[ Index ]

PHP Cross Reference of MyBB 1.8.21

title

Body

[close]

/inc/ -> class_session.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  class session
  12  {
  13      /**
  14       * @var int
  15       */
  16      public $sid = 0;
  17      /**
  18       * @var int
  19       */
  20      public $uid = 0;
  21      /**
  22       * @var string
  23       */
  24      public $ipaddress = '';
  25      /**
  26       * @var string
  27       */
  28      public $packedip = '';
  29      /**
  30       * @var string
  31       */
  32      public $useragent = '';
  33      /**
  34       * @var bool
  35       */
  36      public $is_spider = false;
  37  
  38      /**
  39       * Initialize a session
  40       */
  41  	function init()
  42      {
  43          global $db, $mybb, $cache;
  44  
  45          // Get our visitor's IP.
  46          $this->ipaddress = get_ip();
  47          $this->packedip = my_inet_pton($this->ipaddress);
  48  
  49          // Find out the user agent.
  50          $this->useragent = $_SERVER['HTTP_USER_AGENT'];
  51  
  52          // Attempt to find a session id in the cookies.
  53          if(isset($mybb->cookies['sid']) && !defined('IN_UPGRADE'))
  54          {
  55              $sid = $db->escape_string($mybb->cookies['sid']);
  56              // Load the session
  57              $query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip=".$db->escape_binary($this->packedip));
  58              $session = $db->fetch_array($query);
  59              if($session['sid'])
  60              {
  61                  $this->sid = $session['sid'];
  62              }
  63          }
  64  
  65          // If we have a valid session id and user id, load that users session.
  66          if(!empty($mybb->cookies['mybbuser']))
  67          {
  68              $logon = explode("_", $mybb->cookies['mybbuser'], 2);
  69              $this->load_user($logon[0], $logon[1]);
  70          }
  71  
  72          // If no user still, then we have a guest.
  73          if(!isset($mybb->user['uid']))
  74          {
  75              // Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set)
  76              if(!$this->sid)
  77              {
  78                  $spiders = $cache->read("spiders");
  79                  if(is_array($spiders))
  80                  {
  81                      foreach($spiders as $spider)
  82                      {
  83                          if(my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false)
  84                          {
  85                              $this->load_spider($spider['sid']);
  86                          }
  87                      }
  88                  }
  89              }
  90  
  91              // Still nothing? JUST A GUEST!
  92              if(!$this->is_spider)
  93              {
  94                  $this->load_guest();
  95              }
  96          }
  97  
  98          // As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie
  99          if($this->sid && (!isset($mybb->cookies['sid']) || $mybb->cookies['sid'] != $this->sid) && $this->is_spider != true)
 100          {
 101              my_setcookie("sid", $this->sid, -1, true);
 102          }
 103      }
 104  
 105      /**
 106       * Load a user via the user credentials.
 107       *
 108       * @param int $uid The user id.
 109       * @param string $loginkey The user's loginkey.
 110       * @return bool
 111       */
 112  	function load_user($uid, $loginkey='')
 113      {
 114          global $mybb, $db, $time, $lang, $mybbgroups, $cache;
 115  
 116          // Read the banned cache
 117          $bannedcache = $cache->read("banned");
 118  
 119          // If the banned cache doesn't exist, update it and re-read it
 120          if(!is_array($bannedcache))
 121          {
 122              $cache->update_banned();
 123              $bannedcache = $cache->read("banned");
 124          }
 125  
 126          $uid = (int)$uid;
 127          $query = $db->query("
 128              SELECT u.*, f.*
 129              FROM ".TABLE_PREFIX."users u
 130              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 131              WHERE u.uid='$uid'
 132              LIMIT 1
 133          ");
 134          $mybb->user = $db->fetch_array($query);
 135  
 136          if(!empty($bannedcache[$uid]))
 137          {
 138              $banned_user = $bannedcache[$uid];
 139              $mybb->user['bandate'] = $banned_user['dateline'];
 140              $mybb->user['banlifted'] = $banned_user['lifted'];
 141              $mybb->user['banoldgroup'] = $banned_user['oldgroup'];
 142              $mybb->user['banolddisplaygroup'] = $banned_user['olddisplaygroup'];
 143              $mybb->user['banoldadditionalgroups'] = $banned_user['oldadditionalgroups'];
 144          }
 145  
 146          // Check the password if we're not using a session
 147          if(empty($loginkey) || $loginkey !== $mybb->user['loginkey'] || !$mybb->user['uid'])
 148          {
 149              unset($mybb->user);
 150              $this->uid = 0;
 151              return false;
 152          }
 153          $this->uid = $mybb->user['uid'];
 154  
 155          // Set the logout key for this user
 156          $mybb->user['logoutkey'] = md5($mybb->user['loginkey']);
 157  
 158          // Sort out the private message count for this user.
