[ Index ]

PHP Cross Reference of MyBB

title

Body

[close]

/inc/ -> class_session.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id$
  10   */
  11  
  12  class session
  13  {
  14      public $sid = 0;
  15      public $uid = 0;
  16      public $ipaddress = '';
  17      public $useragent = '';
  18      public $is_spider = false;
  19  
  20      /**
  21       * Initialize a session
  22       */
  23  	function init()
  24      {
  25          global $db, $mybb, $cache;
  26  
  27          // Get our visitor's IP.
  28          $this->ipaddress = get_ip();
  29  
  30          // Find out the user agent.
  31          $this->useragent = $_SERVER['HTTP_USER_AGENT'];
  32  
  33          // Attempt to find a session id in the cookies.
  34          if(isset($mybb->cookies['sid']))
  35          {
  36              $sid = $db->escape_string($mybb->cookies['sid']);
  37              // Load the session
  38              $query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip='".$db->escape_string($this->ipaddress)."'", array('limit' => 1));
  39              $session = $db->fetch_array($query);
  40              if($session['sid'])
  41              {
  42                  $this->sid = $session['sid'];
  43              }
  44          }
  45  
  46          // If we have a valid session id and user id, load that users session.
  47          if(!empty($mybb->cookies['mybbuser']))
  48          {
  49              $logon = explode("_", $mybb->cookies['mybbuser'], 2);
  50              $this->load_user($logon[0], $logon[1]);
  51          }
  52  
  53          // If no user still, then we have a guest.
  54          if(!isset($mybb->user['uid']))
  55          {
  56              // Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set)
  57              if(!$this->sid)
  58              {
  59                  $spiders = $cache->read("spiders");
  60                  if(is_array($spiders))
  61                  {
  62                      foreach($spiders as $spider)
  63                      {
  64                          if(my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false)
  65                          {
  66                              $this->load_spider($spider['sid']);
  67                          }
  68                      }
  69                  }
  70              }
  71  
  72              // Still nothing? JUST A GUEST!
  73              if(!$this->is_spider)
  74              {
  75                  $this->load_guest();
  76              }
  77          }
  78  
  79  
  80          // As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie
  81          if($this->sid && (!isset($mybb->cookies['sid']) || $mybb->cookies['sid'] != $this->sid) && $this->is_spider != true)
  82          {
  83              my_setcookie("sid", $this->sid, -1, true);
  84          }
  85      }
  86  
  87      /**
  88       * Load a user via the user credentials.
  89       *
  90       * @param int The user id.
  91       * @param string The user's loginkey.
  92       */
  93  	function load_user($uid, $loginkey='')
  94      {
  95          global $mybb, $db, $time, $lang, $mybbgroups, $session, $cache;
  96  
  97          // Read the banned cache
  98          $bannedcache = $cache->read("banned");
  99  
 100          // If the banned cache doesn't exist, update it and re-read it
 101          if(!is_array($bannedcache))
 102          {
 103              $cache->update_banned();
 104              $bannedcache = $cache->read("banned");
 105          }
 106  
 107          $uid = intval($uid);
 108          $query = $db->query("
 109              SELECT u.*, f.*
 110              FROM ".TABLE_PREFIX."users u
 111              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 112              WHERE u.uid='$uid'
 113              LIMIT 1
 114          ");
 115          $mybb->user = $db->fetch_array($query);
 116  
 117          if(!empty($bannedcache[$uid]))
 118          {
 119              $banned_user = $bannedcache[$uid];
 120              $mybb->user['bandate'] = $banned_user['dateline'];
 121              $mybb->user['banlifted'] = $banned_user['lifted'];
 122              $mybb->user['banoldgroup'] = $banned_user['oldgroup'];
 123              $mybb->user['banolddisplaygroup'] = $banned_user['olddisplaygroup'];
 124              $mybb->user['banoldadditionalgroups'] = $banned_user['oldadditionalgroups'];
 125          }
 126  
 127          // Check the password if we're not using a session
 128          if(empty($loginkey) || $loginkey != $mybb->user['loginkey'] || !$mybb->user['uid'])
 129          {
 130              unset($mybb->user);
 131              $this->uid = 0;
 132              return false;
 133          }
 134          $this->uid = $mybb->user['uid'];
 135  
 136          // Set the logout key for this user
 137          $mybb->user['logoutkey'] = md5($mybb->user['loginkey']);
 138  
 139          // Sort out the private message count for this user.
