[ Index ] |
PHP Cross Reference of MyBB |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.6 4 * Copyright 2010 MyBB Group, All Rights Reserved 5 * 6 * Website: http://mybb.com 7 * License: http://mybb.com/about/license 8 * 9 * $Id$ 10 */ 11 12 class session 13 { 14 public $sid = 0; 15 public $uid = 0; 16 public $ipaddress = ''; 17 public $useragent = ''; 18 public $is_spider = false; 19 20 /** 21 * Initialize a session 22 */ 23 function init() 24 { 25 global $db, $mybb, $cache; 26 27 // Get our visitor's IP. 28 $this->ipaddress = get_ip(); 29 30 // Find out the user agent. 31 $this->useragent = $_SERVER['HTTP_USER_AGENT']; 32 33 // Attempt to find a session id in the cookies. 34 if(isset($mybb->cookies['sid'])) 35 { 36 $sid = $db->escape_string($mybb->cookies['sid']); 37 // Load the session 38 $query = $db->simple_select("sessions", "*", "sid='{$sid}' AND ip='".$db->escape_string($this->ipaddress)."'", array('limit' => 1)); 39 $session = $db->fetch_array($query); 40 if($session['sid']) 41 { 42 $this->sid = $session['sid']; 43 } 44 } 45 46 // If we have a valid session id and user id, load that users session. 47 if(!empty($mybb->cookies['mybbuser'])) 48 { 49 $logon = explode("_", $mybb->cookies['mybbuser'], 2); 50 $this->load_user($logon[0], $logon[1]); 51 } 52 53 // If no user still, then we have a guest. 54 if(!isset($mybb->user['uid'])) 55 { 56 // Detect if this guest is a search engine spider. (bots don't get a cookied session ID so we first see if that's set) 57 if(!$this->sid) 58 { 59 $spiders = $cache->read("spiders"); 60 if(is_array($spiders)) 61 { 62 foreach($spiders as $spider) 63 { 64 if(my_strpos(my_strtolower($this->useragent), my_strtolower($spider['useragent'])) !== false) 65 { 66 $this->load_spider($spider['sid']); 67 } 68 } 69 } 70 } 71 72 // Still nothing? JUST A GUEST! 73 if(!$this->is_spider) 74 { 75 $this->load_guest(); 76 } 77 } 78 79 80 // As a token of our appreciation for getting this far (and they aren't a spider), give the user a cookie 81 if($this->sid && (!isset($mybb->cookies['sid']) || $mybb->cookies['sid'] != $this->sid) && $this->is_spider != true) 82 { 83 my_setcookie("sid", $this->sid, -1, true); 84 } 85 } 86 87 /** 88 * Load a user via the user credentials. 89 * 90 * @param int The user id. 91 * @param string The user's loginkey. 92 */ 93 function load_user($uid, $loginkey='') 94 { 95 global $mybb, $db, $time, $lang, $mybbgroups, $session, $cache; 96 97 // Read the banned cache 98 $bannedcache = $cache->read("banned"); 99 100 // If the banned cache doesn't exist, update it and re-read it 101 if(!is_array($bannedcache)) 102 { 103 $cache->update_banned(); 104 $bannedcache = $cache->read("banned"); 105 } 106 107 $uid = intval($uid); 108 $query = $db->query(" 109 SELECT u.*, f.* 110 FROM ".TABLE_PREFIX."users u 111 LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) 112 WHERE u.uid='$uid' 113 LIMIT 1 114 "); 115 $mybb->user = $db->fetch_array($query); 116 117 if(!empty($bannedcache[$uid])) 118 { 119 $banned_user = $bannedcache[$uid]; 120 $mybb->user['bandate'] = $banned_user['dateline']; 121 $mybb->user['banlifted'] = $banned_user['lifted']; 122 $mybb->user['banoldgroup'] = $banned_user['oldgroup']; 123 $mybb->user['banolddisplaygroup'] = $banned_user['olddisplaygroup']; 124 $mybb->user['banoldadditionalgroups'] = $banned_user['oldadditionalgroups']; 125 } 126 127 // Check the password if we're not using a session 128 if(empty($loginkey) || $loginkey != $mybb->user['loginkey'] || !