 159          if(($mybb->user['totalpms'] == -1 || $mybb->user['unreadpms'] == -1) && $mybb->settings['enablepms'] != 0) // Forced recount
 160          {
 161              $update = 0;
 162              if($mybb->user['totalpms'] == -1)
 163              {
 164                  $update += 1;
 165              }
 166              if($mybb->user['unreadpms'] == -1)
 167              {
 168                  $update += 2;
 169              }
 170  
 171              require_once  MYBB_ROOT."inc/functions_user.php";
 172              $pmcount = update_pm_count('', $update);
 173              if(is_array($pmcount))
 174              {
 175                  $mybb->user = array_merge($mybb->user, $pmcount);
 176              }
 177          }
 178          $mybb->user['pms_total'] = $mybb->user['totalpms'];
 179          $mybb->user['pms_unread'] = $mybb->user['unreadpms'];
 180  
 181          if($mybb->user['lastip'] != $this->packedip && array_key_exists('lastip', $mybb->user) && !defined('IN_UPGRADE'))
 182          {
 183              $lastip_add = ", lastip=".$db->escape_binary($this->packedip);
 184          }
 185          else
 186          {
 187              $lastip_add = '';
 188          }
 189  
 190          // If the last visit was over 900 seconds (session time out) ago then update lastvisit.
 191          $time = TIME_NOW;
 192          if($time - $mybb->user['lastactive'] > 900)
 193          {
 194              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$mybb->user['lastactive']}', lastactive='$time'{$lastip_add} WHERE uid='{$mybb->user['uid']}'");
 195              $mybb->user['lastvisit'] = $mybb->user['lastactive'];
 196              require_once  MYBB_ROOT."inc/functions_user.php";
 197              update_pm_count('', 2);
 198          }
 199          else
 200          {
 201              $timespent = TIME_NOW - $mybb->user['lastactive'];
 202              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastactive='$time', timeonline=timeonline+$timespent{$lastip_add} WHERE uid='{$mybb->user['uid']}'");
 203          }
 204  
 205          // Sort out the language and forum preferences.
 206          if($mybb->user['language'] && $lang->language_exists($mybb->user['language']))
 207          {
 208              $mybb->settings['bblanguage'] = $mybb->user['language'];
 209          }
 210          if($mybb->user['dateformat'] != 0 && $mybb->user['dateformat'] != '')
 211          {
 212              global $date_formats;
 213              if($date_formats[$mybb->user['dateformat']])
 214              {
 215                  $mybb->settings['dateformat'] = $date_formats[$mybb->user['dateformat']];
 216              }
 217          }
 218  
 219          // Choose time format.
 220          if($mybb->user['timeformat'] != 0 && $mybb->user['timeformat'] != '')
 221          {
 222              global $time_formats;
 223              if($time_formats[$mybb->user['timeformat']])
 224              {
 225                  $mybb->settings['timeformat'] = $time_formats[$mybb->user['timeformat']];
 226              }
 227          }
 228  
 229          // Find out the threads per page preference.
 230          if($mybb->user['tpp'])
 231          {
 232              $mybb->settings['threadsperpage'] = $mybb->user['tpp'];
 233          }
 234  
 235          // Find out the posts per page preference.
 236          if($mybb->user['ppp'])
 237          {
 238              $mybb->settings['postsperpage'] = $mybb->user['ppp'];
 239          }
 240  
 241          // Does this user prefer posts in classic mode?
