[ Index ]

PHP Cross Reference of MyBB 1.8.38

title

Body

[close]

/inc/ -> class_session.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  class session
  12  {
  13      /**
  14       * @var int
  15       */
  16      public $sid = 0;
  17      /**
  18       * @var int
  19       */
  20      public $uid = 0;
  21      /**
  22       * @var string
  23       */
  24      public $ipaddress = '';
  25      /**
  26       * @var string
  27       */
  28      public $packedip = '';
  29      /**
  30       * @var string
  31       */
  32      public $useragent = '';
  33      /**
  34       * @var bool
  35       */
  36      public $is_spider = false;
  37  
  38      /**
  39       * Request parameters that are to be ignored for location storage
  40       *
  41       * @var array
  42       */
  43      public $ignore_parameters = array(
  44          'my_post_key',
  45          'logoutkey',
  46      );
  47  
  48      /**
  49       * Initialize a session
  50       */
  51  	function init()
  52      {
  53          global $db, $mybb, $cache, $plugins;
  54  
  55          // Get our visitor's IP.
  56          $this->ipaddress = get_ip();
  57          $this->packedip = my_inet_pton($this->ipaddress);
  58  
  59          // Find out the user agent.
  60          if(isset($_SERVER['HTTP_USER_AGENT']))
  61          {
  62              $this->useragent = $_SERVER['HTTP_USER_AGENT'];
  63          }
  64  
  65          // Attempt to find a session id in the cookies.
  66          if(isset($mybb->cookies['sid']) && !defined('IN_UPGRADE'))
  67          {
  68              $sid = $db->escape_string($mybb->cookies['sid']);
  69  
  70              // Load the session if not using a bot sid
  71              if(substr($sid, 3, 1) !== '=')
  72              {
  73                  $query = $db->simple_select("sessions", "*", "sid='{$sid}'");
  74                  $session = $db->fetch_array($query);
  75                  if($session)
  76                  {
  77                      $this->sid = $session['sid'];
  78                  }
  79              }
  80          }
  81  
  82          if(isset($plugins))
  83          {
  84              $plugins->run_hooks('pre_session_load', $this);
  85          }
  86  
  87          // If we have a valid session id and user id, load that users session.
  88          if(!empty($mybb->cookies['mybbuser']))
  89          {
  90              $logon = explode("_", $mybb->cookies['mybbuser'], 2);
  91              $this->load_user($logon[0], $logon[1]);
  92          }
  93  
  94          // If no user still, then we have a guest.
  95          if(!isset($mybb->user['uid']))
  96          {
  97              // Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set)
  98              if(!$this->sid)
  99              {
 100                  $spiders = $cache->read("spiders");
 101                  if(is_array($spiders))
 102                  {
 103                      foreach($spiders as $spider)
 104                      {
 105                          if(my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false)
 106                          {
 107                              $this->load_spider($spider['sid']);
 108                          }
 109                      }
 110                  }
 111              }
 112  
 113              // Still nothing? JUST A GUEST!
 114              if(!$this->is_spider)
 115              {
 116                  $this->load_guest();
 117              }
 118          }
 119  
 120          // As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie
 121          if($this->sid && (!isset($mybb->cookies['sid']) || $mybb->cookies['sid'] != $this->sid) && $this->is_spider != true)
 122          {
 123              my_setcookie("sid", $this->sid, -1, true);
 124          }
 125      }
 126  
 127      /**
 128       * Load a user via the user credentials.
 129       *
 130       * @param int $uid The user id.
 131       * @param string $loginkey The user's loginkey.
 132       * @return bool
 133       */
 134  	function load_user($uid, $loginkey='')
 135      {
 136          global $mybb, $db, $time, $lang, $mybbgroups, $cache;
 137  
 138          $uid = (int)$uid;
 139          $query = $db->query("
 140              SELECT u.*, f.*
 141              FROM ".TABLE_PREFIX."users u
 142              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 143              WHERE u.uid='$uid'
 144              LIMIT 1
 145          ");
 146          $mybb->user = $db->fetch_array($query);
 147  
 148          // Check the password if we're not using a session
 149          if(!$mybb->user || empty($loginkey) || $loginkey !== $mybb->user['loginkey'])
 150          {
 151              unset($mybb->user);
 152              $this->uid = 0;
 153              return false;
 154          }
 155          $this->uid = $mybb->user['uid'];
 156  
 157          // Set the logout key for this user
 158          $mybb->user['logoutkey'] = md5($mybb->user['loginkey']);
 159  
 160          // Sort out the private message count for this user.
 161          if(($mybb->user['totalpms'] == -1 || $mybb->user['unreadpms'] == -1) && $mybb->settings['enablepms'] != 0) // Forced recount
 162          {
 163              $update = 0;
 164              if($mybb->user['totalpms'] == -1)
 165              {
 166                  $update += 1;
 167              }
 168              if($mybb->user['unreadpms'] == -1)
 169              {
 170                  $update += 2;
 171              }
 172  
 173              require_once  MYBB_ROOT."inc/functions_user.php";
 174              $pmcount = update_pm_count('', $update);
 175              if(is_array($pmcount))
 176              {
 177                  $mybb->user = array_merge($mybb->user, $pmcount);
 178              }
 179          }
 180          $mybb->user['pms_total'] = $mybb->user['totalpms'];
 181          $mybb->user['pms_unread'] = $mybb->user['unreadpms'];
 182  
 183          if($mybb->user['lastip'] != $this->packedip && array_key_exists('lastip', $mybb->user) && !defined('IN_UPGRADE'))
 184          {
 185              $lastip_add = ", lastip=".$db->escape_binary($this->packedip);
 186          }
 187          else
 188          {
 189              $lastip_add = '';
 190          }
 191  
 192          // If the last visit was over 900 seconds (session time out) ago then update lastvisit.
 193          $time = TIME_NOW;
 194          if($time - $mybb->user['lastactive'] > 900)
 195          {
 196              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$mybb->user['lastactive']}', lastactive='$time'{$lastip_add} WHERE uid='{$mybb->user['uid']}'");
 197              $mybb->user['lastvisit'] = $mybb->user['lastactive'];
 198              require_once  MYBB_ROOT."inc/functions_user.php";
 199              update_pm_count('', 2);
 200          }
 201          else
 202          {
 203              $timespent = TIME_NOW - $mybb->user['lastactive'];
 204              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastactive='$time', timeonline=timeonline+$timespent{$lastip_add} WHERE uid='{$mybb->user['uid']}'");
 205          }
 206  
 207          // Sort out the language and forum preferences.
 208          if($mybb->user['language'] && $lang->language_exists($mybb->user['language']))
 209          {
 210              $mybb->settings['bblanguage'] = $mybb->user['language'];
 211          }
 212          if($mybb->user['dateformat'] != 0 && $mybb->user['dateformat'] != '')
 213          {
 214              global $date_formats;
 215              if(!empty($date_formats[$mybb->user['dateformat']]))
 216              {
 217                  $mybb->settings['dateformat'] = $date_formats[$mybb->user['dateformat']];
 218              }
 219          }
 220  
 221          // Choose time format.
 222          if($mybb->user['timeformat'] != 0 && $mybb->user['timeformat'] != '')
 223          {
 224              global $time_formats;
 225              if(!empty($time_formats[$mybb->user['timeformat']]))
 226              {
 227                  $mybb->settings['timeformat'] = $time_formats[$mybb->user['timeformat']];
 228              }
 229          }
 230  
 231          // Find out the threads per page preference.
 232          if($mybb->user['tpp'])
 233          {
 234              $mybb->settings['threadsperpage'] = $mybb->user['tpp'];
 235          }
 236  
 237          // Find out the posts per page preference.
 238          if($mybb->user['ppp'])
 239          {
 240              $mybb->settings['postsperpage'] = $mybb->user['ppp'];
 241          }
 242  
 243          // Does this user prefer posts in classic mode?
 244          if($mybb->user['classicpostbit'])
 245          {
 246              $mybb->settings['postlayout'] = 'classic';
 247          }
 248          else
 249          {
 250              $mybb->settings['postlayout'] = 'horizontal';
 251          }
 252  
 253          $usergroups = $cache->read('usergroups');
 254  
 255          if(!empty($usergroups[$mybb->user['usergroup']]) && $usergroups[$mybb->user['usergroup']]['isbannedgroup'] == 1)
 256          {
 257              $ban = $db->fetch_array(
 258                  $db->simple_select('banned', '*', 'uid='.(int)$mybb->user['uid'], array('limit' => 1))
 259              );
 260  
 261              if($ban)
 262              {
 263                  $mybb->user['banned'] = 1;
 264                  $mybb->user['bandate'] = $ban['dateline'];
 265                  $mybb->user['banlifted'] = $ban['lifted'];
 266                  $mybb->user['banoldgroup'] = $ban['oldgroup'];
 267                  $mybb->user['banolddisplaygroup'] = $ban['olddisplaygroup'];
 268                  $mybb->user['banoldadditionalgroups'] = $ban['oldadditionalgroups'];
 269                  $mybb->user['banreason'] = $ban['reason'];
 270              }
 271              else
 272              {
 273                  $mybb->user['banned'] = 0;
 274              }
 275          }
 276  
 277          // Check if this user is currently banned and if we have to lift it.
