[ Index ]

PHP Cross Reference of MyBB 1.8.39

title

Body

[close]

/inc/ -> class_session.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  class session
  12  {
  13      /**
  14       * @var int
  15       */
  16      public $sid = 0;
  17      /**
  18       * @var int
  19       */
  20      public $uid = 0;
  21      /**
  22       * @var string
  23       */
  24      public $ipaddress = '';
  25      /**
  26       * @var string
  27       */
  28      public $packedip = '';
  29      /**
  30       * @var string
  31       */
  32      public $useragent = '';
  33      /**
  34       * @var bool
  35       */
  36      public $is_spider = false;
  37  
  38      /**
  39       * Request parameters that are to be ignored for location storage
  40       *
  41       * @var array
  42       */
  43      public $ignore_parameters = array(
  44          'my_post_key',
  45          'logoutkey',
  46      );
  47  
  48      /**
  49       * Initialize a session
  50       */
  51  	function init()
  52      {
  53          global $db, $mybb, $cache, $plugins;
  54  
  55          // Get our visitor's IP.
  56          $this->ipaddress = get_ip();
  57          $this->packedip = my_inet_pton($this->ipaddress);
  58  
  59          // Find out the user agent.
  60          if(isset($_SERVER['HTTP_USER_AGENT']))
  61          {
  62              $this->useragent = $_SERVER['HTTP_USER_AGENT'];
  63          }
  64  
  65          // Attempt to find a session id in the cookies.
  66          if(isset($mybb->cookies['sid']) && !defined('IN_UPGRADE'))
  67          {
  68              $sid = $db->escape_string($mybb->cookies['sid']);
  69  
  70              // Load the session if not using a bot sid
  71              if(substr($sid, 3, 1) !== '=')
  72              {
  73                  $query = $db->simple_select("sessions", "*", "sid='{$sid}'");
  74                  $session = $db->fetch_array($query);
  75                  if($session)
  76                  {
  77                      $this->sid = $session['sid'];
  78                  }
  79              }
  80          }
  81  
  82          if(isset($plugins))
  83          {
  84              $plugins->run_hooks('pre_session_load', $this);
  85          }
  86  
  87          // If we have a valid session id and user id, load that users session.
  88          if(!empty($mybb->cookies['mybbuser']))
  89          {
  90              $logon = explode("_", $mybb->cookies['mybbuser'], 2);
  91              $this->load_user($logon[0], $logon[1]);
  92          }
  93  
  94          // If no user still, then we have a guest.
  95          if(!isset($mybb->user['uid']))
  96          {
  97              // Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set)
  98              if(!$this->sid)
  99              {
 100                  $spiders = $cache->read("spiders");
 101                  if(is_array($spiders))
 102                  {
 103                      foreach($spiders as $spider)
 104                      {
 105                          if(my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false)
 106                          {
 107                              $this->load_spider($spider['sid']);
 108                          }
 109                      }
 110                  }
 111              }
 112  
 113              // Still nothing? JUST A GUEST!
 114              if(!$this->is_spider)
 115              {
 116                  $this->load_guest();
 117              }
 118          }
 119  
 120          // As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie
 121          if($this->sid && (!isset($mybb->cookies['sid']) || $mybb->cookies['sid'] != $this->sid) && $this->is_spider != true)
 122          {
 123              my_setcookie("sid", $this->sid, -1, true);
 124          }
 125  
 126          if(isset($plugins))
 127          {
 128              $plugins->run_hooks('post_session_load', $this);
 129          }
 130      }
 131  
 132      /**
 133       * Load a user via the user credentials.
 134       *
 135       * @param int $uid The user id.
 136       * @param string $loginkey The user's loginkey.
 137       * @return bool
 138       */
 139  	function load_user($uid, $loginkey='')
 140      {
 141          global $mybb, $db, $time, $lang, $mybbgroups, $cache;
 142  
 143          $uid = (int)$uid;
 144          $query = $db->query("
 145              SELECT u.*, f.*
 146              FROM ".TABLE_PREFIX."users u
 147              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 148              WHERE u.uid='$uid'
 149              LIMIT 1
 150          ");
 151          $mybb->user = $db->fetch_array($query);
 152  
 153          // Check the password if we're not using a session
 154          if(!$mybb->user || empty($loginkey) || $loginkey !== $mybb->user['loginkey'])
 155          {
 156              unset($mybb->user);
 157              $this->uid = 0;
 158              return false;
 159          }
 160          $this->uid = $mybb->user['uid'];
 161  
 162          // Set the logout key for this user
 163          $mybb->user['logoutkey'] = md5($mybb->user['loginkey']);
 164  
 165          // Sort out the private message count for this user.
