phpmp-commits Mailing List for phpMyPublications (Page 11)
Status: Pre-Alpha
Brought to you by:
heimidal
Menu
▾
▴
phpmp-commits
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
(69) |
May
(1) |
Jun
|
Jul
(53) |
Aug
(27) |
Sep
|
Oct
|
Nov
(35) |
Dec
(71) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(5) |
Feb
(65) |
Mar
|
Apr
(15) |
May
(40) |
Jun
(72) |
Jul
|
Aug
(2) |
Sep
(95) |
Oct
(37) |
Nov
|
Dec
|
| 2005 |
Jan
|
Feb
(4) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Brian R. <hei...@us...> - 2003-04-29 08:41:05
|
Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv1332/includes
Modified Files:
session.php user.php
Log Message:
Rewrote a bit of the User/Session classes. Autologin now works like a charm. Hopefully someone can try and break it once we get a template together.
Index: session.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/session.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -r1.3 -r1.4
*** session.php 26 Apr 2003 02:47:24 -0000 1.3
--- session.php 29 Apr 2003 08:40:54 -0000 1.4
***************
*** 4,10 ****
{
! var $started = 0;
var $session_data;
var $session_key;
var $session_key_new = false;
var $session_user_id;
--- 4,12 ----
{
! var $started = false;
var $session_data;
var $session_key;
+ var $do_login = false;
+ var $is_logged_in = false;
var $session_key_new = false;
var $session_user_id;
***************
*** 38,41 ****
--- 40,82 ----
$DB->query($sql);
+
+ setcookie($Config['cookie_name'] . '_auto', '', time() - 3600, $Config['cookie_path'], $Config['cookie_domain'], $Config['cookie_secure']);
+ setcookie($Config['cookie_name'] . '_data', '', time() - 3600, $Config['cookie_path'], $Config['cookie_domain'], $Config['cookie_secure']);
+ }
+
+ function login()
+ {
+ global $User, $DB, $Config;
+
+ $this->do_login == true;
+
+ // We are logging in. Set up variables.
+ $username = $_POST['login_username'];
+ $passwd_enc = md5($_POST['login_passwd']);
+ $auto_login_set = $_POST['autologin'];
+
+ $sql = "SELECT * FROM " . DB_USERS_TABLE . "
+ WHERE user_name='" . $username . "'
+ AND user_passwd='" . $passwd_enc . "'";
+
+ $result = $DB->query($sql);
+ $num_rows = $DB->numRows($result);
+
+ if( $num_rows == 1 ) // We have a user!
+ {
+ $User->data = $DB->fetchAssoc($result);
+ $this->session_user_id = $User->data['user_id'];
+ $this->is_logged_in = true;
+
+ if( $auto_login_set == true )
+ {
+ $auto_cookie_data = urlencode( $this->session_user_id . ':' . $passwd_enc );
+ setcookie($Config['cookie_name'] . '_auto', $auto_cookie_data, time() + 31536000, $Config['cookie_path'], $Config['cookie_domain'], $Config['cookie_secure']);
+ }
+ }
+ else // Wrong login information.
+ {
+ die('Sorry. Your username and/or password are incorrect. ');
+ }
}
***************
*** 43,47 ****
function run()
{
! global $do_login, $User, $DB, $Config;
// Checks to see if a session has been started.
--- 84,93 ----
function run()
{
! global $User, $DB, $Config;
!
! if( $_POST['do_login'] == true )
! {
! $this->login();
! }
// Checks to see if a session has been started.
***************
*** 54,69 ****
// Capture the page we're at.
$page = basename($_SERVER['REQUEST_URI']);
!
! // Test to see if we're logging in.
! if($_POST['do_login'] == true)
! {
! $this->session_user_id = $User->user_id;
! }
!
! $session_exists = false; // We'll assume that no sessions exist yet.
!
$cur_time = time(); // Time as of right now.
$exp_time = $cur_time + $Config['session_length']; // Time at which this session will become invalid.
$this->ip = $User->getIPEncoded(); // Gets the user's IP address.
// If the ID is new, why bother querying to test for an old one?
--- 100,109 ----
// Capture the page we're at.
$page = basename($_SERVER['REQUEST_URI']);
!
$cur_time = time(); // Time as of right now.
$exp_time = $cur_time + $Config['session_length']; // Time at which this session will become invalid.
$this->ip = $User->getIPEncoded(); // Gets the user's IP address.
+
+ $session_exists = false; // We'll assume that no sessions exist yet.
// If the ID is new, why bother querying to test for an old one?
***************
*** 71,77 ****
{
// Gathers session data from the database.
! $sql = 'SELECT * FROM ' . DB_SESSIONS_TABLE . '
! WHERE session_key=\'' . $this->session_key . '\'
! ORDER BY session_exp_time DESC';
$result = $DB->query($sql);
--- 111,117 ----
{
// Gathers session data from the database.
! $sql = "SELECT * FROM " . DB_SESSIONS_TABLE . "
! WHERE session_key='" . $this->session_key . "'
! ORDER BY session_exp_time DESC";
$result = $DB->query($sql);
***************
*** 91,99 ****
if( $session_exists == true ) // A session exists. Yay.
! {
! $sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
! SET session_exp_time=' . $exp_time . ', session_page=\'' . addslashes($page) . '\'';
!
! if( $_POST['do_login'] == true ) // Swap out the anonymous user for our new user_id.
{
$sql = "UPDATE " . DB_SESSIONS_TABLE . "
--- 131,136 ----
if( $session_exists == true ) // A session exists. Yay.
! {
! if( $this->is_logged_in == true ) // Swap out the anonymous user for our new user_id.
{
$sql = "UPDATE " . DB_SESSIONS_TABLE . "
***************
*** 102,108 ****
}
else
! {
! $User->user_id = $this->session_user_id;
!
$sql = "UPDATE " . DB_SESSIONS_TABLE . "
SET session_exp_time=" . $exp_time . ", session_page='" . addslashes($page) . "'
--- 139,143 ----
}
else
! {
$sql = "UPDATE " . DB_SESSIONS_TABLE . "
SET session_exp_time=" . $exp_time . ", session_page='" . addslashes($page) . "'
***************
*** 112,119 ****
else // A session does not exist. We'll create one.
{
! if( $_POST['do_login'] == false )
{
$this->session_user_id = 1;
- $User->user_id = 1;
}
--- 147,153 ----
else // A session does not exist. We'll create one.
{
! if( $this->is_logged_in == false )
{
$this->session_user_id = 1;
}
***************
*** 125,129 ****
$DB->query($sql);
! if( $_POST['do_login'] == false )
{
$sql = 'SELECT * FROM ' . DB_USERS_TABLE . '
--- 159,163 ----
$DB->query($sql);
! if( $this->is_logged_in == false )
{
$sql = 'SELECT * FROM ' . DB_USERS_TABLE . '
***************
*** 138,142 ****
setcookie($Config['cookie_name'] . '_data', $cookie_data, $cur_time + $Config['session_length'], $Config['cookie_path'], $Config['cookie_domain'], $Config['cookie_secure']);
}
!
function clean($clean_all = false)
{
--- 172,176 ----
setcookie($Config['cookie_name'] . '_data', $cookie_data, $cur_time + $Config['session_length'], $Config['cookie_path'], $Config['cookie_domain'], $Config['cookie_secure']);
}
!
function clean($clean_all = false)
{
***************
*** 153,157 ****
function getSessionData()
{
! global $Config;
// Let's see if we have a standard cookie available.
--- 187,191 ----
function getSessionData()
{
! global $Config, $DB, $User;
// Let's see if we have a standard cookie available.
***************
*** 169,182 ****
}
}
! else // There is no standard cookie. Let's check for auto-login.
{
! if( !empty($_COOKIE[$Config['cookie_name'] . '_ext']))
! {
! // We'll add auto-login functions here later on.
! }
! else // We don't have a valid cookie. We'll make one.
{
! $this->session_key = md5( uniqid (microtime(), 1) );
! $this->session_key_new = true;
}
}
--- 203,241 ----
}
}
!
! if( $this->session_key == '' ) // If we don't have a session key by now, there isn't one saved.
{
! $this->session_key = md5( uniqid (microtime(), 1) );
! $this->session_key_new = true;
! }
!
! // The user is currently anonymous, so let's check for auto-login.
! if( ($this->session_user_id == 1) || empty($this->session_user_id) )
! {
! if( !empty( $_COOKIE[$Config['cookie_name'] . '_auto'] ) ) // We have an autologin cookie set.
{
! $auto_cookie_data = $_COOKIE[$Config['cookie_name'] . '_auto'];
! $auto_cookie_array = explode(':', urldecode( $auto_cookie_data ) );
!
! $sql = "SELECT * FROM " . DB_USERS_TABLE . "
! WHERE user_id=" . $auto_cookie_array[0] . "
! AND user_passwd='" . $auto_cookie_array[1] . "'";
!
! $result = $DB->query($sql);
! $num_rows = $DB->numRows($result);
!
! if( $num_rows == 1 ) // This cookie is valid.
! {
! $User->data = $DB->fetchAssoc($result);
! $this->session_user_id = $auto_cookie_array[0];
! $this->is_logged_in = true;
! }
! else // The autologin cookie was invalid.
! {
! // We'll unset the cookie and continue on like nothing ever happened.
! setcookie($Config['cookie_name'] . '_auto', '', time() - 3600, $Config['cookie_path'], $Config['cookie_domain'], $Config['cookie_secure']);
! return false;
! $this->session_user_id = 1;
! }
}
}
Index: user.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/user.php,v
retrieving revision 1.18
retrieving revision 1.19
diff -C2 -r1.18 -r1.19
*** user.php 26 Apr 2003 02:47:24 -0000 1.18
--- user.php 29 Apr 2003 08:40:54 -0000 1.19
***************
*** 4,48 ****
{
- var $user_id;
var $data;
-
- // User initialization function. Does -EVERYTHING- except explicit session cleanup.
- // Author: Brian 'Heimidal' Rose
- // Accepts: none.
- // Returns: none.
- function User()
- {
- if( $_POST['do_login'] == true ) // We are logging in.
- {
- // We are logging in. Set up variables.
- $username = $_POST['login_user_name'];
- $passwd_enc = md5($_POST['login_passwd']);
- // $autologin = $_POST['autologin'][0];
-
- $sql = "SELECT * FROM " . DB_USERS_TABLE . "
- WHERE user_name='" . $username . "'
- AND user_passwd='" . $passwd_enc . "'";
-
- global $DB;
-
- $result = $DB->query($sql);
- $num_rows = $DB->numRows($result);
-
- if( $num_rows == 1 ) // We have a user!
- {
- $this->data = $DB->fetchAssoc($result);
- $this->user_id = $this->data['user_id'];
-
- // Setup the autologin cookie.
- // setcookie(C_COOKIE_NAME . '_auto', $cookie_data, time() + TIME_YEAR_SECONDS, C_COOKIE_PATH, C_COOKIE_DOMAIN, C_COOKIE_SECURE);
- }
- else // Wrong login information.
- {
- die('Sorry. Your username and/or password are incorrect. ' . $passwd_enc . ' ' . $_POST['login_passwd']);
- }
- }
- }
! // Taken from phpBB2.
function getIPEncoded()
{
--- 4,10 ----
{
var $data;
! // Taken from phpBB2. Fetches the IP in a hex form.
function getIPEncoded()
{
***************
*** 66,70 ****
}
! // Taken from phpBB2.
function decodeIP($encoded_ip)
{
--- 28,32 ----
}
! // Taken from phpBB2. Decodes a hexed IP.
function decodeIP($encoded_ip)
{
|
|
From: Brian R. <hei...@us...> - 2003-04-29 08:41:05
|
Update of /cvsroot/phpmp/phpMP In directory sc8-pr-cvs1:/tmp/cvs-serv1332 Modified Files: index.php login_test.php Log Message: Rewrote a bit of the User/Session classes. Autologin now works like a charm. Hopefully someone can try and break it once we get a template together. Index: index.php =================================================================== RCS file: /cvsroot/phpmp/phpMP/index.php,v retrieving revision 1.38 retrieving revision 1.39 diff -C2 -r1.38 -r1.39 *** index.php 23 Apr 2003 08:28:40 -0000 1.38 --- index.php 29 Apr 2003 08:40:52 -0000 1.39 *************** *** 36,39 **** --- 36,44 ---- print "Sessions Table: " . DB_SESSIONS_TABLE . '<br>'; + print "<br>"; + + print "Regular Cookie: " . urldecode($_COOKIE[$Config['cookie_name'] . '_data']) . '<br>'; + print "Auto-login Cookie: " . urldecode($_COOKIE[$Config['cookie_name'] . '_auto']) . '<br>'; + ?> <html> Index: login_test.php =================================================================== RCS file: /cvsroot/phpmp/phpMP/login_test.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -r1.1 -r1.2 *** login_test.php 23 Apr 2003 07:21:02 -0000 1.1 --- login_test.php 29 Apr 2003 08:40:54 -0000 1.2 *************** *** 10,17 **** <form name="form1" id="form1" method="post" action="index.php"> <p> ! <input name="login_user_name" type="text" id="login_user_name" /> </p> <p> ! <input name="login_passwd" type="password" id="login_passwd" /> </p> <p> --- 10,20 ---- <form name="form1" id="form1" method="post" action="index.php"> <p> ! <input name="login_username" type="text" id="login_username" value="" /> </p> <p> ! <input name="login_passwd" type="password" id="login_passwd" value="" /> ! </p> ! <p>Auto-Login? ! <input name="autologin" type="checkbox" id="autologin" /> </p> <p> |
|
From: Brian R. <hei...@us...> - 2003-04-26 02:47:27
|
Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv21784/includes
Modified Files:
session.php user.php
Log Message:
Fixed a few problems; reformatted the way the new session function was structured.
Index: session.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/session.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -r1.2 -r1.3
*** session.php 23 Apr 2003 08:28:41 -0000 1.2
--- session.php 26 Apr 2003 02:47:24 -0000 1.3
***************
*** 12,20 ****
// Starts the session. Must be called.
! function start()
{
if($this->started == false)
{
! $this->clean();
$this->getSessionData();
$this->started = true;
--- 12,20 ----
// Starts the session. Must be called.
! function start($clean_all = false)
{
if($this->started == false)
{
! $this->clean(/*$clean_all*/ $_POST['clean_all'] );
$this->getSessionData();
$this->started = true;
***************
*** 32,36 ****
// Sets the session as owned by an anonymous user.
$sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
! SET exp_time=\'' . $exp_time . '\'
AND session_page=\'' . $page . '\'
AND session_user_id=1
--- 32,36 ----
// Sets the session as owned by an anonymous user.
$sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
! SET session_exp_time=\'' . $exp_time . '\'
AND session_page=\'' . $page . '\'
AND session_user_id=1
***************
*** 65,69 ****
$cur_time = time(); // Time as of right now.
$exp_time = $cur_time + $Config['session_length']; // Time at which this session will become invalid.
! $this->ip = $this->getIPEncoded(); // Gets the user's IP address.
// If the ID is new, why bother querying to test for an old one?
--- 65,69 ----
$cur_time = time(); // Time as of right now.
$exp_time = $cur_time + $Config['session_length']; // Time at which this session will become invalid.
! $this->ip = $User->getIPEncoded(); // Gets the user's IP address.
// If the ID is new, why bother querying to test for an old one?
***************
*** 82,85 ****
--- 82,86 ----
// If the session is expired, we'll go ahead and create a new one regardless.
+ // The old one *should* be cleaned out by our clean() function later.
$this->session_data = $DB->fetchAssoc($result);
if( $this->session_data['session_exp_time'] < $cur_time )
***************
*** 90,94 ****
if( $session_exists == true ) // A session exists. Yay.
! {
$sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
SET session_exp_time=' . $exp_time . ', session_page=\'' . addslashes($page) . '\'';
--- 91,95 ----
if( $session_exists == true ) // A session exists. Yay.
! {
$sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
SET session_exp_time=' . $exp_time . ', session_page=\'' . addslashes($page) . '\'';
***************
*** 96,114 ****
if( $_POST['do_login'] == true ) // Swap out the anonymous user for our new user_id.
{
! $sql .= ', session_user_id=' . $this->session_user_id;
}
!
! $sql .= ' WHERE session_key=\'' . $this->session_key . '\'';
!
! $User->user_id = $this->session_user_id;
}
! else // A session does not exist. We'll create an anonymous one.
! {
$sql = 'INSERT INTO ' . DB_SESSIONS_TABLE . '
(session_key, session_user_id, session_start_time, session_exp_time, session_page, session_ip)
! VALUES(\'' . $this->session_key . '\', 1,' . $cur_time . ',' . $exp_time . ',\'' . addslashes($page) . '\',\'' . $this->ip . '\')';
!
! $this->session_user_id = 1;
! $User->user_id = 1;
}
--- 97,124 ----
if( $_POST['do_login'] == true ) // Swap out the anonymous user for our new user_id.
{
! $sql = "UPDATE " . DB_SESSIONS_TABLE . "
! SET session_exp_time=" . $exp_time . ", session_page='" . addslashes($page) . "', session_user_id=" . $this->session_user_id . "
! WHERE session_key='" . $this->session_key . "'";
}
! else
! {
! $User->user_id = $this->session_user_id;
!
! $sql = "UPDATE " . DB_SESSIONS_TABLE . "
! SET session_exp_time=" . $exp_time . ", session_page='" . addslashes($page) . "'
! WHERE session_key='" . $this->session_key . "'";
! }
}
! else // A session does not exist. We'll create one.
! {
! if( $_POST['do_login'] == false )
! {
! $this->session_user_id = 1;
! $User->user_id = 1;
! }
!
$sql = 'INSERT INTO ' . DB_SESSIONS_TABLE . '
(session_key, session_user_id, session_start_time, session_exp_time, session_page, session_ip)
! VALUES(\'' . $this->session_key . '\', ' . $this->session_user_id . ', ' . $cur_time . ', ' . $exp_time . ', \'' . addslashes($page) . '\', \'' . $this->ip . '\')';
}
***************
*** 129,140 ****
}
! function clean()
{
global $DB;
$rand = rand(0,10);
! if($rand >= 1) // 1:10 chance of session cleanup. This may later become a setting.
{
! $sql = "DELETE FROM " . DB_SESSIONS_TABLE . " WHERE exp_time<" . time();
$DB->query($sql);
}
--- 139,150 ----
}
! function clean($clean_all = false)
{
global $DB;
$rand = rand(0,10);
! if(($rand >= 1) || ($clean_all == true)) // 1:10 chance of session cleanup. This may later become a setting.
{
! $sql = "DELETE FROM " . DB_SESSIONS_TABLE . " WHERE session_exp_time<" . time();
$DB->query($sql);
}
***************
*** 159,198 ****
}
}
! else
{
! // OK. We don't have a valid cookie. We'll make one.
! $this->session_key = md5( uniqid (microtime(), 1) );
! $this->session_key_new = true;
! }
! }
!
! // Taken from phpBB2.
! function getIPEncoded()
! {
! if( getenv('HTTP_X_FORWARDED_FOR') != '' )
! {
! $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
!
! if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
{
! $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
! $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
}
}
- else
- {
- $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
- }
-
- $ip_sep = explode('.', $client_ip);
- return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
}
-
- // Taken from phpBB2.
- function decodeIP($encoded_ip)
- {
- $hexipbang = explode('.', chunk_split($encoded_ip, 2, '.'));
- return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
- }
}
--- 169,185 ----
}
}
! else // There is no standard cookie. Let's check for auto-login.
{
! if( !empty($_COOKIE[$Config['cookie_name'] . '_ext']))
{
! // We'll add auto-login functions here later on.
! }
! else // We don't have a valid cookie. We'll make one.
! {
! $this->session_key = md5( uniqid (microtime(), 1) );
! $this->session_key_new = true;
}
}
}
}
Index: user.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/user.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -r1.17 -r1.18
*** user.php 23 Apr 2003 07:21:03 -0000 1.17
--- user.php 26 Apr 2003 02:47:24 -0000 1.18
***************
*** 42,49 ****
}
}
-
-
}
}
--- 42,75 ----
}
}
}
+ // Taken from phpBB2.
+ function getIPEncoded()
+ {
+ if( getenv('HTTP_X_FORWARDED_FOR') != '' )
+ {
+ $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
+
+ if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
+ {
+ $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
+ $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
+ }
+ }
+ else
+ {
+ $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
+ }
+
+ $ip_sep = explode('.', $client_ip);
+ return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
+ }
+
+ // Taken from phpBB2.
+ function decodeIP($encoded_ip)
+ {
+ $hexipbang = explode('.', chunk_split($encoded_ip, 2, '.'));
+ return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
+ }
}
|
|
From: Brian R. <hei...@us...> - 2003-04-23 08:30:55
|
Update of /cvsroot/phpmp/phpMP/docs In directory sc8-pr-cvs1:/tmp/cvs-serv1804/docs Modified Files: Changelog Log Message: Updated Changelog. Index: Changelog =================================================================== RCS file: /cvsroot/phpmp/phpMP/docs/Changelog,v retrieving revision 1.27 retrieving revision 1.28 diff -C2 -r1.27 -r1.28 *** Changelog 23 Apr 2003 07:31:53 -0000 1.27 --- Changelog 23 Apr 2003 08:30:47 -0000 1.28 *************** *** 1,3 **** --- 1,9 ---- 2003-04-23 + * session.php + Added support for decoding our hexed IPs. + * mysql_structure.sql + * mysql_default_vals.sql + Updated the table definitions. + 2003-04-23 * index.php * login_test.php |
|
From: Brian R. <hei...@us...> - 2003-04-23 08:28:45
|
Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv32327/includes
Modified Files:
session.php
Log Message:
Updated the session table definition. Added the ability to decode the IPs we've encoded in the database. Fixed a word that was incorrect in index.php.
Index: session.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/session.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** session.php 23 Apr 2003 07:21:03 -0000 1.1
--- session.php 23 Apr 2003 08:28:41 -0000 1.2
***************
*** 188,191 ****
--- 188,198 ----
return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
}
+
+ // Taken from phpBB2.
+ function decodeIP($encoded_ip)
+ {
+ $hexipbang = explode('.', chunk_split($encoded_ip, 2, '.'));
+ return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
+ }
}
|
|
From: Brian R. <hei...@us...> - 2003-04-23 08:28:45
|
Update of /cvsroot/phpmp/phpMP/dba/sql
In directory sc8-pr-cvs1:/tmp/cvs-serv32327/dba/sql
Modified Files:
mysql_structure.sql
Log Message:
Updated the session table definition. Added the ability to decode the IPs we've encoded in the database. Fixed a word that was incorrect in index.php.
Index: mysql_structure.sql
===================================================================
RCS file: /cvsroot/phpmp/phpMP/dba/sql/mysql_structure.sql,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -r1.3 -r1.4
*** mysql_structure.sql 23 Apr 2003 07:21:03 -0000 1.3
--- mysql_structure.sql 23 Apr 2003 08:28:41 -0000 1.4
***************
*** 38,42 ****
`session_ip` varchar(8) NOT NULL default '',
PRIMARY KEY (`session_key`)
! ) TYPE=MyISAM;
#
--- 38,42 ----
`session_ip` varchar(8) NOT NULL default '',
PRIMARY KEY (`session_key`)
! ) TYPE=Heap;
#
|
|
From: Brian R. <hei...@us...> - 2003-04-23 08:28:44
|
Update of /cvsroot/phpmp/phpMP In directory sc8-pr-cvs1:/tmp/cvs-serv32327 Modified Files: index.php Log Message: Updated the session table definition. Added the ability to decode the IPs we've encoded in the database. Fixed a word that was incorrect in index.php. Index: index.php =================================================================== RCS file: /cvsroot/phpmp/phpMP/index.php,v retrieving revision 1.37 retrieving revision 1.38 diff -C2 -r1.37 -r1.38 *** index.php 23 Apr 2003 07:21:02 -0000 1.37 --- index.php 23 Apr 2003 08:28:40 -0000 1.38 *************** *** 26,30 **** print "DB Name: " . DB_NAME . '<br>'; print "DB User: " . DB_USER . '<br>'; ! print "DB Host: " . DB_TABLE_PREFIX . '<br>'; print "<br>"; --- 26,30 ---- print "DB Name: " . DB_NAME . '<br>'; print "DB User: " . DB_USER . '<br>'; ! print "Table Prefix: " . DB_TABLE_PREFIX . '<br>'; print "<br>"; |
|
From: Brian R. <hei...@us...> - 2003-04-23 07:31:59
|
Update of /cvsroot/phpmp/phpMP/docs
In directory sc8-pr-cvs1:/tmp/cvs-serv8572
Modified Files:
Changelog
Log Message:
Updated Changelog.
Index: Changelog
===================================================================
RCS file: /cvsroot/phpmp/phpMP/docs/Changelog,v
retrieving revision 1.26
retrieving revision 1.27
diff -C2 -r1.26 -r1.27
*** Changelog 18 Feb 2003 22:46:35 -0000 1.26
--- Changelog 23 Apr 2003 07:31:53 -0000 1.27
***************
*** 1,2 ****
--- 1,18 ----
+ 2003-04-23
+ * index.php
+ * login_test.php
+ * includes/sessions.php **REMOVED**
+ * includes/session.php **NEW**
+ * includes/user.php
+ * includes/core.php
+ * includes/functions.php
+ * includes/language.php
+ * includes/auth.php **REMOVED**
+ The session/login system now works as I expect it to.
+ All config settings are now housed in $Config.
+ You MUST globalize $Config in each new class.
+ The Auth class has bee removed, in favor of the
+ User class.
+
2003-02-18
* includes/admin.php
***************
*** 5,20 ****
2003-02-14 [AnthonyWhite]
* dba/mssql.dba **NEW**
! Added support for Microsoft SQL databases
2003-02-11 [AnthonyWhite]
* admin/main.php
! Fixed a few issues regarding parsing multiple forms
* includes/admin.php
! Added support for complete user management
! Having a few problems, but I will fix them soon
2003-02-10 [AnthonyWhite]
* includes/admin.php
! Started on User Management
* admin/main.php
* admin/nav.php
--- 21,36 ----
2003-02-14 [AnthonyWhite]
* dba/mssql.dba **NEW**
! Added support for Microsoft SQL databases
2003-02-11 [AnthonyWhite]
* admin/main.php
! Fixed a few issues regarding parsing multiple forms
* includes/admin.php
! Added support for complete user management
! Having a few problems, but I will fix them soon
2003-02-10 [AnthonyWhite]
* includes/admin.php
! Started on User Management
* admin/main.php
* admin/nav.php
***************
*** 22,32 ****
2003-02-09 [AnthonyWhite]
! * includes/admin.php
! Added timezone dropdown
! Doesnt select timezone, it is displayed beside box
2003-02-09 [AnthonyWhite]
! * includes/admin.php
! Minor changes with site config form
2003-02-09 [Heimidal]
--- 38,48 ----
2003-02-09 [AnthonyWhite]
! * includes/admin.php
! Added timezone dropdown
! Doesnt select timezone, it is displayed beside box
2003-02-09 [AnthonyWhite]
! * includes/admin.php
! Minor changes with site config form
2003-02-09 [Heimidal]
|
|
From: Brian R. <hei...@us...> - 2003-04-23 07:28:51
|
Update of /cvsroot/phpmp/phpMP/includes In directory sc8-pr-cvs1:/tmp/cvs-serv6953 Removed Files: auth.php Log Message: The Auth class has been removed in favor of the User class, which handles all User authentication and profiling responsibilities. We may later reinstate the Auth class to extend the User class (if it becomes quite bulky, as I suspect) but for now, this will do. --- auth.php DELETED --- |
|
From: Brian R. <hei...@us...> - 2003-04-23 07:21:08
|
Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv4022/includes
Modified Files:
core.php functions.php language.php user.php
Added Files:
session.php
Removed Files:
sessions.php
Log Message:
Literally, TONS of changes.
The most significant include a session system that finally works (!) as well as a change in the way config values are assigned - all config settings are now housed in an associative array called "$Config", which must be globalized before use.
--- NEW FILE: session.php ---
<?php
class Session // Creates and maintains sessions for all users.
{
var $started = 0;
var $session_data;
var $session_key;
var $session_key_new = false;
var $session_user_id;
var $ip;
// Starts the session. Must be called.
function start()
{
if($this->started == false)
{
$this->clean();
$this->getSessionData();
$this->started = true;
}
}
// Destroys sessions. Used for logging out and such.
function destroy()
{
global $DB, $Config;
$exp_time = time() + $Config['session_length'];
$page = basename($_SERVER['REQUEST_URI']);
// Sets the session as owned by an anonymous user.
$sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
SET exp_time=\'' . $exp_time . '\'
AND session_page=\'' . $page . '\'
AND session_user_id=1
WHERE session_key=\'' . $this->session_key . '\'';
$DB->query($sql);
}
// Saves the session data to the database.
function run()
{
global $do_login, $User, $DB, $Config;
// Checks to see if a session has been started.
// If not, we'll die because we want to explicitly declare sessions.
if( $this->started == false )
{
die('You must explicitly declare all $Session->start calls.');
}
// Capture the page we're at.
$page = basename($_SERVER['REQUEST_URI']);
// Test to see if we're logging in.
if($_POST['do_login'] == true)
{
$this->session_user_id = $User->user_id;
}
$session_exists = false; // We'll assume that no sessions exist yet.
$cur_time = time(); // Time as of right now.
$exp_time = $cur_time + $Config['session_length']; // Time at which this session will become invalid.
$this->ip = $this->getIPEncoded(); // Gets the user's IP address.
// If the ID is new, why bother querying to test for an old one?
if( $this->session_key_new == false )
{
// Gathers session data from the database.
$sql = 'SELECT * FROM ' . DB_SESSIONS_TABLE . '
WHERE session_key=\'' . $this->session_key . '\'
ORDER BY session_exp_time DESC';
$result = $DB->query($sql);
$num_rows = $DB->numRows($result);
// Checks for a session in the database.
($num_rows >= 1) ? ($session_exists = true) : ($session_exists = false);
// If the session is expired, we'll go ahead and create a new one regardless.
$this->session_data = $DB->fetchAssoc($result);
if( $this->session_data['session_exp_time'] < $cur_time )
{
$session_exists = false;
}
}
if( $session_exists == true ) // A session exists. Yay.
{
$sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
SET session_exp_time=' . $exp_time . ', session_page=\'' . addslashes($page) . '\'';
if( $_POST['do_login'] == true ) // Swap out the anonymous user for our new user_id.
{
$sql .= ', session_user_id=' . $this->session_user_id;
}
$sql .= ' WHERE session_key=\'' . $this->session_key . '\'';
$User->user_id = $this->session_user_id;
}
else // A session does not exist. We'll create an anonymous one.
{
$sql = 'INSERT INTO ' . DB_SESSIONS_TABLE . '
(session_key, session_user_id, session_start_time, session_exp_time, session_page, session_ip)
VALUES(\'' . $this->session_key . '\', 1,' . $cur_time . ',' . $exp_time . ',\'' . addslashes($page) . '\',\'' . $this->ip . '\')';
$this->session_user_id = 1;
$User->user_id = 1;
}
$DB->query($sql);
if( $_POST['do_login'] == false )
{
$sql = 'SELECT * FROM ' . DB_USERS_TABLE . '
WHERE user_id=' . $this->session_user_id;
$result = $DB->query($sql);
$User->data = $DB->fetchAssoc($result);
}
$cookie_data = urlencode( $this->session_user_id . ':' . $this->session_key );
setcookie($Config['cookie_name'] . '_data', $cookie_data, $cur_time + $Config['session_length'], $Config['cookie_path'], $Config['cookie_domain'], $Config['cookie_secure']);
}
function clean()
{
global $DB;
$rand = rand(0,10);
if($rand >= 1) // 1:10 chance of session cleanup. This may later become a setting.
{
$sql = "DELETE FROM " . DB_SESSIONS_TABLE . " WHERE exp_time<" . time();
$DB->query($sql);
}
}
function getSessionData()
{
global $Config;
// Let's see if we have a standard cookie available.
if(!empty($_COOKIE[$Config['cookie_name'] . '_data']))
{
$cookie_data = $_COOKIE[$Config['cookie_name'] . '_data'];
$cookie_array = explode(':', urldecode( $cookie_data ) );
// We have a cookie. Let's see if it's valid.
if( ( !empty($cookie_array[0]) ) && ( strlen($cookie_array[1]) == 32 ) )
{
// Our cookie is valid. Let's set a few vars.
$this->session_user_id = $cookie_array[0];
$this->session_key = $cookie_array[1];
}
}
else
{
// OK. We don't have a valid cookie. We'll make one.
$this->session_key = md5( uniqid (microtime(), 1) );
$this->session_key_new = true;
}
}
// Taken from phpBB2.
function getIPEncoded()
{
if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
$client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
{
$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
}
}
else
{
$client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
}
$ip_sep = explode('.', $client_ip);
return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
}
}
?>
Index: core.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/core.php,v
retrieving revision 1.45
retrieving revision 1.46
diff -C2 -r1.45 -r1.46
*** core.php 22 Apr 2003 10:50:51 -0000 1.45
--- core.php 23 Apr 2003 07:21:03 -0000 1.46
***************
*** 4,33 ****
{
- // Initiates configuration from database.
- // Author: Brian 'Heimidal' Rose
- // Accepts: none.
- // Returns: none.
- function _initConfig ()
- {
-
- define("DB_CONFIG_TABLE", DB_NAME . '.' . DB_TABLE_PREFIX . 'config');
- define("DB_USERS_TABLE", DB_NAME . '.' . DB_TABLE_PREFIX . 'users');
- define("DB_SESSIONS_TABLE", DB_NAME . '.' . DB_TABLE_PREFIX . 'sessions');
- define("DB_MODULES_TABLE", DB_NAME . '.' . DB_TABLE_PREFIX . 'modules');
- define("DB_BLOCK_TABLE", DB_NAME . '.' . DB_TABLE_PREFIX . 'blocks');
-
- global $DB;
-
- $result = $DB->query( "SELECT * FROM " . DB_CONFIG_TABLE );
-
- // Loop through all config values from DB.
- // Define each key as its respective value.
- while( $row = $DB->fetchArray( $result ) )
- {
- define( strtoupper( 'C_' . $row['config_key'] ), $row['config_value'] );
- }
-
- }
-
function strip_magic_quotes($arr)
{
--- 4,7 ----
***************
*** 57,92 ****
}
! if( !defined("P_PHPMP_ROOT") )
{
! define( 'P_PHPMP_ROOT', './' );
}
! include_once( C_PHPMP_ROOT . 'config.php' );
// Globalize all major class-containing variables.
! global $Debug, $DB, $User, $MPCode, $Template;
! include_once( C_PHPMP_ROOT . 'includes/debug.php' );
$Debug = new Debug();
! include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
$DB = new DB();
$DB->connect();
! include_once(C_PHPMP_ROOT . 'includes/constants.php');
! $this->_initConfig(); // Grab DB-stored config values.
! include_once(C_PHPMP_ROOT . 'includes/functions.php');
! include_once(C_PHPMP_ROOT . 'includes/user.php');
$User = new User(); // Create an instance of User.
! include_once(C_PHPMP_ROOT . 'includes/language.php');
$Language = new Language();
createVars();
! include_once(C_PHPMP_ROOT . 'includes/mpcode.php');
// This while() statement will loop through the
--- 31,86 ----
}
! if( !defined("PHPMP_ROOT") )
{
! define( 'PHPMP_ROOT', './' );
}
! include_once( PHPMP_ROOT . 'config.php' );
// Globalize all major class-containing variables.
! global $Config, $Debug, $DB, $User, $MPCode, $Template;
! include_once( PHPMP_ROOT . 'includes/debug.php' );
$Debug = new Debug();
! include_once( PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
$DB = new DB();
$DB->connect();
! define("DB_CONFIG_TABLE", DB_NAME . '.' . DB_TABLE_PREFIX . 'config');
! define("DB_USERS_TABLE", DB_NAME . '.' . DB_TABLE_PREFIX . 'users');
! define("DB_SESSIONS_TABLE", DB_NAME . '.' . DB_TABLE_PREFIX . 'sessions');
! define("DB_MODULES_TABLE", DB_NAME . '.' . DB_TABLE_PREFIX . 'modules');
! define("DB_BLOCK_TABLE", DB_NAME . '.' . DB_TABLE_PREFIX . 'blocks');
!
! $result = $DB->query( "SELECT * FROM " . DB_CONFIG_TABLE );
! // Loop through all config values from DB.
! // Define each key as its respective value.
! while( $row = $DB->fetchArray( $result ) )
! {
! $Config;
! $Config[$row['config_key']] = $row['config_value'];
! }
! include_once(PHPMP_ROOT . 'includes/constants.php');
!
! include_once(PHPMP_ROOT . 'includes/functions.php');
! include_once(PHPMP_ROOT . 'includes/user.php');
$User = new User(); // Create an instance of User.
+
+ include_once(PHPMP_ROOT . 'includes/session.php');
+ $Session = new Session();
+
+ $Session->start();
+ $Session->run();
! include_once(PHPMP_ROOT . 'includes/language.php');
$Language = new Language();
createVars();
! include_once(PHPMP_ROOT . 'includes/mpcode.php');
// This while() statement will loop through the
***************
*** 95,104 ****
while( $my_file = $optional_files[$i] )
{
! include_once(C_PHPMP_ROOT . 'includes/' . $my_file . '.php');
$i++;
}
! include_once(C_PHPMP_ROOT . 'includes/Smarty.class.php');
! include_once(C_PHPMP_ROOT . 'includes/template.php');
$Template = new Template(); // Create an instance of Template.
--- 89,98 ----
while( $my_file = $optional_files[$i] )
{
! include_once(PHPMP_ROOT . 'includes/' . $my_file . '.php');
$i++;
}
! include_once(PHPMP_ROOT . 'includes/Smarty.class.php');
! include_once(PHPMP_ROOT . 'includes/template.php');
$Template = new Template(); // Create an instance of Template.
Index: functions.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/functions.php,v
retrieving revision 1.26
retrieving revision 1.27
diff -C2 -r1.26 -r1.27
*** functions.php 8 Feb 2003 11:07:28 -0000 1.26
--- functions.php 23 Apr 2003 07:21:03 -0000 1.27
***************
*** 7,12 ****
function createVars()
{
! ( U_DATE_FORMAT != '' ) ? define( "C_DATE_FORMAT", U_DATE_FORMAT ) : define( "C_DATE_FORMAT", C_DEFAULT_DATE_FORMAT );
! define("C_DATE_NOW", date(C_DATE_FORMAT)); // This is here...for now.
}
--- 7,14 ----
function createVars()
{
! global $Config;
!
! ( $User->data['date_format'] != '' ) ? ($Config['date_format'] = $User->data['date_format']) : ($Config['date_format'] = $Config['default_date_format']);
! $Config['time_now'] = date( $Config['date_format'] ); // This is here...for now.
}
Index: language.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/language.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -r1.9 -r1.10
*** language.php 8 Feb 2003 09:43:29 -0000 1.9
--- language.php 23 Apr 2003 07:21:03 -0000 1.10
***************
*** 6,15 ****
function Language()
{
! defined("U_LANGUAGE") ? define( "C_LANGUAGE", U_LANGUAGE ) : define( "C_LANGUAGE", C_DEFAULT_LANG );
!
! global $Local;
!
! include_once( C_PHPMP_ROOT . 'languages/' . C_LANGUAGE . '/lang_main.php' );
$Local = new Localization();
--- 6,13 ----
function Language()
{
+ global $Config, $User, $Local;
+ ($User->data['language'] != '') ? ($Config['language'] = $User->data['language']) : ($Config['language'] = $Config['default_lang']);
! include_once( PHPMP_ROOT . 'languages/' . $Config['language'] . '/lang_main.php' );
$Local = new Localization();
Index: user.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/user.php,v
retrieving revision 1.16
retrieving revision 1.17
diff -C2 -r1.16 -r1.17
*** user.php 22 Apr 2003 10:50:52 -0000 1.16
--- user.php 23 Apr 2003 07:21:03 -0000 1.17
***************
*** 13,23 ****
function User()
{
!
! $this->sessionClean();
!
! // Are we logging in?
! global $do_login;
!
! if( $do_login == true ) // We are logging in.
{
// We are logging in. Set up variables.
--- 13,17 ----
function User()
{
! if( $_POST['do_login'] == true ) // We are logging in.
{
// We are logging in. Set up variables.
***************
*** 35,43 ****
$num_rows = $DB->numRows($result);
! if( $num_rows ) // We have a user!
{
$this->data = $DB->fetchAssoc($result);
$this->user_id = $this->data['user_id'];
!
// Setup the autologin cookie.
// setcookie(C_COOKIE_NAME . '_auto', $cookie_data, time() + TIME_YEAR_SECONDS, C_COOKIE_PATH, C_COOKIE_DOMAIN, C_COOKIE_SECURE);
--- 29,37 ----
$num_rows = $DB->numRows($result);
! if( $num_rows == 1 ) // We have a user!
{
$this->data = $DB->fetchAssoc($result);
$this->user_id = $this->data['user_id'];
!
// Setup the autologin cookie.
// setcookie(C_COOKIE_NAME . '_auto', $cookie_data, time() + TIME_YEAR_SECONDS, C_COOKIE_PATH, C_COOKIE_DOMAIN, C_COOKIE_SECURE);
***************
*** 45,49 ****
else // Wrong login information.
{
! die('Sorry. Your username and/or password are incorrect.');
}
}
--- 39,43 ----
else // Wrong login information.
