Menu
▾
▴
[Phpbb-checkins] CVS: phpBB2/includes functions.php,1.134,1.135 sessions.php,1.60,1.61 usercp_email.php,1.8,1.9
|
From: Paul S. O. <ps...@us...> - 2002-05-09 14:30:31
|
Update of /cvsroot/phpbb/phpBB2/includes
In directory usw-pr-cvs1:/tmp/cvs-serv26602/includes
Modified Files:
functions.php sessions.php usercp_email.php
Log Message:
IP related updates + fixed gc in sessions
Index: functions.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/functions.php,v
retrieving revision 1.134
retrieving revision 1.135
diff -C2 -r1.134 -r1.135
*** functions.php 20 Apr 2002 00:22:28 -0000 1.134
--- functions.php 9 May 2002 14:07:33 -0000 1.135
***************
*** 298,313 ****
}
- function encode_ip($dotquad_ip)
- {
- $ip_sep = explode('.', $dotquad_ip);
- return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
- }
-
- function decode_ip($int_ip)
- {
- $hexipbang = explode('.', chunk_split($int_ip, 2, '.'));
- return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
- }
-
//
// Create date/time from format and timezone
--- 298,301 ----
Index: sessions.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/sessions.php,v
retrieving revision 1.60
retrieving revision 1.61
diff -C2 -r1.60 -r1.61
*** sessions.php 20 Apr 2002 00:36:33 -0000 1.60
--- sessions.php 9 May 2002 14:07:33 -0000 1.61
***************
*** 21,28 ****
***************************************************************************/
! //
! // Adds/updates a new session to the database for the given userid.
! // Returns the new session ID on success.
! //
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0)
{
--- 21,30 ----
***************************************************************************/
! if ( !defined('IN_PHPBB') )
! {
! die('Hacking attempt');
! exit;
! }
!
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0)
{
***************
*** 34,37 ****
--- 36,40 ----
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
+ $SID = '?sid=';
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
***************
*** 110,118 ****
// Initial ban check against user id, IP and email address
//
! preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);
$sql = "SELECT ban_ip, ban_userid, ban_email
FROM " . BANLIST_TABLE . "
! WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')
OR ban_userid = $user_id";
if ( $user_id != ANONYMOUS )
--- 113,121 ----
// Initial ban check against user id, IP and email address
//
! $user_ip_parts = explode('.', $user_ip);
$sql = "SELECT ban_ip, ban_userid, ban_email
FROM " . BANLIST_TABLE . "
! WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . ".256', '" . $user_ip_parts[1] . $user_ip_parts[2] . ".256.256', '" . $user_ip_parts[1] . "256.256.256')
OR ban_userid = $user_id";
if ( $user_id != ANONYMOUS )
***************
*** 134,137 ****
--- 137,142 ----
}
+ $login = 1;
+
//
// Create or update the session
***************
*** 139,144 ****
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login
! WHERE session_id = '" . $session_id . "'
! AND session_ip = '$user_ip'";
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
--- 144,148 ----
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login
! WHERE session_id = '" . $session_id . "'";
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
{
***************
*** 155,159 ****
if ( $user_id != ANONYMOUS )
! {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : (
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
--- 159,163 ----
if ( $user_id != ANONYMOUS )
! {
$last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time;
***************
*** 183,187 ****
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
! $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
return $userdata;
--- 187,191 ----
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
! $SID .= ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '';
return $userdata;
***************
*** 197,207 ****
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
$current_time = time();
- unset($userdata);
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
--- 201,212 ----
global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID;
+ unset($userdata);
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
+ $SID = '?sid=';
$current_time = time();
if ( isset($HTTP_COOKIE_VARS[$cookiename . '_sid']) || isset($HTTP_COOKIE_VARS[$cookiename . '_data']) )
***************
*** 230,235 ****
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
WHERE s.session_id = '$session_id'
! AND u.user_id = s.session_user_id
! AND s.session_ip = '$user_ip'";
if ( !($result = $db->sql_query($sql)) )
{
--- 235,239 ----
FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
WHERE s.session_id = '$session_id'
! AND u.user_id = s.session_user_id";
if ( !($result = $db->sql_query($sql)) )
{
***************
*** 244,248 ****
if ( isset($userdata['user_id']) )
{
! $SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
//
--- 248,252 ----
if ( isset($userdata['user_id']) )
{
! $SID .= ( $sessionmethod == SESSION_METHOD_GET ) ? $session_id : '';
//
***************
*** 253,258 ****
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id
! WHERE session_id = '" . $userdata['session_id'] . "'
! AND session_ip = '$user_ip'";
if ( !$db->sql_query($sql) )
{
--- 257,261 ----
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id
! WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
***************
*** 262,308 ****
if ( $current_time - $board_config['session_gc'] > $board_config['session_last_gc'] )
{
! $sql = "SELECT *
! FROM " . SESSIONS_TABLE . "
! WHERE session_time < " . ( $current_time - $board_config['session_length'] ) . "
! AND session_logged_in = 1";
! if ( !($result = $db->sql_query($sql)) )
! {
! message_die(CRITICAL_ERROR, 'Could not obtain expired session list', '', __LINE__, __FILE__, $sql);
! }
!