 166          if(($mybb->user['totalpms'] == -1 || $mybb->user['unreadpms'] == -1) && $mybb->settings['enablepms'] != 0) // Forced recount
 167          {
 168              $update = 0;
 169              if($mybb->user['totalpms'] == -1)
 170              {
 171                  $update += 1;
 172              }
 173              if($mybb->user['unreadpms'] == -1)
 174              {
 175                  $update += 2;
 176              }
 177  
 178              require_once  MYBB_ROOT."inc/functions_user.php";
 179              $pmcount = update_pm_count('', $update);
 180              if(is_array($pmcount))
 181              {
 182                  $mybb->user = array_merge($mybb->user, $pmcount);
 183              }
 184          }
 185          $mybb->user['pms_total'] = $mybb->user['totalpms'];
 186          $mybb->user['pms_unread'] = $mybb->user['unreadpms'];
 187  
 188          if($mybb->user['lastip'] != $this->packedip && array_key_exists('lastip', $mybb->user) && !defined('IN_UPGRADE'))
 189          {
 190              $lastip_add = ", lastip=".$db->escape_binary($this->packedip);
 191          }
 192          else
 193          {
 194              $lastip_add = '';
 195          }
 196  
 197          // If the last visit was over 900 seconds (session time out) ago then update lastvisit.
 198          $time = TIME_NOW;
 199          if($time - $mybb->user['lastactive'] > 900)
 200          {
 201              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$mybb->user['lastactive']}', lastactive='$time'{$lastip_add} WHERE uid='{$mybb->user['uid']}'");
 202              $mybb->user['lastvisit'] = $mybb->user['lastactive'];
 203              require_once  MYBB_ROOT."inc/functions_user.php";
 204              update_pm_count('', 2);
 205          }
 206          else
 207          {
 208              $timespent = TIME_NOW - $mybb->user['lastactive'];
 209              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastactive='$time', timeonline=timeonline+$timespent{$lastip_add} WHERE uid='{$mybb->user['uid']}'");
 210          }
 211  
 212          // Sort out the language and forum preferences.
 213          if($mybb->user['language'] && $lang->language_exists($mybb->user['language']))
 214          {
 215              $mybb->settings['bblanguage'] = $mybb->user['language'];
 216          }
 217          if($mybb->user['dateformat'] != 0 && $mybb->user['dateformat'] != '')
 218          {
 219              global $date_formats;
 220              if(!empty($date_formats[$mybb->user['dateformat']]))
 221              {
 222                  $mybb->settings['dateformat'] = $date_formats[$mybb->user['dateformat']];
 223              }
 224          }
 225  
 226          // Choose time format.
 227          if($mybb->user['timeformat'] != 0 && $mybb->user['timeformat'] != '')
 228          {
 229              global $time_formats;
 230              if(!empty($time_formats[$mybb->user['timeformat']]))
 231              {
 232                  $mybb->settings['timeformat'] = $time_formats[$mybb->user['timeformat']];
 233              }
 234          }
 235  
 236          // Find out the threads per page preference.
 237          if($mybb->user['tpp'])
 238          {
 239              $mybb->settings['threadsperpage'] = $mybb->user['tpp'];
 240          }
 241  
 242          // Find out the posts per page preference.
 243          if($mybb->user['ppp'])
 244          {
 245              $mybb->settings['postsperpage'] = $mybb->user['ppp'];
 246          }
 247  
 248          // Does this user prefer posts in classic mode?
 249          if($mybb->user['classicpostbit'])
 250          {
 251              $mybb->settings['postlayout'] = 'classic';
 252          }
 253          else
 254          {
 255              $mybb->settings['postlayout'] = 'horizontal';
 256          }
 257  
 258          $usergroups = $cache->read('usergroups');
 259  
 260          if(!empty($usergroups[$mybb->user['usergroup']]) && $usergroups[$mybb->user['usergroup']]['isbannedgroup'] == 1)
 261          {
 262              $ban = $db->fetch_array(
 263                  $db->simple_select('banned', '*', 'uid='.(int)$mybb->user['uid'], array('limit' => 1))
 264              );
 265  
 266              if($ban)
 267              {
 268                  $mybb->user['banned'] = 1;
 269                  $mybb->user['bandate'] = $ban['dateline'];
 270                  $mybb->user['banlifted'] = $ban['lifted'];
 271                  $mybb->user['banoldgroup'] = $ban['oldgroup'];
 272                  $mybb->user['banolddisplaygroup'] = $ban['olddisplaygroup'];
 273                  $mybb->user['banoldadditionalgroups'] = $ban['oldadditionalgroups'];
 274                  $mybb->user['banreason'] = $ban['reason'];
 275              }
 276              else
 277              {
 278                  $mybb->user['banned'] = 0;
 279              }
 280          }
 281  
 282          // Check if this user is currently banned and if we have to lift it.