{
! die('Sorry. Your username and/or password are incorrect. ' . $passwd_enc . ' ' . $_POST['login_passwd']);
}
}
--- sessions.php DELETED ---
|
|
From: Brian R. <hei...@us...> - 2003-04-23 07:21:06
|
Update of /cvsroot/phpmp/phpMP/dba/sql In directory sc8-pr-cvs1:/tmp/cvs-serv4022/dba/sql Modified Files: mysql_default_vals.sql mysql_structure.sql Log Message: Literally, TONS of changes. The most significant include a session system that finally works (!) as well as a change in the way config values are assigned - all config settings are now housed in an associative array called "$Config", which must be globalized before use. Index: mysql_default_vals.sql =================================================================== RCS file: /cvsroot/phpmp/phpMP/dba/sql/mysql_default_vals.sql,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -r1.6 -r1.7 *** mysql_default_vals.sql 4 Feb 2003 21:43:14 -0000 1.6 --- mysql_default_vals.sql 23 Apr 2003 07:21:02 -0000 1.7 *************** *** 1,11 **** # phpMyAdmin MySQL-Dump ! # version 2.3.2 # http://www.phpmyadmin.net/ (download page) # # Host: localhost ! # Generation Time: Dec 03, 2002 at 05:32 AM ! # Server version: 3.23.53 ! # PHP Version: 4.2.3 # Database : `phpmp` # --- 1,12 ---- # phpMyAdmin MySQL-Dump ! # version 2.5.0-rc1 # http://www.phpmyadmin.net/ (download page) # # Host: localhost ! # Generation Time: Apr 23, 2003 at 01:14 AM ! # Server version: 4.0.12 ! # PHP Version: 4.3.0 # Database : `phpmp` + # -------------------------------------------------------- # *************** *** 13,27 **** # ! INSERT INTO phpmp_config VALUES ('site_addr', 'http://localhost'); ! INSERT INTO phpmp_config VALUES ('rel_path', '/'); ! INSERT INTO phpmp_config VALUES ('default_tpl', 'TealMP'); ! INSERT INTO phpmp_config VALUES ('override_usr_tpl', '0'); ! INSERT INTO phpmp_config VALUES ('site_name', 'phpMP'); ! INSERT INTO phpmp_config VALUES ('default_lang', 'english'); ! INSERT INTO phpmp_config VALUES ('default_date_format', 'M j, Y h:ia T'); ! INSERT INTO phpmp_config VALUES ('enable_account_activation', '0'); ! INSERT INTO phpmp_config VALUES ('system_timezone', '-7'); ! INSERT INTO phpmp_config VALUES ('version', '0.1a'); ! INSERT INTO phpmp_config VALUES ('use_portal_perms', '0'); # --- 14,33 ---- # ! INSERT INTO `phpmp_config` VALUES ('site_domain', 'http://localhost'); ! INSERT INTO `phpmp_config` VALUES ('rel_path', '/phpMP/'); ! INSERT INTO `phpmp_config` VALUES ('default_tpl', ''); ! INSERT INTO `phpmp_config` VALUES ('override_usr_tpl', '0'); ! INSERT INTO `phpmp_config` VALUES ('site_name', 'phpMP'); ! INSERT INTO `phpmp_config` VALUES ('default_lang', 'english'); ! INSERT INTO `phpmp_config` VALUES ('default_date_format', 'M j, Y h:ia T'); ! INSERT INTO `phpmp_config` VALUES ('enable_account_activation', '0'); ! INSERT INTO `phpmp_config` VALUES ('system_timezone', '-5'); ! INSERT INTO `phpmp_config` VALUES ('version', '0.1a'); ! INSERT INTO `phpmp_config` VALUES ('cookie_name', 'phpmp_cookie'); ! INSERT INTO `phpmp_config` VALUES ('cookie_domain', ''); ! INSERT INTO `phpmp_config` VALUES ('cookie_path', ''); ! INSERT INTO `phpmp_config` VALUES ('cookie_secure', '0'); ! INSERT INTO `phpmp_config` VALUES ('session_length', '3600'); ! # -------------------------------------------------------- # *************** *** 29,31 **** # ! INSERT INTO phpmp_users VALUES (1, 'Anonymous', '', 1, '', '', 0, '', '', ''); --- 35,37 ---- # ! INSERT INTO `phpmp_users` VALUES (1, 'Anonymous', '', 1, '', '', 0, '', '', '', ''); \ No newline at end of file Index: mysql_structure.sql =================================================================== RCS file: /cvsroot/phpmp/phpMP/dba/sql/mysql_structure.sql,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -r1.2 -r1.3 *** mysql_structure.sql 3 Dec 2002 12:35:56 -0000 1.2 --- mysql_structure.sql 23 Apr 2003 07:21:03 -0000 1.3 *************** *** 1,10 **** # phpMyAdmin MySQL-Dump ! # version 2.3.2 # http://www.phpmyadmin.net/ (download page) # # Host: localhost ! # Generation Time: Dec 03, 2002 at 05:30 AM ! # Server version: 3.23.53 ! # PHP Version: 4.2.3 # Database : `phpmp` # -------------------------------------------------------- --- 1,10 ---- # phpMyAdmin MySQL-Dump ! # version 2.5.0-rc1 # http://www.phpmyadmin.net/ (download page) # # Host: localhost ! # Generation Time: Apr 23, 2003 at 01:14 AM ! # Server version: 4.0.12 ! # PHP Version: 4.3.0 # Database : `phpmp` # -------------------------------------------------------- *************** *** 13,39 **** # Table structure for table `phpmp_config` # ! CREATE TABLE phpmp_config ( ! config_key varchar(255) NOT NULL default '', ! config_value varchar(255) NOT NULL default '', ! PRIMARY KEY (config_key) ) TYPE=MyISAM; - # -------------------------------------------------------- # # Table structure for table `phpmp_users` # ! CREATE TABLE phpmp_users ( ! userid mediumint(8) NOT NULL auto_increment, ! username varchar(24) NOT NULL default '', ! passwd varchar(32) NOT NULL default '', ! active tinyint(1) NOT NULL default '0', ! email varchar(255) NOT NULL default '', ! actkey varchar(32) NOT NULL default '', ! auth_level tinyint(1) NOT NULL default '0', ! date_format varchar(32) NOT NULL default '', ! template varchar(32) NOT NULL default '', ! signature varchar(255) NOT NULL default '', ! PRIMARY KEY (userid) ! ) TYPE=MyISAM; \ No newline at end of file --- 13,62 ---- # Table structure for table `phpmp_config` # + # Creation: Apr 22, 2003 at 08:46 AM + # Last update: Apr 22, 2003 at 11:54 PM + # ! CREATE TABLE `phpmp_config` ( ! `config_key` varchar(255) NOT NULL default '', ! `config_value` varchar(255) NOT NULL default '', ! PRIMARY KEY (`config_key`) ! ) TYPE=MyISAM; ! ! # ! # Table structure for table `phpmp_sessions` ! # ! # Creation: Apr 22, 2003 at 05:34 PM ! # Last update: Apr 23, 2003 at 01:11 AM ! # ! ! CREATE TABLE `phpmp_sessions` ( ! `session_key` varchar(32) NOT NULL default '', ! `session_user_id` mediumint(8) NOT NULL default '0', ! `session_start_time` int(10) NOT NULL default '0', ! `session_exp_time` int(10) NOT NULL default '0', ! `session_page` varchar(50) NOT NULL default '', ! `session_ip` varchar(8) NOT NULL default '', ! PRIMARY KEY (`session_key`) ) TYPE=MyISAM; # # Table structure for table `phpmp_users` # + # Creation: Apr 23, 2003 at 12:34 AM + # Last update: Apr 23, 2003 at 12:37 AM + # ! CREATE TABLE `phpmp_users` ( ! `user_id` mediumint(8) NOT NULL auto_increment, ! `user_name` varchar(24) NOT NULL default '', ! `user_passwd` varchar(32) NOT NULL default '', ! `active` tinyint(1) NOT NULL default '0', ! `email` varchar(255) NOT NULL default '', ! `actkey` varchar(32) NOT NULL default '', ! `auth_level` tinyint(1) NOT NULL default '0', ! `language` varchar(32) NOT NULL default '', ! `date_format` varchar(32) NOT NULL default '', ! `template` varchar(32) NOT NULL default '', ! `signature` varchar(255) NOT NULL default '', ! PRIMARY KEY (`user_id`) ! ) TYPE=MyISAM AUTO_INCREMENT=3 ; \ No newline at end of file |
|
From: Brian R. <hei...@us...> - 2003-04-23 07:21:06
|
Update of /cvsroot/phpmp/phpMP In directory sc8-pr-cvs1:/tmp/cvs-serv4022 Modified Files: index.php Added Files: login_test.php Log Message: Literally, TONS of changes. The most significant include a session system that finally works (!) as well as a change in the way config values are assigned - all config settings are now housed in an associative array called "$Config", which must be globalized before use. --- NEW FILE: login_test.php --- <?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <form name="form1" id="form1" method="post" action="index.php"> <p> <input name="login_user_name" type="text" id="login_user_name" /> </p> <p> <input name="login_passwd" type="password" id="login_passwd" /> </p> <p> <input type="submit" name="Submit" value="Submit" /> <input name="do_login" type="hidden" id="do_login" value="1" /> </p> </form> </body> </html> Index: index.php =================================================================== RCS file: /cvsroot/phpmp/phpMP/index.php,v retrieving revision 1.36 retrieving revision 1.37 diff -C2 -r1.36 -r1.37 *** index.php 22 Apr 2003 10:50:50 -0000 1.36 --- index.php 23 Apr 2003 07:21:02 -0000 1.37 *************** *** 1,25 **** - <html> - <body> - <?php ! define("C_PHPMP_ROOT", "./"); ! include_once( C_PHPMP_ROOT . 'includes/core.php' ); $Core = new Core(); - $Core->init(); // For testing purposes, we will now print all of the constants we have declared. ! print "phpMP Version: " . C_VERSION . '<br>'; print "<br>"; ! print "Site Name: " . C_SITE_NAME . '<br>'; ! print "Site Address: " . C_SITE_ADDR . '<br>'; ! print "Relative Path: " . C_REL_PATH . '<br>'; ! print "Default Template: " . C_DEFAULT_TPL . '<br>'; ! print "Default Language: " . C_DEFAULT_LANG . '<br>'; ! print "The Current Date and Time: " . C_DATE_NOW . '<br>'; ! print "Current Logged User: " . U_USERNAME . '<br>'; print "<br>"; --- 1,22 ---- <?php ! define("PHPMP_ROOT", "./"); ! include_once( PHPMP_ROOT . 'includes/core.php' ); $Core = new Core(); // For testing purposes, we will now print all of the constants we have declared. + global $Config; ! print "phpMP Version: " . $Config['version'] . '<br>'; print "<br>"; ! print "Site Name: " . $Config['site_name'] . '<br>'; ! print "Site Address: " . $Config['site_domain'] . '<br>'; ! print "Relative Path: " . $Config['rel_path'] . '<br>'; ! print "Default Template: " . $Config['default_tpl'] . '<br>'; ! print "Default Language: " . $Config['default_lang'] . '<br>'; ! print "The Current Date and Time: " . $Config['time_now'] . '<br>'; ! print "Current Logged User: " . $User->data['user_name'] . '<br>'; print "<br>"; *************** *** 40,43 **** --- 37,43 ---- ?> + <html> + <body> + </body> |
|
From: Brian R. <hei...@us...> - 2003-04-22 10:50:56
|
Update of /cvsroot/phpmp/phpMP/dba
In directory sc8-pr-cvs1:/tmp/cvs-serv25309/dba
Modified Files:
mysql.dba
Log Message:
Working on the sessions/auth/user script.
Tevlik gave me some great ideas.
It's still going through a process, but give it a once-over and let me know what you think. I may have missed a few things...don't know for sure.
Index: mysql.dba
===================================================================
RCS file: /cvsroot/phpmp/phpMP/dba/mysql.dba,v
retrieving revision 1.21
retrieving revision 1.22
diff -C2 -r1.21 -r1.22
*** mysql.dba 31 Jan 2003 07:07:54 -0000 1.21
--- mysql.dba 22 Apr 2003 10:50:51 -0000 1.22
***************
*** 129,132 ****
--- 129,146 ----
return @mysql_fetch_array($query);
}
+
+ function fetchAssoc($query)
+ {
+ if($this->ident_link == 0)
+ {
+ $db = $this->connect();
+ }
+ else
+ {
+ $db = $this->ident_link;
+ }
+
+ return @mysql_fetch_assoc($query);
+ }
function fetchRow($query)
***************
*** 157,173 ****
return @mysql_affected_rows($db);
}
-
- function escapeString($string) {
- if( stripslashes($string) == $string ) // Will be true if no slashes were removed.
- {
- addslashes($string); // We'll add the slashes because they haven't already been added.
- return true;
- }
- else // Slashes have already been added (hopefully only once).
- {
- return true;
- }
- }
-
}
--- 171,174 ----
|
|
From: Brian R. <hei...@us...> - 2003-04-22 10:50:56
|
Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv25309/includes
Modified Files:
core.php sessions.php user.php
Log Message:
Working on the sessions/auth/user script.
Tevlik gave me some great ideas.
It's still going through a process, but give it a once-over and let me know what you think. I may have missed a few things...don't know for sure.
Index: core.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/core.php,v
retrieving revision 1.44
retrieving revision 1.45
diff -C2 -r1.44 -r1.45
*** core.php 9 Feb 2003 01:03:45 -0000 1.44
--- core.php 22 Apr 2003 10:50:51 -0000 1.45
***************
*** 30,40 ****
}
// Initiates all core components.
// Author: Brian 'Heimidal' Rose
// Accepts: $optional_files (string of needed files separated by commas).
// Returns: none.
! function init ( $optional_files = array() )
{
!
if( !defined("P_PHPMP_ROOT") )
{
--- 30,60 ----
}
+ function strip_magic_quotes($arr)
+ {
+ foreach ($arr as $k => $v)
+ {
+ if (is_array($v))
+ { $arr[$k] = strip_magic_quotes($v); }
+ else
+ { $arr[$k] = stripslashes($v); }
+ }
+
+ return $arr;
+ }
+
// Initiates all core components.
// Author: Brian 'Heimidal' Rose
// Accepts: $optional_files (string of needed files separated by commas).
// Returns: none.
! function Core( $optional_files = array() )
{
!
! if (get_magic_quotes_gpc())
! {
! if (!empty($_GET)) { $_GET = $this->strip_magic_quotes($_GET); }
! if (!empty($_POST)) { $_POST = $this->strip_magic_quotes($_POST); }
! if (!empty($_COOKIE)) { $_COOKIE = $this->strip_magic_quotes($_COOKIE); }
! }
!
if( !defined("P_PHPMP_ROOT") )
{
Index: sessions.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/sessions.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -r1.10 -r1.11
*** sessions.php 10 Feb 2003 00:52:02 -0000 1.10
--- sessions.php 22 Apr 2003 10:50:51 -0000 1.11
***************
*** 1,103 ****
<?php
! // Took a lot of hints from phpBB2.
! //
! class Session // Creates and maintains sessions for all users.
{
! var $browser;
! var $page;
! var data = array();
! var $session_id;
var $ip;
! function Session()
{
}
! function startSession( $user )
{
!
! global $DB, $SID;
!
! $current_time = time();
! $this->browser = $_SERVER['HTTP_USER_AGENT'];
! $this->page = $_ENV['PHP_SELF'];
! $this->page .= '&' . $_SERVER['QUERY_STRING'];
! // NOTE: No support yet for auto-login cookies.
! if( isset( $_COOKIE[C_COOKIE_NAME . '_data'] ) || isset( $_COOKIE[C_COOKIE_NAME . '_sid']) )
{
! define('C_SESS_LOC', SESS_LOC_COOKIE);
!
