[phpMP-CVS] CVS: phpMP/includes sessions.php,1.9,1.10

[Brian R. <hei...@us...>]

Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv23431/includes

Modified Files:
	sessions.php 
Log Message:
Started writing sessions.php.  It won't stay anything like this, but I'm learning a lot.

Index: sessions.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/sessions.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -r1.9 -r1.10
*** sessions.php	8 Feb 2003 10:48:22 -0000	1.9
--- sessions.php	10 Feb 2003 00:52:02 -0000	1.10
***************
*** 1,8 ****
--- 1,14 ----
  <?php
  
+ // Took a lot of hints from phpBB2.
+ // 
  class Session // Creates and maintains sessions for all users.
  {
  
+ 	var $browser;
+ 	var $page;
+ 	var data = array();
  	var $session_id;
+ 	var $ip;
  	
  	function Session()
***************
*** 13,58 ****
  	{
  	
! 		global $DB, $sid;
  	
! 		// The Session ID is currently in the URL.  We'll keep it that way for now.
! 		if( isset( $_GET['s'] ) )
  		{
  		
! 			define('C_SESS_LOC', SESS_LOC_URL);
  			
! 			$this->session_id = $_GET['s'];
  		
  		}
! 		// Not in the URL.  Could be in a cookie.
! 		// NOTE: No support yet for auto-login cookies.
! 		elseif( isset( $_COOKIE[C_COOKIE_NAME . 'data'] ) || isset( $_COOKIE[C_COOKIE_NAME . 'sid']) )
! 		(
! 			
! 			define('C_SESS_LOC', SESS_LOC_COOKIE);
  			
! 			$cookie_data = unserialize(C_COOKIE_NAME . 'data');
! 			$this->session_id = $cookie_data['session_id'];
  			
  		}
- 		else
- 		{
- 		
- 		// We currently have no session_id set.
  		
  		}
  		
  		// Pull session data from the database. 
! 		if( !empty( $this->session_id ) }
  		{
  		
! 			$sql = "SELECT u.*, s.* FROM " . DB_USERS_TABLE . " u, " . DB_SESSIONS_TABLE . " s WHERE s.sess_id = " . %this->session_id . " AND u.user_id = s.user_id";
  			
  			$result = $DB->query($sql);
  			$session_data = $DB->fetchRow($result);
  			
! 			// We will now check for authenticity of the IP.
! 			if( isset( $session_data['user_id'] ) )
  			{
! 				// Will write this later.
  			}
  			
--- 19,96 ----
  	{
  	
! 		global $DB, $SID;
  	
! 		$current_time = time();
! 		$this->browser = $_SERVER['HTTP_USER_AGENT'];
! 		$this->page = $_ENV['PHP_SELF'];
! 		$this->page .= '&' . $_SERVER['QUERY_STRING'];
! 		
! 		// NOTE: No support yet for auto-login cookies.
! 		
! 		if( isset( $_COOKIE[C_COOKIE_NAME . '_data'] ) || isset( $_COOKIE[C_COOKIE_NAME . '_sid']) )
  		{
  		
! 			define('C_SESS_LOC', SESS_LOC_COOKIE);
  			
! 			$sessiondata = (isset($_COOKIE[C_COOKIE_NAME . 'data'])) ? $unserialize(stripslashes($_COOKIE[C_COOKIE_NAME . 'data']) : '';
! 			$this->session_id = (isset($_COOKIE[C_COOKIE_NAME . 'sid'])) ? $_COOKIE[C_COOKIE_NAME . 'sid'] : '';
! 			$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
  		
  		}
! 		// Not in a cookie.  We'll put it in the URL.
! 		else
! 		{
  			
! 			define('C_SESS_LOC', SESS_LOC_URL);
! 
! 			$this->session_id = (isset($_GET['sid'])) ? $_GET['sid'] : '';
! 			$SID = '?sid=' . $this->session_id;
  			
  		}
  		
+ 		// Obtain users IP
+ 		$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : $REMOTE_ADDR;
+ 
+ 		if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
+ 		{
+ 			if (preg_match('#^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)#', $_SERVER['HTTP_X_FORWARDED_FOR'], $ip_list))
+ 			{
+ 				$private_ip = array('#^0\.#', '#^127\.0\.0\.1#', '#^192\.168\.#', '#^172\.16\.#', '#^10\.#', '#^224\.#', '#^240\.#');
+ 				$this->ip = preg_replace($private_ip, $this->ip, $ip_list[1]);
+ 			}
  		}
  		
  		// Pull session data from the database. 
! 		if( !empty( $this->session_id ) )
  		{
  		
! 			$sql = "SELECT u.*, s.*
! 				FROM " . DB_SESSIONS_TABLE . " s, " . DB_USERS_TABLE . " u
! 				WHERE s.session_id = '" . $this->session_id . "'
! 					AND u.user_id = s.session_user_id";
  			
  			$result = $DB->query($sql);
  			$session_data = $DB->fetchRow($result);
  			
! 			// Did the session exist in the DB?
! 			if (isset($this->data['user_id']))
  			{
! 				// Validate IP length according to admin ... has no effect on IPv6
! 				$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
! 				$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
! 
! 				if ($u_ip == $s_ip)
! 				{
! 					// Only update session DB a minute or so after last update or if page changes
! 					if (($current_time - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page) && $update)
! 					{
! 						$sql = "UPDATE " . DB_SESSIONS_TABLE . "
! 							SET session_time = $current_time, session_page = '$this->page'
! 							WHERE session_id = '" . $this->session_id . "'";
! 						$DB->query($sql);
! 					}
! 
! 					return true;
! 				}
  			}