[phpMP-CVS] CVS: phpMP/includes auth.php,1.19,1.20 functions.php,1.11,1.12 sessions.php,1.4,1.5
Status: Pre-Alpha
Brought to you by:
heimidal
Menu
▾
▴
[phpMP-CVS] CVS: phpMP/includes auth.php,1.19,1.20 functions.php,1.11,1.12 sessions.php,1.4,1.5
|
From: Brian R. <hei...@us...> - 2002-08-14 19:45:51
|
Update of /cvsroot/phpmp/phpMP/includes
In directory usw-pr-cvs1:/tmp/cvs-serv18135/includes
Modified Files:
auth.php functions.php sessions.php
Log Message:
Fixed a few bugs. Added IP encoding and tracking support. Sessions are now based on both IPs and Session IDs. Hopefully this will all work!
Index: auth.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/auth.php,v
retrieving revision 1.19
retrieving revision 1.20
diff -C2 -r1.19 -r1.20
*** auth.php 14 Aug 2002 17:44:06 -0000 1.19
--- auth.php 14 Aug 2002 19:45:45 -0000 1.20
***************
*** 49,53 ****
$rand_val = rand(0, 10);
! if($rand_val >= 9) {
$result = $DBA->query("DELETE FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE expiretime < " . time());
--- 49,53 ----
$rand_val = rand(0, 10);
! if($rand_val >= 1) {
$result = $DBA->query("DELETE FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE expiretime < " . time());
***************
*** 60,64 ****
function AuthUser() {
!
global $MPCONF, $Functions, $DBA;
--- 60,64 ----
function AuthUser() {
!
global $MPCONF, $Functions, $DBA;
***************
*** 75,79 ****
if(($_POST['username'] != "") && ($_POST['password'] != "")) {
- $result = $DBA->query("DELETE FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE username = " . $_POST['username']);
$new_key = $Functions->createHash();
session_id($new_key);
--- 75,78 ----
***************
*** 91,95 ****
$this->first_login = 1;
!
unset($_SESSION['user_array']);
$_SESSION['user_array'] = $user_array;
--- 90,96 ----
$this->first_login = 1;
! $DBA->query("DELETE FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE user_id = " . $user_array['user_id']);
! $DBA->query("DELETE FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE user_ip = " . $MPCONF['SES']['user_ip']);
!
unset($_SESSION['user_array']);
$_SESSION['user_array'] = $user_array;
Index: functions.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/functions.php,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** functions.php 27 Jul 2002 12:16:00 -0000 1.11
--- functions.php 14 Aug 2002 19:45:46 -0000 1.12
***************
*** 34,37 ****
--- 34,48 ----
class Functions {
+
+ function encode_ip($dotquad_ip) {
+ $ip_sep = explode('.', $dotquad_ip);
+ return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
+ }
+
+ function decode_ip($int_ip) {
+ $hexipbang = explode('.', chunk_split($int_ip, 2, '.'));
+ return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
+ }
+
// Gathers configuration info stored in database.
// Returns: none.
***************
*** 43,46 ****
--- 54,72 ----
$MPCONF[$row['type']][$row['name']] = $row["value"];
}
+
+ global $REMOTE_ADDR;
+ if( getenv('HTTP_X_FORWARDED_FOR') != '' ) {
+ $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
+
+ if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) {
+ $private_ip = array('/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
+ $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
+ }
+ } else {
+ $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
+ }
+
+ $MPCONF['SES']['user_ip'] = $this->encode_ip($client_ip);
+
}
***************
*** 67,71 ****
function ChangeDataString($mod, $string) {
global $DBA;
! $sql = "UPDATE " . $MPCONF['DB']['table_prefix'] . "modules SET data='" . $string . "'WHERE unixname='" . $mod;
if($DBA->query($sql)) {
return 1;
--- 93,97 ----
function ChangeDataString($mod, $string) {
global $DBA;
! $sql = "UPDATE " . $MPCONF['DB']['table_prefix'] . "modules SET data='" . $string . "'WHERE unixname='" . $mod . "'";
if($DBA->query($sql)) {
return 1;
Index: sessions.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/sessions.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -r1.4 -r1.5
*** sessions.php 31 Jul 2002 17:48:38 -0000 1.4
--- sessions.php 14 Aug 2002 19:45:46 -0000 1.5
***************
*** 52,56 ****
global $MPCONF, $DBA;
! $session_data = $DBA->query("SELECT data FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE sesskey = '$sesskey' and expiretime > " . time()) or die(db_error_message());
if (list($value) = $DBA->fetch_row($session_data)) {
return $value;
--- 52,56 ----
global $MPCONF, $DBA;
! $session_data = $DBA->query("SELECT data FROM " . $MPCONF['DB']['table_prefix'] . "sessions WHERE sesskey = '$sesskey' AND expiretime > " . time()) or die(db_error_message());
if (list($value) = $DBA->fetch_row($session_data)) {
return $value;
***************
*** 69,73 ****
if(!($retval)) {
! $retval = $DBA->query("INSERT INTO " . $MPCONF['DB']['table_prefix'] . "sessions (sesskey, user_id, time_started, expiretime, data) VALUES ('$sesskey', '" . $MPCONF['USR']['user_id'] . "', '" . time() . "', '" . $expiry . "', '$value')");
}
--- 69,73 ----
if(!($retval)) {
! $retval = $DBA->query("INSERT INTO " . $MPCONF['DB']['table_prefix'] . "sessions (sesskey, user_id, user_ip, time_started, expiretime, data) VALUES ('$sesskey', '" . $MPCONF['USR']['user_id'] . "', '" . $MPCONF['SES']['user_ip'] . "', '" . time() . "', '" . $expiry . "', '$value')");
}
|
