 | naderman | |
| 1627 | 4962 | acydburn | // We include common language file here to not load it every time a custom language file is included
|
| 1628 | 4962 | acydburn | $lang = &$this->lang; |
| 1629 | 7879 | kellanved | |
| 1630 | 9383 | acydburn | // Do not suppress error if in DEBUG_EXTRA mode
|
| 1631 | 9383 | acydburn | $include_result = (defined('DEBUG_EXTRA')) ? (include $this->lang_path . $this->lang_name . "/common.$phpEx") : (@include $this->lang_path . $this->lang_name . "/common.$phpEx"); |
| 1632 | 9383 | acydburn | |
| 1633 | 9383 | acydburn | if ($include_result === false) |
| 1634 | 5104 | bartvb | {
|
| 1635 | 8782 | acydburn | die('Language file ' . $this->lang_path . $this->lang_name . "/common.$phpEx" . " couldn't be opened."); |
| 1636 | 5104 | bartvb | } |
| 1637 | 4962 | acydburn | |
| 1638 | 4844 | acydburn | $this->add_lang($lang_set); |
| 1639 | 4844 | acydburn | unset($lang_set); |
| 1640 | 4970 | psotfx | |
| 1641 | 10801 | git-gate | $style_request = request_var('style', 0); |
| 1642 | 10801 | git-gate | if ($style_request && $auth->acl_get('a_styles') && !defined('ADMIN_START')) |
| 1643 | 4250 | psotfx | {
|
| 1644 | 6015 | acydburn | global $SID, $_EXTRA_URL; |
| 1645 | 4473 | psotfx | |
| 1646 | 10801 | git-gate | $style = $style_request; |
| 1647 | 5064 | acydburn | $SID .= '&style=' . $style; |
| 1648 | 6015 | acydburn | $_EXTRA_URL = array('style=' . $style); |
| 1649 | 4250 | psotfx | } |
| 1650 | 4250 | psotfx | else
|
| 1651 | 4250 | psotfx | {
|
| 1652 | 4250 | psotfx | // Set up style
|
| 1653 | 8075 | acydburn | $style = ($style) ? $style : ((!$config['override_user_style']) ? $this->data['user_style'] : $config['default_style']); |
| 1654 | 4250 | psotfx | } |
| 1655 | 2923 | psotfx | |
| 1656 | 11429 | git-gate | $sql = 'SELECT s.style_id, t.template_path, t.template_id, t.bbcode_bitfield, t.template_inherits_id, t.template_inherit_path, c.theme_path, c.theme_name, c.theme_id |
| 1657 | 11429 | git-gate | FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . " c |
| 1658 | 5372 | acydburn | WHERE s.style_id = $style |
| 1659 | 5372 | acydburn | AND t.template_id = s.template_id |
| 1660 | 11429 | git-gate | AND c.theme_id = s.theme_id";
|
| 1661 | 4473 | psotfx | $result = $db->sql_query($sql, 3600); |
| 1662 | 5372 | acydburn | $this->theme = $db->sql_fetchrow($result); |
| 1663 | 6048 | acydburn | $db->sql_freeresult($result); |
| 1664 | 2923 | psotfx | |
| 1665 | 5486 | acydburn | // User has wrong style
|
| 1666 | 5486 | acydburn | if (!$this->theme && $style == $this->data['user_style']) |
| 1667 | 5486 | acydburn | {
|
| 1668 | 5486 | acydburn | $style = $this->data['user_style'] = $config['default_style']; |
| 1669 | 5486 | acydburn | |
| 1670 | 7890 | naderman | $sql = 'UPDATE ' . USERS_TABLE . " |
| 1671 | 7890 | naderman | SET user_style = $style |
| 1672 | 5486 | acydburn | WHERE user_id = {$this->data['user_id']}"; |
| 1673 | 5486 | acydburn | $db->sql_query($sql); |
| 1674 | 5486 | acydburn | |
| 1675 | 11429 | git-gate | $sql = 'SELECT s.style_id, t.template_path, t.template_id, t.bbcode_bitfield, c.theme_path, c.theme_name, c.theme_id |
| 1676 | 11429 | git-gate | FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . " c |
| 1677 | 5486 | acydburn | WHERE s.style_id = $style |
| 1678 | 5486 | acydburn | AND t.template_id = s.template_id |
| 1679 | 11429 | git-gate | AND c.theme_id = s.theme_id";
|
| 1680 | 5643 | acydburn | $result = $db->sql_query($sql, 3600); |
| 1681 | 5486 | acydburn | $this->theme = $db->sql_fetchrow($result); |
| 1682 | 5486 | acydburn | $db->sql_freeresult($result); |
| 1683 | 5486 | acydburn | } |
| 1684 | 5486 | acydburn | |
| 1685 | 5372 | acydburn | if (!$this->theme) |
| 1686 | 2923 | psotfx | {
|
| 1687 | 5426 | grahamje | trigger_error('Could not get style data', E_USER_ERROR); |
| 1688 | 2923 | psotfx | } |
| 1689 | 2923 | psotfx | |
| 1690 | 5372 | acydburn | // Now parse the cfg file and cache it
|
| 1691 | 5372 | acydburn | $parsed_items = $cache->obtain_cfg_items($this->theme); |
| 1692 | 5643 | acydburn | |
| 1693 | 5372 | acydburn | // We are only interested in the theme configuration for now
|
| 1694 | 5372 | acydburn | $parsed_items = $parsed_items['theme']; |
| 1695 | 2923 | psotfx | |
| 1696 | 5372 | acydburn | $check_for = array( |
| 1697 | 5372 | acydburn | 'pagination_sep' => (string) ', ' |
| 1698 | 5372 | acydburn | ); |
| 1699 | 2923 | psotfx | |
| 1700 | 5372 | acydburn | foreach ($check_for as $key => $default_value) |
| 1701 | 4897 | acydburn | {
|
| 1702 | 5374 | subblue | $this->theme[$key] = (isset($parsed_items[$key])) ? $parsed_items[$key] : $default_value; |
| 1703 | 5372 | acydburn | settype($this->theme[$key], gettype($default_value)); |
| 1704 | 5372 | acydburn | |
| 1705 | 5372 | acydburn | if (is_string($default_value)) |
| 1706 | 5372 | acydburn | {
|
| 1707 | 5372 | acydburn | $this->theme[$key] = htmlspecialchars($this->theme[$key]); |
| 1708 | 5372 | acydburn | } |
| 1709 | 4897 | acydburn | } |
| 1710 | 4897 | acydburn | |
| 1711 | 4235 | psotfx | $template->set_template();
|
| 1712 | 4235 | psotfx | |
| 1713 | 11429 | git-gate | $this->img_lang = $this->lang_name; |
| 1714 | 4235 | psotfx | |
| 1715 | 8100 | acydburn | // Call phpbb_user_session_handler() in case external application want to "bend" some variables or replace classes...