 140          if(($mybb->user['totalpms'] == -1 || $mybb->user['unreadpms'] == -1) && $mybb->settings['enablepms'] != 0) // Forced recount
 141          {
 142              $update = 0;
 143              if($mybb->user['totalpms'] == -1)
 144              {
 145                  $update += 1;
 146              }
 147              if($mybb->user['unreadpms'] == -1)
 148              {
 149                  $update += 2;
 150              }
 151  
 152              require_once  MYBB_ROOT."inc/functions_user.php";
 153              $pmcount = update_pm_count('', $update);
 154              if(is_array($pmcount))
 155              {
 156                  $mybb->user = array_merge($mybb->user, $pmcount);
 157              }
 158          }
 159          $mybb->user['pms_total'] = $mybb->user['totalpms'];
 160          $mybb->user['pms_unread'] = $mybb->user['unreadpms'];
 161  
 162          if($mybb->user['lastip'] != $this->ipaddress && array_key_exists('lastip', $mybb->user))
 163          {
 164              $lastip_add = ", lastip='".$db->escape_string($this->ipaddress)."', longlastip='".intval(my_ip2long($this->ipaddress))."'";
 165          }
 166          else
 167          {
 168              $lastip_add = '';
 169          }
 170  
 171          // If the last visit was over 900 seconds (session time out) ago then update lastvisit.
 172          $time = TIME_NOW;
 173          if($time - $mybb->user['lastactive'] > 900)
 174          {
 175              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$mybb->user['lastactive']}', lastactive='$time'{$lastip_add} WHERE uid='{$mybb->user['uid']}'");
 176              $mybb->user['lastvisit'] = $mybb->user['lastactive'];
 177              require_once  MYBB_ROOT."inc/functions_user.php";
 178              update_pm_count('', 2);
 179          }
 180          else
 181          {
 182              $timespent = TIME_NOW - $mybb->user['lastactive'];
 183              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastactive='$time', timeonline=timeonline+$timespent{$lastip_add} WHERE uid='{$mybb->user['uid']}'");
 184          }
 185  
 186          // Sort out the language and forum preferences.
 187          if($mybb->user['language'] && $lang->language_exists($mybb->user['language']))
 188          {
 189              $mybb->settings['bblanguage'] = $mybb->user['language'];
 190          }
 191          if($mybb->user['dateformat'] != 0 && $mybb->user['dateformat'] != '')
 192          {
 193              global $date_formats;
 194              if($date_formats[$mybb->user['dateformat']])
 195              {
 196                  $mybb->settings['dateformat'] = $date_formats[$mybb->user['dateformat']];
 197              }
 198          }
 199  
 200          // Choose time format.
 201          if($mybb->user['timeformat'] != 0 && $mybb->user['timeformat'] != '')
 202          {
 203              global $time_formats;
 204              if($time_formats[$mybb->user['timeformat']])
 205              {
 206                  $mybb->settings['timeformat'] = $time_formats[$mybb->user['timeformat']];
 207              }
 208          }
 209  
 210          // Find out the threads per page preference.
 211          if($mybb->user['tpp'])
 212          {
 213              $mybb->settings['threadsperpage'] = $mybb->user['tpp'];
 214          }
 215  
 216          // Find out the posts per page preference.
 217          if($mybb->user['ppp'])
 218          {
 219              $mybb->settings['postsperpage'] = $mybb->user['ppp'];
 220          }
 221  
 222          // Does this user prefer posts in classic mode?
 223          if($mybb->user['classicpostbit'])
 224          {
 225              $mybb->settings['postlayout'] = 'classic';
 226          }
 227          else
 228          {
 229              $mybb->settings['postlayout'] = 'horizontal';
 230          }
 231  
 232          // Check if this user is currently banned and if we have to lift it.