$mybb->user['uid']) 129 { 130 unset($mybb->user); 131 $this->uid = 0; 132 return false; 133 } 134 $this->uid = $mybb->user['uid']; 135 136 // Set the logout key for this user 137 $mybb->user['logoutkey'] = md5($mybb->user['loginkey']); 138 139 // Sort out the private message count for this user. 140 if(($mybb->user['totalpms'] == -1 || $mybb->user['unreadpms'] == -1) && $mybb->settings['enablepms'] != 0) // Forced recount 141 { 142 $update = 0; 143 if($mybb->user['totalpms'] == -1) 144 { 145 $update += 1; 146 } 147 if($mybb->user['unreadpms'] == -1) 148 { 149 $update += 2; 150 } 151 152 require_once MYBB_ROOT."inc/functions_user.php"; 153 $pmcount = update_pm_count('', $update); 154 if(is_array($pmcount)) 155 { 156 $mybb->user = array_merge($mybb->user, $pmcount); 157 } 158 } 159 $mybb->user['pms_total'] = $mybb->user['totalpms']; 160 $mybb->user['pms_unread'] = $mybb->user['unreadpms']; 161 162 if($mybb->user['lastip'] != $this->ipaddress && array_key_exists('lastip', $mybb->user)) 163 { 164 $lastip_add = ", lastip='".$db->escape_string($this->ipaddress)."', longlastip='".intval(my_ip2long($this->ipaddress))."'"; 165 } 166 else 167 { 168 $lastip_add = ''; 169 } 170 171 // If the last visit was over 900 seconds (session time out) ago then update lastvisit. 172 $time = TIME_NOW; 173 if($time - $mybb->user['lastactive'] > 900) 174 { 175 $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$mybb->user['lastactive']}', lastactive='$time'{$lastip_add} WHERE uid='{$mybb->user['uid']}'"); 176 $mybb->user['lastvisit'] = $mybb->user['lastactive']; 177 require_once MYBB_ROOT."inc/functions_user.php"; 178 update_pm_count('', 2); 179 } 180 else 181 { 182 $timespent = TIME_NOW - $mybb->user['lastactive']; 183 $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastactive='$time', timeonline=timeonline+$timespent{$lastip_add} WHERE uid='{$mybb->user['uid']}'"); 184 } 185 186 // Sort out the language and forum preferences. 187 if($mybb->user['language'] && $lang->language_exists($mybb->user['language'])) 188 { 189 $mybb->settings['bblanguage'] = $mybb->user['language']; 190 } 191 if($mybb->user['dateformat'] != 0 && $mybb->user['dateformat'] != '') 192 { 193 global $date_formats; 194 if($date_formats[$mybb->user['dateformat']]) 195 { 196 $mybb->settings['dateformat'] = $date_formats[$mybb->user['dateformat']]; 197 } 198 } 199 200 // Choose time format. 201 if($mybb->user['timeformat'] != 0 && $mybb->user['timeformat'] != '') 202 { 203 global $time_formats; 204 if($time_formats[$mybb->user['timeformat']]) 205 { 206 $mybb->settings['timeformat'] = $time_formats[$mybb->user['timeformat']]; 207 } 208 } 209 210 // Find out the threads per page preference. 211 if($mybb->user['tpp']) 212 { 213 $mybb->settings['threadsperpage'] = $mybb->user['tpp']; 214 } 215 216 // Find out the posts per page preference. 