 283          if(!empty($mybb->user['bandate']) && (isset($mybb->user['banlifted']) && !empty($mybb->user['banlifted'])) && $mybb->user['banlifted'] < $time)  // hmmm...bad user... how did you get banned =/
 284          {
 285              // must have been good.. bans up :D
 286              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET usergroup='".(int)$mybb->user['banoldgroup']."', additionalgroups='".$db->escape_string($mybb->user['banoldadditionalgroups'])."', displaygroup='".(int)$mybb->user['banolddisplaygroup']."' WHERE uid='".$mybb->user['uid']."'");
 287              $db->shutdown_query("DELETE FROM ".TABLE_PREFIX."banned WHERE uid='".$mybb->user['uid']."'");
 288              // we better do this..otherwise they have dodgy permissions
 289              $mybb->user['usergroup'] = $mybb->user['banoldgroup'];
 290              $mybb->user['displaygroup'] = $mybb->user['banolddisplaygroup'];
 291              $mybb->user['additionalgroups'] = $mybb->user['banoldadditionalgroups'];
 292  
 293              $mybbgroups = $mybb->user['usergroup'];
 294              if($mybb->user['additionalgroups'])
 295              {
 296                  $mybbgroups .= ','.$mybb->user['additionalgroups'];
 297              }
 298          }
 299          else if(!empty($mybb->user['bandate']) && (empty($mybb->user['banlifted'])  || !empty($mybb->user['banlifted']) && $mybb->user['banlifted'] > $time))
 300          {
 301              $mybbgroups = $mybb->user['usergroup'];
 302          }
 303          else
 304          {
 305              // Gather a full permission set for this user and the groups they are in.
 306              $mybbgroups = $mybb->user['usergroup'];
 307              if($mybb->user['additionalgroups'])
 308              {
 309                  $mybbgroups .= ','.$mybb->user['additionalgroups'];
 310              }
 311          }
 312  
 313          $mybb->usergroup = usergroup_permissions($mybbgroups);
 314          if(!$mybb->user['displaygroup'])
 315          {
 316              $mybb->user['displaygroup'] = $mybb->user['usergroup'];
 317          }
 318  
 319          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 320          if(is_array($mydisplaygroup))
 321          {
 322              $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 323          }
 324  
 325          if(!$mybb->user['usertitle'])
 326          {
 327              $mybb->user['usertitle'] = $mybb->usergroup['usertitle'];
 328          }
 329  
 330          // Update or create the session.
 331          if(!defined("NO_ONLINE") && !defined('IN_UPGRADE'))
 332          {
 333              if(!empty($this->sid))
 334              {
 335                  $this->update_session($this->sid, $mybb->user['uid']);
 336              }
 337              else
 338              {
 339                  $this->create_session($mybb->user['uid']);
 340              }
 341          }
 342          return true;
 343      }
 344  
 345      /**
 346       * Load a guest user.
 347       *
 348       */
 349  	function load_guest()
 350      {
 351          global $mybb, $time, $db, $lang;
 352  
 353          // Set up some defaults
 354          $time = TIME_NOW;
 355          $mybb->user['usergroup'] = 1;
 356          $mybb->user['additionalgroups'] = '';
 357          $mybb->user['username'] = '';
 358          $mybb->user['uid'] = 0;
 359          $mybbgroups = 1;
 360          $mybb->user['displaygroup'] = 1;
 361          $mybb->user['invisible'] = 0;
 362          $mybb->user['moderateposts'] = 0;
 363          $mybb->user['showquickreply'] = 1;
 364          $mybb->user['signature'] = '';
 365          $mybb->user['sourceeditor'] = 0;
 366          $mybb->user['subscriptionmethod'] = 0;
 367          $mybb->user['suspendposting'] = 0;
 368  
 369          // Has this user visited before? Lastvisit need updating?