! $sessiondata = (isset($_COOKIE[C_COOKIE_NAME . 'data'])) ? $unserialize(stripslashes($_COOKIE[C_COOKIE_NAME . 'data']) : '';
! $this->session_id = (isset($_COOKIE[C_COOKIE_NAME . 'sid'])) ? $_COOKIE[C_COOKIE_NAME . 'sid'] : '';
! $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
}
! // Not in a cookie. We'll put it in the URL.
! else
{
! define('C_SESS_LOC', SESS_LOC_URL);
!
! $this->session_id = (isset($_GET['sid'])) ? $_GET['sid'] : '';
! $SID = '?sid=' . $this->session_id;
}
! // Obtain users IP
! $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : $REMOTE_ADDR;
!
! if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
! {
! if (preg_match('#^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)#', $_SERVER['HTTP_X_FORWARDED_FOR'], $ip_list))
{
! $private_ip = array('#^0\.#', '#^127\.0\.0\.1#', '#^192\.168\.#', '#^172\.16\.#', '#^10\.#', '#^224\.#', '#^240\.#');
! $this->ip = preg_replace($private_ip, $this->ip, $ip_list[1]);
}
}
!
! // Pull session data from the database.
! if( !empty( $this->session_id ) )
{
! $sql = "SELECT u.*, s.*
! FROM " . DB_SESSIONS_TABLE . " s, " . DB_USERS_TABLE . " u
! WHERE s.session_id = '" . $this->session_id . "'
! AND u.user_id = s.session_user_id";
$result = $DB->query($sql);
- $session_data = $DB->fetchRow($result);
! // Did the session exist in the DB?
! if (isset($this->data['user_id']))
! {
! // Validate IP length according to admin ... has no effect on IPv6
! $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
! $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
!
! if ($u_ip == $s_ip)
! {
! // Only update session DB a minute or so after last update or if page changes
! if (($current_time - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page) && $update)
! {
! $sql = "UPDATE " . DB_SESSIONS_TABLE . "
! SET session_time = $current_time, session_page = '$this->page'
! WHERE session_id = '" . $this->session_id . "'";
! $DB->query($sql);
! }
! return true;
! }
! }
!
}
}
}
!
?>
--- 1,186 ----
<?php
! class Sessions // Creates and maintains sessions for all users.
{
! var $started = 0;
! var $keys = array();
! var $session_data;
! var $session_key;
! var $session_key_new = false;
! var $session_user_id;
var $ip;
! // Starts the session. Must be called.
! function start()
{
+ if($this->started == false)
+ {
+ $this->clean();
+ $this->getSessionData();
+ $this->started = true;
+ }
}
! // Destroys sessions. Used for logging out and such.
! function destroy()
{
! global $DB;
! // Sets the session as owned by an anonymous user.
! $sql = "UPDATE " . DB_SESSIONS_TABLE . "
! SET exp_time = '" . $exp_time . "'
! AND session_page = '" . $page . "'
! AND session_user_id = 1
! WHERE session_key = '" . $this->session_key . "'";
!
! $DB->query($sql);
! }
!
! // Saves the session data to the database.
! function run()
! {
! global $do_login, $User, $DB;
! // Checks to see if a session has been started.
! // If not, we'll die because we want to explicitly declare sessions.
! if( $this->started == false )
{
+ die('You must explicitly declare all $Session->start calls.');
+ }
! // Capture the page we're at.
! $page = $_SERVER['REQUEST_URI'];
+ // Test to see if we're logging in.
+ if($do_login == true)
+ {
+ $this->session_user_id = $User->user_id;
}
!
! $session_exists = false; // We'll assume that no sessions exist yet.
!
! $cur_time = time(); // Time as of right now.
! $exp_time = $cur_time + C_SESSION_LENGTH; // Time at which this session will become invalid.
! $this->ip = $this->getIPEncoded(); // Gets the user's IP address.
!
! // If the ID is new, why bother querying to test for an old one?
! if( $this->session_key_new == false )
{
+ // Gathers session data from the database.
+ $sql = "SELECT * FROM " . DB_SESSIONS_TABLE . "
+ WHERE session_key='" . $this->session_key . "'
+ SORT BY exp_time DESC";
! $result = $DB->query($sql);
! $num_rows = $DB->numRows($result);
+ // Checks for a session in the database.
+ ($num_rows >= 1) ? ($session_exists = true) : ($session_exists = false);
+
+ // If the session is expired, we'll go ahead and create a new one regardless.
+ $this->session_data[] = $DB->fetchAssoc($result);
+ if( $this->session_data['exp_time'] < $cur_time )
+ {
+ $session_exists = false;
+ }
}
! if( $session_exists == true ) // A session exists. Yay.
! {
! $sql = "UPDATE " . DB_SESSIONS_TABLE . "
! SET log_time = " . $cur_time . "
! AND session_page = '" . addslashes($page) . "'";
!
! if( $do_login == true ) // Swap out the anonymous user for our new user_id.
{
! $sql .= " AND session_user_id=" . $this->session_user_id;
}
+
+ $sql .= " WHERE session_key = '" . $this->session_key . "'";
+
+ $User->user_id = $this->session_user_id;
}
! else // A session does not exist. We'll create an anonymous one.
{
+ $sql = "INSERT INTO " . DB_SESSIONS_TABLE . "
+ (session_key, session_user_id, session_start_time, session_exp_time, session_page, session_ip)
+ VALUES('" . $this->session_key . "', 1," . $cur_time . "," . $exp_time . ",'" . addslashes($page) . "','" . $this->ip . "')";
+
+ $this->session_user_id = 1;
+ $User->user_id = 1;
+ }
! $DB->query($sql);
!
! if( $do_login == false )
! {
! $sql = "SELECT * FROM " . DB_USERS_TABLE . "
! WHERE user_id='" . $this->session_user_id . "'";
$result = $DB->query($sql);
! $User->data = $DB->fetchAssoc($result);
! }
!
! $cookie_data = urlencode( $this->session_user_id . ':' . $this->session_key );
! setcookie(C_COOKIE_NAME . '_data', $cookie_data, $cur_time + C_SESSION_LENGTH, C_COOKIE_PATH, C_COOKIE_DOMAIN, C_COOKIE_SECURE);
! }
!
! function clean()
! {
! global $DB;
! $rand = rand(0,10);
! if($rand >= 1) // 1:10 chance of session cleanup. This may later become a setting.
! {
! $sql = "DELETE FROM " . DB_SESSIONS_TABLE . " WHERE exp_time<" . time();
! $DB->query($sql);
}
+ }
+ function getSessionData()
+ {
+ // Let's see if we have a standard cookie available.
+ $cookie_data = $_COOKIE[C_COOKIE_NAME . '_data'];
+ $cookie_array = explode(':', urldecode( $cookie_data ) );
+
+ // We have a cookie. Let's see if it's valid.
+ if( ( !empty($cookie_array[0]) ) && ( strlen($cookie_array[1]) == 32 ) )
+ {
+ // Our cookie is valid. Let's set a few vars.
+ $this->session_user_id = $cookie_array[0];
+ $this->session_key = $cookie_array[1];
+ }
+ else
+ {
+ // OK. We don't have a valid cookie. We'll make one.
+ $this->session_key = md5( uniqid (microtime(), 1) );
+ $this->session_key_new = true;
+ }
}
+ // Taken from phpBB2.
+ function getIPEncoded()
+ {
+ if( getenv('HTTP_X_FORWARDED_FOR') != '' )
+ {
+ $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
+
+ if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
+ {
+ $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
+ $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
+ }
+ }
+ else
+ {
+ $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
+ }
+
+ $ip_sep = explode('.', $client_ip);
+ return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);
+ }
}
!
?>
Index: user.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/user.php,v
retrieving revision 1.15
retrieving revision 1.16
diff -C2 -r1.15 -r1.16
*** user.php 8 Feb 2003 10:48:22 -0000 1.15
--- user.php 22 Apr 2003 10:50:52 -0000 1.16
***************
*** 1,57 ****
<?php
! class User // Creates a barrier between the Auth class and the outside world.
! // If user doesn't need to be auth'ed, he isn't.
{
! // Fetches user information/variables from the database.
! // Author: Brian 'Heimidal' Rose
! // Accepts: $user (integer).
! // Returns: boolean.
! function _snapshot( $user )
! {
!
! global $DB;
!
! $sql = "SELECT * FROM " . DB_USERS_TABLE . " WHERE userid=" . $DB->escapeString($user);
!
! $qry = $DB->query($sql);
!
! if( $DB->numRows( $qry ) < 1 ) {
!
! die('User(' . $user . ') not found.');
!
! }
! else {
! $user_array = $DB->fetchArray($qry);
!
! while( list ($key, $val) = each ($user_array) )
! {
! define( "U_" . strtoupper($key), "$val" );
! }
!
! return true;
! }
! }
!
! // Session cleanup routine.
! // Author: Brian 'Heimidal' Rose
! // Accepts: none.
! // Returns: none.
! function sessionClean()
! {
!
! global $DB;
!
! $rand = rand(0,10);
! if($rand >= 1) // 1:10 chance of session cleanup. This may later become a setting.
! {
!
! $sql = "DELETE FROM " . DB_SESSIONS_TABLE . " WHERE expiry<" . time();
! $DB->query($sql);
!
! }
!
! }
// User initialization function. Does -EVERYTHING- except explicit session cleanup.
--- 1,9 ----
<?php
! class User
{
! var $user_id;
! var $data;
// User initialization function. Does -EVERYTHING- except explicit session cleanup.
***************
*** 64,88 ****
$this->sessionClean();
! // Must decide is this is an anonymous user or a registered user.
!
! if( ( C_USE_PORTAL_PERMS == 1 ) || ( defined( P_USE_ADMIN_PERMS ) ) ) // Checks for use_perms setting and makes sure we're not entering the admin area.
! {
!
! // We want to use authentication.
! global $Sessions;
! include_once( C_PHPMP_ROOT . 'includes/sessions.php' );
! $Sessions = new Sessions(); // Initializes Auth, which also authenticates the user.
! $this->_snapshot( $Sessions->curr_user ); // Gets snapshot of user info/vars.
!
! }
! else // We're not going to bother auth'ing the user.
! {
!
! $this->_snapshot('1'); // Gets snapshot of anon user info/vars.
!
}
}
--- 16,52 ----
$this->sessionClean();
! // Are we logging in?
! global $do_login;
! if( $do_login == true ) // We are logging in.
! {
! // We are logging in. Set up variables.
! $username = $_POST['login_user_name'];
! $passwd_enc = md5($_POST['login_passwd']);
! // $autologin = $_POST['autologin'][0];
! $sql = "SELECT * FROM " . DB_USERS_TABLE . "
! WHERE user_name='" . $username . "'
! AND user_passwd='" . $passwd_enc . "'";
! global $DB;
!
! $result = $DB->query($sql);
! $num_rows = $DB->numRows($result);
!
! if( $num_rows ) // We have a user!
! {
! $this->data = $DB->fetchAssoc($result);
! $this->user_id = $this->data['user_id'];
!
! // Setup the autologin cookie.
! // setcookie(C_COOKIE_NAME . '_auto', $cookie_data, time() + TIME_YEAR_SECONDS, C_COOKIE_PATH, C_COOKIE_DOMAIN, C_COOKIE_SECURE);
! }
! else // Wrong login information.
! {
! die('Sorry. Your username and/or password are incorrect.');
! }
}
+
}
|
|
From: Brian R. <hei...@us...> - 2003-04-22 10:50:56
|
Update of /cvsroot/phpmp/phpMP In directory sc8-pr-cvs1:/tmp/cvs-serv25309 Modified Files: index.php Log Message: Working on the sessions/auth/user script. Tevlik gave me some great ideas. It's still going through a process, but give it a once-over and let me know what you think. I may have missed a few things...don't know for sure. Index: index.php =================================================================== RCS file: /cvsroot/phpmp/phpMP/index.php,v retrieving revision 1.35 retrieving revision 1.36 diff -C2 -r1.35 -r1.36 *** index.php 9 Feb 2003 21:19:05 -0000 1.35 --- index.php 22 Apr 2003 10:50:50 -0000 1.36 *************** *** 7,11 **** include_once( C_PHPMP_ROOT . 'includes/core.php' ); $Core = new Core(); - $Core->init(); --- 7,10 ---- |
|
From: Anthony W. <ant...@us...> - 2003-02-18 22:46:38
|
Update of /cvsroot/phpmp/phpMP/docs In directory sc8-pr-cvs1:/tmp/cvs-serv4014/docs Modified Files: Changelog Log Message: Updated Changelog Index: Changelog =================================================================== RCS file: /cvsroot/phpmp/phpMP/docs/Changelog,v retrieving revision 1.25 retrieving revision 1.26 diff -C2 -r1.25 -r1.26 *** Changelog 15 Feb 2003 00:36:24 -0000 1.25 --- Changelog 18 Feb 2003 22:46:35 -0000 1.26 *************** *** 1,19 **** 2003-02-14 [AnthonyWhite] ! * dba/mssql.dba **NEW** ! Added support for Microsoft SQL databases 2003-02-11 [AnthonyWhite] ! * admin/main.php ! Fixed a few issues regarding parsing multiple forms ! * includes/admin.php ! Added support for complete user management ! Having a few problems, but I will fix them soon 2003-02-10 [AnthonyWhite] ! * includes/admin.php ! Started on User Management ! * admin/main.php ! * admin/nav.php ! * admin/index.php 2003-02-09 [AnthonyWhite] --- 1,23 ---- + 2003-02-18 + * includes/admin.php + Changed some tabs because of my new editor + 2003-02-14 [AnthonyWhite] ! * dba/mssql.dba **NEW** ! Added support for Microsoft SQL databases 2003-02-11 [AnthonyWhite] ! * admin/main.php ! Fixed a few issues regarding parsing multiple forms ! * includes/admin.php ! Added support for complete user management ! Having a few problems, but I will fix them soon 2003-02-10 [AnthonyWhite] ! * includes/admin.php ! Started on User Management ! * admin/main.php ! * admin/nav.php ! * admin/index.php 2003-02-09 [AnthonyWhite] |
|
From: Anthony W. <ant...@us...> - 2003-02-18 22:37:27
|
Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv30765/includes
Modified Files:
admin.php
Log Message:
Fixed some tabs due to a change in editors
Index: admin.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/admin.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -r1.5 -r1.6
*** admin.php 11 Feb 2003 21:07:29 -0000 1.5
--- admin.php 18 Feb 2003 22:37:24 -0000 1.6
***************
*** 4,217 ****
{
! var $p_action; // Action desired by the user
! // Executes the given admin action
! // Author: Anthony White
! // Accepts: $action - actions as defined above, used in switch / case
! // Returns: none.
