"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "Upload/inc/class_session.php" between
mybb_1822.zip and mybb_1823.zip

About: MyBB is a multilingual, standards-compliant and free forum (discussion board) software.

class_session.php  (mybb_1822):class_session.php  (mybb_1823)
skipping to change at line 39 skipping to change at line 39
/** /**
* @var string * @var string
*/ */
public $useragent = ''; public $useragent = '';
/** /**
* @var bool * @var bool
*/ */
public $is_spider = false; public $is_spider = false;
/** /**
* Request parameters that are to be ignored for location storage
*
* @var array
*/
public $ignore_parameters = array(
'my_post_key',
'logoutkey',
);
/**
* Initialize a session * Initialize a session
*/ */
function init() function init()
{ {
global $db, $mybb, $cache; global $db, $mybb, $cache, $plugins;
// Get our visitor's IP. // Get our visitor's IP.
$this->ipaddress = get_ip(); $this->ipaddress = get_ip();
$this->packedip = my_inet_pton($this->ipaddress); $this->packedip = my_inet_pton($this->ipaddress);
// Find out the user agent. // Find out the user agent.
$this->useragent = $_SERVER['HTTP_USER_AGENT']; $this->useragent = $_SERVER['HTTP_USER_AGENT'];
// Attempt to find a session id in the cookies. // Attempt to find a session id in the cookies.
if(isset($mybb->cookies['sid']) && !defined('IN_UPGRADE')) if(isset($mybb->cookies['sid']) && !defined('IN_UPGRADE'))
{ {
$sid = $db->escape_string($mybb->cookies['sid']); $sid = $db->escape_string($mybb->cookies['sid']);
// Load the session
$query = $db->simple_select("sessions", "*", "sid='{$sid} // Load the session if not using a bot sid
' AND ip=".$db->escape_binary($this->packedip)); if(substr($sid, 3, 1) !== '=')
$session = $db->fetch_array($query);
if($session['sid'])
{ {
$this->sid = $session['sid']; $query = $db->simple_select("sessions", "*", "sid
='{$sid}'");
$session = $db->fetch_array($query);
if($session['sid'])
{
$this->sid = $session['sid'];
}
} }
} }
if(isset($plugins))
{
$plugins->run_hooks('pre_session_load', $this);
}
// If we have a valid session id and user id, load that users ses sion. // If we have a valid session id and user id, load that users ses sion.
if(!empty($mybb->cookies['mybbuser'])) if(!empty($mybb->cookies['mybbuser']))
{ {
$logon = explode("_", $mybb->cookies['mybbuser'], 2); $logon = explode("_", $mybb->cookies['mybbuser'], 2);
$this->load_user($logon[0], $logon[1]); $this->load_user($logon[0], $logon[1]);
} }
// If no user still, then we have a guest. // If no user still, then we have a guest.
if(!isset($mybb->user['uid'])) if(!isset($mybb->user['uid']))
{ {
skipping to change at line 116 skipping to change at line 135
* Load a user via the user credentials. * Load a user via the user credentials.
* *
* @param int $uid The user id. * @param int $uid The user id.
* @param string $loginkey The user's loginkey. * @param string $loginkey The user's loginkey.