|
| 1716 | 8100 | acydburn | // After calling it we continue script execution...
|
| 1717 | 8100 | acydburn | phpbb_user_session_handler(); |
| 1718 | 8100 | acydburn | |
| 1719 | 7102 | acydburn | // If this function got called from the error handler we are finished here.
|
| 1720 | 7102 | acydburn | if (defined('IN_ERROR_HANDLER')) |
| 1721 | 7102 | acydburn | {
|
| 1722 | 7102 | acydburn | return;
|
| 1723 | 7102 | acydburn | } |
| 1724 | 7102 | acydburn | |
| 1725 | 6628 | acydburn | // Disable board if the install/ directory is still present
|
| 1726 | 6628 | acydburn | // For the brave development army we do not care about this, else we need to comment out this everytime we develop locally
|
| 1727 | 9654 | rxu | if (!defined('DEBUG_EXTRA') && !defined('ADMIN_START') && !defined('IN_INSTALL') && !defined('IN_LOGIN') && file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install')) |
| 1728 | 6628 | acydburn | {
|
| 1729 | 6628 | acydburn | // Adjust the message slightly according to the permissions
|
| 1730 | 6708 | naderman | if ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) |
| 1731 | 6628 | acydburn | {
|
| 1732 | 6628 | acydburn | $message = 'REMOVE_INSTALL'; |
| 1733 | 6628 | acydburn | } |
| 1734 | 6628 | acydburn | else
|
| 1735 | 6628 | acydburn | {
|
| 1736 | 6628 | acydburn | $message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE'; |
| 1737 | 6628 | acydburn | } |
| 1738 | 6628 | acydburn | trigger_error($message); |
| 1739 | 6628 | acydburn | } |
| 1740 | 6628 | acydburn | |
| 1741 | 4950 | psotfx | // Is board disabled and user not an admin or moderator?
|
| 1742 | 6708 | naderman | if ($config['board_disable'] && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) |
| 1743 | 4950 | psotfx | {
|
| 1744 | 9490 | acydburn | if ($this->data['is_bot']) |
| 1745 | 9490 | acydburn | {
|
| 1746 | 10787 | git-gate | send_status_line(503, 'Service Unavailable'); |
| 1747 | 9490 | acydburn | } |
| 1748 | 7054 | acydburn | |
| 1749 | 4950 | psotfx | $message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE'; |
| 1750 | 4950 | psotfx | trigger_error($message); |
| 1751 | 4950 | psotfx | } |
| 1752 | 4950 | psotfx | |
| 1753 | 5902 | acydburn | // Is load exceeded?
|
| 1754 | 5902 | acydburn | if ($config['limit_load'] && $this->load !== false) |
| 1755 | 5902 | acydburn | {
|
| 1756 | 10751 | git-gate | if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !defined('IN_ADMIN')) |
| 1757 | 5902 | acydburn | {
|
| 1758 | 7875 | acydburn | // Set board disabled to true to let the admins/mods get the proper notification
|
| 1759 | 7875 | acydburn | $config['board_disable'] = '1'; |
| 1760 | 7875 | acydburn | |
| 1761 | 7875 | acydburn | if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) |
| 1762 | 7875 | acydburn | {
|
| 1763 | 9490 | acydburn | if ($this->data['is_bot']) |
| 1764 | 9490 | acydburn | {
|
| 1765 | 10787 | git-gate | send_status_line(503, 'Service Unavailable'); |
| 1766 | 9490 | acydburn | } |
| 1767 | 7875 | acydburn | trigger_error('BOARD_UNAVAILABLE'); |
| 1768 | 7875 | acydburn | } |
| 1769 | 5902 | acydburn | } |
| 1770 | 5902 | acydburn | } |
| 1771 | 7890 | naderman | |
| 1772 | 7801 | kellanved | if (isset($this->data['session_viewonline'])) |
| 1773 | 7755 | kellanved | {
|
| 1774 | 7801 | kellanved | // Make sure the user is able to hide his session
|
| 1775 | 7801 | kellanved | if (!$this->data['session_viewonline']) |
| 1776 | 7755 | kellanved | {
|
| 1777 | 7801 | kellanved | // Reset online status if not allowed to hide the session...
|
| 1778 | 7801 | kellanved | if (!$auth->acl_get('u_hideonline')) |
| 1779 | 7801 | kellanved | {
|
| 1780 | 7801 | kellanved | $sql = 'UPDATE ' . SESSIONS_TABLE . ' |
| 1781 | 7801 | kellanved | SET session_viewonline = 1 |
| 1782 | 7801 | kellanved | WHERE session_user_id = ' . $this->data['user_id']; |
| 1783 | 7801 | kellanved | $db->sql_query($sql); |
| 1784 | 7801 | kellanved | $this->data['session_viewonline'] = 1; |
| 1785 | 7801 | kellanved | } |
| 1786 | 7755 | kellanved | } |
| 1787 | 7801 | kellanved | else if (!$this->data['user_allow_viewonline']) |
| 1788 | 7755 | kellanved | {
|
| 1789 | 7801 | kellanved | // the user wants to hide and is allowed to -> cloaking device on.