! function execute($action)
! {
! $this->p_action = $action;
! switch ($action)
! {
! case C_ACTION_SITE:
! $this->_show_site();
! break;
! case C_ACTION_USER:
! $this->_show_user();
! break;
! default: break;
! }
! }
! // Shows the general management form
! // Author: Anthony White
! // Accepts: none.
! // Returns: none.
! function _show_site()
! {
! // Print out a form for the user
! print "<form method=\"post\" action=\"main.php?parse=" . $this->p_action . "\">";
! print "Site Name: <input type=\"text\" name=\"sname\" value=\"" . C_SITE_NAME . "\"><br>";
! if (C_OVERRIDE_USR_TPL == 1) { $checked = "CHECKED"; } else { $checked = ""; }
! print "Default Template: <input type=\"text\" name=\"deftpl\" value=\"" . C_DEFAULT_TPL . "\">";
! print " <input type=\"checkbox\" name=\"ovrtpl\" value=\"0\" " . $checked . "> Override User Template?<br>";
! print "Default Language: <input type=\"text\" name=\"deflang\" value=\"" . C_DEFAULT_LANG . "\"> (french, english)<br>"; // Should / Will be a dropdown list
! print "Default Date Format: <input type=\"text\" name=\"defdate\" value=\"" . C_DEFAULT_DATE_FORMAT . "\"> (Example: " . date(C_DEFAULT_DATE_FORMAT) . ") [Same syntax as the PHP date function]<br>";
! print "Account Activation Level: ";
! print "<select name=\"accact\">";
! if (C_ENABLE_ACCOUNT_ACTIVATION == 0) { $sel0 = "SELECTED"; }
! if (C_ENABLE_ACCOUNT_ACTIVATION == 1) { $sel1 = "SELECTED"; }
! if (C_ENABLE_ACCOUNT_ACTIVATION == 2) { $sel2 = "SELECTED"; }
! print "<option value=\"0\" " . $sel0 . ">No Activation";
! print "<option value=\"1\" " . $sel1 . ">User Activation";
! print "<option value=\"2\" " . $sel2 . ">Admin Activation";
! print "</select><br>";
! print "System Timezone: ";
! print "<select name=\"systime\">";
! print "<option value=\"" . GMT_MINUS_12 . "\">GMT -12 (International Dateline West)";
! print "<option value=\"" . GMT_MINUS_11 . "\">GMT -11 (Midway Island, Simoa)";
! print "<option value=\"" . GMT_MINUS_10 . "\">GMT -10 (Hawaii)";
! print "<option value=\"" . GMT_MINUS_9 . "\">GMT -9 (Alaska)";
! print "<option value=\"" . GMT_MINUS_8 . "\">GMT -8 (Pacific Time)";
! print "<option value=\"" . GMT_MINUS_7 . "\">GMT -7 (Arizona, Mountain Time)";
! print "<option value=\"" . GMT_MINUS_6 . "\">GMT -6 (Central Time)";
! print "<option value=\"" . GMT_MINUS_5 . "\">GMT -5 (Eastern Time)";
! print "<option value=\"" . GMT_MINUS_4 . "\">GMT -4 (Atlantic Time)";
! print "<option value=\"" . GMT_MINUS_3_30 . "\">GMT -3.5 (Newfoundland)";
! print "<option value=\"" . GMT_MINUS_3 . "\">GMT -3 (Greenland)";
! print "<option value=\"" . GMT_MINUS_2 . "\">GMT -2 (Mid-Atlantic)";
! print "<option value=\"" . GMT_MINUS_1 . "\">GMT -1 (Cape Verda Islands)";
! print "<option value=\"" . GMT . "\">GMT (Greenwich Mean Time)";
! print "<option value=\"" . GMT_PLUS_1 . "\">GMT +1 (Paris)";
! print "<option value=\"" . GMT_PLUS_2 . "\">GMT +2 (Jerusalem)";
! print "<option value=\"" . GMT_PLUS_3 . "\">GMT +3 (Moscow)";
! print "<option value=\"" . GMT_PLUS_4 . "\">GMT +4 (Abu Dhabi)";
! print "<option value=\"" . GMT_PLUS_4_30 . "\">GMT +4.5 (Kabul)";
! print "<option value=\"" . GMT_PLUS_5 . "\">GMT +5 (Karachi)";
! print "<option value=\"" . GMT_PLUS_5_30 . "\">GMT +5.5 (New Delhi)";
! print "<option value=\"" . GMT_PLUS_5_45 . "\">GMT +5.75 (Kathmandu)";
! print "<option value=\"" . GMT_PLUS_6 . "\">GMT +6 (Almaty)";
! print "<option value=\"" . GMT_PLUS_6_30 . "\">GMT +6.5 (Rangoon)";
! print "<option value=\"" . GMT_PLUS_7 . "\">GMT +7 (Bangkok)";
! print "<option value=\"" . GMT_PLUS_8 . "\">GMT +8 (Beijing)";
! print "<option value=\"" . GMT_PLUS_9 . "\">GMT +9 (Tokyo)";
! print "<option value=\"" . GMT_PLUS_9_30 . "\">GMT +9.5 (Adelaide)";
! print "<option value=\"" . GMT_PLUS_10 . "\">GMT +10 (Brisbane)";
! print "<option value=\"" . GMT_PLUS_11 . "\">GMT +11 (Solomon Islands)";
! print "<option value=\"" . GMT_PLUS_12 . "\">GMT +12 (Auckland)";
! print "<option value=\"" . GMT_PLUS_13 . "\">GMT +13 (Nuku'alofa)";
! print "</select> (Current: " . C_SYSTEM_TIMEZONE . ")<br>";
! if (C_USE_PORTAL_PERMS == 1) { $checked = "CHECKED"; } else { $checked = ""; }
! print "<input type=\"checkbox\" name=\"portperms\" value=\"1\" " . $checked . "> Use Portal Permissions?<br>";
! print "<input type=\"submit\" name=\"submit_general\" value=\"Submit Configuration\">";
! print "</form>";
! }
! // Parses the general management form
! // Author: Anthony White
! // Accepts: Form values from the site config form
! // Returns: none.
! function parse_site($sname, $ovrtpl, $deftpl, $deflang, $defdate, $accact, $systime, $portperms)
! {
! include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
! $DB = new DB;
!
! if ($ovrtpl != 1) { $ovrtpl = 0; }
! if ($portperms != 1) { $portperms = 0; }
!
! // We now go through each config_value and update it accordingly
! // I dont know if this is the only way, but it works fine for me
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $sname . "' WHERE config_key='site_name'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $ovrtpl . "' WHERE config_key='override_usr_tpl'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $deftpl . "' WHERE config_key='default_tpl'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $deflang . "' WHERE config_key='default_lang'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $defdate . "' WHERE config_key='default_date_format'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $accact . "' WHERE config_key='enable_account_activation'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $systime . "' WHERE config_key='system_timezone'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $portperms . "' WHERE config_key='use_portal_perms'");
! }
! // Shows the user selection form
! // Author: Anthony White
! // Accepts: none.
! // Returns: none.
! function _show_user()
! {
! include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
! $DB = new DB;
! print "<form method=\"post\" action=\"main.php?parse=" . $this->p_action . "\">";
! print "Select user to edit: <select name=\"userid\">";
! $query = $DB->query("SELECT * FROM " . DB_USERS_TABLE);
! while ($user = $DB->fetchArray($query))
! {
! if ($user[userid] != 1)
! {
! print "<option value=\"" . $user[userid] . "\">" . $user[username];
! }
! }
! print "</select><br>";
! print "<input type=\"submit\" name=\"submit_user\" value=\"Edit User\">";
! print "</form>";
! }
!
! // Shows user management form
! // Author: Anthony White
! // Accepts: none.
! // Returns: none.
! function show_user($userid)
! {
! if (!$userid || $userid == 1) { print "Invalid User"; return; }
!
! include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
! $DB = new DB;
!
! $query = $DB->query("SELECT * FROM " . DB_USERS_TABLE . " WHERE userid=" . $userid);
! $user = $DB->fetchArray($query);
!
! // Print out the form for management
! print "<form method=\"post\" action=\"main.php?parse=" . ($this->p_action + 1) . "\">";
! print "Username: <input type=\"text\" name=\"username\" value=\"" . $user[username] . "\"><br>";
! print "Password: <input type=\"password\" name=\"passwd\"> (Leave blank to not change)<br>";
! print "Email: <input type=\"email\" name=\"email\" value=\"" . $user[email] . "\"><br>";
! print "Authentication Level: <select name=\"auth_level\">";
! switch ($user[auth_level])
! {
! case AUTH_LVL_MEM:
! $sel1 = "SELECTED";
! break;
! case AUTH_LVL_CONTRIB:
! $sel2 = "SELECTED";
! break;
! case AUTH_LVL_MOD:
! $sel3 = "SELECTED";
! break;
! case AUTH_LVL_ADMIN:
! $sel4 = "SELECTED";
! break;
! default: break;
! }
! print "<option value=\"1\" " . $sel1 . ">Standard Member";
! print "<option value=\"2\" " . $sel2 . ">Contributor";
! print "<option value=\"3\" " . $sel3 . ">Moderator";
! print "<option value=\"4\" " . $sel4 . ">Administrator";
! print "</select><br>";
! print "Date Format: <input type=\"text\" name=\"date_format\" value=\"" . $user[date_format] . "\"><br>";
! print "Template: <input type=\"text\" name=\"template\" value=\"" . $user[template] . "\"><br>";
! print "Signature:<br>";
! print "<textarea name=\"signature\" rows=\"5\" cols=\"40\">" . $user[signature] . "</textarea><br>";
! print "<input type=\"checkbox\" name=\"delete\" value=\"delete\"> Delete User? (WARNING: This deletes the user for good)<br>";
! print "<input type=\"submit\" name=\"submit_user_parse\" value=\"Submit User Changes\">";
! print "<input type=\"hidden\" name=\"userid\" value=\"" . $user[userid] . "\">";
! print "</form>";
! }
! // Parse the user management form
! // Author: Anthony White
! // Accepts: The form variables
! // Returns: none.
! function parse_user($userid, $username, $passwd, $email, $auth_level, $date_format, $template, $signature, $delete)
! {
! include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
! $DB = new DB;
!
! if ($delete == "delete")
! {
! $DB->query("DELETE FROM " . DB_USERS_TABLE . " WHERE userid='" . $userid . "'");
! return;
! }
!
! if ($passwd != "")
! {
! $DB->query("UPDATE " . DB_USERS_TABLE . " SET passwd='" . $passwd . "' WHERE userid='" . $userid . "'");
! }
! $DB->query("UPDATE " . DB_USERS_TABLE . " SET username='" . $username . "', email='" . $email . "', auth_level='" . $auth_level . "', date_format='" . $date_format . "', template='" . $template . "', signature='" . $signature . "' WHERE userid='" . $userid . "'");
! }
}
--- 4,217 ----
{
! var $p_action; // Action desired by the user
! // Executes the given admin action
! // Author: Anthony White
! // Accepts: $action - actions as defined above, used in switch / case
! // Returns: none.
! function execute($action)
! {
! $this->p_action = $action;
! switch ($action)
! {
! case C_ACTION_SITE:
! $this->_show_site();
! break;
! case C_ACTION_USER:
! $this->_show_user();
! break;
! default: break;
! }
! }
! // Shows the general management form
! // Author: Anthony White
! // Accepts: none.
! // Returns: none.
! function _show_site()
! {
! // Print out a form for the user
! print "<form method=\"post\" action=\"main.php?parse=" . $this->p_action . "\">";
! print "Site Name: <input type=\"text\" name=\"sname\" value=\"" . C_SITE_NAME . "\"><br>";
! if (C_OVERRIDE_USR_TPL == 1) { $checked = "CHECKED"; } else { $checked = ""; }
! print "Default Template: <input type=\"text\" name=\"deftpl\" value=\"" . C_DEFAULT_TPL . "\">";
! print " <input type=\"checkbox\" name=\"ovrtpl\" value=\"0\" " . $checked . "> Override User Template?<br>";
! print "Default Language: <input type=\"text\" name=\"deflang\" value=\"" . C_DEFAULT_LANG . "\"> (french, english)<br>"; // Should / Will be a dropdown list
! print "Default Date Format: <input type=\"text\" name=\"defdate\" value=\"" . C_DEFAULT_DATE_FORMAT . "\"> (Example: " . date(C_DEFAULT_DATE_FORMAT) . ") [Same syntax as the PHP date function]<br>";
! print "Account Activation Level: ";
! print "<select name=\"accact\">";
! if (C_ENABLE_ACCOUNT_ACTIVATION == 0) { $sel0 = "SELECTED"; }
! if (C_ENABLE_ACCOUNT_ACTIVATION == 1) { $sel1 = "SELECTED"; }
! if (C_ENABLE_ACCOUNT_ACTIVATION == 2) { $sel2 = "SELECTED"; }
! print "<option value=\"0\" " . $sel0 . ">No Activation";
! print "<option value=\"1\" " . $sel1 . ">User Activation";
! print "<option value=\"2\" " . $sel2 . ">Admin Activation";
! print "</select><br>";
! print "System Timezone: ";
! print "<select name=\"systime\">";
! print "<option value=\"" . GMT_MINUS_12 . "\">GMT -12 (International Dateline West)";
! print "<option value=\"" . GMT_MINUS_11 . "\">GMT -11 (Midway Island, Simoa)";
! print "<option value=\"" . GMT_MINUS_10 . "\">GMT -10 (Hawaii)";
! print "<option value=\"" . GMT_MINUS_9 . "\">GMT -9 (Alaska)";
! print "<option value=\"" . GMT_MINUS_8 . "\">GMT -8 (Pacific Time)";
! print "<option value=\"" . GMT_MINUS_7 . "\">GMT -7 (Arizona, Mountain Time)";
! print "<option value=\"" . GMT_MINUS_6 . "\">GMT -6 (Central Time)";
! print "<option value=\"" . GMT_MINUS_5 . "\">GMT -5 (Eastern Time)";
! print "<option value=\"" . GMT_MINUS_4 . "\">GMT -4 (Atlantic Time)";
! print "<option value=\"" . GMT_MINUS_3_30 . "\">GMT -3.5 (Newfoundland)";
! print "<option value=\"" . GMT_MINUS_3 . "\">GMT -3 (Greenland)";
! print "<option value=\"" . GMT_MINUS_2 . "\">GMT -2 (Mid-Atlantic)";
! print "<option value=\"" . GMT_MINUS_1 . "\">GMT -1 (Cape Verda Islands)";
! print "<option value=\"" . GMT . "\">GMT (Greenwich Mean Time)";
! print "<option value=\"" . GMT_PLUS_1 . "\">GMT +1 (Paris)";
! print "<option value=\"" . GMT_PLUS_2 . "\">GMT +2 (Jerusalem)";
! print "<option value=\"" . GMT_PLUS_3 . "\">GMT +3 (Moscow)";
! print "<option value=\"" . GMT_PLUS_4 . "\">GMT +4 (Abu Dhabi)";
! print "<option value=\"" . GMT_PLUS_4_30 . "\">GMT +4.5 (Kabul)";
! print "<option value=\"" . GMT_PLUS_5 . "\">GMT +5 (Karachi)";
! print "<option value=\"" . GMT_PLUS_5_30 . "\">GMT +5.5 (New Delhi)";
! print "<option value=\"" . GMT_PLUS_5_45 . "\">GMT +5.75 (Kathmandu)";
! print "<option value=\"" . GMT_PLUS_6 . "\">GMT +6 (Almaty)";
! print "<option value=\"" . GMT_PLUS_6_30 . "\">GMT +6.5 (Rangoon)";
! print "<option value=\"" . GMT_PLUS_7 . "\">GMT +7 (Bangkok)";
! print "<option value=\"" . GMT_PLUS_8 . "\">GMT +8 (Beijing)";
! print "<option value=\"" . GMT_PLUS_9 . "\">GMT +9 (Tokyo)";
! print "<option value=\"" . GMT_PLUS_9_30 . "\">GMT +9.5 (Adelaide)";
! print "<option value=\"" . GMT_PLUS_10 . "\">GMT +10 (Brisbane)";
! print "<option value=\"" . GMT_PLUS_11 . "\">GMT +11 (Solomon Islands)";
! print "<option value=\"" . GMT_PLUS_12 . "\">GMT +12 (Auckland)";
! print "<option value=\"" . GMT_PLUS_13 . "\">GMT +13 (Nuku'alofa)";
! print "</select> (Current: " . C_SYSTEM_TIMEZONE . ")<br>";
! if (C_USE_PORTAL_PERMS == 1) { $checked = "CHECKED"; } else { $checked = ""; }
! print "<input type=\"checkbox\" name=\"portperms\" value=\"1\" " . $checked . "> Use Portal Permissions?<br>";
! print "<input type=\"submit\" name=\"submit_general\" value=\"Submit Configuration\">";
! print "</form>";
! }
! // Parses the general management form
! // Author: Anthony White
! // Accepts: Form values from the site config form
! // Returns: none.