 233          if(!empty($mybb->user['bandate']) && (isset($mybb->user['banlifted']) && !empty($mybb->user['banlifted'])) && $mybb->user['banlifted'] < $time)  // hmmm...bad user... how did you get banned =/
 234          {
 235              // must have been good.. bans up :D
 236              $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET usergroup='".intval($mybb->user['banoldgroup'])."', additionalgroups='".$mybb->user['oldadditionalgroups']."', displaygroup='".intval($mybb->user['olddisplaygroup'])."' WHERE uid='".$mybb->user['uid']."' LIMIT 1");
 237              $db->shutdown_query("DELETE FROM ".TABLE_PREFIX."banned WHERE uid='".$mybb->user['uid']."'");
 238              // we better do this..otherwise they have dodgy permissions
 239              $mybb->user['usergroup'] = $mybb->user['banoldgroup'];
 240              $mybb->user['displaygroup'] = $mybb->user['banolddisplaygroup'];
 241              $mybb->user['additionalgroups'] = $mybb->user['banoldadditionalgroups'];
 242              $cache->update_banned();
 243  
 244              $mybbgroups = $mybb->user['usergroup'];
 245              if($mybb->user['additionalgroups'])
 246              {
 247                  $mybbgroups .= ','.$mybb->user['additionalgroups'];
 248              }
 249          }
 250          else if(!empty($mybb->user['bandate']) && (empty($mybb->user['banlifted'])  || !empty($mybb->user['banlifted']) && $mybb->user['banlifted'] > $time))
 251          {
 252              $mybbgroups = $mybb->user['usergroup'];
 253          }
 254          else
 255          {
 256              // Gather a full permission set for this user and the groups they are in.
 257              $mybbgroups = $mybb->user['usergroup'];
 258              if($mybb->user['additionalgroups'])
 259              {
 260                  $mybbgroups .= ','.$mybb->user['additionalgroups'];
 261              }
 262          }
 263  
 264          $mybb->usergroup = usergroup_permissions($mybbgroups);
 265          if(!$mybb->user['displaygroup'])
 266          {
 267              $mybb->user['displaygroup'] = $mybb->user['usergroup'];
 268          }
 269  
 270          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 271          if(is_array($mydisplaygroup))
 272          {
 273              $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 274          }
 275  
 276          if(!$mybb->user['usertitle'])
 277          {
 278              $mybb->user['usertitle'] = $mybb->usergroup['usertitle'];
 279          }
 280  
 281          // Update or create the session.
 282          if(!defined("NO_ONLINE"))
 283          {
 284              if(!empty($this->sid))
 285              {
 286                  $this->update_session($this->sid, $mybb->user['uid']);
 287              }
 288              else
 289              {
 290                  $this->create_session($mybb->user['uid']);
 291              }
 292          }
 293          return true;
 294      }
 295  
 296      /**
 297       * Load a guest user.
 298       *
 299       */
 300  	function load_guest()
 301      {
 302          global $mybb, $time, $db, $lang;
 303  
 304          // Set up some defaults
 305          $time = TIME_NOW;
 306          $mybb->user['usergroup'] = 1;
 307          $mybb->user['username'] = '';
 308          $mybb->user['uid'] = 0;
 309          $mybbgroups = 1;
 310          $mybb->user['displaygroup'] = 1;
 311  
 312          // Has this user visited before? Lastvisit need updating?
 313          if(isset($mybb->cookies['mybb']['lastvisit']))
 314          {
 315              if(!isset($mybb->cookies['mybb']['lastactive']))
 316              {
 317                  $mybb->user['lastactive'] = $time;
 318                  $mybb->cookies['mybb']['lastactive'] = $mybb->user['lastactive'];
 319              }
 320              else
 321              {
 322                  $mybb->user['lastactive'] = intval($mybb->cookies['mybb']['lastactive']);
 323              }
 324              if($time - $mybb->cookies['mybb']['lastactive'] > 900)
 325              {
 326                  my_setcookie("mybb[lastvisit]", $mybb->user['lastactive']);
 327                  $mybb->user['lastvisit'] = $mybb->user['lastactive'];
 328              }
 329              else
 330              {
 331                  $mybb->user['lastvisit'] = intval($mybb->cookies['mybb']['lastactive']);
 332              }
 333          }
 334  
 335          // No last visit cookie, create one.