|
| 1790 | 7801 | kellanved | if ($auth->acl_get('u_hideonline')) |
| 1791 | 7801 | kellanved | {
|
| 1792 | 7801 | kellanved | $sql = 'UPDATE ' . SESSIONS_TABLE . ' |
| 1793 | 7801 | kellanved | SET session_viewonline = 0 |
| 1794 | 7801 | kellanved | WHERE session_user_id = ' . $this->data['user_id']; |
| 1795 | 7801 | kellanved | $db->sql_query($sql); |
| 1796 | 7801 | kellanved | $this->data['session_viewonline'] = 0; |
| 1797 | 7801 | kellanved | } |
| 1798 | 7755 | kellanved | } |
| 1799 | 7755 | kellanved | } |
| 1800 | 5902 | acydburn | |
| 1801 | 7755 | kellanved | |
| 1802 | 4793 | psotfx | // Does the user need to change their password? If so, redirect to the
|
| 1803 | 6048 | acydburn | // ucp profile reg_details page ... of course do not redirect if we're already in the ucp
|
| 1804 | 9665 | leviatan21 | if (!defined('IN_ADMIN') && !defined('ADMIN_START') && $config['chg_passforce'] && !empty($this->data['is_registered']) && $auth->acl_get('u_chgpasswd') && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) |
| 1805 | 4793 | psotfx | {
|
| 1806 | 6170 | acydburn | if (strpos($this->page['query_string'], 'mode=reg_details') === false && $this->page['page_name'] != "ucp.$phpEx") |
| 1807 | 4793 | psotfx | {
|
| 1808 | 6015 | acydburn | redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&mode=reg_details')); |
| 1809 | 4793 | psotfx | } |
| 1810 | 4793 | psotfx | } |
| 1811 | 4793 | psotfx | |
| 1812 | 2923 | psotfx | return;
|
| 1813 | 2923 | psotfx | } |
| 1814 | 2923 | psotfx | |
| 1815 | 6048 | acydburn | /**
|
| 1816 | 8800 | acydburn | * More advanced language substitution |
| 1817 | 8800 | acydburn | * Function to mimic sprintf() with the possibility of using phpBB's language system to substitute nullar/singular/plural forms. |
| 1818 | 8800 | acydburn | * Params are the language key and the parameters to be substituted. |
| 1819 | 8800 | acydburn | * This function/functionality is inspired by SHS` and Ashe. |
| 1820 | 8800 | acydburn | * |
| 1821 | 8800 | acydburn | * Example call: <samp>$user->lang('NUM_POSTS_IN_QUEUE', 1);</samp>
|
| 1822 | 11603 | git-gate | * |
| 1823 | 11603 | git-gate | * If the first parameter is an array, the elements are used as keys and subkeys to get the language entry: |
| 1824 | 11603 | git-gate | * Example: <samp>$user->lang(array('datetime', 'AGO'), 1)</samp> uses $user->lang['datetime']['AGO'] as language entry.
|
| 1825 | 8800 | acydburn | */ |
| 1826 | 8800 | acydburn | function lang() |
| 1827 | 8800 | acydburn | {
|
| 1828 | 8800 | acydburn | $args = func_get_args(); |
| 1829 | 8800 | acydburn | $key = $args[0]; |
| 1830 | 8800 | acydburn | |
| 1831 | 9136 | acydburn | if (is_array($key)) |
| 1832 | 9136 | acydburn | {
|
| 1833 | 9136 | acydburn | $lang = &$this->lang[array_shift($key)]; |
| 1834 | 9136 | acydburn | |
| 1835 | 9136 | acydburn | foreach ($key as $_key) |
| 1836 | 9136 | acydburn | {
|
| 1837 | 9136 | acydburn | $lang = &$lang[$_key]; |
| 1838 | 9136 | acydburn | } |
| 1839 | 9136 | acydburn | } |
| 1840 | 9136 | acydburn | else
|
| 1841 | 9136 | acydburn | {
|
| 1842 | 9136 | acydburn | $lang = &$this->lang[$key]; |
| 1843 | 9136 | acydburn | } |
| 1844 | 9136 | acydburn | |
| 1845 | 8800 | acydburn | // Return if language string does not exist
|
| 1846 | 9136 | acydburn | if (!isset($lang) || (!is_string($lang) && !is_array($lang))) |
| 1847 | 8800 | acydburn | {
|
| 1848 | 8800 | acydburn | return $key; |
| 1849 | 8800 | acydburn | } |
| 1850 | 8800 | acydburn | |
| 1851 | 8800 | acydburn | // If the language entry is a string, we simply mimic sprintf() behaviour
|
| 1852 | 9136 | acydburn | if (is_string($lang)) |
| 1853 | 8800 | acydburn | {
|
| 1854 | 8800 | acydburn | if (sizeof($args) == 1) |
| 1855 | 8800 | acydburn | {
|
| 1856 | 9136 | acydburn | return $lang; |
| 1857 | 8800 | acydburn | } |
| 1858 | 8800 | acydburn | |
| 1859 | 8800 | acydburn | // Replace key with language entry and simply pass along...
|
| 1860 | 9136 | acydburn | $args[0] = $lang; |
| 1861 | 8800 | acydburn | return call_user_func_array('sprintf', $args); |
| 1862 | 8800 | acydburn | } |
| 1863 | 11603 | git-gate | else if (sizeof($lang) == 0) |
| 1864 | 11603 | git-gate | {
|
| 1865 | 11603 | git-gate | // If the language entry is an empty array, we just return the language key
|
| 1866 | 11603 | git-gate | return $args[0]; |
| 1867 | 11603 | git-gate | } |
| 1868 | 8800 | acydburn | |
| 1869 | 8800 | acydburn | // It is an array... now handle different nullar/singular/plural forms
|
| 1870 | 8800 | acydburn | $key_found = false; |
| 1871 | 8800 | acydburn | |
| 1872 | 8800 | acydburn | // We now get the first number passed and will select the key based upon this number
|
| 1873 | 8800 | acydburn | for ($i = 1, $num_args = sizeof($args); $i < $num_args; $i++) |
| 1874 | 8800 | acydburn | {
|
| 1875 | 11603 | git-gate | if (is_int($args[$i]) || is_float($args[$i])) |
| 1876 | 8800 | acydburn | {
|
| 1877 | 11603 | git-gate | if ($args[$i] == 0 && isset($lang[0])) |
| 1878 | 8800 | acydburn | {
|
| 1879 | 11603 | git-gate | // We allow each translation using plural forms to specify a version for the case of 0 things,
|
| 1880 | 11603 | git-gate | // so that "0 users" may be displayed as "No users".
|
| 1881 | 11603 | git-gate | $key_found = 0; |
| 1882 | 11603 | git-gate | break;
|
| 1883 | 11603 | git-gate | } |
| 1884 | 11603 | git-gate | else
|
| 1885 | 11603 | git-gate | {
|
| 1886 | 11603 | git-gate | $use_plural_form = $this->get_plural_form($args[$i]); |
| 1887 | 11603 | git-gate | if (isset($lang[$use_plural_form])) |
| 1888 | 8800 | acydburn | {
|
| 1889 | 11603 | git-gate | // The key we should use exists, so we use it.
|
| 1890 | 11603 | git-gate | $key_found = $use_plural_form; |
| 1891 | 8800 | acydburn | } |
| 1892 | 11603 | git-gate | else
|
| 1893 | 11603 | git-gate | {
|
| 1894 | 11603 | git-gate | // If the key we need to use does not exist, we fall back to the previous one.
|
| 1895 | 11603 | git-gate | $numbers = array_keys($lang); |
| 1896 | 8800 | acydburn | |
| 1897 | 11603 | git-gate | foreach ($numbers as $num) |
| 1898 | 11603 | git-gate | {
|
| 1899 | 11603 | git-gate | if ($num > $use_plural_form) |
| 1900 | 11603 | git-gate | {
|
| 1901 | 11603 | git-gate | break;
|
| 1902 | 11603 | git-gate | } |
| 1903 | 11603 | git-gate | |
| 1904 | 11603 | git-gate | $key_found = $num; |
| 1905 | 11603 | git-gate | } |
| 1906 | 11603 | git-gate | } |
| 1907 | 11603 | git-gate | break;
|
| 1908 | 8800 | acydburn | } |
| 1909 | 8800 | acydburn | } |
| 1910 | 8800 | acydburn | } |
| 1911 | 8800 | acydburn | |
| 1912 | 8800 | acydburn | // Ok, let's check if the key was found, else use the last entry (because it is mostly the plural form)
|
| 1913 | 8800 | acydburn | if ($key_found === false) |
| 1914 | 8800 | acydburn | {
|
| 1915 | 9136 | acydburn | $numbers = array_keys($lang); |
| 1916 | 8800 | acydburn | $key_found = end($numbers); |
| 1917 | 8800 | acydburn | } |
| 1918 | 8800 | acydburn | |
| 1919 | 8800 | acydburn | // Use the language string we determined and pass it to sprintf()
|
| 1920 | 9136 | acydburn | $args[0] = $lang[$key_found]; |
| 1921 | 8800 | acydburn | return call_user_func_array('sprintf', $args); |
| 1922 | 8800 | acydburn | } |
| 1923 | 8800 | acydburn | |
| 1924 | 8800 | acydburn | /**
|
| 1925 | 11603 | git-gate | * Determine which plural form we should use. |
| 1926 | 11603 | git-gate | * For some languages this is not as simple as for English. |
| 1927 | 11603 | git-gate | * |
| 1928 | 11603 | git-gate | * @param $number int|float The number we want to get the plural case for. Float numbers are floored. |
| 1929 | 11603 | git-gate | * @param $force_rule mixed False to use the plural rule of the language package |
| 1930 | 11603 | git-gate | * or an integer to force a certain plural rule |
| 1931 | 11603 | git-gate | * @return int The plural-case we need to use for the number plural-rule combination |
| 1932 | 11603 | git-gate | */ |
| 1933 | 11603 | git-gate | function get_plural_form($number, $force_rule = false) |
| 1934 | 11603 | git-gate | {
|
| 1935 | 11603 | git-gate | $number = (int) $number; |
| 1936 | 11603 | git-gate | |
| 1937 | 11603 | git-gate | // Default to English system
|
| 1938 | 11603 | git-gate | $plural_rule = ($force_rule !== false) ? $force_rule : ((isset($this->lang['PLURAL_RULE'])) ? $this->lang['PLURAL_RULE'] : 1); |
| 1939 | 11603 | git-gate | |
| 1940 | 11603 | git-gate | return phpbb_get_plural_form($plural_rule, $number); |
| 1941 | 11603 | git-gate | } |
| 1942 | 11603 | git-gate | |
| 1943 | 11603 | git-gate | /**
|
| 1944 | 6048 | acydburn | * Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion) |
| 1945 | 6048 | acydburn | * |
| 1946 | 6048 | acydburn | * @param mixed $lang_set specifies the language entries to include |
| 1947 | 6048 | acydburn | * @param bool $use_db internal variable for recursion, do not use |
| 1948 | 6048 | acydburn | * @param bool $use_help internal variable for recursion, do not use |
| 1949 | 11557 | git-gate | * @param string $ext_name The extension to load language from, or empty for core files |
| 1950 | 6048 | acydburn | * |
| 1951 | 6048 | acydburn | * Examples: |
| 1952 | 6048 | acydburn | * <code> |
| 1953 | 6048 | acydburn | * $lang_set = array('posting', 'help' => 'faq');
|
| 1954 | 6048 | acydburn | * $lang_set = array('posting', 'viewtopic', 'help' => array('bbcode', 'faq'))
|
| 1955 | 6048 | acydburn | * $lang_set = array(array('posting', 'viewtopic'), 'help' => array('bbcode', 'faq'))
|
| 1956 | 6048 | acydburn | * $lang_set = 'posting' |
| 1957 | 6048 | acydburn | * $lang_set = array('help' => 'faq', 'db' => array('help:faq', 'posting'))
|
| 1958 | 6048 | acydburn | * </code> |
| 1959 | 6048 | acydburn | */ |
| 1960 | 11557 | git-gate | function add_lang($lang_set, $use_db = false, $use_help = false, $ext_name = '') |
| 1961 | 4844 | acydburn | {
|
| 1962 | 4962 | acydburn | global $phpEx; |
| 1963 | 4844 | acydburn | |
| 1964 | 4844 | acydburn | if (is_array($lang_set)) |
| 1965 | 4844 | acydburn | {
|
| 1966 | 4844 | acydburn | foreach ($lang_set as $key => $lang_file) |
| 1967 | 4844 | acydburn | {
|
| 1968 | 4950 | psotfx | // Please do not delete this line.
|
| 1969 | 4859 | acydburn | // We have to force the type here, else [array] language inclusion will not work
|
| 1970 | 4859 | acydburn | $key = (string) $key; |
| 1971 | 4859 | acydburn | |
| 1972 | 4844 | acydburn | if ($key == 'db') |
| 1973 | 4844 | acydburn | {
|
| 1974 | 11557 | git-gate | $this->add_lang($lang_file, true, $use_help, $ext_name); |
| 1975 | 4844 | acydburn | } |
| 1976 | 4844 | acydburn | else if ($key == 'help') |
| 1977 | 4844 | acydburn | {
|
| 1978 | 11557 | git-gate | $this->add_lang($lang_file, $use_db, true, $ext_name); |
| 1979 | 4844 | acydburn | } |
| 1980 | 4844 | acydburn | else if (!is_array($lang_file)) |
| 1981 | 4844 | acydburn | {
|
| 1982 | 11557 | git-gate | $this->set_lang($this->lang, $this->help, $lang_file, $use_db, $use_help, $ext_name); |
| 1983 | 4844 | acydburn | } |
| 1984 | 4844 | acydburn | else
|
| 1985 | 4844 | acydburn | {
|
| 1986 | 11557 | git-gate | $this->add_lang($lang_file, $use_db, $use_help, $ext_name); |
| 1987 | 4844 | acydburn | } |
| 1988 | 4844 | acydburn | } |
| 1989 | 4844 | acydburn | unset($lang_set); |
| 1990 | 4844 | acydburn | } |
| 1991 | 4844 | acydburn | else if ($lang_set) |
| 1992 | 4844 | acydburn | {
|
| 1993 | 11557 | git-gate | $this->set_lang($this->lang, $this->help, $lang_set, $use_db, $use_help, $ext_name); |
| 1994 | 4844 | acydburn | } |
| 1995 | 4844 | acydburn | } |
| 1996 | 4844 | acydburn | |
| 1997 | 6048 | acydburn | /**
|
| 1998 | 11557 | git-gate | * Add Language Items from an extension - use_db and use_help are assigned where needed (only use them to force inclusion) |
| 1999 | 11557 | git-gate | * |
| 2000 | 11557 | git-gate | * @param string $ext_name The extension to load language from, or empty for core files |
| 2001 | 11557 | git-gate | * @param mixed $lang_set specifies the language entries to include |
| 2002 | 11557 | git-gate | * @param bool $use_db internal variable for recursion, do not use |
| 2003 | 11557 | git-gate | * @param bool $use_help internal variable for recursion, do not use |
| 2004 | 11557 | git-gate | */ |
| 2005 | 11557 | git-gate | function add_lang_ext($ext_name, $lang_set, $use_db = false, $use_help = false) |
| 2006 | 11557 | git-gate | {
|
| 2007 | 11557 | git-gate | if ($ext_name === '/') |
| 2008 | 11557 | git-gate | {
|
| 2009 | 11557 | git-gate | $ext_name = ''; |
| 2010 | 11557 | git-gate | } |
| 2011 | 11557 | git-gate | |
| 2012 | 11557 | git-gate | $this->add_lang($lang_set, $use_db, $use_help, $ext_name); |
| 2013 | 11557 | git-gate | } |
| 2014 | 11557 | git-gate | |
| 2015 | 11557 | git-gate | /**
|
| 2016 | 6048 | acydburn | * Set language entry (called by add_lang) |
| 2017 | 6312 | acydburn | * @access private |
| 2018 | 6048 | acydburn | */ |
| 2019 | 11557 | git-gate | function set_lang(&$lang, &$help, $lang_file, $use_db = false, $use_help = false, $ext_name = '') |
| 2020 | 4847 | psotfx | {
|
| 2021 | 11557 | git-gate | global $phpbb_root_path, $phpEx; |
| 2022 | 4847 | psotfx | |
| 2023 | 8782 | acydburn | // Make sure the language name is set (if the user setup did not happen it is not set)
|
| 2024 | 8782 | acydburn | if (!$this->lang_name) |
| 2025 | 5494 | acydburn | {
|
| 2026 | 8785 | acydburn | global $config; |
| 2027 | 8782 | acydburn | $this->lang_name = basename($config['default_lang']); |
| 2028 | 5494 | acydburn | } |
| 2029 | 5494 | acydburn | |
| 2030 | 4962 | acydburn | // $lang == $this->lang
|
| 2031 | 4962 | acydburn | // $help == $this->help
|
| 2032 | 6915 | acydburn | // - add appropriate variables here, name them as they are used within the language file...
|
| 2033 | 4847 | psotfx | if (!$use_db) |
| 2034 | 4847 | psotfx | {
|
| 2035 | 7805 | acydburn | if ($use_help && strpos($lang_file, '/') !== false) |
| 2036 | 5104 | bartvb | {
|
| 2037 | 11557 | git-gate | $filename = dirname($lang_file) . '/help_' . basename($lang_file); |
| 2038 | 5104 | bartvb | } |
| 2039 | 7805 | acydburn | else
|
| 2040 | 7805 | acydburn | {
|
| 2041 | 11557 | git-gate | $filename = (($use_help) ? 'help_' : '') . $lang_file; |
| 2042 | 7805 | acydburn | } |
| 2043 | 7805 | acydburn | |
| 2044 | 11557 | git-gate | if ($ext_name) |
| 2045 | 11557 | git-gate | {
|
| 2046 | 11557 | git-gate | global $phpbb_extension_manager; |
| 2047 | 11557 | git-gate | $ext_path = $phpbb_extension_manager->get_extension_path($ext_name, true); |
| 2048 | 11557 | git-gate | |
| 2049 | 11557 | git-gate | $lang_path = $ext_path . 'language/'; |
| 2050 | 11557 | git-gate | } |
| 2051 | 11557 | git-gate | else
|
| 2052 | 11557 | git-gate | {
|
| 2053 | 11557 | git-gate | $lang_path = $this->lang_path; |
| 2054 | 11557 | git-gate | } |
| 2055 | 11557 | git-gate | |
| 2056 | 11557 | git-gate | if (strpos($phpbb_root_path . $filename, $lang_path . $this->lang_name . '/') === 0) |
| 2057 | 11557 | git-gate | {
|
| 2058 | 11557 | git-gate | $language_filename = $phpbb_root_path . $filename; |
| 2059 | 11557 | git-gate | } |
| 2060 | 11557 | git-gate | else
|
| 2061 | 11557 | git-gate | {
|
| 2062 | 11557 | git-gate | $language_filename = $lang_path . $this->lang_name . '/' . $filename . '.' . $phpEx; |
| 2063 | 11557 | git-gate | } |
| 2064 | 11557 | git-gate | |
| 2065 | 9901 | acydburn | if (!file_exists($language_filename)) |
| 2066 | 9901 | acydburn | {
|
| 2067 | 9901 | acydburn | global $config; |
| 2068 | 9901 | acydburn | |
| 2069 | 9901 | acydburn | if ($this->lang_name == 'en') |
| 2070 | 9901 | acydburn | {
|
| 2071 | 9901 | acydburn | // The user's selected language is missing the file, the board default's language is missing the file, and the file doesn't exist in /en.