 370          if(isset($mybb->cookies['mybb']['lastvisit']))
 371          {
 372              if(!isset($mybb->cookies['mybb']['lastactive']))
 373              {
 374                  $mybb->user['lastactive'] = $time;
 375                  $mybb->cookies['mybb']['lastactive'] = $mybb->user['lastactive'];
 376              }
 377              else
 378              {
 379                  $mybb->user['lastactive'] = (int)$mybb->cookies['mybb']['lastactive'];
 380              }
 381              if($time - (int)$mybb->cookies['mybb']['lastactive'] > 900)
 382              {
 383                  my_setcookie("mybb[lastvisit]", $mybb->user['lastactive']);
 384                  $mybb->user['lastvisit'] = $mybb->user['lastactive'];
 385              }
 386              else
 387              {
 388                  $mybb->user['lastvisit'] = (int)$mybb->cookies['mybb']['lastactive'];
 389              }
 390          }
 391  
 392          // No last visit cookie, create one.
 393          else
 394          {
 395              my_setcookie("mybb[lastvisit]", $time);
 396              $mybb->user['lastvisit'] = $time;
 397          }
 398  
 399          // Update last active cookie.
 400          my_setcookie("mybb[lastactive]", $time);
 401  
 402          // Gather a full permission set for this guest
 403          $mybb->usergroup = usergroup_permissions($mybbgroups);
 404          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 405          if(is_array($mydisplaygroup))
 406          {
 407              $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 408          }
 409  
 410          // Update the online data.
 411          if(!defined("NO_ONLINE") && !defined('IN_UPGRADE'))
 412          {
 413              if(!empty($this->sid))
 414              {
 415                  $this->update_session($this->sid);
 416              }
 417              else
 418              {
 419                  $this->create_session();
 420              }
 421          }
 422      }
 423  
 424      /**
 425       * Load a search engine spider.
 426       *
 427       * @param int $spider_id The ID of the search engine spider
 428       */
 429  	function load_spider($spider_id)
 430      {
 431          global $mybb, $time, $db, $lang;
 432  
 433          // Fetch the spider preferences from the database
 434          $query = $db->simple_select("spiders", "*", "sid='{$spider_id}'");
 435          $spider = $db->fetch_array($query);
 436  
 437          // Set up some defaults
 438          $time = TIME_NOW;
 439          $this->is_spider = true;
 440          if($spider['usergroup'])
 441          {
 442              $mybb->user['usergroup'] = $spider['usergroup'];
 443          }
 444          else
 445          {
 446              $mybb->user['usergroup'] = 1;
 447          }
 448          $mybb->user['username'] = '';
 449          $mybb->user['uid'] = 0;
 450          $mybb->user['displaygroup'] = $mybb->user['usergroup'];
 451          $mybb->user['additionalgroups'] = '';
 452          $mybb->user['invisible'] = 0;
 453  
 454          // Set spider language
 455          if($spider['language'] && $lang->language_exists($spider['language']))
 456          {
 457              $mybb->settings['bblanguage'] = $spider['language'];
 458          }
 459  
 460          // Set spider theme
 461          if($spider['theme'])
 462          {
 463              $mybb->user['style'] = $spider['theme'];
 464          }
 465  
 466          // Gather a full permission set for this spider.
 467          $mybb->usergroup = usergroup_permissions($mybb->user['usergroup']);
 468          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 469          if(is_array($mydisplaygroup))
 470          {
 471              $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 472          }
 473  
 474          // Update spider last minute (only do so on two minute intervals - decrease load for quick spiders)
 475          if($spider['lastvisit'] < TIME_NOW-120)
 476          {
 477              $updated_spider = array(
 478                  "lastvisit" => TIME_NOW
 479              );
 480              $db->update_query("spiders", $updated_spider, "sid='{$spider_id}'");
 481          }
 482  
 483          // Update the online data.
 484          if(!defined("NO_ONLINE") && !defined('IN_UPGRADE'))
 485          {
 486              $this->sid = "bot=".$spider_id;
 487              $this->create_session();
 488          }
 489  
 490      }
 491  
 492      /**
 493       * Update a user session.
 494       *
 495       * @param int $sid The session id.
 496       * @param int $uid The user id.
 497       */
 498  	function update_session($sid, $uid=0)
 499      {
 500          global $db;
 501  
 502          // Find out what the special locations are.
