[phpMP-CVS] CVS: phpMP/includes core.php,1.44,1.45 sessions.php,1.10,1.11 user.php,1.15,1.16
Status: Pre-Alpha
Brought to you by:
heimidal
Menu
▾
▴
[phpMP-CVS] CVS: phpMP/includes core.php,1.44,1.45 sessions.php,1.10,1.11 user.php,1.15,1.16
|
From: Brian R. <hei...@us...> - 2003-04-22 10:50:56
|
Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv25309/includes
Modified Files:
core.php sessions.php user.php
Log Message:
Working on the sessions/auth/user script.
Tevlik gave me some great ideas.
It's still going through a process, but give it a once-over and let me know what you think. I may have missed a few things...don't know for sure.
Index: core.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/core.php,v
retrieving revision 1.44
retrieving revision 1.45
diff -C2 -r1.44 -r1.45
*** core.php 9 Feb 2003 01:03:45 -0000 1.44
--- core.php 22 Apr 2003 10:50:51 -0000 1.45
***************
*** 30,40 ****
}
// Initiates all core components.
// Author: Brian 'Heimidal' Rose
// Accepts: $optional_files (string of needed files separated by commas).
// Returns: none.
! function init ( $optional_files = array() )
{
!
if( !defined("P_PHPMP_ROOT") )
{
--- 30,60 ----
}
+ function strip_magic_quotes($arr)
+ {
+ foreach ($arr as $k => $v)
+ {
+ if (is_array($v))
+ { $arr[$k] = strip_magic_quotes($v); }
+ else
+ { $arr[$k] = stripslashes($v); }
+ }
+
+ return $arr;
+ }
+
// Initiates all core components.
// Author: Brian 'Heimidal' Rose
// Accepts: $optional_files (string of needed files separated by commas).
// Returns: none.
! function Core( $optional_files = array() )
{
!
! if (get_magic_quotes_gpc())
! {
! if (!empty($_GET)) { $_GET = $this->strip_magic_quotes($_GET); }
! if (!empty($_POST)) { $_POST = $this->strip_magic_quotes($_POST); }
! if (!empty($_COOKIE)) { $_COOKIE = $this->strip_magic_quotes($_COOKIE); }
! }
!
if( !defined("P_PHPMP_ROOT") )
{
Index: sessions.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/sessions.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -r1.10 -r1.11
*** sessions.php 10 Feb 2003 00:52:02 -0000 1.10
--- sessions.php 22 Apr 2003 10:50:51 -0000 1.11
***************
*** 1,103 ****
<?php
! // Took a lot of hints from phpBB2.
! //
! class Session // Creates and maintains sessions for all users.
{
! var $browser;
! var $page;
! var data = array();
! var $session_id;
var $ip;
! function Session()
{
}
! function startSession( $user )
{
!
! global $DB, $SID;
!
! $current_time = time();
! $this->browser = $_SERVER['HTTP_USER_AGENT'];
! $this->page = $_ENV['PHP_SELF'];
! $this->page .= '&' . $_SERVER['QUERY_STRING'];
! // NOTE: No support yet for auto-login cookies.
! if( isset( $_COOKIE[C_COOKIE_NAME . '_data'] ) || isset( $_COOKIE[C_COOKIE_NAME . '_sid']) )
{
! define('C_SESS_LOC', SESS_LOC_COOKIE);
!
! $sessiondata = (isset($_COOKIE[C_COOKIE_NAME . 'data'])) ? $unserialize(stripslashes($_COOKIE[C_COOKIE_NAME . 'data']) : '';
! $this->session_id = (isset($_COOKIE[C_COOKIE_NAME . 'sid'])) ? $_COOKIE[C_COOKIE_NAME . 'sid'] : '';
! $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
}
! // Not in a cookie. We'll put it in the URL.
! else
{
! define('C_SESS_LOC', SESS_LOC_URL);
!
! $this->session_id = (isset($_GET['sid'])) ? $_GET['sid'] : '';
! $SID = '?sid=' . $this->session_id;
}
! // Obtain users IP
! $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : $REMOTE_ADDR;
!
! if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
! {
! if (preg_match('#^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)#', $_SERVER['HTTP_X_FORWARDED_FOR'], $ip_list))
{
! $private_ip = array('#^0\.#', '#^127\.0\.0\.1#', '#^192\.168\.#', '#^172\.16\.#', '#^10\.#', '#^224\.#', '#^240\.#');
! $this->ip = preg_replace($private_ip, $this->ip, $ip_list[1]);
}
}
!
! // Pull session data from the database.
! if( !empty( $this->session_id ) )
{
! $sql = "SELECT u.*, s.*
! FROM " . DB_SESSIONS_TABLE . " s, " . DB_USERS_TABLE . " u
! WHERE s.session_id = '" . $this->session_id . "'
! AND u.user_id = s.session_user_id";
$result = $DB->query($sql);
- $session_data = $DB->fetchRow($result);
! // Did the session exist in the DB?