 278          if(!empty($mybb->user['bandate']) && (isset($mybb->user['banlifted']) && !empty($mybb->user['banlifted'])) && $mybb->user['banlifted'] < $time)  // hmmm...bad user... how did you get banned =/
 279          {
 280              // must have been good.. bans up :D
 281              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET usergroup='".(int)$mybb->user['banoldgroup']."', additionalgroups='".$db->escape_string($mybb->user['banoldadditionalgroups'])."', displaygroup='".(int)$mybb->user['banolddisplaygroup']."' WHERE uid='".$mybb->user['uid']."'");
 282              $db->shutdown_query("DELETE FROM ".TABLE_PREFIX."banned WHERE uid='".$mybb->user['uid']."'");
 283              // we better do this..otherwise they have dodgy permissions
 284              $mybb->user['usergroup'] = $mybb->user['banoldgroup'];
 285              $mybb->user['displaygroup'] = $mybb->user['banolddisplaygroup'];
 286              $mybb->user['additionalgroups'] = $mybb->user['banoldadditionalgroups'];
 287  
 288              $mybbgroups = $mybb->user['usergroup'];
 289              if($mybb->user['additionalgroups'])
 290              {
 291                  $mybbgroups .= ','.$mybb->user['additionalgroups'];
 292              }
 293          }
 294          else if(!empty($mybb->user['bandate']) && (empty($mybb->user['banlifted'])  || !empty($mybb->user['banlifted']) && $mybb->user['banlifted'] > $time))
 295          {
 296              $mybbgroups = $mybb->user['usergroup'];
 297          }
 298          else
 299          {
 300              // Gather a full permission set for this user and the groups they are in.
 301              $mybbgroups = $mybb->user['usergroup'];
 302              if($mybb->user['additionalgroups'])
 303              {
 304                  $mybbgroups .= ','.$mybb->user['additionalgroups'];
 305              }
 306          }
 307  
 308          $mybb->usergroup = usergroup_permissions($mybbgroups);
 309          if(!$mybb->user['displaygroup'])
 310          {
 311              $mybb->user['displaygroup'] = $mybb->user['usergroup'];
 312          }
 313  
 314          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 315          if(is_array($mydisplaygroup))
 316          {
 317              $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 318          }
 319  
 320          if(!$mybb->user['usertitle'])
 321          {
 322              $mybb->user['usertitle'] = $mybb->usergroup['usertitle'];
 323          }
 324  
 325          // Update or create the session.
 326          if(!defined("NO_ONLINE") && !defined('IN_UPGRADE'))
 327          {
 328              if(!empty($this->sid))
 329              {
 330                  $this->update_session($this->sid, $mybb->user['uid']);
 331              }
 332              else
 333              {
 334                  $this->create_session($mybb->user['uid']);
 335              }
 336          }
 337          return true;
 338      }
 339  
 340      /**
 341       * Load a guest user.
 342       *
 343       */
 344  	function load_guest()
 345      {
 346          global $mybb, $time, $db, $lang;
 347  
 348          // Set up some defaults
 349          $time = TIME_NOW;
 350          $mybb->user['usergroup'] = 1;
 351          $mybb->user['additionalgroups'] = '';
 352          $mybb->user['username'] = '';
 353          $mybb->user['uid'] = 0;
 354          $mybbgroups = 1;
 355          $mybb->user['displaygroup'] = 1;
 356          $mybb->user['invisible'] = 0;
 357          $mybb->user['moderateposts'] = 0;
 358          $mybb->user['showquickreply'] = 1;
 359          $mybb->user['signature'] = '';
 360          $mybb->user['sourceeditor'] = 0;
 361          $mybb->user['subscriptionmethod'] = 0;
 362          $mybb->user['suspendposting'] = 0;
 363  
 364          // Has this user visited before? Lastvisit need updating?