 503          $speciallocs = $this->get_special_locations();
 504          if($uid)
 505          {
 506              $onlinedata['uid'] = $uid;
 507          }
 508          else
 509          {
 510              $onlinedata['uid'] = 0;
 511          }
 512          $onlinedata['time'] = TIME_NOW;
 513  
 514          $onlinedata['location'] = $db->escape_string(substr(get_current_location(false, $this->ignore_parameters), 0, 150));
 515          $onlinedata['useragent'] = $db->escape_string(my_substr($this->useragent, 0, 200));
 516  
 517          $onlinedata['location1'] = (int)$speciallocs['1'];
 518          $onlinedata['location2'] = (int)$speciallocs['2'];
 519          $onlinedata['nopermission'] = 0;
 520          $sid = $db->escape_string($sid);
 521  
 522          $db->update_query("sessions", $onlinedata, "sid='{$sid}'");
 523      }
 524  
 525      /**
 526       * Create a new session.
 527       *
 528       * @param int $uid The user id to bind the session to.
 529       */
 530  	function create_session($uid=0)
 531      {
 532          global $db;
 533          $speciallocs = $this->get_special_locations();
 534  
 535          // If there is a proper uid, delete by uid.
 536          if($uid > 0)
 537          {
 538              $db->delete_query("sessions", "uid='{$uid}'");
 539              $onlinedata['uid'] = $uid;
 540          }
 541          else
 542          {
 543              // Is a spider - delete all other spider references
 544              if($this->is_spider == true)
 545              {
 546                  $db->delete_query("sessions", "sid='{$this->sid}'");
 547              }
 548  
 549              $onlinedata['uid'] = 0;
 550          }
 551  
 552          // If the user is a search enginge spider, ...
 553          if($this->is_spider == true)
 554          {
 555              $onlinedata['sid'] = $this->sid;
 556          }
 557          else
 558          {
 559              $onlinedata['sid'] = md5(random_str(50));
 560          }
 561          $onlinedata['time'] = TIME_NOW;
 562          $onlinedata['ip'] = $db->escape_binary($this->packedip);
 563  
 564          $onlinedata['location'] = $db->escape_string(substr(get_current_location(false, $this->ignore_parameters), 0, 150));
 565          $onlinedata['useragent'] = $db->escape_string(my_substr($this->useragent, 0, 200));
 566  
 567          $onlinedata['location1'] = (int)$speciallocs['1'];
 568          $onlinedata['location2'] = (int)$speciallocs['2'];
 569          $onlinedata['nopermission'] = 0;
 570          $db->replace_query("sessions", $onlinedata, "sid", false);
 571          $this->sid = $onlinedata['sid'];
 572          $this->uid = $onlinedata['uid'];
 573      }
 574  
 575      /**
 576       * Find out the special locations.
 577       *
 578       * @return array Special locations array.
 579       */
 580  	function get_special_locations()
 581      {
 582          global $mybb, $db;
 583          $array = array('1' => '', '2' => '');
 584          if(preg_match("#forumdisplay.php#", $_SERVER['PHP_SELF']) && $mybb->get_input('fid', MyBB::INPUT_INT) > 0 && $mybb->get_input('fid', MyBB::INPUT_INT) < 4294967296)
 585          {
 586              $array[1] = $mybb->get_input('fid', MyBB::INPUT_INT);
 587          }
 588          elseif(preg_match("#showthread.php#", $_SERVER['PHP_SELF']))
 589          {
 590              if($mybb->get_input('tid', MyBB::INPUT_INT) > 0 && $mybb->get_input('tid', MyBB::INPUT_INT) < 4294967296)
 591              {
 592                  $array[2] = $mybb->get_input('tid', MyBB::INPUT_INT);
 593              }
 594  
 595              // If there is no tid but a pid, trick the system into thinking there was a tid anyway.
 596              elseif(isset($mybb->input['pid']) && !empty($mybb->input['pid']))
 597              {
 598                  $options = array(
 599                      "limit" => 1
 600                  );
 601                  $query = $db->simple_select("posts", "tid", "pid=".$mybb->get_input('pid', MyBB::INPUT_INT), $options);
 602                  $post = $db->fetch_array($query);
 603                  if($post)
 604                  {
 605                      $array[2] = $post['tid'];
 606                  }
 607              }
 608  
 609              $thread = get_thread($array[2]);
 610              if($thread)
 611              {
 612                  $array[1] = $thread['fid'];
 613              }
 614          }
 615          return $array;
 616      }
 617  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref