| [ Index ] |
PHP Cross Reference of MyBB 1.6.0 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id: class_session.php 5016 2010-06-12 00:24:02Z RyanGordon $ 10 */ 11 12 class session 13 { 14 public $sid = 0; 15 public $uid = 0; 16 public $ipaddress = ''; 17 public $useragent = ''; 18 public $is_spider = false; 19 public $logins = 1; 20 public $failedlogin = 0; 21 22 /** 23 * Initialize a session 24 */ 25 function init() 26 { 27 global $db, $mybb, $cache; 28 29 // Get our visitor's IP. 30 $this->ipaddress = get_ip(); 31 32 // Find out the user agent. 33 $this->useragent = $_SERVER['HTTP_USER_AGENT']; 34 if(my_strlen($this->useragent) > 100) 35 { 36 $this->useragent = my_substr($this->useragent, 0, 100); 37 } 38 39 // Attempt to find a session id in the cookies. 40 if(isset($mybb->cookies['sid'])) 41 { 42 $this->sid = $db->escape_string($mybb->cookies['sid']); 43 // Load the session 44 $query = $db->simple_select("sessions", "*", "sid='{$this->sid}' AND ip='".$db->escape_string($this->ipaddress)."'", array('limit' => 1)); 45 $session = $db->fetch_array($query); 46 if($session['sid']) 47 { 48 $this->sid = $session['sid']; 49 $this->uid = $session['uid']; 50 } 51 else 52 { 53 $this->sid = 0; 54 $this->uid = 0; 55 $this->logins = 1; 56 $this->failedlogin = 0; 57 } 58 } 59 60 // Still no session, fall back 61 if(!$this->sid) 62 { 63 $this->sid = 0; 64 $this->uid = 0; 65 $this->logins = 1; 66 $this->failedlogin = 0; 67 } 68 69 // If we have a valid session id and user id, load that users session. 70 if($mybb->cookies['mybbuser']) 71 { 72 $logon = explode("_", $mybb->cookies['mybbuser'], 2); 73 $this->load_user($logon[0], $logon[1]); 74 } 75 76 // If no user still, then we have a guest. 77 if(!isset($mybb->user['uid'])) 78 { 79 // Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set) 80 if(!$this->sid) 81 { 82 $spiders = $cache->read("spiders"); 83 if(is_array($spiders)) 84 { 85 foreach($spiders as $spider) 86 { 87 if(my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false) 88 { 89 $this->load_spider($spider['sid']); 90 } 91 } 92 } 93 } 94 95 // Still nothing? JUST A GUEST! 96 if(!$this->is_spider) 97 { 98 $this->load_guest(); 99 } 100 } 101 102 103 // As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie 104 if($this->sid && ($mybb->cookies['sid'] != $this->sid) && $this->is_spider != true) 105 { 106 my_setcookie("sid", $this->sid, -1, true); 107 } 108 } 109 110 /** 111 * Load a user via the user credentials. 112 * 113 * @param int The user id. 114 * @param string The user's password. 115 */ 116 function load_user($uid, $password='') 117 { 118 global $mybb, $db, $time, $lang, $mybbgroups, $session, $cache; 119 120 // Read the banned cache 121 $bannedcache = $cache->read("banned"); 122 123 // If the banned cache doesn't exist, update it and re-read it 124 if(!is_array($bannedcache)) 125 { 126 $cache->update_banned(); 127 $bannedcache = $cache->read("banned"); 128 } 129 130 $uid = intval($uid); 131 $query = $db->query(" 132 SELECT u.*, f.* 133 FROM ".TABLE_PREFIX."users u 134 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 135 WHERE u.uid='$uid' 136 LIMIT 1 137 "); 138 $mybb->user = $db->fetch_array($query); 139 140 $this->logins = $mybb->user['loginattempts']; 141 $this->failedlogin = $mybb->user['failedlogin']; 142 143 if($bannedcache[$uid]) 144 { 145 $banned_user = $bannedcache[$uid]; 146 $mybb->user['bandate'] = $banned_user['dateline']; 147 $mybb->user['banlifted'] = $banned_user['lifted']; 148 $mybb->user['banoldgroup'] = $banned_user['oldgroup']; 149 $mybb->user['banolddisplaygroup'] = $banned_user['olddisplaygroup']; 150 $mybb->user['banoldadditionalgroups'] = $banned_user['oldadditionalgroups']; 151 } 152 153 // Check the password if we're not using a session 154 if($password != $mybb->user['loginkey'] || !