 365          if(isset($mybb->cookies['mybb']['lastvisit']))
 366          {
 367              if(!isset($mybb->cookies['mybb']['lastactive']))
 368              {
 369                  $mybb->user['lastactive'] = $time;
 370                  $mybb->cookies['mybb']['lastactive'] = $mybb->user['lastactive'];
 371              }
 372              else
 373              {
 374                  $mybb->user['lastactive'] = (int)$mybb->cookies['mybb']['lastactive'];
 375              }
 376              if($time - (int)$mybb->cookies['mybb']['lastactive'] > 900)
 377              {
 378                  my_setcookie("mybb[lastvisit]", $mybb->user['lastactive']);
 379                  $mybb->user['lastvisit'] = $mybb->user['lastactive'];
 380              }
 381              else
 382              {
 383                  $mybb->user['lastvisit'] = (int)$mybb->cookies['mybb']['lastactive'];
 384              }
 385          }
 386  
 387          // No last visit cookie, create one.
 388          else
 389          {
 390              my_setcookie("mybb[lastvisit]", $time);
 391              $mybb->user['lastvisit'] = $time;
 392          }
 393  
 394          // Update last active cookie.
 395          my_setcookie("mybb[lastactive]", $time);
 396  
 397          // Gather a full permission set for this guest
 398          $mybb->usergroup = usergroup_permissions($mybbgroups);
 399          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 400          if(is_array($mydisplaygroup))
 401          {
 402              $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 403          }
 404  
 405          // Update the online data.
 406          if(!defined("NO_ONLINE") && !defined('IN_UPGRADE'))
 407          {
 408              if(!empty($this->sid))
 409              {
 410                  $this->update_session($this->sid);
 411              }
 412              else
 413              {
 414                  $this->create_session();
 415              }
 416          }
 417      }
 418  
 419      /**
 420       * Load a search engine spider.
 421       *
 422       * @param int $spider_id The ID of the search engine spider
 423       */
 424  	function load_spider($spider_id)
 425      {
 426          global $mybb, $time, $db, $lang;
 427  
 428          // Fetch the spider preferences from the database
 429          $query = $db->simple_select("spiders", "*", "sid='{$spider_id}'");
 430          $spider = $db->fetch_array($query);
 431  
 432          // Set up some defaults
 433          $time = TIME_NOW;
 434          $this->is_spider = true;
 435          if($spider['usergroup'])
 436          {
 437              $mybb->user['usergroup'] = $spider['usergroup'];
 438          }
 439          else
 440          {
 441              $mybb->user['usergroup'] = 1;
 442          }
 443          $mybb->user['username'] = '';
 444          $mybb->user['uid'] = 0;
 445          $mybb->user['displaygroup'] = $mybb->user['usergroup'];
 446          $mybb->user['additionalgroups'] = '';
 447          $mybb->user['invisible'] = 0;
 448  
 449          // Set spider language
 450          if($spider['language'] && $lang->language_exists($spider['language']))
 451          {
 452              $mybb->settings['bblanguage'] = $spider['language'];
 453          }
 454  
 455          // Set spider theme
 456          if($spider['theme'])
 457          {
 458              $mybb->user['style'] = $spider['theme'];
 459          }
 460  
 461          // Gather a full permission set for this spider.
 462          $mybb->usergroup = usergroup_permissions($mybb->user['usergroup']);
 463          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 464          if(is_array($mydisplaygroup))
 465          {
 466              $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 467          }
 468  
 469          // Update spider last minute (only do so on two minute intervals - decrease load for quick spiders)
 470          if($spider['lastvisit'] < TIME_NOW-120)
 471          {
 472              $updated_spider = array(
 473                  "lastvisit" => TIME_NOW
 474              );
 475              $db->update_query("spiders", $updated_spider, "sid='{$spider_id}'");
 476          }
 477  
 478          // Update the online data.
 479          if(!defined("NO_ONLINE") && !defined('IN_UPGRADE'))
 480          {
 481              $this->sid = "bot=".$spider_id;
 482              $this->create_session();
 483          }
 484  
 485      }
 486  
 487      /**
 488       * Update a user session.
 489       *
 490       * @param int $sid The session id.
 491       * @param int $uid The user id.
 492       */
 493  	function update_session($sid, $uid=0)
 494      {
 495          global $db;
 496  
 497          // Find out what the special locations are.