! if (isset($this->data['user_id']))
! {
! // Validate IP length according to admin ... has no effect on IPv6
! $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
! $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
!
! if ($u_ip == $s_ip)
! {
! // Only update session DB a minute or so after last update or if page changes
! if (($current_time - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page) && $update)
! {
! $sql = "UPDATE " . DB_SESSIONS_TABLE . "
! SET session_time = $current_time, session_page = '$this->page'
! WHERE session_id = '" . $this->session_id . "'";
! $DB->query($sql);
! }
! return true;
! }
! }
!
}
}
}
!
?>
--- 1,186 ----
<?php
! class Sessions // Creates and maintains sessions for all users.
{
! var $started = 0;
! var $keys = array();
! var $session_data;
! var $session_key;
! var $session_key_new = false;
! var $session_user_id;
var $ip;
! // Starts the session. Must be called.
! function start()
{
+ if($this->started == false)
+ {
+ $this->clean();
+ $this->getSessionData();
+ $this->started = true;
+ }
}
! // Destroys sessions. Used for logging out and such.
! function destroy()
{
! global $DB;
! // Sets the session as owned by an anonymous user.
! $sql = "UPDATE " . DB_SESSIONS_TABLE . "
! SET exp_time = '" . $exp_time . "'
! AND session_page = '" . $page . "'
! AND session_user_id = 1
! WHERE session_key = '" . $this->session_key . "'";
!
! $DB->query($sql);
! }
!
! // Saves the session data to the database.
! function run()
! {
! global $do_login, $User, $DB;
! // Checks to see if a session has been started.
! // If not, we'll die because we want to explicitly declare sessions.
! if( $this->started == false )
{
+ die('You must explicitly declare all $Session->start calls.');
+ }
! // Capture the page we're at.
! $page = $_SERVER['REQUEST_URI'];
+ // Test to see if we're logging in.
+ if($do_login == true)
+ {
+ $this->session_user_id = $User->user_id;
}
!
! $session_exists = false; // We'll assume that no sessions exist yet.
!
! $cur_time = time(); // Time as of right now.
! $exp_time = $cur_time + C_SESSION_LENGTH; // Time at which this session will become invalid.
! $this->ip = $this->getIPEncoded(); // Gets the user's IP address.
!
! // If the ID is new, why bother querying to test for an old one?
! if( $this->session_key_new == false )
{
+ // Gathers session data from the database.
+ $sql = "SELECT * FROM " . DB_SESSIONS_TABLE . "
+ WHERE session_key='" . $this->session_key . "'
+ SORT BY exp_time DESC";
! $result = $DB->query($sql);
! $num_rows = $DB->numRows($result);
+ // Checks for a session in the database.
+ ($num_rows >= 1) ? ($session_exists = true) : ($session_exists = false);
+
+ // If the session is expired, we'll go ahead and create a new one regardless.
+ $this->session_data[] = $DB->fetchAssoc($result);
+ if( $this->session_data['exp_time'] < $cur_time )
+ {
+ $session_exists = false;
+ }
}
! if( $session_exists == true ) // A session exists. Yay.
! {
! $sql = "UPDATE " . DB_SESSIONS_TABLE . "
! SET log_time = " . $cur_time . "
! AND session_page = '" . addslashes($page) . "'";
!
! if( $do_login == true ) // Swap out the anonymous user for our new user_id.
{
! $sql .= " AND session_user_id=" . $this->session_user_id;
}
+
+ $sql .= " WHERE session_key = '" . $this->session_key . "'";
+
+ $User->user_id = $this->session_user_id;
}
! else // A session does not exist. We'll create an anonymous one.
{
+ $sql = "INSERT INTO " . DB_SESSIONS_TABLE . "
+ (session_key, session_user_id, session_start_time, session_exp_time, session_page, session_ip)
+ VALUES('" . $this->session_key . "', 1," . $cur_time . "," . $exp_time . ",'" . addslashes($page) . "','" . $this->ip . "')";
+
+ $this->session_user_id = 1;
+ $User->user_id = 1;
+ }
! $DB->query($sql);
!
! if( $do_login == false )
! {
! $sql = "SELECT * FROM " . DB_USERS_TABLE . "
! WHERE user_id='" . $this->session_user_id . "'";
$result = $DB->query($sql);
! $User->data = $DB->fetchAssoc($result);
! }
!
! $cookie_data = urlencode( $this->session_user_id . ':' . $this->session_key );
! setcookie(C_COOKIE_NAME . '_data', $cookie_data, $cur_time + C_SESSION_LENGTH, C_COOKIE_PATH, C_COOKIE_DOMAIN, C_COOKIE_SECURE);
! }
!
! function clean()
! {
! global $DB;
! $rand = rand(0,10);
! if($rand >= 1) // 1:10 chance of session cleanup. This may later become a setting.
! {
! $sql = "DELETE FROM " . DB_SESSIONS_TABLE . " WHERE exp_time<" . time();
! $DB->query($sql);
}
+ }
+ function getSessionData()
+ {
+ // Let's see if we have a standard cookie available.