 336          else
 337          {
 338              my_setcookie("mybb[lastvisit]", $time);
 339              $mybb->user['lastvisit'] = $time;
 340          }
 341  
 342          // Update last active cookie.
 343          my_setcookie("mybb[lastactive]", $time);
 344  
 345          // Gather a full permission set for this guest
 346          $mybb->usergroup = usergroup_permissions($mybbgroups);
 347          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 348  
 349          $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 350  
 351          // Update the online data.
 352          if(!defined("NO_ONLINE"))
 353          {
 354              if(!empty($this->sid))
 355              {
 356                  $this->update_session($this->sid);
 357              }
 358              else
 359              {
 360                  $this->create_session();
 361              }
 362          }
 363      }
 364  
 365      /**
 366       * Load a search engine spider.
 367       *
 368       * @param int The ID of the search engine spider
 369       */
 370  	function load_spider($spider_id)
 371      {
 372          global $mybb, $time, $db, $lang;
 373  
 374          // Fetch the spider preferences from the database
 375          $query = $db->simple_select("spiders", "*", "sid='{$spider_id}'", array('limit' => 1));
 376          $spider = $db->fetch_array($query);
 377  
 378          // Set up some defaults
 379          $time = TIME_NOW;
 380          $this->is_spider = true;
 381          if($spider['usergroup'])
 382          {
 383              $mybb->user['usergroup'] = $spider['usergroup'];
 384          }
 385          else
 386          {
 387              $mybb->user['usergroup'] = 1;
 388          }
 389          $mybb->user['username'] = '';
 390          $mybb->user['uid'] = 0;
 391          $mybb->user['displaygroup'] = $mybb->user['usergroup'];
 392  
 393          // Set spider language
 394          if($spider['language'] && $lang->language_exists($spider['language']))
 395          {
 396              $mybb->settings['bblanguage'] = $spider['language'];
 397          }
 398  
 399          // Set spider theme
 400          if($spider['theme'])
 401          {
 402              $mybb->user['style'] = $spider['theme'];
 403          }
 404  
 405          // Gather a full permission set for this spider.
 406          $mybb->usergroup = usergroup_permissions($mybb->user['usergroup']);
 407          $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']);
 408          $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup);
 409  
 410          // Update spider last minute (only do so on two minute intervals - decrease load for quick spiders)
 411          if($spider['lastvisit'] < TIME_NOW-120)
 412          {
 413              $updated_spider = array(
 414                  "lastvisit" => TIME_NOW
 415              );
 416              $db->update_query("spiders", $updated_spider, "sid='{$spider_id}'", 1);
 417          }
 418  
 419          // Update the online data.
 420          if(!defined("NO_ONLINE"))
 421          {
 422              $this->sid = "bot=".$spider_id;
 423              $this->create_session();
 424          }
 425  
 426      }
 427  
 428      /**
 429       * Update a user session.
 430       *
 431       * @param int The session id.
 432       * @param int The user id.
 433       */
 434  	function update_session($sid, $uid='')
 435      {
 436          global $db;
 437  
 438          // Find out what the special locations are.
 439          $speciallocs = $this->get_special_locations();
 440          if($uid)
 441          {
 442              $onlinedata['uid'] = $uid;
 443          }
 444          else
 445          {
 446              $onlinedata['uid'] = 0;
 447          }
 448          $onlinedata['time'] = TIME_NOW;
 449          $onlinedata['location'] = $db->escape_string(get_current_location());
 450          $useragent = $this->useragent;
 451          if(my_strlen($useragent) > 100)
 452          {
 453              $useragent = my_substr($useragent, 0, 100);
 454          }
 455          $onlinedata['useragent'] = $db->escape_string($useragent);
 456          $onlinedata['location1'] = intval($speciallocs['1']);
 457          $onlinedata['location2'] = intval($speciallocs['2']);
 458          $onlinedata['nopermission'] = 0;
 459          $sid = $db->escape_string($sid);
 460  
 461          $db->update_query("sessions", $onlinedata, "sid='{$sid}'", 1);
 462      }
 463  
 464      /**
 465       * Create a new session.