217 if($mybb->user['ppp']) 218 { 219 $mybb->settings['postsperpage'] = $mybb->user['ppp']; 220 } 221 222 // Does this user prefer posts in classic mode? 223 if($mybb->user['classicpostbit']) 224 { 225 $mybb->settings['postlayout'] = 'classic'; 226 } 227 else 228 { 229 $mybb->settings['postlayout'] = 'horizontal'; 230 } 231 232 // Check if this user is currently banned and if we have to lift it. 233 if(!empty($mybb->user['bandate']) && (isset($mybb->user['banlifted']) && !empty($mybb->user['banlifted'])) && $mybb->user['banlifted'] < $time) // hmmm...bad user... how did you get banned =/ 234 { 235 // must have been good.. bans up :D 236 $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET usergroup='".intval($mybb->user['banoldgroup'])."', additionalgroups='".$mybb->user['oldadditionalgroups']."', displaygroup='".intval($mybb->user['olddisplaygroup'])."' WHERE uid='".$mybb->user['uid']."' LIMIT 1"); 237 $db->shutdown_query("DELETE FROM ".TABLE_PREFIX."banned WHERE uid='".$mybb->user['uid']."'"); 238 // we better do this..otherwise they have dodgy permissions 239 $mybb->user['usergroup'] = $mybb->user['banoldgroup']; 240 $mybb->user['displaygroup'] = $mybb->user['banolddisplaygroup']; 241 $mybb->user['additionalgroups'] = $mybb->user['banoldadditionalgroups']; 242 $cache->update_banned(); 243 244 $mybbgroups = $mybb->user['usergroup']; 245 if($mybb->user['additionalgroups']) 246 { 247 $mybbgroups .= ','.$mybb->user['additionalgroups']; 248 } 249 } 250 else if(!empty($mybb->user['bandate']) && (empty($mybb->user['banlifted']) || !empty($mybb->user['banlifted']) && $mybb->user['banlifted'] > $time)) 251 { 252 $mybbgroups = $mybb->user['usergroup']; 253 } 254 else 255 { 256 // Gather a full permission set for this user and the groups they are in. 257 $mybbgroups = $mybb->user['usergroup']; 258 if($mybb->user['additionalgroups']) 259 { 260 $mybbgroups .= ','.$mybb->user['additionalgroups']; 261 } 262 } 263 264 $mybb->usergroup = usergroup_permissions($mybbgroups); 265 if(!$mybb->user['displaygroup']) 266 { 267 $mybb->user['displaygroup'] = $mybb->user['usergroup']; 268 } 269 270 $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']); 271 if(is_array($mydisplaygroup)) 272 { 273 $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup); 274 } 275 276 if(!$mybb->user['usertitle']) 277 { 278 $mybb->user['usertitle'] = $mybb->usergroup['usertitle']; 279 } 280 281 // Update or create the session. 282 if(!defined("NO_ONLINE")) 283 { 284 if(!empty($this->sid)) 285 { 286 $this->update_session($this->sid, $mybb->user['uid']); 287 } 288 else 289 { 290 $this->create_session($mybb->user['uid']); 291 } 292 } 293 return true; 294 } 295 296 /** 297 * Load a guest user. 298 * 299 */ 300 function load_guest() 301 { 302 global $mybb, $time, $db, $lang; 303 304 // Set up some defaults 305 $time = TIME_NOW; 306 $mybb->user['usergroup'] = 1; 307 $mybb->user['username'] = ''; 308 $mybb->user['uid'] = 0; 309 $mybbgroups = 1; 310 $mybb->user['displaygroup'] = 1; 311 312 // Has this user visited before? Lastvisit need updating? 313 if(isset($mybb->cookies['mybb']['lastvisit'])) 314 { 315 if(!isset($mybb->cookies['mybb']['lastactive'])) 316 { 317 $mybb->user['lastactive'] = $time; 318 $mybb->cookies['mybb']['lastactive'] = $mybb->user['lastactive']; 319 } 320 else 321 { 322 $mybb->user['lastactive'] = intval($mybb->cookies['mybb']['lastactive']); 323 } 324 if($time - $mybb->cookies['mybb']['lastactive'] > 900) 325 { 326 my_setcookie("mybb[lastvisit]", $mybb->user['lastactive']); 327 $mybb->user['lastvisit'] = $mybb->user['lastactive']; 328 } 329 else 330 { 331 $mybb->user['lastvisit'] = intval($mybb->cookies['mybb']['lastactive']); 332 } 333 } 334 335 // No last visit cookie, create one. 336 else 337 { 338 my_setcookie("mybb[lastvisit]", $time); 339 $mybb->user['lastvisit'] = $time; 340 } 341 342 // Update last active cookie. 