* @return bool * @return bool
*/ */
function load_user($uid, $loginkey='') function load_user($uid, $loginkey='')
{ {
global $mybb, $db, $time, $lang, $mybbgroups, $cache; global $mybb, $db, $time, $lang, $mybbgroups, $cache;
// Read the banned cache
$bannedcache = $cache->read("banned");
// If the banned cache doesn't exist, update it and re-read it
if(!is_array($bannedcache))
{
$cache->update_banned();
$bannedcache = $cache->read("banned");
}
$uid = (int)$uid; $uid = (int)$uid;
$query = $db->query(" $query = $db->query("
SELECT u.*, f.* SELECT u.*, f.*
FROM ".TABLE_PREFIX."users u FROM ".TABLE_PREFIX."users u
LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
WHERE u.uid='$uid' WHERE u.uid='$uid'
LIMIT 1 LIMIT 1
"); ");
$mybb->user = $db->fetch_array($query); $mybb->user = $db->fetch_array($query);
if(!empty($bannedcache[$uid]))
{
$banned_user = $bannedcache[$uid];
$mybb->user['bandate'] = $banned_user['dateline'];
$mybb->user['banlifted'] = $banned_user['lifted'];
$mybb->user['banoldgroup'] = $banned_user['oldgroup'];
$mybb->user['banolddisplaygroup'] = $banned_user['olddisp
laygroup'];
$mybb->user['banoldadditionalgroups'] = $banned_user['old
additionalgroups'];
}
// Check the password if we're not using a session // Check the password if we're not using a session
if(empty($loginkey) || $loginkey !== $mybb->user['loginkey'] || ! $mybb->user['uid']) if(empty($loginkey) || $loginkey !== $mybb->user['loginkey'] || ! $mybb->user['uid'])
{ {
unset($mybb->user); unset($mybb->user);
$this->uid = 0; $this->uid = 0;
return false; return false;
} }
$this->uid = $mybb->user['uid']; $this->uid = $mybb->user['uid'];
// Set the logout key for this user // Set the logout key for this user
skipping to change at line 251 skipping to change at line 250
// Does this user prefer posts in classic mode? // Does this user prefer posts in classic mode?
if($mybb->user['classicpostbit']) if($mybb->user['classicpostbit'])
{ {
$mybb->settings['postlayout'] = 'classic'; $mybb->settings['postlayout'] = 'classic';
} }
else else
{ {
$mybb->settings['postlayout'] = 'horizontal'; $mybb->settings['postlayout'] = 'horizontal';
} }
$usergroups = $cache->read('usergroups');
if(!empty($usergroups[$mybb->user['usergroup']]) && $usergroups[$
mybb->user['usergroup']]['isbannedgroup'] == 1)
{
$ban = $db->fetch_array(
$db->simple_select('banned', '*', 'uid='.(int)$my
bb->user['uid'], array('limit' => 1))
);
if($ban)
{
$mybb->user['banned'] = 1;
$mybb->user['bandate'] = $ban['dateline'];
$mybb->user['banlifted'] = $ban['lifted'];
$mybb->user['banoldgroup'] = $ban['oldgroup'];
$mybb->user['banolddisplaygroup'] = $ban['olddisp
laygroup'];
$mybb->user['banoldadditionalgroups'] = $ban['old
additionalgroups'];
$mybb->user['banreason'] = $ban['reason'];
}
else
{
$mybb->user['banned'] = 0;
}
}
// Check if this user is currently banned and if we have to lift it. // Check if this user is currently banned and if we have to lift it.
if(!empty($mybb->user['bandate']) && (isset($mybb->user['banlifte d']) && !empty($mybb->user['banlifted'])) && $mybb->user['banlifted'] < $time) // hmmm...bad user... how did you get banned =/ if(!empty($mybb->user['bandate']) && (isset($mybb->user['banlifte d']) && !empty($mybb->user['banlifted'])) && $mybb->user['banlifted'] < $time) // hmmm...bad user... how did you get banned =/
{ {
// must have been good.. bans up :D // must have been good.. bans up :D
$db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET use rgroup='".(int)$mybb->user['banoldgroup']."', additionalgroups='".$mybb->user['b anoldadditionalgroups']."', displaygroup='".(int)$mybb->user['banolddisplaygroup ']."' WHERE uid='".$mybb->user['uid']."'"); $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET use rgroup='".(int)$mybb->user['banoldgroup']."', additionalgroups='".$mybb->user['b anoldadditionalgroups']."', displaygroup='".(int)$mybb->user['banolddisplaygroup ']."' WHERE uid='".$mybb->user['uid']."'");