! function parse_site($sname, $ovrtpl, $deftpl, $deflang, $defdate, $accact, $systime, $portperms)
! {
! include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
! $DB = new DB;
!
! if ($ovrtpl != 1) { $ovrtpl = 0; }
! if ($portperms != 1) { $portperms = 0; }
!
! // We now go through each config_value and update it accordingly
! // I dont know if this is the only way, but it works fine for me
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $sname . "' WHERE config_key='site_name'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $ovrtpl . "' WHERE config_key='override_usr_tpl'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $deftpl . "' WHERE config_key='default_tpl'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $deflang . "' WHERE config_key='default_lang'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $defdate . "' WHERE config_key='default_date_format'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $accact . "' WHERE config_key='enable_account_activation'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $systime . "' WHERE config_key='system_timezone'");
! $DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $portperms . "' WHERE config_key='use_portal_perms'");
! }
! // Shows the user selection form
! // Author: Anthony White
! // Accepts: none.
! // Returns: none.
! function _show_user()
! {
! include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
! $DB = new DB;
! print "<form method=\"post\" action=\"main.php?parse=" . $this->p_action . "\">";
! print "Select user to edit: <select name=\"userid\">";
! $query = $DB->query("SELECT * FROM " . DB_USERS_TABLE);
! while ($user = $DB->fetchArray($query))
! {
! if ($user[userid] != 1)
! {
! print "<option value=\"" . $user[userid] . "\">" . $user[username];
! }
! }
! print "</select><br>";
! print "<input type=\"submit\" name=\"submit_user\" value=\"Edit User\">";
! print "</form>";
! }
!
! // Shows user management form
! // Author: Anthony White
! // Accepts: none.
! // Returns: none.
! function show_user($userid)
! {
! if (!$userid || $userid == 1) { print "Invalid User"; return; }
!
! include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
! $DB = new DB;
!
! $query = $DB->query("SELECT * FROM " . DB_USERS_TABLE . " WHERE userid=" . $userid);
! $user = $DB->fetchArray($query);
!
! // Print out the form for management
! print "<form method=\"post\" action=\"main.php?parse=" . ($this->p_action + 1) . "\">";
! print "Username: <input type=\"text\" name=\"username\" value=\"" . $user[username] . "\"><br>";
! print "Password: <input type=\"password\" name=\"passwd\"> (Leave blank to not change)<br>";
! print "Email: <input type=\"email\" name=\"email\" value=\"" . $user[email] . "\"><br>";
! print "Authentication Level: <select name=\"auth_level\">";
! switch ($user[auth_level])
! {
! case AUTH_LVL_MEM:
! $sel1 = "SELECTED";
! break;
! case AUTH_LVL_CONTRIB:
! $sel2 = "SELECTED";
! break;
! case AUTH_LVL_MOD:
! $sel3 = "SELECTED";
! break;
! case AUTH_LVL_ADMIN:
! $sel4 = "SELECTED";
! break;
! default: break;
! }
! print "<option value=\"1\" " . $sel1 . ">Standard Member";
! print "<option value=\"2\" " . $sel2 . ">Contributor";
! print "<option value=\"3\" " . $sel3 . ">Moderator";
! print "<option value=\"4\" " . $sel4 . ">Administrator";
! print "</select><br>";
! print "Date Format: <input type=\"text\" name=\"date_format\" value=\"" . $user[date_format] . "\"><br>";
! print "Template: <input type=\"text\" name=\"template\" value=\"" . $user[template] . "\"><br>";
! print "Signature:<br>";
! print "<textarea name=\"signature\" rows=\"5\" cols=\"40\">" . $user[signature] . "</textarea><br>";
! print "<input type=\"checkbox\" name=\"delete\" value=\"delete\"> Delete User? (WARNING: This deletes the user for good)<br>";
! print "<input type=\"submit\" name=\"submit_user_parse\" value=\"Submit User Changes\">";
! print "<input type=\"hidden\" name=\"userid\" value=\"" . $user[userid] . "\">";
! print "</form>";
! }
! // Parse the user management form
! // Author: Anthony White
! // Accepts: The form variables
! // Returns: none.
! function parse_user($userid, $username, $passwd, $email, $auth_level, $date_format, $template, $signature, $delete)
! {
! include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
! $DB = new DB;
!
! if ($delete == "delete")
! {
! $DB->query("DELETE FROM " . DB_USERS_TABLE . " WHERE userid='" . $userid . "'");
! return;
! }
!
! if ($passwd != "")
! {
! $DB->query("UPDATE " . DB_USERS_TABLE . " SET passwd='" . $passwd . "' WHERE userid='" . $userid . "'");
! }
! $DB->query("UPDATE " . DB_USERS_TABLE . " SET username='" . $username . "', email='" . $email . "', auth_level='" . $auth_level . "', date_format='" . $date_format . "', template='" . $template . "', signature='" . $signature . "' WHERE userid='" . $userid . "'");
! }
}
|
|
From: Anthony W. <ant...@us...> - 2003-02-15 00:36:27
|
Update of /cvsroot/phpmp/phpMP/docs
In directory sc8-pr-cvs1:/tmp/cvs-serv26261/docs
Modified Files:
Changelog
Log Message:
Updated Changelog
Index: Changelog
===================================================================
RCS file: /cvsroot/phpmp/phpMP/docs/Changelog,v
retrieving revision 1.24
retrieving revision 1.25
diff -C2 -r1.24 -r1.25
*** Changelog 11 Feb 2003 21:08:04 -0000 1.24
--- Changelog 15 Feb 2003 00:36:24 -0000 1.25
***************
*** 1,2 ****
--- 1,6 ----
+ 2003-02-14 [AnthonyWhite]
+ * dba/mssql.dba **NEW**
+ Added support for Microsoft SQL databases
+
2003-02-11 [AnthonyWhite]
* admin/main.php
|
|
From: Anthony W. <ant...@us...> - 2003-02-15 00:35:27
|
Update of /cvsroot/phpmp/phpMP/dba
In directory sc8-pr-cvs1:/tmp/cvs-serv25888/dba
Added Files:
mssql.dba
Log Message:
Database Access file for Microsoft SQL databases
--- NEW FILE: mssql.dba ---
<?php
class DB
{
var $ident_link;
var $connected;
function connect()
{
if (empty($this->ident_link))
{
$connection = @mssql_connect(DB_HOST, DB_USER, DB_PASSWD);
if (!$connection)
{
$this->connected = 0;
return 0;
}
else
{
$this->ident_link = $connection;
return $this->ident_link;
}
}
}
function close()
{
if ($this->ident_link != 0)
{
@mssql_close($this->ident_link);
$this->ident_link = 0;
return 1;
}
else
{
return 1;
}
}
function query($qry)
{
if ($this->ident_link == 0)
{
$db = $this->connect();
}
else
{
$db = $this->ident_link;
}
if (!$db)
{
return 0;
}
else
{
$result = @mssql_query($qry, $db);
return $result;
}
}
function numRows($qry)
{
if ($this->ident_link == 0)
{
$db = $this->connect();
}
else
{
$db = $this->ident_link;
}
if (!$db)
{
return 0;
}
else
{
$num = @mssql_num_rows($qry);
return $num;
}
}
function result($result, $row=0, $field='')
{
if ($this->ident_link == 0)
{
$db = $this->connect();
}
else
{
$db = $this->ident_link;
}
if (!$db)
{
return 0;
}
else
{
$return = @mssql_result($result, $row, $field);
return $return;
}
}
function fetchArray($qry)
{
if ($this->ident_link == 0)
{
$db = $this->connect();
}
else
{
$db = $this->ident_link;
}
if (!$db)
{
return 0;
}
else
{
$result = @mssql_fetch_array($qry);
return $result;
}
}
function fetchRow($qry)
{
if ($this->ident_link == 0)
{
$db = $this->connect();
}
else
{
$db = $this->ident_link;
}
if (!$db)
{
return 0;
}
else
{
$result = @mssql_fetch_row($qry)
return $result;
}
}
function escapeString($string)
{
if( stripslashes($string) == $string ) // Will be true if no slashes were removed.
{
addslashes($string); // We'll add the slashes because they haven't already been added.
return true;
}
else // Slashes have already been added (hopefully only once).
{
return true;
}
}
}
?>
|
|
From: Anthony W. <ant...@us...> - 2003-02-11 21:08:07
|
Update of /cvsroot/phpmp/phpMP/docs
In directory sc8-pr-cvs1:/tmp/cvs-serv26623/docs
Modified Files:
Changelog
Log Message:
Updated Changelog
Index: Changelog
===================================================================
RCS file: /cvsroot/phpmp/phpMP/docs/Changelog,v
retrieving revision 1.23
retrieving revision 1.24
diff -C2 -r1.23 -r1.24
*** Changelog 11 Feb 2003 00:25:11 -0000 1.23
--- Changelog 11 Feb 2003 21:08:04 -0000 1.24
***************
*** 1,17 ****
2003-02-10 [AnthonyWhite]
! * includes/admin.php
! Started on User Management
! * admin/main.php
! * admin/nav.php
! * admin/index.php
2003-02-09 [AnthonyWhite]
* includes/admin.php
! Added timezone dropdown
! Doesnt select timezone, it is displayed beside box
2003-02-09 [AnthonyWhite]
* includes/admin.php
! Minor changes with site config form
2003-02-09 [Heimidal]
--- 1,24 ----
+ 2003-02-11 [AnthonyWhite]
+ * admin/main.php
+ Fixed a few issues regarding parsing multiple forms
+ * includes/admin.php
+ Added support for complete user management
+ Having a few problems, but I will fix them soon
+
2003-02-10 [AnthonyWhite]
! * includes/admin.php
! Started on User Management
! * admin/main.php
! * admin/nav.php
! * admin/index.php
2003-02-09 [AnthonyWhite]
* includes/admin.php
! Added timezone dropdown
! Doesnt select timezone, it is displayed beside box
2003-02-09 [AnthonyWhite]
* includes/admin.php
! Minor changes with site config form
2003-02-09 [Heimidal]
|
|
From: Anthony W. <ant...@us...> - 2003-02-11 21:07:32
|
Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv26429/includes
Modified Files:
admin.php
Log Message:
Added user management - having problems with the script not deleting the user when told to do so, but works fine other than that (I think)
Index: admin.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/admin.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -r1.4 -r1.5
*** admin.php 9 Feb 2003 21:53:51 -0000 1.4
--- admin.php 11 Feb 2003 21:07:29 -0000 1.5
***************
*** 13,17 ****
{
$this->p_action = $action;
!
switch ($action)
{
--- 13,17 ----
{
$this->p_action = $action;
!
switch ($action)
{
***************
*** 19,22 ****
--- 19,25 ----
$this->_show_site();
break;
+ case C_ACTION_USER:
+ $this->_show_user();
+ break;
default: break;
}
***************
*** 84,87 ****
--- 87,91 ----
print "<input type=\"checkbox\" name=\"portperms\" value=\"1\" " . $checked . "> Use Portal Permissions?<br>";
print "<input type=\"submit\" name=\"submit_general\" value=\"Submit Configuration\">";
+ print "</form>";
}
***************
*** 109,113 ****
--- 113,218 ----
$DB->query("UPDATE " . DB_CONFIG_TABLE . " SET config_value='" . $portperms . "' WHERE config_key='use_portal_perms'");
}
+
+ // Shows the user selection form
+ // Author: Anthony White
+ // Accepts: none.
+ // Returns: none.
