Thread: [phpMP-CVS] CVS: phpMP/includes session.php,1.2,1.3 user.php,1.17,1.18

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/phpmp/phpMP/includes
In directory sc8-pr-cvs1:/tmp/cvs-serv21784/includes

Modified Files:
	session.php user.php 
Log Message:
Fixed a few problems; reformatted the way the new session function was structured.


Index: session.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/session.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -r1.2 -r1.3
*** session.php	23 Apr 2003 08:28:41 -0000	1.2
--- session.php	26 Apr 2003 02:47:24 -0000	1.3
***************
*** 12,20 ****
  	
  	// Starts the session.  Must be called.
! 	function start()
  	{
  		if($this->started == false)
  		{
! 			$this->clean();
  			$this->getSessionData();
  			$this->started = true;
--- 12,20 ----
  	
  	// Starts the session.  Must be called.
! 	function start($clean_all = false)
  	{
  		if($this->started == false)
  		{
! 			$this->clean(/*$clean_all*/ $_POST['clean_all'] );
  			$this->getSessionData();
  			$this->started = true;
***************
*** 32,36 ****
  		// Sets the session as owned by an anonymous user.
  		$sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
! 				SET exp_time=\'' . $exp_time . '\'
  					AND session_page=\'' . $page . '\'
  					AND session_user_id=1
--- 32,36 ----
  		// Sets the session as owned by an anonymous user.
  		$sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
! 				SET session_exp_time=\'' . $exp_time . '\'
  					AND session_page=\'' . $page . '\'
  					AND session_user_id=1
***************
*** 65,69 ****
  		$cur_time = time(); // Time as of right now.
  		$exp_time = $cur_time + $Config['session_length']; // Time at which this session will become invalid.
! 		$this->ip = $this->getIPEncoded(); // Gets the user's IP address.
  			
  		// If the ID is new, why bother querying to test for an old one?
--- 65,69 ----
  		$cur_time = time(); // Time as of right now.
  		$exp_time = $cur_time + $Config['session_length']; // Time at which this session will become invalid.
! 		$this->ip = $User->getIPEncoded(); // Gets the user's IP address.
  			
  		// If the ID is new, why bother querying to test for an old one?
***************
*** 82,85 ****
--- 82,86 ----
  			
  			// If the session is expired, we'll go ahead and create a new one regardless.
+ 			// The old one *should* be cleaned out by our clean() function later.
  			$this->session_data = $DB->fetchAssoc($result);
  			if( $this->session_data['session_exp_time'] < $cur_time )
***************
*** 90,94 ****
  		
  		if( $session_exists == true ) // A session exists.  Yay.
! 		{	
  			$sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
  					SET session_exp_time=' . $exp_time . ', session_page=\'' . addslashes($page) . '\'';
--- 91,95 ----
  		
  		if( $session_exists == true ) // A session exists.  Yay.
! 		{
  			$sql = 'UPDATE ' . DB_SESSIONS_TABLE . '
  					SET session_exp_time=' . $exp_time . ', session_page=\'' . addslashes($page) . '\'';
***************
*** 96,114 ****
  			if( $_POST['do_login'] == true ) // Swap out the anonymous user for our new user_id.
  			{
! 				$sql .= ', session_user_id=' . $this->session_user_id;
  			}
! 					
! 			$sql .= ' WHERE session_key=\'' . $this->session_key . '\'';
! 			
! 			$User->user_id = $this->session_user_id;
  		}
! 		else // A session does not exist.  We'll create an anonymous one.
! 		{	
  			$sql = 'INSERT INTO ' . DB_SESSIONS_TABLE . '
  						(session_key, session_user_id, session_start_time, session_exp_time, session_page, session_ip)
! 						VALUES(\'' . $this->session_key . '\', 1,' . $cur_time . ',' . $exp_time . ',\'' . addslashes($page) . '\',\'' . $this->ip . '\')';
! 			
! 			$this->session_user_id = 1;
! 			$User->user_id = 1;
  		}
  		