 498          $speciallocs = $this->get_special_locations();
 499          if($uid)
 500          {
 501              $onlinedata['uid'] = $uid;
 502          }
 503          else
 504          {
 505              $onlinedata['uid'] = 0;
 506          }
 507          $onlinedata['time'] = TIME_NOW;
 508  
 509          $onlinedata['location'] = $db->escape_string(substr(get_current_location(false, $this->ignore_parameters), 0, 150));
 510          $onlinedata['useragent'] = $db->escape_string(my_substr($this->useragent, 0, 200));
 511  
 512          $onlinedata['location1'] = (int)$speciallocs['1'];
 513          $onlinedata['location2'] = (int)$speciallocs['2'];
 514          $onlinedata['nopermission'] = 0;
 515          $sid = $db->escape_string($sid);
 516  
 517          $db->update_query("sessions", $onlinedata, "sid='{$sid}'");
 518      }
 519  
 520      /**
 521       * Create a new session.
 522       *
 523       * @param int $uid The user id to bind the session to.
 524       */
 525  	function create_session($uid=0)
 526      {
 527          global $db;
 528          $speciallocs = $this->get_special_locations();
 529  
 530          // If there is a proper uid, delete by uid.
 531          if($uid > 0)
 532          {
 533              $db->delete_query("sessions", "uid='{$uid}'");
 534              $onlinedata['uid'] = $uid;
 535          }
 536          else
 537          {
 538              // Is a spider - delete all other spider references
 539              if($this->is_spider == true)
 540              {
 541                  $db->delete_query("sessions", "sid='{$this->sid}'");
 542              }
 543  
 544              $onlinedata['uid'] = 0;
 545          }
 546  
 547          // If the user is a search enginge spider, ...
 548          if($this->is_spider == true)
 549          {
 550              $onlinedata['sid'] = $this->sid;
 551          }
 552          else
 553          {
 554              $onlinedata['sid'] = md5(random_str(50));
 555          }
 556          $onlinedata['time'] = TIME_NOW;
 557          $onlinedata['ip'] = $db->escape_binary($this->packedip);
 558  
 559          $onlinedata['location'] = $db->escape_string(substr(get_current_location(false, $this->ignore_parameters), 0, 150));
 560          $onlinedata['useragent'] = $db->escape_string(my_substr($this->useragent, 0, 200));
 561  
 562          $onlinedata['location1'] = (int)$speciallocs['1'];
 563          $onlinedata['location2'] = (int)$speciallocs['2'];
 564          $onlinedata['nopermission'] = 0;
 565          $db->replace_query("sessions", $onlinedata, "sid", false);
 566          $this->sid = $onlinedata['sid'];
 567          $this->uid = $onlinedata['uid'];
 568      }
 569  
 570      /**
 571       * Find out the special locations.
 572       *
 573       * @return array Special locations array.
 574       */
 575  	function get_special_locations()
 576      {
 577          global $mybb, $db;
 578          $array = array('1' => '', '2' => '');
 579          if(preg_match("#forumdisplay.php#", $_SERVER['PHP_SELF']) && $mybb->get_input('fid', MyBB::INPUT_INT) > 0 && $mybb->get_input('fid', MyBB::INPUT_INT) < 4294967296)
 580          {
 581              $array[1] = $mybb->get_input('fid', MyBB::INPUT_INT);
 582          }
 583          elseif(preg_match("#showthread.php#", $_SERVER['PHP_SELF']))
 584          {
 585              if($mybb->get_input('tid', MyBB::INPUT_INT) > 0 && $mybb->get_input('tid', MyBB::INPUT_INT) < 4294967296)
 586              {
 587                  $array[2] = $mybb->get_input('tid', MyBB::INPUT_INT);
 588              }
 589  
 590              // If there is no tid but a pid, trick the system into thinking there was a tid anyway.
 591              elseif(isset($mybb->input['pid']) && !empty($mybb->input['pid']))
 592              {
 593                  $options = array(
 594                      "limit" => 1
 595                  );
 596                  $query = $db->simple_select("posts", "tid", "pid=".$mybb->get_input('pid', MyBB::INPUT_INT), $options);
 597                  $post = $db->fetch_array($query);
 598                  if($post)
 599                  {
 600                      $array[2] = $post['tid'];
 601                  }
 602              }
 603  
 604              $thread = get_thread($array[2]);
 605              if($thread)
 606              {
 607                  $array[1] = $thread['fid'];
 608              }
 609          }
 610          return $array;
 611      }
 612  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref