Menu
▾
▴
[mxbb-commits] mx_phpbb/includes forum_hack.php,1.56,1.57
|
From: FlorinCB <ory...@us...> - 2008-06-10 02:16:23
|
Update of /cvsroot/mxbb/mx_phpbb/includes In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv27015 Modified Files: forum_hack.php Log Message: http://www.mx-publisher.com/phpBB2/viewtopic.php?t=10800 Index: forum_hack.php =================================================================== RCS file: /cvsroot/mxbb/mx_phpbb/includes/forum_hack.php,v retrieving revision 1.56 retrieving revision 1.57 diff -C2 -d -r1.56 -r1.57 *** forum_hack.php 3 Jun 2008 20:12:43 -0000 1.56 --- forum_hack.php 10 Jun 2008 02:16:16 -0000 1.57 *************** *** 29,32 **** --- 29,33 ---- include_once($mx_root_path . 'includes/shared/phpbb2/includes/functions.' . $phpEx); + // // Include phpbb functions (in 2.9.x, since they are not already loaded) *************** *** 783,786 **** --- 784,847 ---- } } + + // Do we really need this one? + /** + * Reset all login keys for the specified user + * Called on password changes + */ + function session_reset_keys($user_id, $user_ip) + { + global $db, $userdata, $board_config; + + $key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : ''; + + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE user_id = ' . (int) $user_id . " + $key_sql"; + + if ( !$db->sql_query($sql) ) + { + mx_message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql); + } + + $where_sql = 'session_user_id = ' . (int) $user_id; + $where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : ''; + $sql = 'DELETE FROM ' . SESSIONS_TABLE . " + WHERE $where_sql"; + if ( !$db->sql_query($sql) ) + { + mx_message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql); + } + + if ( !empty($key_sql) ) + { + $auto_login_key = mx_dss_rand() . mx_dss_rand(); + + $current_time = time(); + + $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . " + SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time + WHERE key_id = '" . md5($userdata['session_key']) . "'"; + + if ( !$db->sql_query($sql) ) + { + mx_message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql); + } + + // And now rebuild the cookie + $sessiondata['userid'] = $user_id; + $sessiondata['autologinid'] = $auto_login_key; + $cookiename = $board_config['cookie_name']; + $cookiepath = $board_config['cookie_path']; + $cookiedomain = $board_config['cookie_domain']; + $cookiesecure = $board_config['cookie_secure']; + + setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); + + $userdata['session_key'] = $auto_login_key; + unset($sessiondata); + unset($auto_login_key); + } + } // -------------------------------------------------------------------------------- *************** *** 1712,1720 **** $code = preg_replace('#^(.?//).*(Start|Set).*(session).*(\r\n?|\n)#m','/*' . "\n", $code); $code = preg_replace('#^(.?//).*(End).*(session).*(\r\n?|\n)#m', '*/' . "\n", $code); ! // // Replace common phpBB functions with MXP alternatives // $code = str_replace('append_sid(', '$mx_forum->append_sid(', $code); //$code = str_replace('@phpbb_realpath(', '$mx_forum->phpbb_realpath(', $code); //$code = str_replace('@opendir(', '$mx_forum->opendir(', $code); --- 1773,1782 ---- $code = preg_replace('#^(.?//).*(Start|Set).*(session).*(\r\n?|\n)#m','/*' . "\n", $code); $code = preg_replace('#^(.?//).*(End).*(session).*(\r\n?|\n)#m', '*/' . "\n", $code); ! // // Replace common phpBB functions with MXP alternatives // $code = str_replace('append_sid(', '$mx_forum->append_sid(', $code); + $code = str_replace('session_reset_keys(', '$mx_forum->session_reset_keys(', $code); //$code = str_replace('@phpbb_realpath(', '$mx_forum->phpbb_realpath(', $code); //$code = str_replace('@opendir(', '$mx_forum->opendir(', $code); *************** *** 1870,1874 **** { // Debug subcalls ! //die(str_replace("\n", '<br>', htmlspecialchars($code))); eval($code); } --- 1932,1936 ---- { // Debug subcalls ! //die( '<pre>'.preg_replace("#\n#esi", "'<br>' . sprintf('%4d ',\$i++)", htmlspecialchars($code)) . '</pre>'); eval($code); } |