$mybb->user['uid']) 155 { 156 unset($mybb->user); 157 $this->uid = 0; 158 return false; 159 } 160 $this->uid = $mybb->user['uid']; 161 162 // Set the logout key for this user 163 $mybb->user['logoutkey'] = md5($mybb->user['loginkey']); 164 165 // Sort out the private message count for this user. 166 if(($mybb->user['totalpms'] == -1 || $mybb->user['unreadpms'] == -1) && $mybb->settings['enablepms'] != 0) // Forced recount 167 { 168 $update = 0; 169 if($mybb->user['totalpms'] == -1) 170 { 171 $update += 1; 172 } 173 if($mybb->user['unreadpms'] == -1) 174 { 175 $update += 2; 176 } 177 178 require_once MYBB_ROOT."inc/functions_user.php"; 179 $pmcount = update_pm_count('', $update); 180 if(is_array($pmcount)) 181 { 182 $mybb->user = array_merge($mybb->user, $pmcount); 183 } 184 } 185 $mybb->user['pms_total'] = $mybb->user['totalpms']; 186 $mybb->user['pms_unread'] = $mybb->user['unreadpms']; 187 188 if($mybb->user['lastip'] != $this->ipaddress && array_key_exists('lastip', $mybb->user)) 189 { 190 $lastip_add .= ", lastip='".$db->escape_string($this->ipaddress)."', longlastip='".intval(my_ip2long($this->ipaddress))."'"; 191 } 192 193 // If the last visit was over 900 seconds (session time out) ago then update lastvisit. 194 $time = TIME_NOW; 195 if($time - $mybb->user['lastactive'] > 900) 196 { 197 $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$mybb->user['lastactive']}', lastactive='$time' {$lastip_add} WHERE uid='{$mybb->user['uid']}'"); 198 $mybb->user['lastvisit'] = $mybb->user['lastactive']; 199 require_once MYBB_ROOT."inc/functions_user.php"; 200 update_pm_count('', 2); 201 } 202 else 203 { 204 $timespent = TIME_NOW - $mybb->user['lastactive']; 205 $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastactive='$time', timeonline=timeonline+$timespent {$lastip_add} WHERE uid='{$mybb->user['uid']}'"); 206 } 207 208 // Sort out the language and forum preferences. 209 if($mybb->user['language'] && $lang->language_exists($mybb->user['language'])) 210 { 211 $mybb->settings['bblanguage'] = $mybb->user['language']; 212 } 213 if($mybb->user['dateformat'] != 0 && $mybb->user['dateformat'] != '') 214 { 215 global $date_formats; 216 if($date_formats[$mybb->user['dateformat']]) 217 { 218 $mybb->settings['dateformat'] = $date_formats[$mybb->user['dateformat']]; 219 } 220 } 221 222 // Choose time format. 223 if($mybb->user['timeformat'] != 0 && $mybb->user['timeformat'] != '') 224 { 225 global $time_formats; 226 if($time_formats[$mybb->user['timeformat']]) 227 { 228 $mybb->settings['timeformat'] = $time_formats[$mybb->user['timeformat']]; 229 } 230 } 231 232 // Find out the threads per page preference. 233 if($mybb->user['tpp']) 234 { 235 $mybb->settings['threadsperpage'] = $mybb->user['tpp']; 236 } 237 238 // Find out the posts per page preference. 239 if($mybb->user['ppp']) 240 { 241 $mybb->settings['postsperpage'] = $mybb->user['ppp']; 242 } 243 244 // Does this user prefer posts in classic mode? 245 if($mybb->user['classicpostbit']) 246 { 247 $mybb->settings['postlayout'] = 'classic'; 248 } 249 else 250 { 251 $mybb->settings['postlayout'] = 'horizontal'; 252 } 253 254 // Check if this user is currently banned and if we have to lift it. 255 if(!empty($mybb->user['bandate']) && (isset($mybb->user['banlifted']) && !empty($mybb->user['banlifted'])) && $mybb->user['banlifted'] < $time) // hmmm...bad user... how did you get banned =/ 256 { 257 // must have been good.. bans up :D 258 $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET usergroup='".intval($mybb->user['banoldgroup'])."', additionalgroups='".$mybb->user['oldadditionalgroups']."', displaygroup='".intval($mybb->user['olddisplaygroup'])."' WHERE uid='".$mybb->user['uid']."' LIMIT 1"); 259 $db->shutdown_query("DELETE FROM ".TABLE_PREFIX."banned WHERE uid='".$mybb->user['uid']."'"); 260 // we better do this..otherwise they have dodgy permissions 261 $mybb->user['usergroup'] = $mybb->user['banoldgroup']; 262 $mybb->user['displaygroup'] = $mybb->user['banolddisplaygroup']; 263 $mybb->user['additionalgroups'] = $mybb->user['banoldadditionalgroups']; 264 $cache->update_banned(); 265 266 $mybbgroups = $mybb->user['usergroup']; 267 if($mybb->user['additionalgroups']) 268 { 269 $mybbgroups .