|
| 2072 | 11557 | git-gate | $language_filename = str_replace($lang_path . 'en', $lang_path . $this->data['user_lang'], $language_filename); |
| 2073 | 9901 | acydburn | trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR); |
| 2074 | 9901 | acydburn | } |
| 2075 | 9901 | acydburn | else if ($this->lang_name == basename($config['default_lang'])) |
| 2076 | 9901 | acydburn | {
|
| 2077 | 9901 | acydburn | // Fall back to the English Language
|
| 2078 | 9901 | acydburn | $this->lang_name = 'en'; |
| 2079 | 11557 | git-gate | $this->set_lang($lang, $help, $lang_file, $use_db, $use_help, $ext_name); |
| 2080 | 9901 | acydburn | } |
| 2081 | 9901 | acydburn | else if ($this->lang_name == $this->data['user_lang']) |
| 2082 | 9901 | acydburn | {
|
| 2083 | 9901 | acydburn | // Fall back to the board default language
|
| 2084 | 9901 | acydburn | $this->lang_name = basename($config['default_lang']); |
| 2085 | 11557 | git-gate | $this->set_lang($lang, $help, $lang_file, $use_db, $use_help, $ext_name); |
| 2086 | 9901 | acydburn | } |
| 2087 | 9901 | acydburn | |
| 2088 | 9901 | acydburn | // Reset the lang name
|
| 2089 | 11557 | git-gate | $this->lang_name = (file_exists($lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']); |
| 2090 | 9901 | acydburn | return;
|
| 2091 | 9901 | acydburn | } |
| 2092 | 9901 | acydburn | |
| 2093 | 9383 | acydburn | // Do not suppress error if in DEBUG_EXTRA mode
|
| 2094 | 9383 | acydburn | $include_result = (defined('DEBUG_EXTRA')) ? (include $language_filename) : (@include $language_filename); |
| 2095 | 9383 | acydburn | |
| 2096 | 9383 | acydburn | if ($include_result === false) |
| 2097 | 7805 | acydburn | {
|
| 2098 | 8691 | acydburn | trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR); |
| 2099 | 7805 | acydburn | } |
| 2100 | 4847 | psotfx | } |
| 2101 | 4847 | psotfx | else if ($use_db) |
| 2102 | 4847 | psotfx | {
|
| 2103 | 4847 | psotfx | // Get Database Language Strings
|
| 2104 | 4847 | psotfx | // Put them into $lang if nothing is prefixed, put them into $help if help: is prefixed
|
| 2105 | 4847 | psotfx | // For example: help:faq, posting
|
| 2106 | 4847 | psotfx | } |
| 2107 | 4847 | psotfx | } |
| 2108 | 4847 | psotfx | |
| 2109 | 6048 | acydburn | /**
|
| 2110 | 6048 | acydburn | * Format user date |
| 2111 | 9136 | acydburn | * |
| 2112 | 9136 | acydburn | * @param int $gmepoch unix timestamp |
| 2113 | 9136 | acydburn | * @param string $format date format in date() notation. | used to indicate relative dates, for example |d m Y|, h:i is translated to Today, h:i. |
| 2114 | 9136 | acydburn | * @param bool $forcedate force non-relative date format. |
| 2115 | 9136 | acydburn | * |
| 2116 | 9136 | acydburn | * @return mixed translated date |
| 2117 | 6048 | acydburn | */ |
| 2118 | 4950 | psotfx | function format_date($gmepoch, $format = false, $forcedate = false) |
| 2119 | 2923 | psotfx | {
|
| 2120 | 6114 | acydburn | static $midnight; |
| 2121 | 9136 | acydburn | static $date_cache; |
| 2122 | 2923 | psotfx | |
| 2123 | 6114 | acydburn | $format = (!$format) ? $this->date_format : $format; |
| 2124 | 9170 | toonarmy | $now = time(); |
| 2125 | 9170 | toonarmy | $delta = $now - $gmepoch; |
| 2126 | 6114 | acydburn | |
| 2127 | 9136 | acydburn | if (!isset($date_cache[$format])) |
| 2128 | 2923 | psotfx | {
|
| 2129 | 9136 | acydburn | // Is the user requesting a friendly date format (i.e. 'Today 12:42')?
|
| 2130 | 9136 | acydburn | $date_cache[$format] = array( |
| 2131 | 9136 | acydburn | 'is_short' => strpos($format, '|'), |
| 2132 | 9136 | acydburn | 'format_short' => substr($format, 0, strpos($format, '|')) . '||' . substr(strrchr($format, '|'), 1), |
| 2133 | 9136 | acydburn | 'format_long' => str_replace('|', '', $format), |
| 2134 | 9136 | acydburn | 'lang' => $this->lang['datetime'], |
| 2135 | 9136 | acydburn | ); |
| 2136 | 9136 | acydburn | |
| 2137 | 9136 | acydburn | // Short representation of month in format? Some languages use different terms for the long and short format of May
|
| 2138 | 9136 | acydburn | if ((strpos($format, '\M') === false && strpos($format, 'M') !== false) || (strpos($format, '\r') === false && strpos($format, 'r') !== false)) |
| 2139 | 9136 | acydburn | {
|
| 2140 | 9136 | acydburn | $date_cache[$format]['lang']['May'] = $this->lang['datetime']['May_short']; |
| 2141 | 9136 | acydburn | } |
| 2142 | 2923 | psotfx | } |
| 2143 | 4748 | psotfx | |
| 2144 | 9301 | acydburn | // Zone offset
|
| 2145 | 9301 | acydburn | $zone_offset = $this->timezone + $this->dst; |
| 2146 | 9301 | acydburn | |
| 2147 | 11603 | git-gate | // Show date < 1 hour ago as 'xx min ago' but not greater than 60 seconds in the future
|
| 2148 | 9298 | acydburn | // A small tolerence is given for times in the future but in the same minute are displayed as '< than a minute ago'
|
| 2149 | 11603 | git-gate | if ($delta < 3600 && $delta > -60 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) |
| 2150 | 9136 | acydburn | {
|
| 2151 | 9170 | toonarmy | return $this->lang(array('datetime', 'AGO'), max(0, (int) floor($delta / 60))); |