+ function _show_user()
+ {
+ include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
+ $DB = new DB;
+ print "<form method=\"post\" action=\"main.php?parse=" . $this->p_action . "\">";
+ print "Select user to edit: <select name=\"userid\">";
+
+ $query = $DB->query("SELECT * FROM " . DB_USERS_TABLE);
+
+ while ($user = $DB->fetchArray($query))
+ {
+ if ($user[userid] != 1)
+ {
+ print "<option value=\"" . $user[userid] . "\">" . $user[username];
+ }
+ }
+
+ print "</select><br>";
+ print "<input type=\"submit\" name=\"submit_user\" value=\"Edit User\">";
+ print "</form>";
+ }
+
+ // Shows user management form
+ // Author: Anthony White
+ // Accepts: none.
+ // Returns: none.
+ function show_user($userid)
+ {
+ if (!$userid || $userid == 1) { print "Invalid User"; return; }
+
+ include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
+ $DB = new DB;
+
+ $query = $DB->query("SELECT * FROM " . DB_USERS_TABLE . " WHERE userid=" . $userid);
+ $user = $DB->fetchArray($query);
+
+ // Print out the form for management
+ print "<form method=\"post\" action=\"main.php?parse=" . ($this->p_action + 1) . "\">";
+ print "Username: <input type=\"text\" name=\"username\" value=\"" . $user[username] . "\"><br>";
+ print "Password: <input type=\"password\" name=\"passwd\"> (Leave blank to not change)<br>";
+ print "Email: <input type=\"email\" name=\"email\" value=\"" . $user[email] . "\"><br>";
+ print "Authentication Level: <select name=\"auth_level\">";
+ switch ($user[auth_level])
+ {
+ case AUTH_LVL_MEM:
+ $sel1 = "SELECTED";
+ break;
+ case AUTH_LVL_CONTRIB:
+ $sel2 = "SELECTED";
+ break;
+ case AUTH_LVL_MOD:
+ $sel3 = "SELECTED";
+ break;
+ case AUTH_LVL_ADMIN:
+ $sel4 = "SELECTED";
+ break;
+ default: break;
+ }
+ print "<option value=\"1\" " . $sel1 . ">Standard Member";
+ print "<option value=\"2\" " . $sel2 . ">Contributor";
+ print "<option value=\"3\" " . $sel3 . ">Moderator";
+ print "<option value=\"4\" " . $sel4 . ">Administrator";
+ print "</select><br>";
+ print "Date Format: <input type=\"text\" name=\"date_format\" value=\"" . $user[date_format] . "\"><br>";
+ print "Template: <input type=\"text\" name=\"template\" value=\"" . $user[template] . "\"><br>";
+ print "Signature:<br>";
+ print "<textarea name=\"signature\" rows=\"5\" cols=\"40\">" . $user[signature] . "</textarea><br>";
+ print "<input type=\"checkbox\" name=\"delete\" value=\"delete\"> Delete User? (WARNING: This deletes the user for good)<br>";
+ print "<input type=\"submit\" name=\"submit_user_parse\" value=\"Submit User Changes\">";
+ print "<input type=\"hidden\" name=\"userid\" value=\"" . $user[userid] . "\">";
+ print "</form>";
+ }
+
+ // Parse the user management form
+ // Author: Anthony White
+ // Accepts: The form variables
+ // Returns: none.
+ function parse_user($userid, $username, $passwd, $email, $auth_level, $date_format, $template, $signature, $delete)
+ {
+ include_once( C_PHPMP_ROOT . 'dba/' . DB_TYPE . '.dba' );
+ $DB = new DB;
+
+ if ($delete == "delete")
+ {
+ $DB->query("DELETE FROM " . DB_USERS_TABLE . " WHERE userid='" . $userid . "'");
+ return;
+ }
+
+ if ($passwd != "")
+ {
+ $DB->query("UPDATE " . DB_USERS_TABLE . " SET passwd='" . $passwd . "' WHERE userid='" . $userid . "'");
+ }
+
+ $DB->query("UPDATE " . DB_USERS_TABLE . " SET username='" . $username . "', email='" . $email . "', auth_level='" . $auth_level . "', date_format='" . $date_format . "', template='" . $template . "', signature='" . $signature . "' WHERE userid='" . $userid . "'");
+ }
+
}
|
|
From: Anthony W. <ant...@us...> - 2003-02-11 21:06:28
|
Update of /cvsroot/phpmp/phpMP/admin
In directory sc8-pr-cvs1:/tmp/cvs-serv25903/admin
Modified Files:
main.php
Log Message:
Added user management - I am getting an problem with the script not deleting the user when told to do so - works fine other than that I think
Index: main.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/admin/main.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -r1.4 -r1.5
*** main.php 11 Feb 2003 00:24:25 -0000 1.4
--- main.php 11 Feb 2003 21:06:18 -0000 1.5
***************
*** 4,7 ****
--- 4,8 ----
define( C_ACTION_SITE, 1 );
define( C_ACTION_USER, 2 );
+ define( C_PARSE_USER, 3 );
define( C_PHPMP_ROOT, '../' );
***************
*** 20,32 ****
switch ($parse)
{
! case C_ACTION_SITE:
! $admin->parse_site($sname, $ovrtpl, $deftpl, $deflang, $defdate, $accact, $systime, $portperms);
! break;
! case C_ACTION_USER:
! $admin->show_user($userid);
! break;
! default: // $parse is not supplied, so execute $action instead
! if ($action != C_ACTION_NONE) { $admin->execute($action); }
! break;
}
--- 21,39 ----
switch ($parse)
{
! case C_ACTION_SITE:
! if (!$submit_general) { return; }
! $admin->parse_site($sname, $ovrtpl, $deftpl, $deflang, $defdate, $accact, $systime, $portperms);
! break;
! case C_ACTION_USER:
! if (!$submit_user) { return; }
! $admin->show_user($userid);
! break;
! case C_PARSE_USER:
! if (!$submit_user_parse) { return; }
! $admin->parse_user($userid, $username, $passwd, $email, $auth_level, $date_format, $template, $signature, $delete);
! break;
! default: // $parse is not supplied, so execute $action instead
! if ($action != C_ACTION_NONE) { $admin->execute($action); }
! break;
}
|
|
From: Anthony W. <ant...@us...> - 2003-02-11 00:25:14
|
Update of /cvsroot/phpmp/phpMP/docs In directory sc8-pr-cvs1:/tmp/cvs-serv15405/docs Modified Files: Changelog Log Message: Updated Changelog Index: Changelog =================================================================== RCS file: /cvsroot/phpmp/phpMP/docs/Changelog,v retrieving revision 1.22 retrieving revision 1.23 diff -C2 -r1.22 -r1.23 *** Changelog 9 Feb 2003 21:58:57 -0000 1.22 --- Changelog 11 Feb 2003 00:25:11 -0000 1.23 *************** *** 1,10 **** 2003-02-09 [AnthonyWhite] ! * includes/admin.php ! Added timezone dropdown ! Doesnt select timezone, it is displayed beside box 2003-02-09 [AnthonyWhite] ! * includes/admin.php ! Minor changes with site config form 2003-02-09 [Heimidal] --- 1,17 ---- + 2003-02-10 [AnthonyWhite] + * includes/admin.php + Started on User Management + * admin/main.php + * admin/nav.php + * admin/index.php + 2003-02-09 [AnthonyWhite] ! * includes/admin.php ! Added timezone dropdown ! Doesnt select timezone, it is displayed beside box 2003-02-09 [AnthonyWhite] ! * includes/admin.php ! Minor changes with site config form 2003-02-09 [Heimidal] |
|
From: Anthony W. <ant...@us...> - 2003-02-11 00:24:28
|
Update of /cvsroot/phpmp/phpMP/admin
In directory sc8-pr-cvs1:/tmp/cvs-serv15132/admin
Modified Files:
index.php main.php nav.php
Log Message:
Minor Changes to index and nav - added some user management to main
Index: index.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/admin/index.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -r1.5 -r1.6
*** index.php 8 Feb 2003 18:05:22 -0000 1.5
--- index.php 11 Feb 2003 00:24:25 -0000 1.6
***************
*** 23,25 ****
print "</frameset>";
! ?>
\ No newline at end of file
--- 23,25 ----
print "</frameset>";
! ?>
Index: main.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/admin/main.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -r1.3 -r1.4
*** main.php 9 Feb 2003 19:22:17 -0000 1.3
--- main.php 11 Feb 2003 00:24:25 -0000 1.4
***************
*** 3,6 ****
--- 3,7 ----
define( C_ACTION_NONE, 0 );
define( C_ACTION_SITE, 1 );
+ define( C_ACTION_USER, 2 );
define( C_PHPMP_ROOT, '../' );
***************
*** 19,28 ****
switch ($parse)
{
! case C_ACTION_SITE:
! $admin->parse_site($sname, $ovrtpl, $deftpl, $deflang, $defdate, $accact, $systime, $portperms);
! break;
! default: // $parse is not supplied, so execute $action instead
! if ($action != C_ACTION_NONE) { $admin->execute($action); }
! break;
}
--- 20,32 ----
switch ($parse)
{
! case C_ACTION_SITE:
! $admin->parse_site($sname, $ovrtpl, $deftpl, $deflang, $defdate, $accact, $systime, $portperms);
! break;
! case C_ACTION_USER:
! $admin->show_user($userid);
! break;
! default: // $parse is not supplied, so execute $action instead
! if ($action != C_ACTION_NONE) { $admin->execute($action); }
! break;
}
Index: nav.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/admin/nav.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -r1.3 -r1.4
*** nav.php 9 Feb 2003 19:22:17 -0000 1.3
--- nav.php 11 Feb 2003 00:24:25 -0000 1.4
***************
*** 20,24 ****
print "<base target=\"cont\">\n";
! print "<a href=\"main.php?action=1\">Site Configuration</a>";
?>
--- 20,25 ----
print "<base target=\"cont\">\n";
! print "<a href=\"main.php?action=1\">Site Configuration</a><br>";
! print "<a href=\"main.php?action=2\">User Management</a>";
?>
|
|
From: Brian R. <hei...@us...> - 2003-02-10 00:52:07
|
Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv23431/includes
Modified Files:
sessions.php
Log Message:
Started writing sessions.php. It won't stay anything like this, but I'm learning a lot.
Index: sessions.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/sessions.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -r1.9 -r1.10
*** sessions.php 8 Feb 2003 10:48:22 -0000 1.9
--- sessions.php 10 Feb 2003 00:52:02 -0000 1.10
***************
*** 1,8 ****
--- 1,14 ----
<?php
+ // Took a lot of hints from phpBB2.
+ //
class Session // Creates and maintains sessions for all users.
{
+ var $browser;
+ var $page;
+ var data = array();
var $session_id;
+ var $ip;
function Session()
***************
*** 13,58 ****
{
! global $DB, $sid;
! // The Session ID is currently in the URL. We'll keep it that way for now.
! if( isset( $_GET['s'] ) )
{
! define('C_SESS_LOC', SESS_LOC_URL);
! $this->session_id = $_GET['s'];
}
! // Not in the URL. Could be in a cookie.
! // NOTE: No support yet for auto-login cookies.
! elseif( isset( $_COOKIE[C_COOKIE_NAME . 'data'] ) || isset( $_COOKIE[C_COOKIE_NAME . 'sid']) )
! (
!
! define('C_SESS_LOC', SESS_LOC_COOKIE);
! $cookie_data = unserialize(C_COOKIE_NAME . 'data');
! $this->session_id = $cookie_data['session_id'];
}
- else
- {
-
- // We currently have no session_id set.
}
// Pull session data from the database.
! if( !empty( $this->session_id ) }
{
! $sql = "SELECT u.*, s.* FROM " . DB_USERS_TABLE . " u, " . DB_SESSIONS_TABLE . " s WHERE s.sess_id = " . %this->session_id . " AND u.user_id = s.user_id";
$result = $DB->query($sql);
$session_data = $DB->fetchRow($result);
! // We will now check for authenticity of the IP.
! if( isset( $session_data['user_id'] ) )
{
! // Will write this later.
}
--- 19,96 ----
{
! global $DB, $SID;
! $current_time = time();
! $this->browser = $_SERVER['HTTP_USER_AGENT'];
! $this->page = $_ENV['PHP_SELF'];
! $this->page .= '&' . $_SERVER['QUERY_STRING'];
!
! // NOTE: No support yet for auto-login cookies.
!
! if( isset( $_COOKIE[C_COOKIE_NAME . '_data'] ) || isset( $_COOKIE[C_COOKIE_NAME . '_sid']) )
{
! define('C_SESS_LOC', SESS_LOC_COOKIE);
! $sessiondata = (isset($_COOKIE[C_COOKIE_NAME . 'data'])) ? $unserialize(stripslashes($_COOKIE[C_COOKIE_NAME . 'data']) : '';
! $this->session_id = (isset($_COOKIE[C_COOKIE_NAME . 'sid'])) ? $_COOKIE[C_COOKIE_NAME . 'sid'] : '';
! $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
}
! // Not in a cookie. We'll put it in the URL.
! else
! {
! define('C_SESS_LOC', SESS_LOC_URL);
!
! $this->session_id = (isset($_GET['sid'])) ? $_GET['sid'] : '';
! $SID = '?sid=' . $this->session_id;
}
+ // Obtain users IP
+ $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : $REMOTE_ADDR;
+
+ if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
+ {
+ if (preg_match('#^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)#', $_SERVER['HTTP_X_FORWARDED_FOR'], $ip_list))
+ {
+ $private_ip = array('#^0\.#', '#^127\.0\.0\.1#', '#^192\.168\.#', '#^172\.16\.#', '#^10\.#', '#^224\.#', '#^240\.#');
+ $this->ip = preg_replace($private_ip, $this->ip, $ip_list[1]);
+ }
}
// Pull session data from the database.
! if( !empty( $this->session_id ) )
{
! $sql = "SELECT u.*, s.*
! FROM " . DB_SESSIONS_TABLE . " s, " . DB_USERS_TABLE . " u
! WHERE s.session_id = '" . $this->session_id . "'
! AND u.user_id = s.session_user_id";
$result = $DB->query($sql);
$session_data = $DB->fetchRow($result);
! // Did the session exist in the DB?
! if (isset($this->data['user_id']))
{
! // Validate IP length according to admin ... has no effect on IPv6
! $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
! $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
!
! if ($u_ip == $s_ip)
! {
! // Only update session DB a minute or so after last update or if page changes
! if (($current_time - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page) && $update)
! {
! $sql = "UPDATE " . DB_SESSIONS_TABLE . "
! SET session_time = $current_time, session_page = '$this->page'
! WHERE session_id = '" . $this->session_id . "'";
! $DB->query($sql);
! }
!
! return true;
! }
}
|