 242          if($mybb->user['classicpostbit'])
 243          {
 244              $mybb->settings['postlayout'] = 'classic';
 245          }
 246          else
 247          {
 248              $mybb->settings['postlayout'] = 'horizontal';
 249          }
 250  
 251          // Check if this user is currently banned and if we have to lift it.
 252          if(!empty($mybb->user['bandate']) && (isset($mybb->user['banlifted']) && !empty($mybb->user['banlifted'])) && $mybb->user['banlifted'] < $time)  // hmmm...bad user... how did you get banned =/
 253          {
 254              // must have been good.. bans up :D
 255              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET usergroup='".(int)$mybb->user['banoldgroup']."', additionalgroups='".$mybb->user['banoldadditionalgroups']."', displaygroup='".(int)$mybb->user['banolddisplaygroup']."' WHERE uid='".$mybb->user['uid']."'");
 256              $db->shutdown_query("DELETE FROM ".TABLE_PREFIX."banned WHERE uid='".$mybb->user['uid']."'");
 257              // we better do this..otherwise they have dodgy permissions
 258              $mybb->user['usergroup'] = $mybb->user['banoldgroup'];
 259              $mybb->user['displaygroup'] = $mybb->user['banolddisplaygroup'];
 260              $mybb->user['additionalgroups'] = $mybb->user['banoldadditionalgroups'];
 261              $cache->update_banned();
 262  
 263              $mybbgroups = $mybb->user['usergroup'];
 264              if($mybb->user['additionalgroups'])
 265              {
 266                  $mybbgroups .= ','.$mybb->user['additionalgroups'];
 267              }
 268          }
 269          else if(!empty($mybb->user['bandate']) && (empty($mybb->user['banlifted'])  || !empty($mybb->user['banlifted']) && $mybb->user['banlifted'] > $time))
 270          {
 271              $mybbgroups = $mybb->user['usergroup'];
 272          }
 273          else
 274          {
 275              // Gather a full permission set for this user and the groups they are in.
 276              $mybbgroups = $mybb->user['usergroup'];
 277              if($mybb->user['additionalgroups'])
 278              {
 279                  $mybbgroups .= ','.$mybb->user['additionalgroups'];
 280              }
 281          }
 282  
 283          $mybb->usergroup = usergroup_permissions($mybbgroups);
 284          if(!$mybb->user['displaygroup'])
 285          {
 286              $mybb->user['displaygroup'] = $mybb->user['usergroup'];
 287          }
 288  
 289          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 290          if(is_array($mydisplaygroup))
 291          {
 292              $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 293          }
 294  
 295          if(!$mybb->user['usertitle'])
 296          {
 297              $mybb->user['usertitle'] = $mybb->usergroup['usertitle'];
 298          }
 299  
 300          // Update or create the session.
 301          if(!defined("NO_ONLINE") && !defined('IN_UPGRADE'))
 302          {
 303              if(!empty($this->sid))
 304              {
 305                  $this->update_session($this->sid, $mybb->user['uid']);
 306              }
 307              else
 308              {
 309                  $this->create_session($mybb->user['uid']);
 310              }
 311          }
 312          return true;
 313      }
 314  
 315      /**
 316       * Load a guest user.
 317       *
 318       */
 319  	function load_guest()
 320      {
 321          global $mybb, $time, $db, $lang;
 322  
 323          // Set up some defaults
 324          $time = TIME_NOW;
 325          $mybb->user['usergroup'] = 1;
 326          $mybb->user['username'] = '';
 327          $mybb->user['uid'] = 0;
 328          $mybbgroups = 1;
 329          $mybb->user['displaygroup'] = 1;
 330  
 331          // Has this user visited before? Lastvisit need updating?
 332          if(isset($mybb->cookies['mybb']['lastvisit']))
 333          {
 334              if(!isset($mybb->cookies['mybb']['lastactive']))
 335              {
 336                  $mybb->user['lastactive'] = $time;
 337                  $mybb->cookies['mybb']['lastactive'] = $mybb->user['lastactive'];
 338              }
 339              else
 340              {
 341                  $mybb->user['lastactive'] = (int)$mybb->cookies['mybb']['lastactive'];
 342              }
 343              if($time - $mybb->cookies['mybb']['lastactive'] > 900)
 344              {
 345                  my_setcookie("mybb[lastvisit]", $mybb->user['lastactive']);
 346                  $mybb->user['lastvisit'] = $mybb->user['lastactive'];
 347              }
 348              else
 349              {
 350                  $mybb->user['lastvisit'] = (int)$mybb->cookies['mybb']['lastactive'];
 351              }
 352          }
 353  
 354          // No last visit cookie, create one.
 355          else
 356          {
 357              my_setcookie("mybb[lastvisit]", $time);
 358              $mybb->user['lastvisit'] = $time;
 359          }
 360  
 361          // Update last active cookie.
 362          my_setcookie("mybb[lastactive]", $time);
 363  
 364          // Gather a full permission set for this guest
 365          $mybb->usergroup = usergroup_permissions($mybbgroups);
 366          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 367          if(is_array($mydisplaygroup))
 368          {
 369              $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 370          }
 371  
 372          // Update the online data.
 373          if(!defined("NO_ONLINE") && !defined('IN_UPGRADE'))
 374          {
 375              if(!empty($this->sid))
 376              {
 377                  $this->update_session($this->sid);
 378              }
 379              else
 380              {
 381                  $this->create_session();
 382              }
 383          }
 384      }
 385  
 386      /**
 387       * Load a search engine spider.
 388       *
 389       * @param int $spider_id The ID of the search engine spider
 390       */
 391  	function load_spider($spider_id)
 392      {
 393          global $mybb, $time, $db, $lang;
 394  
 395          // Fetch the spider preferences from the database
 396          $query = $db->simple_select("spiders", "*", "sid='{$spider_id}'");
 397          $spider = $db->fetch_array($query);
 398  
 399          // Set up some defaults
 400          $time = TIME_NOW;
 401          $this->is_spider = true;
 402          if($spider['usergroup'])
 403          {
 404              $mybb->user['usergroup'] = $spider['usergroup'];
 405          }
 406          else
 407          {
 408              $mybb->user['usergroup'] = 1;
 409          }
 410          $mybb->user['username'] = '';
 411          $mybb->user['uid'] = 0;
 412          $mybb->user['displaygroup'] = $mybb->user['usergroup'];
 413  
 414          // Set spider language
 415          if($spider['language'] && $lang->language_exists($spider['language']))
 416          {
 417              $mybb->settings['bblanguage'] = $spider['language'];
 418          }
 419  
 420          // Set spider theme
 421          if($spider['theme'])
 422          {
 423              $mybb->user['style'] = $spider['theme'];
 424          }
 425  
 426          // Gather a full permission set for this spider.
 427          $mybb->usergroup = usergroup_permissions($mybb->user['usergroup']);
 428          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 429          if(is_array($mydisplaygroup))
 430          {
 431              $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 432          }
 433  
 434          // Update spider last minute (only do so on two minute intervals - decrease load for quick spiders)
 435          if($spider['lastvisit'] < TIME_NOW-120)
 436          {
 437              $updated_spider = array(
 438                  "lastvisit" => TIME_NOW
 439              );
 440              $db->update_query("spiders", $updated_spider, "sid='{$spider_id}'");
 441          }
 442  
 443          // Update the online data.
 444          if(!defined("NO_ONLINE") && !defined('IN_UPGRADE'))
 445          {
 446              $this->sid = "bot=".$spider_id;
 447              $this->create_session();
 448          }
 449  
 450      }
 451  
 452      /**
 453       * Update a user session.
 454       *
 455       * @param int $sid The session id.
 456       * @param int $uid The user id.
 457       */
 458  	function update_session($sid, $uid=0)
 459      {
 460          global $db;
 461  
 462          // Find out what the special locations are.
 463          $speciallocs = $this->get_special_locations();
 464          if($uid)
 465          {
 466              $onlinedata['uid'] = $uid;
 467          }
 468          else
 469          {
 470              $onlinedata['uid'] = 0;
 471          }
 472          $onlinedata['time'] = TIME_NOW;
 473          
 474          $onlinedata['location'] = $db->escape_string(substr(get_current_location(), 0, 150));
 475          $onlinedata['useragent'] = $db->escape_string(my_substr($this->useragent, 0, 200));
 476          
 477          $onlinedata['location1'] = (int)$speciallocs['1'];
 478          $onlinedata['location2'] = (int)$speciallocs['2'];
 479          $onlinedata['nopermission'] = 0;
 480          $sid = $db->escape_string($sid);
 481  
 482          $db->update_query("sessions", $onlinedata, "sid='{$sid}'");
 483      }
 484  
 485      /**
 486       * Create a new session.
 487       *
 488       * @param int $uid The user id to bind the session to.
 489       */
 490  	function create_session($uid=0)
 491      {
 492          global $db;
 493          $speciallocs = $this->get_special_locations();
 494  
 495          // If there is a proper uid, delete by uid.
 496          if($uid > 0)
 497          {
 498              $db->delete_query("sessions", "uid='{$uid}'");
 499              $onlinedata['uid'] = $uid;
 500          }
 501          // Is a spider - delete all other spider references
 502          else if($this->is_spider == true)
 503          {
 504              $db->delete_query("sessions", "sid='{$this->sid}'");
 505          }
 506          // Else delete by ip.
 507          else
 508          {
 509              $db->delete_query("sessions", "ip=".$db->escape_binary($this->packedip));
 510              $onlinedata['uid'] = 0;
 511          }
 512  
 513          // If the user is a search enginge spider, ...
 514          if($this->is_spider == true)
 515          {
 516              $onlinedata['sid'] = $this->sid;
 517          }
 518          else
 519          {
 520              $onlinedata['sid'] = md5(random_str(50));
 521          }
 522          $onlinedata['time'] = TIME_NOW;
 523          $onlinedata['ip'] = $db->escape_binary($this->packedip);
 524          
 525          $onlinedata['location'] = $db->escape_string(substr(get_current_location(), 0, 150));
 526          $onlinedata['useragent'] = $db->escape_string(my_substr($this->useragent, 0, 200));
 527          
 528          $onlinedata['location1'] = (int)$speciallocs['1'];
 529          $onlinedata['location2'] = (int)$speciallocs['2'];
 530          $onlinedata['nopermission'] = 0;
 531          $db->replace_query("sessions", $onlinedata, "sid", false);
 532          $this->sid = $onlinedata['sid'];
 533          $this->uid = $onlinedata['uid'];
 534      }
 535  
 536      /**
 537       * Find out the special locations.
 538       *
 539       * @return array Special locations array.
 540       */
 541  	function get_special_locations()
 542      {
 543          global $mybb;
 544          $array = array('1' => '', '2' => '');
 545          if(preg_match("#forumdisplay.php#", $_SERVER['PHP_SELF']) && $mybb->get_input('fid', MyBB::INPUT_INT) > 0 && $mybb->get_input('fid', MyBB::INPUT_INT) < 4294967296)
 546          {
 547              $array[1] = $mybb->get_input('fid', MyBB::INPUT_INT);
 548              $array[2] = '';
 549          }
 550          elseif(preg_match("#showthread.php#", $_SERVER['PHP_SELF']))
 551          {
 552              global $db;
 553  
 554              if($mybb->get_input('tid', MyBB::INPUT_INT) > 0 && $mybb->get_input('tid', MyBB::INPUT_INT) < 4294967296)
 555              {
 556                  $array[2] = $mybb->get_input('tid', MyBB::INPUT_INT);
 557              }
 558  
 559              // If there is no tid but a pid, trick the system into thinking there was a tid anyway.
 560              elseif(isset($mybb->input['pid']) && !empty($mybb->input['pid']))
 561              {
 562                  $options = array(
 563                      "limit" => 1
 564                  );
 565                  $query = $db->simple_select("posts", "tid", "pid=".$mybb->get_input('pid', MyBB::INPUT_INT), $options);
 566                  $post = $db->fetch_array($query);
 567                  $array[2] = $post['tid'];
 568              }
 569  
 570              $thread = get_thread($array[2]);
 571              $array[1] = $thread['fid'];
 572          }
 573          return $array;
 574      }
 575  }


2005 - 2019 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1