= ','.$mybb->user['additionalgroups']; 270 } 271 } 272 else if(!empty($mybb->user['bandate']) && (empty($mybb->user['banlifted']) || !empty($mybb->user['banlifted']) && $mybb->user['banlifted'] > $time)) 273 { 274 $mybbgroups = $mybb->user['usergroup']; 275 } 276 else 277 { 278 // Gather a full permission set for this user and the groups they are in. 279 $mybbgroups = $mybb->user['usergroup']; 280 if($mybb->user['additionalgroups']) 281 { 282 $mybbgroups .= ','.$mybb->user['additionalgroups']; 283 } 284 } 285 286 $mybb->usergroup = usergroup_permissions($mybbgroups); 287 if(!$mybb->user['displaygroup']) 288 { 289 $mybb->user['displaygroup'] = $mybb->user['usergroup']; 290 } 291 292 $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']); 293 if(is_array($mydisplaygroup)) 294 { 295 $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup); 296 } 297 298 if(!$mybb->user['usertitle']) 299 { 300 $mybb->user['usertitle'] = $mybb->usergroup['usertitle']; 301 } 302 303 // Update or create the session. 304 if(!defined("NO_ONLINE")) 305 { 306 if(!empty($this->sid)) 307 { 308 $this->update_session($this->sid, $mybb->user['uid']); 309 } 310 else 311 { 312 $this->create_session($mybb->user['uid']); 313 } 314 } 315 return true; 316 } 317 318 /** 319 * Load a guest user. 320 * 321 */ 322 function load_guest() 323 { 324 global $mybb, $time, $db, $lang; 325 326 // Set up some defaults 327 $time = TIME_NOW; 328 $mybb->user['usergroup'] = 1; 329 $mybb->user['username'] = ''; 330 $mybb->user['uid'] = 0; 331 $mybbgroups = 1; 332 $mybb->user['displaygroup'] = 1; 333 334 // Has this user visited before? Lastvisit need updating? 335 if(isset($mybb->cookies['mybb']['lastvisit'])) 336 { 337 if(!isset($mybb->cookies['mybb']['lastactive'])) 338 { 339 $mybb->user['lastactive'] = $time; 340 $mybb->cookies['mybb']['lastactive'] = $mybb->user['lastactive']; 341 } 342 else 343 { 344 $mybb->user['lastactive'] = intval($mybb->cookies['mybb']['lastactive']); 345 } 346 if($time - $mybb->cookies['mybb']['lastactive'] > 900) 347 { 348 my_setcookie("mybb[lastvisit]", $mybb->user['lastactive']); 349 $mybb->user['lastvisit'] = $mybb->user['lastactive']; 350 } 351 else 352 { 353 $mybb->user['lastvisit'] = intval($mybb->cookies['mybb']['lastactive']); 354 } 355 } 356 357 // No last visit cookie, create one. 358 else 359 { 360 my_setcookie("mybb[lastvisit]", $time); 361 $mybb->user['lastvisit'] = $time; 362 } 363 364 // Update last active cookie. 365 my_setcookie("mybb[lastactive]", $time); 366 367 // Gather a full permission set for this guest 368 $mybb->usergroup = usergroup_permissions($mybbgroups); 369 $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']); 370 371 $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup); 372 373 // Update the online data. 374 if(!defined("NO_ONLINE")) 375 { 376 if(!empty($this->sid)) 377 { 378 $this->update_session($this->sid); 379 } 380 else 381 { 382 $this->create_session(); 383 } 384 } 385 } 386 387 /** 388 * Load a search engine spider. 389 * 390 * @param int The ID of the search engine spider 391 */ 392 function load_spider($spider_id) 393 { 394 global $mybb, $time, $db, $lang; 395 396 // Fetch the spider preferences from the database 397 $query = $db->simple_select("spiders", "*", "sid='{$spider_id}'", array('limit' => 1)); 398 $spider = $db->fetch_array($query); 399 400 // Set up some defaults 401 $time = TIME_NOW; 402 $this->is_spider = true; 403 if($spider['usergroup']) 404 { 405 $mybb->user['usergroup'] = $spider['usergroup']; 406 } 407 else 408 { 409 $mybb->user['usergroup'] = 1; 410 } 411 $mybb->user['username'] = ''; 412 $mybb->user['uid'] = 0; 413 $mybb->user['displaygroup'] = $mybb->user['usergroup']; 414 415 // Set spider language 416 if($spider['language'] && $lang->language_exists($spider['language'])) 417 { 418 $mybb->settings['bblanguage'] = $spider['language']; 419 } 420 421 // Set spider theme 422 if($spider['theme']) 423 { 424 $mybb->user['style'] = $spider['theme']; 425 } 426 427 // Gather a full permission set for this spider. 428 $mybb->usergroup = usergroup_permissions($mybb->user['usergroup']); 429 $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']); 430 $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup); 431 432 // Update spider last minute (only do so on two minute intervals - decrease load for quick spiders) 433 if($spider['lastvisit'] < TIME_NOW-120) 434 { 435 $updated_spider = array( 436 "lastvisit" => TIME_NOW 437 ); 438 $db->update_query("spiders", $updated_spider, "sid='{$spider_id}'", 1); 439 } 440 441 // Update the online data. 442 if(!defined("NO_ONLINE")) 443 { 444 $this->sid = "bot=".$spider_id; 445 $this->create_session(); 446 } 447 448 } 449 450 /** 451 * Update a user session. 452 * 453 * @param int The session id. 454 * @param int The user id. 455 */ 456 function update_session($sid, $uid='') 457 { 458 global $db; 459 460 // Find out what the special locations are. 461 $speciallocs = $this->get_special_locations(); 462 if($uid) 463 { 464 $onlinedata['uid'] = $uid; 465 } 466 else 467 { 468 $onlinedata['uid'] = 0; 469 } 470 $onlinedata['time'] = TIME_NOW; 471 $onlinedata['location'] = $db->escape_string(get_current_location()); 472 $onlinedata['useragent'] = $db->escape_string($this->useragent); 473 $onlinedata['location1'] = intval($speciallocs['1']); 474 $onlinedata['location2'] = intval($speciallocs['2']); 475 $onlinedata['nopermission'] = 0; 476 $sid = $db->escape_string($sid); 477 478 $db->update_query("sessions", $onlinedata, "sid='{$sid}'", 1); 479 } 480 481 /** 482 * Create a new session. 483 * 484 * @param int The user id to bind the session to. 485 */ 486 function create_session($uid=0) 487 { 488 global $db; 489 $speciallocs = $this->get_special_locations(); 490 491 // If there is a proper uid, delete by uid. 492 if($uid > 0) 493 { 494 $db->delete_query("sessions", "uid='{$uid}'"); 495 $onlinedata['uid'] = $uid; 496 } 497 // Is a spider - delete all other spider references 498 else if($this->is_spider == true) 499 { 500 $db->delete_query("sessions", "sid='{$this->sid}'"); 501 } 502 // Else delete by ip. 503 else 504 { 505 $db->delete_query("sessions", "ip='".$db->escape_string($this->ipaddress)."'"); 506 $onlinedata['uid'] = 0; 507 } 508 509 // If the user is a search enginge spider, ... 510 if($this->is_spider == true) 511 { 512 $onlinedata['sid'] = $this->sid; 513 } 514 else 515 { 516 $onlinedata['sid'] = md5(uniqid(microtime(true))); 517 } 518 $onlinedata['time'] = TIME_NOW; 519 $onlinedata['ip'] = $db->escape_string($this->ipaddress); 520 $onlinedata['location'] = $db->escape_string(get_current_location()); 521 $onlinedata['useragent'] = $db->escape_string($this->useragent); 522 $onlinedata['location1'] = intval($speciallocs['1']); 523 $onlinedata['location2'] = intval($speciallocs['2']); 524 $onlinedata['nopermission'] = 0; 525 $db->replace_query("sessions", $onlinedata, "sid", false); 526 $this->sid = $onlinedata['sid']; 527 $this->uid = $onlinedata['uid']; 528 } 529 530 /** 531 * Find out the special locations. 532 * 533 * @return array Special locations array. 534 */ 535 function get_special_locations() 536 { 537 global $mybb; 538 $array = array('1' => '', '2' => ''); 539 if(preg_match("#forumdisplay.php#", $_SERVER['PHP_SELF']) && intval($mybb->input['fid']) > 0) 540 { 541 $array[1] = intval($mybb->input['fid']); 542 $array[2] = ''; 543 } 544 elseif(preg_match("#showthread.php#", $_SERVER['PHP_SELF']) && intval($mybb->input['tid']) > 0) 545 { 546 global $db; 547 $array[2] = intval($mybb->input['tid']); 548 $thread = get_thread(intval($array[2])); 549 $array[1] = $thread['fid']; 550 } 551 return $array; 552 } 553 } 554 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Aug 3 20:35:36 2010 | Cross-referenced by PHPXref 0.7 |