| 2152 | 9136 | acydburn | } |
| 2153 | 4748 | psotfx | |
| 2154 | 4950 | psotfx | if (!$midnight) |
| 2155 | 4950 | psotfx | {
|
| 2156 | 9301 | acydburn | list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $zone_offset)); |
| 2157 | 9301 | acydburn | $midnight = gmmktime(0, 0, 0, $m, $d, $y) - $zone_offset; |
| 2158 | 4950 | psotfx | } |
| 2159 | 4950 | psotfx | |
| 2160 | 9298 | acydburn | if ($date_cache[$format]['is_short'] !== false && !$forcedate && !($gmepoch < $midnight - 86400 || $gmepoch > $midnight + 172800)) |
| 2161 | 5068 | acydburn | {
|
| 2162 | 9136 | acydburn | $day = false; |
| 2163 | 5175 | psotfx | |
| 2164 | 9136 | acydburn | if ($gmepoch > $midnight + 86400) |
| 2165 | 9136 | acydburn | {
|
| 2166 | 9136 | acydburn | $day = 'TOMORROW'; |
| 2167 | 9136 | acydburn | } |
| 2168 | 9136 | acydburn | else if ($gmepoch > $midnight) |
| 2169 | 9136 | acydburn | {
|
| 2170 | 9136 | acydburn | $day = 'TODAY'; |
| 2171 | 9136 | acydburn | } |
| 2172 | 9136 | acydburn | else if ($gmepoch > $midnight - 86400) |
| 2173 | 9136 | acydburn | {
|
| 2174 | 9136 | acydburn | $day = 'YESTERDAY'; |
| 2175 | 9136 | acydburn | } |
| 2176 | 9136 | acydburn | |
| 2177 | 9136 | acydburn | if ($day !== false) |
| 2178 | 9136 | acydburn | {
|
| 2179 | 9301 | acydburn | return str_replace('||', $this->lang['datetime'][$day], strtr(@gmdate($date_cache[$format]['format_short'], $gmepoch + $zone_offset), $date_cache[$format]['lang'])); |
| 2180 | 9136 | acydburn | } |
| 2181 | 6426 | grahamje | } |
| 2182 | 5967 | acydburn | |
| 2183 | 9301 | acydburn | return strtr(@gmdate($date_cache[$format]['format_long'], $gmepoch + $zone_offset), $date_cache[$format]['lang']); |
| 2184 | 2923 | psotfx | } |
| 2185 | 2958 | psotfx | |
| 2186 | 6048 | acydburn | /**
|
| 2187 | 6048 | acydburn | * Get language id currently used by the user |
| 2188 | 6048 | acydburn | */ |
| 2189 | 4740 | acydburn | function get_iso_lang_id() |
| 2190 | 4740 | acydburn | {
|
| 2191 | 4740 | acydburn | global $config, $db; |
| 2192 | 4740 | acydburn | |
| 2193 | 8011 | acydburn | if (!empty($this->lang_id)) |
| 2194 | 4740 | acydburn | {
|
| 2195 | 4740 | acydburn | return $this->lang_id; |
| 2196 | 4740 | acydburn | } |
| 2197 | 4740 | acydburn | |
| 2198 | 4748 | psotfx | if (!$this->lang_name) |
| 2199 | 4740 | acydburn | {
|
| 2200 | 4740 | acydburn | $this->lang_name = $config['default_lang']; |
| 2201 | 4740 | acydburn | } |
| 2202 | 4950 | psotfx | |
| 2203 | 4950 | psotfx | $sql = 'SELECT lang_id |
| 2204 | 4836 | acydburn | FROM ' . LANG_TABLE . " |
| 2205 | 5699 | acydburn | WHERE lang_iso = '" . $db->sql_escape($this->lang_name) . "'"; |
| 2206 | 4748 | psotfx | $result = $db->sql_query($sql); |
| 2207 | 8011 | acydburn | $this->lang_id = (int) $db->sql_fetchfield('lang_id'); |
| 2208 | 5699 | acydburn | $db->sql_freeresult($result); |
| 2209 | 4748 | psotfx | |
| 2210 | 8011 | acydburn | return $this->lang_id; |
| 2211 | 4740 | acydburn | } |
| 2212 | 4740 | acydburn | |
| 2213 | 6048 | acydburn | /**
|
| 2214 | 6048 | acydburn | * Get users profile fields |
| 2215 | 6048 | acydburn | */ |
| 2216 | 4740 | acydburn | function get_profile_fields($user_id) |
| 2217 | 4740 | acydburn | {
|
| 2218 | 5237 | acydburn | global $db; |
| 2219 | 4950 | psotfx | |
| 2220 | 5237 | acydburn | if (isset($this->profile_fields)) |
| 2221 | 4740 | acydburn | {
|
| 2222 | 4740 | acydburn | return;
|
| 2223 | 4740 | acydburn | } |
| 2224 | 4740 | acydburn | |
| 2225 | 6048 | acydburn | $sql = 'SELECT * |
| 2226 | 6048 | acydburn | FROM ' . PROFILE_FIELDS_DATA_TABLE . " |
| 2227 | 4836 | acydburn | WHERE user_id = $user_id"; |
| 2228 | 4950 | psotfx | $result = $db->sql_query_limit($sql, 1); |
| 2229 | 5237 | acydburn | $this->profile_fields = (!($row = $db->sql_fetchrow($result))) ? array() : $row; |
| 2230 | 4904 | acydburn | $db->sql_freeresult($result); |
| 2231 | 4740 | acydburn | } |
| 2232 | 4740 | acydburn | |
| 2233 | 6048 | acydburn | /**
|
| 2234 | 6048 | acydburn | * Specify/Get image |
| 2235 | 6048 | acydburn | */ |
| 2236 | 11429 | git-gate | function img($img, $alt = '') |
| 2237 | 2958 | psotfx | {
|
| 2238 | 5002 | acydburn | $alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt; |
| 2239 | 11429 | git-gate | return '<span class="imageset ' . $img . '">' . $alt . '</span>'; |
| 2240 | 2958 | psotfx | } |
| 2241 | 4440 | psotfx | |
| 2242 | 6048 | acydburn | /**
|
| 2243 | 11641 | git-gate | * Get option bit field from user options. |
| 2244 | 11641 | git-gate | * |
| 2245 | 11641 | git-gate | * @param int $key option key, as defined in $keyoptions property. |
| 2246 | 11641 | git-gate | * @param int $data bit field value to use, or false to use $this->data['user_options'] |
| 2247 | 11641 | git-gate | * @return bool true if the option is set in the bit field, false otherwise |
| 2248 | 6048 | acydburn | */ |
| 2249 | 4821 | psotfx | function optionget($key, $data = false) |
| 2250 | 4440 | psotfx | {
|
| 2251 | 11641 | git-gate | $var = ($data !== false) ? $data : $this->data['user_options']; |
| 2252 | 11641 | git-gate | return phpbb_optionget($this->keyoptions[$key], $var); |