+ $cookie_data = $_COOKIE[C_COOKIE_NAME . '_data'];
+ $cookie_array = explode(':', urldecode( $cookie_data ) );
+
+ // We have a cookie. Let's see if it's valid.
+ if( ( !empty($cookie_array[0]) ) && ( strlen($cookie_array[1]) == 32 ) )
+ {
+ // Our cookie is valid. Let's set a few vars.
+ $this->session_user_id = $cookie_array[0];
+ $this->session_key = $cookie_array[1];
+ }
+ else
+ {
+ // OK. We don't have a valid cookie. We'll make one.
+ $this->session_key = md5( uniqid (microtime(), 1) );
+ $this->session_key_new = true;
+ }
}
+ // Taken from phpBB2.
+ function getIPEncoded()
+ {
+ if( getenv('HTTP_X_FORWARDED_FOR') != '' )
+ {
+ $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
+
+ if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
+ {
+ $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
+ $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
+ }
+ }
+ else
+ {
+ $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
+ }
+
+ $ip_sep = explode('.', $client_ip);
+ return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
+ }
}
!
?>
Index: user.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/user.php,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -r1.15 -r1.16
*** user.php 8 Feb 2003 10:48:22 -0000 1.15
--- user.php 22 Apr 2003 10:50:52 -0000 1.16
***************
*** 1,57 ****
<?php
! class User // Creates a barrier between the Auth class and the outside world.
! // If user doesn't need to be auth'ed, he isn't.
{
! // Fetches user information/variables from the database.
! // Author: Brian 'Heimidal' Rose
! // Accepts: $user (integer).
! // Returns: boolean.
! function _snapshot( $user )
! {
!
! global $DB;
!
! $sql = "SELECT * FROM " . DB_USERS_TABLE . " WHERE userid=" . $DB->escapeString($user);
!
! $qry = $DB->query($sql);
!
! if( $DB->numRows( $qry ) < 1 ) {
!
! die('User(' . $user . ') not found.');
!
! }
! else {
! $user_array = $DB->fetchArray($qry);
!
! while( list ($key, $val) = each ($user_array) )
! {
! define( "U_" . strtoupper($key), "$val" );
! }
!
! return true;
! }
! }
!
! // Session cleanup routine.
! // Author: Brian 'Heimidal' Rose
! // Accepts: none.
! // Returns: none.
! function sessionClean()
! {
!
! global $DB;
!
! $rand = rand(0,10);
! if($rand >= 1) // 1:10 chance of session cleanup. This may later become a setting.
! {
!
! $sql = "DELETE FROM " . DB_SESSIONS_TABLE . " WHERE expiry<" . time();
! $DB->query($sql);
!
! }
!
! }
// User initialization function. Does -EVERYTHING- except explicit session cleanup.
--- 1,9 ----
<?php
! class User
{
! var $user_id;
! var $data;
// User initialization function. Does -EVERYTHING- except explicit session cleanup.
***************
*** 64,88 ****
$this->sessionClean();
! // Must decide is this is an anonymous user or a registered user.
!
! if( ( C_USE_PORTAL_PERMS == 1 ) || ( defined( P_USE_ADMIN_PERMS ) ) ) // Checks for use_perms setting and makes sure we're not entering the admin area.
! {
!
! // We want to use authentication.
! global $Sessions;
! include_once( C_PHPMP_ROOT . 'includes/sessions.php' );
! $Sessions = new Sessions(); // Initializes Auth, which also authenticates the user.
! $this->_snapshot( $Sessions->curr_user ); // Gets snapshot of user info/vars.
!
! }
! else // We're not going to bother auth'ing the user.
! {
!
! $this->_snapshot('1'); // Gets snapshot of anon user info/vars.
!
}
}
--- 16,52 ----
$this->sessionClean();
! // Are we logging in?
! global $do_login;
! if( $do_login == true ) // We are logging in.
! {
! // We are logging in. Set up variables.
! $username = $_POST['login_user_name'];
! $passwd_enc = md5($_POST['login_passwd']);
! // $autologin = $_POST['autologin'][0];
! $sql = "SELECT * FROM " . DB_USERS_TABLE . "
! WHERE user_name='" . $username . "'
! AND user_passwd='" . $passwd_enc . "'";
! global $DB;
!
! $result = $DB->query($sql);
! $num_rows = $DB->numRows($result);
!
! if( $num_rows ) // We have a user!
! {
! $this->data = $DB->fetchAssoc($result);
! $this->user_id = $this->data['user_id'];
!
! // Setup the autologin cookie.
! // setcookie(C_COOKIE_NAME . '_auto', $cookie_data, time() + TIME_YEAR_SECONDS, C_COOKIE_PATH, C_COOKIE_DOMAIN, C_COOKIE_SECURE);
! }
! else // Wrong login information.
! {
! die('Sorry. Your username and/or password are incorrect.');
! }
}
+
}
|
