Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv23431/includes
Modified Files:
sessions.php
Log Message:
Started writing sessions.php. It won't stay anything like this, but I'm learning a lot.
Index: sessions.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/sessions.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -r1.9 -r1.10
*** sessions.php 8 Feb 2003 10:48:22 -0000 1.9
--- sessions.php 10 Feb 2003 00:52:02 -0000 1.10
***************
*** 1,8 ****
--- 1,14 ----
<?php
+ // Took a lot of hints from phpBB2.
+ //
class Session // Creates and maintains sessions for all users.
{
+ var $browser;
+ var $page;
+ var data = array();
var $session_id;
+ var $ip;
function Session()
***************
*** 13,58 ****
{
! global $DB, $sid;
! // The Session ID is currently in the URL. We'll keep it that way for now.
! if( isset( $_GET['s'] ) )
{
! define('C_SESS_LOC', SESS_LOC_URL);
! $this->session_id = $_GET['s'];
}
! // Not in the URL. Could be in a cookie.
! // NOTE: No support yet for auto-login cookies.
! elseif( isset( $_COOKIE[C_COOKIE_NAME . 'data'] ) || isset( $_COOKIE[C_COOKIE_NAME . 'sid']) )
! (
!
! define('C_SESS_LOC', SESS_LOC_COOKIE);
! $cookie_data = unserialize(C_COOKIE_NAME . 'data');
! $this->session_id = $cookie_data['session_id'];
}
- else
- {
-
- // We currently have no session_id set.
}
// Pull session data from the database.
! if( !empty( $this->session_id ) }
{
! $sql = "SELECT u.*, s.* FROM " . DB_USERS_TABLE . " u, " . DB_SESSIONS_TABLE . " s WHERE s.sess_id = " . %this->session_id . " AND u.user_id = s.user_id";
$result = $DB->query($sql);
$session_data = $DB->fetchRow($result);
! // We will now check for authenticity of the IP.
! if( isset( $session_data['user_id'] ) )
{
! // Will write this later.
}
--- 19,96 ----
{
! global $DB, $SID;
! $current_time = time();
! $this->browser = $_SERVER['HTTP_USER_AGENT'];
! $this->page = $_ENV['PHP_SELF'];
! $this->page .= '&' . $_SERVER['QUERY_STRING'];
!
! // NOTE: No support yet for auto-login cookies.
!
! if( isset( $_COOKIE[C_COOKIE_NAME . '_data'] ) || isset( $_COOKIE[C_COOKIE_NAME . '_sid']) )
{
! define('C_SESS_LOC', SESS_LOC_COOKIE);
! $sessiondata = (isset($_COOKIE[C_COOKIE_NAME . 'data'])) ? $unserialize(stripslashes($_COOKIE[C_COOKIE_NAME . 'data']) : '';
! $this->session_id = (isset($_COOKIE[C_COOKIE_NAME . 'sid'])) ? $_COOKIE[C_COOKIE_NAME . 'sid'] : '';
! $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
}
! // Not in a cookie. We'll put it in the URL.
! else
! {
! define('C_SESS_LOC', SESS_LOC_URL);
!
! $this->session_id = (isset($_GET['sid'])) ? $_GET['sid'] : '';
! $SID = '?sid=' . $this->session_id;
}
+ // Obtain users IP
+ $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : $REMOTE_ADDR;
+
+ if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
+ {
+ if (preg_match('#^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)#', $_SERVER['HTTP_X_FORWARDED_FOR'], $ip_list))
+ {
+ $private_ip = array('#^0\.#', '#^127\.0\.0\.1#', '#^192\.168\.#', '#^172\.16\.#', '#^10\.#', '#^224\.#', '#^240\.#');
+ $this->ip = preg_replace($private_ip, $this->ip, $ip_list[1]);
+ }
}
// Pull session data from the database.
! if( !empty( $this->session_id ) )
{
! $sql = "SELECT u.*, s.*
! FROM " . DB_SESSIONS_TABLE . " s, " . DB_USERS_TABLE . " u
! WHERE s.session_id = '" . $this->session_id . "'
! AND u.user_id = s.session_user_id";
$result = $DB->query($sql);
$session_data = $DB->fetchRow($result);
! // Did the session exist in the DB?
! if (isset($this->data['user_id']))
{
! // Validate IP length according to admin ... has no effect on IPv6
! $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
! $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
!
! if ($u_ip == $s_ip)
! {
! // Only update session DB a minute or so after last update or if page changes
! if (($current_time - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page) && $update)
! {
! $sql = "UPDATE " . DB_SESSIONS_TABLE . "
! SET session_time = $current_time, session_page = '$this->page'
! WHERE session_id = '" . $this->session_id . "'";
! $DB->query($sql);
! }
!
! return true;
! }
}
|