343 my_setcookie("mybb[lastactive]", $time); 344 345 // Gather a full permission set for this guest 346 $mybb->usergroup = usergroup_permissions($mybbgroups); 347 $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']); 348 349 $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup); 350 351 // Update the online data. 352 if(!defined("NO_ONLINE")) 353 { 354 if(!empty($this->sid)) 355 { 356 $this->update_session($this->sid); 357 } 358 else 359 { 360 $this->create_session(); 361 } 362 } 363 } 364 365 /** 366 * Load a search engine spider. 367 * 368 * @param int The ID of the search engine spider 369 */ 370 function load_spider($spider_id) 371 { 372 global $mybb, $time, $db, $lang; 373 374 // Fetch the spider preferences from the database 375 $query = $db->simple_select("spiders", "*", "sid='{$spider_id}'", array('limit' => 1)); 376 $spider = $db->fetch_array($query); 377 378 // Set up some defaults 379 $time = TIME_NOW; 380 $this->is_spider = true; 381 if($spider['usergroup']) 382 { 383 $mybb->user['usergroup'] = $spider['usergroup']; 384 } 385 else 386 { 387 $mybb->user['usergroup'] = 1; 388 } 389 $mybb->user['username'] = ''; 390 $mybb->user['uid'] = 0; 391 $mybb->user['displaygroup'] = $mybb->user['usergroup']; 392 393 // Set spider language 394 if($spider['language'] && $lang->language_exists($spider['language'])) 395 { 396 $mybb->settings['bblanguage'] = $spider['language']; 397 } 398 399 // Set spider theme 400 if($spider['theme']) 401 { 402 $mybb->user['style'] = $spider['theme']; 403 } 404 405 // Gather a full permission set for this spider. 406 $mybb->usergroup = usergroup_permissions($mybb->user['usergroup']); 407 $mydisplaygroup = usergroup_displaygroup($mybb->user['displaygroup']); 408 $mybb->usergroup = array_merge($mybb->usergroup, $mydisplaygroup); 409 410 // Update spider last minute (only do so on two minute intervals - decrease load for quick spiders) 411 if($spider['lastvisit'] < TIME_NOW-120) 412 { 413 $updated_spider = array( 414 "lastvisit" => TIME_NOW 415 ); 416 $db->update_query("spiders", $updated_spider, "sid='{$spider_id}'", 1); 417 } 418 419 // Update the online data. 420 if(!defined("NO_ONLINE")) 421 { 422 $this->sid = "bot=".$spider_id; 423 $this->create_session(); 424 } 425 426 } 427 428 /** 429 * Update a user session. 430 * 431 * @param int The session id. 432 * @param int The user id. 433 */ 434 function update_session($sid, $uid='') 435 { 436 global $db; 437 438 // Find out what the special locations are. 439 $speciallocs = $this->get_special_locations(); 440 if($uid) 441 { 442 $onlinedata['uid'] = $uid; 443 } 444 else 445 { 446 $onlinedata['uid'] = 0; 447 } 448 $onlinedata['time'] = TIME_NOW; 449 $onlinedata['location'] = $db->escape_string(get_current_location()); 450 $useragent = $this->useragent; 451 if(my_strlen($useragent) > 100) 452 { 453 $useragent = my_substr($useragent, 0, 100); 454 } 455 $onlinedata['useragent'] = $db->escape_string($useragent); 456 $onlinedata['location1'] = intval($speciallocs['1']); 457 $onlinedata['location2'] = intval($speciallocs['2']); 458 $onlinedata['nopermission'] = 0; 459 $sid = $db->escape_string($sid); 460 461 $db->update_query("sessions", $onlinedata, "sid='{$sid}'", 1); 462 } 463 464 /** 465 * Create a new session. 