$db->shutdown_query("DELETE FROM ".TABLE_PREFIX."banned W HERE uid='".$mybb->user['uid']."'"); $db->shutdown_query("DELETE FROM ".TABLE_PREFIX."banned W HERE uid='".$mybb->user['uid']."'");
// we better do this..otherwise they have dodgy permissio ns // we better do this..otherwise they have dodgy permissio ns
$mybb->user['usergroup'] = $mybb->user['banoldgroup']; $mybb->user['usergroup'] = $mybb->user['banoldgroup'];
$mybb->user['displaygroup'] = $mybb->user['banolddisplayg roup']; $mybb->user['displaygroup'] = $mybb->user['banolddisplayg roup'];
$mybb->user['additionalgroups'] = $mybb->user['banoldaddi tionalgroups']; $mybb->user['additionalgroups'] = $mybb->user['banoldaddi tionalgroups'];
$cache->update_banned();
$mybbgroups = $mybb->user['usergroup']; $mybbgroups = $mybb->user['usergroup'];
if($mybb->user['additionalgroups']) if($mybb->user['additionalgroups'])
{ {
$mybbgroups .= ','.$mybb->user['additionalgroups' ]; $mybbgroups .= ','.$mybb->user['additionalgroups' ];
} }
} }
else if(!empty($mybb->user['bandate']) && (empty($mybb->user['ban lifted']) || !empty($mybb->user['banlifted']) && $mybb->user['banlifted'] > $ti me)) else if(!empty($mybb->user['bandate']) && (empty($mybb->user['ban lifted']) || !empty($mybb->user['banlifted']) && $mybb->user['banlifted'] > $ti me))
{ {
$mybbgroups = $mybb->user['usergroup']; $mybbgroups = $mybb->user['usergroup'];
skipping to change at line 475 skipping to change at line 497
if($uid) if($uid)
{ {
$onlinedata['uid'] = $uid; $onlinedata['uid'] = $uid;
} }
else else
{ {
$onlinedata['uid'] = 0; $onlinedata['uid'] = 0;
} }
$onlinedata['time'] = TIME_NOW; $onlinedata['time'] = TIME_NOW;
$onlinedata['location'] = $db->escape_string(substr(get_current_l ocation(), 0, 150)); $onlinedata['location'] = $db->escape_string(substr(get_current_l ocation(false, $this->ignore_parameters), 0, 150));
$onlinedata['useragent'] = $db->escape_string(my_substr($this->us eragent, 0, 200)); $onlinedata['useragent'] = $db->escape_string(my_substr($this->us eragent, 0, 200));
$onlinedata['location1'] = (int)$speciallocs['1']; $onlinedata['location1'] = (int)$speciallocs['1'];
$onlinedata['location2'] = (int)$speciallocs['2']; $onlinedata['location2'] = (int)$speciallocs['2'];
$onlinedata['nopermission'] = 0; $onlinedata['nopermission'] = 0;
$sid = $db->escape_string($sid); $sid = $db->escape_string($sid);
$db->update_query("sessions", $onlinedata, "sid='{$sid}'"); $db->update_query("sessions", $onlinedata, "sid='{$sid}'");
} }
skipping to change at line 524 skipping to change at line 546
{ {
$onlinedata['sid'] = $this->sid; $onlinedata['sid'] = $this->sid;
} }
else else
{ {
$onlinedata['sid'] = md5(random_str(50)); $onlinedata['sid'] = md5(random_str(50));
} }
$onlinedata['time'] = TIME_NOW; $onlinedata['time'] = TIME_NOW;
$onlinedata['ip'] = $db->escape_binary($this->packedip); $onlinedata['ip'] = $db->escape_binary($this->packedip);
$onlinedata['location'] = $db->escape_string(substr(get_current_l ocation(), 0, 150)); $onlinedata['location'] = $db->escape_string(substr(get_current_l ocation(false, $this->ignore_parameters), 0, 150));
$onlinedata['useragent'] = $db->escape_string(my_substr($this->us eragent, 0, 200)); $onlinedata['useragent'] = $db->escape_string(my_substr($this->us eragent, 0, 200));
$onlinedata['location1'] = (int)$speciallocs['1']; $onlinedata['location1'] = (int)$speciallocs['1'];
$onlinedata['location2'] = (int)$speciallocs['2']; $onlinedata['location2'] = (int)$speciallocs['2'];
$onlinedata['nopermission'] = 0; $onlinedata['nopermission'] = 0;
$db->replace_query("sessions", $onlinedata, "sid", false); $db->replace_query("sessions", $onlinedata, "sid", false);
$this->sid = $onlinedata['sid']; $this->sid = $onlinedata['sid'];
$this->uid = $onlinedata['uid']; $this->uid = $onlinedata['uid'];
} }
 End of changes. 11 change blocks. 
32 lines changed or deleted 56 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)