| 2253 | 4440 | psotfx | } |
| 2254 | 4446 | psotfx | |
| 2255 | 6048 | acydburn | /**
|
| 2256 | 11641 | git-gate | * Set option bit field for user options. |
| 2257 | 11641 | git-gate | * |
| 2258 | 11641 | git-gate | * @param int $key Option key, as defined in $keyoptions property. |
| 2259 | 11641 | git-gate | * @param bool $value True to set the option, false to clear the option. |
| 2260 | 11641 | git-gate | * @param int $data Current bit field value, or false to use $this->data['user_options'] |
| 2261 | 11641 | git-gate | * @return int|bool If $data is false, the bit field is modified and |
| 2262 | 11641 | git-gate | * written back to $this->data['user_options'], and |
| 2263 | 11641 | git-gate | * return value is true if the bit field changed and |
| 2264 | 11641 | git-gate | * false otherwise. If $data is not false, the new |
| 2265 | 11641 | git-gate | * bitfield value is returned. |
| 2266 | 6048 | acydburn | */ |
| 2267 | 4821 | psotfx | function optionset($key, $value, $data = false) |
| 2268 | 4446 | psotfx | {
|
| 2269 | 11641 | git-gate | $var = ($data !== false) ? $data : $this->data['user_options']; |
| 2270 | 4821 | psotfx | |
| 2271 | 11641 | git-gate | $new_var = phpbb_optionset($this->keyoptions[$key], $value, $var); |
| 2272 | 4559 | psotfx | |
| 2273 | 11641 | git-gate | if ($data === false) |
| 2274 | 4821 | psotfx | {
|
| 2275 | 11641 | git-gate | if ($new_var != $var) |
| 2276 | 11641 | git-gate | {
|
| 2277 | 11641 | git-gate | $this->data['user_options'] = $new_var; |
| 2278 | 11641 | git-gate | return true; |
| 2279 | 11641 | git-gate | } |
| 2280 | 11641 | git-gate | else
|
| 2281 | 11641 | git-gate | {
|
| 2282 | 11641 | git-gate | return false; |
| 2283 | 11641 | git-gate | } |
| 2284 | 4821 | psotfx | } |
| 2285 | 4821 | psotfx | else
|
| 2286 | 4821 | psotfx | {
|
| 2287 | 11641 | git-gate | return $new_var; |
| 2288 | 4821 | psotfx | } |
| 2289 | 4446 | psotfx | } |
| 2290 | 9636 | acydburn | |
| 2291 | 9636 | acydburn | /**
|
| 2292 | 9636 | acydburn | * Funtion to make the user leave the NEWLY_REGISTERED system group. |
| 2293 | 9636 | acydburn | * @access public |
| 2294 | 9636 | acydburn | */ |
| 2295 | 9636 | acydburn | function leave_newly_registered() |
| 2296 | 9636 | acydburn | {
|
| 2297 | 9636 | acydburn | global $db; |
| 2298 | 9636 | acydburn | |
| 2299 | 9644 | acydburn | if (empty($this->data['user_new'])) |
| 2300 | 9644 | acydburn | {
|
| 2301 | 9644 | acydburn | return false; |
| 2302 | 9644 | acydburn | } |
| 2303 | 9644 | acydburn | |
| 2304 | 9646 | Kellanved | if (!function_exists('remove_newly_registered')) |
| 2305 | 9636 | acydburn | {
|
| 2306 | 9636 | acydburn | global $phpbb_root_path, $phpEx; |
| 2307 | 9636 | acydburn | |
| 2308 | 9636 | acydburn | include($phpbb_root_path . 'includes/functions_user.' . $phpEx); |
| 2309 | 9636 | acydburn | } |
| 2310 | 9646 | Kellanved | if ($group = remove_newly_registered($this->data['user_id'], $this->data)) |
| 2311 | 9636 | acydburn | {
|
| 2312 | 9646 | Kellanved | $this->data['group_id'] = $group; |
| 2313 | 9901 | acydburn | |
| 2314 | 9636 | acydburn | } |
| 2315 | 9636 | acydburn | $this->data['user_permissions'] = ''; |
| 2316 | 9636 | acydburn | $this->data['user_new'] = 0; |
| 2317 | 9901 | acydburn | |
| 2318 | 9636 | acydburn | return true; |
| 2319 | 9636 | acydburn | } |
| 2320 | 11383 | git-gate | |
| 2321 | 11383 | git-gate | /**
|
| 2322 | 11383 | git-gate | * Returns all password protected forum ids the user is currently NOT authenticated for. |
| 2323 | 11383 | git-gate | * |
| 2324 | 11383 | git-gate | * @return array Array of forum ids |
| 2325 | 11383 | git-gate | * @access public |
| 2326 | 11383 | git-gate | */ |
| 2327 | 11383 | git-gate | function get_passworded_forums() |
| 2328 | 11383 | git-gate | {
|
| 2329 | 11383 | git-gate | global $db; |
| 2330 | 11383 | git-gate | |
| 2331 | 11383 | git-gate | $sql = 'SELECT f.forum_id, fa.user_id |
| 2332 | 11383 | git-gate | FROM ' . FORUMS_TABLE . ' f |
| 2333 | 11383 | git-gate | LEFT JOIN ' . FORUMS_ACCESS_TABLE . " fa |
| 2334 | 11383 | git-gate | ON (fa.forum_id = f.forum_id |
| 2335 | 11383 | git-gate | AND fa.session_id = '" . $db->sql_escape($this->session_id) . "') |
| 2336 | 11383 | git-gate | WHERE f.forum_password <> ''";
|
| 2337 | 11383 | git-gate | $result = $db->sql_query($sql); |
| 2338 | 11383 | git-gate | |
| 2339 | 11383 | git-gate | $forum_ids = array(); |
| 2340 | 11383 | git-gate | while ($row = $db->sql_fetchrow($result)) |
| 2341 | 11383 | git-gate | {
|
| 2342 | 11383 | git-gate | $forum_id = (int) $row['forum_id']; |
| 2343 | 11383 | git-gate | |
| 2344 | 11383 | git-gate | if ($row['user_id'] != $this->data['user_id']) |
| 2345 | 11383 | git-gate | {
|
| 2346 | 11383 | git-gate | $forum_ids[$forum_id] = $forum_id; |
| 2347 | 11383 | git-gate | } |
| 2348 | 11383 | git-gate | } |
| 2349 | 11383 | git-gate | $db->sql_freeresult($result); |
| 2350 | 11383 | git-gate | |
| 2351 | 11383 | git-gate | return $forum_ids; |
| 2352 | 11383 | git-gate | } |
| 2353 | 2923 | psotfx | } |