466 * 467 * @param int The user id to bind the session to. 468 */ 469 function create_session($uid=0) 470 { 471 global $db; 472 $speciallocs = $this->get_special_locations(); 473 474 // If there is a proper uid, delete by uid. 475 if($uid > 0) 476 { 477 $db->delete_query("sessions", "uid='{$uid}'"); 478 $onlinedata['uid'] = $uid; 479 } 480 // Is a spider - delete all other spider references 481 else if($this->is_spider == true) 482 { 483 $db->delete_query("sessions", "sid='{$this->sid}'"); 484 } 485 // Else delete by ip. 486 else 487 { 488 $db->delete_query("sessions", "ip='".$db->escape_string($this->ipaddress)."'"); 489 $onlinedata['uid'] = 0; 490 } 491 492 // If the user is a search enginge spider, ... 493 if($this->is_spider == true) 494 { 495 $onlinedata['sid'] = $this->sid; 496 } 497 else 498 { 499 $onlinedata['sid'] = md5(uniqid(microtime(true))); 500 } 501 $onlinedata['time'] = TIME_NOW; 502 $onlinedata['ip'] = $db->escape_string($this->ipaddress); 503 $onlinedata['location'] = $db->escape_string(get_current_location()); 504 $useragent = $this->useragent; 505 if(my_strlen($useragent) > 100) 506 { 507 $useragent = my_substr($useragent, 0, 100); 508 } 509 $onlinedata['useragent'] = $db->escape_string($useragent); 510 $onlinedata['location1'] = intval($speciallocs['1']); 511 $onlinedata['location2'] = intval($speciallocs['2']); 512 $onlinedata['nopermission'] = 0; 513 $db->replace_query("sessions", $onlinedata, "sid", false); 514 $this->sid = $onlinedata['sid']; 515 $this->uid = $onlinedata['uid']; 516 } 517 518 /** 519 * Find out the special locations. 520 * 521 * @return array Special locations array. 522 */ 523 function get_special_locations() 524 { 525 global $mybb; 526 $array = array('1' => '', '2' => ''); 527 if(preg_match("#forumdisplay.php#", $_SERVER['PHP_SELF']) && intval($mybb->input['fid']) > 0) 528 { 529 $array[1] = intval($mybb->input['fid']); 530 $array[2] = ''; 531 } 532 elseif(preg_match("#showthread.php#", $_SERVER['PHP_SELF'])) 533 { 534 global $db; 535 536 if($mybb->input['tid'] && intval($mybb->input['tid']) > 0) 537 { 538 $array[2] = intval($mybb->input['tid']); 539 } 540 elseif($mybb->input['pid'] && intval($mybb->input['pid']) > 0) 541 { 542 $array[2] = intval($mybb->input['pid']); 543 } 544 545 // If there is no tid but a pid, trick the system into thinking there was a tid anyway. 546 if(!empty($mybb->input['pid']) && !isset($mybb->input['tid'])) 547 { 548 $options = array( 549 "limit" => 1 550 ); 551 $query = $db->simple_select("posts", "tid", "pid=".$mybb->input['pid'], $options); 552 $post = $db->fetch_array($query); 553 $mybb->input['tid'] = $post['tid']; 554 } 555 556 $thread = get_thread(intval($mybb->input['tid'])); 557 $array[1] = $thread['fid']; 558 } 559 return $array; 560 } 561 } 562 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Oct 8 19:19:50 2013 | Cross-referenced by PHPXref 0.7.1 |