 466       *
 467       * @param int The user id to bind the session to.
 468       */
 469  	function create_session($uid=0)
 470      {
 471          global $db;
 472          $speciallocs = $this->get_special_locations();
 473  
 474          // If there is a proper uid, delete by uid.
 475          if($uid > 0)
 476          {
 477              $db->delete_query("sessions", "uid='{$uid}'");
 478              $onlinedata['uid'] = $uid;
 479          }
 480          // Is a spider - delete all other spider references
 481          else if($this->is_spider == true)
 482          {
 483              $db->delete_query("sessions", "sid='{$this->sid}'");
 484          }
 485          // Else delete by ip.
 486          else
 487          {
 488              $db->delete_query("sessions", "ip='".$db->escape_string($this->ipaddress)."'");
 489              $onlinedata['uid'] = 0;
 490          }
 491  
 492          // If the user is a search enginge spider, ...
 493          if($this->is_spider == true)
 494          {
 495              $onlinedata['sid'] = $this->sid;
 496          }
 497          else
 498          {
 499              $onlinedata['sid'] = md5(uniqid(microtime(true)));
 500          }
 501          $onlinedata['time'] = TIME_NOW;
 502          $onlinedata['ip'] = $db->escape_string($this->ipaddress);
 503          $onlinedata['location'] = $db->escape_string(get_current_location());
 504          $useragent = $this->useragent;
 505          if(my_strlen($useragent) > 100)
 506          {
 507              $useragent = my_substr($useragent, 0, 100);
 508          }
 509          $onlinedata['useragent'] = $db->escape_string($useragent);
 510          $onlinedata['location1'] = intval($speciallocs['1']);
 511          $onlinedata['location2'] = intval($speciallocs['2']);
 512          $onlinedata['nopermission'] = 0;
 513          $db->replace_query("sessions", $onlinedata, "sid", false);
 514          $this->sid = $onlinedata['sid'];
 515          $this->uid = $onlinedata['uid'];
 516      }
 517  
 518      /**
 519       * Find out the special locations.
 520       *
 521       * @return array Special locations array.
 522       */
 523  	function get_special_locations()
 524      {
 525          global $mybb;
 526          $array = array('1' => '', '2' => '');
 527          if(preg_match("#forumdisplay.php#", $_SERVER['PHP_SELF']) && intval($mybb->input['fid']) > 0)
 528          {
 529              $array[1] = intval($mybb->input['fid']);
 530              $array[2] = '';
 531          }
 532          elseif(preg_match("#showthread.php#", $_SERVER['PHP_SELF']))
 533          {
 534              global $db;
 535  
 536              if($mybb->input['tid'] && intval($mybb->input['tid']) > 0)
 537              {
 538                  $array[2] = intval($mybb->input['tid']);
 539              }
 540              elseif($mybb->input['pid'] && intval($mybb->input['pid']) > 0)
 541              {
 542                  $array[2] = intval($mybb->input['pid']);
 543              }
 544  
 545              // If there is no tid but a pid, trick the system into thinking there was a tid anyway.
 546              if(!empty($mybb->input['pid']) && !isset($mybb->input['tid']))
 547              {
 548                  $options = array(
 549                      "limit" => 1
 550                  );
 551                  $query = $db->simple_select("posts", "tid", "pid=".$mybb->input['pid'], $options);
 552                  $post = $db->fetch_array($query);
 553                  $mybb->input['tid'] = $post['tid'];
 554              }
 555  
 556              $thread = get_thread(intval($mybb->input['tid']));
 557              $array[1] = $thread['fid'];
 558          }
 559          return $array;
 560      }
 561  }
 562  ?>


Generated: Tue Oct 8 19:19:50 2013 Cross-referenced by PHPXref 0.7.1