--- 97,124 ----
  			if( $_POST['do_login'] == true ) // Swap out the anonymous user for our new user_id.
  			{
! 				$sql = "UPDATE " . DB_SESSIONS_TABLE . "
! 						SET session_exp_time=" . $exp_time . ", session_page='" . addslashes($page) . "', session_user_id=" . $this->session_user_id . "
! 						WHERE session_key='" . $this->session_key . "'";
  			}
! 			else
! 			{
! 				$User->user_id = $this->session_user_id;
! 				
! 				$sql = "UPDATE " . DB_SESSIONS_TABLE . "
! 						SET session_exp_time=" . $exp_time . ", session_page='" . addslashes($page) . "'
! 						WHERE session_key='" . $this->session_key . "'";
! 			}			
  		}
! 		else // A session does not exist.  We'll create one.
! 		{
! 			if( $_POST['do_login'] == false )
! 			{
! 				$this->session_user_id = 1;
! 				$User->user_id = 1;
! 			}
! 			
  			$sql = 'INSERT INTO ' . DB_SESSIONS_TABLE . '
  						(session_key, session_user_id, session_start_time, session_exp_time, session_page, session_ip)
! 						VALUES(\'' . $this->session_key . '\', ' . $this->session_user_id . ', ' . $cur_time . ', ' . $exp_time . ', \'' . addslashes($page) . '\', \'' . $this->ip . '\')';
  		}
  		
***************
*** 129,140 ****
  	}
  	
! 	function clean()
  	{
  		global $DB;
  
  		$rand = rand(0,10);
! 		if($rand >= 1) // 1:10 chance of session cleanup.  This may later become a setting.
  		{
! 			$sql = "DELETE FROM " . DB_SESSIONS_TABLE . " WHERE exp_time<" . time();
  			$DB->query($sql);
  		}
--- 139,150 ----
  	}
  	
! 	function clean($clean_all = false)
  	{
  		global $DB;
  
  		$rand = rand(0,10);
! 		if(($rand >= 1) || ($clean_all == true)) // 1:10 chance of session cleanup.  This may later become a setting.
  		{
! 			$sql = "DELETE FROM " . DB_SESSIONS_TABLE . " WHERE session_exp_time<" . time();
  			$DB->query($sql);
  		}
***************
*** 159,198 ****
  			}
  		}
! 		else
  		{
! 			// OK.  We don't have a valid cookie.  We'll make one.
! 			$this->session_key = md5( uniqid (microtime(), 1) );
! 			$this->session_key_new = true;
! 		}
! 	}
! 	
! 	// Taken from phpBB2.
! 	function getIPEncoded()
! 	{
! 		if( getenv('HTTP_X_FORWARDED_FOR') != '' )
! 		{
! 			$client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
! 		
! 			if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
  			{
! 				$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
! 				$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
  			}
  		}
- 		else
- 		{
- 			$client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
- 		}
- 		
- 		$ip_sep = explode('.', $client_ip);
- 		return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);	
  	}
- 	
- 	// Taken from phpBB2.
- 	function decodeIP($encoded_ip)
- 	{
- 		$hexipbang = explode('.', chunk_split($encoded_ip, 2, '.'));
- 		return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
- 	} 
  }
  
--- 169,185 ----
  			}
  		}
! 		else // There is no standard cookie.  Let's check for auto-login.
  		{
! 			if( !empty($_COOKIE[$Config['cookie_name'] . '_ext']))
  			{
! 				// We'll add auto-login functions here later on.	
! 			}
! 			else // We don't have a valid cookie.  We'll make one.
! 			{
! 				$this->session_key = md5( uniqid (microtime(), 1) );
! 				$this->session_key_new = true;
  			}
  		}
  	}
  }
  

Index: user.php
===================================================================
RCS file: /cvsroot/phpmp/phpMP/includes/user.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -r1.17 -r1.18
*** user.php	23 Apr 2003 07:21:03 -0000	1.17
--- user.php	26 Apr 2003 02:47:24 -0000	1.18
***************
*** 42,49 ****
  			}
  		}
- 			
- 
  	}
  	
  }
  
--- 42,75 ----
  			}
  		}
  	}
  	
+ 	// Taken from phpBB2.
+ 	function getIPEncoded()
+ 	{
+ 		if( getenv('HTTP_X_FORWARDED_FOR') != '' )
+ 		{
+ 			$client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
+ 		
+ 			if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
+ 			{
+ 				$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/');
+ 				$client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
+ 			}
+ 		}
+ 		else
+ 		{
+ 			$client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR );
+ 		}
+ 		
+ 		$ip_sep = explode('.', $client_ip);
+ 		return sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]);	
+ 	}
+ 	
+ 	// Taken from phpBB2.
+ 	function decodeIP($encoded_ip)
+ 	{
+ 		$hexipbang = explode('.', chunk_split($encoded_ip, 2, '.'));
+ 		return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
+ 	} 
  }

Thread: [phpMP-CVS] CVS: phpMP/includes session.php,1.2,1.3 user.php,1.17,1.18

phpmp-commits