! $del_session_id = '';
! while ( $row = $db->sql_fetchrow($result) )
! {
! $sql = "UPDATE " . USERS_TABLE . "
! SET user_lastvisit = " . $row['session_time'] . ", user_session_page = " . $row['session_page'] . "
! WHERE user_id = " . $row['session_user_id'];
! if ( !$db->sql_query($sql) )
! {
! message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql);
! }
!
! $del_session_id .= ( ( $del_session_id != '' ) ? ', ' : '' ) . '\'' . $row['session_id'] . '\'';
! }
!
! if ( $del_session_id != '' )
! {
! //
! // Delete expired sessions
! //
! $sql = "DELETE FROM " . SESSIONS_TABLE . "
! WHERE session_id IN ($del_session_id)";
! if ( !$db->sql_query($sql) )
! {
! message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
! }
! }
!
! $sql = "UPDATE " . CONFIG_TABLE . "
! SET config_value = '$current_time'
! WHERE config_name = 'session_last_gc'";
! if ( !$db->sql_query($sql) )
! {
! message_die(CRITICAL_ERROR, 'Could not update session gc time', '', __LINE__, __FILE__, $sql);
! }
}
--- 265,269 ----
if ( $current_time - $board_config['session_gc'] > $board_config['session_last_gc'] )
{
! session_gc($session_id, $current_time);
}
***************
*** 331,336 ****
//
! // session_end closes out a session
! // deleting the corresponding entry
// in the sessions table
//
--- 292,296 ----
//
! // session_end closes out a session deleting the corresponding entry
// in the sessions table
//
***************
*** 344,347 ****
--- 304,308 ----
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
+ $SID = '?sid=';
//
***************
*** 374,390 ****
}
//
// Append $SID to a url. Borrowed from phplib and modified.
//
function append_sid($url, $non_html_amp = false)
{
global $SID;
! if ( !empty($SID) && !eregi('sid=', $url) )
! {
! $url .= ( ( strpos($url, '?') != false ) ? ( ( $non_html_amp ) ? '&' : '&' ) : '?' ) . $SID;
! }
!
! return($url);
}
--- 335,404 ----
}
+ function session_gc($session_id, $current_time)
+ {
+ global $db, $board_config;
+
+ $sql = "SELECT *
+ FROM " . SESSIONS_TABLE . "
+ WHERE session_time < " . ( $current_time - $board_config['session_length'] );
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(CRITICAL_ERROR, 'Could not obtain expired session list', '', __LINE__, __FILE__, $sql);
+ }
+
+ $del_session_id = '';
+ while ( $row = $db->sql_fetchrow($result) )
+ {
+ if ( $row['session_logged_in'] )
+ {
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET user_lastvisit = " . $row['session_time'] . ", user_session_page = " . $row['session_page'] . "
+ WHERE user_id = " . $row['session_user_id'];
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(CRITICAL_ERROR, 'Could not update user session info', '', __LINE__, __FILE__, $sql);
+ }
+ }
+
+ $del_session_id .= ( ( $del_session_id != '' ) ? ', ' : '' ) . '\'' . $row['session_id'] . '\'';
+ }
+
+ if ( $del_session_id != '' )
+ {
+ //
+ // Delete expired sessions
+ //
+ $sql = "DELETE FROM " . SESSIONS_TABLE . "
+ WHERE session_id IN ($del_session_id)";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
+ }
+ }
+
+ $sql = "UPDATE " . CONFIG_TABLE . "
+ SET config_value = '$current_time'
+ WHERE config_name = 'session_last_gc'";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(CRITICAL_ERROR, 'Could not update session gc time', '', __LINE__, __FILE__, $sql);
+ }
+
+ return;
+ }
+
+
//
// Append $SID to a url. Borrowed from phplib and modified.
//
+ // This routine is doomed I think, instead we just set a URL$SID for
+ // appropriate URLs rather than this append stuff. For the time being
+ // this change will break URL based session propagation
+ //
function append_sid($url, $non_html_amp = false)
{
global $SID;
! return $url;
}
Index: usercp_email.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/usercp_email.php,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -r1.8 -r1.9
*** usercp_email.php 20 Apr 2002 00:22:29 -0000 1.8
--- usercp_email.php 9 May 2002 14:07:33 -0000 1.9
***************
*** 104,108 ****
$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\r\n";
$emailer->use_template('profile_send_email', $user_lang);
--- 104,108 ----
$email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
$email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
! $email_headers .= 'X-AntiAbuse: User IP - ' . $user_ip . "\r\n";
$emailer->use_template('profile_send_email', $user_lang);
|
